Handshake request

apps/desktop/src/app/accounts/settings.component.html

@@ -317,6 +317,23 @@ <h2>
                 </div>
                 <small class="help-block">{{ "enableBrowserIntegrationDesc" | i18n }}</small>
               </div>
+              <div class="form-group" *ngIf="showDuckDuckGoIntegrationOption">
+                <div class="checkbox">
+                  <label for="enableDuckDuckGoBrowserIntegration">
+                    <input
+                      id="enableDuckDuckGoBrowserIntegration"
+                      type="checkbox"
+                      name="enableDuckDuckGoBrowserIntegration"
+                      [(ngModel)]="enableDuckDuckGoBrowserIntegration"
+                      (change)="saveDdgBrowserIntegration()"
+                    />
+                    {{ "enableDuckDuckGoBrowserIntegration" | i18n }}
+                  </label>
+                </div>
+                <small class="help-block">{{
+                  "enableDuckDuckGoBrowserIntegrationDesc" | i18n
+                }}</small>
+              </div>
               <div class="form-group">
                 <div class="checkbox">
                   <label for="enableBrowserIntegrationFingerprint">

apps/desktop/src/app/accounts/settings.component.ts

@@ -29,6 +29,7 @@ export class SettingsComponent implements OnInit {
   pin: boolean = null;
   enableFavicons = false;
   enableBrowserIntegration = false;
+  enableDuckDuckGoBrowserIntegration = false;
   enableBrowserIntegrationFingerprint = false;
   enableMinToTray = false;
   enableCloseToTray = false;
@@ -52,6 +53,7 @@ export class SettingsComponent implements OnInit {
   showAlwaysShowDock = false;
   openAtLogin: boolean;
   requireEnableTray = false;
+  showDuckDuckGoIntegrationOption = false;
 
   enableTrayText: string;
   enableTrayDescText: string;
@@ -103,6 +105,9 @@ export class SettingsComponent implements OnInit {
     this.startToTrayText = this.i18nService.t(startToTrayKey);
     this.startToTrayDescText = this.i18nService.t(startToTrayKey + "Desc");
 
+    // DuckDuckGo browser is only for macos initially
+    this.showDuckDuckGoIntegrationOption = isMac;
+
     this.vaultTimeouts = [
       // { name: i18nService.t('immediately'), value: 0 },
       { name: i18nService.t("oneMinute"), value: 1 },
@@ -188,6 +193,8 @@ export class SettingsComponent implements OnInit {
     // Account preferences
     this.enableFavicons = !(await this.stateService.getDisableFavicon());
     this.enableBrowserIntegration = await this.stateService.getEnableBrowserIntegration();
+    this.enableDuckDuckGoBrowserIntegration =
+      await this.stateService.getEnableDuckDuckGoBrowserIntegration();
     this.enableBrowserIntegrationFingerprint =
       await this.stateService.getEnableBrowserIntegrationFingerprint();
     this.clearClipboard = await this.stateService.getClearClipboard();
@@ -432,6 +439,17 @@ export class SettingsComponent implements OnInit {
     }
   }
 
+  async saveDdgBrowserIntegration() {
+    await this.stateService.setEnableDuckDuckGoBrowserIntegration(
+      this.enableDuckDuckGoBrowserIntegration
+    );
+    this.messagingService.send(
+      this.enableBrowserIntegration
+        ? "enableDuckDuckGoBrowserIntegration"
+        : "disableDuckDuckGoBrowserIntegration"
+    );
+  }
+
   async saveBrowserIntegrationFingerprint() {
     await this.stateService.setEnableBrowserIntegrationFingerprint(
       this.enableBrowserIntegrationFingerprint

apps/desktop/src/app/services/services.module.ts

@@ -42,6 +42,7 @@ import { ElectronRendererStorageService } from "@bitwarden/electron/services/ele
 
 import { Account } from "../../models/account";
 import { I18nService } from "../../services/i18n.service";
+import { NativeMessageHandler } from "../../services/nativeMessageHandler.service";
 import { NativeMessagingService } from "../../services/nativeMessaging.service";
 import { PasswordRepromptService } from "../../services/passwordReprompt.service";
 import { StateService } from "../../services/state.service";
@@ -147,6 +148,10 @@ const RELOAD_CALLBACK = new InjectionToken<() => any>("RELOAD_CALLBACK");
       provide: AbstractThemingService,
       useClass: DesktopThemingService,
     },
+    {
+      provide: NativeMessageHandler,
+      deps: [StateServiceAbstraction, CryptoServiceAbstraction, CryptoFunctionServiceAbstraction],
+    },
   ],
 })
 export class ServicesModule {}

