Page MenuHomePhabricator
Differential D13046

[lib] reset session and resend message when device is unable to decrypt messages
ClosedPublic
Actions

Authored by kamil on Aug 12 2024, 2:49 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Mar 12, 6:31 AM
Unknown Object (File)
Tue, Mar 11, 9:36 AM
Unknown Object (File)
Wed, Mar 5, 8:21 AM
Unknown Object (File)
Feb 22 2025, 11:12 PM
Unknown Object (File)
Feb 22 2025, 11:12 PM
Unknown Object (File)
Feb 22 2025, 11:12 PM
Unknown Object (File)
Feb 22 2025, 11:11 PM
Unknown Object (File)
Feb 22 2025, 11:09 PM
View All 72 Files
Subscribers
ashoat

Details

Reviewers
tomek
marcin
Commits
rCOMM575677018ac0: [lib] reset session and resend message when device is unable to decrypt messages
Summary

ENG-6982.

We want to reset session when there was an error while decrypting.

Depends on D13033

Test Plan
  1. Create a session between devices A and B
  2. On B comment out sending confirmation.
  3. Send some messages from A to B
  4. On B simulate Olm error.
  5. Test that all messages are sent again and decrypted successfully.

Diff Detail

Repository
rCOMM Comm
Branch
land
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

kamil created this revision.Aug 12 2024, 2:49 AM
kamil held this revision as a draft.
Herald added a subscriber: ashoat. · View Herald TranscriptAug 12 2024, 2:49 AM
kamil published this revision for review.Aug 12 2024, 3:04 AM
kamil added inline comments.
lib/utils/olm-utils.js
126–129 ↗(On Diff #43304)

We no longer track order and not using sequential decrypt

Harbormaster failed remote builds in B31040: Diff 43304!Aug 12 2024, 3:07 AM
kamil added a child revision: D13047: [SQLite] recreate table for Inbound P2P messages.Aug 12 2024, 6:43 AM
tomek accepted this revision.Aug 19 2024, 5:46 AM
tomek added inline comments.
lib/utils/olm-utils.js
123 ↗(On Diff #43304)
This revision is now accepted and ready to land.Aug 19 2024, 5:46 AM
kamil updated this revision to Diff 43498.Aug 20 2024, 3:53 AM

address review

Harbormaster completed remote builds in B31168: Diff 43498.Aug 20 2024, 4:10 AM
Closed by commit rCOMM575677018ac0: [lib] reset session and resend message when device is unable to decrypt messages (authored by kamil). · Explain WhyAug 21 2024, 2:57 AM
This revision was automatically updated to reflect the committed changes.
kamil added a commit: rCOMM575677018ac0: [lib] reset session and resend message when device is unable to decrypt messages.

