chore(crypto): Deprecate CipherPool and remove stale logic/KDocs

Author: harrytmthy

safebox/src/main/AndroidManifest.xml

@@ -14,12 +14,4 @@
      See the License for the specific language governing permissions and
      limitations under the License.
 -->
-<manifest xmlns:android="http://schemas.android.com/apk/res/android">
-    <application>
-        <provider
-            android:name="com.harrytmthy.safebox.startup.SafeBoxStartupProvider"
-            android:authorities="${applicationId}.safebox-startup"
-            android:exported="false"
-            android:initOrder="100" />
-    </application>
-</manifest>
+<manifest />

safebox/src/main/java/com/harrytmthy/safebox/SafeBox.kt

@@ -172,6 +172,9 @@ public class SafeBox private constructor(
     }
 
     /**
+     * **Deprecated:** SafeBox reads now behave exactly like SharedPreferences, where `getXxx(...)`
+     * blocks the current thread until the initial load completes.
+     *
      * Sets the fallback behavior when values are accessed before the initial load completes.
      *
      * SafeBox performs a background load of previously written entries on initialization.
@@ -181,6 +184,7 @@ public class SafeBox private constructor(
      *
      * @param fallbackStrategy The behavior to apply when access is premature
      */
+    @Deprecated(message = "This method is now a no-op. Will be removed in v1.3.")
     public fun setInitialLoadStrategy(fallbackStrategy: ValueFallbackStrategy) {
         // no-op
     }
@@ -200,7 +204,7 @@ public class SafeBox private constructor(
     }
 
     /**
-     * **Deprecated:** SafeBox no longer supports instance closing.
+     * **Deprecated:** SafeBox no longer requires instance closing.
      *
      * Immediately closes the underlying file channel and releases resources.
      *
@@ -210,13 +214,13 @@ public class SafeBox private constructor(
      *
      * Closing during an active write can result in data corruption or incomplete persistence.
      */
-    @Deprecated(message = "This method is now a no-op, as SafeBox is always active and reusable.")
+    @Deprecated(message = "This method is now a no-op. Will be removed in v1.3.")
     public fun close() {
         // no-op
     }
 
     /**
-     * **Deprecated:** SafeBox no longer supports instance closing.
+     * **Deprecated:** SafeBox no longer requires instance closing.
      *
      * Closes the underlying file channel only after all pending writes have completed.
      *
@@ -227,7 +231,7 @@ public class SafeBox private constructor(
      * Internally, this launches a coroutine on [safeBoxScope] to wait until the SafeBox
      * becomes idle before releasing resources.
      */
-    @Deprecated(message = "This method is now a no-op, as SafeBox is always active and reusable.")
+    @Deprecated(message = "This method is now a no-op. Will be removed in v1.3.")
     public fun closeWhenIdle() {
         // no-op
     }

safebox/src/main/java/com/harrytmthy/safebox/cryptography/ChaCha20CipherProvider.kt

@@ -21,7 +21,10 @@ import android.security.keystore.KeyProperties.DIGEST_SHA256
 import com.harrytmthy.safebox.keystore.KeyProvider
 import com.harrytmthy.safebox.keystore.SafeSecretKey
 import org.bouncycastle.jcajce.spec.AEADParameterSpec
+import org.bouncycastle.jce.provider.BouncyCastleProvider
+import java.security.GeneralSecurityException
 import java.security.MessageDigest
+import java.security.Security
 import javax.crypto.Cipher
 
 /**
@@ -38,7 +41,15 @@ internal class ChaCha20CipherProvider(
     private val deterministic: Boolean,
 ) : CipherProvider {
 
-    private val cipherPool by lazy { SingletonCipherPoolProvider.getChaCha20CipherPool() }
+    private val cipher by lazy {
+        try {
+            Cipher.getInstance(TRANSFORMATION, BouncyCastleProvider.PROVIDER_NAME)
+        } catch (_: GeneralSecurityException) {
+            Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME)
+            Security.addProvider(BouncyCastleProvider())
+            Cipher.getInstance(TRANSFORMATION, BouncyCastleProvider.PROVIDER_NAME)
+        }
+    }
 
     private val cipherLock = Any()
 
