Skip to content

sc: bugfix -- acknowledge prekey bundles when first received

context

symptom:

  • in load test env, we observe that messages to signal users who have never sent a message back to a channel are always interpreted as PREKEY_BUNDLE envelopes rather than CIPHERTEXT envelopes. (in dev env we have observed that messages from such users are also always interpreted as PREKEY_BUNDLEs
  • why we care: our fix for refreshing prekeys in #404 (closed) rests on being able to confidently infer that receipt of a PREKEY_BUNDLE envelopes indicates a completely new session with a user with whom an account has never exchanged messages. (Which would mean it has depleted our store of prekeys by asking for one to start a new session with us, making this a good hook to go check whether we should refresh our prekeys!)

cause

  • in libsignal, SessionCipher#encrypt's call to SessionBuilder.process looks (in native code) for session_state.unacknowledged_pre_key_message_items() when determining whether to encode the data it is about to encrypt as a CiphertextMessage or a PreKeyMesssage
  • this collection is only ever set to empty by #decrypt (which would have received an acknowledgement of a prekey bundle from an interlocutor)
  • however, we are failing to set these collections to empty in most cases, because we don't decrypt envelopes of types other than CIPHERTEXT. notably: we do not decrypt messages of type RECEIPT that are the most likely ways that most interlocutors would signal acknowledgement of a prekey bundle message
    • as such, we never realize that our prekey bundle message has been acknowledged and we never clear the flag

fix

  • this MR begins by re-establishing the 2 enum variants for PREKEY_BUNDLE and CIPHERTEXT (that i had previously collapsed because i did not properly understand the failure behavior in which i only ever saw PREKEY_BUNDLE messages in the load tests and assumed that since they were handled like CIPHERTEXT messages, they must also be CIPHERTEXT messages
  • it then proceeds to reimplement SignalSender#drop to always decrypt all messages so that we will have a chance to observe and react to acknowledgment of prekey bundles from interlocutors at the earliest possible moment (and not waiting for them to send us a message -- which they might never do! -- to do so.)
  • in turn it establishes confidence that we are always correctly sending/receiving PREKEY_BUNDLE envelopes when we should
Edited by aguestuser
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information