Linux password encryption storage

2dust · Nov 15, 2024 · ba5ad12 · ba5ad12
1 parent 57f9c81
commit ba5ad12
Show file tree

Hide file tree

Showing 12 changed files with 95 additions and 16 deletions.
diff --git a/v2rayN/ServiceLib/Common/DesUtils.cs b/v2rayN/ServiceLib/Common/DesUtils.cs
@@ -0,0 +1,75 @@
+using System.Security.Cryptography;
+using System.Text;
+
+namespace ServiceLib.Common
+{
+    public class DesUtils
+    {
+        /// <summary>
+        /// Encrypt
+        /// </summary>
+        /// <param name="text"></param>
+        /// /// <param name="key"></param>
+        /// <returns></returns>
+        public static string Encrypt(string? text, string? key = null)
+        {
+            if (text.IsNullOrEmpty())
+            {
+                return string.Empty;
+            }
+            GetKeyIv(key ?? GetDefaultKey(), out var rgbKey, out var rgbIv);
+            var dsp = DES.Create();
+            using var memStream = new MemoryStream();
+            using var cryStream = new CryptoStream(memStream, dsp.CreateEncryptor(rgbKey, rgbIv), CryptoStreamMode.Write);
+            using var sWriter = new StreamWriter(cryStream);
+            sWriter.Write(text);
+            sWriter.Flush();
+            cryStream.FlushFinalBlock();
+            memStream.Flush();
+            return Convert.ToBase64String(memStream.GetBuffer(), 0, (int)memStream.Length);
+        }
+
+        /// <summary>
+        /// Decrypt
+        /// </summary>
+        /// <param name="encryptText"></param>
+        /// <param name="key"></param>
+        /// <returns></returns>
+        public static string Decrypt(string? encryptText, string? key = null)
+        {
+            if (encryptText.IsNullOrEmpty())
+            {
+                return string.Empty;
+            }
+            GetKeyIv(key ?? GetDefaultKey(), out var rgbKey, out var rgbIv);
+            var dsp = DES.Create();
+            var buffer = Convert.FromBase64String(encryptText);
+
+            using var memStream = new MemoryStream();
+            using var cryStream = new CryptoStream(memStream, dsp.CreateDecryptor(rgbKey, rgbIv), CryptoStreamMode.Write);
+            cryStream.Write(buffer, 0, buffer.Length);
+            cryStream.FlushFinalBlock();
+            return Encoding.UTF8.GetString(memStream.ToArray());
+        }
+
+        private static void GetKeyIv(string key, out byte[] rgbKey, out byte[] rgbIv)
+        {
+            if (key.IsNullOrEmpty())
+            {
+                throw new ArgumentNullException("The key cannot be null");
+            }
+            if (key.Length <= 8)
+            {
+                throw new ArgumentNullException("The key length cannot be less than 8 characters.");
+            }
+
+            rgbKey = Encoding.ASCII.GetBytes(key.Substring(0, 8));
+            rgbIv = Encoding.ASCII.GetBytes(key.Insert(0, "w").Substring(0, 8));
+        }
+
+        private static string GetDefaultKey()
+        {
+            return Utils.GetMd5(Utils.GetHomePath() + "DesUtils");
+        }
+    }
+}
diff --git a/v2rayN/ServiceLib/Handler/CoreHandler.cs b/v2rayN/ServiceLib/Handler/CoreHandler.cs
@@ -261,7 +261,7 @@ private bool IsNeedSudo(ECoreType eCoreType)
             return _config.TunModeItem.EnableTun
                    && eCoreType == ECoreType.sing_box
                    && Utils.IsLinux()
-                   && _config.TunModeItem.LinuxSudoPassword.IsNotEmpty()
+                   && _config.TunModeItem.LinuxSudoPwd.IsNotEmpty()
                 ;
         }
 
