docs: drop RFC citations and what-comments, fix stale refs

Apply the no-internal-citation and WHY-not-WHAT rules to source
comments; correct stale identifiers (NewBrowser, PBKDF2Key) and RFC
facts (Yandex ciphertext, Firefox PBKDF2 password).
This commit is contained in:
moonD4rk
2026-06-13 21:13:07 +08:00
parent 2b1283af18
commit 64836e9b3c
30 changed files with 82 additions and 92 deletions
+1 -1
View File
@@ -98,7 +98,7 @@ func (n privateKeyPBE) deriveKeyAndIV(globalSalt []byte) ([]byte, []byte) {
return dk[:24], dk[len(dk)-8:]
}
// MetaPBE Struct
// passwordCheckPBE Struct
//
// SEQUENCE (2 elem)
// OBJECT IDENTIFIER
+1 -5
View File
@@ -137,7 +137,6 @@ func AESGCMDecryptBlob(key, blob, aad []byte) ([]byte, error) {
return aead.Open(nil, blob[:gcmNonceSize], blob[gcmNonceSize:], aad)
}
// cbcEncrypt adds PKCS5 padding and encrypts plaintext in CBC mode.
func cbcEncrypt(block cipher.Block, iv, plaintext []byte) ([]byte, error) {
if len(iv) != block.BlockSize() {
return nil, errInvalidIVLength
@@ -149,7 +148,6 @@ func cbcEncrypt(block cipher.Block, iv, plaintext []byte) ([]byte, error) {
return dst, nil
}
// cbcDecrypt decrypts ciphertext in CBC mode and removes PKCS5 padding.
func cbcDecrypt(block cipher.Block, iv, ciphertext []byte) ([]byte, error) {
bs := block.BlockSize()
if len(iv) != bs {
@@ -172,8 +170,7 @@ func cbcDecrypt(block cipher.Block, iv, ciphertext []byte) ([]byte, error) {
return dst, nil
}
// paddingZero pads src with zero bytes to the given length.
// Returns src unchanged if already long enough; otherwise returns a new slice.
// paddingZero returns src unchanged if already long enough; otherwise a zero-padded new slice.
func paddingZero(src []byte, length int) []byte {
if len(src) >= length {
return src
@@ -195,7 +192,6 @@ func pkcs5Padding(src []byte, blockSize int) []byte {
return dst
}
// pkcs5UnPadding removes PKCS5/PKCS7 padding from src.
func pkcs5UnPadding(src []byte, blockSize int) ([]byte, error) {
length := len(src)
if length == 0 {
+1 -1
View File
@@ -14,7 +14,7 @@ import (
// can get a derived key for e.g. AES-256 (which needs a 32-byte key) by
// doing:
//
// dk := pbkdf2.Key([]byte("some password"), salt, 4096, 32, sha1.New)
// dk := PBKDF2Key([]byte("some password"), salt, 4096, 32, sha1.New)
//
// Remember to get a good random salt. At least 8 bytes is recommended by the
// RFC.
-3
View File
@@ -23,7 +23,6 @@ const (
// CipherDPAPI is pre-Chrome 80 raw DPAPI encryption (no version prefix).
CipherDPAPI CipherVersion = "dpapi"
// versionPrefixLen is the byte length of the version prefix ("v10", "v20").
versionPrefixLen = 3
)
@@ -47,8 +46,6 @@ func DetectVersion(ciphertext []byte) CipherVersion {
}
}
// stripPrefix removes the version prefix (e.g. "v10") from ciphertext.
// Returns the ciphertext unchanged if no known prefix is found.
func stripPrefix(ciphertext []byte) []byte {
ver := DetectVersion(ciphertext)
if ver == CipherV10 || ver == CipherV11 || ver == CipherV12 || ver == CipherV20 {
+2 -1
View File
@@ -5,7 +5,8 @@
#include <stddef.h>
// BootstrapScratch describes the IPC contract between the C payload running
// inside chrome.exe and the Go injector in our own process. It squats inside
// inside the target browser process (chrome.exe, msedge.exe, brave.exe, etc.)
// and the Go injector in our own process. It squats inside
// the target DLL's PE DOS header region. Windows' PE loader ignores the DOS
// stub at 0x40..0x77, and we also borrow a few reserved bytes between 0x28
// and 0x3B inside IMAGE_DOS_HEADER. The e_lfanew at 0x3C..0x3F MUST be left
+1 -1
View File
@@ -22,7 +22,7 @@ var (
errYandexKeyTooShort = errors.New("yandex: decrypted intermediate key shorter than 32 bytes")
)
// DecryptYandexIntermediateKey unwraps the per-DB data key from meta.local_encryptor_data. See RFC-012 §4.2.
// DecryptYandexIntermediateKey unwraps the per-DB data key from meta.local_encryptor_data.
func DecryptYandexIntermediateKey(masterKey, blob []byte) ([]byte, error) {
idx := bytes.Index(blob, localEncryptorPrefix)
if idx < 0 {