[PS-2358] Add kdf configuration options (#2328)

* Implement kdf configuration * Remove unused import * Move kdf parameters to kdfConfiguration struct * Remove unused state migration service keys * Revert newline changes in PCLCryptoFunctionService * Update KdfConfiguration.cs * Add checks for argon2, clean statemigration service * Update constants * Clean up code * Further cleanup * Change KdfType to non-nullable in SetKeyConnectorKeyRequest --------- Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
2025-12-17 08:43:21 +00:00 · 2023-01-30 17:34:50 +01:00
parent 8b08f906bd
commit c3ad5f0580
20 changed files with 135 additions and 101 deletions
--- a/src/Core/Services/AuthService.cs
+++ b/src/Core/Services/AuthService.cs
@@ -276,15 +276,13 @@ namespace Bit.Core.Services
        private async Task<SymmetricCryptoKey> MakePreloginKeyAsync(string masterPassword, string email)
        {
            email = email.Trim().ToLower();
-            KdfType? kdf = null;
-            int? kdfIterations = null;
+            KdfConfig kdfConfig = KdfConfig.Default;
            try
            {
                var preloginResponse = await _apiService.PostPreloginAsync(new PreloginRequest { Email = email });
                if (preloginResponse != null)
                {
-                    kdf = preloginResponse.Kdf;
-                    kdfIterations = preloginResponse.KdfIterations;
+                    kdfConfig = preloginResponse.KdfConfig;
                }
            }
            catch (ApiException e)
@@ -294,7 +292,7 @@ namespace Bit.Core.Services
                    throw;
                }
            }
-            return await _cryptoService.MakeKeyAsync(masterPassword, email, kdf, kdfIterations);
+            return await _cryptoService.MakeKeyAsync(masterPassword, email, kdfConfig);
        }

        private async Task<AuthResult> LogInHelperAsync(string email, string hashedPassword, string localHashedPassword,
@@ -442,7 +440,7 @@ namespace Bit.Core.Services
                {
                    // SSO Key Connector Onboarding
                    var password = await _cryptoFunctionService.RandomBytesAsync(64);
-                    var k = await _cryptoService.MakeKeyAsync(Convert.ToBase64String(password), _tokenService.GetEmail(), tokenResponse.Kdf, tokenResponse.KdfIterations);
+                    var k = await _cryptoService.MakeKeyAsync(Convert.ToBase64String(password), _tokenService.GetEmail(), tokenResponse.KdfConfig);
                    var keyConnectorRequest = new KeyConnectorUserKeyRequest(k.EncKeyB64);
                    await _cryptoService.SetKeyAsync(k);

@@ -465,7 +463,7 @@ namespace Bit.Core.Services
                        EncryptedPrivateKey = keyPair.Item2.EncryptedString
                    };
                    var setPasswordRequest = new SetKeyConnectorKeyRequest(
-                        encKey.Item2.EncryptedString, keys, tokenResponse.Kdf, tokenResponse.KdfIterations, orgId
+                        encKey.Item2.EncryptedString, keys, tokenResponse.KdfConfig, orgId
                    );
                    await _apiService.PostSetKeyConnectorKey(setPasswordRequest);
                }