SEBWIN-510: Implemented configuration tool changes.

SebWindowsConfig/SebWindowsConfig.csproj

@@ -36,7 +36,7 @@
     <DebugType>full</DebugType>
     <Optimize>false</Optimize>
     <OutputPath>bin\x86\Debug\</OutputPath>
-    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <DefineConstants>TRACE;DEBUG;X86</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>0</WarningLevel>
     <Prefer32Bit>false</Prefer32Bit>
@@ -46,7 +46,7 @@
     <DebugType>pdbonly</DebugType>
     <Optimize>true</Optimize>
     <OutputPath>bin\x86\Release\</OutputPath>
-    <DefineConstants>TRACE</DefineConstants>
+    <DefineConstants>TRACE;X86</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
     <Prefer32Bit>false</Prefer32Bit>
@@ -198,8 +198,17 @@
   </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <PropertyGroup>
-    <PostBuildEvent>
-    </PostBuildEvent>
+    <PostBuildEvent>IF EXIST "C:\SEB\seb_$(PlatformName).dll" (
+    robocopy "C:\SEB" "$(TargetDir)\" "seb_$(PlatformName).dll" /np
+
+    IF %2525ERRORLEVEL%2525 GEQ 8 (
+        EXIT 1
+    )
+) ELSE (
+    ECHO WARNING: Integrity module not included!
+)
+
+EXIT 0</PostBuildEvent>
   </PropertyGroup>
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.

SebWindowsConfig/SebWindowsConfigGUIManagement.cs

@@ -102,7 +102,7 @@ namespace SebWindowsConfig
 		const int IntColumnProcessDescription = 3;
 
 		const int IntColumnProcessArgument = 1;
-/*
+		/*
 				const String StringColumnProcessActive      = "Active";
 				const String StringColumnProcessOS          = "OS";
 				const String StringColumnProcessExecutable  = "Executable";
@@ -110,7 +110,7 @@ namespace SebWindowsConfig
 				const String StringColumnProcessDescription = "Description";
 
 				const String StringColumnProcessArgument = "Argument";
-*/
+		*/
 		// URL Filter Rules table columns (0,1,2,3,4).
 		// Show, Active, Regex, Expression, Action
 		const int IntColumnURLFilterRuleShow = 0;
@@ -118,13 +118,13 @@ namespace SebWindowsConfig
 		const int IntColumnURLFilterRuleRegex = 2;
 		const int IntColumnURLFilterRuleExpression = 3;
 		const int IntColumnURLFilterRuleAction = 4;
-/*
+		/*
 				const String StringColumnURLFilterRuleShow       = "Show";
 				const String StringColumnURLFilterRuleActive     = "Active";
 				const String StringColumnURLFilterRuleRegex      = "Regex";
 				const String StringColumnURLFilterRuleExpression = "Expression";
 				const String StringColumnURLFilterRuleAction     = "Action";
-*/
+		*/
 		// Embedded Certificates table columns (0,1).
 		// Type, Name
 		const int IntColumnCertificateType = 0;
@@ -182,39 +182,39 @@ namespace SebWindowsConfig
 		// Strings for encryption identities (KeyChain, Certificate Store)
 		//static ArrayList chooseIdentityStringArrayList = new ArrayList();
 		//static String[]  chooseIdentityStringArray = new String[1];
-		static List<String> StringCryptoIdentity = new List<String>();
+		static readonly List<String> StringCryptoIdentity = new List<String>();
 		static ArrayList certificateReferences = new ArrayList();
 		static ArrayList certificateSSLReferences = new ArrayList();
 
