WIP

This removes all bulk encryption/decryption.
2026-02-17 09:59:41 +00:00 · 2024-12-18 13:21:15 -08:00
parent 12b698b11d
commit eb628f2d2d
15 changed files with 193 additions and 151 deletions
--- a/apps/browser/src/background/main.background.ts
+++ b/apps/browser/src/background/main.background.ts
@@ -92,6 +92,7 @@ import { I18nService as I18nServiceAbstraction } from "@bitwarden/common/platfor
 import { KeyGenerationService as KeyGenerationServiceAbstraction } from "@bitwarden/common/platform/abstractions/key-generation.service";
 import { LogService as LogServiceAbstraction } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService as PlatformUtilsServiceAbstraction } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { SdkPureClientFactory } from "@bitwarden/common/platform/abstractions/sdk/sdk-client-factory";
 import { SdkService } from "@bitwarden/common/platform/abstractions/sdk/sdk.service";
 import { StateService as StateServiceAbstraction } from "@bitwarden/common/platform/abstractions/state.service";
 import {
@@ -114,10 +115,10 @@ import { ConfigApiService } from "@bitwarden/common/platform/services/config/con
 import { DefaultConfigService } from "@bitwarden/common/platform/services/config/default-config.service";
 import { ConsoleLogService } from "@bitwarden/common/platform/services/console-log.service";
 import { ContainerService } from "@bitwarden/common/platform/services/container.service";
-import { BulkEncryptServiceImplementation } from "@bitwarden/common/platform/services/cryptography/bulk-encrypt.service.implementation";
+// import { BulkEncryptServiceImplementation } from "@bitwarden/common/platform/services/cryptography/bulk-encrypt.service.implementation";
 import { EncryptServiceImplementation } from "@bitwarden/common/platform/services/cryptography/encrypt.service.implementation";
 import { FallbackBulkEncryptService } from "@bitwarden/common/platform/services/cryptography/fallback-bulk-encrypt.service";
-import { MultithreadEncryptServiceImplementation } from "@bitwarden/common/platform/services/cryptography/multithread-encrypt.service.implementation";
+// import { MultithreadEncryptServiceImplementation } from "@bitwarden/common/platform/services/cryptography/multithread-encrypt.service.implementation";
 import { Fido2ActiveRequestManager } from "@bitwarden/common/platform/services/fido2/fido2-active-request-manager";
 import { Fido2AuthenticatorService } from "@bitwarden/common/platform/services/fido2/fido2-authenticator.service";
 import { Fido2ClientService } from "@bitwarden/common/platform/services/fido2/fido2-client.service";
@@ -257,7 +258,10 @@ import { LocalBackedSessionStorageService } from "../platform/services/local-bac
 import { BackgroundPlatformUtilsService } from "../platform/services/platform-utils/background-platform-utils.service";
 import { BrowserPlatformUtilsService } from "../platform/services/platform-utils/browser-platform-utils.service";
 import { PopupViewCacheBackgroundService } from "../platform/services/popup-view-cache-background.service";
-import { BrowserSdkClientFactory } from "../platform/services/sdk/browser-sdk-client-factory";
+import {
+  BrowserSdkClientFactory,
+  BrowserSdkPureClientFactory,
+} from "../platform/services/sdk/browser-sdk-client-factory";
 import { BackgroundTaskSchedulerService } from "../platform/services/task-scheduler/background-task-scheduler.service";
 import { BackgroundMemoryStorageService } from "../platform/storage/background-memory-storage.service";
 import { BrowserStorageServiceProvider } from "../platform/storage/browser-storage-service.provider";
@@ -377,6 +381,7 @@ export default class MainBackground {
  themeStateService: DefaultThemeStateService;
  autoSubmitLoginBackground: AutoSubmitLoginBackground;
  sdkService: SdkService;
+  pureSdkClientFactory: SdkPureClientFactory;
  cipherAuthorizationService: CipherAuthorizationService;
  inlineMenuFieldQualificationService: InlineMenuFieldQualificationService;

@@ -494,13 +499,19 @@ export default class MainBackground {
        return derivedKey;
      });

