[PM-23230] Implement KDF Change Service (#15748)

* Add new mp service api

* Fix tests

* Add test coverage

* Add newline

* Fix type

* Rename to "unwrapUserKeyFromMasterPasswordUnlockData"

* Fix build

* Fix build on cli

* Fix linting

* Re-sort spec

* Add tests

* Fix test and build issues

* Fix build

* Clean up

* Remove introduced function

* Clean up comments

* Fix abstract class types

* Fix comments

* Cleanup

* Cleanup

* Update libs/common/src/key-management/master-password/types/master-password.types.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update libs/common/src/key-management/master-password/services/master-password.service.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update libs/common/src/key-management/master-password/abstractions/master-password.service.abstraction.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update libs/common/src/key-management/master-password/types/master-password.types.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update libs/common/src/key-management/master-password/abstractions/master-password.service.abstraction.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Add comments

* Fix build

* Add arg null check

* Cleanup

* Fix build

* Fix build on browser

* Implement KDF change service

* Deprecate encryptUserKeyWithMasterKey

* Update libs/common/src/key-management/master-password/abstractions/master-password.service.abstraction.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update libs/common/src/key-management/master-password/abstractions/master-password.service.abstraction.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update libs/common/src/key-management/master-password/abstractions/master-password.service.abstraction.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Add tests for null params

* Fix builds

* Cleanup and deprecate more functions

* Fix formatting

* Prettier

* Clean up

* Update libs/key-management/src/abstractions/key.service.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Make emailToSalt private and expose abstract saltForUser

* Add tests

* Add docs

* Fix build

* Fix tests

* Fix tests

* Address feedback and fix primitive obsession

* Consolidate active account checks in change kdf confirmation component

* Update libs/common/src/key-management/kdf/services/change-kdf-service.spec.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Add defensive parameter checks

* Add tests

* Add comment for follow-up epic

* Move change kdf service, remove abstraction and add api service

* Fix test

* Drop redundant null check

* Address feedback

* Add throw on empty password

* Fix tests

* Mark change kdf service as internal

* Add abstract classes

* Switch to abstraction

* use sdk EncString in MasterPasswordUnlockData

* fix remaining tests

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
Co-authored-by: Jake Fink <jfink@bitwarden.com>

libs/auth/src/angular/input-password/input-password.component.ts

@@ -303,6 +303,14 @@ export class InputPasswordComponent implements OnInit {
         throw new Error("KdfConfig is required to create master key.");
       }
 
+      const salt =
+        this.userId != null
+          ? await firstValueFrom(this.masterPasswordService.saltForUser$(this.userId))
+          : this.masterPasswordService.emailToSalt(this.email);
+      if (salt == null) {
+        throw new Error("Salt is required to create master key.");
+      }
+
       // 2. Verify current password is correct (if necessary)
       if (
         this.flow === InputPasswordFlow.ChangePassword ||
@@ -348,6 +356,7 @@ export class InputPasswordComponent implements OnInit {
 
       const passwordInputResult: PasswordInputResult = {
         newPassword,
+        salt,
         newMasterKey,
         newServerMasterKeyHash,
         newLocalMasterKeyHash,

libs/auth/src/angular/input-password/password-input-result.ts

@@ -1,18 +1,26 @@
+import { MasterPasswordSalt } from "@bitwarden/common/key-management/master-password/types/master-password.types";
 import { MasterKey } from "@bitwarden/common/types/key";
 import { KdfConfig } from "@bitwarden/key-management";
 
 export interface PasswordInputResult {
   currentPassword?: string;
+  newPassword: string;
+  kdfConfig?: KdfConfig;
+  salt?: MasterPasswordSalt;
+  newPasswordHint?: string;
+  rotateUserKey?: boolean;
+
+  /** @deprecated This low-level cryptographic state will be removed. It will be replaced by high level calls to masterpassword service, in the consumers of this interface. */
   currentMasterKey?: MasterKey;
+  /** @deprecated */
   currentServerMasterKeyHash?: string;
+  /** @deprecated */
   currentLocalMasterKeyHash?: string;
 
-  newPassword: string;
-  newPasswordHint?: string;
+  /** @deprecated */
   newMasterKey?: MasterKey;
+  /** @deprecated */
   newServerMasterKeyHash?: string;
+  /** @deprecated */
   newLocalMasterKeyHash?: string;
-
-  kdfConfig?: KdfConfig;
-  rotateUserKey?: boolean;
 }