FF removing synchronized implementations for encrypted shared preferences (#5962)

Task/Issue URL:
https://app.asana.com/1/137249556945/project/1202552961248957/task/1210067151874996?focus=true

### Description

### Steps to test this PR
* Smoke test autofill

_Feature 1_
- [ ]
- [ ]

### UI changes
| Before  | After |
| ------ | ----- |
!(Upload before screenshot)|(Upload after screenshot)|

---------

Co-authored-by: Aitor Viana <[email protected]>

Author: CrisBarreiro

autofill/autofill-api/src/main/java/com/duckduckgo/autofill/api/AutofillFeature.kt

@@ -137,4 +137,7 @@ interface AutofillFeature {
 
     @Toggle.DefaultValue(defaultValue = false)
     fun siteSpecificFixes(): Toggle
+
+    @Toggle.DefaultValue(defaultValue = true)
+    fun createAsyncPreferences(): Toggle
 }

autofill/autofill-impl/src/main/java/com/duckduckgo/autofill/impl/securestorage/L2DataTransformer.kt

@@ -16,25 +16,31 @@
 
 package com.duckduckgo.autofill.impl.securestorage
 
+import com.duckduckgo.app.di.AppCoroutineScope
 import com.duckduckgo.autofill.impl.securestorage.SecureStorageException.InternalSecureStorageException
 import com.duckduckgo.autofill.impl.securestorage.encryption.EncryptionHelper
 import com.duckduckgo.autofill.impl.securestorage.encryption.EncryptionHelper.EncryptedBytes
 import com.duckduckgo.autofill.impl.securestorage.encryption.EncryptionHelper.EncryptedString
+import com.duckduckgo.common.utils.DispatcherProvider
 import com.duckduckgo.di.scopes.AppScope
 import com.squareup.anvil.annotations.ContributesBinding
 import dagger.SingleInstanceIn
+import java.security.Key
 import javax.inject.Inject
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.Deferred
+import kotlinx.coroutines.async
 import okio.ByteString.Companion.decodeBase64
 import okio.ByteString.Companion.toByteString
 
 interface L2DataTransformer {
-    fun canProcessData(): Boolean
+    suspend fun canProcessData(): Boolean
 
     @Throws(SecureStorageException::class)
-    fun encrypt(data: String): EncryptedString
+    suspend fun encrypt(data: String): EncryptedString
 
     @Throws(SecureStorageException::class)
-    fun decrypt(
+    suspend fun decrypt(
         data: String,
         iv: String,
     ): String
@@ -45,31 +51,37 @@ interface L2DataTransformer {
 class RealL2DataTransformer @Inject constructor(
     private val encryptionHelper: EncryptionHelper,
     private val secureStorageKeyProvider: SecureStorageKeyProvider,
+    @AppCoroutineScope private val appCoroutineScope: CoroutineScope,
+    private val dispatcherProvider: DispatcherProvider,
 ) : L2DataTransformer {
-    private val l2Key by lazy {
-        secureStorageKeyProvider.getl2Key()
+    private val l2KeyDeferred: Deferred<Key> by lazy {
+        appCoroutineScope.async(dispatcherProvider.io()) {
+            secureStorageKeyProvider.getl2Key()
+        }
     }
 
-    override fun canProcessData(): Boolean = secureStorageKeyProvider.canAccessKeyStore()
+    suspend fun getL2Key(): Key = l2KeyDeferred.await()
+
+    override suspend fun canProcessData(): Boolean = secureStorageKeyProvider.canAccessKeyStore()
 
     // get ByteArray -> encrypt -> encode to String
-    override fun encrypt(data: String): EncryptedString = encryptionHelper.encrypt(data.toByteArray(), l2Key).run {
+    override suspend fun encrypt(data: String): EncryptedString = encryptionHelper.encrypt(data.toByteArray(), getL2Key()).run {
         EncryptedString(
             this.data.transformToString(),
             this.iv.transformToString(),
         )
     }
 
     // decode to ByteArray -> decrypt -> get String
-    override fun decrypt(
+    override suspend fun decrypt(
         data: String,
         iv: String,
     ): String = encryptionHelper.decrypt(
         EncryptedBytes(
             data = data.transformToByteArray(),
             iv = iv.transformToByteArray(),
         ),
-        l2Key,
+        getL2Key(),
     ).run { String(this) }
 
     private fun ByteArray.transformToString(): String = this.toByteString().base64()

autofill/autofill-impl/src/main/java/com/duckduckgo/autofill/impl/securestorage/SecureStorage.kt

