forked from pool/bitwarden
de66c4f16e
- New upstream release 2024.1.0 * Added password complexity checks to password protected export * Disallow XXE in import * Bug-fixes for imports * Bug-fix for minimum/maximum values in generator * Bug-fix for screen-readers not announcing stored passkeys OBS-URL: https://build.opensuse.org/request/show/1137982 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/bitwarden?expand=0&rev=44
170 lines
5.4 KiB
Diff
170 lines
5.4 KiB
Diff
Use node-argon2 instead of browser-argon2 as the second needs webassembly/emscripten to compile and does not have source included in the tarball, while the first allows use to use the already installed system libargon2
|
|
|
|
--- bitwarden/apps/desktop/webpack.main.js.old 2023-02-15 19:02:44.000000000 +0100
|
|
+++ bitwarden/apps/desktop/webpack.main.js 2023-02-18 18:42:54.917063925 +0100
|
|
@@ -73,8 +73,6 @@
|
|
"./src/package.json",
|
|
{ from: "./src/images", to: "images" },
|
|
{ from: "./src/locales", to: "locales" },
|
|
- "../../node_modules/argon2-browser/dist/argon2.wasm",
|
|
- "../../node_modules/argon2-browser/dist/argon2-simd.wasm",
|
|
],
|
|
}),
|
|
new EnvironmentPlugin({
|
|
@@ -84,6 +83,8 @@
|
|
externals: {
|
|
"electron-reload": "commonjs2 electron-reload",
|
|
"@bitwarden/desktop-native": "commonjs2 @bitwarden/desktop-native",
|
|
+ "argon2": "commonjs2 argon2",
|
|
+ "@phc/format": "commonjs2 @phc/format",
|
|
},
|
|
};
|
|
|
|
--- bitwarden/apps/desktop/webpack.renderer.js.old 2023-02-15 19:02:44.000000000 +0100
|
|
+++ bitwarden/apps/desktop/webpack.renderer.js 2023-02-18 18:41:53.074156675 +0100
|
|
@@ -40,11 +40,6 @@
|
|
},
|
|
type: "asset/resource",
|
|
},
|
|
- {
|
|
- test: /\.wasm$/,
|
|
- loader: "base64-loader",
|
|
- type: "javascript/auto",
|
|
- },
|
|
],
|
|
},
|
|
plugins: [],
|
|
@@ -127,11 +122,6 @@
|
|
test: /[\/\\]@angular[\/\\].+\.js$/,
|
|
parser: { system: true },
|
|
},
|
|
- {
|
|
- test: /\.wasm$/,
|
|
- loader: "base64-loader",
|
|
- type: "javascript/auto",
|
|
- },
|
|
],
|
|
},
|
|
plugins: [
|
|
@@ -162,6 +152,10 @@
|
|
DEV_FLAGS: NODE_ENV === "development" ? envConfig.devFlags : {},
|
|
}),
|
|
],
|
|
+ externals: {
|
|
+ "argon2": "commonjs2 argon2",
|
|
+ "@phc/format": "commonjs2 @phc/format",
|
|
+ },
|
|
};
|
|
|
|
module.exports = merge(common, renderer);
|
|
--- bitwarden/apps/desktop/src/package.json.old 2023-02-15 19:02:44.000000000 +0100
|
|
+++ bitwarden/apps/desktop/src/package.json 2023-02-18 18:54:55.213046618 +0100
|
|
@@ -12,6 +12,7 @@
|
|
"url": "git+https://github.com/bitwarden/clients.git"
|
|
},
|
|
"dependencies": {
|
|
+ "argon2": "^0.30.3",
|
|
"@bitwarden/desktop-native": "file:../desktop_native"
|
|
}
|
|
}
|
|
--- bitwarden/libs/common/src/platform/services/web-crypto-function.service.ts.old 2023-02-15 19:02:44.000000000 +0100
|
|
+++ bitwarden/libs/common/src/platform/services/web-crypto-function.service.ts 2023-02-18 18:52:00.173567051 +0100
|
|
@@ -1,4 +1,4 @@
|
|
-import * as argon2 from "argon2-browser";
|
|
+import * as argon2 from "argon2";
|
|
