[PM-22271] Switch to SDK argon2 implementation, and drop other impls (#15401)

* Switch to SDK argon2 implementation

* Cleanup and update to the latest sdk

* Update package lock

* Remove copy patch

* Fix builds

* Fix test build

* Remove error

* Fix tests

* Fix build

* Run prettier

* Remove argon2 references

* Regenerate index.d.ts for desktop_native napi

* Replace mocked crypto function service type

apps/desktop/desktop_native/Cargo.lock

@@ -135,19 +135,6 @@ dependencies = [
  "x11rb",
 ]
 
-[[package]]
-name = "argon2"
-version = "0.5.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3c3610892ee6e0cbce8ae2700349fcf8f98adb0dbfbee85aec3c9179d29cc072"
-dependencies = [
- "base64ct",
- "blake2",
- "cpufeatures",
- "password-hash",
- "zeroize",
-]
-
 [[package]]
 name = "ashpd"
 version = "0.11.0"
@@ -452,15 +439,6 @@ dependencies = [
  "tokio-util",
 ]
 
-[[package]]
-name = "blake2"
-version = "0.10.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe"
-dependencies = [
- "digest",
-]
-
 [[package]]
 name = "block-buffer"
 version = "0.10.4"
@@ -887,7 +865,6 @@ dependencies = [
  "aes",
  "anyhow",
  "arboard",
- "argon2",
  "ashpd",
  "base64",
  "bitwarden-russh",
@@ -2264,17 +2241,6 @@ dependencies = [
  "windows-targets 0.52.6",
 ]
 
-[[package]]
-name = "password-hash"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "346f04948ba92c43e8469c1ee6736c7563d71012b17d40745260fe106aac2166"
-dependencies = [
- "base64ct",
- "rand_core 0.6.4",
- "subtle",
-]
-
 [[package]]
 name = "paste"
 version = "1.0.15"

apps/desktop/desktop_native/Cargo.toml

@@ -12,7 +12,6 @@ publish = false
 aes = "=0.8.4"
 anyhow = "=1.0.94"
 arboard = { version = "=3.6.0", default-features = false }
-argon2 = "=0.5.3"
 ashpd = "=0.11.0"
 base64 = "=0.22.1"
 bindgen = "=0.72.0"

apps/desktop/desktop_native/core/Cargo.toml

@@ -23,7 +23,6 @@ anyhow = { workspace = true }
 arboard = { workspace = true, features = [
     "wayland-data-control",
 ] }
-argon2 = { workspace = true, features = ["zeroize"] }
 base64 = { workspace = true }
 byteorder = { workspace = true }
 cbc = { workspace = true, features = ["alloc"] }

apps/desktop/desktop_native/core/src/crypto/crypto.rs

@@ -5,7 +5,7 @@ use aes::cipher::{
     BlockEncryptMut, KeyIvInit,
 };
 
-use crate::error::{CryptoError, KdfParamError, Result};
+use crate::error::{CryptoError, Result};
 
 use super::CipherString;
 
@@ -33,53 +33,3 @@ pub fn encrypt_aes256(
 
     Ok(CipherString::AesCbc256_B64 { iv, data })
 }
-
-pub fn argon2(
-    secret: &[u8],
-    salt: &[u8],
-    iterations: u32,
-    memory: u32,
-    parallelism: u32,
-) -> Result<[u8; 32]> {
-    use argon2::*;
-
-    let params = Params::new(memory, iterations, parallelism, Some(32)).map_err(|e| {
-        KdfParamError::InvalidParams(format!("Argon2 parameters are invalid: {e}",))
-    })?;
-    let argon = Argon2::new(Algorithm::Argon2id, Version::V0x13, params);
-
-    let mut hash = [0u8; 32];
-    argon
-        .hash_password_into(secret, salt, &mut hash)
-        .map_err(|e| KdfParamError::InvalidParams(format!("Argon2 hashing failed: {e}",)))?;
-
-    // Argon2 is using some stack memory that is not zeroed. Eventually some function will
-    // overwrite the stack, but we use this trick to force the used stack to be zeroed.
-    #[inline(never)]
-    fn clear_stack() {
-        std::hint::black_box([0u8; 4096]);
-    }
-    clear_stack();
-    Ok(hash)
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    #[test]
-    fn test_argon2() {
-        let test_hash: [u8; 32] = [
-            112, 200, 85, 209, 100, 4, 246, 146, 117, 180, 152, 44, 103, 198, 75, 14, 166, 77, 201,
-            22, 62, 178, 87, 224, 95, 209, 253, 68, 166, 209, 47, 218,
-        ];
-        let secret = b"supersecurepassword";
-        let salt = b"mail@example.com";
-        let iterations = 3;
-        let memory = 1024 * 64;
-        let parallelism = 4;
-
-        let hash = argon2(secret, salt, iterations, memory, parallelism).unwrap();
-        assert_eq!(hash, test_hash,);
-    }
-}

apps/desktop/desktop_native/core/src/error.rs

@@ -9,8 +9,6 @@ pub enum Error {
 
     #[error("Cryptography Error, {0}")]
     Crypto(#[from] CryptoError),
-    #[error("KDF Parameter Error, {0}")]
-    KdfParam(#[from] KdfParamError),
 }
 
 #[derive(Debug, Error)]

apps/desktop/desktop_native/napi/index.d.ts

@@ -195,9 +195,6 @@ export declare namespace autofill {
     completeError(clientId: number, sequenceNumber: number, error: string): number
   }
 }
-export declare namespace crypto {
-  export function argon2(secret: Buffer, salt: Buffer, iterations: number, memory: number, parallelism: number): Promise<Buffer>
-}
 export declare namespace passkey_authenticator {
   export function register(): void
 }

apps/desktop/desktop_native/napi/src/lib.rs

@@ -798,25 +798,6 @@ pub mod autofill {
     }
 }
 
-#[napi]
-pub mod crypto {
-    use napi::bindgen_prelude::Buffer;
-
-    #[napi]
-    pub async fn argon2(
-        secret: Buffer,
-        salt: Buffer,
-        iterations: u32,
-        memory: u32,
-        parallelism: u32,
-    ) -> napi::Result<Buffer> {
-        desktop_core::crypto::argon2(&secret, &salt, iterations, memory, parallelism)
-            .map_err(|e| napi::Error::from_reason(e.to_string()))
-            .map(|v| v.to_vec())
-            .map(Buffer::from)
-    }
-}
-
 #[napi]
 pub mod passkey_authenticator {
     #[napi]