fix: strip host_key prefix from Chrome 130+ cookie values (#526)

* fix: strip SHA256(host_key) prefix from Chrome 130+ cookie values

Chrome 130 (Cookie DB schema v24) prepends SHA256(domain) to cookie
values before encryption to prevent cross-domain replay attacks.
After decryption, this 32-byte hash must be verified and stripped.

Changes:
- Add stripCookieHash() that verifies SHA256(host_key) and strips
  the prefix only when it matches (auto-compatible with older Chrome)
- Fix edge case: cookies with empty values (exactly 32 bytes = hash only)
- Add decrypt_test.go with v10 round-trip encryption/decryption test
- Add stripCookieHash test cases for v24+, older Chrome, empty values,
  short values, and host mismatch scenarios

Closes #524

* fix: strip SHA256(host_key) prefix from Chrome 130+ cookie values

Chrome 130 (Cookie DB schema v24) prepends SHA256(domain) to cookie
values before encryption to prevent cross-domain replay attacks.
After decryption, this 32-byte hash must be verified and stripped.

Changes:
- Add stripCookieHash() that verifies SHA256(host_key) and strips
  the prefix only when it matches (auto-compatible with older Chrome)
- Fix edge case: cookies with empty values (exactly 32 bytes = hash only)
- Add table-driven decrypt tests for v10/v20/DPAPI per platform
- Add Windows-specific DPAPI round-trip test using CryptProtectData
- Add shared testAESKey constant in testutil_test.go
- Add stripCookieHash tests for v24+, older Chrome, empty values,
  short values, and host mismatch scenarios
- Extend lint CI to run on ubuntu, windows, and macos

Closes #524

* fix: remove DPAPI test from darwin/linux (returns nil on Linux)

DecryptWithDPAPI returns nil error on Linux (silent no-op) but error
on macOS, causing the test to fail on Ubuntu CI. DPAPI round-trip
testing is properly covered in decrypt_windows_test.go.

* fix: resolve Windows CI lint errors exposed by multi-platform lint

- Add _ = before windows.CloseHandle calls to satisfy errcheck
- Add build tag to params.go (only used on macOS/Linux, not Windows)

* fix: add .gitattributes to force LF and refactor cookie tests

- Add .gitattributes with `* text=auto eol=lf` to prevent CRLF
  conversion on Windows CI causing gofumpt false positives
- Add .gitattributes to .gitignore whitelist
- Refactor stripCookieHash tests into table-driven style

* fix: address Copilot review on decrypt tests

- Assert error on wrong key instead of ignoring it (AES-CBC returns
  padding error, not silent empty result)
- Guard empty plaintext in encryptWithDPAPI to prevent nil pointer panic
- Convert uint32 to int for make/copy slice bounds in Windows test

* fix: assert specific error message in wrong key decrypt test
This commit is contained in:
Roger
2026-03-29 22:40:38 +08:00
committed by moonD4rk
parent b3dd4ed6e4
commit 2c4e871e59
10 changed files with 249 additions and 11 deletions
+19
View File
@@ -1,6 +1,8 @@
package chromium
import (
"bytes"
"crypto/sha256"
"database/sql"
"sort"
@@ -30,6 +32,7 @@ func extractCookies(masterKey []byte, path string) ([]types.CookieEntry, error)
}
value, _ := decryptValue(masterKey, encryptedValue)
value = stripCookieHash(value, host)
return types.CookieEntry{
Name: name,
Host: host,
@@ -50,3 +53,19 @@ func extractCookies(masterKey []byte, path string) ([]types.CookieEntry, error)
})
return cookies, nil
}
// stripCookieHash removes the SHA256(host_key) prefix from a decrypted cookie value.
// Chrome 130+ (Cookie DB schema version 24) prepends SHA256(domain) to the cookie
// value before encryption to prevent cross-domain cookie replay attacks.
// If the first 32 bytes don't match SHA256(hostKey), the value is returned unchanged,
// which handles both older Chrome versions and tampered data.
func stripCookieHash(value []byte, hostKey string) []byte {
if len(value) < sha256.Size {
return value
}
hash := sha256.Sum256([]byte(hostKey))
if bytes.Equal(value[:sha256.Size], hash[:]) {
return value[sha256.Size:] // empty slice if value was exactly 32 bytes
}
return value
}