zervo/seb-win-refactoring
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SEBWIN-510: Implemented configuration tool changes.

Browse source
This commit is contained in:
Damian Büchel 2022-07-21 15:29:56 +02:00
parent 20ff39493d
commit 4d0f9797c6
4 changed files with 1149 additions and 1061 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
SebWindowsConfig/SebWindowsConfig.csproj
View file

@ -36,7 +36,7 @@
<DebugType>full</DebugType> <DebugType>full</DebugType>
<Optimize>false</Optimize> <Optimize>false</Optimize>
<OutputPath>bin\x86\Debug\</OutputPath> <OutputPath>bin\x86\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants> <DefineConstants>TRACE;DEBUG;X86</DefineConstants>
<ErrorReport>prompt</ErrorReport> <ErrorReport>prompt</ErrorReport>
<WarningLevel>0</WarningLevel> <WarningLevel>0</WarningLevel>
<Prefer32Bit>false</Prefer32Bit> <Prefer32Bit>false</Prefer32Bit>
@ -46,7 +46,7 @@
<DebugType>pdbonly</DebugType> <DebugType>pdbonly</DebugType>
<Optimize>true</Optimize> <Optimize>true</Optimize>
<OutputPath>bin\x86\Release\</OutputPath> <OutputPath>bin\x86\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants> <DefineConstants>TRACE;X86</DefineConstants>
<ErrorReport>prompt</ErrorReport> <ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel> <WarningLevel>4</WarningLevel>
<Prefer32Bit>false</Prefer32Bit> <Prefer32Bit>false</Prefer32Bit>
@ -198,8 +198,17 @@
</ItemGroup> </ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" /> <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
<PropertyGroup> <PropertyGroup>
<PostBuildEvent> <PostBuildEvent>IF EXIST "C:\SEB\seb_$(PlatformName).dll" (
</PostBuildEvent> robocopy "C:\SEB" "$(TargetDir)\" "seb_$(PlatformName).dll" /np
IF %2525ERRORLEVEL%2525 GEQ 8 (
EXIT 1
)
) ELSE (
ECHO WARNING: Integrity module not included!
)
EXIT 0</PostBuildEvent>
</PropertyGroup> </PropertyGroup>
<!-- To modify your build process, add your task inside one of the targets below and uncomment it. <!-- To modify your build process, add your task inside one of the targets below and uncomment it.
Other similar extension points exist, see Microsoft.Common.targets. Other similar extension points exist, see Microsoft.Common.targets.

