Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Retry failed signed key rotation; start rotation when registered #1772

Merged
merged 1 commit into from
Nov 17, 2017

Conversation

scottnonnenberg
Copy link
Contributor

I've noticed that we're not adequately resilient to questionable situations in our signed key rotation. For example, I saw a log last week where the rotation failed because of network difficulties. Today, in that case, we would wait until the next scheduled key rotation time: a couple days.

With this change, after a failed rotation, we try every five seconds until it succeeds.

In this change we also get a little more precise about when we start up the signed key rotation. It doesn't make sense to do it before the user is registered, and it doesn't make sense to do it in the middle of an import, so we only do it if registration is complete, and import is complete.

Copy link

@breznak breznak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for spotting this!

some dummy questions below...

);

if (e instanceof Error && e.name == 'HTTPError' && e.code >= 400 && e.code <= 599) {
var rejections = 1 + textsecure.storage.get('signedKeyRotationRejected', 0);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this value overflow? If so, is it a risk?
https://stackoverflow.com/questions/19054891/does-javascript-handle-integer-overflow-and-underflow-if-yes-how
the above JS interpreter does handle overflows and rounds to max_value

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In my testing, adding one to Number.MAX_VALUE results in Number.MAX_VALUE. Which is already super-massive. Even if it did return Infinity it still compares properly to 5, which is what we do elsewhere in the codebase. We reset it back to zero whenever we successfully rotate the keys.

getAccountManager().rotateSignedPreKey();
getAccountManager().rotateSignedPreKey().catch(function() {
console.log('rotateSignedPrekey() failed. Trying again in five seconds');
setTimeout(runWhenOnline, 5000);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should the communication be marked as insecure if several prekey rotations fail? Could sb game the system by blocking the rotation?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your prekeys are used by others to start communication with you. If you haven't updated them lately, or failed in doing so, others won't be able to start new conversations at all. No need for warnings, just try our best to make those updates happen whey are supposed to to avoid errors.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll clarify: I've seen errors happen most of the time in that no-rotation case. But in theory sessions can still be created, just with fewer guarantees than a standard session.

@scottnonnenberg scottnonnenberg merged commit fd5fa66 into development Nov 17, 2017
@scottnonnenberg scottnonnenberg deleted the rotate-keys branch November 17, 2017 00:19
scottnonnenberg added a commit that referenced this pull request Nov 23, 2017
Windows 7: Use an alternate mechanism for notifications (#1812)

Retry failed signed key rotation; start rotation when registered (#1772)

Dev:
  - Update to electron-builder 19.29.0; may allow windows shortcut to
    stay deleted on update (#1804)
  - aptly.sh: Instructions for pruning old packages from repo (#1771)
  - Update development branch to include everything up to v1.0.39
    0e328f3
scottnonnenberg added a commit that referenced this pull request Nov 30, 2017
* Retry failed signed key rotation; start rotation when registered (#1772)

* rotateSignedPrekeys: Fix 'res is not defined' error

* If the server rejects key rotation, don't retry immediately

* Force a signed key rotation on launch of any new version
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants