1123 lines
No EOL
39 KiB
C#
1123 lines
No EOL
39 KiB
C#
using System;
|
|
using System.Collections;
|
|
using System.Collections.Generic;
|
|
using System.Diagnostics;
|
|
using System.Globalization;
|
|
using System.IO;
|
|
using System.Linq;
|
|
using System.Reflection;
|
|
using System.Runtime.InteropServices;
|
|
using System.Security.Cryptography;
|
|
using System.Security.Cryptography.X509Certificates;
|
|
using System.Text;
|
|
using System.Windows.Forms;
|
|
|
|
//
|
|
// SEBProtectionController.cs
|
|
// SafeExamBrowser
|
|
//
|
|
// SafeExamBrowser
|
|
//
|
|
// Copyright (c) 2010-2020 Daniel R. Schneider,
|
|
// ETH Zurich, IT Services,
|
|
// based on the original idea of Safe Exam Browser
|
|
// by Stefan Schneider, University of Giessen
|
|
// Project concept: Thomas Piendl, Daniel R. Schneider,
|
|
// Dirk Bauer, Kai Reuter, Tobias Halbherr, Karsten Burger, Marco Lehre,
|
|
// Brigitte Schmucki, Oliver Rahs. French localization: Nicolas Dunand
|
|
//
|
|
// ``The contents of this file are subject to the Mozilla Public License
|
|
// Version 1.1 (the "License"); you may not use this file except in
|
|
// compliance with the License. You may obtain a copy of the License at
|
|
// http://www.mozilla.org/MPL/
|
|
//
|
|
// Software distributed under the License is distributed on an "AS IS"
|
|
// basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
|
|
// License for the specific language governing rights and limitations
|
|
// under the License.
|
|
//
|
|
// The Original Code is Safe Exam Browser for Windows.
|
|
//
|
|
// The Initial Developer of the Original Code is Daniel R. Schneider.
|
|
// Portions created by Daniel R. Schneider
|
|
// are Copyright (c) 2010-2020 Daniel R. Schneider,
|
|
// ETH Zurich, IT Services,
|
|
// based on the original idea of Safe Exam Browser
|
|
// by Stefan Schneider, University of Giessen. All Rights Reserved.
|
|
//
|
|
// Contributor(s): ______________________________________.
|
|
//
|
|
|
|
namespace SebWindowsConfig.Utilities
|
|
{
|
|
public class SEBProtectionController
|
|
{
|
|
const string DLL_NAME =
|
|
#if X86
|
|
"seb_x86.dll";
|
|
#else
|
|
"seb_x64.dll";
|
|
#endif
|
|
|
|
// Prefix
|
|
private const int PREFIX_LENGTH = 4;
|
|
private const string PUBLIC_KEY_HASH_MODE = "pkhs";
|
|
private const string PASSWORD_MODE = "pswd";
|
|
private const string PLAIN_DATA_MODE = "plnd";
|
|
private const string PASSWORD_CONFIGURING_CLIENT_MODE = "pwcc";
|
|
|
|
// Public key
|
|
private const int PUBLIC_KEY_HASH_LENGTH = 20;
|
|
|
|
// RNCryptor non-secret payload (header)
|
|
// First byte: Data format version. Currently 2.
|
|
// Second byte: Options, bit 0 - uses password (so currently 1).
|
|
private static readonly byte[] RNCRYPTOR_HEADER = new byte[] { 0x02, 0x01 };
|
|
|
|
enum EncryptionT
|
|
{
|
|
pkhs,
|
|
pswd,
|
|
plnd,
|
|
pwcc,
|
|
unknown
|
|
};
|
|
|
|
/// ------------------------------------------------------------------------------------------
|
|
/// <summary>
|
|
/// Get array of certificate references and the according names from both certificate stores.
|
|
/// </summary>
|
|
/// ------------------------------------------------------------------------------------------
|
|
public static ArrayList GetCertificatesAndNames(ref ArrayList certificateNames)
|
|
{
|
|
ArrayList certificates = new ArrayList();
|
|
|
|
// First search the Personal (standard) certificate store for the current user
|
|
X509Store store = new X509Store(StoreLocation.CurrentUser);
|
|
certificates = GetCertificatesAndNamesFromStore(ref certificateNames, store);
|
|
|
|
// Also search the store for Trusted Users
|
|
ArrayList certificateNamesTrustedUsers = new ArrayList();
|
|
store = new X509Store(StoreName.TrustedPeople);
|
|
certificates.AddRange(GetCertificatesAndNamesFromStore(ref certificateNamesTrustedUsers, store));
|
|
certificateNames.AddRange(certificateNamesTrustedUsers);
|
|
|
|
// Also search the Personal store for the local machine
|
|
ArrayList certificateNamesLocalMachine = new ArrayList();
|
|
store = new X509Store(StoreLocation.LocalMachine);
|
|
certificates.AddRange(GetCertificatesAndNamesFromStore(ref certificateNamesLocalMachine, store));
|
|
certificateNames.AddRange(certificateNamesLocalMachine);
|
|
|
|
return certificates;
|
|
}
|
|
|
|
|
|
/// ----------------------------------------------------------------------------------------
|
|
/// <summary>
|
|
/// Helper method: Get array of certificate references and the according names from the passed certificate store.
|
|
/// </summary>
|
|
/// ----------------------------------------------------------------------------------------
|
|
public static ArrayList GetCertificatesAndNamesFromStore(ref ArrayList certificateNames, X509Store store)
|
|
{
|
|
ArrayList certificates = new ArrayList();
|
|
|
|
store.Open(OpenFlags.ReadOnly);
|
|
|
|
foreach (X509Certificate2 x509Certificate in store.Certificates)
|
|
{
|
|
if (x509Certificate.HasPrivateKey)
|
|
{
|
|
certificates.Add(x509Certificate);
|
|
if (!String.IsNullOrWhiteSpace(x509Certificate.FriendlyName))
|
|
certificateNames.Add(x509Certificate.FriendlyName);
|
|
else if (!String.IsNullOrWhiteSpace(x509Certificate.SerialNumber))
|
|
certificateNames.Add(x509Certificate.SerialNumber);
|
|
}
|
|
}
|
|
|
|
//Close the store.
|
|
store.Close();
|
|
return certificates;
|
|
}
|
|
|
|
|
|
/// ----------------------------------------------------------------------------------------
|
|
/// <summary>
|
|
/// Get array of CA certificate references and the according names from the certificate store.
|
|
/// </summary>
|
|
/// ----------------------------------------------------------------------------------------
|
|
public static ArrayList GetSSLCertificatesAndNames(ref ArrayList certificateNames)
|
|
{
|
|
ArrayList certificates = new ArrayList();
|
|
|
|
X509Store store = new X509Store(StoreName.CertificateAuthority);
|
|
store.Open(OpenFlags.ReadOnly);
|
|
X509Certificate2Collection certsCollection = store.Certificates.Find(X509FindType.FindByKeyUsage, (X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyEncipherment), false);
|
|
store = new X509Store(StoreName.AddressBook);
|
|
store.Open(OpenFlags.ReadOnly);
|
|
X509Certificate2Collection certsCollection2 = store.Certificates.Find(X509FindType.FindByKeyUsage, (X509KeyUsageFlags.DigitalSignature | X509KeyUsageFlags.KeyEncipherment), false);
|
|
certsCollection.AddRange(certsCollection2);
|
|
|
|
foreach (X509Certificate2 x509Certificate in certsCollection)
|
|
{
|
|
certificates.Add(x509Certificate);
|
|
certificateNames.Add(Parse(x509Certificate.Subject, "CN")?.FirstOrDefault() ?? x509Certificate.FriendlyName);
|
|
}
|
|
|
|
//Close the store.
|
|
store.Close();
|
|
return certificates;
|
|
}
|
|
|
|
|
|
/// <summary>
|
|
/// Recursively searches the supplied AD string for all groups.
|
|
/// </summary>
|
|
/// <param name="data">The string returned from AD to parse for a group.</param>
|
|
/// <param name="delimiter">The string to use as the seperator for the data. ex. ","</param>
|
|
/// <returns>null if no groups were found -OR- data is null or empty.</returns>
|
|
public static List<string> Parse(string data, string delimiter)
|
|
{
|
|
if (data == null) return null;
|
|
if (!delimiter.EndsWith("=")) delimiter = delimiter + "=";
|
|
if (!data.Contains(delimiter)) return null;
|
|
//base case
|
|
var result = new List<string>();
|
|
int start = data.IndexOf(delimiter) + delimiter.Length;
|
|
int length = data.IndexOf(',', start) - start;
|
|
if (length == 0) return null; //the group is empty
|
|
if (length > 0)
|
|
{
|
|
result.Add(data.Substring(start, length));
|
|
//only need to recurse when the comma was found, because there could be more groups
|
|
var rec = Parse(data.Substring(start + length), delimiter);
|
|
if (rec != null) result.AddRange(rec); //can't pass null into AddRange() :(
|
|
}
|
|
else //no comma found after current group so just use the whole remaining string
|
|
{
|
|
result.Add(data.Substring(start));
|
|
}
|
|
return result;
|
|
}
|
|
|
|
|
|
/// ----------------------------------------------------------------------------------------
|
|
/// <summary>
|
|
/// Get certificate from both stores.
|
|
/// </summary>
|
|
/// ----------------------------------------------------------------------------------------
|
|
public static X509Certificate2 GetCertificateFromStore(byte[] publicKeyHash)
|
|
{
|
|
X509Certificate2 sebCertificate = null;
|
|
|
|
// First search the Personal certificate store for the current user
|
|
X509Store store = new X509Store(StoreLocation.CurrentUser);
|
|
sebCertificate = GetCertificateFromPassedStore(publicKeyHash, store);
|
|
|
|
// If the certificate wasn't found there, search the store for Trusted People
|
|
if (sebCertificate == null)
|
|
{
|
|
store = new X509Store(StoreName.TrustedPeople);
|
|
sebCertificate = GetCertificateFromPassedStore(publicKeyHash, store);
|
|
}
|
|
|
|
// If the certificate wasn't found there, search the Personal store for the local machine
|
|
if (sebCertificate == null)
|
|
{
|
|
store = new X509Store(StoreLocation.LocalMachine);
|
|
sebCertificate = GetCertificateFromPassedStore(publicKeyHash, store);
|
|
}
|
|
|
|
return sebCertificate;
|
|
}
|
|
|
|
/// ----------------------------------------------------------------------------------------
|
|
/// <summary>
|
|
/// Helper method: Search passed store for certificate with passed public key hash.
|
|
/// </summary>
|
|
/// ----------------------------------------------------------------------------------------
|
|
public static X509Certificate2 GetCertificateFromPassedStore(byte[] publicKeyHash, X509Store store)
|
|
{
|
|
X509Certificate2 sebCertificate = null;
|
|
|
|
store.Open(OpenFlags.ReadOnly);
|
|
|
|
foreach (X509Certificate2 x509Certificate in store.Certificates)
|
|
{
|
|
byte[] publicKeyRawData = x509Certificate.PublicKey.EncodedKeyValue.RawData;
|
|
SHA1 sha = new SHA1CryptoServiceProvider();
|
|
byte[] certificateHash = sha.ComputeHash(publicKeyRawData);
|
|
|
|
//certificateName = x509Certificate.Subject;
|
|
if (certificateHash.SequenceEqual(publicKeyHash))
|
|
{
|
|
sebCertificate = x509Certificate;
|
|
break;
|
|
}
|
|
}
|
|
|
|
//Close the store.
|
|
store.Close();
|
|
|
|
return sebCertificate;
|
|
}
|
|
|
|
|
|
/// ----------------------------------------------------------------------------------------
|
|
/// <summary>
|
|
/// Store certificate into the Windows Certificate Store.
