[PM-4154] Introduce Bulk Encrypt Service for Faster Unlock Times (#6465)

* Implement multi-worker encryption service * Fix feature flag being flipped and check for empty input earlier * Add tests * Small cleanup * Remove restricted import * Rename feature flag * Refactor to BulkEncryptService * Rename feature flag * Fix cipher service spec * Implement browser bulk encryption service * Un-deprecate browserbulkencryptservice * Load browser bulk encrypt service on feature flag asynchronously * Fix bulk encryption service factories * Deprecate BrowserMultithreadEncryptServiceImplementation * Copy tests for browser-bulk-encrypt-service-implementation from browser-multithread-encrypt-service-implementation * Make sure desktop uses non-bulk fallback during feature rollout * Rename FallbackBulkEncryptService and fix service dependency issue * Disable bulk encrypt service on mv3 * Change condition order to avoid expensive api call * Set default hardware concurrency to 1 if not available * Make getdecrypteditemfromworker private * Fix cli build * Add check for key being null
2025-12-14 07:13:32 +00:00 · 2024-07-18 14:56:22 +02:00
parent 9b50e5c496
commit 84b719d797
14 changed files with 296 additions and 12 deletions
--- a/apps/browser/src/background/main.background.ts
+++ b/apps/browser/src/background/main.background.ts
@@ -112,7 +112,9 @@ import { ConfigApiService } from "@bitwarden/common/platform/services/config/con
 import { DefaultConfigService } from "@bitwarden/common/platform/services/config/default-config.service";
 import { ConsoleLogService } from "@bitwarden/common/platform/services/console-log.service";
 import { ContainerService } from "@bitwarden/common/platform/services/container.service";
+import { BulkEncryptServiceImplementation } from "@bitwarden/common/platform/services/cryptography/bulk-encrypt.service.implementation";
 import { EncryptServiceImplementation } from "@bitwarden/common/platform/services/cryptography/encrypt.service.implementation";
+import { FallbackBulkEncryptService } from "@bitwarden/common/platform/services/cryptography/fallback-bulk-encrypt.service";
 import { MultithreadEncryptServiceImplementation } from "@bitwarden/common/platform/services/cryptography/multithread-encrypt.service.implementation";
 import { Fido2AuthenticatorService } from "@bitwarden/common/platform/services/fido2/fido2-authenticator.service";
 import { Fido2ClientService } from "@bitwarden/common/platform/services/fido2/fido2-client.service";
@@ -247,7 +249,6 @@ import CommandsBackground from "./commands.background";
 import IdleBackground from "./idle.background";
 import { NativeMessagingBackground } from "./nativeMessaging.background";
 import RuntimeBackground from "./runtime.background";
-
 export default class MainBackground {
  messagingService: MessageSender;
  storageService: BrowserLocalStorageService;
@@ -306,6 +307,7 @@ export default class MainBackground {
  vaultFilterService: VaultFilterService;
  usernameGenerationService: UsernameGenerationServiceAbstraction;
  encryptService: EncryptService;
+  bulkEncryptService: FallbackBulkEncryptService;
  folderApiService: FolderApiServiceAbstraction;
  policyApiService: PolicyApiServiceAbstraction;
  sendApiService: SendApiServiceAbstraction;
@@ -744,6 +746,7 @@ export default class MainBackground {
      this.stateService,
      this.autofillSettingsService,
      this.encryptService,
+      this.bulkEncryptService,
      this.cipherFileUploadService,
      this.configService,
      this.stateProvider,
@@ -1227,6 +1230,15 @@ export default class MainBackground {
    this.webRequestBackground?.startListening();
    this.syncServiceListener?.listener$().subscribe();

