bitwarden-browser/src/background/nativeMessaging.background.ts

import { CryptoService } from 'jslib/abstractions/crypto.service';
import { MessagingService } from 'jslib/abstractions/messaging.service';
import { VaultTimeoutService } from 'jslib/abstractions/vaultTimeout.service';
import { CryptoFunctionService } from 'jslib/abstractions/cryptoFunction.service';
import { StorageService } from 'jslib/abstractions/storage.service';
import { Utils } from 'jslib/misc/utils';
import { SymmetricCryptoKey } from 'jslib/models/domain';
import { ConstantsService } from 'jslib/services';
import { BrowserApi } from '../browser/browserApi';
import RuntimeBackground from './runtime.background';
import { UserService } from 'jslib/abstractions/user.service';
import { I18nService } from 'jslib/abstractions/i18n.service';

const MessageValidTimeout = 10 * 1000;
const EncryptionAlgorithm = 'sha1';

export class NativeMessagingBackground {
    private connected = false;
    private connecting: boolean;
    private port: browser.runtime.Port | chrome.runtime.Port;

    private resolver: any = null;
    private privateKey: ArrayBuffer = null;
    private secureSetupResolve: any = null;
    private sharedSecret: SymmetricCryptoKey;

    constructor(private storageService: StorageService, private cryptoService: CryptoService,
        private cryptoFunctionService: CryptoFunctionService, private vaultTimeoutService: VaultTimeoutService,
        private runtimeBackground: RuntimeBackground, private i18nService: I18nService, private userService: UserService,
        private messagingService: MessagingService) {}

    async connect() {
        return new Promise((resolve, reject) => {
            this.port = BrowserApi.connectNative('com.8bit.bitwarden');

            this.connecting = true;

            this.port.onMessage.addListener(async (message: any) => {
                switch (message.command) {
                    case 'connected':
                        this.connected = true;
                        this.connecting = false;
                        resolve();
                        break;
                    case 'disconnected':
                        if (this.connecting) {
                            this.messagingService.send('showDialog', {
                                text: this.i18nService.t('startDesktopDesc'),
                                title: this.i18nService.t('startDesktopTitle'),
                                confirmText: this.i18nService.t('ok'),
                                type: 'error',
                            });
                            reject();
                        }
                        this.connected = false;
                        this.port.disconnect();
                        break;
                    case 'setupEncryption':
                        const encrypted = Utils.fromB64ToArray(message.sharedSecret);
                        const decrypted = await this.cryptoFunctionService.rsaDecrypt(encrypted.buffer, this.privateKey, EncryptionAlgorithm);

                        this.sharedSecret = new SymmetricCryptoKey(decrypted);
                        this.secureSetupResolve();
                        break;
                    default:
                        this.onMessage(message);
                }
            });

            this.port.onDisconnect.addListener((p: any) => {
                let error;
                if (BrowserApi.isWebExtensionsApi) {
                    error = p.error.message;
                } else {
                    error = chrome.runtime.lastError.message;
                }

                if (error === 'Specified native messaging host not found.' || error === 'Access to the specified native messaging host is forbidden.' || error === 'An unexpected error occurred') {
                    this.messagingService.send('showDialog', {
                        text: this.i18nService.t('desktopIntegrationDisabledDesc'),
                        title: this.i18nService.t('desktopIntegrationDisabledTitle'),
                        confirmText: this.i18nService.t('ok'),
                        type: 'error',
                    });
                }
                this.connected = false;
                reject();
            });
        });
    }

    async send(message: any) {
        if (!this.connected) {
            await this.connect();
        }

        if (this.sharedSecret == null) {
            await this.secureCommunication();
        }

        message.timestamp = Date.now();

        const encrypted = await this.cryptoService.encrypt(JSON.stringify(message), this.sharedSecret);
        this.port.postMessage(encrypted);
    }

    getResponse(): Promise<any> {
        return new Promise((resolve, reject) => {
            this.resolver = resolve;
        });
    }

    private async onMessage(rawMessage: any) {
        const message = JSON.parse(await this.cryptoService.decryptToUtf8(rawMessage, this.sharedSecret));

        if (Math.abs(message.timestamp - Date.now()) > MessageValidTimeout) {
            // tslint:disable-next-line
            console.error('NativeMessage is to old, ignoring.');
            return;
        }

        switch (message.command) {
            case 'biometricUnlock':
                await this.storageService.remove(ConstantsService.biometricAwaitingAcceptance);

                const enabled = await this.storageService.get(ConstantsService.biometricUnlockKey);
                if (enabled === null || enabled === false) {
                    if (message.response === 'unlocked') {
                        await this.storageService.save(ConstantsService.biometricUnlockKey, true);
                    }
                    break;
                }

