[PM-5735] Create kdf Service (#8715)

* key connector migration initial * migrator complete * fix dependencies * finalized tests * fix deps and sync main * clean up definition file * fixing tests * fixed tests * fixing CLI, Browser, Desktop builds * fixed factory options * reverting exports * implemented UserKeyDefinition clearOn * Initial Kdf Service Changes * rename and account setting kdfconfig * fixing tests and renaming migration * fixed DI ordering for browser * rename and fix DI * Clean up Migrations * fixing migrations * begin data structure changes for kdf config * Make KDF more type safe; co-author: jlf0dev * fixing tests * Fixed CLI login and comments * set now accepts userId and test updates --------- Co-authored-by: Jake Fink <jfink@bitwarden.com>
2025-12-23 19:53:43 +00:00 · 2024-04-25 11:26:01 -07:00
parent dba910d0b9
commit 1e4158fd87
82 changed files with 896 additions and 361 deletions
--- a/apps/browser/src/auth/background/service-factories/kdf-config-service.factory.ts
+++ b/apps/browser/src/auth/background/service-factories/kdf-config-service.factory.ts
@@ -0,0 +1,28 @@
+import { KdfConfigService as AbstractKdfConfigService } from "@bitwarden/common/auth/abstractions/kdf-config.service";
+import { KdfConfigService } from "@bitwarden/common/auth/services/kdf-config.service";
+
+import {
+  FactoryOptions,
+  CachedServices,
+  factory,
+} from "../../../platform/background/service-factories/factory-options";
+import {
+  StateProviderInitOptions,
+  stateProviderFactory,
+} from "../../../platform/background/service-factories/state-provider.factory";
+
+type KdfConfigServiceFactoryOptions = FactoryOptions;
+
+export type KdfConfigServiceInitOptions = KdfConfigServiceFactoryOptions & StateProviderInitOptions;
+
+export function kdfConfigServiceFactory(
+  cache: { kdfConfigService?: AbstractKdfConfigService } & CachedServices,
+  opts: KdfConfigServiceInitOptions,
+): Promise<AbstractKdfConfigService> {
+  return factory(
+    cache,
+    "kdfConfigService",
+    opts,
+    async () => new KdfConfigService(await stateProviderFactory(cache, opts)),
+  );
+}
--- a/apps/browser/src/auth/background/service-factories/login-strategy-service.factory.ts
+++ b/apps/browser/src/auth/background/service-factories/login-strategy-service.factory.ts
@@ -68,6 +68,7 @@ import {
  deviceTrustServiceFactory,
  DeviceTrustServiceInitOptions,
 } from "./device-trust-service.factory";
+import { kdfConfigServiceFactory, KdfConfigServiceInitOptions } from "./kdf-config-service.factory";
 import {
  keyConnectorServiceFactory,
  KeyConnectorServiceInitOptions,
@@ -106,7 +107,8 @@ export type LoginStrategyServiceInitOptions = LoginStrategyServiceFactoryOptions
  AuthRequestServiceInitOptions &
  UserDecryptionOptionsServiceInitOptions &
  GlobalStateProviderInitOptions &
-  BillingAccountProfileStateServiceInitOptions;
+  BillingAccountProfileStateServiceInitOptions &
+  KdfConfigServiceInitOptions;

 export function loginStrategyServiceFactory(
  cache: { loginStrategyService?: LoginStrategyServiceAbstraction } & CachedServices,
@@ -140,6 +142,7 @@ export function loginStrategyServiceFactory(
        await internalUserDecryptionOptionServiceFactory(cache, opts),
        await globalStateProviderFactory(cache, opts),
        await billingAccountProfileStateServiceFactory(cache, opts),
+        await kdfConfigServiceFactory(cache, opts),
      ),
  );
 }
--- a/apps/browser/src/auth/background/service-factories/pin-crypto-service.factory.ts
+++ b/apps/browser/src/auth/background/service-factories/pin-crypto-service.factory.ts
@@ -22,13 +22,16 @@ import {
  stateServiceFactory,
 } from "../../../platform/background/service-factories/state-service.factory";

