bitwarden-browser/src/background/nativeMessaging.background.ts

import { CryptoService } from 'jslib/abstractions/crypto.service';
import { MessagingService } from 'jslib/abstractions/messaging.service';
import { VaultTimeoutService } from 'jslib/abstractions/vaultTimeout.service';
import { CryptoFunctionService } from 'jslib/abstractions/cryptoFunction.service';
import { StorageService } from 'jslib/abstractions/storage.service';
import { Utils } from 'jslib/misc/utils';
import { SymmetricCryptoKey } from 'jslib/models/domain';
import { ConstantsService } from 'jslib/services';
import { BrowserApi } from '../browser/browserApi';
import RuntimeBackground from './runtime.background';
import { UserService } from 'jslib/abstractions/user.service';
import { I18nService } from 'jslib/abstractions/i18n.service';

const MessageValidTimeout = 10 * 1000;
const EncryptionAlgorithm = 'sha1';

export class NativeMessagingBackground {
    private connected = false;
    private connecting: boolean;
    private port: browser.runtime.Port | chrome.runtime.Port;

    private resolver: any = null;
    private publicKey: ArrayBuffer;
    private privateKey: ArrayBuffer = null;
    private secureSetupResolve: any = null;
    private sharedSecret: SymmetricCryptoKey;

    constructor(private storageService: StorageService, private cryptoService: CryptoService,
        private cryptoFunctionService: CryptoFunctionService, private vaultTimeoutService: VaultTimeoutService,
        private runtimeBackground: RuntimeBackground, private i18nService: I18nService, private userService: UserService,
        private messagingService: MessagingService) {}

    async connect() {
        return new Promise((resolve, reject) => {
            this.port = BrowserApi.connectNative('com.8bit.bitwarden');

            this.connecting = true;

            this.port.onMessage.addListener((message: any) => {
                if (message.command === 'connected') {
                    this.connected = true;
                    this.connecting = false;
                    resolve();
                } else if (message.command === 'disconnected') {
                    if (this.connecting) {
                        this.messagingService.send('showDialog', {
                            text: this.i18nService.t('startDesktopDesc'),
                            title: this.i18nService.t('startDesktopTitle'),
                            confirmText: this.i18nService.t('ok'),
                            type: 'error',
                        });
                        reject();
                    }
                    this.connected = false;
                    this.port.disconnect();
                    return;
                }

                this.onMessage(message);
            });

            this.port.onDisconnect.addListener(() => {
                if (BrowserApi.runtimeLastError().message === 'Specified native messaging host not found.') {
                    this.messagingService.send('showDialog', {
                        text: this.i18nService.t('desktopIntegrationDisabledDesc'),
                        title: this.i18nService.t('desktopIntegrationDisabledTitle'),
                        confirmText: this.i18nService.t('ok'),
                        type: 'error',
                    });
                }
                this.connected = false;
                reject();
            });
        });
    }

    async send(message: any) {
        // If not connected, try to connect
        if (!this.connected) {
            await this.connect();
        }

        if (this.sharedSecret == null) {
            await this.secureCommunication();
        }

        message.timestamp = Date.now();

        const encrypted = await this.cryptoService.encrypt(JSON.stringify(message), this.sharedSecret);
        this.port.postMessage(encrypted);
    }

    await(): Promise<any> {
        return new Promise((resolve, reject) => {
            this.resolver = resolve;
        });
    }

    private async onMessage(rawMessage: any) {
        if (rawMessage.command === 'setupEncryption') {
            const encrypted = Utils.fromB64ToArray(rawMessage.sharedSecret);
            const decrypted = await this.cryptoFunctionService.rsaDecrypt(encrypted.buffer, this.privateKey, EncryptionAlgorithm);

            this.sharedSecret = new SymmetricCryptoKey(decrypted);
            this.secureSetupResolve();
            return;
        }
        const message = JSON.parse(await this.cryptoService.decryptToUtf8(rawMessage, this.sharedSecret));

        if (Math.abs(message.timestamp - Date.now()) > MessageValidTimeout) {
            // tslint:disable-next-line
            console.error('NativeMessage is to old, ignoring.');
            return;
        }

        switch (message.command) {
            case 'biometricUnlock':
                await this.storageService.remove(ConstantsService.biometricAwaitingAcceptance);

