MetaMask · Prithpal-Sooriya · Nov 25, 2024
@@ -99,6 +99,17 @@
   }
 }
 
+// SHOVE THIS SOMEWHERE ELSE
+const areUInt8ArraysEqual = (arr1: Uint8Array, arr2: Uint8Array) => {
+  // Check if the arrays have the same length
+  if (arr1.length !== arr2.length) {
+    return false;
+  }
+
+  // Use the every method to compare each element
+  return arr1.every((value, index) => value === arr2[index]);
+};
+
 /**
  * User Storage Service - Get all storage entries for a specific feature.
  *
@@ -135,7 +146,20 @@
       return null;
     }
 
+    // BEFORE WE DECRYPT: lets see if we will need to make the entries converge to the same salt
+    const salts = userStorage
+      .map((e) => {
+        try {
+          return encryption.getSalt(e.Data);
+        } catch {
+          return undefined;
+        }
+      })
+      .filter((s): s is Uint8Array => s !== undefined);
+    const hasDifferentSalts = new Set(salts).size !== salts.length;
+
     const decryptedData: string[] = [];
+    const hashedKey: string[] = [];
 
     for (const entry of userStorage) {
       if (!entry.Data) {
@@ -149,11 +173,22 @@
           nativeScryptCrypto,
         );
         decryptedData.push(data);
+        hashedKey.push(entry.HashedKey);
       } catch {
         // do nothing
       }
     }
 
+    // BEFORE WE RETURN, MAKE SURE TO ALIGN SALTS
+    if (hasDifferentSalts) {
+      // AH FEK, THIS FUNCTION DOESN'T TELL US THE KEYS
+      // TECHNICALLY WE ALREADY KNOW THE HASHED KEY? CAN WE MODIFY TO PASS IT IN?
+      const newEntries = decryptedData.map(
+        (d, idx) => [hashedKey[idx], d] as [string, string],
+      );
+      await batchUpsertUserStorage(newEntries, opts);
+    }
+
     return decryptedData;
   } catch (e) {
     log.error('Failed to get user storage', e);

@@ -171,6 +171,33 @@ class EncryptorDecryptor {
     return bytesToUtf8(this.#decrypt(ciphertextAndNonce, key));
   }
 
+  getSalt(encryptedDataStr: string) {
+    // TODO - DRY/CLEANUP VALIDATION FROM THIS SPLITTING STEP
+    try {
+      const encryptedData: EncryptedPayload = JSON.parse(encryptedDataStr);
+      if (encryptedData.v === '1') {
+        if (encryptedData.t === 'scrypt') {
+          const { d: base64CiphertextAndNonceAndSalt, saltLen } = encryptedData;
+
+          // Decode the base64.
+          const ciphertextAndNonceAndSalt = base64ToByteArray(
+            base64CiphertextAndNonceAndSalt,
+          );
+
+          // Create buffers of salt and ciphertextAndNonce.
+          const salt = ciphertextAndNonceAndSalt.slice(0, saltLen);
+          return salt;
+        }
+      }
+      throw new Error(
+        `Unsupported encrypted data payload - ${encryptedDataStr}`,
+      );
+    } catch (e) {
+      const errorMessage = e instanceof Error ? e.message : JSON.stringify(e);
+      throw new Error(`Unable to decrypt string - ${errorMessage}`);
+    }
+  }
+
   #encrypt(plaintext: Uint8Array, key: Uint8Array): Uint8Array {
     const nonce = randomBytes(ALGORITHM_NONCE_SIZE);