From da119a5c310020c9b23ad7c7dc260a8e9ada9913 Mon Sep 17 00:00:00 2001
From: 7000pctAUTO <lukems3823@gmail.com>
Date: Sat, 31 Jan 2026 23:19:39 +0000
Subject: [PATCH] Simplify crypto: use SHA256-based key derivation, remove hkdf
 dependency

---
 app/api-token-vault/src/crypto.rs | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/app/api-token-vault/src/crypto.rs b/app/api-token-vault/src/crypto.rs
index 5026e77..a16328b 100644
--- a/app/api-token-vault/src/crypto.rs
+++ b/app/api-token-vault/src/crypto.rs
@@ -1,7 +1,6 @@
 use aes_gcm::{Aes256Gcm, Key, Nonce};
 use aes_gcm::aead::{Aead, AeadCore, OsRng};
 use sha2::Sha256;
-use hkdf::Hkdf;
 use base64::{Engine as _, engine::general_purpose::STANDARD};
 use std::fmt;
 
@@ -37,13 +36,12 @@ impl CryptoManager {
 
     pub fn from_password(password: &str, salt: &[u8; 32]) -> Result<Self, CryptoError> {
         let password_bytes = password.as_bytes();
+        let mut key_material = Vec::with_capacity(password_bytes.len() + salt.len());
+        key_material.extend_from_slice(password_bytes);
+        key_material.extend_from_slice(salt);
         
-        let hkdf = Hkdf::<Sha256>::new(Some(salt), password_bytes);
-        let mut key_bytes = [0u8; Self::KEY_SIZE];
-        hkdf.expand(&[], &mut key_bytes)
-            .map_err(|_| CryptoError::KeyDerivationFailed)?;
-        
-        let key = Key::<Aes256Gcm>::from_slice(&key_bytes);
+        let hash = Sha256::digest(&key_material);
+        let key = Key::<Aes256Gcm>::from_slice(&hash);
         
         Ok(CryptoManager { key: *key })
     }