Add a builder function that uses argon2 by default

2 years ago · 86e2d77671
parent 1bb97f00b5
commit 86e2d77671
2 changed files with 45 additions and 7 deletions
--- a/plugins/stronghold/src/kdf.rs
+++ b/plugins/stronghold/src/kdf.rs
@ -2,14 +2,19 @@ use argon2::Argon2;
 use rand_chacha::ChaCha20Rng;
 use rand_core::{RngCore, SeedableRng};
 use std::path::PathBuf;
+use tauri::Config;

 /// NOTE: Hash supplied to Stronghold must be 32bits long.
 /// This is a current limitation of Stronghold.
 const HASH_LENGTH: usize = 32;
+const SALT_FILENAME: &str = "stronghold_salt.txt";

 pub struct KeyDerivation {}

 impl KeyDerivation {
+    /// Will create a key from [`password`] and a generated salt.
+    /// Salt will be generated to file [`salt_path`] or taken from it
+    /// if file already exists
    pub fn argon2(password: &str, salt_path: &PathBuf) -> Vec<u8> {
        let mut salt = [0u8; HASH_LENGTH];
        create_or_get_salt(&mut salt, salt_path);
@ -20,10 +25,23 @@ impl KeyDerivation {
            .expect("Failed to generate hash for password");
        encoded.to_vec()
    }
+
+    /// Will create a key from [`password`] and a generated salt.
+    /// Salt will be generated/taken from a default file in the Tauri local
+    /// directory
+    pub fn argon2_with_config(password: &str, tauri_config: &Config) -> Vec<u8> {
+        let salt_dir = tauri::api::path::app_local_data_dir(tauri_config)
+            .expect("Application local directory not found");
+        let mut salt_path = PathBuf::new();
+        salt_path.push(salt_dir);
+        salt_path.push(SALT_FILENAME);
+
+        KeyDerivation::argon2(password, &salt_path)
+    }
 }

 // NOTE: this is not ideal as we produce a single salt per application
-// rather than having different salt for each Stronghold snapshot
+// rather than having different salt for each Stronghold snapshot/password
 fn create_or_get_salt(salt: &mut [u8], salt_path: &PathBuf) {
    if salt_path.is_file() {
        // Get existing salt
--- a/plugins/stronghold/src/lib.rs
+++ b/plugins/stronghold/src/lib.rs
@ -408,15 +408,35 @@ impl Builder {
        }
    }

+    /// Initializes a stronghold plugin with argon2 as a default kdf
+    pub fn init_and_build_with_argon2<R: Runtime>() -> TauriPlugin<R> {
+        let plugin_builder = PluginBuilder::new("stronghold").setup(move |app| {
+            let app2 = app.clone();
+            app.manage(StrongholdCollection::default());
+            app.manage(PasswordHashFunction(Box::new(move |pwd: &str| {
+                kdf::KeyDerivation::argon2_with_config(pwd, &app2.config())
+            })));
+            Ok(())
+        });
+        Builder::invoke_stronghold_handlers_and_build(plugin_builder)
+    }
+
    pub fn build<R: Runtime>(self) -> TauriPlugin<R> {
        let password_hash_function = self.password_hash_function;

-        PluginBuilder::new("stronghold")
-            .setup(move |app| {
-                app.manage(StrongholdCollection::default());
-                app.manage(PasswordHashFunction(password_hash_function));
-                Ok(())
-            })
+        let plugin_builder = PluginBuilder::new("stronghold").setup(move |app| {
+            app.manage(StrongholdCollection::default());
+            app.manage(PasswordHashFunction(password_hash_function));
+            Ok(())
+        });
+
+        Builder::invoke_stronghold_handlers_and_build(plugin_builder)
+    }
+
+    fn invoke_stronghold_handlers_and_build<R: Runtime>(
+        builder: PluginBuilder<R>,
+    ) -> TauriPlugin<R> {
+        builder
            .invoke_handler(tauri::generate_handler![
                initialize,
                destroy,