FF remove synchronized from EncryptionHelper (#5991)

CrisBarreiro · web-flow · commit 0d9915183a91 · 2025-04-30T17:19:34.000Z
Task/Issue URL: https://app.asana.com/1/137249556945/task/1210112602367622?focus=true ### Description Use mutex instead of synchronized in encrypt/decrypt to prevent thread starvation ### Steps to test this PR _Feature 1_ - [ ] Smoke test autofill ### UI changes | Before | After | | ------ | ----- | !(Upload before screenshot)|(Upload after screenshot)|
diff --git a/autofill/autofill-impl/src/main/java/com/duckduckgo/autofill/impl/securestorage/encryption/EncryptionHelper.kt b/autofill/autofill-impl/src/main/java/com/duckduckgo/autofill/impl/securestorage/encryption/EncryptionHelper.kt
@@ -17,26 +17,31 @@
 package com.duckduckgo.autofill.impl.securestorage.encryption
 
 import android.security.keystore.KeyProperties
+import com.duckduckgo.autofill.api.AutofillFeature
 import com.duckduckgo.autofill.impl.securestorage.SecureStorageException
 import com.duckduckgo.autofill.impl.securestorage.SecureStorageException.InternalSecureStorageException
 import com.duckduckgo.autofill.impl.securestorage.encryption.EncryptionHelper.EncryptedBytes
+import com.duckduckgo.common.utils.DispatcherProvider
 import com.duckduckgo.di.scopes.AppScope
 import com.squareup.anvil.annotations.ContributesBinding
 import java.lang.Exception
 import java.security.Key
 import javax.crypto.Cipher
 import javax.crypto.spec.GCMParameterSpec
 import javax.inject.Inject
+import kotlinx.coroutines.sync.Mutex
+import kotlinx.coroutines.sync.withLock
+import kotlinx.coroutines.withContext
 
 interface EncryptionHelper {
     @Throws(SecureStorageException::class)
-    fun encrypt(
+    suspend fun encrypt(
         raw: ByteArray,
         key: Key,
     ): EncryptedBytes
 
     @Throws(SecureStorageException::class)
-    fun decrypt(
+    suspend fun decrypt(
         toDecrypt: EncryptedBytes,
         key: Key,
     ): ByteArray
@@ -53,12 +58,45 @@ interface EncryptionHelper {
 }
 
 @ContributesBinding(AppScope::class)
-class RealEncryptionHelper @Inject constructor() : EncryptionHelper {
+class RealEncryptionHelper @Inject constructor(
+    private val autofillFeature: AutofillFeature,
+    private val dispatcherProvider: DispatcherProvider,
+) : EncryptionHelper {
     private val encryptionCipher = Cipher.getInstance(TRANSFORMATION)
     private val decryptionCipher = Cipher.getInstance(TRANSFORMATION)
 
+    private val encryptMutex = Mutex()
+    private val decryptMutex = Mutex()
+
+    override suspend fun encrypt(
+        raw: ByteArray,
+        key: Key,
+    ): EncryptedBytes = withContext(dispatcherProvider.io()) {
+        return@withContext if (autofillFeature.createAsyncPreferences().isEnabled()) {
+            encryptAsync(raw, key)
+        } else {
+            encryptSync(raw, key)
+        }
+    }
+
     @Synchronized
-    override fun encrypt(
+    private fun encryptSync(
+        raw: ByteArray,
+        key: Key,
+    ): EncryptedBytes {
+        return innerEncrypt(raw, key)
+    }
+
+    private suspend fun encryptAsync(
+        raw: ByteArray,
+        key: Key,
+    ): EncryptedBytes {
+        encryptMutex.withLock {
+            return innerEncrypt(raw, key)
+        }
+    }
+
+    private fun innerEncrypt(
         raw: ByteArray,
         key: Key,
     ): EncryptedBytes {
@@ -73,8 +111,35 @@ class RealEncryptionHelper @Inject constructor() : EncryptionHelper {
         return EncryptedBytes(encrypted, iv)
     }
 
