[PS-2267] Add KdfMemory and KDFParallelism fields (#2583)

* Add KdfMemory and KDFParallelism fields

* Revise argon2 support

This pull request makes the new attribues for argon2, kdfMemory and
kdfParallelism optional. Furthermore it adds checks for the argon2
parametrs and improves the database migration script.

* Add validation for argon2 in RegisterRequestModel

* update validation messages

* update sql scripts

* register data protection with migration factories

* add ef migrations

* update kdf option validation

* adjust validation

* Centralize and Test KDF Validation

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>

src/Core/Models/Api/Request/Accounts/RegisterRequestModel.cs

@@ -26,6 +26,8 @@ public class RegisterRequestModel : IValidatableObject, ICaptchaProtectedModel
     public Guid? OrganizationUserId { get; set; }
     public KdfType? Kdf { get; set; }
     public int? KdfIterations { get; set; }
+    public int? KdfMemory { get; set; }
+    public int? KdfParallelism { get; set; }
     public Dictionary<string, object> ReferenceData { get; set; }
 
     public User ToUser()
@@ -37,6 +39,8 @@ public class RegisterRequestModel : IValidatableObject, ICaptchaProtectedModel
             MasterPasswordHint = MasterPasswordHint,
             Kdf = Kdf.GetValueOrDefault(KdfType.PBKDF2_SHA256),
             KdfIterations = KdfIterations.GetValueOrDefault(5000),
+            KdfMemory = KdfMemory,
+            KdfParallelism = KdfParallelism
         };
 
         if (ReferenceData != null)
@@ -61,17 +65,9 @@ public class RegisterRequestModel : IValidatableObject, ICaptchaProtectedModel
     {
         if (Kdf.HasValue && KdfIterations.HasValue)
         {
-            switch (Kdf.Value)
-            {
-                case KdfType.PBKDF2_SHA256:
-                    if (KdfIterations.Value < 5000 || KdfIterations.Value > 1_000_000)
-                    {
-                        yield return new ValidationResult("KDF iterations must be between 5000 and 1000000.");
-                    }
-                    break;
-                default:
-                    break;
-            }
+            return KdfSettingsValidator.Validate(Kdf.Value, KdfIterations.Value, KdfMemory, KdfParallelism);
         }
+
+        return Enumerable.Empty<ValidationResult>();
     }
 }

src/Core/Models/Api/Response/Accounts/PreloginResponseModel.cs

@@ -9,8 +9,12 @@ public class PreloginResponseModel
     {
         Kdf = kdfInformation.Kdf;
         KdfIterations = kdfInformation.KdfIterations;
+        KdfMemory = kdfInformation.KdfMemory;
+        KdfParallelism = kdfInformation.KdfParallelism;
     }
 
     public KdfType Kdf { get; set; }
     public int KdfIterations { get; set; }
+    public int? KdfMemory { get; set; }
+    public int? KdfParallelism { get; set; }
 }

src/Core/Models/Data/Organizations/OrganizationUsers/OrganizationUserResetPasswordDetails.cs

@@ -24,11 +24,15 @@ public class OrganizationUserResetPasswordDetails
 
         Kdf = user.Kdf;
         KdfIterations = user.KdfIterations;
+        KdfMemory = user.KdfMemory;
+        KdfParallelism = user.KdfParallelism;
         ResetPasswordKey = orgUser.ResetPasswordKey;
         EncryptedPrivateKey = org.PrivateKey;
     }
     public KdfType Kdf { get; set; }
     public int KdfIterations { get; set; }
+    public int? KdfMemory { get; set; }
+    public int? KdfParallelism { get; set; }
     public string ResetPasswordKey { get; set; }
     public string EncryptedPrivateKey { get; set; }
 }

src/Core/Models/Data/UserKdfInformation.cs

@@ -6,4 +6,6 @@ public class UserKdfInformation
 {
     public KdfType Kdf { get; set; }
     public int KdfIterations { get; set; }
+    public int? KdfMemory { get; set; }
+    public int? KdfParallelism { get; set; }
 }