[PM-22271] Switch to SDK argon2 implementation, and drop other impls (#15401)

* Switch to SDK argon2 implementation * Cleanup and update to the latest sdk * Update package lock * Remove copy patch * Fix builds * Fix test build * Remove error * Fix tests * Fix build * Run prettier * Remove argon2 references * Regenerate index.d.ts for desktop_native napi * Replace mocked crypto function service type
2025-12-21 10:43:35 +00:00 · 2025-07-15 11:53:58 +02:00
parent 1315e7c37c
commit 8250e40c6c
27 changed files with 44 additions and 697 deletions
--- a/apps/desktop/desktop_native/core/Cargo.toml
+++ b/apps/desktop/desktop_native/core/Cargo.toml
@@ -23,7 +23,6 @@ anyhow = { workspace = true }
 arboard = { workspace = true, features = [
    "wayland-data-control",
 ] }
-argon2 = { workspace = true, features = ["zeroize"] }
 base64 = { workspace = true }
 byteorder = { workspace = true }
 cbc = { workspace = true, features = ["alloc"] }
--- a/apps/desktop/desktop_native/core/src/crypto/crypto.rs
+++ b/apps/desktop/desktop_native/core/src/crypto/crypto.rs
@@ -5,7 +5,7 @@ use aes::cipher::{
    BlockEncryptMut, KeyIvInit,
 };

-use crate::error::{CryptoError, KdfParamError, Result};
+use crate::error::{CryptoError, Result};

 use super::CipherString;

@@ -33,53 +33,3 @@ pub fn encrypt_aes256(

    Ok(CipherString::AesCbc256_B64 { iv, data })
 }
-
-pub fn argon2(
-    secret: &[u8],
-    salt: &[u8],
-    iterations: u32,
-    memory: u32,
-    parallelism: u32,
-) -> Result<[u8; 32]> {
-    use argon2::*;
-
-    let params = Params::new(memory, iterations, parallelism, Some(32)).map_err(|e| {
-        KdfParamError::InvalidParams(format!("Argon2 parameters are invalid: {e}",))
-    })?;
-    let argon = Argon2::new(Algorithm::Argon2id, Version::V0x13, params);
-
-    let mut hash = [0u8; 32];
-    argon
-        .hash_password_into(secret, salt, &mut hash)
-        .map_err(|e| KdfParamError::InvalidParams(format!("Argon2 hashing failed: {e}",)))?;
-
-    // Argon2 is using some stack memory that is not zeroed. Eventually some function will
-    // overwrite the stack, but we use this trick to force the used stack to be zeroed.
-    #[inline(never)]
-    fn clear_stack() {
-        std::hint::black_box([0u8; 4096]);
-    }
-    clear_stack();
-    Ok(hash)
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    #[test]
-    fn test_argon2() {
-        let test_hash: [u8; 32] = [
-            112, 200, 85, 209, 100, 4, 246, 146, 117, 180, 152, 44, 103, 198, 75, 14, 166, 77, 201,
-            22, 62, 178, 87, 224, 95, 209, 253, 68, 166, 209, 47, 218,
-        ];
-        let secret = b"supersecurepassword";
-        let salt = b"mail@example.com";
-        let iterations = 3;
-        let memory = 1024 * 64;
-        let parallelism = 4;
-
-        let hash = argon2(secret, salt, iterations, memory, parallelism).unwrap();
-        assert_eq!(hash, test_hash,);
-    }
-}
--- a/apps/desktop/desktop_native/core/src/error.rs
+++ b/apps/desktop/desktop_native/core/src/error.rs
@@ -9,8 +9,6 @@ pub enum Error {

    #[error("Cryptography Error, {0}")]
    Crypto(#[from] CryptoError),
-    #[error("KDF Parameter Error, {0}")]
-    KdfParam(#[from] KdfParamError),
 }

 #[derive(Debug, Error)]