mirror of
https://github.com/bitwarden/browser.git
synced 2024-12-21 16:18:28 +01:00
48bd438824
* Add logging to decryption routines * Fix case of uknown encryption type * Add decryption context to log where failures occur * Update log message * Fix linting * Add more context logs * Add context logs for native messaging * Update apps/desktop/native-messaging-test-runner/src/native-message.service.ts Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Update apps/desktop/src/services/native-message-handler.service.ts Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Rename channel key to desktop ipc channel key --------- Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
240 lines
7.5 KiB
TypeScript
240 lines
7.5 KiB
TypeScript
import "module-alias/register";
|
|
|
|
import { v4 as uuidv4 } from "uuid";
|
|
|
|
import { Utils } from "@bitwarden/common/platform/misc/utils";
|
|
import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
|
|
import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
|
|
import { ConsoleLogService } from "@bitwarden/common/platform/services/console-log.service";
|
|
import { EncryptServiceImplementation } from "@bitwarden/common/platform/services/cryptography/encrypt.service.implementation";
|
|
import { NodeCryptoFunctionService } from "@bitwarden/node/services/node-crypto-function.service";
|
|
|
|
import { DecryptedCommandData } from "../../src/models/native-messaging/decrypted-command-data";
|
|
import { EncryptedMessage } from "../../src/models/native-messaging/encrypted-message";
|
|
import { CredentialCreatePayload } from "../../src/models/native-messaging/encrypted-message-payloads/credential-create-payload";
|
|
import { CredentialUpdatePayload } from "../../src/models/native-messaging/encrypted-message-payloads/credential-update-payload";
|
|
import { EncryptedMessageResponse } from "../../src/models/native-messaging/encrypted-message-response";
|
|
import { MessageCommon } from "../../src/models/native-messaging/message-common";
|
|
import { UnencryptedMessage } from "../../src/models/native-messaging/unencrypted-message";
|
|
import { UnencryptedMessageResponse } from "../../src/models/native-messaging/unencrypted-message-response";
|
|
|
|
import IPCService, { IPCOptions } from "./ipc.service";
|
|
import * as config from "./variables";
|
|
|
|
type HandshakeResponse = {
|
|
status: boolean;
|
|
sharedKey: string;
|
|
error?: "canceled" | "cannot-decrypt";
|
|
};
|
|
|
|
const CONFIRMATION_MESSAGE_TIMEOUT = 100 * 1000; // 100 seconds
|
|
|
|
export default class NativeMessageService {
|
|
private ipcService: IPCService;
|
|
private nodeCryptoFunctionService: NodeCryptoFunctionService;
|
|
private encryptService: EncryptServiceImplementation;
|
|
|
|
constructor(private apiVersion: number) {
|
|
console.log("Starting native messaging service");
|
|
this.ipcService = new IPCService(`bitwarden`, (rawMessage) => {
|
|
console.log(`Received unexpected: `, rawMessage);
|
|
});
|
|
|
|
this.nodeCryptoFunctionService = new NodeCryptoFunctionService();
|
|
this.encryptService = new EncryptServiceImplementation(
|
|
this.nodeCryptoFunctionService,
|
|
new ConsoleLogService(false),
|
|
false,
|
|
);
|
|
}
|
|
|
|
// Commands
|
|
|
|
async sendHandshake(publicKey: string, applicationName: string): Promise<HandshakeResponse> {
|
|
const rawResponse = await this.sendUnencryptedMessage(
|
|
{
|
|
command: "bw-handshake",
|
|
payload: {
|
|
publicKey,
|
|
applicationName: applicationName,
|
|
},
|
|
},
|
|
{
|
|
overrideTimeout: CONFIRMATION_MESSAGE_TIMEOUT,
|
|
},
|
|
);
|
|
return rawResponse.payload as HandshakeResponse;
|
|
}
|
|
|
|
async checkStatus(key: string): Promise<DecryptedCommandData> {
|
|
const encryptedCommand = await this.encryptCommandData(
|
|
{
|
|
command: "bw-status",
|
|
},
|
|
key,
|
|
);
|
|
|
|
const response = await this.sendEncryptedMessage({
|
|
encryptedCommand,
|
|
});
|
|
|
|
return this.decryptResponsePayload(response.encryptedPayload, key);
|
|
}
|
|
|
|
async credentialRetrieval(key: string, uri: string): Promise<DecryptedCommandData> {
|
|
const encryptedCommand = await this.encryptCommandData(
|
|
{
|
|
command: "bw-credential-retrieval",
|
|
payload: {
|
|
uri: uri,
|
|
},
|
|
},
|
|
key,
|
|
);
|
|
