[PS-2365] Kdf Configuration Options for Argon2 (#4578)

* Implement argon2 config * Remove argon2 webassembly warning * Replace magic numbers by enum * Implement kdf configuration * Update UI according to design feedback * Further updates to follow design feedback * Add oxford comma in argon2 description * Fix typos in argon2 descriptions * move key creation into promise with API call * change casing on PBKDF2 * general improvements * kdf config on set pin component * SHA-256 hash argon2 salt * Change argon2 defaults * Change argon2 salt hash to cryptoFunctionService * Fix isLowKdfIteration check --------- Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com> Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
2025-12-23 11:43:46 +00:00 · 2023-01-30 15:07:51 +01:00
parent b1a1068906
commit 01091fe260
35 changed files with 329 additions and 143 deletions
--- a/libs/common/src/services/export.service.ts
+++ b/libs/common/src/services/export.service.ts
@@ -17,6 +17,7 @@ import { CollectionData } from "../models/data/collection.data";
 import { Cipher } from "../models/domain/cipher";
 import { Collection } from "../models/domain/collection";
 import { Folder } from "../models/domain/folder";
+import { KdfConfig } from "../models/domain/kdf-config";
 import { CipherWithIdExport as CipherExport } from "../models/export/cipher-with-ids.export";
 import { CollectionWithIdExport as CollectionExport } from "../models/export/collection-with-id.export";
 import { EventExport } from "../models/export/event.export";
@@ -54,12 +55,12 @@ export class ExportService implements ExportServiceAbstraction {
      : await this.getExport("json");

    const salt = Utils.fromBufferToB64(await this.cryptoFunctionService.randomBytes(16));
-    const kdfIterations = DEFAULT_PBKDF2_ITERATIONS;
+    const kdfConfig = new KdfConfig(DEFAULT_PBKDF2_ITERATIONS);
    const key = await this.cryptoService.makePinKey(
      password,
      salt,
      KdfType.PBKDF2_SHA256,
-      kdfIterations
+      kdfConfig
    );

    const encKeyValidation = await this.cryptoService.encrypt(Utils.newGuid(), key);
@@ -69,7 +70,7 @@ export class ExportService implements ExportServiceAbstraction {
      encrypted: true,
      passwordProtected: true,
      salt: salt,
-      kdfIterations: kdfIterations,
+      kdfIterations: kdfConfig.iterations,
      kdfType: KdfType.PBKDF2_SHA256,
      encKeyValidation_DO_NOT_EDIT: encKeyValidation.encryptedString,
      data: encText.encryptedString,