                // Ignore unlock if already unlockeded
                if (!this.vaultTimeoutService.biometricLocked) {
                    break;
                }

                if (message.response === 'unlocked') {
                    this.cryptoService.setKey(new SymmetricCryptoKey(Utils.fromB64ToArray(message.keyB64).buffer));
                    this.vaultTimeoutService.biometricLocked = false;
                    this.runtimeBackground.processMessage({command: 'unlocked'}, null, null);
                }
                break;
            default:
                // tslint:disable-next-line
                console.error('NativeMessage, got unknown command.');
        }

        if (this.resolver) {
            this.resolver(message);
        }
    }

    private async secureCommunication() {
        const [publicKey, privateKey] = await this.cryptoFunctionService.rsaGenerateKeyPair(2048);
        this.privateKey = privateKey;

        this.sendUnencrypted({command: 'setupEncryption', publicKey: Utils.fromBufferToB64(publicKey)});
        const fingerprint = (await this.cryptoService.getFingerprint(await this.userService.getUserId(), publicKey)).join(' ');

        this.messagingService.send('showDialog', {
            html: `${this.i18nService.t('desktopIntegrationVerificationText')}<br><br><strong>${fingerprint}</strong>`,
            title: this.i18nService.t('desktopSyncVerificationTitle'),
            confirmText: this.i18nService.t('ok'),
            type: 'warning',
        });

        return new Promise((resolve, reject) => this.secureSetupResolve = resolve);
    }

    private async sendUnencrypted(message: any) {
        if (!this.connected) {
            await this.connect();
        }

        message.timestamp = Date.now();

        this.port.postMessage(message);
    }
}
Show fingerprint message 2020-10-19 16:50:25 +02:00			`import { CryptoService } from 'jslib/abstractions/crypto.service';`
			`import { MessagingService } from 'jslib/abstractions/messaging.service';`
			`import { VaultTimeoutService } from 'jslib/abstractions/vaultTimeout.service';`
wip 2020-10-16 17:08:53 +02:00			`import { CryptoFunctionService } from 'jslib/abstractions/cryptoFunction.service';`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00			`import { StorageService } from 'jslib/abstractions/storage.service';`
wip 2020-10-16 17:08:53 +02:00			`import { Utils } from 'jslib/misc/utils';`
Setup new encryption flow 2020-10-19 12:20:45 +02:00			`import { SymmetricCryptoKey } from 'jslib/models/domain';`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00			`import { ConstantsService } from 'jslib/services';`
Fix linting errors 2020-10-11 20:45:25 +02:00			`import { BrowserApi } from '../browser/browserApi';`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00			`import RuntimeBackground from './runtime.background';`
Show fingerprint message 2020-10-19 16:50:25 +02:00			`import { UserService } from 'jslib/abstractions/user.service';`
			`import { I18nService } from 'jslib/abstractions/i18n.service';`
Initial work of biometric unlock for browser 2020-10-09 17:16:15 +02:00
Minor cleanup 2020-10-16 11:09:49 +02:00			`const MessageValidTimeout = 10 * 1000;`
Setup new encryption flow 2020-10-19 12:20:45 +02:00			`const EncryptionAlgorithm = 'sha1';`
Minor cleanup 2020-10-16 11:09:49 +02:00
Initial work of biometric unlock for browser 2020-10-09 17:16:15 +02:00			`export class NativeMessagingBackground {`
			`private connected = false;`
Display error message when browser integration is disabled, or desktop not running 2020-10-21 15:56:10 +02:00			`private connecting: boolean;`
Initial work of biometric unlock for browser 2020-10-09 17:16:15 +02:00			`private port: browser.runtime.Port \| chrome.runtime.Port;`

			`private resolver: any = null;`
Setup new encryption flow 2020-10-19 12:20:45 +02:00			`private privateKey: ArrayBuffer = null;`
wip 2020-10-16 17:08:53 +02:00			`private secureSetupResolve: any = null;`
Setup new encryption flow 2020-10-19 12:20:45 +02:00			`private sharedSecret: SymmetricCryptoKey;`
Initial work of biometric unlock for browser 2020-10-09 17:16:15 +02:00
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00			`constructor(private storageService: StorageService, private cryptoService: CryptoService,`
wip 2020-10-16 17:08:53 +02:00			`private cryptoFunctionService: CryptoFunctionService, private vaultTimeoutService: VaultTimeoutService,`
Show fingerprint message 2020-10-19 16:50:25 +02:00			`private runtimeBackground: RuntimeBackground, private i18nService: I18nService, private userService: UserService,`
			`private messagingService: MessagingService) {}`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00
Display error message when browser integration is disabled, or desktop not running 2020-10-21 15:56:10 +02:00			`async connect() {`
			`return new Promise((resolve, reject) => {`
			`this.port = BrowserApi.connectNative('com.8bit.bitwarden');`

