Skip to content

fix: add error handling in message receive loop (#9)#18

Open
rafabd1 wants to merge 1 commit intomainfrom
fix/issue-9-error-handling-receive-loop
Open

fix: add error handling in message receive loop (#9)#18
rafabd1 wants to merge 1 commit intomainfrom
fix/issue-9-error-handling-receive-loop

Conversation

@rafabd1
Copy link
Owner

@rafabd1 rafabd1 commented Mar 14, 2026

Fix: Add error handling in message receive loop

Closes #9

Problem

When the double ratchet decrypt operation fails (invalid MAC, wrong key, replay, etc.), the error is silently ignored in the receive loop. The loop continues processing subsequent messages despite being in an inconsistent state. This is a critical security and reliability gap because:

  1. Security: Decryption failures could indicate tampering, replay attacks, or ratchet state corruption
  2. Reliability: Continuing after decryption errors means the ratchet state may be desynchronized, causing all future messages to fail
  3. User Experience: Users see messages appearing out of order or missing, with no indication of what went wrong

Solution

Treat decryption errors as fatal session-terminating events:

  1. Immediate session closure: When handle_incoming_message returns an error, the receive loop now:

    • Emits a decryption_error event with a user-visible message
    • Clears the session state
    • Emits session_closed event
    • Breaks out of the receive loop

  2. Enhanced error context:

    • Added debug logging of ratchet counter before decryption attempts
    • Error messages now include the counter value for debugging
    • Users see "Decryption failed: ratchet decrypt failed (counter=42): MAC verification failed" instead of silent failures

  3. Security-first approach:

    • Decryption failures are treated as potential security incidents
    • Session termination prevents further processing in potentially corrupted state
    • Users must re-establish session to continue communication

Security considerations

  • Decryption failures could indicate active attacks (replay, MITM)
  • Terminating session prevents potential exploitation of ratchet state corruption
  • No sensitive information is exposed in error messages (only counter values)

Implementation details

  • Added #[cfg(debug_assertions)] logging for decryption attempts
  • Error messages include ratchet counter for debugging but remain generic enough for users
  • Session cleanup follows the same pattern as close_session command

@rafabd1
fix: add error handling in message receive loop (#9)
661f573 
- Treat decryption errors as fatal - close session immediately on ratchet decrypt failures
- Emit decryption_error event with user-visible error message when decryption fails
- Log decryption attempt context (counter value) in debug builds for troubleshooting
- Improve error messages to include ratchet counter information for debugging
- Close session and emit session_closed event when decryption errors occur

This fixes issue #9 where decryption errors in the receive loop were silently ignored,
allowing the session to continue in an inconsistent state. Now decryption failures
are treated as fatal security events that immediately terminate the session.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Missing error handling in message receive loop

1 participant

@rafabd1