periodically refresh keys from EKM

[tomholub]

part of #275

Each time the app starts, if clientConfiguration.usesKeyManager is true, the app should refetch keys from EKM and update the local ones. The fetch should be in the background, not holding up the app during startup. Thrown network errors can be ignored but not other types of errors (which should show error modal on whichever screen will load next)

The update mechanism should be similar to what we do for updating received public keys:

• for each received key, check if we have that key in storage, by primary fingerprint
• if we don't have the key in storage, add it
• if we do, check if the received key is more recent than the local key, by dateLastModified
• if received key is newer, replace stored key with the received one
• else if it's same or older, leave the stored key as is

HOWEVER, these being private keys, we have to ensure to encrypt them with pass phrase before storing. If the pass phrase (for any of the existing keys already in storage) is already available, then we use the same pass phrase to encrypt each key that we are updating, and then store encrypted.

If the pass phrase is not available at that moment, then we display a pass phrase prompt (for iOS this would be just a modal) with Enter pass phrase to keep your account keys up to date. There would be an ok and cancel button, and cancel would do nothing, meaning next time the app restarts, they should see the same.

Ui tests can be written for this as follows:

test 1: app auto updates keys from EKM during startup with a pass phrase prompt

• // stage 1 - setup
• set up mock FES and EKM
  • FES should have FORBID_STORING_PASS_PHRASE
  • EKM should have any one key returned
• set up the app
• go to app settings -> keys and observe which key it has
• // stage 2 - prompt appears / wrong pass phrase rejected / cancel
• change EKM mock to start returning one more key
• restart the app
• observe that it shows EKM pass phrase prompt. Enter wrong pass phrase in the prompt. Observe it gets rejected / prompt remains.
• cancel the prompt. check settings -> keys and observe it stayed the same
• // stage 3 - new key gets added
• restart the app.
• enter the correct pass phrase. Observe that a toast message shows up with Account keys updated
• go to settings -> keys and observe that it updated the keys
• // stage 4 - modified key gets updated, removed key does not get removed
• change EKM mock to start returning an updated version of one of the existing keys. Stop returning the other key
• restart app, enter pass phrase into prompt, observe Account keys updated
• go to settings -> keys. Observe that no key was removed, and then updated key was updated
• // stage 5 - older version of key does not get updated
• change EKM mock to start returning only the older version of that modified key again
• restart app
• observe no prompt shows
• go to settings -> keys. Observe keys remain the same as in stage 4.
• success

test 2: app auto updates keys from EKM during startup without pass phrase prompt

• // stage 1 - setup
• set up mock FES and EKM
  • FES should NOT have FORBID_STORING_PASS_PHRASE
  • EKM should have any one key returned
• set up the app
• go to app settings -> keys and observe which key it has
• // stage 2 - keys get autoupdated
• change EKM mock to start returning one more key
• restart the app
• observe that a toast message shows up with Account keys updated
• go to settings -> keys and observe that a key was added
• // stage 3 - nothing to update
• restart the app
• observe that no toast shows during startup
• go to settings -> keys and see they are unchanged

test 3: EKM key update errors handled gracefully

• // stage 1 - setup
• set up mock FES and EKM, with one key returned by EKM
• set up the app
• go to app settings -> keys and observe which key it has
• // stage 2 - EKM down
• change EKM mock to start returning error 500
• restart the app
• observe that no modal shows during startup. Go to app settings -> keys, notice keys stayed the same
• // stage 3 - error shown to user
• change EKM mock to start returning a broken key (for example, only return the first half of the armored key text)
• restart the app
• observe that the app shows a modal during startup Could not update keys from EKM due to error: and followed by whatever error happened.
• tap close on the modal and observe that inbox loads normally
• go to app settings -> keys and observe they stayed the same

[tomholub]

When new key is added in EKM and we need to add it in our local, which passphrase do we have to use for encryption before we save it in local?

If any pass phrase for any key is available in storage or in memory, use that pass phrase for the new key.

Do we have to ask user to enter passphrase (passphrase prompt) in this case?

Not if any passphrase is already known.

If no pass phrase for any key is known, need to prompt & double check that the entered pass phrase matches against at least one other key to consider it valid.

[tomholub]

Let's say there are 2 keys in local and EKM (but let's say EKM keys are newer which means we have to update both 2 keys).
And let's say local saved keys passphrase is nil.
In this case, we have to ask user for passphrase (to store encrypted key) by displaying prompt.

correct

My question is for 2nd key, do we have to display passphrase prompt again or need to use previous passphrase which was entered for the 1st key.

use one pass phrase for all keys. So you are not entering pass phrase per key, you are entering one for the whole operation, regardless how many keys there were.

---

Even though the db schema supports potentially different pass phrase for each key, for EKM setups, we always encrypt all user keys with one pass phrase (user enters exactly one pass phrase during setup regardless of amount of keys).

Therefore you only also need at one pass phrase from user, and if you ask the user to enter it, you only need to check against one existing key.

[tomholub]

It's one pass phrase that we need, for all keys. If user declines to enter pass phrase and wants to do something else, then we skip this update for all keys.

[tomholub]

@tomholub For this test, As I checked DEFAULT_REMEMBER_PASS_PHRASE is not respected in iOS app. Do we have to implement this feature (DEFAULT_REMEMBER_PASS_PHRASE) in current issue?

test 2: app auto updates keys from EKM during startup without pass phrase prompt
// stage 1 - setup
set up mock FES and EKM
FES should have DEFAULT_REMEMBER_PASS_PHRASE
EKM should have any one key returned

Please make a separate PR for just this functionality. We'll merge it in, and then you'll update here from master.

[tomholub]

For enterprise setups with EKM, I want all keys of a user to have the same pass phrase.

So anytime saving any key (new or updated) from EKM during update:

1. retrieve pass phrase that matches any key that already exists on the device. If the device knows the pass phrase of any existing key, no need to ask user. If you need to ask user, cross check against existing keys to make sure it matches any one of them.
2. update or save keys as appropriate, with that pass phrase.

I don't want users to set up their account with key A and then receive another key B and set another pass phrase for it. Even though the database would allow it, I actually want EKM users to always use the same pass phrase for all of their keys.

[tomholub]

In second stage, we have to add that additional key in storage and need to ask user pass phrase. (we can't know current saved pass phrase as FORBID_STORING_PASS_PHRASE is set)

Because you don't know the current pass phrase, you have to ask the user for the current pass phrase of the existing key, and keep asking until user gives you the right pass phrase for the existing key.

Then you use that pass phrase (cross checked against existing key) for the newly added key as well.

Ensuring that all pass phrases in fact remain the same.

[tomholub]

That's right. I'm trying to keep pass phrases for all keys consistent for EKM users. It will make for better UX.