@@ -299,7 +299,8 @@ private bool IsNeedSudo(ECoreType eCoreType)
                 if (isNeedSudo)
                 {
                     proc.StartInfo.FileName = $"/bin/sudo";
-                    proc.StartInfo.Arguments = $"-S {fileName} {string.Format(coreInfo.Arguments, configPath)}";
+                    proc.StartInfo.Arguments = $"-S {fileName} {string.Format(coreInfo.Arguments, Utils.GetConfigPath(configPath))}";
+                    proc.StartInfo.WorkingDirectory = null;
                     proc.StartInfo.StandardInputEncoding = Encoding.UTF8;
                     proc.StartInfo.RedirectStandardInput = true;
                 }
@@ -328,10 +329,11 @@ private bool IsNeedSudo(ECoreType eCoreType)
 
                 if (isNeedSudo)
                 {
+                    var pwd = DesUtils.Decrypt(_config.TunModeItem.LinuxSudoPwd);
                     await Task.Delay(10);
-                    await proc.StandardInput.WriteLineAsync(_config.TunModeItem.LinuxSudoPassword);
+                    await proc.StandardInput.WriteLineAsync(pwd);
                     await Task.Delay(10);
-                    await proc.StandardInput.WriteLineAsync(_config.TunModeItem.LinuxSudoPassword);
+                    await proc.StandardInput.WriteLineAsync(pwd);
                 }
 
                 if (displayLog)

diff --git a/v2rayN/ServiceLib/Models/ConfigItems.cs b/v2rayN/ServiceLib/Models/ConfigItems.cs
@@ -161,7 +161,7 @@ public class TunModeItem
         public int Mtu { get; set; }
         public bool EnableExInbound { get; set; }
         public bool EnableIPv6Address { get; set; }
-        public string? LinuxSudoPassword { get; set; }
+        public string? LinuxSudoPwd { get; set; }
     }
 
     [Serializable]

diff --git a/v2rayN/ServiceLib/Resx/ResUI.Designer.cs b/v2rayN/ServiceLib/Resx/ResUI.Designer.cs
diff --git a/v2rayN/ServiceLib/Resx/ResUI.fa-Ir.resx b/v2rayN/ServiceLib/Resx/ResUI.fa-Ir.resx
@@ -1373,7 +1373,7 @@
     <value>Linux system sudo password</value>
   </data>
   <data name="TbSettingsLinuxSudoPasswordTip" xml:space="preserve">
-    <value>The password will only be stored in the local file.</value>
+    <value>The password is encrypted and stored only in local files.</value>
   </data>
   <data name="TbSettingsLinuxSudoPasswordIsEmpty" xml:space="preserve">
     <value>Please set the sudo password in Tun mode settings first</value>

diff --git a/v2rayN/ServiceLib/Resx/ResUI.resx b/v2rayN/ServiceLib/Resx/ResUI.resx
@@ -1373,7 +1373,7 @@
     <value>Linux system sudo password</value>
   </data>
   <data name="TbSettingsLinuxSudoPasswordTip" xml:space="preserve">
-    <value>The password will only be stored in the local file.</value>
+    <value>The password is encrypted and stored only in local files.</value>
   </data>
   <data name="TbSettingsLinuxSudoPasswordIsEmpty" xml:space="preserve">
     <value>Please set the sudo password in Tun mode settings first</value>

diff --git a/v2rayN/ServiceLib/Resx/ResUI.ru.resx b/v2rayN/ServiceLib/Resx/ResUI.ru.resx
@@ -1373,7 +1373,7 @@
     <value>Linux system sudo password</value>
   </data>
   <data name="TbSettingsLinuxSudoPasswordTip" xml:space="preserve">
-    <value>The password will only be stored in the local file.</value>
+    <value>The password is encrypted and stored only in local files.</value>
   </data>
   <data name="TbSettingsLinuxSudoPasswordIsEmpty" xml:space="preserve">
     <value>Please set the sudo password in Tun mode settings first</value>

