mirror of
https://github.com/moonD4rk/HackBrowserData
synced 2024-12-13 17:44:40 +00:00
591b97ce6d
* feat: Refactor crypto decryption functions for consistency and error handling - Close #301 - Refactored and renamed decryption functions across multiple files for consistency - Updated cookie sorting method to sort in descending order - Added new encryption functions for AES in CBC and GCM modes and DES in CBC mode - Added error handling to decryption functions and created new error variables for invalid ciphertext length and decode failures - Test cases added for encryption and decryption functions - Removed unused code and imports. * chore: Add new words to .typos.toml dictionary - Add new terms to `.typos.toml` dictionary - Improve code formatting and readability - Refactor functions for better performance - Update comments and documentation - Resolve minor bugs and errors * refactor: Refactor crypto package for better structure and readability - Refactored and cleaned up crypto package code for better readability - Renamed `ToByteArray` method to `bytes` for consistency - Modified `DecryptWithDPAPI` method to use `outBlob.bytes()` for efficiency - Added comments and removed unused methods in `loginPBE` - Refactored `nssPBE` and `metaPBE` Decrypt methods to use `deriveKeyAndIV` helper method - Improved overall maintainability and organization of codebase * refactor: Refactor firefox password encryption and decryption. - Implement ASN1PBE interface with various PBE struct types and encryption/decryption methods - Fix naming and remove unused variables in browsingdata and crypto files - Add tests for ASN1PBE implementation using external assertion package - Refactor and improve error handling in firefox file functions related to master key retrieval - Add input validation and AES-GCM encryption function to crypto file
151 lines
4.0 KiB
Go
151 lines
4.0 KiB
Go
package crypto
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"crypto/des"
|
|
"errors"
|
|
"fmt"
|
|
)
|
|
|
|
var (
|
|
ErrCiphertextLengthIsInvalid = errors.New("ciphertext length is invalid")
|
|
)
|
|
|
|
func AES128CBCDecrypt(key, iv, ciphertext []byte) ([]byte, error) {
|
|
block, err := aes.NewCipher(key)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
// Check ciphertext length
|
|
if len(ciphertext) < aes.BlockSize {
|
|
return nil, errors.New("AES128CBCDecrypt: ciphertext too short")
|
|
}
|
|
if len(ciphertext)%aes.BlockSize != 0 {
|
|
return nil, errors.New("AES128CBCDecrypt: ciphertext is not a multiple of the block size")
|
|
}
|
|
|
|
decryptedData := make([]byte, len(ciphertext))
|
|
mode := cipher.NewCBCDecrypter(block, iv)
|
|
mode.CryptBlocks(decryptedData, ciphertext)
|
|
|
|
// unpad the decrypted data and handle potential padding errors
|
|
decryptedData, err = pkcs5UnPadding(decryptedData)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("AES128CBCDecrypt: %w", err)
|
|
}
|
|
|
|
return decryptedData, nil
|
|
}
|
|
|
|
func AES128CBCEncrypt(key, iv, plaintext []byte) ([]byte, error) {
|
|
block, err := aes.NewCipher(key)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if len(iv) != aes.BlockSize {
|
|
return nil, errors.New("AES128CBCEncrypt: iv length is invalid, must equal block size")
|
|
}
|
|
|
|
plaintext = pkcs5Padding(plaintext, block.BlockSize())
|
|
encryptedData := make([]byte, len(plaintext))
|
|
mode := cipher.NewCBCEncrypter(block, iv)
|
|
mode.CryptBlocks(encryptedData, plaintext)
|
|
|
|
return encryptedData, nil
|
|
}
|
|
|
|
func DES3Decrypt(key, iv []byte, ciphertext []byte) ([]byte, error) {
|
|
block, err := des.NewTripleDESCipher(key)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if len(ciphertext) < des.BlockSize {
|
|
return nil, errors.New("DES3Decrypt: ciphertext too short")
|
|
}
|
|
if len(ciphertext)%block.BlockSize() != 0 {
|
|
return nil, errors.New("DES3Decrypt: ciphertext is not a multiple of the block size")
|
|
}
|
|
|
|
blockMode := cipher.NewCBCDecrypter(block, iv)
|
|
sq := make([]byte, len(ciphertext))
|
|
blockMode.CryptBlocks(sq, ciphertext)
|
|
|
|
return pkcs5UnPadding(sq)
|
|
}
|
|
|
|
func DES3Encrypt(key, iv []byte, plaintext []byte) ([]byte, error) {
|
|
block, err := des.NewTripleDESCipher(key)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
plaintext = pkcs5Padding(plaintext, block.BlockSize())
|
|
dst := make([]byte, len(plaintext))
|
|
blockMode := cipher.NewCBCEncrypter(block, iv)
|
|
blockMode.CryptBlocks(dst, plaintext)
|
|
|
|
return dst, nil
|
|
}
|
|
|
|
// AESGCMDecrypt chromium > 80 https://source.chromium.org/chromium/chromium/src/+/master:components/os_crypt/os_crypt_win.cc
|
|
func AESGCMDecrypt(key, nounce, ciphertext []byte) ([]byte, error) {
|
|
block, err := aes.NewCipher(key)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
blockMode, err := cipher.NewGCM(block)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
origData, err := blockMode.Open(nil, nounce, ciphertext, nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return origData, nil
|
|
}
|
|
|
|
// AESGCMEncrypt encrypts plaintext using AES encryption in GCM mode.
|
|
func AESGCMEncrypt(key, nonce, plaintext []byte) ([]byte, error) {
|
|
block, err := aes.NewCipher(key)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
blockMode, err := cipher.NewGCM(block)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
// The first parameter is the prefix for the output, we can leave it nil.
|
|
// The Seal method encrypts and authenticates the data, appending the result to the dst.
|
|
encryptedData := blockMode.Seal(nil, nonce, plaintext, nil)
|
|
return encryptedData, nil
|
|
}
|
|
|
|
func paddingZero(src []byte, length int) []byte {
|
|
padding := length - len(src)
|
|
if padding <= 0 {
|
|
return src
|
|
}
|
|
return append(src, make([]byte, padding)...)
|
|
}
|
|
|
|
func pkcs5UnPadding(src []byte) ([]byte, error) {
|
|
length := len(src)
|
|
if length == 0 {
|
|
return nil, errors.New("pkcs5UnPadding: src should not be empty")
|
|
}
|
|
padding := int(src[length-1])
|
|
if padding < 1 || padding > aes.BlockSize {
|
|
return nil, errors.New("pkcs5UnPadding: invalid padding size")
|
|
}
|
|
return src[:length-padding], nil
|
|
}
|
|
|
|
func pkcs5Padding(src []byte, blocksize int) []byte {
|
|
padding := blocksize - (len(src) % blocksize)
|
|
padText := bytes.Repeat([]byte{byte(padding)}, padding)
|
|
return append(src, padText...)
|
|
}
|