                const enabled = await this.storageService.get(ConstantsService.biometricUnlockKey);
                if (enabled === null || enabled === false) {
                    if (message.response === 'unlocked') {
                        await this.storageService.save(ConstantsService.biometricUnlockKey, true);
                    }

                    await this.cryptoService.toggleKey();
                }

                if (this.vaultTimeoutService.biometricLocked) {
                    this.cryptoService.setKey(new SymmetricCryptoKey(Utils.fromB64ToArray(message.keyB64).buffer));
                    this.vaultTimeoutService.biometricLocked = false;
                    this.runtimeBackground.processMessage({command: 'unlocked'}, null, null);
                }
                break;
            default:
                // tslint:disable-next-line
                console.error('NativeMessage, got unknown command.');
        }

        if (this.resolver) {
            this.resolver(message);
        }
    }

    private async secureCommunication() {
        // Using crypto function service directly since we cannot encrypt the private key as
        // master key might not be available
        [this.publicKey, this.privateKey] = await this.cryptoFunctionService.rsaGenerateKeyPair(2048);

        this.sendUnencrypted({command: 'setupEncryption', publicKey: Utils.fromBufferToB64(this.publicKey)});
        const fingerprint = (await this.cryptoService.getFingerprint(await this.userService.getUserId(), this.publicKey)).join(' ');

        this.messagingService.send('showDialog', {
            html: `${this.i18nService.t('desktopIntegrationVerificationText')}<br><br><strong>${fingerprint}</strong>`,
            title: this.i18nService.t('desktopSyncVerificationTitle'),
            confirmText: this.i18nService.t('ok'),
            type: 'warning',
        });

        return new Promise((resolve, reject) => this.secureSetupResolve = resolve);
    }

    private async sendUnencrypted(message: any) {
        if (!this.connected) {
            await this.connect();
        }

        message.timestamp = Date.now();

        this.port.postMessage(message);
    }
}
Show fingerprint message 2020-10-19 16:50:25 +02:00			`import { CryptoService } from 'jslib/abstractions/crypto.service';`
			`import { MessagingService } from 'jslib/abstractions/messaging.service';`
			`import { VaultTimeoutService } from 'jslib/abstractions/vaultTimeout.service';`
wip 2020-10-16 17:08:53 +02:00			`import { CryptoFunctionService } from 'jslib/abstractions/cryptoFunction.service';`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00			`import { StorageService } from 'jslib/abstractions/storage.service';`
wip 2020-10-16 17:08:53 +02:00			`import { Utils } from 'jslib/misc/utils';`
Setup new encryption flow 2020-10-19 12:20:45 +02:00			`import { SymmetricCryptoKey } from 'jslib/models/domain';`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00			`import { ConstantsService } from 'jslib/services';`
Fix linting errors 2020-10-11 20:45:25 +02:00			`import { BrowserApi } from '../browser/browserApi';`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00			`import RuntimeBackground from './runtime.background';`
Show fingerprint message 2020-10-19 16:50:25 +02:00			`import { UserService } from 'jslib/abstractions/user.service';`
			`import { I18nService } from 'jslib/abstractions/i18n.service';`
Initial work of biometric unlock for browser 2020-10-09 17:16:15 +02:00
Minor cleanup 2020-10-16 11:09:49 +02:00			`const MessageValidTimeout = 10 * 1000;`
Setup new encryption flow 2020-10-19 12:20:45 +02:00			`const EncryptionAlgorithm = 'sha1';`
Minor cleanup 2020-10-16 11:09:49 +02:00
Initial work of biometric unlock for browser 2020-10-09 17:16:15 +02:00			`export class NativeMessagingBackground {`
			`private connected = false;`
Display error message when browser integration is disabled, or desktop not running 2020-10-21 15:56:10 +02:00			`private connecting: boolean;`
Initial work of biometric unlock for browser 2020-10-09 17:16:15 +02:00			`private port: browser.runtime.Port \| chrome.runtime.Port;`

