Page MenuHomePhabricator

[CommCoreModule][native] expose getting User Keys
AcceptedPublic

Authored by kamil on Fri, Nov 22, 3:50 AM.
Tags
None
Referenced Files
F3387242: D14005.id45946.diff
Fri, Nov 29, 8:24 AM
Unknown Object (File)
Wed, Nov 27, 8:30 PM
Unknown Object (File)
Wed, Nov 27, 9:06 AM
Unknown Object (File)
Tue, Nov 26, 9:52 AM
Unknown Object (File)
Tue, Nov 26, 3:04 AM
Unknown Object (File)
Mon, Nov 25, 1:34 PM
Unknown Object (File)
Fri, Nov 22, 6:46 AM
Unknown Object (File)
Fri, Nov 22, 6:45 AM
Subscribers

Details

Reviewers
bartek
tomek
Summary

Part of ENG-9656

There are different ways on how this could be realized:
Option 1

  1. retrieveLatestBackupInfo -> to get backupID, userID, and siweBackupData
  2. getBackupUserKeys -> to get full User Keys set, later on, secrets are used to restore Backup Data and the account is passed to CommCoreModule again to get the signature of the device list, this is the cleanest and has the least complexity but we transfer pickled account using JSI
  3. restoreBackupData -> to restore User Data (the same for both Restore and Secondary Device Auth)

Option 2

  1. retrieveLatestBackupInfo -> to get backupID, userID, and siweBackupData
  2. getBackupUserKeys -> to get only backup secrets used to Restore, having one more param which is the device list to sign and return secrets along with the signed device list, it's similar in terms of readability to Option 1, avoids transferring pickled account using JSI but it's a lot more complex on the C++/Rust level
  3. restoreBackupData -> to restore User Data (the same for both Restore and Secondary Device Auth)

Option 3

  1. retrieveLatestBackupInfo -> to get backupID, userID, and siweBackupData
  2. getBackupUserKeys -> only to get the signature of the device list, downloaded backup secrets are stored somewhere in the native code (not sure where) and can be later used for restoring. Really complex but we don't pass any data via JSI
  3. restoreBackupData -> to restore User Data, but two different implementations: for Secondary Device secrets are passed as params (received from the primary), on restore those are stored somewhere in the native code

I implemented Option 1, but I am open to implementing Option 2 if someone thinks this is better.

Note that retrieveLatestBackupInfo and getBackupUserKeys ale always two separate calls - it's from the nature of the backup, which was designed to "stream" data directly from the Blob service in case of User Keys and User Data, so adding userID and siweBackupData there is not possible.

Depends on D14004

Test Plan

Tested all backup options in backup menu, tested secondary device auth

Diff Detail

Repository
rCOMM Comm
Branch
secondary-auth
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

kamil held this revision as a draft.
native/native_rust_library/src/backup.rs
353

We need to use unauthorized endpoint, at this point in Restore flow we don't have the CSAT yet

native/profile/backup-menu.react.js
85

In the future, there will be a signing device list using Olm account from userKeys and an update device list RPC (before restoreBackupData call)

native/backup/restore-siwe-backup.react.js
58

Re. option 1 vs 2 - I don't think avoiding JSI transfers is worth additional native code complexity, so IMO option 1 is good

This revision is now accepted and ready to land.Tue, Nov 26, 1:55 AM