@@ -291,7 +291,7 @@ class RealSecureStorage @Inject constructor(
         }
     }
 
-    private fun WebsiteLoginDetailsWithCredentials.toDataEntity(): WebsiteLoginCredentialsEntity {
+    private suspend fun WebsiteLoginDetailsWithCredentials.toDataEntity(): WebsiteLoginCredentialsEntity {
         val encryptedPassword = encryptData(password)
         val encryptedNotes = encryptData(notes)
         return WebsiteLoginCredentialsEntity(
@@ -308,7 +308,7 @@ class RealSecureStorage @Inject constructor(
         )
     }
 
-    private fun WebsiteLoginCredentialsEntity.toCredentials(): WebsiteLoginDetailsWithCredentials =
+    private suspend fun WebsiteLoginCredentialsEntity.toCredentials(): WebsiteLoginDetailsWithCredentials =
         WebsiteLoginDetailsWithCredentials(
             details = toDetails(),
             password = decryptData(password, passwordIv),
@@ -326,9 +326,9 @@ class RealSecureStorage @Inject constructor(
         )
 
     // only encrypt when there's data
-    private fun encryptData(data: String?): EncryptedString? = data?.let { l2DataTransformer.encrypt(it) }
+    private suspend fun encryptData(data: String?): EncryptedString? = data?.let { l2DataTransformer.encrypt(it) }
 
-    private fun decryptData(
+    private suspend fun decryptData(
         data: String?,
         iv: String?,
     ): String? {

autofill/autofill-impl/src/main/java/com/duckduckgo/autofill/impl/securestorage/SecureStorageDatabaseFactory.kt

@@ -18,28 +18,56 @@ package com.duckduckgo.autofill.impl.securestorage
 
 import android.content.Context
 import androidx.room.Room
+import com.duckduckgo.autofill.api.AutofillFeature
 import com.duckduckgo.di.scopes.AppScope
 import com.duckduckgo.securestorage.store.db.ALL_MIGRATIONS
 import com.duckduckgo.securestorage.store.db.SecureStorageDatabase
 import com.squareup.anvil.annotations.ContributesBinding
 import dagger.SingleInstanceIn
 import javax.inject.Inject
+import kotlinx.coroutines.runBlocking
+import kotlinx.coroutines.sync.Mutex
+import kotlinx.coroutines.sync.withLock
 import net.sqlcipher.database.SupportFactory
 
 interface SecureStorageDatabaseFactory {
-    fun getDatabase(): SecureStorageDatabase?
+    suspend fun getDatabase(): SecureStorageDatabase?
 }
 
 @SingleInstanceIn(AppScope::class)
 @ContributesBinding(AppScope::class)
 class RealSecureStorageDatabaseFactory @Inject constructor(
     private val context: Context,
     private val keyProvider: SecureStorageKeyProvider,
+    private val autofillFeature: AutofillFeature,
 ) : SecureStorageDatabaseFactory {
     private var _database: SecureStorageDatabase? = null
 
+    private val mutex = Mutex()
+
+    override suspend fun getDatabase(): SecureStorageDatabase? {
+        return if (autofillFeature.createAsyncPreferences().isEnabled()) {
+            getAsyncDatabase()
+        } else {
+            getDatabaseSynchronized()
+        }
+    }
+
     @Synchronized
-    override fun getDatabase(): SecureStorageDatabase? {
+    private fun getDatabaseSynchronized(): SecureStorageDatabase? {
+        return runBlocking {
+            getInnerDatabase()
+        }
+    }
+
+    private suspend fun getAsyncDatabase(): SecureStorageDatabase? {
+        _database?.let { return it }
+        return mutex.withLock {
+            getInnerDatabase()
+        }
+    }
+
+    private suspend fun getInnerDatabase(): SecureStorageDatabase? {
         // If we have already the DB instance then let's use it
         if (_database != null) {
             return _database

autofill/autofill-impl/src/main/java/com/duckduckgo/autofill/impl/securestorage/SecureStorageKeyProvider.kt