			`this.connecting = true;`

Cleanup, localize error. 2020-10-21 17:18:04 +02:00			`this.port.onMessage.addListener(async (message: any) => {`
			`switch (message.command) {`
			`case 'connected':`
			`this.connected = true;`
			`this.connecting = false;`
			`resolve();`
			`break;`
			`case 'disconnected':`
			`if (this.connecting) {`
			`this.messagingService.send('showDialog', {`
			`text: this.i18nService.t('startDesktopDesc'),`
			`title: this.i18nService.t('startDesktopTitle'),`
			`confirmText: this.i18nService.t('ok'),`
			`type: 'error',`
			`});`
			`reject();`
			`}`
			`this.connected = false;`
			`this.port.disconnect();`
			`break;`
			`case 'setupEncryption':`
			`const encrypted = Utils.fromB64ToArray(message.sharedSecret);`
			`const decrypted = await this.cryptoFunctionService.rsaDecrypt(encrypted.buffer, this.privateKey, EncryptionAlgorithm);`

			`this.sharedSecret = new SymmetricCryptoKey(decrypted);`
			`this.secureSetupResolve();`
			`break;`
			`default:`
			`this.onMessage(message);`
Display error message when browser integration is disabled, or desktop not running 2020-10-21 15:56:10 +02:00			`}`
			`});`

Fix error in firefox 2020-10-21 19:23:27 +02:00			`this.port.onDisconnect.addListener((p: any) => {`
			`let error;`
			`if (BrowserApi.isWebExtensionsApi) {`
			`error = p.error.message;`
			`} else {`
			`error = chrome.runtime.lastError.message;`
			`}`

			`if (error === 'Specified native messaging host not found.' \|\| error === 'Access to the specified native messaging host is forbidden.' \|\| error === 'An unexpected error occurred') {`
Display error message when browser integration is disabled, or desktop not running 2020-10-21 15:56:10 +02:00			`this.messagingService.send('showDialog', {`
			`text: this.i18nService.t('desktopIntegrationDisabledDesc'),`
			`title: this.i18nService.t('desktopIntegrationDisabledTitle'),`
			`confirmText: this.i18nService.t('ok'),`
			`type: 'error',`
			`});`
			`}`
			`this.connected = false;`
			`reject();`
			`});`
Initial work of biometric unlock for browser 2020-10-09 17:16:15 +02:00			`});`
			`}`

Encrypt messages and verify timestamp. 2020-10-12 21:18:47 +02:00			`async send(message: any) {`
Initial work of biometric unlock for browser 2020-10-09 17:16:15 +02:00			`if (!this.connected) {`
Display error message when browser integration is disabled, or desktop not running 2020-10-21 15:56:10 +02:00			`await this.connect();`
Initial work of biometric unlock for browser 2020-10-09 17:16:15 +02:00			`}`

Setup new encryption flow 2020-10-19 12:20:45 +02:00			`if (this.sharedSecret == null) {`
wip 2020-10-16 17:08:53 +02:00			`await this.secureCommunication();`
			`}`

Encrypt messages and verify timestamp. 2020-10-12 21:18:47 +02:00			`message.timestamp = Date.now();`

Setup new encryption flow 2020-10-19 12:20:45 +02:00			`const encrypted = await this.cryptoService.encrypt(JSON.stringify(message), this.sharedSecret);`
Encrypt messages and verify timestamp. 2020-10-12 21:18:47 +02:00			`this.port.postMessage(encrypted);`
Initial work of biometric unlock for browser 2020-10-09 17:16:15 +02:00			`}`

