From b6935eca5baeddadae2133bc732fd32e76a782cc Mon Sep 17 00:00:00 2001
From: Alex Konradi <akonradi@signal.org>
Date: Wed, 13 Nov 2024 16:33:54 -0500
Subject: [PATCH 01/57] QoL improvements for routes & connectors

---
 rust/net/infra/src/route.rs         | 23 ++++++++++++++++++++---
 rust/net/infra/src/route/connect.rs | 28 ++++++++++++++++++++--------
 rust/net/infra/src/route/proxy.rs   | 18 ++++++++++++++++++
 rust/net/infra/src/route/resolve.rs |  5 +++--
 4 files changed, 61 insertions(+), 13 deletions(-)

diff --git a/rust/net/infra/src/route.rs b/rust/net/infra/src/route.rs
index 817e8fc16..05da968e7 100644
--- a/rust/net/infra/src/route.rs
+++ b/rust/net/infra/src/route.rs
@@ -3,6 +3,7 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 
+use std::net::IpAddr;
 use std::sync::Arc;
 
 mod connect;
@@ -29,6 +30,8 @@ pub use tls::*;
 mod ws;
 pub use ws::*;
 
+use crate::host::Host;
+
 /// Produces routes to a destination.
 ///
 /// A "route" here is a path to a target destination of some kind. It does not
@@ -74,9 +77,23 @@ pub struct SimpleRoute<Fragment, Inner> {
     pub inner: Inner,
 }
 
-pub type HttpsServiceRoute<Addr> =
-    HttpsTlsRoute<TlsRoute<DirectOrProxyRoute<TcpRoute<Addr>, ConnectionProxyRoute<Addr>>>>;
-pub type WebSocketServiceRoute<Addr> = WebSocketRoute<HttpsServiceRoute<Addr>>;
+/// Transport-level route that contains [`UnresolvedHost`] addresses.
+pub type UnresolvedTransportRoute = TlsRoute<
+    DirectOrProxyRoute<TcpRoute<UnresolvedHost>, ConnectionProxyRoute<Host<UnresolvedHost>>>,
+>;
+/// [`HttpsTlsRoute`] that contains [`UnresolvedHost`] addresses.
+pub type UnresolvedHttpsServiceRoute = HttpsTlsRoute<UnresolvedTransportRoute>;
+
+/// [`WebSocketRoute`] that contains [`UnresolvedHost`] addresses.
+pub type UnresolvedWebsocketServiceRoute = WebSocketRoute<HttpsTlsRoute<UnresolvedTransportRoute>>;
+
+/// Transport-level route that contains [`IpAddr`]s.
+pub type TransportRoute =
+    TlsRoute<DirectOrProxyRoute<TcpRoute<IpAddr>, ConnectionProxyRoute<IpAddr>>>;
+/// [`HttpsTlsRoute`] that contains [`IpAddr`]s.
+pub type HttpsServiceRoute = HttpsTlsRoute<TransportRoute>;
+/// [`WebSocketRoute`] that contains [`IpAddr`]s.
+pub type WebSocketServiceRoute = WebSocketRoute<HttpsServiceRoute>;
 
 impl From<Arc<str>> for UnresolvedHost {
     fn from(value: Arc<str>) -> Self {
diff --git a/rust/net/infra/src/route/connect.rs b/rust/net/infra/src/route/connect.rs
index 7dc3bf575..272adb1e8 100644
--- a/rust/net/infra/src/route/connect.rs
+++ b/rust/net/infra/src/route/connect.rs
@@ -15,7 +15,8 @@ use tokio_util::either::Either;
 use crate::errors::TransportConnectError;
 use crate::route::{
     ConnectionProxyRoute, DirectOrProxyRoute, HttpRouteFragment, HttpsTlsRoute, TcpRoute, TlsRoute,
-    TlsRouteFragment, WebSocketRoute, WebSocketRouteFragment, WebSocketServiceRoute,
+    TlsRouteFragment, TransportRoute, WebSocketRoute, WebSocketRouteFragment,
+    WebSocketServiceRoute,
 };
 use crate::ws::WebSocketConnectError;
 
@@ -79,9 +80,9 @@ pub struct ComposedConnector<Outer, Inner, Error> {
     _error: PhantomData<Error>,
 }
 