63
SebWindowsConfig/SebWindowsConfigForm.cs
View file

@ -4,6 +4,7 @@ using System.Diagnostics;
using System.Drawing; using System.Drawing;
using System.IO; using System.IO;
using System.Linq; using System.Linq;
using System.Reflection;
using System.Security.Cryptography; using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates; using System.Security.Cryptography.X509Certificates;
using System.Text; using System.Text;
@ -125,10 +126,25 @@ namespace SebWindowsConfig
textBoxBrowserExamKey.Text = lastBrowserExamKey; textBoxBrowserExamKey.Text = lastBrowserExamKey;
textBoxConfigurationKey.Text = SEBProtectionController.ComputeConfigurationKey(); textBoxConfigurationKey.Text = SEBProtectionController.ComputeConfigurationKey();
LoadVersionInfo();
} // end of contructor SebWindowsConfigForm() } // end of contructor SebWindowsConfigForm()
private void LoadVersionInfo()
{
var executable = Assembly.GetEntryAssembly();
var programBuild = FileVersionInfo.GetVersionInfo(executable.Location).FileVersion;
var programVersion = executable.GetCustomAttribute<AssemblyInformationalVersionAttribute>().InformationalVersion;
var statusStrip = new StatusStrip();
statusStrip.Dock = DockStyle.Bottom;
statusStrip.SizingGrip = false;
statusStrip.Items.Add($"SEB Information: Version {programVersion}, Build {programBuild}");
Controls.Add(statusStrip);
Height += statusStrip.Height;
}
// ************************************************* // *************************************************
// Open the configuration file and read the settings // Open the configuration file and read the settings
@ -158,7 +174,8 @@ namespace SebWindowsConfig
} }
SEBClientInfo.LoadingSettingsFileName = ""; SEBClientInfo.LoadingSettingsFileName = "";
if (!String.IsNullOrEmpty(filePassword)) { if (!String.IsNullOrEmpty(filePassword))
{
// If we got the settings password because the user entered it when opening the .seb file, // If we got the settings password because the user entered it when opening the .seb file,
// we store it in a local variable // we store it in a local variable
settingsPassword = filePassword; settingsPassword = filePassword;
@ -202,26 +219,26 @@ namespace SebWindowsConfig
private void CheckAndOptionallyRemoveDefaultProhibitedProcesses() private void CheckAndOptionallyRemoveDefaultProhibitedProcesses()
{ {
if ((bool)SEBSettings.settingsCurrent[SEBSettings.KeyCreateNewDesktop]) //if ((bool) SEBSettings.settingsCurrent[SEBSettings.KeyCreateNewDesktop])
{ //{
if (SEBSettings.CheckForDefaultProhibitedProcesses(false)) // if (SEBSettings.CheckForDefaultProhibitedProcesses(false))
{ // {
var messageBoxResult = MessageBox.Show( // var messageBoxResult = MessageBox.Show(
this, // this,
"Settings contain at least one of the default prohibited processes (mostly web browsers), " + // "Settings contain at least one of the default prohibited processes (mostly web browsers), " +
"which should not run when SEB is used with the Disable Explorer Shell kiosk mode. " + // "which should not run when SEB is used with the Disable Explorer Shell kiosk mode. " +
"As your settings are not using Disable Explorer Shell, " + // "As your settings are not using Disable Explorer Shell, " +
"do you want to remove those default prohibited processes from the configuration?", // "do you want to remove those default prohibited processes from the configuration?",
"Default Prohibited Processes Found", // "Default Prohibited Processes Found",
MessageBoxButtons.YesNo, // MessageBoxButtons.YesNo,
MessageBoxIcon.Question); // MessageBoxIcon.Question);
if (messageBoxResult == DialogResult.Yes) // if (messageBoxResult == DialogResult.Yes)
{ // {
SEBSettings.CheckForDefaultProhibitedProcesses(true); // SEBSettings.CheckForDefaultProhibitedProcesses(true);
} // }
} // }
} //}
} }
@ -690,7 +707,8 @@ namespace SebWindowsConfig
// For downwards compatibility of embedded SSL certs, if there is no data in the new data key certificateDataBase64 // For downwards compatibility of embedded SSL certs, if there is no data in the new data key certificateDataBase64
// we read data from the old data key certificateDataWin and save it to the new key. // we read data from the old data key certificateDataWin and save it to the new key.
// Please note: The Browser Exam Key of these settings is changed by this // Please note: The Browser Exam Key of these settings is changed by this
if (type == IntSSLClientCertificate && String.IsNullOrEmpty((String)SEBSettings.embeddedCertificateData[SEBSettings.KeyCertificateDataBase64])) { if (type == IntSSLClientCertificate && String.IsNullOrEmpty((String) SEBSettings.embeddedCertificateData[SEBSettings.KeyCertificateDataBase64]))
{
String base64Data = (String) SEBSettings.embeddedCertificateData[SEBSettings.KeyCertificateDataWin]; String base64Data = (String) SEBSettings.embeddedCertificateData[SEBSettings.KeyCertificateDataWin];
SEBSettings.embeddedCertificateData[SEBSettings.KeyCertificateDataBase64] = base64Data; SEBSettings.embeddedCertificateData[SEBSettings.KeyCertificateDataBase64] = base64Data;
} }
@ -1383,7 +1401,8 @@ namespace SebWindowsConfig
// Save the new salt // Save the new salt
SEBSettings.settingsCurrent[SEBSettings.KeyExamKeySalt] = newExamKeySalt; SEBSettings.settingsCurrent[SEBSettings.KeyExamKeySalt] = newExamKeySalt;
} }
if (fileDialogResult.Equals(DialogResult.OK)) { if (fileDialogResult.Equals(DialogResult.OK))
{
if (!SaveConfigurationFileFromEditor(fileName)) if (!SaveConfigurationFileFromEditor(fileName))
{ {
MessageBox.Show(SEBUIStrings.savingSettingsFailedMessage, SEBUIStrings.savingSettingsFailed, MessageBoxButtons.OK, MessageBoxIcon.Error); MessageBox.Show(SEBUIStrings.savingSettingsFailedMessage, SEBUIStrings.savingSettingsFailed, MessageBoxButtons.OK, MessageBoxIcon.Error);

