SHA256
1
0
forked from pool/bitwarden
bitwarden/use-node-argon2.patch
Bruno Pitrus de66c4f16e Accepting request 1137982 from home:dziobian:gulgul-ultron:19
- New upstream release 2024.1.0
  * Added password complexity checks to password protected export
  * Disallow XXE in import
  * Bug-fixes for imports
  * Bug-fix for minimum/maximum values in generator
  * Bug-fix for screen-readers not announcing stored passkeys

OBS-URL: https://build.opensuse.org/request/show/1137982
OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/bitwarden?expand=0&rev=44
2024-01-10 19:23:13 +00:00

170 lines
5.4 KiB
Diff

Use node-argon2 instead of browser-argon2 as the second needs webassembly/emscripten to compile and does not have source included in the tarball, while the first allows use to use the already installed system libargon2
--- bitwarden/apps/desktop/webpack.main.js.old 2023-02-15 19:02:44.000000000 +0100
+++ bitwarden/apps/desktop/webpack.main.js 2023-02-18 18:42:54.917063925 +0100
@@ -73,8 +73,6 @@
"./src/package.json",
{ from: "./src/images", to: "images" },
{ from: "./src/locales", to: "locales" },
- "../../node_modules/argon2-browser/dist/argon2.wasm",
- "../../node_modules/argon2-browser/dist/argon2-simd.wasm",
],
}),
new EnvironmentPlugin({
@@ -84,6 +83,8 @@
externals: {
"electron-reload": "commonjs2 electron-reload",
"@bitwarden/desktop-native": "commonjs2 @bitwarden/desktop-native",
+ "argon2": "commonjs2 argon2",
+ "@phc/format": "commonjs2 @phc/format",
},
};
--- bitwarden/apps/desktop/webpack.renderer.js.old 2023-02-15 19:02:44.000000000 +0100
+++ bitwarden/apps/desktop/webpack.renderer.js 2023-02-18 18:41:53.074156675 +0100
@@ -40,11 +40,6 @@
},
type: "asset/resource",
},
- {
- test: /\.wasm$/,
- loader: "base64-loader",
- type: "javascript/auto",
- },
],
},
plugins: [],
@@ -127,11 +122,6 @@
test: /[\/\\]@angular[\/\\].+\.js$/,
parser: { system: true },
},
- {
- test: /\.wasm$/,
- loader: "base64-loader",
- type: "javascript/auto",
- },
],
},
plugins: [
@@ -162,6 +152,10 @@
DEV_FLAGS: NODE_ENV === "development" ? envConfig.devFlags : {},
}),
],
+ externals: {
+ "argon2": "commonjs2 argon2",
+ "@phc/format": "commonjs2 @phc/format",
+ },
};
module.exports = merge(common, renderer);
--- bitwarden/apps/desktop/src/package.json.old 2023-02-15 19:02:44.000000000 +0100
+++ bitwarden/apps/desktop/src/package.json 2023-02-18 18:54:55.213046618 +0100
@@ -12,6 +12,7 @@
"url": "git+https://github.com/bitwarden/clients.git"
},
"dependencies": {
+ "argon2": "^0.30.3",
"@bitwarden/desktop-native": "file:../desktop_native"
}
}
--- bitwarden/libs/common/src/platform/services/web-crypto-function.service.ts.old 2023-02-15 19:02:44.000000000 +0100
+++ bitwarden/libs/common/src/platform/services/web-crypto-function.service.ts 2023-02-18 18:52:00.173567051 +0100
@@ -1,4 +1,4 @@
-import * as argon2 from "argon2-browser";
+import * as argon2 from "argon2";
import * as forge from "node-forge";
import { Utils } from "../../platform/misc/utils";
@@ -10,13 +10,11 @@ import { SymmetricCryptoKey } from "../m
export class WebCryptoFunctionService implements CryptoFunctionService {
private crypto: Crypto;
private subtle: SubtleCrypto;
- private wasmSupported: boolean;
constructor(win: Window | typeof global) {
this.crypto = typeof win.crypto !== "undefined" ? win.crypto : null;
this.subtle =
!!this.crypto && typeof win.crypto.subtle !== "undefined" ? win.crypto.subtle : null;
- this.wasmSupported = this.checkIfWasmSupported();
}
async pbkdf2(
@@ -54,24 +52,19 @@ export class WebCryptoFunctionService im
memory: number,
parallelism: number,
): Promise<Uint8Array> {
- if (!this.wasmSupported) {
- throw "Webassembly support is required for the Argon2 KDF feature.";
- }
-
- const passwordArr = new Uint8Array(this.toBuf(password));
- const saltArr = new Uint8Array(this.toBuf(salt));
+ const nodePassword = this.toNodeValue(password);
+ const nodeSalt = this.toNodeBuffer(this.toUint8Buffer(salt));
- const result = await argon2.hash({
- pass: passwordArr,
- salt: saltArr,
- time: iterations,
- mem: memory,
+ const hash = await argon2.hash(nodePassword, {
+ salt: nodeSalt,
+ raw: true,
+ hashLength: 32,
+ timeCost: iterations,
+ memoryCost: memory,
parallelism: parallelism,
- hashLen: 32,
- type: argon2.ArgonType.Argon2id,
+ type: argon2.argon2id,
});
- argon2.unloadRuntime();
- return result.hash;
+ return this.toUint8Buffer(hash);
}
async hkdf(
@@ -435,20 +428,28 @@ export class WebCryptoFunctionService im
return mode === "cbc" ? "AES-CBC" : "AES-ECB";
}
- // ref: https://stackoverflow.com/a/47880734/1090359
- private checkIfWasmSupported(): boolean {
- try {
- if (typeof WebAssembly === "object" && typeof WebAssembly.instantiate === "function") {
- const module = new WebAssembly.Module(
- Uint8Array.of(0x0, 0x61, 0x73, 0x6d, 0x01, 0x00, 0x00, 0x00),
- );
- if (module instanceof WebAssembly.Module) {
- return new WebAssembly.Instance(module) instanceof WebAssembly.Instance;
- }
- }
- } catch {
- return false;
+// from libs/node/src/services/node-crypto-function.service.ts
+ private toNodeValue(value: string | Uint8Array): string | Buffer {
+ let nodeValue: string | Buffer;
+ if (typeof value === "string") {
+ nodeValue = value;
+ } else {
+ nodeValue = this.toNodeBuffer(value);
}
- return false;
+ return nodeValue;
+ }
+
+ private toNodeBuffer(value: Uint8Array): Buffer {
+ return Buffer.from(value);
+ }
+
+ private toUint8Buffer(value: Buffer | string | Uint8Array): Uint8Array {
+ let buf: Uint8Array;
+ if (typeof value === "string") {
+ buf = Utils.fromUtf8ToArray(value);
+ } else {
+ buf = value;
+ }
+ return buf;
}
}