-/// Stateless connector that connects [`WebSocketServiceRoute<IpAddr>`]s.
+/// Stateless connector that connects [`WebSocketServiceRoute`]s.
 pub type StatelessWebSocketConnector = WebSocketHttpConnector;
-/// Stateless connector that connects [`TlsTransportRoute<IpAddr>`](super::TlsTransportRoute)s.
+/// Stateless connector that connects [`TransportRoute`]s.
 pub type StatelessTransportConnector = TransportConnector;
 
 type TcpConnector = crate::tcp_ssl::StatelessDirect;
@@ -100,11 +101,8 @@ const _: () = {
         DirectProxyConnector,
         DirectOrProxyRoute<TcpRoute<IpAddr>, ConnectionProxyRoute<IpAddr>>,
     >();
-    assert_is_connector::<
-        TransportConnector,
-        TlsRoute<DirectOrProxyRoute<TcpRoute<IpAddr>, ConnectionProxyRoute<IpAddr>>>,
-    >();
-    assert_is_connector::<WebSocketHttpConnector, WebSocketServiceRoute<IpAddr>>();
+    assert_is_connector::<TransportConnector, TransportRoute>();
+    assert_is_connector::<WebSocketHttpConnector, WebSocketServiceRoute>();
 };
 
 impl<O, I, E> ComposedConnector<O, I, E> {
@@ -251,6 +249,20 @@ where
     }
 }
 
+impl<C: Connector<R, Inner>, R, Inner> Connector<R, Inner> for &C {
+    type Connection = C::Connection;
+
+    type Error = C::Error;
+
+    fn connect_over(
+        &self,
+        over: Inner,
+        route: R,
+    ) -> impl Future<Output = Result<Self::Connection, Self::Error>> + Send {
+        (*self).connect_over(over, route)
+    }
+}
+
 impl From<std::io::Error> for WebSocketConnectError {
     fn from(value: std::io::Error) -> Self {
         Self::WebSocketError(value.into())
diff --git a/rust/net/infra/src/route/proxy.rs b/rust/net/infra/src/route/proxy.rs
index c0c0a9295..224d07d14 100644
--- a/rust/net/infra/src/route/proxy.rs
+++ b/rust/net/infra/src/route/proxy.rs
@@ -47,6 +47,9 @@ pub enum DirectOrProxyRoute<D, P> {
     Proxy(P),
 }
 
+/// [`RouteProvider`] implementation that returns [`DirectOrProxyRoute`]s.
+///
+/// Constructs routes that either connect directly or through a proxy.
 #[derive(Clone, Debug, PartialEq)]
 pub enum DirectOrProxyProvider<D, P> {
     Direct(D),
@@ -77,6 +80,21 @@ pub struct ConnectionProxyRouteProvider<P> {
     pub(crate) inner: P,
 }
 
+impl<D> DirectOrProxyProvider<D, ConnectionProxyRouteProvider<D>> {
+    /// Convenience constructor for a provider that creates proxied routes if a
+    /// config is provided.
+    ///
+    /// Returns `Self::Direct(direct)` if no proxy config is given, otherwise
+    /// `Self::Proxy` with a `ConnectionProxyRouteProvider` wrapped around
+    /// `direct`.
+    pub fn maybe_proxied(direct: D, proxy_config: Option<ConnectionProxyConfig>) -> Self {
+        match proxy_config {
+            Some(proxy) => Self::Proxy(ConnectionProxyRouteProvider::new(proxy, direct)),
+            None => Self::Direct(direct),
+        }
+    }
+}
+
 impl<P> ConnectionProxyRouteProvider<P> {
     pub fn new(proxy: ConnectionProxyConfig, inner: P) -> Self {
         Self { proxy, inner }
diff --git a/rust/net/infra/src/route/resolve.rs b/rust/net/infra/src/route/resolve.rs
index 2511ab3c1..1b676e5d6 100644
--- a/rust/net/infra/src/route/resolve.rs
+++ b/rust/net/infra/src/route/resolve.rs
@@ -374,7 +374,8 @@ mod test {
     use crate::certs::RootCertificates;
     use crate::host::Host;
     use crate::route::{
-        DirectOrProxyRoute, HttpRouteFragment, HttpsServiceRoute, SocksRoute, TlsRouteFragment,
+        DirectOrProxyRoute, HttpRouteFragment, SocksRoute, TlsRouteFragment,
+        UnresolvedHttpsServiceRoute,
     };
     use crate::tcp_ssl::proxy::socks;
     use crate::DnsSource;
@@ -611,7 +612,7 @@ mod test {
             })
         }
 
