2021-10-18 12:06:10 +02:00
|
|
|
|
/*
|
2024-03-05 18:37:42 +01:00
|
|
|
|
* Copyright (c) 2024 ETH Zürich, IT Services
|
2021-10-18 12:06:10 +02:00
|
|
|
|
*
|
|
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
using System;
|
|
|
|
|
using System.Security.Cryptography;
|
|
|
|
|
using System.Text;
|
2024-06-14 13:57:33 +02:00
|
|
|
|
using System.Threading;
|
2021-10-18 12:06:10 +02:00
|
|
|
|
using SafeExamBrowser.Configuration.Contracts;
|
|
|
|
|
using SafeExamBrowser.Configuration.Contracts.Cryptography;
|
2022-07-18 21:37:04 +02:00
|
|
|
|
using SafeExamBrowser.Configuration.Contracts.Integrity;
|
2021-10-18 12:06:10 +02:00
|
|
|
|
using SafeExamBrowser.Logging.Contracts;
|
|
|
|
|
|
|
|
|
|
namespace SafeExamBrowser.Configuration.Cryptography
|
|
|
|
|
{
|
|
|
|
|
public class KeyGenerator : IKeyGenerator
|
|
|
|
|
{
|
2022-07-20 20:38:13 +02:00
|
|
|
|
private readonly object @lock = new object();
|
|
|
|
|
|
2024-06-14 13:57:33 +02:00
|
|
|
|
private readonly ThreadLocal<SHA256Managed> algorithm;
|
2021-10-18 12:06:10 +02:00
|
|
|
|
private readonly AppConfig appConfig;
|
2022-07-18 21:37:04 +02:00
|
|
|
|
private readonly IIntegrityModule integrityModule;
|
2021-10-18 12:06:10 +02:00
|
|
|
|
private readonly ILogger logger;
|
|
|
|
|
|
|
|
|
|
private string browserExamKey;
|
|
|
|
|
|
2023-03-02 23:48:11 +01:00
|
|
|
|
public KeyGenerator(AppConfig appConfig, IIntegrityModule integrityModule, ILogger logger)
|
2021-10-18 12:06:10 +02:00
|
|
|
|
{
|
2024-06-14 13:57:33 +02:00
|
|
|
|
this.algorithm = new ThreadLocal<SHA256Managed>(() => new SHA256Managed());
|
2021-10-18 12:06:10 +02:00
|
|
|
|
this.appConfig = appConfig;
|
2022-07-18 21:37:04 +02:00
|
|
|
|
this.integrityModule = integrityModule;
|
2021-10-18 12:06:10 +02:00
|
|
|
|
this.logger = logger;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-02 23:48:11 +01:00
|
|
|
|
public string CalculateAppSignatureKey(string connectionToken, string salt)
|
|
|
|
|
{
|
|
|
|
|
if (integrityModule.TryCalculateAppSignatureKey(connectionToken, salt, out var appSignatureKey))
|
|
|
|
|
{
|
|
|
|
|
logger.Debug("Successfully calculated app signature key using integrity module.");
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
logger.Error("Failed to calculate app signature key using integrity module!");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return appSignatureKey;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public string CalculateBrowserExamKeyHash(string configurationKey, byte[] salt, string url)
|
2021-10-18 12:06:10 +02:00
|
|
|
|
{
|
|
|
|
|
var urlWithoutFragment = url.Split('#')[0];
|
2024-06-14 13:57:33 +02:00
|
|
|
|
var hash = algorithm.Value.ComputeHash(Encoding.UTF8.GetBytes(urlWithoutFragment + (browserExamKey ?? ComputeBrowserExamKey(configurationKey, salt))));
|
2022-07-18 21:37:04 +02:00
|
|
|
|
var key = ToString(hash);
|
2021-10-18 12:06:10 +02:00
|
|
|
|
|
|
|
|
|
return key;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-02 23:48:11 +01:00
|
|
|
|
public string CalculateConfigurationKeyHash(string configurationKey, string url)
|
2021-10-18 12:06:10 +02:00
|
|
|
|
{
|
|
|
|
|
var urlWithoutFragment = url.Split('#')[0];
|
2024-06-14 13:57:33 +02:00
|
|
|
|
var hash = algorithm.Value.ComputeHash(Encoding.UTF8.GetBytes(urlWithoutFragment + configurationKey));
|
2022-07-18 21:37:04 +02:00
|
|
|
|
var key = ToString(hash);
|
2021-10-18 12:06:10 +02:00
|
|
|
|
|
|
|
|
|
return key;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-08 22:24:29 +01:00
|
|
|
|
public void UseCustomBrowserExamKey(string browserExamKey)
|
|
|
|
|
{
|
|
|
|
|
if (browserExamKey != default)
|
|
|
|
|
{
|
|
|
|
|
this.browserExamKey = browserExamKey;
|
|
|
|
|
logger.Debug("Initialized custom browser exam key.");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-02 23:48:11 +01:00
|
|
|
|
private string ComputeBrowserExamKey(string configurationKey, byte[] salt)
|
2021-10-18 12:06:10 +02:00
|
|
|
|
{
|
2022-07-20 20:38:13 +02:00
|
|
|
|
lock (@lock)
|
2021-10-18 12:06:10 +02:00
|
|
|
|
{
|
2022-07-20 20:38:13 +02:00
|
|
|
|
if (browserExamKey == default)
|
2022-07-18 21:37:04 +02:00
|
|
|
|
{
|
2022-07-20 20:38:13 +02:00
|
|
|
|
logger.Debug("Initializing browser exam key...");
|
|
|
|
|
|
|
|
|
|
if (configurationKey == default)
|
|
|
|
|
{
|
|
|
|
|
configurationKey = "";
|
|
|
|
|
logger.Warn("The current configuration does not contain a value for the configuration key!");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (salt == default || salt.Length == 0)
|
|
|
|
|
{
|
|
|
|
|
salt = new byte[0];
|
|
|
|
|
logger.Warn("The current configuration does not contain a salt value for the browser exam key!");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (integrityModule.TryCalculateBrowserExamKey(configurationKey, ToString(salt), out browserExamKey))
|
|
|
|
|
{
|
2023-03-02 23:48:11 +01:00
|
|
|
|
logger.Debug("Successfully calculated browser exam key using integrity module.");
|
2022-07-20 20:38:13 +02:00
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2023-03-02 23:48:11 +01:00
|
|
|
|
logger.Warn("Failed to calculate browser exam key using integrity module! Falling back to simplified calculation...");
|
2022-07-20 20:38:13 +02:00
|
|
|
|
|
|
|
|
|
using (var algorithm = new HMACSHA256(salt))
|
|
|
|
|
{
|
|
|
|
|
var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(appConfig.CodeSignatureHash + appConfig.ProgramBuildVersion + configurationKey));
|
|
|
|
|
var key = ToString(hash);
|
|
|
|
|
|
|
|
|
|
browserExamKey = key;
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-07-18 21:37:04 +02:00
|
|
|
|
}
|
2021-10-18 12:06:10 +02:00
|
|
|
|
}
|
2022-07-18 21:37:04 +02:00
|
|
|
|
|
|
|
|
|
return browserExamKey;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private string ToString(byte[] bytes)
|
|
|
|
|
{
|
|
|
|
|
return BitConverter.ToString(bytes).ToLower().Replace("-", string.Empty);
|
2021-10-18 12:06:10 +02:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|