Revision Contents
Changeset List

PathSize
lib/
tunnelbroker/
36 lines
utils/
9 lines

Diff 43498

View Options

lib/tunnelbroker/use-peer-to-peer-message-handler.js

// @flow // @flow
import invariant from 'invariant'; import invariant from 'invariant';
import * as React from 'react'; import * as React from 'react';
import { logOutActionTypes, useLogOut } from '../actions/user-actions.js'; import {
keyserverAuthActionTypes,
logOutActionTypes,
useKeyserverAuth,
useLogOut,
} from '../actions/user-actions.js';
import { extractKeyserverIDFromID } from '../keyserver-conn/keyserver-call-utils.js';
import { filterThreadIDsInFilterList } from '../reducers/calendar-filters-reducer.js';
import { import {
connectionSelector, connectionSelector,
cookieSelector, cookieSelector,
deviceTokenSelector,
} from '../selectors/keyserver-selectors.js'; } from '../selectors/keyserver-selectors.js';
import { IdentityClientContext } from '../shared/identity-client-context.js'; import { IdentityClientContext } from '../shared/identity-client-context.js';
import { OlmSessionCreatorContext } from '../shared/olm-session-creator-context.js'; import { OlmSessionCreatorContext } from '../shared/olm-session-creator-context.js';
import type { BaseSocketProps } from '../socket/socket.react.js'; import type { BaseSocketProps } from '../socket/socket.react.js';
import { logInActionSources } from '../types/account-types.js';
import { useDispatchActionPromise } from '../utils/redux-promise-utils.js'; import { useDispatchActionPromise } from '../utils/redux-promise-utils.js';
import { useSelector } from '../utils/redux-utils.js'; import { useSelector } from '../utils/redux-utils.js';
import { usingCommServicesAccessToken } from '../utils/services-utils.js'; import { usingCommServicesAccessToken } from '../utils/services-utils.js';
import { ashoatKeyserverID } from '../utils/validation-utils.js'; import { ashoatKeyserverID } from '../utils/validation-utils.js';
type Props = { type Props = {
...BaseSocketProps, ...BaseSocketProps,
+keyserverID: string, +keyserverID: string,
+socketComponent: React.ComponentType<BaseSocketProps>, +socketComponent: React.ComponentType<BaseSocketProps>,
}; };
function KeyserverConnectionHandler(props: Props) { function KeyserverConnectionHandler(props: Props) {
const { socketComponent: Socket, keyserverID, ...rest } = props; const { socketComponent: Socket, keyserverID, ...rest } = props;
const dispatchActionPromise = useDispatchActionPromise(); const dispatchActionPromise = useDispatchActionPromise();
const callLogOut = useLogOut(); const callLogOut = useLogOut();
const keyserverAuth = useKeyserverAuth();
const hasConnectionIssue = useSelector( const hasConnectionIssue = useSelector(
state => !!connectionSelector(keyserverID)(state)?.connectionIssue, state => !!connectionSelector(keyserverID)(state)?.connectionIssue,
); );
const cookie = useSelector(cookieSelector(keyserverID)); const cookie = useSelector(cookieSelector(keyserverID));
const keyserverDeviceToken = useSelector(deviceTokenSelector(keyserverID));
// We have an assumption that we should be always connected to Ashoat's
// keyserver. It is possible that a token which it has is correct, so we can
// try to use it. In worst case it is invalid and our push-handler will try
// to fix it.
ashoatUnsubmitted
Not Done
Inline Actions

This logic is a bit confusing.

I guess the reason we decided to store a separate deviceToken per keyserver is because we want to know if we've shared our deviceToken to that keyserver yet, not because we expect to have a different deviceToken per keyserver.

It would probably make more sense if we have a deviceTokenHasBeenUploaded: boolean in KeyserverInfo, and a deviceToken field at the top level of Redux. But we'll likely end up removing deviceTokens from keyservers soon anyways...

ashoat: This logic is a bit confusing. I guess the reason we decided to store a separate `deviceToken`…
tomekAuthorUnsubmitted
Done
Inline Actions

It would probably make more sense if we have a deviceTokenHasBeenUploaded: boolean in KeyserverInfo, and a deviceToken field at the top level of Redux. But we'll likely end up removing deviceTokens from keyservers soon anyways...

Agree. But moving the token to Tunnelbroker will simplify it even more. For now, I don't think it is worth fixing now.

