Add logic to derive ente login key

internal/crypto/crypto.go

@@ -11,7 +11,13 @@ import (
 	"golang.org/x/crypto/argon2"
 )
 
-// deriveArgonKey generates a 32-bit cryptographic key using the Argon2id algorithm.
+const (
+	loginSubKeyLen     = 32
+	loginSubKeyId      = 1
+	loginSubKeyContext = "loginctx"
+)
+
+// DeriveArgonKey generates a 32-bit cryptographic key using the Argon2id algorithm.
 // Parameters:
 //   - password: The plaintext password to be hashed.
 //   - salt: The salt as a base64 encoded string.
@@ -68,3 +74,10 @@ func decryptChaCha20poly1305(data []byte, key []byte, nonce []byte) ([]byte, err
 	}
 	return decryptedData[:n], nil
 }
+
+func DeriveLoginKey(keyEncKey []byte) []byte {
+	mainKey := sodium.MasterKey{Bytes: keyEncKey}
+	subKey := mainKey.Derive(loginSubKeyLen, loginSubKeyId, loginSubKeyContext).Bytes
+	// return the first 16 bytes of the derived key
+	return subKey[:16]
+}

internal/crypto/crypto_test.go

@@ -17,7 +17,7 @@ const (
 )
 
 func TestDeriveArgonKey(t *testing.T) {
-	derivedKey, err := deriveArgonKey(password, kdfSalt, memLimit, opsLimit)
+	derivedKey, err := DeriveArgonKey(password, kdfSalt, memLimit, opsLimit)
 	if err != nil {
 		t.Fatalf("Failed to derive key: %v", err)
 	}
@@ -28,7 +28,7 @@ func TestDeriveArgonKey(t *testing.T) {
 }
 
 func TestDecryptChaCha20poly1305(t *testing.T) {
-	derivedKey, err := deriveArgonKey(password, kdfSalt, memLimit, opsLimit)
+	derivedKey, err := DeriveArgonKey(password, kdfSalt, memLimit, opsLimit)
 	if err != nil {
 		t.Fatalf("Failed to derive key: %v", err)
 	}