Merge pull request #1426 from Hinton/feature/desktop-bridge

Browser <-> desktop communication

src/background/contextMenus.background.ts

@@ -55,8 +55,8 @@ export default class ContextMenusBackground {
     private async cipherAction(info: any) {
         const id = info.menuItemId.split('_')[1];
         if (id === 'noop') {
-            if (chrome.browserAction && chrome.browserAction.openPopup) {
-                chrome.browserAction.openPopup();
+            if (chrome.browserAction && (chrome.browserAction as any).openPopup) {
+                (chrome.browserAction as any).openPopup();
             }
             return;
         }

src/background/main.background.ts

@@ -71,6 +71,7 @@ import { SafariApp } from '../browser/safariApp';
 import CommandsBackground from './commands.background';
 import ContextMenusBackground from './contextMenus.background';
 import IdleBackground from './idle.background';
+import { NativeMessagingBackground } from './nativeMessaging.background';
 import RuntimeBackground from './runtime.background';
 import TabsBackground from './tabs.background';
 import WebRequestBackground from './webRequest.background';
@@ -140,6 +141,7 @@ export default class MainBackground {
     private menuOptionsLoaded: any[] = [];
     private syncTimeout: any;
     private isSafari: boolean;
+    private nativeMessagingBackground: NativeMessagingBackground;
 
     constructor() {
         // Services
@@ -149,6 +151,19 @@ export default class MainBackground {
                 if (this.systemService != null) {
                     this.systemService.clearClipboard(clipboardValue, clearMs);
                 }
+            },
+            async () => {
+                if (this.nativeMessagingBackground != null) {
+                    const promise = this.nativeMessagingBackground.getResponse();
+                    
+                    try {
+                        await this.nativeMessagingBackground.send({command: 'biometricUnlock'});
+                    } catch (e) {
+                        return Promise.reject(e);
+                    }
+
+                    return promise.then((result) => result.response === 'unlocked');
+                }
             });
         this.storageService = new BrowserStorageService(this.platformUtilsService);
         this.secureStorageService = new BrowserStorageService(this.platformUtilsService);
@@ -229,6 +244,8 @@ export default class MainBackground {
             this.platformUtilsService as BrowserPlatformUtilsService, this.storageService, this.i18nService,
             this.analytics, this.notificationsService, this.systemService, this.vaultTimeoutService,
             this.environmentService);
+        this.nativeMessagingBackground = new NativeMessagingBackground(this.storageService, this.cryptoService, this.cryptoFunctionService,
+            this.vaultTimeoutService, this.runtimeBackground, this.i18nService, this.userService, this.messagingService);
         this.commandsBackground = new CommandsBackground(this, this.passwordGenerationService,
             this.platformUtilsService, this.analytics, this.vaultTimeoutService);
 