+      this.pureSdkClientFactory = new BrowserSdkPureClientFactory(this.logService);
      this.largeObjectMemoryStorageForStateProviders = new LocalBackedSessionStorageService(
        sessionKey,
        this.storageService,
        // For local backed session storage, we expect that the encrypted data on disk will persist longer than the encryption key in memory
        // and failures to decrypt because of that are completely expected. For this reason, we pass in `false` to the `EncryptServiceImplementation`
        // so that MAC failures are not logged.
-        new EncryptServiceImplementation(this.cryptoFunctionService, this.logService, false),
+        new EncryptServiceImplementation(
+          this.pureSdkClientFactory,
+          this.cryptoFunctionService,
+          this.logService,
+          false,
+        ),
        this.platformUtilsService,
        this.logService,
      );
@@ -536,12 +547,18 @@ export default class MainBackground {
    );

    this.encryptService = BrowserApi.isManifestVersion(2)
-      ? new MultithreadEncryptServiceImplementation(
+      ? new EncryptServiceImplementation(
+          this.pureSdkClientFactory,
          this.cryptoFunctionService,
          this.logService,
          true,
        )
-      : new EncryptServiceImplementation(this.cryptoFunctionService, this.logService, true);
+      : new EncryptServiceImplementation(
+          this.pureSdkClientFactory,
+          this.cryptoFunctionService,
+          this.logService,
+          true,
+        );

    this.singleUserStateProvider = new DefaultSingleUserStateProvider(
      storageServiceProvider,
@@ -1287,14 +1304,14 @@ export default class MainBackground {
    this.syncServiceListener?.listener$().subscribe();
    await this.autoSubmitLoginBackground.init();

-    if (
-      BrowserApi.isManifestVersion(2) &&
-      (await this.configService.getFeatureFlag(FeatureFlag.PM4154_BulkEncryptionService))
-    ) {
-      await this.bulkEncryptService.setFeatureFlagEncryptService(
-        new BulkEncryptServiceImplementation(this.cryptoFunctionService, this.logService),
-      );
-    }
+    // if (
+    //   BrowserApi.isManifestVersion(2) &&
+    //   (await this.configService.getFeatureFlag(FeatureFlag.PM4154_BulkEncryptionService))
+    // ) {
+    //   await this.bulkEncryptService.setFeatureFlagEncryptService(
+    //     new BulkEncryptServiceImplementation(this.cryptoFunctionService, this.logService),
+    //   );
+    // }

    // If the user is logged out, switch to the next account
    const active = await firstValueFrom(this.accountService.activeAccount$);
--- a/apps/browser/src/platform/services/sdk/browser-sdk-client-factory.ts
+++ b/apps/browser/src/platform/services/sdk/browser-sdk-client-factory.ts
@@ -1,9 +1,12 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
-import { SdkClientFactory } from "@bitwarden/common/platform/abstractions/sdk/sdk-client-factory";
+import {
+  SdkClientFactory,
+  SdkPureClientFactory,
+} from "@bitwarden/common/platform/abstractions/sdk/sdk-client-factory";
 import { RecoverableSDKError } from "@bitwarden/common/platform/services/sdk/default-sdk.service";
-import type { BitwardenClient } from "@bitwarden/sdk-internal";
+import type { BitwardenClient, BitwardenPure } from "@bitwarden/sdk-internal";

 import { BrowserApi } from "../../browser/browser-api";

@@ -60,6 +63,32 @@ async function load() {
  }
 }

+export class BrowserSdkPureClientFactory implements SdkPureClientFactory {
+  constructor(private readonly logService: LogService) {}
+  async createPureSdkClient(): Promise<BitwardenPure> {
+    const startTime = performance.now();
+    try {
+      await loadWithTimeout();
+    } catch (error) {
+      throw new Error(`Failed to load: ${error.message}`);
+    }
+
+    const endTime = performance.now();
+    const elapsed = Math.round((endTime - startTime) / 1000);
+
+    const instance = (globalThis as any).init_pure();
+
+    this.logService.info("WASM pure SDK loaded in", Math.round(endTime - startTime), "ms");
+
+    // If it takes 3 seconds or more to load, we want to capture it.
+    if (elapsed >= 3) {
+      throw new RecoverableSDKError(instance, elapsed);
+    }
+
+    return instance;
+  }
+}
+
 /**
 * SDK client factory with a js fallback for when WASM is not supported.
 *
--- a/apps/browser/src/platform/services/sdk/fallback.ts
+++ b/apps/browser/src/platform/services/sdk/fallback.ts
@@ -1,6 +1,11 @@
 import * as sdk from "@bitwarden/sdk-internal";
 import * as wasm from "@bitwarden/sdk-internal/bitwarden_wasm_internal_bg.wasm.js";

