Scrypt KDF Support

Quexten · January 15, 2023, 2:40pm

As commented on the scrypt pull-request, here is the draft-pull request enabling the back-end functionality for the KDF options. Since as you pointed out new KDF’s don’t occur every other day, I chose to simply add 2 new columns, one for kdfMemory, one for kdfParallelism instead of a JSON object, but the pull request is of course open for discussion :

github.com/bitwarden/server

[PS-2267] Add KdfMemory and KDFParallelism fields

bitwarden:master ← quexten:feature/kdf-options

opened 02:33PM - 15 Jan 23 UTC

quexten

+311 -6

## Type of change ``` - [ ] Bug fix - [x] New feature development - [ …] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective For the scrypt, and especially argon2 key derivation functions, there are more parameters than just iterations. To make them configurable, new fields are needed. One option would be to create a new string field, which we encode a JSON "kdfOptions" object int, which would be very flexible but also (in my opinion) a bit complex for the use-case. Since I don't expect that Bitwarden needs to frequently add new KDF's with new parameters, this pull request simply adds 2 integer columns for the memory consumption, and the parallelism of the KDFs. I.e the client now gets something like: ``` { kdfType: 0, kdfIterations: 100000, kdfMemory: 1000, kdfParallelism: 2 } ``` As in the prelogin response, instead of just kdfType and kdfIterations. For PBKDF2, the new values are simply 0. **While I tested the basic functionality, I did not test every possibly affected function / migration yet. I already opened it so we can discuss whether this is the right approach.** ## Code changes AccountsController.cs: Add default handling for kdfMemory and kdfParallelism KdfRequestModel.cs, SetKeyConnectorKeyRequsest.cs, SetPasswordRequestModel.cs, OrganisationUserResponseModel.cs, EmergencyAccessResponse.cs, User.cs, RegisterRequestModel.cs, PreloginResponseModel.cs, OrganisationUserResetPasswordDetails.cs, UserKdfInformation.cs, IUserService.cs, UserService.cs,: Add kdfMemory, kdfParallelism fields User_Create.sql, User_ReadKdfByEmail.sql, User_Update.sql: Add the columns to the users table. 2023_01-15_00_KDFOptions.sql: Insert the columns if they are missing, and update the user creation, updating, and read kdf by email procedures (did I miss any here?)