These were failing because ByteBuffers from the protobufs need to be converted
to ArrayBuffers. Fixed by useing the existing handler in MessageReceiver to
process verified messages from contact sync messages and dispatch them as their
own events, reducing some complexity on the application side.
// FREEBIE
In some cases, due to promise chaining and error propagation, we were
calling registerError more than once for a given error. This would then
cause the overall callback for the send operation to be called with a
partial set of errors, as well as duplicates.
Note: we do need to find a way to attach identityKey to the
OutgoingIdentityKeyError in the case where it comes directly from the
encrypt() instead of our pre-key operations.
FREEBIE
First construct a null message of random size and contents and send it to the
destination. Then include that same padding in the verification sync.
Note that the sync message is additionally randomly padded like all other sync
messages.
This lets Verified sync messages appear the same as normal sync message traffic.
// FREEBIE
Just log em for debugging. Also update the error messge thrown when we get a
content message with no supported properties. It may be empty or may just have
an unrecognized field.
// FREEBIE
This adds a new method to message sender for sending verification sync messages
and a new event to message receiver representing incoming verification sync
messages. Currently the event handler just logs the message.
// FREEBIE
saveIdentityWithAtttributes allows directly setting all properties of an
identity key record. In AccountManager we use it to save our own identity
key after a new registration.
Previously we would remove the existing key first in order to coerce firstUse to
true, but now we can simply set it explicitly, along with a VERIFIED status.
// FREEBIE
Previously we only expected these errors to occur when decrypting prekey
messages, so we need to add handling for them in the case of a normal message.
// FREEBIE
Multiple cases here:
1. setting our own key on registration
1. changing identities from a safety number change dialog
Note that removeIdentityKey runs before saveIdentity, so we'll always end up
with firstUse: true on our own key.
// FREEBIE
We can use the same padded plaintext across multiple numbers or attempts rather
than re-creating it every time we encrypt to a particular number.
// FREEBIE
This test is out of date with respect to the latest signed key rotation rules
implemented in b92dd45 and 536dd7b. Previously we would only keep the last two
signed keys, but now we keep at least three as well as requiring a minimum
retention period. As a result, this test should be failing, but we haven't
noticed because it's not using the `done` parameter to signal its asynchronous
nature.
// FREEBIE
This was supposed to solve the problem of losing group state after a reinstall
by inspecting member registration ids and pre-emptively sending group updates to
those who appear newly re-registered, but it has been unused since 6123c419.
Nowadays there's a protocol for requesting lost group state from other members.
// FREEBIE
There may come a day when we may need to change this url from the server
side. On that day, clients should continue to operate normally. The
service should be able to change attachment server locations without
requiring a client update.
// FREEBIE
Previously, updateNumbers would throw an Error, so the whole group
update was discarded.
Signal-Android handles this the same way in
GroupMessageProcessor.handleGroupUpdate().
Closes#1056
If a user has no groups, no group sync message is sent. This is a normal
result that should result in a success event rather than a timeout.
// FREEBIE
* libsignal.Curve is now a synchronous interface.
* libsignal.Curve.async is now the asynchronous interface.
* Fixes bugs in session management.
// FREEBIE
The getDeviceObjectsForNumber method returns device objects that contain
nothing but the encodedNumber property. Instead, just deal in deviceIds
until a SignalProtocolAddress is constructed to manage both the number
and deviceId.
// FREEBIE
Now that we simply establish and save a session via SessionBuilder
rather than saving the keys to pass in during encrypt, we can stop
caching them in memory in between the identity key check and the
encryption step.
// FREEBIE
Prevent races between encrypt and decrypt calls, and other read/write
operations on the session store by serializing session io ops per
device.
Possible fix for #535
// FREEBIE
Because remote clients will delete all sessions in response to an end
session message, regardless of which device it came from, when our
linked device sends an end session message, we must also end all
sessions with the destination.
This change moves the end session flag processing to processDecrypted,
which is shared between handlers of sent messages, data messages, and
messages which are re-tried after resolving identity conflicts.