+import { KdfConfigServiceInitOptions, kdfConfigServiceFactory } from "./kdf-config-service.factory";
+
 type PinCryptoServiceFactoryOptions = FactoryOptions;

 export type PinCryptoServiceInitOptions = PinCryptoServiceFactoryOptions &
  StateServiceInitOptions &
  CryptoServiceInitOptions &
  VaultTimeoutSettingsServiceInitOptions &
-  LogServiceInitOptions;
+  LogServiceInitOptions &
+  KdfConfigServiceInitOptions;

 export function pinCryptoServiceFactory(
  cache: { pinCryptoService?: PinCryptoServiceAbstraction } & CachedServices,
@@ -44,6 +47,7 @@ export function pinCryptoServiceFactory(
        await cryptoServiceFactory(cache, opts),
        await vaultTimeoutSettingsServiceFactory(cache, opts),
        await logServiceFactory(cache, opts),
+        await kdfConfigServiceFactory(cache, opts),
      ),
  );
 }
--- a/apps/browser/src/auth/background/service-factories/user-verification-service.factory.ts
+++ b/apps/browser/src/auth/background/service-factories/user-verification-service.factory.ts
@@ -32,6 +32,7 @@ import {
 } from "../../../platform/background/service-factories/state-service.factory";

 import { accountServiceFactory, AccountServiceInitOptions } from "./account-service.factory";
+import { KdfConfigServiceInitOptions, kdfConfigServiceFactory } from "./kdf-config-service.factory";
 import {
  internalMasterPasswordServiceFactory,
  MasterPasswordServiceInitOptions,
@@ -59,7 +60,8 @@ export type UserVerificationServiceInitOptions = UserVerificationServiceFactoryO
  PinCryptoServiceInitOptions &
  LogServiceInitOptions &
  VaultTimeoutSettingsServiceInitOptions &
-  PlatformUtilsServiceInitOptions;
+  PlatformUtilsServiceInitOptions &
+  KdfConfigServiceInitOptions;

 export function userVerificationServiceFactory(
  cache: { userVerificationService?: AbstractUserVerificationService } & CachedServices,
@@ -82,6 +84,7 @@ export function userVerificationServiceFactory(
        await logServiceFactory(cache, opts),
        await vaultTimeoutSettingsServiceFactory(cache, opts),
        await platformUtilsServiceFactory(cache, opts),
+        await kdfConfigServiceFactory(cache, opts),
      ),
  );
 }
--- a/apps/browser/src/auth/popup/lock.component.ts
+++ b/apps/browser/src/auth/popup/lock.component.ts
@@ -12,6 +12,7 @@ import { InternalPolicyService } from "@bitwarden/common/admin-console/abstracti
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { DeviceTrustServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust.service.abstraction";
+import { KdfConfigService } from "@bitwarden/common/auth/abstractions/kdf-config.service";
 import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
@@ -66,6 +67,7 @@ export class LockComponent extends BaseLockComponent {
    private routerService: BrowserRouterService,
    biometricStateService: BiometricStateService,
    accountService: AccountService,
+    kdfConfigService: KdfConfigService,
  ) {
    super(
      masterPasswordService,
@@ -90,6 +92,7 @@ export class LockComponent extends BaseLockComponent {
      pinCryptoService,
      biometricStateService,
      accountService,
+      kdfConfigService,
    );
    this.successRoute = "/tabs/current";
    this.isInitialLockScreen = (window as any).previousPopupUrl == null;
--- a/apps/browser/src/background/main.background.ts
+++ b/apps/browser/src/background/main.background.ts
@@ -33,6 +33,7 @@ import { AvatarService as AvatarServiceAbstraction } from "@bitwarden/common/aut
 import { DeviceTrustServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust.service.abstraction";
 import { DevicesServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices/devices.service.abstraction";
 import { DevicesApiServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices-api.service.abstraction";
+import { KdfConfigService as kdfConfigServiceAbstraction } from "@bitwarden/common/auth/abstractions/kdf-config.service";
 import { KeyConnectorService as KeyConnectorServiceAbstraction } from "@bitwarden/common/auth/abstractions/key-connector.service";
 import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
@@ -48,6 +49,7 @@ import { AvatarService } from "@bitwarden/common/auth/services/avatar.service";
 import { DeviceTrustService } from "@bitwarden/common/auth/services/device-trust.service.implementation";
 import { DevicesServiceImplementation } from "@bitwarden/common/auth/services/devices/devices.service.implementation";
 import { DevicesApiServiceImplementation } from "@bitwarden/common/auth/services/devices-api.service.implementation";
+import { KdfConfigService } from "@bitwarden/common/auth/services/kdf-config.service";
 import { KeyConnectorService } from "@bitwarden/common/auth/services/key-connector.service";
 import { MasterPasswordService } from "@bitwarden/common/auth/services/master-password/master-password.service";
 import { SsoLoginService } from "@bitwarden/common/auth/services/sso-login.service";
@@ -339,6 +341,7 @@ export default class MainBackground {
  intraprocessMessagingSubject: Subject<Message<object>>;
  userKeyInitService: UserKeyInitService;
  scriptInjectorService: BrowserScriptInjectorService;
+  kdfConfigService: kdfConfigServiceAbstraction;

  onUpdatedRan: boolean;
  onReplacedRan: boolean;
@@ -542,6 +545,9 @@ export default class MainBackground {
    this.masterPasswordService = new MasterPasswordService(this.stateProvider);

