Second draft

This commit is contained in:
varjolintu 2023-04-24 17:26:31 +03:00
parent 8639ab2288
commit 98bc2be845
4 changed files with 24 additions and 13 deletions

View file

@ -13,7 +13,7 @@ keepass.currentKeePassXC = '';
keepass.requiredKeePassXC = '2.3.1';
keepass.latestVersionUrl = 'https://api.github.com/repos/keepassxreboot/keepassxc/releases/latest';
keepass.cacheTimeout = 30 * 1000; // Milliseconds
keepass.databaseHash = '';
keepass.databaseHash = ''; // Hash of the active database
keepass.previousDatabaseHash = '';
keepass.reconnectLoop = null;
keepass.protocolV2 = false;

View file

@ -26,7 +26,7 @@ keepassProtocol.associate = async function(tab) {
keepass.clearErrorMessage(tab);
const kpAction = kpActions.ASSOCIATE;
const key = nacl.util.encodeBase64(keepass.keyPair.publicKey);
const key = protocolClient.getPublicConnectionKey();
const nonce = protocolClient.getNonce();
const idKeyPair = nacl.box.keyPair();
const idKey = nacl.util.encodeBase64(idKeyPair.publicKey);
@ -105,9 +105,9 @@ keepassProtocol.changePublicKeys = async function(tab, enableTimeout = false, co
}
const kpAction = kpActions.CHANGE_PUBLIC_KEYS;
const key = nacl.util.encodeBase64(keepass.keyPair.publicKey);
const key = protocolClient.getPublicConnectionKey();
const [ nonce, incrementedNonce ] = protocolClient.getNonces();
keepass.clientID = nacl.util.encodeBase64(nacl.randomBytes(protocolClient.keySize));
keepass.clientID = protocolClient.generateClientId();
const request = {
action: kpAction,

View file

@ -15,7 +15,7 @@ protocol.associate = async function(tab, args = []) {
keepass.clearErrorMessage(tab);
const kpAction = kpActions.ASSOCIATE;
const key = nacl.util.encodeBase64(keepass.keyPair.publicKey);
const key = protocolClient.getPublicConnectionKey();
const idKeyPair = nacl.box.keyPair();
const idKey = nacl.util.encodeBase64(idKeyPair.publicKey);
@ -42,6 +42,7 @@ protocol.associate = async function(tab, args = []) {
return AssociatedAction.NOT_ASSOCIATED;
};
// Unencrypted
protocol.changePublicKeys = async function(tab, enableTimeout = false, connectionTimeout) {
if (!keepass.isConnected) {
keepass.handleError(tab, kpErrors.TIMEOUT_OR_NOT_CONNECTED);
@ -49,16 +50,16 @@ protocol.changePublicKeys = async function(tab, enableTimeout = false, connectio
}
const kpAction = kpActions.CHANGE_PUBLIC_KEYS;
const key = nacl.util.encodeBase64(keepass.keyPair.publicKey);
const [ nonce, incrementedNonce ] = keepassClient.getNonces();
keepass.clientID = nacl.util.encodeBase64(nacl.randomBytes(keepassClient.keySize));
const key = protocolClient.getPublicConnectionKey();
const [ nonce, incrementedNonce ] = protocolClient.getNonces();
keepass.clientID = protocolClient.generateClientId();
const request = {
action: kpAction,
publicKey: key,
nonce: nonce,
clientID: keepass.clientID,
requestID: keepassClient.getRequestId()
requestID: protocolClient.getRequestId()
};
try {
@ -143,7 +144,7 @@ protocol.generatePassword = async function(tab, args = []) {
const messageData = {
action: kpAction,
clientID: keepass.clientID,
requestID: keepassClient.getRequestId() // Needed?
requestID: protocolClient.getRequestId() // Needed?
};
try {

View file

@ -88,7 +88,8 @@ protocolClient.sendNativeMessage = function(requestAction, request, enableTimeou
protocolClient.sendMessage = async function(kpAction, tab, messageData, enableTimeout = false, triggerUnlock = false) {
const nonce = protocolClient.getNonce();
const request = protocolClient.buildRequest(protocolClient.encrypt(messageData, nonce), nonce, keepass.clientID, triggerUnlock);
const encryptedMessage = protocolClient.encrypt(messageData, nonce);
const request = protocolClient.buildRequest(encryptedMessage, nonce, keepass.clientID, triggerUnlock);
const response = await protocolClient.sendNativeMessage(kpAction, request, enableTimeout);
const incrementedNonce = keepassClient.incrementedNonce(nonce);
@ -110,6 +111,7 @@ protocolClient.buildRequest = function(encryptedMessage, nonce, clientID, trigge
return request;
};
// Verifies nonces, decrypts and parses the response
protocolClient.handleResponse = function(response, incrementedNonce, tab) {
if (response.message && protocolClient.verifyNonce(response, incrementedNonce)) {
const res = keepassClient.decrypt(response.message, response.nonce);
@ -130,7 +132,7 @@ protocolClient.handleResponse = function(response, incrementedNonce, tab) {
protocolClient.verifyNonce = function(response, nonce) {
if (!response.nonce) {
logError('No nonce in reponse');
logError('No nonce in response');
return false;
}
@ -190,6 +192,14 @@ protocolClient.generateNewKeyPair = function() {
keepass.keyPair = nacl.box.keyPair();
};
protocolClient.getPublicConnectionKey = function() {
return nacl.util.encodeBase64(keepass.keyPair.publicKey);
};
protocolClient.generateClientId = function() {
return nacl.util.encodeBase64(nacl.randomBytes(keepassClient.keySize));
};
//--------------------------------------------------------------------------
// Encrypt/Decrypt
//--------------------------------------------------------------------------
@ -245,7 +255,7 @@ function onDisconnected() {
keepass.databaseHash = '';
page.clearAllLogins();
keepass.updatePopup('cross');
keepass.updatePopup();
keepass.updateDatabaseHashToContent();
logError(`Failed to connect: ${(browser.runtime.lastError === null ? 'Unknown error' : browser.runtime.lastError.message)}`);
}