@@ -16,6 +16,7 @@
 
 package com.duckduckgo.autofill.impl.securestorage
 
+import com.duckduckgo.autofill.api.AutofillFeature
 import com.duckduckgo.autofill.impl.securestorage.encryption.EncryptionHelper
 import com.duckduckgo.autofill.impl.securestorage.encryption.EncryptionHelper.EncryptedBytes
 import com.duckduckgo.di.scopes.AppScope
@@ -24,23 +25,26 @@ import com.duckduckgo.securestorage.store.SecureStorageKeyRepository
 import com.squareup.anvil.annotations.ContributesBinding
 import java.security.Key
 import javax.inject.Inject
+import kotlinx.coroutines.runBlocking
+import kotlinx.coroutines.sync.Mutex
+import kotlinx.coroutines.sync.withLock
 import okio.ByteString.Companion.toByteString
 
 /**
  * This class provides the usable decrypted keys to be used in various levels on encryption
  */
 interface SecureStorageKeyProvider {
-    fun canAccessKeyStore(): Boolean
+    suspend fun canAccessKeyStore(): Boolean
 
     /**
      * Ready to use key for L1 encryption
      */
-    fun getl1Key(): ByteArray
+    suspend fun getl1Key(): ByteArray
 
     /**
      * Ready to use key for L2 encryption using the generated user password
      */
-    fun getl2Key(): Key
+    suspend fun getl2Key(): Key
 }
 
 @ContributesBinding(AppScope::class)
@@ -49,73 +53,116 @@ class RealSecureStorageKeyProvider @Inject constructor(
     private val secureStorageKeyRepository: SecureStorageKeyRepository,
     private val encryptionHelper: EncryptionHelper,
     private val secureStorageKeyGenerator: SecureStorageKeyGenerator,
+    private val autofillFeature: AutofillFeature,
 ) : SecureStorageKeyProvider {
 
-    override fun canAccessKeyStore(): Boolean = secureStorageKeyRepository.canUseEncryption()
+    override suspend fun canAccessKeyStore(): Boolean = secureStorageKeyRepository.canUseEncryption()
+    private val l1KeyMutex = Mutex()
+    private val l2KeyMutex = Mutex()
+
+    override suspend fun getl1Key(): ByteArray {
+        if (autofillFeature.createAsyncPreferences().isEnabled()) {
+            return getl1KeyAsync()
+        } else {
+            return getl1KeySync()
+        }
+    }
+
+    private suspend fun getl1KeyAsync(): ByteArray {
+        l1KeyMutex.withLock {
+            return innerGetL1Key()
+        }
+    }
 
     @Synchronized
-    override fun getl1Key(): ByteArray {
+    private fun getl1KeySync(): ByteArray {
+        return runBlocking {
+            innerGetL1Key()
+        }
+    }
+
+    private suspend fun innerGetL1Key(): ByteArray {
         // If no key exists in the keystore, we generate a new one and store it
-        return if (secureStorageKeyRepository.l1Key == null) {
+        return if (secureStorageKeyRepository.getL1Key() == null) {
             randomBytesGenerator.generateBytes(L1_PASSPHRASE_SIZE).also {
-                secureStorageKeyRepository.l1Key = it
+                secureStorageKeyRepository.setL1Key(it)
             }
         } else {
-            secureStorageKeyRepository.l1Key!!
+            secureStorageKeyRepository.getL1Key()!!
+        }
+    }
+
+    override suspend fun getl2Key(): Key {
+        if (autofillFeature.createAsyncPreferences().isEnabled()) {
+            return getl2KeyAsync()
+        } else {
+            return getl2KeySync()
+        }
+    }
+
+    private suspend fun getl2KeyAsync(): Key {
+        return l2KeyMutex.withLock {
+            innerGetL2Key()
         }
     }
 
     @Synchronized
-    override fun getl2Key(): Key {
-        val userPassword = if (secureStorageKeyRepository.password == null) {
+    private fun getl2KeySync(): Key {
+        return runBlocking {
+            innerGetL2Key()
+        }
+    }
+
+    private suspend fun innerGetL2Key(): Key {
+        val userPassword = if (secureStorageKeyRepository.getPassword() == null) {
             randomBytesGenerator.generateBytes(PASSWORD_SIZE).also {
-                secureStorageKeyRepository.password = it
+                secureStorageKeyRepository.setPassword(it)
             }
         } else {
-            secureStorageKeyRepository.password
+            secureStorageKeyRepository.getPassword()
         }
 
