[PM-23229] Add extra validation to kdf changes + authentication data + unlock data (#6121)

* Added MasterPasswordUnlock to UserDecryptionOptions as part of identity response * Implement support for authentication data and unlock data in kdf change * Extract to kdf command and add tests * Fix namespace * Delete empty file * Fix build * Clean up tests * Fix tests * Add comments * Cleanup * Cleanup * Cleanup * Clean-up and fix build * Address feedback; force new parameters on KDF change request * Clean-up and add tests * Re-add logger * Update logger to interface * Clean up, remove Kdf Request Model * Remove kdf request model tests * Fix types in test * Address feedback to rename request model and re-add tests * Fix namespace * Move comments * Rename InnerKdfRequestModel to KdfRequestModel --------- Co-authored-by: Maciej Zieniuk <mzieniuk@bitwarden.com>
2026-01-20 09:23:28 +00:00 · 2025-09-24 05:10:46 +09:00
parent 744f11733d
commit ff092a031e
25 changed files with 729 additions and 173 deletions
--- a/test/Api.Test/Utilities/KdfSettingsValidatorTests.cs
+++ b/test/Api.Test/Utilities/KdfSettingsValidatorTests.cs
@@ -0,0 +1,36 @@
+using Bit.Core.Enums;
+using Bit.Core.Utilities;
+using Xunit;
+
+namespace Bit.Api.Test.Utilities;
+
+public class KdfSettingsValidatorTests
+{
+    [Theory]
+    [InlineData(KdfType.PBKDF2_SHA256, 1_000_000, null, null)] // Somewhere in the middle
+    [InlineData(KdfType.PBKDF2_SHA256, 600_000, null, null)] // Right on the lower boundary
+    [InlineData(KdfType.PBKDF2_SHA256, 2_000_000, null, null)] // Right on the upper boundary
+    [InlineData(KdfType.Argon2id, 5, 500, 8)] // Somewhere in the middle
+    [InlineData(KdfType.Argon2id, 2, 15, 1)] // Right on the lower boundary
+    [InlineData(KdfType.Argon2id, 10, 1024, 16)] // Right on the upper boundary
+    public void Validate_IsValid(KdfType kdfType, int kdfIterations, int? kdfMemory, int? kdfParallelism)
+    {
+        var results = KdfSettingsValidator.Validate(kdfType, kdfIterations, kdfMemory, kdfParallelism);
+        Assert.Empty(results);
+    }
+
+    [Theory]
+    [InlineData(KdfType.PBKDF2_SHA256, 500_000, null, null, 1)] // Too few iterations
+    [InlineData(KdfType.PBKDF2_SHA256, 2_000_001, null, null, 1)] // Too many iterations
+    [InlineData(KdfType.Argon2id, 0, 30, 8, 1)] // Iterations must be greater than 0
+    [InlineData(KdfType.Argon2id, 10, 14, 8, 1)] // Too little memory
+    [InlineData(KdfType.Argon2id, 10, 14, 0, 1)] // Too small of a parallelism value
+    [InlineData(KdfType.Argon2id, 10, 1025, 8, 1)] // Too much memory
+    [InlineData(KdfType.Argon2id, 10, 512, 17, 1)] // Too big of a parallelism value
+    public void Validate_Fails(KdfType kdfType, int kdfIterations, int? kdfMemory, int? kdfParallelism, int expectedFailures)
+    {
+        var results = KdfSettingsValidator.Validate(kdfType, kdfIterations, kdfMemory, kdfParallelism);
+        Assert.NotEmpty(results);
+        Assert.Equal(expectedFailures, results.Count());
+    }
+}