-        let unresolved_route: HttpsServiceRoute<_> = HttpsTlsRoute {
+        let unresolved_route: UnresolvedHttpsServiceRoute = HttpsTlsRoute {
             inner: TlsRoute {
                 inner: DirectOrProxyRoute::Proxy(socks_route(
                     Host::Domain(UnresolvedHost("proxy-domain".into())),

From f062dd5246b7f1f72ac7ff534bf4445956681681 Mon Sep 17 00:00:00 2001
From: Alex Konradi <akonradi@signal.org>
Date: Thu, 14 Nov 2024 13:37:52 -0500
Subject: [PATCH 02/57] Bump dep to subtle v2.6

---
 Cargo.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Cargo.toml b/Cargo.toml
index 86d8000ba..885fef601 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -141,7 +141,7 @@ sha2 = "0.10"
 snow = { version = "0.9.6", default-features = false, features = ["hfs"] }
 static_assertions = "1.1"
 strum = "0.26"
-subtle = "2.5"
+subtle = "2.6"
 syn = "2.0"
 syn-mid = "0.6"
 test-case = "3.3"

From a1da0bdd8c3f3b18435cfee16368eb7b1ca2b241 Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Wed, 13 Nov 2024 19:12:36 -0800
Subject: [PATCH 03/57] backup: Use a hash map optimized for u64

Most of our map lookups are based on IDs represented as integers;
using a full hash function for this is overkill. The intmap crate
hashes integers with a single (wrapping) multiplication instead. We do
a *lot* of validation of recipients, so this is a noticeable if modest
speedup.
---
 Cargo.lock                                    |  7 ++
 acknowledgments/acknowledgments.html          | 16 ++++-
 acknowledgments/acknowledgments.md            | 12 ++++
 acknowledgments/acknowledgments.plist         | 16 +++++
 rust/message-backup/Cargo.toml                |  1 +
 rust/message-backup/src/backup.rs             | 30 ++++----
 rust/message-backup/src/backup/chat.rs        |  1 -
 .../src/backup/chat/reactions.rs              | 11 +--
 rust/message-backup/src/backup/frame.rs       |  7 ++
 rust/message-backup/src/backup/map.rs         | 72 +++++++++++++++++++
 rust/message-backup/src/backup/method.rs      |  5 ++
 11 files changed, 158 insertions(+), 20 deletions(-)
 create mode 100644 rust/message-backup/src/backup/map.rs

diff --git a/Cargo.lock b/Cargo.lock
index b1c102804..20e882cf8 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1837,6 +1837,12 @@ dependencies = [
  "generic-array",
 ]
 
+[[package]]
+name = "intmap"
+version = "2.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ee87fd093563344074bacf24faa0bb0227fb6969fb223e922db798516de924d6"
+
 [[package]]
 name = "ipnet"
 version = "2.10.0"
@@ -2267,6 +2273,7 @@ dependencies = [
  "hex-literal",
  "hkdf",
  "hmac",
+ "intmap",
  "itertools 0.13.0",
  "json5",
  "libsignal-account-keys",
diff --git a/acknowledgments/acknowledgments.html b/acknowledgments/acknowledgments.html
index de00089f5..12dc620ad 100644
--- a/acknowledgments/acknowledgments.html
+++ b/acknowledgments/acknowledgments.html
@@ -46,7 +46,7 @@ <h1>Third Party Licenses</h1>
     
         <h2>Overview of licenses:</h2>
         <ul class="licenses-overview">
-            <li><a href="#MIT">MIT License</a> (331)</li>
+            <li><a href="#MIT">MIT License</a> (332)</li>
             <li><a href="#AGPL-3.0">GNU Affero General Public License v3.0</a> (29)</li>
             <li><a href="#Apache-2.0">Apache License 2.0</a> (16)</li>
             <li><a href="#BSD-3-Clause">BSD 3-Clause &quot;New&quot; or &quot;Revised&quot; License</a> (9)</li>
@@ -4162,6 +4162,20 @@ <h4>Used by:</h4>
 IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 DEALINGS IN THE SOFTWARE.
 </pre>
+            </li>
+            <li class="license">
+                <h3 id="MIT">MIT License</h3>
+                <h4>Used by:</h4>
+                <ul class="license-used-by">
+                    <li><a href="https://github.com/JesperAxelsson/rust-intmap">intmap 2.0.0</a></li>
+                </ul>
+                <pre class="license-text">Copyright (c) 2016 Jesper Axelsson
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the &quot;Software&quot;), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED &quot;AS IS&quot;, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.</pre>
             </li>
             <li class="license">
                 <h3 id="MIT">MIT License</h3>
diff --git a/acknowledgments/acknowledgments.md b/acknowledgments/acknowledgments.md
index 1c3bd4d63..2acb72816 100644
--- a/acknowledgments/acknowledgments.md
+++ b/acknowledgments/acknowledgments.md
@@ -3884,6 +3884,18 @@ DEALINGS IN THE SOFTWARE.
 
 ```
 
+## intmap 2.0.0
+
+```
+Copyright (c) 2016 Jesper Axelsson
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+```
+
 ## utf8parse 0.2.2
 
