fix: do not override keyFromPassword derivation options

mikesposito · mikesposito · commit b59ee0caca5b · 2025-11-05T23:47:48.000+01:00
diff --git a/app/scripts/lib/encryptor-factory.test.ts b/app/scripts/lib/encryptor-factory.test.ts
@@ -187,44 +187,6 @@ describe('encryptorFactory', () => {
         },
       );
     });
-
-    it('should call browser-passworder.keyFromPassword with overriden opts', async () => {
-      const encryptor = encryptorFactory(mockIterations);
-
-      const mockResult = {
-        key: 'key',
-        derivationOptions: {
-          algorithm: 'PBKDF2',
-          params: {
-            iterations: mockIterations,
-          },
-        },
-      };
-
-      // @ts-expect-error The key type is a mock type and not valid.
-      mockBrowserPassworder.keyFromPassword.mockResolvedValue(mockResult);
-
-      expect(
-        await encryptor.keyFromPassword(
-          mockPassword,
-          mockSalt,
-          true,
-          undefined,
-        ),
-      ).toBe(mockResult);
-
-      expect(mockBrowserPassworder.keyFromPassword).toHaveBeenCalledWith(
-        mockPassword,
-        mockSalt,
-        true,
-        {
-          algorithm: 'PBKDF2',
-          params: {
-            iterations: mockIterations,
-          },
-        },
-      );
-    });
   });
 
   describe('isVaultUpdated', () => {
diff --git a/app/scripts/lib/encryptor-factory.ts b/app/scripts/lib/encryptor-factory.ts
@@ -11,7 +11,6 @@ import {
   exportKey,
   generateSalt,
   EncryptionKey,
-  KeyDerivationOptions,
 } from '@metamask/browser-passworder';
 
 /**
@@ -53,36 +52,6 @@ const encryptWithDetailFactory =
       },
     });
 
-/**
- * A factory function for the keyFromPassword method of the browser-passworder library,
- * that generates a key from a password and a salt.
- *
- * This factory function overrides the default key derivation options with the specified
- * number of iterations, unless existing key derivation options are passed in.
- *
- * @param iterations - The number of iterations to use for the PBKDF2 algorithm.
- * @returns A function that generates a key with a potentially overriden number of iterations.
- */
-const keyFromPasswordFactory =
-  (iterations: number) =>
-  async (
-    password: string,
-    salt: string,
-    exportable?: boolean,
-    opts?: KeyDerivationOptions,
-  ) =>
-    keyFromPassword(
-      password,
-      salt,
-      exportable,
-      opts ?? {
-        algorithm: 'PBKDF2',
-        params: {
-          iterations,
-        },
-      },
-    );
-
 /**
  * A factory function for the isVaultUpdated method of the browser-passworder library,
  * that checks if the given vault was encrypted with the given number of iterations.
@@ -114,7 +83,7 @@ export const encryptorFactory = (iterations: number) => ({
   decrypt,
   decryptWithKey,
   decryptWithDetail,
-  keyFromPassword: keyFromPasswordFactory(iterations),
+  keyFromPassword,
   isVaultUpdated: isVaultUpdatedFactory(iterations),
   importKey,
   exportKey,
