Platform/pm 19/platform team file moves (#5460)

* Rename service-factory folder

* Move cryptographic service factories

* Move crypto models

* Move crypto services

* Move domain base class

* Platform code owners

* Move desktop log services

* Move log files

* Establish component library ownership

* Move background listeners

* Move background background

* Move localization to Platform

* Move browser alarms to Platform

* Move browser state to Platform

* Move CLI state to Platform

* Move Desktop native concerns to Platform

* Move flag and misc to Platform

* Lint fixes

* Move electron state to platform

* Move web state to Platform

* Move lib state to Platform

* Fix broken tests

* Rename interface to idiomatic TS

* `npm run prettier` 🤖

* Resolve review feedback

* Set platform as owners of web core and shared

* Expand moved services

* Fix test types

---------

Co-authored-by: Hinton <hinton@users.noreply.github.com>

libs/common/src/platform/services/cryptography/encrypt.service.implementation.ts

@@ -0,0 +1,200 @@
+import { EncryptionType } from "../../../enums";
+import { Utils } from "../../../platform/misc/utils";
+import { CryptoFunctionService } from "../../abstractions/crypto-function.service";
+import { EncryptService } from "../../abstractions/encrypt.service";
+import { LogService } from "../../abstractions/log.service";
+import { Decryptable } from "../../interfaces/decryptable.interface";
+import { Encrypted } from "../../interfaces/encrypted";
+import { InitializerMetadata } from "../../interfaces/initializer-metadata.interface";
+import { EncArrayBuffer } from "../../models/domain/enc-array-buffer";
+import { EncString } from "../../models/domain/enc-string";
+import { EncryptedObject } from "../../models/domain/encrypted-object";
+import { SymmetricCryptoKey } from "../../models/domain/symmetric-crypto-key";
+
+export class EncryptServiceImplementation implements EncryptService {
+  constructor(
+    protected cryptoFunctionService: CryptoFunctionService,
+    protected logService: LogService,
+    protected logMacFailures: boolean
+  ) {}
+
+  async encrypt(plainValue: string | ArrayBuffer, key: SymmetricCryptoKey): Promise<EncString> {
+    if (key == null) {
+      throw new Error("No encryption key provided.");
+    }
+
+    if (plainValue == null) {
+      return Promise.resolve(null);
+    }
+
+    let plainBuf: ArrayBuffer;
+    if (typeof plainValue === "string") {
+      plainBuf = Utils.fromUtf8ToArray(plainValue).buffer;
+    } else {
+      plainBuf = plainValue;
+    }
+
+    const encObj = await this.aesEncrypt(plainBuf, key);
+    const iv = Utils.fromBufferToB64(encObj.iv);
+    const data = Utils.fromBufferToB64(encObj.data);
+    const mac = encObj.mac != null ? Utils.fromBufferToB64(encObj.mac) : null;
+    return new EncString(encObj.key.encType, data, iv, mac);
+  }
+
+  async encryptToBytes(plainValue: ArrayBuffer, key: SymmetricCryptoKey): Promise<EncArrayBuffer> {
+    if (key == null) {
+      throw new Error("No encryption key provided.");
+    }
+
+    const encValue = await this.aesEncrypt(plainValue, key);
+    let macLen = 0;
+    if (encValue.mac != null) {
+      macLen = encValue.mac.byteLength;
+    }
+
+    const encBytes = new Uint8Array(1 + encValue.iv.byteLength + macLen + encValue.data.byteLength);
+    encBytes.set([encValue.key.encType]);
+    encBytes.set(new Uint8Array(encValue.iv), 1);
+    if (encValue.mac != null) {
+      encBytes.set(new Uint8Array(encValue.mac), 1 + encValue.iv.byteLength);
+    }
+
+    encBytes.set(new Uint8Array(encValue.data), 1 + encValue.iv.byteLength + macLen);
+    return new EncArrayBuffer(encBytes.buffer);
+  }
+
+  async decryptToUtf8(encString: EncString, key: SymmetricCryptoKey): Promise<string> {
+    if (key == null) {
+      throw new Error("No key provided for decryption.");
+    }
+
+    key = this.resolveLegacyKey(key, encString);
+
+    if (key.macKey != null && encString?.mac == null) {
+      this.logService.error("mac required.");
+      return null;
+    }
+
+    if (key.encType !== encString.encryptionType) {
+      this.logService.error("encType unavailable.");
+      return null;
+    }
+
+    const fastParams = this.cryptoFunctionService.aesDecryptFastParameters(
+      encString.data,
+      encString.iv,
+      encString.mac,
+      key
+    );
+    if (fastParams.macKey != null && fastParams.mac != null) {
+      const computedMac = await this.cryptoFunctionService.hmacFast(
+        fastParams.macData,
+        fastParams.macKey,
+        "sha256"
+      );
+      const macsEqual = await this.cryptoFunctionService.compareFast(fastParams.mac, computedMac);
+      if (!macsEqual) {
+        this.logMacFailed("mac failed.");
+        return null;
+      }
+    }
+
+    return await this.cryptoFunctionService.aesDecryptFast(fastParams);
+  }
+
+  async decryptToBytes(encThing: Encrypted, key: SymmetricCryptoKey): Promise<ArrayBuffer> {
+    if (key == null) {
+      throw new Error("No encryption key provided.");
+    }
+
+    if (encThing == null) {
+      throw new Error("Nothing provided for decryption.");
+    }
+
+    key = this.resolveLegacyKey(key, encThing);
+
+    if (key.macKey != null && encThing.macBytes == null) {
+      return null;
+    }
+
+    if (key.encType !== encThing.encryptionType) {
+      return null;
+    }
+
+    if (key.macKey != null && encThing.macBytes != null) {
+      const macData = new Uint8Array(encThing.ivBytes.byteLength + encThing.dataBytes.byteLength);
+      macData.set(new Uint8Array(encThing.ivBytes), 0);
+      macData.set(new Uint8Array(encThing.dataBytes), encThing.ivBytes.byteLength);
+      const computedMac = await this.cryptoFunctionService.hmac(
+        macData.buffer,
+        key.macKey,
+        "sha256"
+      );
+      if (computedMac === null) {
+        return null;
+      }
+
+      const macsMatch = await this.cryptoFunctionService.compare(encThing.macBytes, computedMac);
+      if (!macsMatch) {
+        this.logMacFailed("mac failed.");
+        return null;
+      }
+    }
+
+    const result = await this.cryptoFunctionService.aesDecrypt(
+      encThing.dataBytes,
+      encThing.ivBytes,
+      key.encKey
+    );
+
+    return result ?? null;
+  }
+
+  async decryptItems<T extends InitializerMetadata>(
+    items: Decryptable<T>[],
+    key: SymmetricCryptoKey
+  ): Promise<T[]> {
+    if (items == null || items.length < 1) {
+      return [];
+    }
+
+    return await Promise.all(items.map((item) => item.decrypt(key)));
+  }
+
+  private async aesEncrypt(data: ArrayBuffer, key: SymmetricCryptoKey): Promise<EncryptedObject> {
+    const obj = new EncryptedObject();
+    obj.key = key;
+    obj.iv = await this.cryptoFunctionService.randomBytes(16);
+    obj.data = await this.cryptoFunctionService.aesEncrypt(data, obj.iv, obj.key.encKey);
+
+    if (obj.key.macKey != null) {
+      const macData = new Uint8Array(obj.iv.byteLength + obj.data.byteLength);
+      macData.set(new Uint8Array(obj.iv), 0);
+      macData.set(new Uint8Array(obj.data), obj.iv.byteLength);
+      obj.mac = await this.cryptoFunctionService.hmac(macData.buffer, obj.key.macKey, "sha256");
+    }
+
+    return obj;
+  }
+
+  private logMacFailed(msg: string) {
+    if (this.logMacFailures) {
+      this.logService.error(msg);
+    }
+  }
+
+  /**
+   * Transform into new key for the old encrypt-then-mac scheme if required, otherwise return the current key unchanged
+   * @param encThing The encrypted object (e.g. encString or encArrayBuffer) that you want to decrypt
+   */
+  resolveLegacyKey(key: SymmetricCryptoKey, encThing: Encrypted): SymmetricCryptoKey {
+    if (
+      encThing.encryptionType === EncryptionType.AesCbc128_HmacSha256_B64 &&
+      key.encType === EncryptionType.AesCbc256_B64
+    ) {
+      return new SymmetricCryptoKey(key.key, EncryptionType.AesCbc128_HmacSha256_B64);
+    }
+
+    return key;
+  }
+}