diff --git a/v2rayN/ServiceLib/Resx/ResUI.zh-Hans.resx b/v2rayN/ServiceLib/Resx/ResUI.zh-Hans.resx
@@ -1370,7 +1370,7 @@
     <value>Linux系统的sudo密码</value>
   </data>
   <data name="TbSettingsLinuxSudoPasswordTip" xml:space="preserve">
-    <value>密码只会存储在本地文件中，没有密码无法开启Tun</value>
+    <value>密码已加密且只存储在本地文件中，无密码无法开启Tun</value>
   </data>
   <data name="TbSettingsLinuxSudoPasswordIsEmpty" xml:space="preserve">
     <value>请先在Tun模式设置中设置sudo密码</value>

diff --git a/v2rayN/ServiceLib/Resx/ResUI.zh-Hant.resx b/v2rayN/ServiceLib/Resx/ResUI.zh-Hant.resx
@@ -1370,7 +1370,7 @@
     <value>Linux系統的sudo密碼</value>
   </data>
   <data name="TbSettingsLinuxSudoPasswordTip" xml:space="preserve">
-    <value>密碼只會儲存在本機檔案中，沒有密碼無法開啟Tun</value>
+    <value>密碼已加密且只儲存在本機檔案中，無密碼無法開啟Tun</value>
   </data>
   <data name="TbSettingsLinuxSudoPasswordIsEmpty" xml:space="preserve">
     <value>請先在Tun模式設定中設定sudo密碼</value>

diff --git a/v2rayN/ServiceLib/ViewModels/OptionSettingViewModel.cs b/v2rayN/ServiceLib/ViewModels/OptionSettingViewModel.cs
@@ -198,7 +198,7 @@ private async Task Init()
             TunMtu = _config.TunModeItem.Mtu;
             TunEnableExInbound = _config.TunModeItem.EnableExInbound;
             TunEnableIPv6Address = _config.TunModeItem.EnableIPv6Address;
-            TunLinuxSudoPassword = _config.TunModeItem.LinuxSudoPassword;
+            TunLinuxSudoPassword = _config.TunModeItem.LinuxSudoPwd;
 
             #endregion Tun mode
 
@@ -342,7 +342,10 @@ private async Task SaveSettingAsync()
             _config.TunModeItem.Mtu = TunMtu;
             _config.TunModeItem.EnableExInbound = TunEnableExInbound;
             _config.TunModeItem.EnableIPv6Address = TunEnableIPv6Address;
-            _config.TunModeItem.LinuxSudoPassword = TunLinuxSudoPassword;
+            if (TunLinuxSudoPassword != _config.TunModeItem.LinuxSudoPwd)
+            {
+                _config.TunModeItem.LinuxSudoPwd = DesUtils.Encrypt(TunLinuxSudoPassword);
+            }
 
             //coreType
             await SaveCoreType();

diff --git a/v2rayN/ServiceLib/ViewModels/StatusBarViewModel.cs b/v2rayN/ServiceLib/ViewModels/StatusBarViewModel.cs
@@ -440,7 +440,7 @@ private bool AllowEnableTun()
             }
             else if (Utils.IsLinux())
             {
-                return _config.TunModeItem.LinuxSudoPassword.IsNotEmpty();
+                return _config.TunModeItem.LinuxSudoPwd.IsNotEmpty();
             }
             return false;
         }

diff --git a/v2rayN/v2rayN.Desktop/Views/OptionSettingWindow.axaml b/v2rayN/v2rayN.Desktop/Views/OptionSettingWindow.axaml
@@ -808,8 +808,7 @@
                             Grid.Column="1"
                             Width="200"
                             HorizontalAlignment="Left"
-                            Classes="Margin8"
-                            PasswordChar="*" />
+                            Classes="Margin8" />
                         <TextBlock
                             Grid.Row="7"
                             Grid.Column="2"