mirror of
https://github.com/bitwarden/browser
synced 2026-03-01 02:51:24 +00:00
Merge remote-tracking branch 'origin/main' into rename-tsconfig
This commit is contained in:
4
apps/desktop/desktop_native/Cargo.lock
generated
4
apps/desktop/desktop_native/Cargo.lock
generated
@@ -498,9 +498,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
|
||||
|
||||
[[package]]
|
||||
name = "bytes"
|
||||
version = "1.9.0"
|
||||
version = "1.10.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "325918d6fe32f23b19878fe4b34794ae41fc19ddbe53b10571a4874d44ffd39b"
|
||||
checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a"
|
||||
|
||||
[[package]]
|
||||
name = "camino"
|
||||
|
||||
@@ -18,7 +18,7 @@ base64 = "=0.22.1"
|
||||
bindgen = "=0.71.1"
|
||||
bitwarden-russh = { git = "https://github.com/bitwarden/bitwarden-russh.git", rev = "3d48f140fd506412d186203238993163a8c4e536" }
|
||||
byteorder = "=1.5.0"
|
||||
bytes = "=1.9.0"
|
||||
bytes = "=1.10.1"
|
||||
cbc = "=0.1.2"
|
||||
core-foundation = "=0.10.0"
|
||||
dirs = "=6.0.0"
|
||||
|
||||
@@ -10,7 +10,7 @@ import { autostart } from "@bitwarden/desktop-napi";
|
||||
|
||||
import { Main } from "../main";
|
||||
import { DesktopSettingsService } from "../platform/services/desktop-settings.service";
|
||||
import { isFlatpak } from "../utils";
|
||||
import { isFlatpak, isLinux, isSnapStore } from "../utils";
|
||||
|
||||
import { MenuUpdateRequest } from "./menu/menu.updater";
|
||||
|
||||
@@ -26,8 +26,11 @@ export class MessagingMain {
|
||||
|
||||
async init() {
|
||||
this.scheduleNextSync();
|
||||
if (process.platform === "linux") {
|
||||
await this.desktopSettingsService.setOpenAtLogin(fs.existsSync(this.linuxStartupFile()));
|
||||
if (isLinux()) {
|
||||
// Flatpak and snap don't have access to or use the startup file. On flatpak, the autostart portal is used
|
||||
if (!isFlatpak() && !isSnapStore()) {
|
||||
await this.desktopSettingsService.setOpenAtLogin(fs.existsSync(this.linuxStartupFile()));
|
||||
}
|
||||
} else {
|
||||
const loginSettings = app.getLoginItemSettings();
|
||||
await this.desktopSettingsService.setOpenAtLogin(loginSettings.openAtLogin);
|
||||
|
||||
@@ -188,13 +188,10 @@ export class DuckDuckGoMessageHandlerService {
|
||||
}
|
||||
|
||||
try {
|
||||
let decryptedResult = await this.encryptService.decryptString(
|
||||
const decryptedResult = await this.decryptDuckDuckGoEncString(
|
||||
message.encryptedCommand as EncString,
|
||||
this.duckduckgoSharedSecret,
|
||||
);
|
||||
|
||||
decryptedResult = this.trimNullCharsFromMessage(decryptedResult);
|
||||
|
||||
return JSON.parse(decryptedResult);
|
||||
} catch {
|
||||
this.sendResponse({
|
||||
@@ -237,7 +234,46 @@ export class DuckDuckGoMessageHandlerService {
|
||||
ipc.platform.nativeMessaging.sendReply(response);
|
||||
}
|
||||
|
||||
// Trim all null bytes padded at the end of messages. This happens with C encryption libraries.
|
||||
/*
|
||||
* Bitwarden type 2 (AES256-CBC-HMAC256) uses PKCS7 padding.
|
||||
* DuckDuckGo does not use PKCS7 padding; and instead fills the last CBC block with null bytes.
|
||||
* ref: https://github.com/duckduckgo/apple-browsers/blob/04d678b447869c3a640714718a466b36407db8b6/macOS/DuckDuckGo/PasswordManager/Bitwarden/Services/BWEncryption.m#L141
|
||||
*
|
||||
* This is incompatible which means the default encryptService cannot be used to decrypt the message,
|
||||
* a custom EncString decrypt operation is needed.
|
||||
*
|
||||
* This function also trims null characters that are a result of the null-padding from the end of the message.
|
||||
*/
|
||||
private async decryptDuckDuckGoEncString(
|
||||
encString: EncString,
|
||||
key: SymmetricCryptoKey,
|
||||
): Promise<string> {
|
||||
const fastParams = this.cryptoFunctionService.aesDecryptFastParameters(
|
||||
encString.data,
|
||||
encString.iv,
|
||||
encString.mac,
|
||||
key,
|
||||
);
|
||||
|
||||
const computedMac = await this.cryptoFunctionService.hmacFast(
|
||||
fastParams.macData,
|
||||
fastParams.macKey,
|
||||
"sha256",
|
||||
);
|
||||
const macsEqual = await this.cryptoFunctionService.compareFast(fastParams.mac, computedMac);
|
||||
if (!macsEqual) {
|
||||
return null;
|
||||
}
|
||||
const decryptedPaddedString = await this.cryptoFunctionService.aesDecryptFast({
|
||||
mode: "cbc",
|
||||
parameters: fastParams,
|
||||
});
|
||||
return this.trimNullCharsFromMessage(decryptedPaddedString);
|
||||
}
|
||||
|
||||
// DuckDuckGo does not use PKCS7 padding, but instead leaves the values as null,
|
||||
// so null characters need to be trimmed from the end of the message for the last
|
||||
// CBC-block.
|
||||
private trimNullCharsFromMessage(message: string): string {
|
||||
const charNull = 0;
|
||||
const charRightCurlyBrace = 125;
|
||||
|
||||
Reference in New Issue
Block a user