libs/common/src/platform/services/cryptography/encrypt.worker.ts

@@ -0,0 +1,56 @@
+import { Jsonify } from "type-fest";
+
+import { Decryptable } from "../../interfaces/decryptable.interface";
+import { SymmetricCryptoKey } from "../../models/domain/symmetric-crypto-key";
+import { ConsoleLogService } from "../console-log.service";
+import { ContainerService } from "../container.service";
+import { WebCryptoFunctionService } from "../web-crypto-function.service";
+
+import { EncryptServiceImplementation } from "./encrypt.service.implementation";
+import { getClassInitializer } from "./get-class-initializer";
+
+const workerApi: Worker = self as any;
+
+let inited = false;
+let encryptService: EncryptServiceImplementation;
+
+/**
+ * Bootstrap the worker environment with services required for decryption
+ */
+export function init() {
+  const cryptoFunctionService = new WebCryptoFunctionService(self);
+  const logService = new ConsoleLogService(false);
+  encryptService = new EncryptServiceImplementation(cryptoFunctionService, logService, true);
+
+  const bitwardenContainerService = new ContainerService(null, encryptService);
+  bitwardenContainerService.attachToGlobal(self);
+
+  inited = true;
+}
+
+/**
+ * Listen for messages and decrypt their contents
+ */
+workerApi.addEventListener("message", async (event: { data: string }) => {
+  if (!inited) {
+    init();
+  }
+
+  const request: {
+    id: string;
+    items: Jsonify<Decryptable<any>>[];
+    key: Jsonify<SymmetricCryptoKey>;
+  } = JSON.parse(event.data);
+
+  const key = SymmetricCryptoKey.fromJSON(request.key);
+  const items = request.items.map((jsonItem) => {
+    const initializer = getClassInitializer<Decryptable<any>>(jsonItem.initializerKey);
+    return initializer(jsonItem);
+  });
+  const result = await encryptService.decryptItems(items, key);
+
+  workerApi.postMessage({
+    id: request.id,
+    items: JSON.stringify(result),
+  });
+});