Cleanup, localize error. 2020-10-21 17:18:04 +02:00			`getResponse(): Promise<any> {`
Initial work of biometric unlock for browser 2020-10-09 17:16:15 +02:00			`return new Promise((resolve, reject) => {`
			`this.resolver = resolve;`
			`});`
			`}`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00
Encrypt messages and verify timestamp. 2020-10-12 21:18:47 +02:00			`private async onMessage(rawMessage: any) {`
Setup new encryption flow 2020-10-19 12:20:45 +02:00			`const message = JSON.parse(await this.cryptoService.decryptToUtf8(rawMessage, this.sharedSecret));`
Encrypt messages and verify timestamp. 2020-10-12 21:18:47 +02:00
Minor cleanup 2020-10-16 11:09:49 +02:00			`if (Math.abs(message.timestamp - Date.now()) > MessageValidTimeout) {`
			`// tslint:disable-next-line`
			`console.error('NativeMessage is to old, ignoring.');`
Encrypt messages and verify timestamp. 2020-10-12 21:18:47 +02:00			`return;`
			`}`

Minor cleanup 2020-10-16 11:09:49 +02:00			`switch (message.command) {`
wip 2020-10-16 17:08:53 +02:00			`case 'biometricUnlock':`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00			`await this.storageService.remove(ConstantsService.biometricAwaitingAcceptance);`

			`const enabled = await this.storageService.get(ConstantsService.biometricUnlockKey);`
			`if (enabled === null \|\| enabled === false) {`
Encrypt messages and verify timestamp. 2020-10-12 21:18:47 +02:00			`if (message.response === 'unlocked') {`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00			`await this.storageService.save(ConstantsService.biometricUnlockKey, true);`
			`}`
Cleanup, localize error. 2020-10-21 17:18:04 +02:00			`break;`
			`}`
Minor cleanup 2020-10-16 11:09:49 +02:00
Cleanup, localize error. 2020-10-21 17:18:04 +02:00			`// Ignore unlock if already unlockeded`
			`if (!this.vaultTimeoutService.biometricLocked) {`
			`break;`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00			`}`

Cleanup, localize error. 2020-10-21 17:18:04 +02:00			`if (message.response === 'unlocked') {`
Unlock using master key from desktop 2020-10-19 18:34:40 +02:00			`this.cryptoService.setKey(new SymmetricCryptoKey(Utils.fromB64ToArray(message.keyB64).buffer));`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00			`this.vaultTimeoutService.biometricLocked = false;`
Unlock using master key from desktop 2020-10-19 18:34:40 +02:00			`this.runtimeBackground.processMessage({command: 'unlocked'}, null, null);`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00			`}`
wip 2020-10-16 17:08:53 +02:00			`break;`
Minor cleanup 2020-10-16 11:09:49 +02:00			`default:`
			`// tslint:disable-next-line`
			`console.error('NativeMessage, got unknown command.');`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00			`}`

			`if (this.resolver) {`
Encrypt messages and verify timestamp. 2020-10-12 21:18:47 +02:00			`this.resolver(message);`
Ensure biometric unlock works even if popup is not in focus 2020-10-12 18:01:34 +02:00			`}`
			`}`
wip 2020-10-16 17:08:53 +02:00
			`private async secureCommunication() {`
Cleanup, localize error. 2020-10-21 17:18:04 +02:00			`const [publicKey, privateKey] = await this.cryptoFunctionService.rsaGenerateKeyPair(2048);`
			`this.privateKey = privateKey;`
wip 2020-10-16 17:08:53 +02:00
Cleanup, localize error. 2020-10-21 17:18:04 +02:00			`this.sendUnencrypted({command: 'setupEncryption', publicKey: Utils.fromBufferToB64(publicKey)});`
			`const fingerprint = (await this.cryptoService.getFingerprint(await this.userService.getUserId(), publicKey)).join(' ');`
Show fingerprint message 2020-10-19 16:50:25 +02:00
			`this.messagingService.send('showDialog', {`
Display error message when browser integration is disabled, or desktop not running 2020-10-21 15:56:10 +02:00			html: `${this.i18nService.t('desktopIntegrationVerificationText')}<br><br><strong>${fingerprint}</strong>`,
Show fingerprint message 2020-10-19 16:50:25 +02:00			`title: this.i18nService.t('desktopSyncVerificationTitle'),`
			`confirmText: this.i18nService.t('ok'),`
			`type: 'warning',`
			`});`
wip 2020-10-16 17:08:53 +02:00
			`return new Promise((resolve, reject) => this.secureSetupResolve = resolve);`
			`}`

			`private async sendUnencrypted(message: any) {`
			`if (!this.connected) {`
Display error message when browser integration is disabled, or desktop not running 2020-10-21 15:56:10 +02:00			`await this.connect();`
wip 2020-10-16 17:08:53 +02:00			`}`

			`message.timestamp = Date.now();`

			`this.port.postMessage(message);`
			`}`
Initial work of biometric unlock for browser 2020-10-09 17:16:15 +02:00			`}`