 		// Entries of ListBoxes
 		//static    Byte[]    ByteArrayExamKeySalt          = new Byte[] {};
 		static String[] StringCryptoIdentityArray;
-		static  String[]  StringSebPurpose                = new  String[2];
-		static  String[]  StringSebMode                   = new  String[2];
-		static  String[]  StringBrowserViewMode           = new  String[2];
-		static  String[]  StringWindowWidth               = new  String[5];
-		static  String[]  StringWindowHeight              = new  String[5];
-		static  String[]  StringWindowPositioning         = new  String[3];
-		static  String[]  StringTaskBarHeight             = new  String[3];
-		static  String[]  StringPolicyLinkOpening         = new  String[3];
-		static  String[]  StringPolicyFileUpload          = new  String[3];
-		static  String[]  StringPolicyProxySettings       = new  String[2];
-		static  String[]  StringPolicySebService          = new  String[3];
-		static  String[]  StringFunctionKey               = new  String[12];
-		static  String[]  StringActive                    = new  String[2];
-		static  String[]  StringOS                        = new  String[2];
-		static  String[]  StringAction                    = new  String[5];
-		static  String[]  StringCertificateType           = new  String[4];
-		static  String[]  StringProxyProtocolTableCaption = new  String[7];
-		static  String[]  StringProxyProtocolServerLabel  = new  String[7];
-		static Boolean[] BooleanProxyProtocolEnabled      = new Boolean[7];
+		static readonly String[] StringSebPurpose = new String[2];
+		static readonly String[] StringSebMode = new String[2];
+		static readonly String[] StringBrowserViewMode = new String[2];
+		static readonly String[] StringWindowWidth = new String[5];
+		static readonly String[] StringWindowHeight = new String[5];
+		static readonly String[] StringWindowPositioning = new String[3];
+		static readonly String[] StringTaskBarHeight = new String[3];
+		static readonly String[] StringPolicyLinkOpening = new String[3];
+		static readonly String[] StringPolicyFileUpload = new String[3];
+		static readonly String[] StringPolicyProxySettings = new String[2];
+		static readonly String[] StringPolicySebService = new String[3];
+		static readonly String[] StringFunctionKey = new String[12];
+		static readonly String[] StringActive = new String[2];
+		static readonly String[] StringOS = new String[2];
+		static readonly String[] StringAction = new String[5];
+		static readonly String[] StringCertificateType = new String[4];
+		static readonly String[] StringProxyProtocolTableCaption = new String[7];
+		static readonly String[] StringProxyProtocolServerLabel = new String[7];
+		static readonly Boolean[] BooleanProxyProtocolEnabled = new Boolean[7];
 
-		static  String[]  KeyProxyProtocolType      = new  String[7];
-		static  String[]  KeyProxyProtocolAttribute = new  String[7];
-		static  String[]  KeyProxyProtocolEnable    = new  String[7];
+		static readonly String[] KeyProxyProtocolType = new String[7];
+		static readonly String[] KeyProxyProtocolAttribute = new String[7];
+		static readonly String[] KeyProxyProtocolEnable = new String[7];
 
-		static String[] StringMinMacOSVersion = new String[11];
-		static String[] StringAllowedDisplaysMaxNumber = new String[3];
+		static readonly String[] StringMinMacOSVersion = new String[11];
+		static readonly String[] StringAllowedDisplaysMaxNumber = new String[3];
 
 		// ***********************
 		// Methods for GUI widgets
@@ -226,10 +226,10 @@ namespace SebWindowsConfig
 		private void InitialiseGlobalVariablesForGUIWidgets()
 		{
 
-			SEBSettings.   permittedProcessIndex = 0;
-			SEBSettings.  prohibitedProcessIndex = 0;
+			SEBSettings.permittedProcessIndex = 0;
+			SEBSettings.prohibitedProcessIndex = 0;
 			SEBSettings.embeddedCertificateIndex = 0;
-			SEBSettings.      bypassedProxyIndex = 0;
+			SEBSettings.bypassedProxyIndex = 0;
 
 			// Define the strings for the Encryption Identity
 			StringCryptoIdentity.Add("none");
@@ -302,7 +302,7 @@ namespace SebWindowsConfig
 
 			// Define the strings for the Permitted and Prohibited Processes
 			StringActive[IntFalse] = "false";
-			StringActive[IntTrue ] = "true";
+			StringActive[IntTrue] = "true";
 