|
|
/// </summary>
|
|
/// ----------------------------------------------------------------------------------------
|
|
public static void StoreCertificateIntoStore(byte[] certificateData)
|
|
{
|
|
X509Store store = null;
|
|
|
|
// Save the certificate into the Personal store
|
|
try
|
|
{
|
|
store = new X509Store(StoreLocation.CurrentUser);
|
|
store.Open(OpenFlags.ReadWrite);
|
|
}
|
|
catch (Exception storeOpenException)
|
|
{
|
|
Logger.AddError("The X509 store in Windows Certificate Store could not be opened: ", null, storeOpenException, storeOpenException.Message);
|
|
}
|
|
|
|
if (store != null)
|
|
{
|
|
StoreCertificateIntoPassedStore(certificateData, store);
|
|
}
|
|
|
|
// In addition try to save the certificate into the Trusted People store for the Local Machine
|
|
// This will only work if SEB is run in an administrator account
|
|
try
|
|
{
|
|
store = new X509Store(StoreName.TrustedPeople, StoreLocation.LocalMachine);
|
|
store.Open(OpenFlags.ReadWrite);
|
|
}
|
|
catch (Exception storeOpenException)
|
|
{
|
|
Logger.AddError("The X509 Trusted People store in Windows Certificate Store for Local Machine could not be opened: ", null, storeOpenException, storeOpenException.Message);
|
|
return;
|
|
}
|
|
|
|
StoreCertificateIntoPassedStore(certificateData, store);
|
|
|
|
}
|
|
|
|
/// ----------------------------------------------------------------------------------------
|
|
/// <summary>
|
|
/// Store certificate into the passed, already opened store.
|
|
/// </summary>
|
|
/// ----------------------------------------------------------------------------------------
|
|
public static void StoreCertificateIntoPassedStore(byte[] certificateData, X509Store store)
|
|
{
|
|
X509Certificate2 x509 = new X509Certificate2();
|
|
|
|
|
|
try
|
|
{
|
|
|
|
x509.Import(certificateData, SEBClientInfo.DEFAULT_KEY, X509KeyStorageFlags.UserKeySet | X509KeyStorageFlags.PersistKeySet);
|
|
}
|
|
catch (Exception certImportException)
|
|
{
|
|
Logger.AddError("The identity data could not be imported into the X509 certificate store.", null, certImportException, certImportException.Message);
|
|
store.Close();
|
|
return;
|
|
}
|
|
|
|
try
|
|
{
|
|
store.Add(x509);
|
|
}
|
|
catch (Exception certAddingException)
|
|
{
|
|
Logger.AddError("The identity could not be added to the Windows Certificate Store", null, certAddingException, certAddingException.Message);
|
|
store.Close();
|
|
return;
|
|
}
|
|
Logger.AddInformation("The identity was successfully added to the Windows Certificate Store");
|
|
store.Close();
|
|
}
|
|
|
|
/// ----------------------------------------------------------------------------------------
|
|
/// <summary>
|
|
/// Get the public key hash for the certificate from the store.
|
|
/// </summary>
|
|
/// ----------------------------------------------------------------------------------------
|
|
public static byte[] GetPublicKeyHashFromCertificate(X509Certificate2 certificateRef)
|
|
{
|
|
//string certificateHash;
|
|
|
|
//Create new X509 store from the local certificate store.
|
|
//X509Store store = new X509Store(StoreLocation.CurrentUser);
|
|
//store.Open(OpenFlags.ReadOnly);
|
|
|
|
byte[] publicKeyRawData = certificateRef.PublicKey.EncodedKeyValue.RawData;
|
|
SHA1 sha = new SHA1CryptoServiceProvider();
|
|
byte[] certificateHash = sha.ComputeHash(publicKeyRawData);
|
|
|
|
//Close the store.
|
|
//store.Close();
|
|
|
|
return certificateHash;
|
|
}
|
|
|
|
/// ----------------------------------------------------------------------------------------
|
|
/// <summary>
|
|
/// Encrypt with certificate/public key and RSA algorithm
|
|
/// </summary>
|
|
/// ----------------------------------------------------------------------------------------
|
|
public static byte[] EncryptDataWithCertificate(byte[] plainInputData, X509Certificate2 sebCertificate)
|
|
{
|
|
try
|
|
{
|
|
// Encrypt config data
|
|
|
|
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
|
|
RSACryptoServiceProvider publicKey = sebCertificate.PublicKey.Key as RSACryptoServiceProvider;
|
|
|
|
|
|
// Blocksize is for example 2048/8 = 256
|
|
int blockSize = (publicKey.KeySize / 8) - 32;
|
|
|
|
// buffer to hold byte sequence of the encrypted information
|
|
byte[] encryptedBuffer = new byte[blockSize];
|
|
|
|
// buffer for the plain source data
|
|
byte[] plainBuffer = new byte[blockSize];
|
|
|
|
// initialize array so it holds at least the amount needed to decrypt.
