Roll src/third_party/WebKit eac3800:0237a66 (svn 202606:202607)
[chromium-blink-merge.git] / components / os_crypt / ie7_password_win.cc
blobeebd57b37809cbb335092cf72d5de1ada7c521f1
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "components/os_crypt/ie7_password_win.h"
7 #include <string>
8 #include <vector>
10 #include "base/memory/scoped_ptr.h"
11 #include "base/sha1.h"
12 #include "base/strings/string_util.h"
13 #include "base/strings/stringprintf.h"
14 #include "crypto/wincrypt_shim.h"
16 namespace {
18 // Structures that IE7/IE8 use to store a username/password.
19 // Some of the fields might have been incorrectly reverse engineered.
20 struct PreHeader {
21 DWORD pre_header_size; // Size of this header structure. Always 12.
22 DWORD header_size; // Size of the real Header: sizeof(Header) +
23 // item_count * sizeof(Entry);
24 DWORD data_size; // Size of the data referenced by the entries.
27 struct Header {
28 char wick[4]; // The string "WICK". I don't know what it means.
29 DWORD fixed_header_size; // The size of this structure without the entries:
30 // sizeof(Header).
31 DWORD item_count; // Number of entries. Should be even.
32 wchar_t two_letters[2]; // Two unknown bytes.
33 DWORD unknown[2]; // Two unknown DWORDs.
36 struct Entry {
37 DWORD offset; // Offset where the data referenced by this entry is
38 // located.
39 FILETIME time_stamp; // Timestamp when the password got added.
40 DWORD string_length; // The length of the data string.
43 // Main data structure.
44 struct PasswordEntry {
45 PreHeader pre_header; // Contains the size of the different sections.
46 Header header; // Contains the number of items.
47 Entry entry[1]; // List of entries containing a string. Even-indexed
48 // are usernames, odd are passwords. There may be
49 // several sets saved for a single url hash.
51 } // namespace
53 IE7PasswordInfo::IE7PasswordInfo() {
56 IE7PasswordInfo::~IE7PasswordInfo() {
59 namespace ie7_password {
61 bool GetUserPassFromData(const std::vector<unsigned char>& data,
62 std::vector<DecryptedCredentials>* credentials) {
63 const PasswordEntry* information =
64 reinterpret_cast<const PasswordEntry*>(&data.front());
66 // Some expected values. If it's not what we expect we don't even try to
67 // understand the data.
68 if (information->pre_header.pre_header_size != sizeof(PreHeader))
69 return false;
71 const int entry_count = information->header.item_count;
72 if (entry_count % 2) // Usernames and Passwords
73 return false;
75 if (information->header.fixed_header_size != sizeof(Header))
76 return false;
78 const uint8* offset_to_data = &data[0] +
79 information->pre_header.header_size +
80 information->pre_header.pre_header_size;
82 for (int i = 0; i < entry_count / 2; ++i) {
84 const Entry* user_entry = &information->entry[2*i];
85 const Entry* pass_entry = user_entry+1;
87 DecryptedCredentials c;
88 c.username = reinterpret_cast<const wchar_t*>(offset_to_data +
89 user_entry->offset);
90 c.password = reinterpret_cast<const wchar_t*>(offset_to_data +
91 pass_entry->offset);
92 credentials->push_back(c);
94 return true;
97 std::wstring GetUrlHash(const std::wstring& url) {
98 std::wstring lower_case_url = base::ToLowerASCII(url);
99 // Get a data buffer out of our std::wstring to pass to SHA1HashString.
100 std::string url_buffer(
101 reinterpret_cast<const char*>(lower_case_url.c_str()),
102 (lower_case_url.size() + 1) * sizeof(wchar_t));
103 std::string hash_bin = base::SHA1HashString(url_buffer);
105 std::wstring url_hash;
107 // Transform the buffer to an hexadecimal string.
108 unsigned char checksum = 0;
109 for (size_t i = 0; i < hash_bin.size(); ++i) {
110 // std::string gives signed chars, which mess with StringPrintf and
111 // check_sum.
112 unsigned char hash_byte = static_cast<unsigned char>(hash_bin[i]);
113 checksum += hash_byte;
114 url_hash += base::StringPrintf(L"%2.2X", static_cast<unsigned>(hash_byte));
116 url_hash += base::StringPrintf(L"%2.2X", checksum);
118 return url_hash;
121 bool DecryptPasswords(const std::wstring& url,
122 const std::vector<unsigned char>& data,
123 std::vector<DecryptedCredentials>* credentials) {
124 std::wstring lower_case_url = base::ToLowerASCII(url);
125 DATA_BLOB input = {0};
126 DATA_BLOB output = {0};
127 DATA_BLOB url_key = {0};
129 input.pbData = const_cast<unsigned char*>(&data.front());
130 input.cbData = static_cast<DWORD>((data.size()) *
131 sizeof(std::string::value_type));
133 url_key.pbData = reinterpret_cast<unsigned char*>(
134 const_cast<wchar_t*>(lower_case_url.data()));
135 url_key.cbData = static_cast<DWORD>((lower_case_url.size() + 1) *
136 sizeof(std::wstring::value_type));
138 if (CryptUnprotectData(&input, NULL, &url_key, NULL, NULL,
139 CRYPTPROTECT_UI_FORBIDDEN, &output)) {
140 // Now that we have the decrypted information, we need to understand it.
141 std::vector<unsigned char> decrypted_data;
142 decrypted_data.resize(output.cbData);
143 memcpy(&decrypted_data.front(), output.pbData, output.cbData);
145 GetUserPassFromData(decrypted_data, credentials);
147 LocalFree(output.pbData);
148 return true;
151 return false;
154 } // namespace ie7_password