feat: decrypt Chromium v10/v11 across host OS (#605)

2026-06-10 20:07:46 +02:00 · 2026-06-03 19:35:40 +08:00
parent c444314832
commit 2666b813cd
9 changed files with 129 additions and 120 deletions
@@ -2,38 +2,6 @@

 package crypto

-import (
-	"bytes"
-	"crypto/aes"
-	"crypto/sha1"
-)
-
-var chromiumCBCIV = bytes.Repeat([]byte{0x20}, aes.BlockSize)
-
-// kEmptyKey is Chromium's decrypt-only fallback for data corrupted by a
-// KWallet race in Chrome ~89 (crbug.com/40055416). Matches the kEmptyKey
-// constant in os_crypt_linux.cc.
-var kEmptyKey = PBKDF2Key([]byte(""), []byte("saltysalt"), 1, 16, sha1.New)
-
-const minCBCDataSize = versionPrefixLen + aes.BlockSize // "v10" + one AES block = 19 bytes minimum
-
-func DecryptChromium(key, ciphertext []byte) ([]byte, error) {
-	if len(ciphertext) < minCBCDataSize {
-		return nil, errShortCiphertext
-	}
-	payload := ciphertext[versionPrefixLen:]
-
-	plaintext, err := AESCBCDecrypt(key, chromiumCBCIV, payload)
-	if err == nil {
-		return plaintext, nil
-	}
-	// Retry with kEmptyKey to recover crbug.com/40055416 data.
-	if alt, altErr := AESCBCDecrypt(kEmptyKey, chromiumCBCIV, payload); altErr == nil {
-		return alt, nil
-	}
-	return nil, err
-}
-
 func DecryptDPAPI(_ []byte) ([]byte, error) {
 	return nil, errDPAPINotSupported
 }