fix #557, fix #513: Argon2 speed improvements in desktop apps

2020-04-23 18:12:16 +02:00 · 2020-04-23 18:12:16 +02:00 · d45748cc32
parent 92fb322f7b
commit d45748cc32
7 changed files with 49 additions and 0 deletions
--- a/app/scripts/comp/launcher/launcher-electron.js
+++ b/app/scripts/comp/launcher/launcher-electron.js
@ -14,6 +14,9 @@ const Launcher = {
    thirdPartyStoragesSupported: true,
    clipboardSupported: true,
    req: window.require,
+    reqNative(module) {
+        return this.req(`@keeweb/keeweb-native-modules/${module}.${process.platform}.node`);
+    },
    platform() {
        return process.platform;
    },
--- a/app/scripts/const/default-app-settings.js
+++ b/app/scripts/const/default-app-settings.js
@ -34,6 +34,7 @@ const DefaultAppSettings = {
    cacheConfigSettings: false, // cache config settings and use them if the config can't be loaded
    allowIframes: false, // allow displaying the app in IFrames
    useGroupIconForEntries: false, // automatically use group icon when creating new entries
+    nativeArgon2: true, // use native argon2 module

    canOpen: true, // can select and open new files
    canOpenDemo: true, // can open a demo file
--- a/app/scripts/util/kdbxweb/kdbxweb-init.js
+++ b/app/scripts/util/kdbxweb/kdbxweb-init.js
@ -1,6 +1,8 @@
 import kdbxweb from 'kdbxweb';
 import { Logger } from 'util/logger';
 import { Features } from 'util/features';
+import { Launcher } from 'comp/launcher';
+import { AppSettingsModel } from 'models/app-settings-model';

 const logger = new Logger('argon2');

@ -27,6 +29,40 @@ const KdbxwebInit = {
        if (!global.WebAssembly) {
            return Promise.reject('WebAssembly is not supported');
        }
+        if (Launcher && Launcher.reqNative && AppSettingsModel.nativeArgon2) {
+            const ts = logger.ts();
+            const argon2 = Launcher.reqNative('argon2');
+            logger.debug('Native argon2 runtime loaded (main thread)', logger.ts(ts));
+            this.runtimeModule = {
+                hash(args) {
+                    return new Promise((resolve, reject) => {
+                        const ts = logger.ts();
+                        argon2.hash(
+                            Buffer.from(args.password),
+                            Buffer.from(args.salt),
+                            {
+                                type: args.type,
+                                version: args.version,
+                                hashLength: args.length,
+                                saltLength: args.salt.length,
+                                timeCost: args.iterations,
+                                parallelism: args.parallelism,
+                                memoryCost: args.memory
+                            },
+                            (err, res) => {
+                                if (err) {
+                                    logger.error('Argon2 error', err);
+                                    return reject(err);
+                                }
+                                logger.debug('Argon2 hash calculated', logger.ts(ts));
+                                resolve(res);
+                            }
+                        );
+                    });
+                }
+            };
+            return Promise.resolve(this.runtimeModule);
+        }
        return new Promise((resolve, reject) => {
            const loadTimeout = setTimeout(() => reject('timeout'), 5000);
            try {
--- a/app/templates/settings/settings-about.hbs
+++ b/app/templates/settings/settings-about.hbs
@ -36,6 +36,7 @@
    <h3>Desktop modules</h3>
    <ul>
        <li><a href="https://github.com/antelle/node-stream-zip" target="_blank">node-stream-zip</a><span class="muted-color">, node.js library for fast reading of large ZIPs</span></li>
+        <li><a href="https://github.com/ranisalt/node-argon2" target="_blank">node-argon2</a><span class="muted-color">, node.js bindings for Argon2 hashing algorithm</span></li>
    </ul>

    <h3>Utils</h3>
--- a/package-lock.json
+++ b/package-lock.json
@ -1399,6 +1399,10 @@
        }
      }
    },
+    "@keeweb/keeweb-native-modules": {
+      "version": "https://github.com/keeweb/keeweb-native-modules/releases/download/0.1.6/keeweb-native-modules.tgz",
+      "integrity": "sha512-fPBfPB1iVZziG23YlZXw9jwd31veHtnkGARwu2JlosaGPFs//lcELmGirD2B0/31HcyzikG8GfIkEgfTBRij0A=="
+    },
    "@sindresorhus/is": {
      "version": "0.14.0",
      "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-0.14.0.tgz",
--- a/package.json
+++ b/package.json
@ -14,6 +14,7 @@
        "@babel/plugin-external-helpers": "^7.8.3",
        "@babel/plugin-proposal-class-properties": "^7.8.3",
        "@babel/preset-env": "^7.9.5",
+        "@keeweb/keeweb-native-modules": "https://github.com/keeweb/keeweb-native-modules/releases/download/0.1.6/keeweb-native-modules.tgz",
        "adm-zip": "^0.4.14",
        "argon2-browser": "1.13.0",
        "autoprefixer": "^9.7.6",
--- a/release-notes.md
+++ b/release-notes.md
@ -1,5 +1,8 @@
 Release notes
 -------------
+##### v1.15.0 (WIP)
+`+` #557: Argon2 speed improvements in desktop apps
+
 ##### v1.14.0 (2020-04-18)
 `+` using OAuth authorization code grant for all storage providers  
 `-` fixed a number of vulnerabilities in opening untrusted kdbx files