libs/common/src/platform/services/cryptography/get-class-initializer.ts

@@ -0,0 +1,22 @@
+import { Jsonify } from "type-fest";
+
+import { Cipher } from "../../../vault/models/domain/cipher";
+import { CipherView } from "../../../vault/models/view/cipher.view";
+import { InitializerMetadata } from "../../interfaces/initializer-metadata.interface";
+
+import { InitializerKey } from "./initializer-key";
+
+/**
+ * Internal reference of classes so we can reconstruct objects properly.
+ * Each entry should be keyed using the Decryptable.initializerKey property
+ */
+const classInitializers: Record<InitializerKey, (obj: any) => any> = {
+  [InitializerKey.Cipher]: Cipher.fromJSON,
+  [InitializerKey.CipherView]: CipherView.fromJSON,
+};
+
+export function getClassInitializer<T extends InitializerMetadata>(
+  className: InitializerKey
+): (obj: Jsonify<T>) => T {
+  return classInitializers[className];
+}

libs/common/src/platform/services/cryptography/initializer-key.ts

@@ -0,0 +1,4 @@
+export enum InitializerKey {
+  Cipher = 0,
+  CipherView = 1,
+}

libs/common/src/platform/services/cryptography/multithread-encrypt.service.implementation.ts

@@ -0,0 +1,86 @@
+import { defaultIfEmpty, filter, firstValueFrom, fromEvent, map, Subject, takeUntil } from "rxjs";
+import { Jsonify } from "type-fest";
+
+import { Utils } from "../../../platform/misc/utils";
+import { Decryptable } from "../../interfaces/decryptable.interface";
+import { InitializerMetadata } from "../../interfaces/initializer-metadata.interface";
+import { SymmetricCryptoKey } from "../../models/domain/symmetric-crypto-key";
+
+import { EncryptServiceImplementation } from "./encrypt.service.implementation";
+import { getClassInitializer } from "./get-class-initializer";
+
+// TTL (time to live) is not strictly required but avoids tying up memory resources if inactive
+const workerTTL = 3 * 60000; // 3 minutes
+
+export class MultithreadEncryptServiceImplementation extends EncryptServiceImplementation {
+  private worker: Worker;
+  private timeout: any;
+
+  private clear$ = new Subject<void>();
+
+  /**
+   * Sends items to a web worker to decrypt them.
+   * This utilises multithreading to decrypt items faster without interrupting other operations (e.g. updating UI).
+   */
+  async decryptItems<T extends InitializerMetadata>(
+    items: Decryptable<T>[],
+    key: SymmetricCryptoKey
+  ): Promise<T[]> {
+    if (items == null || items.length < 1) {
+      return [];
+    }
+
+    this.logService.info("Starting decryption using multithreading");
+
+    this.worker ??= new Worker(
+      new URL(
+        /* webpackChunkName: 'encrypt-worker' */
+        "@bitwarden/common/platform/services/cryptography/encrypt.worker.ts",
+        import.meta.url
+      )
+    );
+
+    this.restartTimeout();
+
+    const request = {
+      id: Utils.newGuid(),
+      items: items,
+      key: key,
+    };
+
+    this.worker.postMessage(JSON.stringify(request));
+
+    return await firstValueFrom(
+      fromEvent(this.worker, "message").pipe(
+        filter((response: MessageEvent) => response.data?.id === request.id),
+        map((response) => JSON.parse(response.data.items)),
+        map((items) =>
+          items.map((jsonItem: Jsonify<T>) => {
+            const initializer = getClassInitializer<T>(jsonItem.initializerKey);
+            return initializer(jsonItem);
+          })
+        ),
+        takeUntil(this.clear$),
+        defaultIfEmpty([])
+      )
+    );
+  }
+
+  private clear() {
+    this.clear$.next();
+    this.worker?.terminate();
+    this.worker = null;
+    this.clearTimeout();
+  }
+
+  private restartTimeout() {
+    this.clearTimeout();
+    this.timeout = setTimeout(() => this.clear(), workerTTL);
+  }
+
+  private clearTimeout() {
+    if (this.timeout != null) {
+      clearTimeout(this.timeout);
+    }
+  }
+}