tomek: > It would probably make more sense if we have a deviceTokenHasBeenUploaded: boolean in…
const ashoatKeyserverDeviceToken = useSelector(
deviceTokenSelector(ashoatKeyserverID),
);
const deviceToken = keyserverDeviceToken ?? ashoatKeyserverDeviceToken;
const navInfo = useSelector(state => state.navInfo);
const calendarFilters = useSelector(state => state.calendarFilters);
const calendarQuery = React.useMemo(() => {
const filters = filterThreadIDsInFilterList(
calendarFilters,
(threadID: string) => extractKeyserverIDFromID(threadID) === keyserverID,
);
return {
startDate: navInfo.startDate,
endDate: navInfo.endDate,
filters,
};
}, [calendarFilters, keyserverID, navInfo.endDate, navInfo.startDate]);
React.useEffect(() => { React.useEffect(() => {
if (hasConnectionIssue) { if (hasConnectionIssue) {
void dispatchActionPromise(logOutActionTypes, callLogOut()); void dispatchActionPromise(logOutActionTypes, callLogOut());
} }
}, [callLogOut, hasConnectionIssue, dispatchActionPromise]); }, [callLogOut, hasConnectionIssue, dispatchActionPromise]);
const identityContext = React.useContext(IdentityClientContext); const identityContext = React.useContext(IdentityClientContext);
invariant(identityContext, 'Identity context should be set'); invariant(identityContext, 'Identity context should be set');
const { identityClient } = identityContext; const { identityClient, getAuthMetadata } = identityContext;
const olmSessionCreator = React.useContext(OlmSessionCreatorContext); const olmSessionCreator = React.useContext(OlmSessionCreatorContext);
invariant(olmSessionCreator, 'Olm session creator should be set'); invariant(olmSessionCreator, 'Olm session creator should be set');
React.useEffect(() => { React.useEffect(() => {
if (!usingCommServicesAccessToken) { if (!usingCommServicesAccessToken) {
return; return;
} }
void (async () => { void (async () => {
try { try {
const keyserverKeys = const keyserverKeys =
await identityClient.getKeyserverKeys(keyserverID); await identityClient.getKeyserverKeys(keyserverID);
// eslint-disable-next-line no-unused-vars
const [notifsSession, contentSession] = await Promise.all([ const [notifsSession, contentSession] = await Promise.all([
olmSessionCreator.notificationsSessionCreator( olmSessionCreator.notificationsSessionCreator(
cookie, cookie,
keyserverKeys.identityKeysBlob.notificationIdentityPublicKeys, keyserverKeys.identityKeysBlob.notificationIdentityPublicKeys,
keyserverKeys.notifInitializationInfo, keyserverKeys.notifInitializationInfo,
keyserverID, keyserverID,
), ),
olmSessionCreator.contentSessionCreator( olmSessionCreator.contentSessionCreator(
keyserverKeys.identityKeysBlob.primaryIdentityPublicKeys, keyserverKeys.identityKeysBlob.primaryIdentityPublicKeys,
keyserverKeys.contentInitializationInfo, keyserverKeys.contentInitializationInfo,
), ),
]); ]);
const { userID, deviceID } = await getAuthMetadata();
invariant(userID, 'userID should be set');
invariant(deviceID, 'deviceID should be set');
const deviceTokenUpdateInput = deviceToken
? { [keyserverID]: { deviceToken } }
: {};
await dispatchActionPromise(
keyserverAuthActionTypes,
keyserverAuth({
userID,
deviceID,
doNotRegister: false,
calendarQuery,
deviceTokenUpdateInput,
logInActionSource: process.env.BROWSER
? logInActionSources.keyserverAuthFromWeb
: logInActionSources.keyserverAuthFromNative,
keyserverData: {
[keyserverID]: {
initialContentEncryptedMessage: contentSession,
initialNotificationsEncryptedMessage: notifsSession,
},
},
}),
);
} catch (e) { } catch (e) {
console.log( console.log(
`Error getting keys for keyserver with id ${keyserverID}`, `Error while authenticating to keyserver with id ${keyserverID}`,
e, e,
); );
} }
})(); })();
}, [keyserverID, identityClient, olmSessionCreator, cookie]); }, [
keyserverID,
identityClient,
olmSessionCreator,
cookie,
getAuthMetadata,
dispatchActionPromise,
keyserverAuth,
deviceToken,
calendarQuery,
]);
if (keyserverID !== ashoatKeyserverID) { if (keyserverID !== ashoatKeyserverID) {
return null; return null;
} }
return <Socket {...rest} />; return <Socket {...rest} />;
} }
const Handler: React.ComponentType<Props> = React.memo<Props>( const Handler: React.ComponentType<Props> = React.memo<Props>(
KeyserverConnectionHandler, KeyserverConnectionHandler,
); );
export default Handler; export default Handler;
View Options