|
|
//byte[] decryptedData = new byte[encryptedData.Length];
|
|
MemoryStream encryptedStream = new MemoryStream();
|
|
|
|
// Calculate number of full data blocks that will have to be decrypted
|
|
int blockCount = plainInputData.Length / blockSize;
|
|
|
|
for (int i = 0; i < blockCount; i++)
|
|
{
|
|
// copy byte sequence from encrypted source data to the buffer
|
|
Buffer.BlockCopy(plainInputData, i * blockSize, plainBuffer, 0, blockSize);
|
|
// decrypt the block in the buffer
|
|
encryptedBuffer = publicKey.Encrypt(plainBuffer, false);
|
|
// write decrypted result back to the destination array
|
|
encryptedStream.Write(encryptedBuffer, 0, encryptedBuffer.Length);
|
|
}
|
|
int remainingBytes = plainInputData.Length - (blockCount * blockSize);
|
|
if (remainingBytes > 0)
|
|
{
|
|
plainBuffer = new byte[remainingBytes];
|
|
// copy remaining bytes from encrypted source data to the buffer
|
|
Buffer.BlockCopy(plainInputData, blockCount * blockSize, plainBuffer, 0, remainingBytes);
|
|
// decrypt the block in the buffer
|
|
encryptedBuffer = publicKey.Encrypt(plainBuffer, false);
|
|
// write decrypted result back to the destination array
|
|
//decryptedBuffer.CopyTo(decryptedData, blockCount * blockSize);
|
|
encryptedStream.Write(encryptedBuffer, 0, encryptedBuffer.Length);
|
|
}
|
|
byte[] encryptedData = encryptedStream.ToArray();
|
|
|
|
return encryptedData;
|
|
}
|
|
catch (CryptographicException)
|
|
{
|
|
//return cex.Message;
|
|
return null;
|
|
}
|
|
catch (Exception)
|
|
{
|
|
//return ex.Message;
|
|
return null;
|
|
}
|
|
}
|
|
|
|
/// ----------------------------------------------------------------------------------------
|
|
/// <summary>
|
|
/// Decrypt with X509 certificate/private key and RSA algorithm
|
|
/// </summary>
|
|
/// ----------------------------------------------------------------------------------------
|
|
public static byte[] DecryptDataWithCertificate(byte[] encryptedData, X509Certificate2 sebCertificate)
|
|
{
|
|
try
|
|
{
|
|
// Decrypt config data
|
|
|
|
RSACryptoServiceProvider privateKey = sebCertificate.PrivateKey as RSACryptoServiceProvider;
|
|
//byte[] decryptedData = privateKey.Decrypt(encryptedDataBytes, false);
|
|
|
|
// Blocksize is for example 2048/8 = 256
|
|
int blockSize = privateKey.KeySize / 8;
|
|
|
|
// buffer to hold byte sequence of the encrypted source data
|
|
byte[] encryptedBuffer = new byte[blockSize];
|
|
|
|
// buffer for the decrypted information
|
|
byte[] decryptedBuffer = new byte[blockSize];
|
|
|
|
// initialize array so it holds at least the amount needed to decrypt.
|
|
//byte[] decryptedData = new byte[encryptedData.Length];
|
|
MemoryStream decryptedStream = new MemoryStream();
|
|
|
|
// Calculate number of full data blocks that will have to be decrypted
|
|
int blockCount = encryptedData.Length / blockSize;
|
|
|
|
for (int i = 0; i < blockCount; i++)
|
|
{
|
|
// copy byte sequence from encrypted source data to the buffer
|
|
Buffer.BlockCopy(encryptedData, i * blockSize, encryptedBuffer, 0, blockSize);
|
|
// decrypt the block in the buffer
|
|
decryptedBuffer = privateKey.Decrypt(encryptedBuffer, false);
|
|
// write decrypted result back to the destination array
|
|
//decryptedBuffer.CopyTo(decryptedData, i*blockSize);
|
|
decryptedStream.Write(decryptedBuffer, 0, decryptedBuffer.Length);
|
|
}
|
|
int remainingBytes = encryptedData.Length - (blockCount * blockSize);
|
|
if (remainingBytes > 0)
|
|
{
|
|
encryptedBuffer = new byte[remainingBytes];
|
|
// copy remaining bytes from encrypted source data to the buffer
|
|
Buffer.BlockCopy(encryptedData, blockCount * blockSize, encryptedBuffer, 0, remainingBytes);
|
|
// decrypt the block in the buffer
|
|
decryptedBuffer = privateKey.Decrypt(encryptedBuffer, false);
|
|
// write decrypted result back to the destination array
|
|
//decryptedBuffer.CopyTo(decryptedData, blockCount * blockSize);
|
|
decryptedStream.Write(decryptedBuffer, 0, decryptedBuffer.Length);
|
|
}
|
|
byte[] decryptedData = decryptedStream.ToArray();
|
|
|
|
return decryptedData;
|
|
}
|
|
catch (CryptographicException cex)
|
|
{
|
|
Logger.AddError("Decrypting SEB config data encrypted with an identity failed with cryptographic exception:", null, cex, cex.Message);
|
|
MessageBox.Show(SEBUIStrings.errorDecryptingSettings, SEBUIStrings.certificateDecryptingError + cex.Message, MessageBoxButtons.OK, MessageBoxIcon.Error);
|
|
return null;
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
Logger.AddError("Decrypting SEB config data encrypted with an identity failed with exception:", null, ex, ex.Message);
|
|
MessageBox.Show(SEBUIStrings.errorDecryptingSettings, SEBUIStrings.certificateDecryptingError + ex.Message, MessageBoxButtons.OK, MessageBoxIcon.Error);
|
|
return null;
|
|
}
|
|
}
|
|
|
|
|
|
/// ----------------------------------------------------------------------------------------
|
|
/// <summary>
|
|
/// Encrypt with password, key, salt using AES (Open SSL Encrypt).
|
|
/// </summary>
|
|
/// ----------------------------------------------------------------------------------------
|
|
public static byte[] EncryptDataWithPassword(byte[] plainData, string password)
|
|
{
|
|
try
|
|
{
|
|
// encrypt bytes
|
|
byte[] encryptedData = AESThenHMAC.SimpleEncryptWithPassword(plainData, password, RNCRYPTOR_HEADER);
|
|
|
|
return encryptedData;
|
|
}
|
|
catch (CryptographicException)
|
|
{
|
|
//return cex.Message;
|
|
return null;
|
|
}
|
|
catch (Exception)
|
|
{
|
|
//return ex.Message;
|
|
return null;
|
|
}
|
|
|
|
}
|
|
|
|
/// ----------------------------------------------------------------------------------------
|
|
/// <summary>
|
|
/// Decrypt with password, key, salt using AES (Open SSL Decrypt)..
|
|
/// </summary>
|
|
/// ----------------------------------------------------------------------------------------
|
|
public static byte[] DecryptDataWithPassword(byte[] encryptedBytesWithSalt, string passphrase)
|
|
{
|
|
|
|
try
|
|
{
|
|
byte[] decryptedData = AESThenHMAC.SimpleDecryptWithPassword(encryptedBytesWithSalt, passphrase, nonSecretPayloadLength: 2);
|
|
|
|
return decryptedData;
|
|
}
|
|
catch (CryptographicException)
|
|
{
|
|
//return cex.Message;
|
|
return null;
|
|
}
|
|
catch (Exception)
|
|
{
|
|
//return ex.Message;
|
|
return null;
|
|
}
|
|
}
|
|
|
|
/// ----------------------------------------------------------------------------------------
|
|
/// <summary>
|
|
/// Compute a SHA256 hash base16 string.
