[PM-2241] Add PRF attestation flow during passkey registration (#6525)

* [PM-2241] chore: refactor into new "pending" view type

* [PM-2241] feat: record PRF support

* [PM-2241] feat: add prf checkbox to dialog

* [PM-2241] chore: remove `disableMargin` instead

Will expressed his concern that these things aren't sustainable, and that we should try using `!important` statements instead, which is a good point!

* [PM-2241] feat: add prf registration

* [PM-2241] feat: add support for `prfStatus`

* [PM-2241] feat: add rotateable key set

* [PM-2241] feat: add PRF creation error handling

* [PM-2241] chore: improve rotateable key docs

* [PM-2241] feat: add basic test

* [PM-2241] chore: update `SaveCredentialRequest` docs

* [PM-2241] chore: rename to `WebauthnLoginAdminService`

* [PM-2241] fix: typo in `save-credential.request.ts`

* [PM-2241] fix: typo in more places

libs/auth/src/index.ts

@@ -1,2 +1,3 @@
 export * from "./components/fingerprint-dialog.component";
 export * from "./password-callout/password-callout.component";
+export * from "./models";

libs/auth/src/models/domain/index.ts

@@ -0,0 +1 @@
+export * from "./rotateable-key-set";

libs/auth/src/models/domain/rotateable-key-set.ts

@@ -0,0 +1,36 @@
+import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
+import {
+  PrfKey,
+  SymmetricCryptoKey,
+} from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+
+declare const tag: unique symbol;
+
+/**
+ * A set of keys where a `UserKey` is protected by an encrypted public/private key-pair.
+ * The `UserKey` is used to encrypt/decrypt data, while the public/private key-pair is
+ * used to rotate the `UserKey`.
+ *
+ * The `PrivateKey` is protected by an `ExternalKey`, such as a `DeviceKey`, or `PrfKey`,
+ * and the `PublicKey` is protected by the `UserKey`. This setup allows:
+ *
+ *   - Access to `UserKey` by knowing the `ExternalKey`
+ *   - Rotation to a `NewUserKey` by knowing the current `UserKey`,
+ *     without needing access to the `ExternalKey`
+ */
+export class RotateableKeySet<ExternalKey extends SymmetricCryptoKey = SymmetricCryptoKey> {
+  private readonly [tag]: ExternalKey;
+
+  constructor(
+    /** PublicKey encrypted UserKey */
+    readonly encryptedUserKey: EncString,
+
+    /** UserKey encrypted PublicKey */
+    readonly encryptedPublicKey: EncString,
+
+    /** ExternalKey encrypted PrivateKey */
+    readonly encryptedPrivateKey: EncString
+  ) {}
+}
+
+export type PrfKeySet = RotateableKeySet<PrfKey>;

libs/auth/src/models/index.ts

@@ -0,0 +1 @@
+export * from "./domain";

libs/common/src/platform/models/domain/symmetric-crypto-key.ts

@@ -78,6 +78,7 @@ export class SymmetricCryptoKey {
 
 // Setup all separate key types as opaque types
 export type DeviceKey = Opaque<SymmetricCryptoKey, "DeviceKey">;
+export type PrfKey = Opaque<SymmetricCryptoKey, "PrfKey">;
 export type UserKey = Opaque<SymmetricCryptoKey, "UserKey">;
 export type MasterKey = Opaque<SymmetricCryptoKey, "MasterKey">;
 export type PinKey = Opaque<SymmetricCryptoKey, "PinKey">;