         return getl2Key(userPassword!!.toByteString().base64())
     }
 
-    private fun getl2Key(password: String): Key {
-        val keyMaterial = if (secureStorageKeyRepository.encryptedL2Key == null) {
+    private suspend fun getl2Key(password: String): Key {
+        val keyMaterial = if (secureStorageKeyRepository.getEncryptedL2Key() == null) {
             secureStorageKeyGenerator.generateKey().encoded.also {
                 encryptAndStoreL2Key(it, password)
             }
         } else {
             encryptionHelper.decrypt(
                 EncryptedBytes(
-                    secureStorageKeyRepository.encryptedL2Key!!,
-                    secureStorageKeyRepository.encryptedL2KeyIV!!,
+                    secureStorageKeyRepository.getEncryptedL2Key()!!,
+                    secureStorageKeyRepository.getEncryptedL2KeyIV()!!,
                 ),
                 deriveKeyFromPassword(password),
             )
         }
         return secureStorageKeyGenerator.generateKeyFromKeyMaterial(keyMaterial)
     }
 
-    private fun encryptAndStoreL2Key(
+    private suspend fun encryptAndStoreL2Key(
         keyBytes: ByteArray,
         password: String,
     ): ByteArray =
         encryptionHelper.encrypt(
             keyBytes,
             deriveKeyFromPassword(password),
         ).also {
-            secureStorageKeyRepository.encryptedL2Key = it.data
-            secureStorageKeyRepository.encryptedL2KeyIV = it.iv
+            secureStorageKeyRepository.setEncryptedL2Key(it.data)
+            secureStorageKeyRepository.setEncryptedL2KeyIV(it.iv)
         }.data
 
-    private fun getPasswordSalt() = if (secureStorageKeyRepository.passwordSalt == null) {
+    private suspend fun getPasswordSalt() = if (secureStorageKeyRepository.getPasswordSalt() == null) {
         randomBytesGenerator.generateBytes(PASSWORD_KEY_SALT_SIZE).also {
-            secureStorageKeyRepository.passwordSalt = it
+            secureStorageKeyRepository.setPasswordSalt(it)
         }
     } else {
-        secureStorageKeyRepository.passwordSalt!!
+        secureStorageKeyRepository.getPasswordSalt()!!
     }
 
-    private fun deriveKeyFromPassword(password: String) =
+    private suspend fun deriveKeyFromPassword(password: String) =
         secureStorageKeyGenerator.generateKeyFromPassword(password, getPasswordSalt())
 
     companion object {

autofill/autofill-impl/src/main/java/com/duckduckgo/autofill/impl/securestorage/di/SecureStorageModule.kt

@@ -17,8 +17,11 @@
 package com.duckduckgo.autofill.impl.securestorage.di
 
 import android.content.Context
+import com.duckduckgo.app.di.AppCoroutineScope
+import com.duckduckgo.autofill.api.AutofillFeature
 import com.duckduckgo.autofill.impl.securestorage.DerivedKeySecretFactory
 import com.duckduckgo.autofill.impl.securestorage.RealDerivedKeySecretFactory
+import com.duckduckgo.common.utils.DispatcherProvider
 import com.duckduckgo.di.scopes.AppScope
 import com.duckduckgo.securestorage.store.RealSecureStorageKeyRepository
 import com.duckduckgo.securestorage.store.SecureStorageKeyRepository
@@ -28,15 +31,23 @@ import dagger.Module
 import dagger.Provides
 import dagger.SingleInstanceIn
 import javax.inject.Named
+import kotlinx.coroutines.CoroutineScope
 
 @Module
 @ContributesTo(AppScope::class)
 object SecureStorageModule {
 
     @Provides
     @SingleInstanceIn(AppScope::class)
-    fun providesSecureStorageKeyStore(context: Context): SecureStorageKeyRepository =
-        RealSecureStorageKeyRepository(RealSecureStorageKeyStore(context))
+    fun providesSecureStorageKeyStore(
+        context: Context,
+        @AppCoroutineScope coroutineScope: CoroutineScope,
+        dispatcherProvider: DispatcherProvider,
+        autofillFeature: AutofillFeature,
+    ): SecureStorageKeyRepository =
+        RealSecureStorageKeyRepository(
+            RealSecureStorageKeyStore(context, coroutineScope, dispatcherProvider, autofillFeature),
+        )
 }
 
 @Module