lib/utils/olm-utils.js

// @flow // @flow
import invariant from 'invariant'; import invariant from 'invariant';
import * as React from 'react'; import * as React from 'react';
import { logOutActionTypes, useLogOut } from '../actions/user-actions.js'; import {
keyserverAuthActionTypes,
logOutActionTypes,
useKeyserverAuth,
useLogOut,
} from '../actions/user-actions.js';
import { extractKeyserverIDFromID } from '../keyserver-conn/keyserver-call-utils.js';
import { filterThreadIDsInFilterList } from '../reducers/calendar-filters-reducer.js';
import { import {
connectionSelector, connectionSelector,
cookieSelector, cookieSelector,
deviceTokenSelector,
} from '../selectors/keyserver-selectors.js'; } from '../selectors/keyserver-selectors.js';
import { IdentityClientContext } from '../shared/identity-client-context.js'; import { IdentityClientContext } from '../shared/identity-client-context.js';
import { OlmSessionCreatorContext } from '../shared/olm-session-creator-context.js'; import { OlmSessionCreatorContext } from '../shared/olm-session-creator-context.js';
import type { BaseSocketProps } from '../socket/socket.react.js'; import type { BaseSocketProps } from '../socket/socket.react.js';
import { logInActionSources } from '../types/account-types.js';
import { useDispatchActionPromise } from '../utils/redux-promise-utils.js'; import { useDispatchActionPromise } from '../utils/redux-promise-utils.js';
import { useSelector } from '../utils/redux-utils.js'; import { useSelector } from '../utils/redux-utils.js';
import { usingCommServicesAccessToken } from '../utils/services-utils.js'; import { usingCommServicesAccessToken } from '../utils/services-utils.js';
import { ashoatKeyserverID } from '../utils/validation-utils.js'; import { ashoatKeyserverID } from '../utils/validation-utils.js';
type Props = { type Props = {
...BaseSocketProps, ...BaseSocketProps,
+keyserverID: string, +keyserverID: string,
+socketComponent: React.ComponentType<BaseSocketProps>, +socketComponent: React.ComponentType<BaseSocketProps>,
}; };
function KeyserverConnectionHandler(props: Props) { function KeyserverConnectionHandler(props: Props) {
const { socketComponent: Socket, keyserverID, ...rest } = props; const { socketComponent: Socket, keyserverID, ...rest } = props;
const dispatchActionPromise = useDispatchActionPromise(); const dispatchActionPromise = useDispatchActionPromise();
const callLogOut = useLogOut(); const callLogOut = useLogOut();
const keyserverAuth = useKeyserverAuth();
const hasConnectionIssue = useSelector( const hasConnectionIssue = useSelector(
state => !!connectionSelector(keyserverID)(state)?.connectionIssue, state => !!connectionSelector(keyserverID)(state)?.connectionIssue,
); );
const cookie = useSelector(cookieSelector(keyserverID)); const cookie = useSelector(cookieSelector(keyserverID));
const keyserverDeviceToken = useSelector(deviceTokenSelector(keyserverID));
// We have an assumption that we should be always connected to Ashoat's
// keyserver. It is possible that a token which it has is correct, so we can
// try to use it. In worst case it is invalid and our push-handler will try
// to fix it.
ashoatUnsubmitted
Not Done
Inline Actions

This logic is a bit confusing.

I guess the reason we decided to store a separate deviceToken per keyserver is because we want to know if we've shared our deviceToken to that keyserver yet, not because we expect to have a different deviceToken per keyserver.

It would probably make more sense if we have a deviceTokenHasBeenUploaded: boolean in KeyserverInfo, and a deviceToken field at the top level of Redux. But we'll likely end up removing deviceTokens from keyservers soon anyways...

ashoat: This logic is a bit confusing. I guess the reason we decided to store a separate `deviceToken`…
tomekAuthorUnsubmitted
Done
Inline Actions

It would probably make more sense if we have a deviceTokenHasBeenUploaded: boolean in KeyserverInfo, and a deviceToken field at the top level of Redux. But we'll likely end up removing deviceTokens from keyservers soon anyways...

Agree. But moving the token to Tunnelbroker will simplify it even more. For now, I don't think it is worth fixing now.