|
|
/// </summary>
|
|
/// ----------------------------------------------------------------------------------------
|
|
public static string ComputePasswordHash(string input)
|
|
{
|
|
HashAlgorithm algorithm = new SHA256Managed();
|
|
byte[] inputBytes = Encoding.UTF8.GetBytes(input);
|
|
|
|
byte[] hashedBytes = algorithm.ComputeHash(inputBytes);
|
|
|
|
string pswdHash = BitConverter.ToString(hashedBytes).ToLower();
|
|
|
|
return pswdHash.Replace("-", "");
|
|
}
|
|
|
|
/// ----------------------------------------------------------------------------------------
|
|
/// <summary>
|
|
/// Compute a Browser Exam Key SHA256 hash base16 string.
|
|
/// </summary>
|
|
/// ----------------------------------------------------------------------------------------
|
|
public static string ComputeBrowserExamKey()
|
|
{
|
|
var browserExamKey = default(string);
|
|
var configurationKey = ComputeConfigurationKey();
|
|
var executable = Assembly.GetExecutingAssembly();
|
|
var certificate = executable.Modules.First().GetSignerCertificate();
|
|
var salt = (byte[]) SEBSettings.settingsCurrent[SEBSettings.KeyExamKeySalt];
|
|
var signature = certificate?.GetCertHashString();
|
|
var version = FileVersionInfo.GetVersionInfo(executable.Location).FileVersion;
|
|
|
|
Logger.AddInformation("Initializing browser exam key...");
|
|
|
|
if (configurationKey == default)
|
|
{
|
|
configurationKey = "";
|
|
Logger.AddWarning("The current configuration does not contain a value for the configuration key!");
|
|
}
|
|
|
|
if (salt == default || salt.Length == 0)
|
|
{
|
|
salt = new byte[0];
|
|
Logger.AddWarning("The current configuration does not contain a salt value for the browser exam key!");
|
|
}
|
|
|
|
if (TryCalculateBrowserExamKey(configurationKey, BitConverter.ToString(salt).ToLower().Replace("-", string.Empty), out browserExamKey))
|
|
{
|
|
Logger.AddInformation("Successfully calculated BEK using integrity module.");
|
|
}
|
|
else
|
|
{
|
|
Logger.AddWarning("Failed to calculate BEK using integrity module! Falling back to simplified calculation...");
|
|
|
|
using (var algorithm = new HMACSHA256(salt))
|
|
{
|
|
var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(signature + version + configurationKey));
|
|
var key = BitConverter.ToString(hash).ToLower().Replace("-", string.Empty);
|
|
|
|
browserExamKey = key;
|
|
}
|
|
}
|
|
|
|
return browserExamKey;
|
|
}
|
|
|
|
private static bool TryCalculateBrowserExamKey(string configurationKey, string salt, out string browserExamKey)
|
|
{
|
|
browserExamKey = default;
|
|
|
|
try
|
|
{
|
|
browserExamKey = CalculateBrowserExamKey(configurationKey, salt);
|
|
}
|
|
catch (DllNotFoundException)
|
|
{
|
|
Logger.AddWarning("Integrity module is not available!");
|
|
}
|
|
catch (Exception e)
|
|
{
|
|
Logger.AddError("Unexpected error while attempting to calculate browser exam key!", default, e);
|
|
}
|
|
|
|
return browserExamKey != default;
|
|
}
|
|
|
|
[DllImport(DLL_NAME, CallingConvention = CallingConvention.Cdecl)]
|
|
[return: MarshalAs(UnmanagedType.BStr)]
|
|
private static extern string CalculateBrowserExamKey(string configurationKey, string salt);
|
|
|
|
/// ----------------------------------------------------------------------------------------
|
|
/// <summary>
|
|
/// Compute a Configuration Key SHA256 hash base16 string.
|
|
/// </summary>
|
|
/// ----------------------------------------------------------------------------------------
|
|
public static string ComputeConfigurationKey()
|
|
{
|
|
using (var algorithm = new SHA256Managed())
|
|
using (var stream = new MemoryStream())
|
|
using (var writer = new StreamWriter(stream))
|
|
{
|
|
Serialize(SEBSettings.settingsCurrentOriginal, writer);
|
|
|
|
writer.Flush();
|
|
stream.Seek(0, SeekOrigin.Begin);
|
|
|
|
var hash = algorithm.ComputeHash(stream);
|
|
var key = BitConverter.ToString(hash).ToLower().Replace("-", string.Empty);
|
|
|
|
return key;
|
|
}
|
|
}
|
|
|
|
private static void Serialize(IDictionary<string, object> dictionary, StreamWriter stream)
|
|
{
|
|
var orderedByKey = dictionary.OrderBy(d => d.Key, StringComparer.InvariantCulture).ToList();
|
|
|
|
stream.Write('{');
|
|
|
|
foreach (var kvp in orderedByKey)
|
|
{
|
|
var process = true;
|
|
|
|
process &= !kvp.Key.Equals(SEBSettings.KeyOriginatorVersion, StringComparison.OrdinalIgnoreCase);
|
|
process &= !(kvp.Value is IDictionary<string, object> d) || d.Any();
|
|
|
|
if (process)
|
|
{
|
|
stream.Write('"');
|
|
stream.Write(kvp.Key);
|
|
stream.Write('"');
|
|
stream.Write(':');
|
|
Serialize(kvp.Value, stream);
|
|
|
|
if (kvp.Key != orderedByKey.Last().Key)
|
|
{
|
|
stream.Write(',');
|
|
}
|
|
}
|
|
}
|
|
|
|
stream.Write('}');
|
|
}
|
|
|
|
private static void Serialize(IList<object> list, StreamWriter stream)
|
|
{
|
|
stream.Write('[');
|
|
|
|
foreach (var item in list)
|
|
{
|
|
Serialize(item, stream);
|
|
|
|
if (item != list.Last())
|
|
{
|
|
stream.Write(',');
|
|
}
|
|
}
|
|
|
|
stream.Write(']');
|
|
}
|
|
|
|
private static void Serialize(object value, StreamWriter stream)
|
|
{
|
|
switch (value)
|
|
{
|
|
case IDictionary<string, object> dictionary:
|
|
Serialize(dictionary, stream);
|
|
break;
|
|
case IList<object> list:
|
|
Serialize(list, stream);
|
|
break;
|
|
case byte[] data:
|
|
stream.Write('"');
|
|
stream.Write(Convert.ToBase64String(data));
|
|
stream.Write('"');
|
|
break;
|
|
case DateTime date:
|
|
stream.Write(date.ToString("o"));
|
|
break;
|
|
case bool boolean:
|
|
stream.Write(boolean.ToString().ToLower());
|
|
break;
|
|
case int integer:
|
|
stream.Write(integer.ToString(NumberFormatInfo.InvariantInfo));
|
|
break;
|
|
case double number:
|
|
stream.Write(number.ToString(NumberFormatInfo.InvariantInfo));
|
|
break;
|
|
case string text:
|
|
stream.Write('"');
|
|
stream.Write(text);
|
|
stream.Write('"');
|
|
break;
|
|
case null:
|
|
stream.Write('"');
|
|
stream.Write('"');
|
|
break;
|
|
}
|
|
}
|
|
|
|
/// ----------------------------------------------------------------------------------------
|
|
/// <summary>
|
|
/// Generate a Browser Exam Key Salt as byte data.