+    override suspend fun decrypt(
+        toDecrypt: EncryptedBytes,
+        key: Key,
+    ): ByteArray = withContext(dispatcherProvider.io()) {
+        return@withContext if (autofillFeature.createAsyncPreferences().isEnabled()) {
+            decryptAsync(toDecrypt, key)
+        } else {
+            decryptSync(toDecrypt, key)
+        }
+    }
+
     @Synchronized
-    override fun decrypt(
+    private fun decryptSync(
+        toDecrypt: EncryptedBytes,
+        key: Key,
+    ): ByteArray {
+        return innerDecrypt(toDecrypt, key)
+    }
+
+    private suspend fun decryptAsync(
+        toDecrypt: EncryptedBytes,
+        key: Key,
+    ): ByteArray {
+        decryptMutex.withLock {
+            return innerDecrypt(toDecrypt, key)
+        }
+    }
+
+    private fun innerDecrypt(
         toDecrypt: EncryptedBytes,
         key: Key,
     ): ByteArray {
diff --git a/autofill/autofill-impl/src/test/java/com/duckduckgo/autofill/impl/securestorage/Fakes.kt b/autofill/autofill-impl/src/test/java/com/duckduckgo/autofill/impl/securestorage/Fakes.kt
@@ -47,15 +47,15 @@ class FakeEncryptionHelper constructor(
     private val expectedEncryptedIv: String,
     private val expectedDecryptedData: String,
 ) : EncryptionHelper {
-    override fun encrypt(
+    override suspend fun encrypt(
         raw: ByteArray,
         key: Key,
     ): EncryptedBytes = EncryptedBytes(
         expectedEncryptedData.decodeBase64()!!.toByteArray(),
         expectedEncryptedIv.decodeBase64()!!.toByteArray(),
     )
 
-    override fun decrypt(
+    override suspend fun decrypt(
         toDecrypt: EncryptedBytes,
         key: Key,
     ): ByteArray = expectedDecryptedData.decodeBase64()!!.toByteArray()
diff --git a/autofill/autofill-store/src/main/java/com/duckduckgo/securestorage/store/keys/SecureStorageKeyStore.kt b/autofill/autofill-store/src/main/java/com/duckduckgo/securestorage/store/keys/SecureStorageKeyStore.kt
@@ -70,9 +70,7 @@ class RealSecureStorageKeyStore constructor(
     private val encryptedPreferencesSync: SharedPreferences? by lazy { encryptedPreferencesSync() }
 
     private suspend fun getEncryptedPreferences(): SharedPreferences? {
-        return withContext(dispatcherProvider.io()) {
-            if (autofillFeature.createAsyncPreferences().isEnabled()) encryptedPreferencesDeferred.await() else encryptedPreferencesSync
-        }
+        return if (autofillFeature.createAsyncPreferences().isEnabled()) encryptedPreferencesDeferred.await() else encryptedPreferencesSync
     }
 
     private suspend fun encryptedPreferencesAsync(): SharedPreferences? {
@@ -114,20 +112,28 @@ class RealSecureStorageKeyStore constructor(
         keyName: String,
         keyValue: ByteArray?,
     ) {
-        getEncryptedPreferences()?.edit(commit = true) {
-            if (keyValue == null) {
-                remove(keyName)
-            } else {
-                putString(keyName, keyValue.toByteString().base64())
+        withContext(dispatcherProvider.io()) {
+            getEncryptedPreferences()?.edit(commit = true) {
+                if (keyValue == null) {
+                    remove(keyName)
+                } else {
+                    putString(keyName, keyValue.toByteString().base64())
+                }
             }
         }
     }
 
-    override suspend fun getKey(keyName: String): ByteArray? = getEncryptedPreferences()?.getString(keyName, null)?.run {
-        this.decodeBase64()?.toByteArray()
+    override suspend fun getKey(keyName: String): ByteArray? {
+        return withContext(dispatcherProvider.io()) {
+            return@withContext getEncryptedPreferences()?.getString(keyName, null)?.run {
+                this.decodeBase64()?.toByteArray()
+            }
+        }
     }
 
-    override suspend fun canUseEncryption(): Boolean = getEncryptedPreferences() != null
+    override suspend fun canUseEncryption(): Boolean = withContext(dispatcherProvider.io()) {
+        getEncryptedPreferences() != null
+    }
 
     companion object {
         const val FILENAME = "com.duckduckgo.securestorage.store"
