* fix: strip SHA256(host_key) prefix from Chrome 130+ cookie values
Chrome 130 (Cookie DB schema v24) prepends SHA256(domain) to cookie
values before encryption to prevent cross-domain replay attacks.
After decryption, this 32-byte hash must be verified and stripped.
Changes:
- Add stripCookieHash() that verifies SHA256(host_key) and strips
the prefix only when it matches (auto-compatible with older Chrome)
- Fix edge case: cookies with empty values (exactly 32 bytes = hash only)
- Add decrypt_test.go with v10 round-trip encryption/decryption test
- Add stripCookieHash test cases for v24+, older Chrome, empty values,
short values, and host mismatch scenarios
Closes#524
* fix: strip SHA256(host_key) prefix from Chrome 130+ cookie values
Chrome 130 (Cookie DB schema v24) prepends SHA256(domain) to cookie
values before encryption to prevent cross-domain replay attacks.
After decryption, this 32-byte hash must be verified and stripped.
Changes:
- Add stripCookieHash() that verifies SHA256(host_key) and strips
the prefix only when it matches (auto-compatible with older Chrome)
- Fix edge case: cookies with empty values (exactly 32 bytes = hash only)
- Add table-driven decrypt tests for v10/v20/DPAPI per platform
- Add Windows-specific DPAPI round-trip test using CryptProtectData
- Add shared testAESKey constant in testutil_test.go
- Add stripCookieHash tests for v24+, older Chrome, empty values,
short values, and host mismatch scenarios
- Extend lint CI to run on ubuntu, windows, and macos
Closes#524
* fix: remove DPAPI test from darwin/linux (returns nil on Linux)
DecryptWithDPAPI returns nil error on Linux (silent no-op) but error
on macOS, causing the test to fail on Ubuntu CI. DPAPI round-trip
testing is properly covered in decrypt_windows_test.go.
* fix: resolve Windows CI lint errors exposed by multi-platform lint
- Add _ = before windows.CloseHandle calls to satisfy errcheck
- Add build tag to params.go (only used on macOS/Linux, not Windows)
* fix: add .gitattributes to force LF and refactor cookie tests
- Add .gitattributes with `* text=auto eol=lf` to prevent CRLF
conversion on Windows CI causing gofumpt false positives
- Add .gitattributes to .gitignore whitelist
- Refactor stripCookieHash tests into table-driven style
* fix: address Copilot review on decrypt tests
- Assert error on wrong key instead of ignoring it (AES-CBC returns
padding error, not silent empty result)
- Guard empty plaintext in encryptWithDPAPI to prevent nil pointer panic
- Convert uint32 to int for make/copy slice bounds in Windows test
* fix: assert specific error message in wrong key decrypt test
* feat: add filemanager session and crypto version detection
* refactor: move copy logic into filemanager, remove fileutil dependency
* fix: apply review suggestions for filemanager
* feat: add Windows locked file tests, fix readFileContent with ReadFile+FileMapping fallback
* fix: remove self-PID skip in findFileHandle to fix Windows CI test
* fix: seek to file start before reading duplicated handle
* fix: use full path matching in findFileHandle to avoid cross-app handle collision
* test: enhance Windows copyLocked tests with write-then-read, large file, and normal copy scenarios
* fix: check all errors in Windows tests, use bytes.Equal for large file comparison
* fix: use stable path suffix matching to handle Windows short path names in CI
* refactor: Refactor package names and imports for better code organization.
* refactor: Package imports and variable types for consistency
* chore: Disable unused-parameter rule in revive.
* refactor: Refactor and organize data extraction and browserdata parse.
* fix: rename wrong error message info
* feat: Refactor crypto decryption functions for consistency and error handling
- Close#301
- Refactored and renamed decryption functions across multiple files for consistency
- Updated cookie sorting method to sort in descending order
- Added new encryption functions for AES in CBC and GCM modes and DES in CBC mode
- Added error handling to decryption functions and created new error variables for invalid ciphertext length and decode failures
- Test cases added for encryption and decryption functions
- Removed unused code and imports.
* chore: Add new words to .typos.toml dictionary
- Add new terms to `.typos.toml` dictionary
- Improve code formatting and readability
- Refactor functions for better performance
- Update comments and documentation
- Resolve minor bugs and errors
* refactor: Refactor crypto package for better structure and readability
- Refactored and cleaned up crypto package code for better readability
- Renamed `ToByteArray` method to `bytes` for consistency
- Modified `DecryptWithDPAPI` method to use `outBlob.bytes()` for efficiency
- Added comments and removed unused methods in `loginPBE`
- Refactored `nssPBE` and `metaPBE` Decrypt methods to use `deriveKeyAndIV` helper method
- Improved overall maintainability and organization of codebase
* refactor: Refactor firefox password encryption and decryption.
- Implement ASN1PBE interface with various PBE struct types and encryption/decryption methods
- Fix naming and remove unused variables in browsingdata and crypto files
- Add tests for ASN1PBE implementation using external assertion package
- Refactor and improve error handling in firefox file functions related to master key retrieval
- Add input validation and AES-GCM encryption function to crypto file
* refactor: Simplify Firefox master key retrieval and decryption functions.
- Simplify variable names and functions in browsingdata/password/password.go
- Modify Decrypt function for each PBE type to have only one parameter named globalSalt in crypto/crypto.go
- Implement functions to retrieve master key from Firefox's key4.db file and query metadata and private NSS data in browser/firefox/firefox.go
* chore: Add dependencies and tests to Firefox package.
- Add go-sqlmock and github.com/kisielk/sqlstruct dependencies
- Add tests for Firefox package metadata and nssPrivate query
- Add test for Firefox's processMasterKey function (currently commented out)
* refactor: Refactor Firefox test functions, remove unused code
- Remove unused test function in firefox_test.go file
- Clean up code by removing unnecessary changes
- Simplify file structure for easier maintenance and readability
* refactor: Disable JSON handling in logger/logger.go.
* chore: Standardize spelling and add typos check workflows.
- Update GitHub Action name to 'unit tests'
- Add spell-check step with custom config to lint workflow
- Use latest version of golangci/lint-action in lint workflow
- Rename variable 'crypted' to 'encrypted' in crypto_windows.go
- Fix typos in comments and error/log messages throughout the codebase
- Update .gitignore to exclude typos.toml file
Roger