|
|
/// </summary>
|
|
/// ----------------------------------------------------------------------------------------
|
|
public static byte[] GenerateBrowserExamKeySalt()
|
|
{
|
|
byte[] saltBytes = AESThenHMAC.NewKey();
|
|
//string saltString = BitConverter.ToString(saltBytes);
|
|
//return saltString.Replace("-", "");
|
|
return saltBytes;
|
|
}
|
|
}
|
|
|
|
/// ----------------------------------------------------------------------------------------
|
|
/// <summary>
|
|
/// Class for encrypting and decrypting with AES and HMAC,
|
|
/// compatible with RNCryptor on Mac OS X and iOS.
|
|
/// </summary>
|
|
/// ----------------------------------------------------------------------------------------
|
|
/// This work (Modern Encryption of a String C#, by James Tuley),
|
|
/// identified by James Tuley, is free of known copyright restrictions.
|
|
/// https://gist.github.com/4336842
|
|
/// http://creativecommons.org/publicdomain/mark/1.0/
|
|
/// ----------------------------------------------------------------------------------------
|
|
public static class AESThenHMAC
|
|
{
|
|
private static readonly RandomNumberGenerator Random = RandomNumberGenerator.Create();
|
|
|
|
//Preconfigured Encryption Parameters
|
|
public static readonly int BlockBitSize = 128;
|
|
public static readonly int KeyBitSize = 256;
|
|
|
|
//Preconfigured Password Key Derivation Parameters
|
|
public static readonly int SaltBitSize = 64;
|
|
public static readonly int Iterations = 10000;
|
|
public static readonly int MinPasswordLength = 3;
|
|
|
|
/// <summary>
|
|
/// Helper that generates a random key on each call.
|
|
/// </summary>
|
|
/// <returns></returns>
|
|
public static byte[] NewKey()
|
|
{
|
|
var key = new byte[KeyBitSize / 8];
|
|
Random.GetBytes(key);
|
|
return key;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Simple Encryption (AES) then Authentication (HMAC) for a UTF8 Message.
|
|
/// </summary>
|
|
/// <param name="secretMessage">The secret message.</param>
|
|
/// <param name="cryptKey">The crypt key.</param>
|
|
/// <param name="authKey">The auth key.</param>
|
|
/// <param name="nonSecretPayload">(Optional) Non-Secret Payload.</param>
|
|
/// <returns>
|
|
/// Encrypted Message
|
|
/// </returns>
|
|
/// <exception cref="System.ArgumentException">Secret Message Required!;secretMessage</exception>
|
|
/// <remarks>
|
|
/// Adds overhead of (Optional-Payload + BlockSize(16) + Message-Padded-To-Blocksize + HMac-Tag(32)) * 1.33 Base64
|
|
/// </remarks>
|
|
public static string SimpleEncrypt(string secretMessage, byte[] cryptKey, byte[] authKey,
|
|
byte[] nonSecretPayload = null)
|
|
{
|
|
if (string.IsNullOrEmpty(secretMessage))
|
|
throw new ArgumentException("Secret Message Required!", "secretMessage");
|
|
|
|
var plainText = Encoding.UTF8.GetBytes(secretMessage);
|
|
var cipherText = SimpleEncrypt(plainText, cryptKey, authKey, nonSecretPayload);
|
|
return Convert.ToBase64String(cipherText);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Simple Authentication (HMAC) then Decryption (AES) for a secrets UTF8 Message.
|
|
/// </summary>
|
|
/// <param name="encryptedMessage">The encrypted message.</param>
|
|
/// <param name="cryptKey">The crypt key.</param>
|
|
/// <param name="authKey">The auth key.</param>
|
|
/// <param name="nonSecretPayloadLength">Length of the non secret payload.</param>
|
|
/// <returns>
|
|
/// Decrypted Message
|
|
/// </returns>
|
|
/// <exception cref="System.ArgumentException">Encrypted Message Required!;encryptedMessage</exception>
|
|
public static string SimpleDecrypt(string encryptedMessage, byte[] cryptKey, byte[] authKey,
|
|
int nonSecretPayloadLength = 0)
|
|
{
|
|
if (string.IsNullOrWhiteSpace(encryptedMessage))
|
|
throw new ArgumentException("Encrypted Message Required!", "encryptedMessage");
|
|
|
|
var cipherText = Convert.FromBase64String(encryptedMessage);
|
|
var plainText = SimpleDecrypt(cipherText, cryptKey, authKey, nonSecretPayloadLength);
|
|
return Encoding.UTF8.GetString(plainText);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Simple Encryption (AES) then Authentication (HMAC) of a UTF8 message
|
|
/// using Keys derived from a Password (PBKDF2).
