[PM-5735] Create kdf Service (#8715)

* key connector migration initial * migrator complete * fix dependencies * finalized tests * fix deps and sync main * clean up definition file * fixing tests * fixed tests * fixing CLI, Browser, Desktop builds * fixed factory options * reverting exports * implemented UserKeyDefinition clearOn * Initial Kdf Service Changes * rename and account setting kdfconfig * fixing tests and renaming migration * fixed DI ordering for browser * rename and fix DI * Clean up Migrations * fixing migrations * begin data structure changes for kdf config * Make KDF more type safe; co-author: jlf0dev * fixing tests * Fixed CLI login and comments * set now accepts userId and test updates --------- Co-authored-by: Jake Fink <jfink@bitwarden.com>
2025-12-16 00:03:56 +00:00 · 2024-04-25 11:26:01 -07:00
parent dba910d0b9
commit 1e4158fd87
82 changed files with 896 additions and 361 deletions
--- a/libs/common/src/state-migrations/migrations/59-move-kdf-config-to-state-provider.ts
+++ b/libs/common/src/state-migrations/migrations/59-move-kdf-config-to-state-provider.ts
@@ -0,0 +1,78 @@
+import { KeyDefinitionLike, MigrationHelper } from "../migration-helper";
+import { Migrator } from "../migrator";
+
+enum KdfType {
+  PBKDF2_SHA256 = 0,
+  Argon2id = 1,
+}
+
+class KdfConfig {
+  iterations: number;
+  kdfType: KdfType;
+  memory?: number;
+  parallelism?: number;
+}
+
+type ExpectedAccountType = {
+  profile?: {
+    kdfIterations: number;
+    kdfType: KdfType;
+    kdfMemory?: number;
+    kdfParallelism?: number;
+  };
+};
+
+const kdfConfigKeyDefinition: KeyDefinitionLike = {
+  key: "kdfConfig",
+  stateDefinition: {
+    name: "kdfConfig",
+  },
+};
+
+export class KdfConfigMigrator extends Migrator<58, 59> {
+  async migrate(helper: MigrationHelper): Promise<void> {
+    const accounts = await helper.getAccounts<ExpectedAccountType>();
+    async function migrateAccount(userId: string, account: ExpectedAccountType): Promise<void> {
+      const iterations = account?.profile?.kdfIterations;
+      const kdfType = account?.profile?.kdfType;
+      const memory = account?.profile?.kdfMemory;
+      const parallelism = account?.profile?.kdfParallelism;
+
+      const kdfConfig: KdfConfig = {
+        iterations: iterations,
+        kdfType: kdfType,
+        memory: memory,
+        parallelism: parallelism,
+      };
+
+      if (kdfConfig != null) {
+        await helper.setToUser(userId, kdfConfigKeyDefinition, kdfConfig);
+        delete account?.profile?.kdfIterations;
+        delete account?.profile?.kdfType;
+        delete account?.profile?.kdfMemory;
+        delete account?.profile?.kdfParallelism;
+      }
+
+      await helper.set(userId, account);
+    }
+    await Promise.all([...accounts.map(({ userId, account }) => migrateAccount(userId, account))]);
+  }
+
+  async rollback(helper: MigrationHelper): Promise<void> {
+    const accounts = await helper.getAccounts<ExpectedAccountType>();
+    async function rollbackAccount(userId: string, account: ExpectedAccountType): Promise<void> {
+      const kdfConfig: KdfConfig = await helper.getFromUser(userId, kdfConfigKeyDefinition);
+
+      if (kdfConfig != null) {
+        account.profile.kdfIterations = kdfConfig.iterations;
+        account.profile.kdfType = kdfConfig.kdfType;
+        account.profile.kdfMemory = kdfConfig.memory;
+        account.profile.kdfParallelism = kdfConfig.parallelism;
+        await helper.setToUser(userId, kdfConfigKeyDefinition, null);
+      }
+      await helper.set(userId, account);
+    }
+
+    await Promise.all([...accounts.map(({ userId, account }) => rollbackAccount(userId, account))]);
+  }
+}