// FREEBIE
Help debug bad session errors by logging some envelope info about the
message we are about to decrypt. With this, if there is a decryption
error (e.g., bad mac or no session) it is clear from the logs what
number and device message sent the bad message.
Also log when we send and receive end session messages and when we close
sessions for certain devices.
// FREEBIE
Previously we would delete our own key from the trust store when
re-linking, in case it changed. We can also immediately take one step
further and store the new key. Typically this happens in the course of
requesting sync info from the master device, except in the case of
standalone clients.
Closes#596
// FREEBIE
Sometimes an error is thrown while processing groups from a group sync
message. We still want to fire the groupsync event when we're done
handling all the data, even if some of it was bad.
Similar in function to an xhr request, a textsecure.SyncRequest object
is initialized from a message sender and receiver pair and initiates a
request for sync from the master device. It later fires a success event
when both contacts and groups are done syncing, or a timeout event after
one minute.
// FREEBIE
We should not ack envelope protobufs that fail to decode correctly. If
the server happens to send us such a thing it probably indicates a
protocol mismatch between it and the client, in which case the client
needs to update and re-receive the failed message.
// FREEBIE
This line was never being hit due to the duplicate one above (#L166).
Peeking at the server code shows that 403 is only given in response to
registration attempts, where it does in fact indicate an invalid code.
// FREEBIE
Fix bug where resending due to failed network connection would fail
silently.
Broken in 7b6820 refactor which changed arguments to transmitMessage
// FREEBIE
Previously, libtextsecure would send a sync message automatically
when appropriate. This fails if any recipient has a key conflict
or if our network connection fails mid-send.
Instead, when appropriate, return a the DataMessage encoded as an array
buffer for later syncing. This lets the application choose when to send
it, which we now do after any successful send to a recipient, rather
than after all recipients are successfully sent to.
Eventually we should move the DataMessage protobuf construction and
group sending logic to the application layer entirely, in which case
we wouldn't need libtextsecure to construct the sync message either.
Fixes#408
Fix bug where re-installing would cause sync messages to fail and
produce unresolvable error indicators on messages that were actually
sent.
// FREEBIE
encryptMessageFor now requires an array buffer instead of a protobuf.
By converting the message to an array buffer outside the Promise.all, we
avoid allocating a new copy for each device.
// FREEBIE
Follow up to b0da4910. When inferring membership of the sender in an
unknown group, remember to save and return the group members.
Generally, this should only effect standalone clients unless someone
managed to clear their groups db table, since linked clients get group
info synced at registration.
// FREEBIE
If you're the last member of the group, it doesn't make sense to send
messages to it. Previously, we would wait forever for a callback,
causing a stuck pending state indicator.
// FREEBIE
When we re-register, our deviceId might change, which makes our sessions
are no longer valid since the recipient will see us as a new device.
Fixes#388
Fix a bad loop scope bug in getKeysForNumber by using forEach.
Refactor the initial process of establishing key material for devices
that do not have open sessions.
// FREEBIE
These functions accept an array buffer and extract an AES and MAC key
from it without verifying it has the appropriate length. Ciphertext
messages are similarly dissected. The slice function does not raise an
error on out of bounds accesses but instead returns an empty or
partially-filled array. Empty or short arrays will be passed through to
the window.crypto.subtle API, where they will raise an error. We should
not rely on the Web Crypto API to validate key lengths or for MAC checks
to fail. Instead, validate the lengths of given parameters before
extracting their components.
// FREEBIE
This may increase processing latency a bit, particularly with large
attachments, but will ensure that messages are dispatched in the order
they are received.
It would be nice to enforce ordering on only the dispatch step, so that
we could, for example, decrypt the next websocket message while waiting
for an attachment to download, but that will require a more complicated
refactor. Will stick with the quick fix for now and revisit later.
Fixes#342
// FREEBIE
Scott Nonnenberg
lilia
haffenloher
Karel Bilek
Matt Corallo
codedust