Bump keyring-controller and browser-passworder

[mikesposito]

Description

This PR bumps these package versions:

• @metamask/keyring-controller to ^9.0.0
• @metamask/browser-passworder to ^4.3.0
• @metamask/eth-keyring-controller to ^15.1.0

This set of updates brings a change in the way encryption keys are derived from the user password.

To allow encryption with different iteration numbers (e.g. for different use cases), and to easily change these iterations independently in the future, an encryptor factory has been added.

For performance reasons, @metamask/eth-keyring-controller has been fixed to prefer the cached encryption key over the password (it will not derive it again), when it is initialized with cacheEncryptionKey: true and the encryptor supports it (which is the case with @metamask/browser-passworder) - for this reason, this change only impacts the login UX, instead of every user interaction with the keychain.

The encryptor for Snaps has been set lower for now.

Related issues

n/a

Manual testing steps

1. Unlock an existing vault should work
2. Locking and unlocking again should still work

Note from DanM: probably a good idea to test this on a lower powered machine to see the performance impact. Test the before and after impact on performance of logging in, going from the unlock screen to the home screen.

These changes might have a UX impact on slower devices, for the following actions:

• Wallet unlock
• Actions on KeyringController (or direct keyrings) that end with a call to persistAllKeyrings, which derives the encryption key again and re-encrypt the vault. e.g.:
  • Creating first seed phrase
  • Importing an existing seed phrase
  • Add an account
  • Remove an account
  • Connecting a hardware wallet of any kind
  • Adding a keyring
  • Removing a keyring
  • Importing account
  • (I might be forgetting something)
• Snaps interactions: some of them call encrypt / decrypt, which also derive the key before/after all the interactions
• There might be some UX oddities that we never noticed because of the fast derivation time, but that might be noticeable now (see this as an example)

Screenshots/Recordings

n/a

Before

n/a

After

n/a

Pre-merge author checklist

• I’ve followed MetaMask Coding Standards.
• I've clearly explained what problem this PR is solving and how it is solved.
• I've linked related issues
• I've included manual testing steps
• I've included screenshots/recordings if applicable
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.
• I’ve properly set the pull request status:
  • In case it's not yet "ready for review", I've set it to "draft".
  • In case it's "ready for review", I've changed it from "draft" to "non-draft".

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

New and updated dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
@metamask/eth-keyring-controller	15.1.0	None	+2	256 kB	gudahtt
@metamask/keyring-controller	9.0.0	None	+3	402 kB	metamaskbot
@metamask/eth-trezor-keyring	2.0.0...3.0.0	None	+0/-6	82.3 kB	metamaskbot

[mikesposito]

The applied fix has been ported upstream

[mcmire]

Looks good!

[mikesposito]

Uhm, looks like some of the tests intermittently fail, with a timeout error. Most of them seem to be unrelated (or not directly related at least) to a change in the encryption or the vault - This makes me think that the increased time needed by the key derivation might take up too much of the test case time, which ultimately leads to a timeout in some cases: this would explain a similar test flakiness

[mikesposito]

After some local debugging, I think I have a clearer idea of why this happens.

Some of our test cases open external pages in the browser to test dapp features, and these tests take action on these pages right after the login. Some of them explicitly wait some time (with driver.delay(1000);), some others don't wait at all: this was ok-ish when the key derivation and vault decryption was fast, because the login operation used to end before the external pages were loaded, but now that the decryption is much slower this assumption is wrong because this happens:

1. The test case inputs the password, then clicks on login
2. The test case immediately opens an external page
3. The test case immediately executes an action on the test dapp
4. The pop-up (any pop-up screen, like the one to sign for example) will open, but instead of showing the expected screen, it will show the login screen to input the password, as the decryption is still happening on the main initial view.
5. The test fails with a timeout, as the screen expected by the test will never show up

Not all tests are affected, as some of them don't use external pages, and some of them wait ~1 sec before taking actions on dapps, but this issue makes the tests completely flaky and dependent on the resources available on the system that runs them.

[mikesposito]

The solution can be to use a shared helper login function to be used by all tests. This function would:

1. Input the password, press on login
2. Wait for the login to actually end
3. Resolve, giving the control back to the test

This will ensure that by the time the tests use dapps (or any other operation that needs the login), the wallet will be already unlocked. I will address this issue in a separate PR for ease of review.

EDIT: Issue tracked by #21914 and fixed by #21915

[mikesposito]

@metamaskbot update-policies

[metamaskbot]

Policy update failed. You can review the logs or retry the policy update here

[metamaskbot]

Builds ready [0780ec6]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4
  • common: 0, 1, 2, 3, 4, 5, 6, 7
  • content-script: 0
  • contentscript: contentscript
  • disable-console: disable-console
  • inpage: inpage
  • policy-load: policy-load
  • sentry-install: sentry-install
  • ui: 0, 1, 10, 11, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (1397 ± 138 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	87	377	161	80	38
		domContentLoaded	10	195	33	48	23
		load	838	1833	1397	287	138
		domInteractive	10	195	33	48	23

Bundle size diffs [🚀 Bundle size reduced!]

• background: -129.58 KiB (-3.48%)
• ui: 0 Bytes (0.00%)
• common: 0 Bytes (0.00%)

[metamaskbot]

Builds ready [96a1a43]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4
  • common: 0, 1, 2, 3, 4, 5, 6, 7
  • content-script: 0
  • contentscript: contentscript
  • disable-console: disable-console
  • inpage: inpage
  • policy-load: policy-load
  • sentry-install: sentry-install
  • ui: 0, 1, 10, 11, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (1335 ± 102 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	89	150	116	21	10
		domContentLoaded	9	32	15	6	3
		load	911	1638	1335	212	102
		domInteractive	9	32	15	6	3

Bundle size diffs [🚀 Bundle size reduced!]

• background: -129.58 KiB (-3.48%)
• ui: 0 Bytes (0.00%)
• common: 0 Bytes (0.00%)

[legobeat]

Have not performed manual testing but changes LGTM

[metamaskbot]

Builds ready [c33de4f]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4
  • common: 0, 1, 2, 3, 4, 5, 6
  • content-script: 0
  • contentscript: contentscript
  • disable-console: disable-console
  • inpage: inpage
  • policy-load: policy-load
  • sentry-install: sentry-install
  • ui: 0, 1, 10, 11, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (1386 ± 135 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	86	272	151	48	23
		domContentLoaded	9	179	37	46	22
		load	799	1812	1386	280	135
		domInteractive	9	179	37	46	22

Bundle size diffs [🚀 Bundle size reduced!]

• background: -294.98 KiB (-7.93%)
• ui: 0 Bytes (0.00%)
• common: -2 Bytes (-0.00%)

[mikesposito]

Bundle size diffs [🚀 Bundle size reduced!]
background: -294.98 KiB (-7.93%)

‼️

[mcmire]

Looks great!

[mcmire]

Perhaps we could extract this to a function whose name reflects this need in the future if we forget this, but this makes sense for now!

[legobeat]

Bundle size diffs [🚀 Bundle size reduced!]
background: -294.98 KiB (-7.93%)

‼️

Catching up on and deduping dependencies starting to pay off !

[metamaskbot]

Missing release label release-11.7.4 on PR. Adding release label release-11.7.4 on PR and removing other release labels(release-11.8.0), as PR was cherry-picked in branch 11.7.4.