52
SebWindowsConfig/SebWindowsConfigGUIManagement.cs
View file

@ -182,39 +182,39 @@ namespace SebWindowsConfig
// Strings for encryption identities (KeyChain, Certificate Store) // Strings for encryption identities (KeyChain, Certificate Store)
//static ArrayList chooseIdentityStringArrayList = new ArrayList(); //static ArrayList chooseIdentityStringArrayList = new ArrayList();
//static String[] chooseIdentityStringArray = new String[1]; //static String[] chooseIdentityStringArray = new String[1];
static List<String> StringCryptoIdentity = new List<String>(); static readonly List<String> StringCryptoIdentity = new List<String>();
static ArrayList certificateReferences = new ArrayList(); static ArrayList certificateReferences = new ArrayList();
static ArrayList certificateSSLReferences = new ArrayList(); static ArrayList certificateSSLReferences = new ArrayList();
// Entries of ListBoxes // Entries of ListBoxes
//static Byte[] ByteArrayExamKeySalt = new Byte[] {}; //static Byte[] ByteArrayExamKeySalt = new Byte[] {};
static String[] StringCryptoIdentityArray; static String[] StringCryptoIdentityArray;
static String[] StringSebPurpose = new String[2]; static readonly String[] StringSebPurpose = new String[2];
static String[] StringSebMode = new String[2]; static readonly String[] StringSebMode = new String[2];
static String[] StringBrowserViewMode = new String[2]; static readonly String[] StringBrowserViewMode = new String[2];
static String[] StringWindowWidth = new String[5]; static readonly String[] StringWindowWidth = new String[5];
static String[] StringWindowHeight = new String[5]; static readonly String[] StringWindowHeight = new String[5];
static String[] StringWindowPositioning = new String[3]; static readonly String[] StringWindowPositioning = new String[3];
static String[] StringTaskBarHeight = new String[3]; static readonly String[] StringTaskBarHeight = new String[3];
static String[] StringPolicyLinkOpening = new String[3]; static readonly String[] StringPolicyLinkOpening = new String[3];
static String[] StringPolicyFileUpload = new String[3]; static readonly String[] StringPolicyFileUpload = new String[3];
static String[] StringPolicyProxySettings = new String[2]; static readonly String[] StringPolicyProxySettings = new String[2];
static String[] StringPolicySebService = new String[3]; static readonly String[] StringPolicySebService = new String[3];
static String[] StringFunctionKey = new String[12]; static readonly String[] StringFunctionKey = new String[12];
static String[] StringActive = new String[2]; static readonly String[] StringActive = new String[2];
static String[] StringOS = new String[2]; static readonly String[] StringOS = new String[2];
static String[] StringAction = new String[5]; static readonly String[] StringAction = new String[5];
static String[] StringCertificateType = new String[4]; static readonly String[] StringCertificateType = new String[4];
static String[] StringProxyProtocolTableCaption = new String[7]; static readonly String[] StringProxyProtocolTableCaption = new String[7];
static String[] StringProxyProtocolServerLabel = new String[7]; static readonly String[] StringProxyProtocolServerLabel = new String[7];
static Boolean[] BooleanProxyProtocolEnabled = new Boolean[7]; static readonly Boolean[] BooleanProxyProtocolEnabled = new Boolean[7];
static String[] KeyProxyProtocolType = new String[7]; static readonly String[] KeyProxyProtocolType = new String[7];
static String[] KeyProxyProtocolAttribute = new String[7]; static readonly String[] KeyProxyProtocolAttribute = new String[7];
static String[] KeyProxyProtocolEnable = new String[7]; static readonly String[] KeyProxyProtocolEnable = new String[7];
static String[] StringMinMacOSVersion = new String[11]; static readonly String[] StringMinMacOSVersion = new String[11];
static String[] StringAllowedDisplaysMaxNumber = new String[3]; static readonly String[] StringAllowedDisplaysMaxNumber = new String[3];
// *********************** // ***********************
// Methods for GUI widgets // Methods for GUI widgets
@ -397,6 +397,8 @@ namespace SebWindowsConfig
// ******************************************************* // *******************************************************
private void InitialiseGUIWidgets() private void InitialiseGUIWidgets()
{ {
tabControlSebWindowsConfig.Dock = DockStyle.Fill;
// At program start, the local client settings configuration file is loaded // At program start, the local client settings configuration file is loaded
currentDireSebConfigFile = SEBClientInfo.SebClientSettingsAppDataDirectory; currentDireSebConfigFile = SEBClientInfo.SebClientSettingsAppDataDirectory;
currentFileSebConfigFile = SEBClientInfo.SEB_CLIENT_CONFIG; currentFileSebConfigFile = SEBClientInfo.SEB_CLIENT_CONFIG;

