[web] Rotate prekeys with invalid signature
ClosedPublic
Actions

Authored by bartek on Apr 28 2025, 8:51 AM.

Details

Reviewers

kamil
tomek

Commits

Summary

Attempt to resolve ENG-10589 using solution from this comment.
Before uploading prekeys, check if prekey signature is valid and rotate if it's not.

Test Plan

Verified that validation succeeds for valid prekey signatures.
Malformed signature passed to the verification function and confirmed that prekeys are rotated after that.
Checked that refactored olmAPI.verifySignature() still works as expected

Repository

rCOMM Comm

Lint

No Lint Coverage

Unit

No Test Coverage

bartek held this revision as a draft.

bartek edited the test plan for this revision. (Show Details)Apr 28 2025, 8:52 AM

bartek published this revision for review.Apr 28 2025, 10:05 AM

bartek added inline comments.

web/shared-worker/worker/worker-crypto.js
468–471	`base64.decode()` returns a UTF-16 string where some data is encoded with 2-byte long characters, so this additional step is necessary.
1025–1031	Theoretically, we could rotate only the broken prekey, but given they're always rotated at the same time, we should probably rotate both too, to keep their timestamps in sync