zervo/seb-win-refactoring
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SEBWIN-309, SEBWIN-358: Corrected usage of salt value for browser exam key.

Browse source
This commit is contained in:
dbuechel 2020-02-19 15:21:34 +01:00
parent 1a840ffac5
commit 6ad5d062db
4 changed files with 12 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
SafeExamBrowser.Browser/Handlers/ResourceHandler.cs
View file

@ -130,12 +130,15 @@ namespace SafeExamBrowser.Browser.Handlers
private string ComputeBrowserExamKey() private string ComputeBrowserExamKey()
{ {
var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(settings.ExamKeySalt + appConfig.CodeSignatureHash + appConfig.ProgramBuildVersion + settings.ConfigurationKey)); using (var algorithm = new HMACSHA256(settings.ExamKeySalt))
var key = BitConverter.ToString(hash).ToLower().Replace("-", string.Empty); {
var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(appConfig.CodeSignatureHash + appConfig.ProgramBuildVersion + settings.ConfigurationKey));
var key = BitConverter.ToString(hash).ToLower().Replace("-", string.Empty);
browserExamKey = key; browserExamKey = key;
return browserExamKey; return browserExamKey;
}
} }
private bool IsMailtoUrl(string url) private bool IsMailtoUrl(string url)

3
SafeExamBrowser.Configuration/ConfigurationData/DataMapping/BrowserDataMapper.cs
View file

@ -6,7 +6,6 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. * file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/ */
using System;
using System.Collections.Generic; using System.Collections.Generic;
using SafeExamBrowser.Settings; using SafeExamBrowser.Settings;
using SafeExamBrowser.Settings.Browser; using SafeExamBrowser.Settings.Browser;
@ -281,7 +280,7 @@ namespace SafeExamBrowser.Configuration.ConfigurationData.DataMapping
{ {
if (value is byte[] salt) if (value is byte[] salt)
{ {
settings.Browser.ExamKeySalt = BitConverter.ToString(salt).ToLower().Replace("-", string.Empty); settings.Browser.ExamKeySalt = salt;
} }
} }

2
SafeExamBrowser.Settings/Browser/BrowserSettings.cs
View file

@ -94,7 +94,7 @@ namespace SafeExamBrowser.Settings.Browser
/// <summary> /// <summary>
/// The salt value for the calculation of the exam key which is used for integrity checks with server applications (see also <see cref="SendExamKey"/>). /// The salt value for the calculation of the exam key which is used for integrity checks with server applications (see also <see cref="SendExamKey"/>).
/// </summary> /// </summary>
public string ExamKeySalt { get; set; } public byte[] ExamKeySalt { get; set; }
/// <summary> /// <summary>
/// The settings to be used for the browser request filter. /// The settings to be used for the browser request filter.

6
SebWindowsConfig/Utilities/SEBProtectionController.cs
View file

@ -574,14 +574,14 @@ namespace SebWindowsConfig.Utilities
{ {
var executable = Assembly.GetExecutingAssembly(); var executable = Assembly.GetExecutingAssembly();
var certificate = executable.Modules.First().GetSignerCertificate(); var certificate = executable.Modules.First().GetSignerCertificate();
var salt = BitConverter.ToString((byte[])SEBSettings.settingsCurrent[SEBSettings.KeyExamKeySalt]).ToLower().Replace("-", string.Empty); var salt = (byte[]) SEBSettings.settingsCurrent[SEBSettings.KeyExamKeySalt];
var signature = certificate?.GetCertHashString(); var signature = certificate?.GetCertHashString();
var version = FileVersionInfo.GetVersionInfo(executable.Location).FileVersion; var version = FileVersionInfo.GetVersionInfo(executable.Location).FileVersion;
var configurationKey = ComputeConfigurationKey(); var configurationKey = ComputeConfigurationKey();
using (var algorithm = new SHA256Managed()) using (var algorithm = new HMACSHA256(salt))
{ {
var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(salt + signature + version + configurationKey)); var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(signature + version + configurationKey));
var key = BitConverter.ToString(hash).ToLower().Replace("-", string.Empty); var key = BitConverter.ToString(hash).ToLower().Replace("-", string.Empty);
return key; return key;