+(globalThis as any).init_pure = () => {
+  (sdk as any).init(wasm);
+
+  return new sdk.BitwardenPure();
+};
 (globalThis as any).init_sdk = (...args: ConstructorParameters<typeof sdk.BitwardenClient>) => {
  (sdk as any).init(wasm);

--- a/apps/browser/src/platform/services/sdk/wasm.ts
+++ b/apps/browser/src/platform/services/sdk/wasm.ts
@@ -1,6 +1,11 @@
 import * as sdk from "@bitwarden/sdk-internal";
 import * as wasm from "@bitwarden/sdk-internal/bitwarden_wasm_internal_bg.wasm";

+(globalThis as any).init_pure = () => {
+  (sdk as any).init(wasm);
+
+  return new sdk.BitwardenPure();
+};
 (globalThis as any).init_sdk = (...args: ConstructorParameters<typeof sdk.BitwardenClient>) => {
  (sdk as any).init(wasm);

--- a/apps/browser/src/popup/services/services.module.ts
+++ b/apps/browser/src/popup/services/services.module.ts
@@ -70,7 +70,10 @@ import { KeyGenerationService } from "@bitwarden/common/platform/abstractions/ke
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService as MessagingServiceAbstraction } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
-import { SdkClientFactory } from "@bitwarden/common/platform/abstractions/sdk/sdk-client-factory";
+import {
+  SdkClientFactory,
+  SdkPureClientFactory,
+} from "@bitwarden/common/platform/abstractions/sdk/sdk-client-factory";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import {
  AbstractStorageService,
@@ -83,7 +86,10 @@ import { flagEnabled } from "@bitwarden/common/platform/misc/flags";
 import { TaskSchedulerService } from "@bitwarden/common/platform/scheduling";
 import { ConsoleLogService } from "@bitwarden/common/platform/services/console-log.service";
 import { ContainerService } from "@bitwarden/common/platform/services/container.service";
-import { NoopSdkClientFactory } from "@bitwarden/common/platform/services/sdk/noop-sdk-client-factory";
+import {
+  NoopSdkClientFactory,
+  NoopSdkPureClientFactory,
+} from "@bitwarden/common/platform/services/sdk/noop-sdk-client-factory";
 import { StorageServiceProvider } from "@bitwarden/common/platform/services/storage-service.provider";
 import { WebCryptoFunctionService } from "@bitwarden/common/platform/services/web-crypto-function.service";
 import {
@@ -144,7 +150,10 @@ import BrowserMemoryStorageService from "../../platform/services/browser-memory-
 import { BrowserScriptInjectorService } from "../../platform/services/browser-script-injector.service";
 import I18nService from "../../platform/services/i18n.service";
 import { ForegroundPlatformUtilsService } from "../../platform/services/platform-utils/foreground-platform-utils.service";
-import { BrowserSdkClientFactory } from "../../platform/services/sdk/browser-sdk-client-factory";
+import {
+  BrowserSdkClientFactory,
+  BrowserSdkPureClientFactory,
+} from "../../platform/services/sdk/browser-sdk-client-factory";
 import { ForegroundTaskSchedulerService } from "../../platform/services/task-scheduler/foreground-task-scheduler.service";
 import { BrowserStorageServiceProvider } from "../../platform/storage/browser-storage-service.provider";
 import { ForegroundMemoryStorageService } from "../../platform/storage/foreground-memory-storage.service";
@@ -584,6 +593,14 @@ const safeProviders: SafeProvider[] = [
      flagEnabled("sdk") ? new BrowserSdkClientFactory(logService) : new NoopSdkClientFactory(),
    deps: [LogService],
  }),
+  safeProvider({
+    provide: SdkPureClientFactory,
+    useFactory: (logService) =>
+      flagEnabled("sdk")
+        ? new BrowserSdkPureClientFactory(logService)
+        : new NoopSdkPureClientFactory(),
+    deps: [LogService],
+  }),
  safeProvider({
    provide: LoginEmailService,
    useClass: LoginEmailService,
--- a/apps/web/src/app/core/core.module.ts
+++ b/apps/web/src/app/core/core.module.ts
@@ -66,7 +66,10 @@ import { I18nService as I18nServiceAbstraction } from "@bitwarden/common/platfor
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
-import { SdkClientFactory } from "@bitwarden/common/platform/abstractions/sdk/sdk-client-factory";
+import {
+  SdkClientFactory,
+  SdkPureClientFactory,
+} from "@bitwarden/common/platform/abstractions/sdk/sdk-client-factory";
 import { AbstractStorageService } from "@bitwarden/common/platform/abstractions/storage.service";
 import { ThemeType } from "@bitwarden/common/platform/enums";
 import { AppIdService as DefaultAppIdService } from "@bitwarden/common/platform/services/app-id.service";
@@ -74,7 +77,10 @@ import { MemoryStorageService } from "@bitwarden/common/platform/services/memory
 // eslint-disable-next-line import/no-restricted-paths -- Implementation for memory storage
 import { MigrationBuilderService } from "@bitwarden/common/platform/services/migration-builder.service";
 import { MigrationRunner } from "@bitwarden/common/platform/services/migration-runner";
-import { NoopSdkClientFactory } from "@bitwarden/common/platform/services/sdk/noop-sdk-client-factory";
+import {
+  NoopSdkClientFactory,
+  NoopSdkPureClientFactory,
+} from "@bitwarden/common/platform/services/sdk/noop-sdk-client-factory";
 import { StorageServiceProvider } from "@bitwarden/common/platform/services/storage-service.provider";
 /* eslint-disable import/no-restricted-paths -- Implementation for memory storage */
 import { GlobalStateProvider, StateProvider } from "@bitwarden/common/platform/state";
@@ -110,7 +116,7 @@ import { WebProcessReloadService } from "../key-management/services/web-process-
 import { WebBiometricsService } from "../key-management/web-biometric.service";
 import { WebEnvironmentService } from "../platform/web-environment.service";
 import { WebMigrationRunner } from "../platform/web-migration-runner";
-import { WebSdkClientFactory } from "../platform/web-sdk-client-factory";
+import { WebSdkClientFactory, WebSdkPureClientFactory } from "../platform/web-sdk-client-factory";
 import { WebStorageServiceProvider } from "../platform/web-storage-service.provider";