 			StringOS[IntOSX] = StringOSX;
 			StringOS[IntWin] = StringWin;
@@ -310,9 +310,9 @@ namespace SebWindowsConfig
 			// Define the strings for the URL Filter Rule Actions
 			StringAction[IntBlock] = StringBlock;
 			StringAction[IntAllow] = StringAllow;
-			StringAction[IntSkip ] = StringSkip;
-			StringAction[IntAnd  ] = StringAnd;
-			StringAction[IntOr   ] = StringOr;
+			StringAction[IntSkip] = StringSkip;
+			StringAction[IntAnd] = StringAnd;
+			StringAction[IntOr] = StringOr;
 
 			// Define the strings for the Embedded Certificates
 			StringCertificateType[IntSSLClientCertificate] = StringSSLServerCertificate;
@@ -397,6 +397,8 @@ namespace SebWindowsConfig
 		// *******************************************************
 		private void InitialiseGUIWidgets()
 		{
+			tabControlSebWindowsConfig.Dock = DockStyle.Fill;
+
 			// At program start, the local client settings configuration file is loaded
 			currentDireSebConfigFile = SEBClientInfo.SebClientSettingsAppDataDirectory;
 			currentFileSebConfigFile = SEBClientInfo.SEB_CLIENT_CONFIG;
@@ -432,13 +434,13 @@ namespace SebWindowsConfig
 			// At program start, no file has yet been opened, so revert is not possible
 			buttonRevertToLastOpened.Enabled = false;
 
-			comboBoxMainBrowserWindowWidth      .Items.AddRange(StringWindowWidth);
-			comboBoxMainBrowserWindowHeight     .Items.AddRange(StringWindowHeight);
+			comboBoxMainBrowserWindowWidth.Items.AddRange(StringWindowWidth);
+			comboBoxMainBrowserWindowHeight.Items.AddRange(StringWindowHeight);
 			listBoxMainBrowserWindowPositioning.Items.AddRange(StringWindowPositioning);
 
-			comboBoxNewBrowserWindowWidth       .Items.AddRange(StringWindowWidth);
-			comboBoxNewBrowserWindowHeight      .Items.AddRange(StringWindowHeight);
-			 listBoxNewBrowserWindowPositioning .Items.AddRange(StringWindowPositioning);
+			comboBoxNewBrowserWindowWidth.Items.AddRange(StringWindowWidth);
+			comboBoxNewBrowserWindowHeight.Items.AddRange(StringWindowHeight);
+			listBoxNewBrowserWindowPositioning.Items.AddRange(StringWindowPositioning);
 
 			comboBoxUrlPolicyMainWindow.Items.Add("Never");
 			comboBoxUrlPolicyMainWindow.Items.Add("OnlyLoadError");
@@ -455,7 +457,7 @@ namespace SebWindowsConfig
 			listBoxOpenLinksHTML.Items.AddRange(StringPolicyLinkOpening);
 
 			listBoxChooseFileToUploadPolicy.Items.AddRange(StringPolicyFileUpload);
-			 listBoxSebServicePolicy        .Items.AddRange(StringPolicySebService);
+			listBoxSebServicePolicy.Items.AddRange(StringPolicySebService);
 			comboBoxMinMacOSVersion.Items.AddRange(StringMinMacOSVersion);
 			comboBoxAllowedDisplaysMaxNumber.Items.AddRange(StringAllowedDisplaysMaxNumber);
 
@@ -500,30 +502,30 @@ namespace SebWindowsConfig
 			dataGridViewProxyProtocols.SelectionMode = DataGridViewSelectionMode.FullRowSelect;
 
