diff --git a/keepassxc-browser/background/keepass.js b/keepassxc-browser/background/keepass.js index a24833d..d608d87 100755 --- a/keepassxc-browser/background/keepass.js +++ b/keepassxc-browser/background/keepass.js @@ -13,7 +13,7 @@ keepass.currentKeePassXC = ''; keepass.requiredKeePassXC = '2.3.1'; keepass.latestVersionUrl = 'https://api.github.com/repos/keepassxreboot/keepassxc/releases/latest'; keepass.cacheTimeout = 30 * 1000; // Milliseconds -keepass.databaseHash = ''; +keepass.databaseHash = ''; // Hash of the active database keepass.previousDatabaseHash = ''; keepass.reconnectLoop = null; keepass.protocolV2 = false; diff --git a/keepassxc-browser/background/legacyProtocol.js b/keepassxc-browser/background/legacyProtocol.js index 568188a..37a5471 100644 --- a/keepassxc-browser/background/legacyProtocol.js +++ b/keepassxc-browser/background/legacyProtocol.js @@ -26,7 +26,7 @@ keepassProtocol.associate = async function(tab) { keepass.clearErrorMessage(tab); const kpAction = kpActions.ASSOCIATE; - const key = nacl.util.encodeBase64(keepass.keyPair.publicKey); + const key = protocolClient.getPublicConnectionKey(); const nonce = protocolClient.getNonce(); const idKeyPair = nacl.box.keyPair(); const idKey = nacl.util.encodeBase64(idKeyPair.publicKey); @@ -105,9 +105,9 @@ keepassProtocol.changePublicKeys = async function(tab, enableTimeout = false, co } const kpAction = kpActions.CHANGE_PUBLIC_KEYS; - const key = nacl.util.encodeBase64(keepass.keyPair.publicKey); + const key = protocolClient.getPublicConnectionKey(); const [ nonce, incrementedNonce ] = protocolClient.getNonces(); - keepass.clientID = nacl.util.encodeBase64(nacl.randomBytes(protocolClient.keySize)); + keepass.clientID = protocolClient.generateClientId(); const request = { action: kpAction, diff --git a/keepassxc-browser/background/protocol.js b/keepassxc-browser/background/protocol.js index 21608ea..7449d31 100644 --- a/keepassxc-browser/background/protocol.js +++ b/keepassxc-browser/background/protocol.js @@ -15,7 +15,7 @@ protocol.associate = async function(tab, args = []) { keepass.clearErrorMessage(tab); const kpAction = kpActions.ASSOCIATE; - const key = nacl.util.encodeBase64(keepass.keyPair.publicKey); + const key = protocolClient.getPublicConnectionKey(); const idKeyPair = nacl.box.keyPair(); const idKey = nacl.util.encodeBase64(idKeyPair.publicKey); @@ -42,6 +42,7 @@ protocol.associate = async function(tab, args = []) { return AssociatedAction.NOT_ASSOCIATED; }; +// Unencrypted protocol.changePublicKeys = async function(tab, enableTimeout = false, connectionTimeout) { if (!keepass.isConnected) { keepass.handleError(tab, kpErrors.TIMEOUT_OR_NOT_CONNECTED); @@ -49,16 +50,16 @@ protocol.changePublicKeys = async function(tab, enableTimeout = false, connectio } const kpAction = kpActions.CHANGE_PUBLIC_KEYS; - const key = nacl.util.encodeBase64(keepass.keyPair.publicKey); - const [ nonce, incrementedNonce ] = keepassClient.getNonces(); - keepass.clientID = nacl.util.encodeBase64(nacl.randomBytes(keepassClient.keySize)); + const key = protocolClient.getPublicConnectionKey(); + const [ nonce, incrementedNonce ] = protocolClient.getNonces(); + keepass.clientID = protocolClient.generateClientId(); const request = { action: kpAction, publicKey: key, nonce: nonce, clientID: keepass.clientID, - requestID: keepassClient.getRequestId() + requestID: protocolClient.getRequestId() }; try { @@ -143,7 +144,7 @@ protocol.generatePassword = async function(tab, args = []) { const messageData = { action: kpAction, clientID: keepass.clientID, - requestID: keepassClient.getRequestId() // Needed? + requestID: protocolClient.getRequestId() // Needed? }; try { diff --git a/keepassxc-browser/background/protocolClient.js b/keepassxc-browser/background/protocolClient.js index dda60b9..46c6bec 100644 --- a/keepassxc-browser/background/protocolClient.js +++ b/keepassxc-browser/background/protocolClient.js @@ -88,7 +88,8 @@ protocolClient.sendNativeMessage = function(requestAction, request, enableTimeou protocolClient.sendMessage = async function(kpAction, tab, messageData, enableTimeout = false, triggerUnlock = false) { const nonce = protocolClient.getNonce(); - const request = protocolClient.buildRequest(protocolClient.encrypt(messageData, nonce), nonce, keepass.clientID, triggerUnlock); + const encryptedMessage = protocolClient.encrypt(messageData, nonce); + const request = protocolClient.buildRequest(encryptedMessage, nonce, keepass.clientID, triggerUnlock); const response = await protocolClient.sendNativeMessage(kpAction, request, enableTimeout); const incrementedNonce = keepassClient.incrementedNonce(nonce); @@ -110,6 +111,7 @@ protocolClient.buildRequest = function(encryptedMessage, nonce, clientID, trigge return request; }; +// Verifies nonces, decrypts and parses the response protocolClient.handleResponse = function(response, incrementedNonce, tab) { if (response.message && protocolClient.verifyNonce(response, incrementedNonce)) { const res = keepassClient.decrypt(response.message, response.nonce); @@ -130,7 +132,7 @@ protocolClient.handleResponse = function(response, incrementedNonce, tab) { protocolClient.verifyNonce = function(response, nonce) { if (!response.nonce) { - logError('No nonce in reponse'); + logError('No nonce in response'); return false; } @@ -190,6 +192,14 @@ protocolClient.generateNewKeyPair = function() { keepass.keyPair = nacl.box.keyPair(); }; +protocolClient.getPublicConnectionKey = function() { + return nacl.util.encodeBase64(keepass.keyPair.publicKey); +}; + +protocolClient.generateClientId = function() { + return nacl.util.encodeBase64(nacl.randomBytes(keepassClient.keySize)); +}; + //-------------------------------------------------------------------------- // Encrypt/Decrypt //-------------------------------------------------------------------------- @@ -245,7 +255,7 @@ function onDisconnected() { keepass.databaseHash = ''; page.clearAllLogins(); - keepass.updatePopup('cross'); + keepass.updatePopup(); keepass.updateDatabaseHashToContent(); logError(`Failed to connect: ${(browser.runtime.lastError === null ? 'Unknown error' : browser.runtime.lastError.message)}`); }