const response = await this.sendEncryptedMessage({
|
|
encryptedCommand,
|
|
});
|
|
|
|
return this.decryptResponsePayload(response.encryptedPayload, key);
|
|
}
|
|
|
|
async credentialCreation(
|
|
key: string,
|
|
credentialData: CredentialCreatePayload,
|
|
): Promise<DecryptedCommandData> {
|
|
const encryptedCommand = await this.encryptCommandData(
|
|
{
|
|
command: "bw-credential-create",
|
|
payload: credentialData,
|
|
},
|
|
key,
|
|
);
|
|
const response = await this.sendEncryptedMessage({
|
|
encryptedCommand,
|
|
});
|
|
|
|
return this.decryptResponsePayload(response.encryptedPayload, key);
|
|
}
|
|
|
|
async credentialUpdate(
|
|
key: string,
|
|
credentialData: CredentialUpdatePayload,
|
|
): Promise<DecryptedCommandData> {
|
|
const encryptedCommand = await this.encryptCommandData(
|
|
{
|
|
command: "bw-credential-update",
|
|
payload: credentialData,
|
|
},
|
|
key,
|
|
);
|
|
const response = await this.sendEncryptedMessage({
|
|
encryptedCommand,
|
|
});
|
|
|
|
return this.decryptResponsePayload(response.encryptedPayload, key);
|
|
}
|
|
|
|
async generatePassword(key: string, userId: string): Promise<DecryptedCommandData> {
|
|
const encryptedCommand = await this.encryptCommandData(
|
|
{
|
|
command: "bw-generate-password",
|
|
payload: {
|
|
userId: userId,
|
|
},
|
|
},
|
|
key,
|
|
);
|
|
const response = await this.sendEncryptedMessage({
|
|
encryptedCommand,
|
|
});
|
|
|
|
return this.decryptResponsePayload(response.encryptedPayload, key);
|
|
}
|
|
|
|
// Private message sending
|
|
|
|
private async sendEncryptedMessage(
|
|
message: Omit<EncryptedMessage, keyof MessageCommon>,
|
|
options: IPCOptions = {},
|
|
): Promise<EncryptedMessageResponse> {
|
|
const result = await this.sendMessage(message, options);
|
|
return result as EncryptedMessageResponse;
|
|
}
|
|
|
|
private async sendUnencryptedMessage(
|
|
message: Omit<UnencryptedMessage, keyof MessageCommon>,
|
|
options: IPCOptions = {},
|
|
): Promise<UnencryptedMessageResponse> {
|
|
const result = await this.sendMessage(message, options);
|
|
return result as UnencryptedMessageResponse;
|
|
}
|
|
|
|
private async sendMessage(
|
|
message:
|
|
| Omit<UnencryptedMessage, keyof MessageCommon>
|
|
| Omit<EncryptedMessage, keyof MessageCommon>,
|
|
options: IPCOptions,
|
|
): Promise<EncryptedMessageResponse | UnencryptedMessageResponse> {
|
|
// Attempt to connect before sending any messages. If the connection has already
|
|
// been made, this is a NOOP within the IPCService.
|
|
await this.ipcService.connect();
|
|
|
|
const commonFields: MessageCommon = {
|
|
// Create a messageId that can be used as a lookup when we get a response
|
|
messageId: uuidv4(),
|
|
version: this.apiVersion,
|
|
};
|
|
const fullMessage: UnencryptedMessage | EncryptedMessage = {
|
|
...message,
|
|
...commonFields,
|
|
};
|
|
|
|
console.log(`[NativeMessageService] sendMessage with id: ${fullMessage.messageId}`);
|
|
|
|
const response = await this.ipcService.sendMessage(fullMessage, options);
|
|
|
|
console.log(`[NativeMessageService] received response for message: ${fullMessage.messageId}`);
|
|
|
|
return response;
|
|
}
|
|
|
|
disconnect() {
|
|
this.ipcService.disconnect();
|
|
}
|
|
|
|
// Data Encryption
|
|
private async encryptCommandData(
|
|
commandData: DecryptedCommandData,
|
|
key: string,
|
|
): Promise<EncString> {
|
|
const commandDataString = JSON.stringify(commandData);
|
|
|
|
const sharedKey = await this.getSharedKeyForKey(key);
|
|
|
|
return this.encryptService.encrypt(commandDataString, sharedKey);
|
|
}
|
|
|
|
private async decryptResponsePayload(
|
|
payload: EncString,
|
|
key: string,
|
|
): Promise<DecryptedCommandData> {
|
|
const sharedKey = await this.getSharedKeyForKey(key);
|
|
const decrypted = await this.encryptService.decryptToUtf8(
|
|
payload,
|
|
sharedKey,
|
|
"native-messaging-session",
|
|
);
|
|
|
|
return JSON.parse(decrypted);
|
|
}
|
|
|
|
private async getSharedKeyForKey(key: string): Promise<SymmetricCryptoKey> {
|
|
const dataBuffer = Utils.fromB64ToArray(key);
|
|
const privKey = Utils.fromB64ToArray(config.testRsaPrivateKey);
|
|
|
|
return new SymmetricCryptoKey(
|
|
await this.nodeCryptoFunctionService.rsaDecrypt(dataBuffer, privKey, "sha1"),
|
|
);
|
|
}
|
|
}
|