			`private resolver: any = null;`
Setup new encryption flow 2020-10-19 12:20:45 +02:00			`private publicKey: ArrayBuffer;`
			`private privateKey: ArrayBuffer = null;`
wip 2020-10-16 17:08:53 +02:00			`private secureSetupResolve: any = null;`
Setup new encryption flow 2020-10-19 12:20:45 +02:00			`private sharedSecret: SymmetricCryptoKey;`
Initial work of biometric unlock for browser 2020-10-09 17:16:15 +02:00
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00			`constructor(private storageService: StorageService, private cryptoService: CryptoService,`
wip 2020-10-16 17:08:53 +02:00			`private cryptoFunctionService: CryptoFunctionService, private vaultTimeoutService: VaultTimeoutService,`
Show fingerprint message 2020-10-19 16:50:25 +02:00			`private runtimeBackground: RuntimeBackground, private i18nService: I18nService, private userService: UserService,`
			`private messagingService: MessagingService) {}`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00
Display error message when browser integration is disabled, or desktop not running 2020-10-21 15:56:10 +02:00			`async connect() {`
			`return new Promise((resolve, reject) => {`
			`this.port = BrowserApi.connectNative('com.8bit.bitwarden');`

			`this.connecting = true;`

			`this.port.onMessage.addListener((message: any) => {`
			`if (message.command === 'connected') {`
			`this.connected = true;`
			`this.connecting = false;`
			`resolve();`
			`} else if (message.command === 'disconnected') {`
			`if (this.connecting) {`
			`this.messagingService.send('showDialog', {`
			`text: this.i18nService.t('startDesktopDesc'),`
			`title: this.i18nService.t('startDesktopTitle'),`
			`confirmText: this.i18nService.t('ok'),`
			`type: 'error',`
			`});`
			`reject();`
			`}`
			`this.connected = false;`
			`this.port.disconnect();`
			`return;`
			`}`
Minor cleanup 2020-10-16 11:09:49 +02:00
Display error message when browser integration is disabled, or desktop not running 2020-10-21 15:56:10 +02:00			`this.onMessage(message);`
			`});`

			`this.port.onDisconnect.addListener(() => {`
			`if (BrowserApi.runtimeLastError().message === 'Specified native messaging host not found.') {`
			`this.messagingService.send('showDialog', {`
			`text: this.i18nService.t('desktopIntegrationDisabledDesc'),`
			`title: this.i18nService.t('desktopIntegrationDisabledTitle'),`
			`confirmText: this.i18nService.t('ok'),`
			`type: 'error',`
			`});`
			`}`
			`this.connected = false;`
			`reject();`
			`});`
Initial work of biometric unlock for browser 2020-10-09 17:16:15 +02:00			`});`
			`}`

Encrypt messages and verify timestamp. 2020-10-12 21:18:47 +02:00			`async send(message: any) {`
Initial work of biometric unlock for browser 2020-10-09 17:16:15 +02:00			`// If not connected, try to connect`
			`if (!this.connected) {`
Display error message when browser integration is disabled, or desktop not running 2020-10-21 15:56:10 +02:00			`await this.connect();`
Initial work of biometric unlock for browser 2020-10-09 17:16:15 +02:00			`}`

Setup new encryption flow 2020-10-19 12:20:45 +02:00			`if (this.sharedSecret == null) {`
wip 2020-10-16 17:08:53 +02:00			`await this.secureCommunication();`
			`}`

Encrypt messages and verify timestamp. 2020-10-12 21:18:47 +02:00			`message.timestamp = Date.now();`

Setup new encryption flow 2020-10-19 12:20:45 +02:00			`const encrypted = await this.cryptoService.encrypt(JSON.stringify(message), this.sharedSecret);`
Encrypt messages and verify timestamp. 2020-10-12 21:18:47 +02:00			`this.port.postMessage(encrypted);`
Initial work of biometric unlock for browser 2020-10-09 17:16:15 +02:00			`}`

			`await(): Promise<any> {`
			`return new Promise((resolve, reject) => {`
			`this.resolver = resolve;`
			`});`
			`}`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00
Encrypt messages and verify timestamp. 2020-10-12 21:18:47 +02:00			`private async onMessage(rawMessage: any) {`
Setup new encryption flow 2020-10-19 12:20:45 +02:00			`if (rawMessage.command === 'setupEncryption') {`
			`const encrypted = Utils.fromB64ToArray(rawMessage.sharedSecret);`
			`const decrypted = await this.cryptoFunctionService.rsaDecrypt(encrypted.buffer, this.privateKey, EncryptionAlgorithm);`

