zervo/seb-win-refactoring
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SEBWIN-309, SEBWIN-358: Corrected usage of salt value for browser exam key.

Browse source
This commit is contained in:
dbuechel 2020-02-19 15:21:34 +01:00
parent 1a840ffac5
commit 6ad5d062db
4 changed files with 12 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
SafeExamBrowser.Browser/Handlers/ResourceHandler.cs
View file

@ -130,12 +130,15 @@ namespace SafeExamBrowser.Browser.Handlers
private string ComputeBrowserExamKey()
{
var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(settings.ExamKeySalt + appConfig.CodeSignatureHash + appConfig.ProgramBuildVersion + settings.ConfigurationKey));
var key = BitConverter.ToString(hash).ToLower().Replace("-", string.Empty);
using (var algorithm = new HMACSHA256(settings.ExamKeySalt))
{
var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(appConfig.CodeSignatureHash + appConfig.ProgramBuildVersion + settings.ConfigurationKey));
var key = BitConverter.ToString(hash).ToLower().Replace("-", string.Empty);
browserExamKey = key;
browserExamKey = key;
return browserExamKey;
return browserExamKey;
}
}
private bool IsMailtoUrl(string url)

3
SafeExamBrowser.Configuration/ConfigurationData/DataMapping/BrowserDataMapper.cs
View file

@ -6,7 +6,6 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
using System;
using System.Collections.Generic;
using SafeExamBrowser.Settings;
using SafeExamBrowser.Settings.Browser;
@ -281,7 +280,7 @@ namespace SafeExamBrowser.Configuration.ConfigurationData.DataMapping
{
if (value is byte[] salt)
{
settings.Browser.ExamKeySalt = BitConverter.ToString(salt).ToLower().Replace("-", string.Empty);
settings.Browser.ExamKeySalt = salt;
}
}

2
SafeExamBrowser.Settings/Browser/BrowserSettings.cs
View file

@ -94,7 +94,7 @@ namespace SafeExamBrowser.Settings.Browser
/// <summary>
/// The salt value for the calculation of the exam key which is used for integrity checks with server applications (see also <see cref="SendExamKey"/>).
/// </summary>
public string ExamKeySalt { get; set; }
public byte[] ExamKeySalt { get; set; }
/// <summary>
/// The settings to be used for the browser request filter.

6
SebWindowsConfig/Utilities/SEBProtectionController.cs
View file

@ -574,14 +574,14 @@ namespace SebWindowsConfig.Utilities
{
var executable = Assembly.GetExecutingAssembly();
var certificate = executable.Modules.First().GetSignerCertificate();
var salt = BitConverter.ToString((byte[])SEBSettings.settingsCurrent[SEBSettings.KeyExamKeySalt]).ToLower().Replace("-", string.Empty);
var salt = (byte[]) SEBSettings.settingsCurrent[SEBSettings.KeyExamKeySalt];
var signature = certificate?.GetCertHashString();
var version = FileVersionInfo.GetVersionInfo(executable.Location).FileVersion;
var configurationKey = ComputeConfigurationKey();
using (var algorithm = new SHA256Managed())
using (var algorithm = new HMACSHA256(salt))
{
var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(salt + signature + version + configurationKey));
var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(signature + version + configurationKey));
var key = BitConverter.ToString(hash).ToLower().Replace("-", string.Empty);
return key;