src/background/nativeMessaging.background.ts

@@ -0,0 +1,198 @@
+import { ConstantsService } from 'jslib/services/constants.service';
+import { CryptoFunctionService } from 'jslib/abstractions/cryptoFunction.service';
+import { CryptoService } from 'jslib/abstractions/crypto.service';
+import { I18nService } from 'jslib/abstractions/i18n.service';
+import { MessagingService } from 'jslib/abstractions/messaging.service';
+import { StorageService } from 'jslib/abstractions/storage.service';
+import { UserService } from 'jslib/abstractions/user.service';
+import { VaultTimeoutService } from 'jslib/abstractions/vaultTimeout.service';
+
+import { Utils } from 'jslib/misc/utils';
+import { SymmetricCryptoKey } from 'jslib/models/domain';
+
+import { BrowserApi } from '../browser/browserApi';
+import RuntimeBackground from './runtime.background';
+
+const MessageValidTimeout = 10 * 1000;
+const EncryptionAlgorithm = 'sha1';
+
+export class NativeMessagingBackground {
+    private connected = false;
+    private connecting: boolean;
+    private port: browser.runtime.Port | chrome.runtime.Port;
+
+    private resolver: any = null;
+    private privateKey: ArrayBuffer = null;
+    private secureSetupResolve: any = null;
+    private sharedSecret: SymmetricCryptoKey;
+
+    constructor(private storageService: StorageService, private cryptoService: CryptoService,
+        private cryptoFunctionService: CryptoFunctionService, private vaultTimeoutService: VaultTimeoutService,
+        private runtimeBackground: RuntimeBackground, private i18nService: I18nService, private userService: UserService,
+        private messagingService: MessagingService) {}
+
+    async connect() {
+        return new Promise((resolve, reject) => {
+            this.port = BrowserApi.connectNative('com.8bit.bitwarden');
+
+            this.connecting = true;
+
+            this.port.onMessage.addListener(async (message: any) => {
+                switch (message.command) {
+                    case 'connected':
+                        this.connected = true;
+                        this.connecting = false;
+                        resolve();
+                        break;
+                    case 'disconnected':
+                        if (this.connecting) {
+                            this.messagingService.send('showDialog', {
+                                text: this.i18nService.t('startDesktopDesc'),
+                                title: this.i18nService.t('startDesktopTitle'),
+                                confirmText: this.i18nService.t('ok'),
+                                type: 'error',
+                            });
+                            reject();
+                        }
+                        this.connected = false;
+                        this.port.disconnect();
+                        break;
+                    case 'setupEncryption':
+                        const encrypted = Utils.fromB64ToArray(message.sharedSecret);
+                        const decrypted = await this.cryptoFunctionService.rsaDecrypt(encrypted.buffer, this.privateKey, EncryptionAlgorithm);
+
+                        this.sharedSecret = new SymmetricCryptoKey(decrypted);
+                        this.secureSetupResolve();
+                        break;
+                    case 'invalidateEncryption':
+                        this.sharedSecret = null;
+                        this.privateKey = null;
+                        this.connected = false;
+
+                        this.messagingService.send('showDialog', {
+                            text: this.i18nService.t('nativeMessagingInvalidEncryptionDesc'),
+                            title: this.i18nService.t('nativeMessagingInvalidEncryptionTitle'),
+                            confirmText: this.i18nService.t('ok'),
+                            type: 'error',
+                        });
+                    default:
+                        this.onMessage(message);
+                }
+            });
+
+            this.port.onDisconnect.addListener((p: any) => {
+                let error;
+                if (BrowserApi.isWebExtensionsApi) {
+                    error = p.error.message;
+                } else {
+                    error = chrome.runtime.lastError.message;
+                }
+
+                if (error === 'Specified native messaging host not found.' ||
+                    error === 'Access to the specified native messaging host is forbidden.' ||
+                    error === 'An unexpected error occurred') {
+                    this.messagingService.send('showDialog', {
+                        text: this.i18nService.t('desktopIntegrationDisabledDesc'),
+                        title: this.i18nService.t('desktopIntegrationDisabledTitle'),
+                        confirmText: this.i18nService.t('ok'),
+                        type: 'error',
+                    });
+                }
+                this.sharedSecret = null;
+                this.privateKey = null;
+                this.connected = false;
+                reject();
+            });
+        });
+    }
+
+    async send(message: any) {
+        if (!this.connected) {
+            await this.connect();
+        }
+
+        if (this.sharedSecret == null) {
+            await this.secureCommunication();
+        }
+
+        message.timestamp = Date.now();
+
+        const encrypted = await this.cryptoService.encrypt(JSON.stringify(message), this.sharedSecret);
+        this.port.postMessage(encrypted);
+    }
+
+    getResponse(): Promise<any> {
+        return new Promise((resolve, reject) => {
+            this.resolver = resolve;
+        });
+    }
+
+    private async onMessage(rawMessage: any) {
+        const message = JSON.parse(await this.cryptoService.decryptToUtf8(rawMessage, this.sharedSecret));
+
+        if (Math.abs(message.timestamp - Date.now()) > MessageValidTimeout) {
+            // tslint:disable-next-line
+            console.error('NativeMessage is to old, ignoring.');
+            return;
+        }
+
+        switch (message.command) {
+            case 'biometricUnlock':
+                await this.storageService.remove(ConstantsService.biometricAwaitingAcceptance);
+
+                const enabled = await this.storageService.get(ConstantsService.biometricUnlockKey);
+                if (enabled === null || enabled === false) {
+                    if (message.response === 'unlocked') {
+                        await this.storageService.save(ConstantsService.biometricUnlockKey, true);
+                    }
+                    break;
+                }
+
+                // Ignore unlock if already unlockeded
+                if (!this.vaultTimeoutService.biometricLocked) {
+                    break;
+                }
+
+                if (message.response === 'unlocked') {
+                    this.cryptoService.setKey(new SymmetricCryptoKey(Utils.fromB64ToArray(message.keyB64).buffer));
+                    this.vaultTimeoutService.biometricLocked = false;
+                    this.runtimeBackground.processMessage({command: 'unlocked'}, null, null);
+                }
+                break;
+            default:
+                // tslint:disable-next-line
+                console.error('NativeMessage, got unknown command: ', message.command);
+        }
+
+        if (this.resolver) {
+            this.resolver(message);
+        }
+    }
+
+    private async secureCommunication() {
+        const [publicKey, privateKey] = await this.cryptoFunctionService.rsaGenerateKeyPair(2048);
+        this.privateKey = privateKey;
+
+        this.sendUnencrypted({command: 'setupEncryption', publicKey: Utils.fromBufferToB64(publicKey)});
+        const fingerprint = (await this.cryptoService.getFingerprint(await this.userService.getUserId(), publicKey)).join(' ');
+
+        this.messagingService.send('showDialog', {
+            html: `${this.i18nService.t('desktopIntegrationVerificationText')}<br><br><strong>${fingerprint}</strong>`,
+            title: this.i18nService.t('desktopSyncVerificationTitle'),
+            confirmText: this.i18nService.t('ok'),
+            type: 'warning',
+        });
+
+        return new Promise((resolve, reject) => this.secureSetupResolve = resolve);
+    }
+
+    private async sendUnencrypted(message: any) {
+        if (!this.connected) {
+            await this.connect();
+        }
+
+        message.timestamp = Date.now();
+
+        this.port.postMessage(message);
+    }
+}

src/background/runtime.background.ts

@@ -22,6 +22,7 @@ import { VaultTimeoutService } from 'jslib/abstractions/vaultTimeout.service';
 import { BrowserApi } from '../browser/browserApi';
 
 import MainBackground from './main.background';
+import { NativeMessagingBackground } from './nativeMessaging.background';
 
 import { Analytics } from 'jslib/misc';
 import { Utils } from 'jslib/misc/utils';