[PM-22271] Switch to SDK argon2 implementation, and drop other impls (#15401)

* Switch to SDK argon2 implementation * Cleanup and update to the latest sdk * Update package lock * Remove copy patch * Fix builds * Fix test build * Remove error * Fix tests * Fix build * Run prettier * Remove argon2 references * Regenerate index.d.ts for desktop_native napi * Replace mocked crypto function service type
2026-01-09 03:53:53 +00:00 · 2025-07-15 11:53:58 +02:00
parent 1315e7c37c
commit 8250e40c6c
27 changed files with 44 additions and 697 deletions
--- a/apps/desktop/src/app/services/renderer-crypto-function.service.ts
+++ b/apps/desktop/src/app/services/renderer-crypto-function.service.ts
@@ -1,31 +0,0 @@
-import { CryptoFunctionService } from "@bitwarden/common/key-management/crypto/abstractions/crypto-function.service";
-import { WebCryptoFunctionService } from "@bitwarden/common/key-management/crypto/services/web-crypto-function.service";
-
-export class RendererCryptoFunctionService
-  extends WebCryptoFunctionService
-  implements CryptoFunctionService
-{
-  constructor(win: Window | typeof global) {
-    super(win);
-  }
-
-  // We can't use the `argon2-browser` implementation because it loads WASM and the Content Security Policy doesn't allow it.
-  // Rather than trying to weaken the policy, we'll just use the Node.js implementation though the IPC channel.
-  // Note that the rest of the functions on this service will be inherited from the WebCryptoFunctionService, as those work just fine.
-  async argon2(
-    password: string | Uint8Array,
-    salt: string | Uint8Array,
-    iterations: number,
-    memory: number,
-    parallelism: number,
-  ): Promise<Uint8Array> {
-    if (typeof password === "string") {
-      password = new TextEncoder().encode(password);
-    }
-    if (typeof salt === "string") {
-      salt = new TextEncoder().encode(salt);
-    }
-
-    return await ipc.platform.crypto.argon2(password, salt, iterations, memory, parallelism);
-  }
-}
--- a/apps/desktop/src/app/services/services.module.ts
+++ b/apps/desktop/src/app/services/services.module.ts
@@ -55,6 +55,7 @@ import { ClientType } from "@bitwarden/common/enums";
 import { ProcessReloadServiceAbstraction } from "@bitwarden/common/key-management/abstractions/process-reload.service";
 import { CryptoFunctionService as CryptoFunctionServiceAbstraction } from "@bitwarden/common/key-management/crypto/abstractions/crypto-function.service";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
+import { WebCryptoFunctionService } from "@bitwarden/common/key-management/crypto/services/web-crypto-function.service";
 import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/key-management/master-password/abstractions/master-password.service.abstraction";
 import { DefaultProcessReloadService } from "@bitwarden/common/key-management/services/default-process-reload.service";
 import {
@@ -140,7 +141,6 @@ import { DesktopFileDownloadService } from "./desktop-file-download.service";
 import { DesktopSetPasswordJitService } from "./desktop-set-password-jit.service";
 import { InitService } from "./init.service";
 import { NativeMessagingManifestService } from "./native-messaging-manifest.service";
-import { RendererCryptoFunctionService } from "./renderer-crypto-function.service";
 import { DesktopSetInitialPasswordService } from "./set-initial-password/desktop-set-initial-password.service";

 const RELOAD_CALLBACK = new SafeInjectionToken<() => any>("RELOAD_CALLBACK");
@@ -296,7 +296,7 @@ const safeProviders: SafeProvider[] = [
  }),
  safeProvider({
    provide: CryptoFunctionServiceAbstraction,
-    useClass: RendererCryptoFunctionService,
+    useClass: WebCryptoFunctionService,
    deps: [WINDOW],
  }),
  safeProvider({