@@ -51,10 +62,8 @@ internal class ChaCha20CipherProvider(
             }
             val paramSpec = AEADParameterSpec(iv, MAC_SIZE_BITS)
             val key = keyProvider.getOrCreateKey()
-            val encrypted = cipherPool.withCipher { cipher ->
-                cipher.init(Cipher.ENCRYPT_MODE, key, paramSpec)
-                cipher.doFinal(plaintext)
-            }
+            cipher.init(Cipher.ENCRYPT_MODE, key, paramSpec)
+            val encrypted = cipher.doFinal(plaintext)
             (key as? SafeSecretKey)?.releaseHeapCopy()
             iv + encrypted
         }
@@ -65,10 +74,8 @@ internal class ChaCha20CipherProvider(
             val actual = ciphertext.copyOfRange(IV_SIZE, ciphertext.size)
             val paramSpec = AEADParameterSpec(iv, MAC_SIZE_BITS)
             val key = keyProvider.getOrCreateKey()
-            val plaintext = cipherPool.withCipher { cipher ->
-                cipher.init(Cipher.DECRYPT_MODE, key, paramSpec)
-                cipher.doFinal(actual)
-            }
+            cipher.init(Cipher.DECRYPT_MODE, key, paramSpec)
+            val plaintext = cipher.doFinal(actual)
             (key as? SafeSecretKey)?.releaseHeapCopy()
             plaintext
         }

safebox/src/main/java/com/harrytmthy/safebox/cryptography/CipherPool.kt

@@ -25,6 +25,8 @@ import java.util.concurrent.atomic.AtomicInteger
 import javax.crypto.Cipher
 
 /**
+ * **Deprecated:** SafeBox now serializes crypto internally, where thread-safety is guaranteed.
+ *
  * A lightweight, coroutine-friendly object pool for [Cipher] instances.
  *
  * This pool ensures thread-safe and memory-efficient reuse of Cipher objects,
@@ -55,6 +57,7 @@ import javax.crypto.Cipher
  * }
  * ```
  */
+@Deprecated(message = "SafeBox no longer uses pooled ciphers. Will be removed in v1.3.")
 public class CipherPool @JvmOverloads constructor(
     initialSize: Int = DEFAULT_INITIAL_SIZE,
     maxSize: Int = DEFAULT_MAX_SIZE,
@@ -194,6 +197,7 @@ public class CipherPool @JvmOverloads constructor(
     }
 }
 
+@Deprecated(message = "SafeBox no longer uses pooled ciphers. Will be removed in v1.3.")
 public interface CipherPoolExecutor {
     fun executeLoadTask(task: () -> Unit)
     fun scheduleTrimmingTask(task: () -> Unit)

safebox/src/main/java/com/harrytmthy/safebox/cryptography/SingletonCipherPoolProvider.kt

@@ -82,7 +82,7 @@ internal class SafeSecretKey(
             lastCopy.get()?.let { return it } // fast path after lock acquisition
             val copy = keyBuffer.toByteArray().xorInPlace(mask)
             lastCopy.set(copy)
-            return copy
+            copy
         }
     }
 

safebox/src/main/java/com/harrytmthy/safebox/keystore/SafeSecretKey.kt

@@ -51,10 +51,10 @@ public enum class SafeBoxState {
     WRITING,
 
     /**
-     * **Deprecated:** This state is no longer emitted.
+     * **Deprecated:** SafeBox is always active and reusable.
      *
      * SafeBox has been closed and is no longer usable.
      */
-    @Deprecated(message = "This state is never emitted, as SafeBox is always active and reusable.")
+    @Deprecated(message = "This state is no longer emitted. Will be removed in v1.3.")
     CLOSED,
 }