|
|
/// </summary>
|
|
/// <param name="secretMessage">The secret message.</param>
|
|
/// <param name="password">The password.</param>
|
|
/// <param name="nonSecretPayload">The non secret payload.</param>
|
|
/// <returns>
|
|
/// Encrypted Message
|
|
/// </returns>
|
|
/// <exception cref="System.ArgumentException">password</exception>
|
|
/// <remarks>
|
|
/// Significantly less secure than using random binary keys.
|
|
/// Adds additional non secret payload for key generation parameters.
|
|
/// </remarks>
|
|
public static string SimpleEncryptWithPassword(string secretMessage, string password,
|
|
byte[] nonSecretPayload = null)
|
|
{
|
|
if (string.IsNullOrEmpty(secretMessage))
|
|
throw new ArgumentException("Secret Message Required!", "secretMessage");
|
|
|
|
var plainText = Encoding.UTF8.GetBytes(secretMessage);
|
|
var cipherText = SimpleEncryptWithPassword(plainText, password, nonSecretPayload);
|
|
return Convert.ToBase64String(cipherText);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Simple Authentication (HMAC) and then Descryption (AES) of a UTF8 Message
|
|
/// using keys derived from a password (PBKDF2).
|
|
/// </summary>
|
|
/// <param name="encryptedMessage">The encrypted message.</param>
|
|
/// <param name="password">The password.</param>
|
|
/// <param name="nonSecretPayloadLength">Length of the non secret payload.</param>
|
|
/// <returns>
|
|
/// Decrypted Message
|
|
/// </returns>
|
|
/// <exception cref="System.ArgumentException">Encrypted Message Required!;encryptedMessage</exception>
|
|
/// <remarks>
|
|
/// Significantly less secure than using random binary keys.
|
|
/// </remarks>
|
|
public static string SimpleDecryptWithPassword(string encryptedMessage, string password,
|
|
int nonSecretPayloadLength = 0)
|
|
{
|
|
if (string.IsNullOrWhiteSpace(encryptedMessage))
|
|
throw new ArgumentException("Encrypted Message Required!", "encryptedMessage");
|
|
|
|
var cipherText = Convert.FromBase64String(encryptedMessage);
|
|
var plainText = SimpleDecryptWithPassword(cipherText, password, nonSecretPayloadLength);
|
|
return Encoding.UTF8.GetString(plainText);
|
|
}
|
|
|
|
public static byte[] SimpleEncrypt(byte[] secretMessage, byte[] cryptKey, byte[] authKey, byte[] nonSecretPayload = null)
|
|
{
|
|
//User Error Checks
|
|
if (cryptKey == null || cryptKey.Length != KeyBitSize / 8)
|
|
throw new ArgumentException(String.Format("Key needs to be {0} bit!", KeyBitSize), "cryptKey");
|
|
|
|
if (authKey == null || authKey.Length != KeyBitSize / 8)
|
|
throw new ArgumentException(String.Format("Key needs to be {0} bit!", KeyBitSize), "authKey");
|
|
|
|
if (secretMessage == null || secretMessage.Length < 1)
|
|
throw new ArgumentException("Secret Message Required!", "secretMessage");
|
|
|
|
//non-secret payload optional
|
|
nonSecretPayload = nonSecretPayload ?? new byte[] { };
|
|
|
|
byte[] cipherText;
|
|
byte[] iv;
|
|
|
|
using (var aes = new AesManaged
|
|
{
|
|
KeySize = KeyBitSize,
|
|
BlockSize = BlockBitSize,
|
|
Mode = CipherMode.CBC,
|
|
Padding = PaddingMode.PKCS7
|
|
})
|
|
{
|
|
|
|
//Use random IV
|
|
aes.GenerateIV();
|
|
iv = aes.IV;
|
|
|
|
using (var encrypter = aes.CreateEncryptor(cryptKey, iv))
|
|
using (var cipherStream = new MemoryStream())
|
|
{
|
|
using (var cryptoStream = new CryptoStream(cipherStream, encrypter, CryptoStreamMode.Write))
|
|
using (var binaryWriter = new BinaryWriter(cryptoStream))
|
|
{
|
|
//Encrypt Data
|
|
binaryWriter.Write(secretMessage);
|
|
}
|
|
|
|
cipherText = cipherStream.ToArray();
|
|
}
|
|
|
|
}
|
|
|
|
//Assemble encrypted message and add authentication
|
|
using (var hmac = new HMACSHA256(authKey))
|
|
using (var encryptedStream = new MemoryStream())
|
|
{
|
|
using (var binaryWriter = new BinaryWriter(encryptedStream))
|
|
{
|
|
//Prepend non-secret payload if any
|
|
binaryWriter.Write(nonSecretPayload);
|
|
//Prepend IV
|
|
binaryWriter.Write(iv);
|
|
//Write Ciphertext
|
|
binaryWriter.Write(cipherText);
|
|
binaryWriter.Flush();
|
|
|
|
//Authenticate all data
|
|
var tag = hmac.ComputeHash(encryptedStream.ToArray());
|
|
//Postpend tag
|
|
binaryWriter.Write(tag);
|
|
}
|
|
return encryptedStream.ToArray();
|
|
}
|
|
|
|
}
|
|
|
|
public static byte[] SimpleDecrypt(byte[] encryptedMessage, byte[] cryptKey, byte[] authKey, int nonSecretPayloadLength = 0)
|
|
{
|
|
|
|
//Basic Usage Error Checks
|
|
if (cryptKey == null || cryptKey.Length != KeyBitSize / 8)
|
|
throw new ArgumentException(String.Format("CryptKey needs to be {0} bit!", KeyBitSize), "cryptKey");
|
|
|
|
if (authKey == null || authKey.Length != KeyBitSize / 8)
|
|
throw new ArgumentException(String.Format("AuthKey needs to be {0} bit!", KeyBitSize), "authKey");
|
|
|
|
if (encryptedMessage == null || encryptedMessage.Length == 0)
|
|