+    if (
+      BrowserApi.isManifestVersion(2) &&
+      (await this.configService.getFeatureFlag(FeatureFlag.PM4154_BulkEncryptionService))
+    ) {
+      await this.bulkEncryptService.setFeatureFlagEncryptService(
+        new BulkEncryptServiceImplementation(this.cryptoFunctionService, this.logService),
+      );
+    }
+
    return new Promise<void>((resolve) => {
      setTimeout(async () => {
        await this.refreshBadge();
--- a/apps/cli/src/service-container.ts
+++ b/apps/cli/src/service-container.ts
@@ -75,6 +75,7 @@ import { DefaultConfigService } from "@bitwarden/common/platform/services/config
 import { ContainerService } from "@bitwarden/common/platform/services/container.service";
 import { CryptoService } from "@bitwarden/common/platform/services/crypto.service";
 import { EncryptServiceImplementation } from "@bitwarden/common/platform/services/cryptography/encrypt.service.implementation";
+import { FallbackBulkEncryptService } from "@bitwarden/common/platform/services/cryptography/fallback-bulk-encrypt.service";
 import { DefaultEnvironmentService } from "@bitwarden/common/platform/services/default-environment.service";
 import { FileUploadService } from "@bitwarden/common/platform/services/file-upload/file-upload.service";
 import { KeyGenerationService } from "@bitwarden/common/platform/services/key-generation.service";
@@ -605,6 +606,7 @@ export class ServiceContainer {
      this.stateService,
      this.autofillSettingsService,
      this.encryptService,
+      new FallbackBulkEncryptService(this.encryptService),
      this.cipherFileUploadService,
      this.configService,
      this.stateProvider,
--- a/apps/web/src/app/auth/emergency-access/services/emergency-access.service.spec.ts
+++ b/apps/web/src/app/auth/emergency-access/services/emergency-access.service.spec.ts
@@ -4,6 +4,8 @@ import mock from "jest-mock-extended/lib/Mock";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { ListResponse } from "@bitwarden/common/models/response/list.response";
 import { UserKeyResponse } from "@bitwarden/common/models/response/user-key.response";
+import { BulkEncryptService } from "@bitwarden/common/platform/abstractions/bulk-encrypt.service";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
@@ -31,15 +33,18 @@ describe("EmergencyAccessService", () => {
  let apiService: MockProxy<ApiService>;
  let cryptoService: MockProxy<CryptoService>;
  let encryptService: MockProxy<EncryptService>;
+  let bulkEncryptService: MockProxy<BulkEncryptService>;
  let cipherService: MockProxy<CipherService>;
  let logService: MockProxy<LogService>;
  let emergencyAccessService: EmergencyAccessService;
+  let configService: ConfigService;

  beforeAll(() => {
    emergencyAccessApiService = mock<EmergencyAccessApiService>();
    apiService = mock<ApiService>();
    cryptoService = mock<CryptoService>();
    encryptService = mock<EncryptService>();
+    bulkEncryptService = mock<BulkEncryptService>();
    cipherService = mock<CipherService>();
    logService = mock<LogService>();

@@ -48,8 +53,10 @@ describe("EmergencyAccessService", () => {
      apiService,
      cryptoService,
      encryptService,
+      bulkEncryptService,
      cipherService,
      logService,
+      configService,
    );
  });

--- a/apps/web/src/app/auth/emergency-access/services/emergency-access.service.ts
+++ b/apps/web/src/app/auth/emergency-access/services/emergency-access.service.ts
@@ -9,6 +9,9 @@ import {
  KdfConfig,
  PBKDF2KdfConfig,
 } from "@bitwarden/common/auth/models/domain/kdf-config";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
+import { BulkEncryptService } from "@bitwarden/common/platform/abstractions/bulk-encrypt.service";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
@@ -45,8 +48,10 @@ export class EmergencyAccessService
    private apiService: ApiService,
    private cryptoService: CryptoService,
    private encryptService: EncryptService,
+    private bulkEncryptService: BulkEncryptService,
    private cipherService: CipherService,
    private logService: LogService,
+    private configService: ConfigService,
  ) {}

  /**
@@ -225,10 +230,18 @@ export class EmergencyAccessService
    );
    const grantorUserKey = new SymmetricCryptoKey(grantorKeyBuffer) as UserKey;

-    const ciphers = await this.encryptService.decryptItems(
-      response.ciphers.map((c) => new Cipher(c)),
-      grantorUserKey,
-    );
+    let ciphers: CipherView[] = [];
+    if (await this.configService.getFeatureFlag(FeatureFlag.PM4154_BulkEncryptionService)) {
+      ciphers = await this.bulkEncryptService.decryptItems(
+        response.ciphers.map((c) => new Cipher(c)),
+        grantorUserKey,
+      );
+    } else {
+      ciphers = await this.encryptService.decryptItems(
+        response.ciphers.map((c) => new Cipher(c)),
+        grantorUserKey,
+      );
+    }
    return ciphers.sort(this.cipherService.getLocaleSortingFunction());
  }