import * as forge from "node-forge";
|
|
|
|
import { Utils } from "../../platform/misc/utils";
|
|
@@ -10,13 +10,11 @@ import { SymmetricCryptoKey } from "../m
|
|
export class WebCryptoFunctionService implements CryptoFunctionService {
|
|
private crypto: Crypto;
|
|
private subtle: SubtleCrypto;
|
|
- private wasmSupported: boolean;
|
|
|
|
constructor(win: Window | typeof global) {
|
|
this.crypto = typeof win.crypto !== "undefined" ? win.crypto : null;
|
|
this.subtle =
|
|
!!this.crypto && typeof win.crypto.subtle !== "undefined" ? win.crypto.subtle : null;
|
|
- this.wasmSupported = this.checkIfWasmSupported();
|
|
}
|
|
|
|
async pbkdf2(
|
|
@@ -54,24 +52,19 @@ export class WebCryptoFunctionService im
|
|
memory: number,
|
|
parallelism: number,
|
|
): Promise<Uint8Array> {
|
|
- if (!this.wasmSupported) {
|
|
- throw "Webassembly support is required for the Argon2 KDF feature.";
|
|
- }
|
|
-
|
|
- const passwordArr = new Uint8Array(this.toBuf(password));
|
|
- const saltArr = new Uint8Array(this.toBuf(salt));
|
|
+ const nodePassword = this.toNodeValue(password);
|
|
+ const nodeSalt = this.toNodeBuffer(this.toUint8Buffer(salt));
|
|
|
|
- const result = await argon2.hash({
|
|
- pass: passwordArr,
|
|
- salt: saltArr,
|
|
- time: iterations,
|
|
- mem: memory,
|
|
+ const hash = await argon2.hash(nodePassword, {
|
|
+ salt: nodeSalt,
|
|
+ raw: true,
|
|
+ hashLength: 32,
|
|
+ timeCost: iterations,
|
|
+ memoryCost: memory,
|
|
parallelism: parallelism,
|
|
- hashLen: 32,
|
|
- type: argon2.ArgonType.Argon2id,
|
|
+ type: argon2.argon2id,
|
|
});
|
|
- argon2.unloadRuntime();
|
|
- return result.hash;
|
|
+ return this.toUint8Buffer(hash);
|
|
}
|
|
|
|
async hkdf(
|
|
@@ -435,20 +428,28 @@ export class WebCryptoFunctionService im
|
|
return mode === "cbc" ? "AES-CBC" : "AES-ECB";
|
|
}
|
|
|
|
- // ref: https://stackoverflow.com/a/47880734/1090359
|
|
- private checkIfWasmSupported(): boolean {
|
|
- try {
|
|
- if (typeof WebAssembly === "object" && typeof WebAssembly.instantiate === "function") {
|
|
- const module = new WebAssembly.Module(
|
|
- Uint8Array.of(0x0, 0x61, 0x73, 0x6d, 0x01, 0x00, 0x00, 0x00),
|
|
- );
|
|
- if (module instanceof WebAssembly.Module) {
|
|
- return new WebAssembly.Instance(module) instanceof WebAssembly.Instance;
|
|
- }
|
|
- }
|
|
- } catch {
|
|
- return false;
|
|
+// from libs/node/src/services/node-crypto-function.service.ts
|
|
+ private toNodeValue(value: string | Uint8Array): string | Buffer {
|
|
+ let nodeValue: string | Buffer;
|
|
+ if (typeof value === "string") {
|
|
+ nodeValue = value;
|
|
+ } else {
|
|
+ nodeValue = this.toNodeBuffer(value);
|
|
}
|
|
- return false;
|
|
+ return nodeValue;
|
|
+ }
|
|
+
|
|
+ private toNodeBuffer(value: Uint8Array): Buffer {
|
|
+ return Buffer.from(value);
|
|
+ }
|
|
+
|
|
+ private toUint8Buffer(value: Buffer | string | Uint8Array): Uint8Array {
|
|
+ let buf: Uint8Array;
|
|
+ if (typeof value === "string") {
|
|
+ buf = Utils.fromUtf8ToArray(value);
|
|
+ } else {
|
|
+ buf = value;
|
|
+ }
|
|
+ return buf;
|
|
}
|
|
}
|