apps/desktop/src/locales/en/messages.json

@@ -1570,6 +1570,12 @@
   "enableBrowserIntegrationDesc": {
     "message": "Used for biometrics in browser."
   },
+  "enableDuckDuckGoBrowserIntegration": {
+    "message": "Allow DuckDuckGo browser integration"
+  },
+  "enableDuckDuckGoBrowserIntegrationDesc": {
+    "message": "Use your Bitwarden vault when browsing with DuckDuckGo."
+  },
   "browserIntegrationUnsupportedTitle": {
     "message": "Browser integration not supported"
   },
@@ -1985,8 +1991,8 @@
   "organizationIsDisabled": {
     "message": "Organization is disabled."
   },
-  "disabledOrganizationFilterError" : {
-    "message" : "Items in disabled Organizations cannot be accessed. Contact your Organization owner for assistance."
+  "disabledOrganizationFilterError": {
+    "message": "Items in disabled Organizations cannot be accessed. Contact your Organization owner for assistance."
   },
   "neverLockWarning": {
     "message": "Are you sure you want to use the \"Never\" option? Setting your lock options to \"Never\" stores your vault's encryption key on your device. If you use this option you should ensure that you keep your device properly protected."

apps/desktop/src/main.ts

@@ -171,7 +171,10 @@ export class Main {
           await this.biometricMain.init();
         }
 
-        if (await this.stateService.getEnableBrowserIntegration()) {
+        if (
+          (await this.stateService.getEnableBrowserIntegration()) ||
+          this.stateService.getEnableDuckDuckGoBrowserIntegration()
+        ) {
           this.nativeMessagingMain.listen();
         }
 

apps/desktop/src/main/messaging.main.ts

@@ -68,10 +68,18 @@ export class MessagingMain {
         this.main.nativeMessagingMain.generateManifests();
         this.main.nativeMessagingMain.listen();
         break;
+      case "enableDuckDuckGoBrowserIntegration":
+        this.main.nativeMessagingMain.generateDdgManifests();
+        this.main.nativeMessagingMain.listen();
+        break;
       case "disableBrowserIntegration":
         this.main.nativeMessagingMain.removeManifests();
         this.main.nativeMessagingMain.stop();
         break;
+      case "disableDuckDuckGoBrowserIntegration":
+        this.main.nativeMessagingMain.removeDdgManifests();
+        this.main.nativeMessagingMain.stop();
+        break;
       default:
         break;
     }

apps/desktop/src/main/nativeMessaging.main.ts

@@ -163,6 +163,27 @@ export class NativeMessagingMain {
     }
   }
 
+  generateDdgManifests() {
+    const manifest = {
+      name: "com.8bit.bitwarden",
+      description: "Bitwarden desktop <-> DuckDuckGo bridge",
+      path: this.binaryPath(),
+      type: "stdio",
+    };
+    switch (process.platform) {
+      case "darwin": {
+        /* eslint-disable-next-line no-useless-escape */
+        const path = `${this.homedir()}/Library/Containers/com.duckduckgo.macos.browser/Data/Library/Application\ Support/NativeMessagingHosts/com.8bit.bitwarden.json`;
+        this.writeManifest(path, manifest).catch((e) =>
+          this.logService.error(`Error writing manifest for DuckDuckGo. ${e}`)
+        );
+        break;
+      }
+      default:
+        break;
+    }
+  }
+
   removeManifests() {
     switch (process.platform) {
       case "win32":
@@ -217,6 +238,21 @@ export class NativeMessagingMain {
     }
   }
 