 
-			dataGridViewPermittedProcesses.Columns[IntColumnProcessActive    ].ValueType = typeof(Boolean);
-			dataGridViewPermittedProcesses.Columns[IntColumnProcessOS        ].ValueType = typeof(String);
+			dataGridViewPermittedProcesses.Columns[IntColumnProcessActive].ValueType = typeof(Boolean);
+			dataGridViewPermittedProcesses.Columns[IntColumnProcessOS].ValueType = typeof(String);
 			dataGridViewPermittedProcesses.Columns[IntColumnProcessExecutable].ValueType = typeof(String);
-			dataGridViewPermittedProcesses.Columns[IntColumnProcessTitle     ].ValueType = typeof(String);
+			dataGridViewPermittedProcesses.Columns[IntColumnProcessTitle].ValueType = typeof(String);
 
-			dataGridViewPermittedProcessArguments.Columns[IntColumnProcessActive  ].ValueType = typeof(Boolean);
+			dataGridViewPermittedProcessArguments.Columns[IntColumnProcessActive].ValueType = typeof(Boolean);
 			dataGridViewPermittedProcessArguments.Columns[IntColumnProcessArgument].ValueType = typeof(String);
 
-			dataGridViewProhibitedProcesses.Columns[IntColumnProcessActive     ].ValueType = typeof(Boolean);
-			dataGridViewProhibitedProcesses.Columns[IntColumnProcessOS         ].ValueType = typeof(String);
-			dataGridViewProhibitedProcesses.Columns[IntColumnProcessExecutable ].ValueType = typeof(String);
+			dataGridViewProhibitedProcesses.Columns[IntColumnProcessActive].ValueType = typeof(Boolean);
+			dataGridViewProhibitedProcesses.Columns[IntColumnProcessOS].ValueType = typeof(String);
+			dataGridViewProhibitedProcesses.Columns[IntColumnProcessExecutable].ValueType = typeof(String);
 			dataGridViewProhibitedProcesses.Columns[IntColumnProcessDescription].ValueType = typeof(String);
 
 			dataGridViewEmbeddedCertificates.Columns[IntColumnCertificateType].ValueType = typeof(String);
 			dataGridViewEmbeddedCertificates.Columns[IntColumnCertificateName].ValueType = typeof(String);
 
 			dataGridViewProxyProtocols.Columns[IntColumnProxyProtocolEnable].ValueType = typeof(Boolean);
-			dataGridViewProxyProtocols.Columns[IntColumnProxyProtocolType  ].ValueType = typeof(String);
+			dataGridViewProxyProtocols.Columns[IntColumnProxyProtocolType].ValueType = typeof(String);
 
 			dataGridViewProxyProtocols.Columns[IntColumnProxyProtocolEnable].ReadOnly = false;
-			dataGridViewProxyProtocols.Columns[IntColumnProxyProtocolType  ].ReadOnly = true;
+			dataGridViewProxyProtocols.Columns[IntColumnProxyProtocolType].ReadOnly = true;
 
 			// Assign the column names to the DataGridViews
-/*
+			/*
 						dataGridViewPermittedProcesses.Columns.Add(StringColumnActive    , StringColumnActive);
 						dataGridViewPermittedProcesses.Columns.Add(StringColumnOS        , StringColumnOS);
 						dataGridViewPermittedProcesses.Columns.Add(StringColumnExecutable, StringColumnExecutable);
@@ -550,11 +552,11 @@ namespace SebWindowsConfig
 						dataGridViewProxyProtocols.Columns.Add(StringColumnProxyProtocolType  , StringColumnProxyProtocolType);
 
 						dataGridViewBypassedProxies.Columns.Add(StringColumnDomainHostPort, StringColumnDomainHostPort);
-*/
-			groupBoxPermittedProcess .Enabled = false;
+			*/
+			groupBoxPermittedProcess.Enabled = false;
 			groupBoxProhibitedProcess.Enabled = false;
 
-			listBoxPermittedProcessOS .Items.AddRange(StringOS);
+			listBoxPermittedProcessOS.Items.AddRange(StringOS);
 			listBoxProhibitedProcessOS.Items.AddRange(StringOS);
 
