hcs-core: key rotation

[gregscullard]

Problem No key rotation option

Solution Implement key rotation taking care of the following potential race conditions:

-Alice and Bob both trigger key rotation at the same time (subject to sharing a symmetric key)

• Whoever triggered first (say Alice) is followed up, Bob should cancel his own rotation and Alice should ignore his. -Alice sends a message shortly after Bob initiated key rotation, but before she received the rotation init notification
• Alice continues to use the current key, so does bob. -Bob sends messages to Alice before she's acknowledged the key rotation
• Bob continues to use the current key, so does Alice -Bob receives messages from Alice while rotation is in progress
• Bob continues to use the current key, so does Alice

initiate -Alice initiates key rotation

• Bob and Alice continue using the current key for any messages
• If Bob also initiated key rotation after Alice, he and Alice both ignore that request

respond -Bob responds to Alice

• Bob uses the new key for any messages after responding
• Alice continues to use the current key

finalise -Alice receives Bob's response and finalises

• Bob uses the new key for any messages already
• Alice uses the new key from that point forward

This requires Bob and Alice to hold onto the current and new key until either has received a message they can successfully decrypt with the new key. At this point, the old key can be discarded and the current key becomes the new key. Until then, the current key is retained.

See related issue #408

Alternatives There is no alternative.