+  removeDdgManifests() {
+    switch (process.platform) {
+      case "darwin": {
+        /* eslint-disable-next-line no-useless-escape */
+        const path = `${this.homedir()}/Library/Containers/com.duckduckgo.macos.browser/Data/Library/Application\ Support/NativeMessagingHosts/com.8bit.bitwarden.json`;
+        if (existsSync(path)) {
+          fs.unlink(path);
+        }
+        break;
+      }
+      default:
+        break;
+    }
+  }
+
   private getDarwinNMHS() {
     /* eslint-disable no-useless-escape */
     return {

apps/desktop/src/services/nativeMessageHandler.service.ts

@@ -0,0 +1,130 @@
+import { Injectable } from "@angular/core";
+import { ipcRenderer } from "electron";
+
+import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";
+import { CryptoFunctionService } from "@bitwarden/common/abstractions/cryptoFunction.service";
+import { Utils } from "@bitwarden/common/misc/utils";
+import { EncString } from "@bitwarden/common/models/domain/encString";
+import { SymmetricCryptoKey } from "@bitwarden/common/models/domain/symmetricCryptoKey";
+import { StateService } from "@bitwarden/common/services/state.service";
+
+export type LegacyMessage = {
+  command: string;
+
+  userId?: string;
+  timestamp?: number;
+
+  publicKey?: string;
+};
+
+export type LegacyOuterMessage = {
+  message: LegacyMessage | EncString;
+  appId: string;
+};
+
+type DecryptedCommand = "bw-handshake";
+
+// TODO
+// type EncryptedCommand =
+//   | "bw-status"
+//   | "bw-credential-retrieval"
+//   | "bw-credential-create"
+//   | "bw-credential-update"
+//   | "bw-generate-password";
+
+// type EncryptedCommandData = {
+//   command: EncryptedCommand;
+//   payload: string;
+// };
+
+export type OuterMessageCommon = {
+  version: number;
+  messageId: string;
+};
+
+export type DecryptedOuterMessage = OuterMessageCommon & {
+  command: DecryptedCommand;
+  payload: {
+    publicKey: string;
+  };
+};
+
+export type EncryptedOuterMessage = OuterMessageCommon & {
+  encryptedCommand: string;
+};
+
+export type OuterMessage = DecryptedOuterMessage | EncryptedOuterMessage;
+
+const EncryptionAlgorithm = "sha1";
+
+@Injectable()
+export class NativeMessageHandler {
+  private ddgSharedSecret: SymmetricCryptoKey;
+
+  constructor(
+    private stateService: StateService,
+    private cryptoService: CryptoService,
+    private cryptoFunctionService: CryptoFunctionService
+  ) {}
+
+  async handleMessage(message: OuterMessage) {
+    const decryptedCommand = message as DecryptedOuterMessage;
+    if (decryptedCommand.command === "bw-handshake") {
+      await this.handleDecryptedMessage(decryptedCommand);
+    } else {
+      await this.handleEncryptedMessage(message as EncryptedOuterMessage);
+    }
+  }
+
+  private async handleDecryptedMessage(message: DecryptedOuterMessage) {
+    const { messageId, payload } = message;
+    const { publicKey } = payload;
+    if (!publicKey) {
+      ipcRenderer.send("nativeMessagingReply", {
+        status: "canceled",
+      });
+      return;
+    }
+
+    const remotePublicKey = Utils.fromB64ToArray(publicKey).buffer;
+
+    if (await this.stateService.getEnableDuckDuckGoBrowserIntegration()) {
+      const secret = await this.cryptoFunctionService.randomBytes(64);
+      this.ddgSharedSecret = new SymmetricCryptoKey(secret);
+      const encryptedSecret = await this.cryptoFunctionService.rsaEncrypt(
+        secret,
+        remotePublicKey,
+        EncryptionAlgorithm
+      );
+      await this.stateService.setDuckDuckGoSharedKey(Utils.fromBufferToB64(encryptedSecret));
+
+      ipcRenderer.send("nativeMessagingReply", {
+        messageId: messageId,
+        version: 1,
+        payload: {
+          status: "success",
+          sharedKey: Utils.fromBufferToB64(encryptedSecret),
+        },
+      });
+
+      return;
+    } else {
+      ipcRenderer.send("nativeMessagingReply", {
+        status: "canceled",
+      });
+    }
+  }
+
+  //TODO's for future messages
+  private async handleEncryptedMessage(message: EncryptedOuterMessage) {
+    //await this.decryptPayload(message.encryptedCommand);
+  }
+
+  private async encyptPayload(payload: any, key: SymmetricCryptoKey): Promise<EncString> {
+    return await this.cryptoService.encrypt(JSON.stringify(payload), key);
+  }
+
+  private async decryptPayload(payload: EncString) {
+    return await this.cryptoService.decryptToUtf8(payload, this.ddgSharedSecret);
+  }
+}