 			// Auto-resize the columns and cells

SebWindowsConfig/Utilities/SEBProtectionController.cs

@@ -6,6 +6,7 @@ using System.Globalization;
 using System.IO;
 using System.Linq;
 using System.Reflection;
+using System.Runtime.InteropServices;
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
@@ -51,6 +52,13 @@ namespace SebWindowsConfig.Utilities
 {
 	public class SEBProtectionController
 	{
+		const string DLL_NAME =
+#if X86
+		"seb_x86.dll";
+#else
+		"seb_x64.dll";
+#endif
+
 		// Prefix
 		private const int PREFIX_LENGTH = 4;
 		private const string PUBLIC_KEY_HASH_MODE = "pkhs";
@@ -64,7 +72,7 @@ namespace SebWindowsConfig.Utilities
 		// RNCryptor non-secret payload (header)
 		// First byte: Data format version. Currently 2.
 		// Second byte: Options, bit 0 - uses password (so currently 1).
-		private static byte[] RNCRYPTOR_HEADER = new byte[] { 0x02, 0x01 };
+		private static readonly byte[] RNCRYPTOR_HEADER = new byte[] { 0x02, 0x01 };
 
 		enum EncryptionT
 		{
@@ -572,22 +580,72 @@ namespace SebWindowsConfig.Utilities
 		/// ----------------------------------------------------------------------------------------
 		public static string ComputeBrowserExamKey()
 		{
+			var browserExamKey = default(string);
+			var configurationKey = ComputeConfigurationKey();
 			var executable = Assembly.GetExecutingAssembly();
 			var certificate = executable.Modules.First().GetSignerCertificate();
 			var salt = (byte[]) SEBSettings.settingsCurrent[SEBSettings.KeyExamKeySalt];
 			var signature = certificate?.GetCertHashString();
 			var version = FileVersionInfo.GetVersionInfo(executable.Location).FileVersion;
-			var configurationKey = ComputeConfigurationKey();
+
+			Logger.AddInformation("Initializing browser exam key...");
+
+			if (configurationKey == default)
+			{
+				configurationKey = "";
+				Logger.AddWarning("The current configuration does not contain a value for the configuration key!");
+			}
+
+			if (salt == default || salt.Length == 0)
+			{
+				salt = new byte[0];
+				Logger.AddWarning("The current configuration does not contain a salt value for the browser exam key!");
+			}
+
+			if (TryCalculateBrowserExamKey(configurationKey, BitConverter.ToString(salt).ToLower().Replace("-", string.Empty), out browserExamKey))
+			{
+				Logger.AddInformation("Successfully calculated BEK using integrity module.");
+			}
+			else
+			{
+				Logger.AddWarning("Failed to calculate BEK using integrity module! Falling back to simplified calculation...");
 
 				using (var algorithm = new HMACSHA256(salt))
 				{
 					var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(signature + version + configurationKey));
 					var key = BitConverter.ToString(hash).ToLower().Replace("-", string.Empty);
 
-				return key;
+					browserExamKey = key;
 				}
 			}
 
+			return browserExamKey;
+		}
+
+		private static bool TryCalculateBrowserExamKey(string configurationKey, string salt, out string browserExamKey)
+		{
+			browserExamKey = default;
+
+			try
+			{
+				browserExamKey = CalculateBrowserExamKey(configurationKey, salt);
+			}
+			catch (DllNotFoundException)
+			{
+				Logger.AddWarning("Integrity module is not available!");
+			}
+			catch (Exception e)
+			{
+				Logger.AddError("Unexpected error while attempting to calculate browser exam key!", default, e);
+			}
+
+			return browserExamKey != default;
+		}
+
+		[DllImport(DLL_NAME, CallingConvention = CallingConvention.Cdecl)]
+		[return: MarshalAs(UnmanagedType.BStr)]
+		private static extern string CalculateBrowserExamKey(string configurationKey, string salt);
+
 		/// ----------------------------------------------------------------------------------------
 		/// <summary>
 		/// Compute a Configuration Key SHA256 hash base16 string.