Page MenuHomePhabricator

Implement inbound notif session creation from the NSE with race condition handling
ClosedPublic

Authored by marcin on Jul 15 2024, 5:18 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Dec 22, 4:43 PM
Unknown Object (File)
Sun, Dec 22, 4:43 PM
Unknown Object (File)
Sun, Dec 22, 4:43 PM
Unknown Object (File)
Sun, Dec 22, 4:43 PM
Unknown Object (File)
Sun, Dec 22, 4:43 PM
Unknown Object (File)
Sun, Dec 22, 4:43 PM
Unknown Object (File)
Sun, Dec 22, 4:43 PM
Unknown Object (File)
Fri, Dec 20, 8:47 AM
Subscribers

Details

Summary

This differential implements inbound notification session creation with race condition handling. The NSE code is modified to use this mechanism when receiving E2EE notification from peer. Android part in CommNotificationsHandler.java will be added shortly after Tunnelbroker <-> FCM diff is out.

Test Plan
  1. Apply this patch: https://gist.github.com/marcinwasowicz/8bdc755abad8ecf81f3bd01c6ca34376
  2. Send notification from web to iOS device.
  3. Ensure that each notification results in two identical notification being displayed. One is from the keyserver. The other is from tunnelbroker and is E2EE encrypted.
  4. I also added some logs in NotificationsCryptoModule so that it is logged whether we create new session or use existing one. I only saw the first type of log once.

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

native/cpp/CommonCpp/Notifications/BackgroundDataStorage/NotificationsCryptoModule.h
114 ↗(On Diff #42290)

When we create inbound session from notification we need to return updated notif account state as well since one time key is removed from the account.

147 ↗(On Diff #42290)

When we win race condition we create an emphemeral one time session to decrypt single message but we don't persist anything. The StatefulPeerConflictDecryptResult implementation of flushState is a np-op.

Harbormaster returned this revision to the author for changes because remote builds failed.Jul 15 2024, 5:42 AM
Harbormaster failed remote builds in B30328: Diff 42290!
native/cpp/CommonCpp/Notifications/BackgroundDataStorage/NotificationsCryptoModule.cpp
613 ↗(On Diff #42290)
native/cpp/CommonCpp/Notifications/BackgroundDataStorage/NotificationsCryptoModule.cpp
709 ↗(On Diff #42290)

Decryption with immediate state persistence is used on Android.

Use common C++ implementation on Android. It was tested the same way as iOS using latest staging Tunnelbroker release

kamil added inline comments.
native/cpp/CommonCpp/CryptoTools/Session.cpp
86–91

this is huge change, I would create a separate diff to test it separately but I think it's okay

This revision is now accepted and ready to land.Jul 25 2024, 7:46 AM