[PM-23229] Add extra validation to kdf changes + authentication data + unlock data (#6121)

* Added MasterPasswordUnlock to UserDecryptionOptions as part of identity response

* Implement support for authentication data and unlock data in kdf change

* Extract to kdf command and add tests

* Fix namespace

* Delete empty file

* Fix build

* Clean up tests

* Fix tests

* Add comments

* Cleanup

* Cleanup

* Cleanup

* Clean-up and fix build

* Address feedback; force new parameters on KDF change request

* Clean-up and add tests

* Re-add logger

* Update logger to interface

* Clean up, remove Kdf Request Model

* Remove kdf request model tests

* Fix types in test

* Address feedback to rename request model and re-add tests

* Fix namespace

* Move comments

* Rename InnerKdfRequestModel to KdfRequestModel

---------

Co-authored-by: Maciej Zieniuk <mzieniuk@bitwarden.com>

src/Api/KeyManagement/Models/Requests/KdfRequestModel.cs

@@ -0,0 +1,26 @@
+using System.ComponentModel.DataAnnotations;
+using Bit.Core.Enums;
+using Bit.Core.KeyManagement.Models.Data;
+
+namespace Bit.Api.KeyManagement.Models.Requests;
+
+public class KdfRequestModel
+{
+    [Required]
+    public required KdfType KdfType { get; init; }
+    [Required]
+    public required int Iterations { get; init; }
+    public int? Memory { get; init; }
+    public int? Parallelism { get; init; }
+
+    public KdfSettings ToData()
+    {
+        return new KdfSettings
+        {
+            KdfType = KdfType,
+            Iterations = Iterations,
+            Memory = Memory,
+            Parallelism = Parallelism
+        };
+    }
+}

src/Api/KeyManagement/Models/Requests/MasterPasswordAuthenticationDataRequestModel.cs

@@ -0,0 +1,21 @@
+using System.ComponentModel.DataAnnotations;
+using Bit.Core.KeyManagement.Models.Data;
+
+namespace Bit.Api.KeyManagement.Models.Requests;
+
+public class MasterPasswordAuthenticationDataRequestModel
+{
+    public required KdfRequestModel Kdf { get; init; }
+    public required string MasterPasswordAuthenticationHash { get; init; }
+    [StringLength(256)] public required string Salt { get; init; }
+
+    public MasterPasswordAuthenticationData ToData()
+    {
+        return new MasterPasswordAuthenticationData
+        {
+            Kdf = Kdf.ToData(),
+            MasterPasswordAuthenticationHash = MasterPasswordAuthenticationHash,
+            Salt = Salt
+        };
+    }
+}

src/Api/KeyManagement/Models/Requests/MasterPasswordUnlockDataRequestModel.cs

@@ -0,0 +1,22 @@
+using System.ComponentModel.DataAnnotations;
+using Bit.Core.KeyManagement.Models.Data;
+using Bit.Core.Utilities;
+
+namespace Bit.Api.KeyManagement.Models.Requests;
+
+public class MasterPasswordUnlockDataRequestModel
+{
+    public required KdfRequestModel Kdf { get; init; }
+    [EncryptedString] public required string MasterKeyWrappedUserKey { get; init; }
+    [StringLength(256)] public required string Salt { get; init; }
+
+    public MasterPasswordUnlockData ToData()
+    {
+        return new MasterPasswordUnlockData
+        {
+            Kdf = Kdf.ToData(),
+            MasterKeyWrappedUserKey = MasterKeyWrappedUserKey,
+            Salt = Salt
+        };
+    }
+}

src/Api/KeyManagement/Models/Requests/UnlockDataRequestModel.cs

@@ -10,7 +10,7 @@ namespace Bit.Api.KeyManagement.Models.Requests;
 public class UnlockDataRequestModel
 {
     // All methods to get to the userkey
-    public required MasterPasswordUnlockDataModel MasterPasswordUnlockData { get; set; }
+    public required MasterPasswordUnlockAndAuthenticationDataModel MasterPasswordUnlockData { get; set; }
     public required IEnumerable<EmergencyAccessWithIdRequestModel> EmergencyAccessUnlockData { get; set; }
     public required IEnumerable<ResetPasswordWithOrgIdRequestModel> OrganizationAccountRecoveryUnlockData { get; set; }
     public required IEnumerable<WebAuthnLoginRotateKeyRequestModel> PasskeyUnlockData { get; set; }