 import { EventService } from "./event.service";
@@ -293,6 +299,11 @@ const safeProviders: SafeProvider[] = [
    useClass: flagEnabled("sdk") ? WebSdkClientFactory : NoopSdkClientFactory,
    deps: [],
  }),
+  safeProvider({
+    provide: SdkPureClientFactory,
+    useClass: flagEnabled("sdk") ? WebSdkPureClientFactory : NoopSdkPureClientFactory,
+    deps: [],
+  }),
  safeProvider({
    provide: ProcessReloadServiceAbstraction,
    useClass: WebProcessReloadService,
--- a/apps/web/src/app/platform/web-sdk-client-factory.ts
+++ b/apps/web/src/app/platform/web-sdk-client-factory.ts
@@ -1,6 +1,19 @@
-import { SdkClientFactory } from "@bitwarden/common/platform/abstractions/sdk/sdk-client-factory";
+import {
+  SdkClientFactory,
+  SdkPureClientFactory,
+} from "@bitwarden/common/platform/abstractions/sdk/sdk-client-factory";
 import * as sdk from "@bitwarden/sdk-internal";

+export class WebSdkPureClientFactory implements SdkPureClientFactory {
+  async createPureSdkClient(): Promise<sdk.BitwardenPure> {
+    const module = await load();
+
+    (sdk as any).init(module);
+
+    return Promise.resolve(new sdk.BitwardenPure());
+  }
+}
+
 /**
 * SDK client factory with a js fallback for when WASM is not supported.
 */