64
SebWindowsConfig/Utilities/SEBProtectionController.cs
View file

@ -6,6 +6,7 @@ using System.Globalization;
using System.IO; using System.IO;
using System.Linq; using System.Linq;
using System.Reflection; using System.Reflection;
using System.Runtime.InteropServices;
using System.Security.Cryptography; using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates; using System.Security.Cryptography.X509Certificates;
using System.Text; using System.Text;
@ -51,6 +52,13 @@ namespace SebWindowsConfig.Utilities
{ {
public class SEBProtectionController public class SEBProtectionController
{ {
const string DLL_NAME =
#if X86
"seb_x86.dll";
#else
"seb_x64.dll";
#endif
// Prefix // Prefix
private const int PREFIX_LENGTH = 4; private const int PREFIX_LENGTH = 4;
private const string PUBLIC_KEY_HASH_MODE = "pkhs"; private const string PUBLIC_KEY_HASH_MODE = "pkhs";
@ -64,7 +72,7 @@ namespace SebWindowsConfig.Utilities
// RNCryptor non-secret payload (header) // RNCryptor non-secret payload (header)
// First byte: Data format version. Currently 2. // First byte: Data format version. Currently 2.
// Second byte: Options, bit 0 - uses password (so currently 1). // Second byte: Options, bit 0 - uses password (so currently 1).
private static byte[] RNCRYPTOR_HEADER = new byte[] { 0x02, 0x01 }; private static readonly byte[] RNCRYPTOR_HEADER = new byte[] { 0x02, 0x01 };
enum EncryptionT enum EncryptionT
{ {
@ -572,22 +580,72 @@ namespace SebWindowsConfig.Utilities
/// ---------------------------------------------------------------------------------------- /// ----------------------------------------------------------------------------------------
public static string ComputeBrowserExamKey() public static string ComputeBrowserExamKey()
{ {
var browserExamKey = default(string);
var configurationKey = ComputeConfigurationKey();
var executable = Assembly.GetExecutingAssembly(); var executable = Assembly.GetExecutingAssembly();
var certificate = executable.Modules.First().GetSignerCertificate(); var certificate = executable.Modules.First().GetSignerCertificate();
var salt = (byte[]) SEBSettings.settingsCurrent[SEBSettings.KeyExamKeySalt]; var salt = (byte[]) SEBSettings.settingsCurrent[SEBSettings.KeyExamKeySalt];
var signature = certificate?.GetCertHashString(); var signature = certificate?.GetCertHashString();
var version = FileVersionInfo.GetVersionInfo(executable.Location).FileVersion; var version = FileVersionInfo.GetVersionInfo(executable.Location).FileVersion;
var configurationKey = ComputeConfigurationKey();
Logger.AddInformation("Initializing browser exam key...");
if (configurationKey == default)
{
configurationKey = "";
Logger.AddWarning("The current configuration does not contain a value for the configuration key!");
}
if (salt == default || salt.Length == 0)
{
salt = new byte[0];
Logger.AddWarning("The current configuration does not contain a salt value for the browser exam key!");
}
if (TryCalculateBrowserExamKey(configurationKey, BitConverter.ToString(salt).ToLower().Replace("-", string.Empty), out browserExamKey))
{
Logger.AddInformation("Successfully calculated BEK using integrity module.");
}
else
{
Logger.AddWarning("Failed to calculate BEK using integrity module! Falling back to simplified calculation...");
using (var algorithm = new HMACSHA256(salt)) using (var algorithm = new HMACSHA256(salt))
{ {
var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(signature + version + configurationKey)); var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(signature + version + configurationKey));
var key = BitConverter.ToString(hash).ToLower().Replace("-", string.Empty); var key = BitConverter.ToString(hash).ToLower().Replace("-", string.Empty);
return key; browserExamKey = key;
} }
} }
return browserExamKey;
}
private static bool TryCalculateBrowserExamKey(string configurationKey, string salt, out string browserExamKey)
{
browserExamKey = default;
try
{
browserExamKey = CalculateBrowserExamKey(configurationKey, salt);
}
catch (DllNotFoundException)
{
Logger.AddWarning("Integrity module is not available!");
}
catch (Exception e)
{
Logger.AddError("Unexpected error while attempting to calculate browser exam key!", default, e);
}
return browserExamKey != default;
}
[DllImport(DLL_NAME, CallingConvention = CallingConvention.Cdecl)]
[return: MarshalAs(UnmanagedType.BStr)]
private static extern string CalculateBrowserExamKey(string configurationKey, string salt);
/// ---------------------------------------------------------------------------------------- /// ----------------------------------------------------------------------------------------
/// <summary> /// <summary>
/// Compute a Configuration Key SHA256 hash base16 string. /// Compute a Configuration Key SHA256 hash base16 string.