throw new ArgumentException("Encrypted Message Required!", "encryptedMessage");
|
|
|
|
using (var hmac = new HMACSHA256(authKey))
|
|
{
|
|
var sentTag = new byte[hmac.HashSize / 8];
|
|
//Calculate Tag
|
|
var calcTag = hmac.ComputeHash(encryptedMessage, 0, encryptedMessage.Length - sentTag.Length);
|
|
var ivLength = (BlockBitSize / 8);
|
|
|
|
//if message length is to small just return null
|
|
if (encryptedMessage.Length < sentTag.Length + nonSecretPayloadLength + ivLength)
|
|
return null;
|
|
|
|
//Grab Sent Tag
|
|
Array.Copy(encryptedMessage, encryptedMessage.Length - sentTag.Length, sentTag, 0, sentTag.Length);
|
|
|
|
//Compare Tag with constant time comparison
|
|
var compare = 0;
|
|
for (var i = 0; i < sentTag.Length; i++)
|
|
compare |= sentTag[i] ^ calcTag[i];
|
|
|
|
//if message doesn't authenticate return null
|
|
if (compare != 0)
|
|
return null;
|
|
|
|
using (var aes = new AesManaged
|
|
{
|
|
KeySize = KeyBitSize,
|
|
BlockSize = BlockBitSize,
|
|
Mode = CipherMode.CBC,
|
|
Padding = PaddingMode.PKCS7
|
|
})
|
|
{
|
|
|
|
//Grab IV from message
|
|
var iv = new byte[ivLength];
|
|
Array.Copy(encryptedMessage, nonSecretPayloadLength, iv, 0, iv.Length);
|
|
|
|
using (var decrypter = aes.CreateDecryptor(cryptKey, iv))
|
|
using (var plainTextStream = new MemoryStream())
|
|
{
|
|
using (var decrypterStream = new CryptoStream(plainTextStream, decrypter, CryptoStreamMode.Write))
|
|
using (var binaryWriter = new BinaryWriter(decrypterStream))
|
|
{
|
|
//Decrypt Cipher Text from Message
|
|
binaryWriter.Write(
|
|
encryptedMessage,
|
|
nonSecretPayloadLength + iv.Length,
|
|
encryptedMessage.Length - nonSecretPayloadLength - iv.Length - sentTag.Length
|
|
);
|
|
}
|
|
//Return Plain Text
|
|
return plainTextStream.ToArray();
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
public static byte[] SimpleEncryptWithPassword(byte[] secretMessage, string password, byte[] nonSecretPayload = null)
|
|
{
|
|
nonSecretPayload = nonSecretPayload ?? new byte[] { };
|
|
|
|
//User Error Checks
|
|
//if (string.IsNullOrWhiteSpace(password) || password.Length < MinPasswordLength)
|
|
// throw new ArgumentException(String.Format("Must have a password of at least {0} characters!", MinPasswordLength), "password");
|
|
|
|
if (secretMessage == null || secretMessage.Length == 0)
|
|
throw new ArgumentException("Secret Message Required!", "secretMessage");
|
|
|
|
var payload = new byte[((SaltBitSize / 8) * 2) + nonSecretPayload.Length];
|
|
|
|
Array.Copy(nonSecretPayload, payload, nonSecretPayload.Length);
|
|
int payloadIndex = nonSecretPayload.Length;
|
|
|
|
byte[] cryptKey;
|
|
byte[] authKey;
|
|
//Use Random Salt to prevent pre-generated weak password attacks.
|
|
using (var generator = new Rfc2898DeriveBytes(password, SaltBitSize / 8, Iterations))
|
|
{
|
|
var salt = generator.Salt;
|
|
|
|
//Generate Keys
|
|
cryptKey = generator.GetBytes(KeyBitSize / 8);
|
|
|
|
//Create Non Secret Payload
|
|
Array.Copy(salt, 0, payload, payloadIndex, salt.Length);
|
|
payloadIndex += salt.Length;
|
|
}
|
|
|
|
//Deriving separate key, might be less efficient than using HKDF,
|
|
//but now compatible with RNEncryptor which had a very similar wireformat and requires less code than HKDF.
|
|
using (var generator = new Rfc2898DeriveBytes(password, SaltBitSize / 8, Iterations))
|
|
{
|
|
var salt = generator.Salt;
|
|
|
|
//Generate Keys
|
|
authKey = generator.GetBytes(KeyBitSize / 8);
|
|
|
|
//Create Rest of Non Secret Payload
|
|
Array.Copy(salt, 0, payload, payloadIndex, salt.Length);
|
|
}
|
|
|
|
return SimpleEncrypt(secretMessage, cryptKey, authKey, payload);
|
|
}
|
|
|
|
public static byte[] SimpleDecryptWithPassword(byte[] encryptedMessage, string password, int nonSecretPayloadLength = 0)
|
|
{
|
|
if (encryptedMessage == null || encryptedMessage.Length == 0)
|
|
{
|
|
throw new ArgumentException("Encrypted Message Required!", "encryptedMessage");
|
|
}
|
|
|
|
var cryptSalt = new byte[SaltBitSize / 8];
|
|
var authSalt = new byte[SaltBitSize / 8];
|
|
|
|
//Grab Salt from Non-Secret Payload
|
|
Array.Copy(encryptedMessage, nonSecretPayloadLength, cryptSalt, 0, cryptSalt.Length);
|
|
Array.Copy(encryptedMessage, nonSecretPayloadLength + cryptSalt.Length, authSalt, 0, authSalt.Length);
|
|
|
|
byte[] cryptKey;
|
|
byte[] authKey;
|
|
|
|
//Generate crypt key
|
|
using (var generator = new Rfc2898DeriveBytes(password, cryptSalt, Iterations))
|
|
{
|
|
cryptKey = generator.GetBytes(KeyBitSize / 8);
|
|
}
|
|
//Generate auth key
|
|
using (var generator = new Rfc2898DeriveBytes(password, authSalt, Iterations))
|
|
{
|
|
authKey = generator.GetBytes(KeyBitSize / 8);
|
|
}
|
|
|
|
return SimpleDecrypt(encryptedMessage, cryptKey, authKey, cryptSalt.Length + authSalt.Length + nonSecretPayloadLength);
|
|
}
|
|
}
|
|
} |