			`this.sharedSecret = new SymmetricCryptoKey(decrypted);`
			`this.secureSetupResolve();`
			`return;`
			`}`
			`const message = JSON.parse(await this.cryptoService.decryptToUtf8(rawMessage, this.sharedSecret));`
Encrypt messages and verify timestamp. 2020-10-12 21:18:47 +02:00
Minor cleanup 2020-10-16 11:09:49 +02:00			`if (Math.abs(message.timestamp - Date.now()) > MessageValidTimeout) {`
			`// tslint:disable-next-line`
			`console.error('NativeMessage is to old, ignoring.');`
Encrypt messages and verify timestamp. 2020-10-12 21:18:47 +02:00			`return;`
			`}`

Minor cleanup 2020-10-16 11:09:49 +02:00			`switch (message.command) {`
wip 2020-10-16 17:08:53 +02:00			`case 'biometricUnlock':`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00			`await this.storageService.remove(ConstantsService.biometricAwaitingAcceptance);`

			`const enabled = await this.storageService.get(ConstantsService.biometricUnlockKey);`
			`if (enabled === null \|\| enabled === false) {`
Encrypt messages and verify timestamp. 2020-10-12 21:18:47 +02:00			`if (message.response === 'unlocked') {`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00			`await this.storageService.save(ConstantsService.biometricUnlockKey, true);`
			`}`
Minor cleanup 2020-10-16 11:09:49 +02:00
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00			`await this.cryptoService.toggleKey();`
			`}`

			`if (this.vaultTimeoutService.biometricLocked) {`
Unlock using master key from desktop 2020-10-19 18:34:40 +02:00			`this.cryptoService.setKey(new SymmetricCryptoKey(Utils.fromB64ToArray(message.keyB64).buffer));`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00			`this.vaultTimeoutService.biometricLocked = false;`
Unlock using master key from desktop 2020-10-19 18:34:40 +02:00			`this.runtimeBackground.processMessage({command: 'unlocked'}, null, null);`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00			`}`
wip 2020-10-16 17:08:53 +02:00			`break;`
Minor cleanup 2020-10-16 11:09:49 +02:00			`default:`
			`// tslint:disable-next-line`
			`console.error('NativeMessage, got unknown command.');`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00			`}`

			`if (this.resolver) {`
Encrypt messages and verify timestamp. 2020-10-12 21:18:47 +02:00			`this.resolver(message);`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00			`}`
			`}`
wip 2020-10-16 17:08:53 +02:00
			`private async secureCommunication() {`
			`// Using crypto function service directly since we cannot encrypt the private key as`
			`// master key might not be available`
			`[this.publicKey, this.privateKey] = await this.cryptoFunctionService.rsaGenerateKeyPair(2048);`

			`this.sendUnencrypted({command: 'setupEncryption', publicKey: Utils.fromBufferToB64(this.publicKey)});`
Show fingerprint message 2020-10-19 16:50:25 +02:00			`const fingerprint = (await this.cryptoService.getFingerprint(await this.userService.getUserId(), this.publicKey)).join(' ');`

			`this.messagingService.send('showDialog', {`
Display error message when browser integration is disabled, or desktop not running 2020-10-21 15:56:10 +02:00			html: `${this.i18nService.t('desktopIntegrationVerificationText')}<br><br><strong>${fingerprint}</strong>`,
Show fingerprint message 2020-10-19 16:50:25 +02:00			`title: this.i18nService.t('desktopSyncVerificationTitle'),`
			`confirmText: this.i18nService.t('ok'),`
			`type: 'warning',`
			`});`
wip 2020-10-16 17:08:53 +02:00
			`return new Promise((resolve, reject) => this.secureSetupResolve = resolve);`
			`}`

			`private async sendUnencrypted(message: any) {`
			`if (!this.connected) {`
Display error message when browser integration is disabled, or desktop not running 2020-10-21 15:56:10 +02:00			`await this.connect();`
wip 2020-10-16 17:08:53 +02:00			`}`

			`message.timestamp = Date.now();`

			`this.port.postMessage(message);`
			`}`
Initial work of biometric unlock for browser 2020-10-09 17:16:15 +02:00			`}`