tomek: > It would probably make more sense if we have a deviceTokenHasBeenUploaded: boolean in…
const ashoatKeyserverDeviceToken = useSelector(
deviceTokenSelector(ashoatKeyserverID),
);
const deviceToken = keyserverDeviceToken ?? ashoatKeyserverDeviceToken;
const navInfo = useSelector(state => state.navInfo);
const calendarFilters = useSelector(state => state.calendarFilters);
const calendarQuery = React.useMemo(() => {
const filters = filterThreadIDsInFilterList(
calendarFilters,
(threadID: string) => extractKeyserverIDFromID(threadID) === keyserverID,
);
return {
startDate: navInfo.startDate,
endDate: navInfo.endDate,
filters,
};
}, [calendarFilters, keyserverID, navInfo.endDate, navInfo.startDate]);
React.useEffect(() => { React.useEffect(() => {
if (hasConnectionIssue) { if (hasConnectionIssue) {
void dispatchActionPromise(logOutActionTypes, callLogOut()); void dispatchActionPromise(logOutActionTypes, callLogOut());
} }
}, [callLogOut, hasConnectionIssue, dispatchActionPromise]); }, [callLogOut, hasConnectionIssue, dispatchActionPromise]);
const identityContext = React.useContext(IdentityClientContext); const identityContext = React.useContext(IdentityClientContext);
invariant(identityContext, 'Identity context should be set'); invariant(identityContext, 'Identity context should be set');
const { identityClient } = identityContext; const { identityClient, getAuthMetadata } = identityContext;
const olmSessionCreator = React.useContext(OlmSessionCreatorContext); const olmSessionCreator = React.useContext(OlmSessionCreatorContext);
invariant(olmSessionCreator, 'Olm session creator should be set'); invariant(olmSessionCreator, 'Olm session creator should be set');
React.useEffect(() => { React.useEffect(() => {
if (!usingCommServicesAccessToken) { if (!usingCommServicesAccessToken) {
return; return;
} }
void (async () => { void (async () => {
try { try {
const keyserverKeys = const keyserverKeys =
await identityClient.getKeyserverKeys(keyserverID); await identityClient.getKeyserverKeys(keyserverID);
// eslint-disable-next-line no-unused-vars
const [notifsSession, contentSession] = await Promise.all([ const [notifsSession, contentSession] = await Promise.all([
olmSessionCreator.notificationsSessionCreator( olmSessionCreator.notificationsSessionCreator(
cookie, cookie,
keyserverKeys.identityKeysBlob.notificationIdentityPublicKeys, keyserverKeys.identityKeysBlob.notificationIdentityPublicKeys,
keyserverKeys.notifInitializationInfo, keyserverKeys.notifInitializationInfo,
keyserverID, keyserverID,
), ),
olmSessionCreator.contentSessionCreator( olmSessionCreator.contentSessionCreator(
keyserverKeys.identityKeysBlob.primaryIdentityPublicKeys, keyserverKeys.identityKeysBlob.primaryIdentityPublicKeys,
keyserverKeys.contentInitializationInfo, keyserverKeys.contentInitializationInfo,
), ),
]); ]);
const { userID, deviceID } = await getAuthMetadata();
invariant(userID, 'userID should be set');
invariant(deviceID, 'deviceID should be set');
const deviceTokenUpdateInput = deviceToken
? { [keyserverID]: { deviceToken } }
: {};
await dispatchActionPromise(
keyserverAuthActionTypes,
keyserverAuth({
userID,
deviceID,
doNotRegister: false,
calendarQuery,
deviceTokenUpdateInput,
logInActionSource: process.env.BROWSER
? logInActionSources.keyserverAuthFromWeb
: logInActionSources.keyserverAuthFromNative,
keyserverData: {
[keyserverID]: {
initialContentEncryptedMessage: contentSession,
initialNotificationsEncryptedMessage: notifsSession,
},
},
}),
);
} catch (e) { } catch (e) {
console.log( console.log(
`Error getting keys for keyserver with id ${keyserverID}`, `Error while authenticating to keyserver with id ${keyserverID}`,
e, e,
); );
} }
})(); })();
}, [keyserverID, identityClient, olmSessionCreator, cookie]); }, [
keyserverID,
identityClient,
olmSessionCreator,
cookie,
getAuthMetadata,
dispatchActionPromise,
keyserverAuth,
deviceToken,
calendarQuery,
]);
if (keyserverID !== ashoatKeyserverID) { if (keyserverID !== ashoatKeyserverID) {
return null; return null;
} }
return <Socket {...rest} />; return <Socket {...rest} />;
} }
const Handler: React.ComponentType<Props> = React.memo<Props>( const Handler: React.ComponentType<Props> = React.memo<Props>(
KeyserverConnectionHandler, KeyserverConnectionHandler,
); );
export default Handler; export default Handler;