    this.i18nService = new I18nService(BrowserApi.getUILanguage(), this.globalStateProvider);
+
+    this.kdfConfigService = new KdfConfigService(this.stateProvider);
+
    this.cryptoService = new BrowserCryptoService(
      this.masterPasswordService,
      this.keyGenerationService,
@@ -553,6 +559,7 @@ export default class MainBackground {
      this.accountService,
      this.stateProvider,
      this.biometricStateService,
+      this.kdfConfigService,
    );

    this.appIdService = new AppIdService(this.globalStateProvider);
@@ -675,6 +682,7 @@ export default class MainBackground {
      this.userDecryptionOptionsService,
      this.globalStateProvider,
      this.billingAccountProfileStateService,
+      this.kdfConfigService,
    );

    this.ssoLoginService = new SsoLoginService(this.stateProvider);
@@ -725,6 +733,7 @@ export default class MainBackground {
      this.cryptoService,
      this.vaultTimeoutSettingsService,
      this.logService,
+      this.kdfConfigService,
    );

    this.userVerificationService = new UserVerificationService(
@@ -739,6 +748,7 @@ export default class MainBackground {
      this.logService,
      this.vaultTimeoutSettingsService,
      this.platformUtilsService,
+      this.kdfConfigService,
    );

    this.vaultFilterService = new VaultFilterService(
@@ -861,7 +871,7 @@ export default class MainBackground {
      this.cipherService,
      this.cryptoService,
      this.cryptoFunctionService,
-      this.stateService,
+      this.kdfConfigService,
    );

    this.organizationVaultExportService = new OrganizationVaultExportService(
@@ -869,8 +879,8 @@ export default class MainBackground {
      this.apiService,
      this.cryptoService,
      this.cryptoFunctionService,
-      this.stateService,
      this.collectionService,
+      this.kdfConfigService,
    );

    this.exportService = new VaultExportService(
--- a/apps/browser/src/platform/background/service-factories/crypto-service.factory.ts
+++ b/apps/browser/src/platform/background/service-factories/crypto-service.factory.ts
@@ -4,6 +4,10 @@ import {
  AccountServiceInitOptions,
  accountServiceFactory,
 } from "../../../auth/background/service-factories/account-service.factory";
+import {
+  KdfConfigServiceInitOptions,
+  kdfConfigServiceFactory,
+} from "../../../auth/background/service-factories/kdf-config-service.factory";
 import {
  internalMasterPasswordServiceFactory,
  MasterPasswordServiceInitOptions,
@@ -18,7 +22,10 @@ import {
 } from "../../background/service-factories/log-service.factory";
 import { BrowserCryptoService } from "../../services/browser-crypto.service";

-import { biometricStateServiceFactory } from "./biometric-state-service.factory";
+import {
+  BiometricStateServiceInitOptions,
+  biometricStateServiceFactory,
+} from "./biometric-state-service.factory";
 import {
  cryptoFunctionServiceFactory,
  CryptoFunctionServiceInitOptions,
@@ -46,7 +53,9 @@ export type CryptoServiceInitOptions = CryptoServiceFactoryOptions &
  LogServiceInitOptions &
  StateServiceInitOptions &
  AccountServiceInitOptions &
-  StateProviderInitOptions;
+  StateProviderInitOptions &
+  BiometricStateServiceInitOptions &
+  KdfConfigServiceInitOptions;

 export function cryptoServiceFactory(
  cache: { cryptoService?: AbstractCryptoService } & CachedServices,
@@ -68,6 +77,7 @@ export function cryptoServiceFactory(
        await accountServiceFactory(cache, opts),
        await stateProviderFactory(cache, opts),
        await biometricStateServiceFactory(cache, opts),
+        await kdfConfigServiceFactory(cache, opts),
      ),
  );
 }
--- a/apps/browser/src/platform/services/browser-crypto.service.ts
+++ b/apps/browser/src/platform/services/browser-crypto.service.ts
@@ -1,6 +1,7 @@
 import { firstValueFrom } from "rxjs";

 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { KdfConfigService } from "@bitwarden/common/auth/abstractions/kdf-config.service";
 import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
@@ -28,6 +29,7 @@ export class BrowserCryptoService extends CryptoService {
    accountService: AccountService,
    stateProvider: StateProvider,
    private biometricStateService: BiometricStateService,
+    kdfConfigService: KdfConfigService,
  ) {
    super(
      masterPasswordService,
@@ -39,6 +41,7 @@ export class BrowserCryptoService extends CryptoService {
      stateService,
      accountService,
      stateProvider,
+      kdfConfigService,
    );
  }
  override async hasUserKeyStored(keySuffix: KeySuffixOptions, userId?: UserId): Promise<boolean> {