Feat: Auto-migrate legacy vaults to Argon2id on login

- Try legacy decrypt first (fast, no KDF) on login
- If legacy succeeds, re-encrypt with Argon2id automatically
- Only one Argon2id derivation per login regardless of format
- No manual re-creation needed for existing users

Author: Chocapikk

src-tauri/src/lib.rs

@@ -179,8 +179,26 @@ fn register(password: &str) -> Value {
 
 #[tauri::command]
 fn login(password: &str) -> bool {
-    let container = driver::read(password);
+    let container_path = vault::get_container_path();
+    let encrypted_data = match std::fs::read(&container_path) {
+        Ok(data) => data,
+        Err(_) => return false,
+    };
 
+    // Try legacy format first (fast, no KDF)
+    if let Ok(plaintext) = vault::decrypt_legacy_public(password, &encrypted_data) {
+        if let Ok(container) = serde_json::from_str::<serde_json::Value>(&plaintext) {
+            if container.is_array() {
+                // Re-encrypt with Argon2id
+                driver::write(password, container);
+                return true;
+            }
+        }
+        return false;
+    }
+
+    // Try new Argon2id format
+    let container = driver::read(password);
     container.is_array()
 }
 

src-tauri/src/vault.rs

@@ -54,16 +54,20 @@ fn derive_key(password: &str, salt: &[u8]) -> Vec<u8> {
     key
 }
 
-pub fn decrypt(mut password: String, encrypted_data: Vec<u8>) -> Result<String, Error> {
-    if encrypted_data.len() < SALT_LEN + NONCE_LEN + 16 {
+fn decrypt_legacy(password: &str, encrypted_data: &[u8]) -> Result<String, Error> {
+    if encrypted_data.len() < NONCE_LEN + 16 {
         return Err(aes_gcm::Error);
     }
 
-    let (salt, rest) = encrypted_data.split_at(SALT_LEN);
-    let (nonce_bytes, ciphertext) = rest.split_at(NONCE_LEN);
+    let (nonce_bytes, ciphertext) = encrypted_data.split_at(NONCE_LEN);
 
-    let mut key_bytes = derive_key(&password, salt);
-    password.zeroize();
+    let mut padded = password.to_string();
+    if padded.len() < 32 {
+        padded += &"!".repeat(32 - padded.len());
+    }
+
+    let mut key_bytes = padded.as_bytes().to_vec();
+    padded.zeroize();
     let key = Key::<Aes256Gcm>::from_slice(&key_bytes);
     let nonce = Nonce::from_slice(nonce_bytes);
     let cipher = Aes256Gcm::new(key);
@@ -75,6 +79,35 @@ pub fn decrypt(mut password: String, encrypted_data: Vec<u8>) -> Result<String,
     String::from_utf8(plaintext).map_err(|_| aes_gcm::Error)
 }
 
+pub fn decrypt(mut password: String, encrypted_data: Vec<u8>) -> Result<String, Error> {
+    // Try new format first (salt + nonce + ciphertext)
+    if encrypted_data.len() >= SALT_LEN + NONCE_LEN + 16 {
+        let (salt, rest) = encrypted_data.split_at(SALT_LEN);
+        let (nonce_bytes, ciphertext) = rest.split_at(NONCE_LEN);
+
+        let mut key_bytes = derive_key(&password, salt);
+        let key = Key::<Aes256Gcm>::from_slice(&key_bytes);
+        let nonce = Nonce::from_slice(nonce_bytes);
+        let cipher = Aes256Gcm::new(key);
+
+        if let Ok(plaintext) = cipher.decrypt(nonce, ciphertext) {
+            key_bytes.zeroize();
+            password.zeroize();
+            return String::from_utf8(plaintext).map_err(|_| aes_gcm::Error);
+        }
+        key_bytes.zeroize();
+    }
+
+    // Fallback to legacy format (nonce + ciphertext, password padded with !)
+    let result = decrypt_legacy(&password, &encrypted_data);
+    password.zeroize();
+    result
+}
+
+pub fn decrypt_legacy_public(password: &str, encrypted_data: &[u8]) -> Result<String, Error> {
+    decrypt_legacy(password, encrypted_data)
+}
+
 pub fn encrypt(mut password: String, plaintext: String) -> Vec<u8> {
     let mut salt = [0u8; SALT_LEN];
     aes_gcm::aead::OsRng.fill_bytes(&mut salt);