 ```
diff --git a/acknowledgments/acknowledgments.plist b/acknowledgments/acknowledgments.plist
index 89e74902b..e10bdf868 100644
--- a/acknowledgments/acknowledgments.plist
+++ b/acknowledgments/acknowledgments.plist
@@ -4162,6 +4162,22 @@ DEALINGS IN THE SOFTWARE.
 			<key>Type</key>
 			<string>PSGroupSpecifier</string>
 		</dict>
+		<dict>
+			<key>FooterText</key>
+			<string>Copyright (c) 2016 Jesper Axelsson
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the &quot;Software&quot;), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED &quot;AS IS&quot;, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.</string>
+			<key>License</key>
+			<string>MIT License</string>
+			<key>Title</key>
+			<string>intmap 2.0.0</string>
+			<key>Type</key>
+			<string>PSGroupSpecifier</string>
+		</dict>
 		<dict>
 			<key>FooterText</key>
 			<string>Copyright (c) 2016 Joe Wilm
diff --git a/rust/message-backup/Cargo.toml b/rust/message-backup/Cargo.toml
index 4d7b316a9..356a20843 100644
--- a/rust/message-backup/Cargo.toml
+++ b/rust/message-backup/Cargo.toml
@@ -48,6 +48,7 @@ futures = { workspace = true }
 hex = { workspace = true, features = ["serde"] }
 hkdf = { workspace = true }
 hmac = { workspace = true }
+intmap = "2.0.0"
 itertools = { workspace = true }
 log = { workspace = true }
 macro_rules_attribute = "0.2.0"
diff --git a/rust/message-backup/src/backup.rs b/rust/message-backup/src/backup.rs
index 8819fc298..258a46683 100644
--- a/rust/message-backup/src/backup.rs
+++ b/rust/message-backup/src/backup.rs
@@ -17,6 +17,7 @@ use crate::backup::call::{AdHocCall, CallError};
 use crate::backup::chat::chat_style::{CustomChatColor, CustomColorId};
 use crate::backup::chat::{ChatData, ChatError, ChatItemData, ChatItemError, PinOrder};
 use crate::backup::frame::{ChatId, RecipientId};
+use crate::backup::map::IntMap;
 use crate::backup::method::{Lookup, LookupPair, Method, Store, ValidateOnly};
 use crate::backup::recipient::{
     DestinationKind, FullRecipientData, MinimalRecipientData, RecipientError,
@@ -34,6 +35,7 @@ mod call;
 mod chat;
 mod file;
 mod frame;
+mod map;
 pub(crate) mod method;
 mod recipient;
 pub mod serialize;
@@ -84,7 +86,7 @@ pub trait ReferencedTypes {
 pub struct PartialBackup<M: Method + ReferencedTypes> {
     meta: BackupMeta,
     account_data: Option<AccountData<M>>,
-    recipients: HashMap<RecipientId, M::RecipientData>,
+    recipients: IntMap<RecipientId, M::RecipientData>,
     chats: ChatsData<M>,
     ad_hoc_calls: M::List<AdHocCall<M::RecipientReference>>,
     sticker_packs: HashMap<StickerPackId, StickerPack<M>>,
@@ -96,7 +98,7 @@ pub struct PartialBackup<M: Method + ReferencedTypes> {
 pub struct CompletedBackup<M: Method + ReferencedTypes> {
     meta: BackupMeta,
     account_data: AccountData<M>,
-    recipients: HashMap<RecipientId, M::RecipientData>,
+    recipients: IntMap<RecipientId, M::RecipientData>,
     chats: ChatsData<M>,
     ad_hoc_calls: M::List<AdHocCall<M::RecipientReference>>,
     sticker_packs: HashMap<StickerPackId, StickerPack<M>>,
@@ -106,7 +108,7 @@ pub type Backup = CompletedBackup<Store>;
 
 #[derive_where(Debug, Default)]
 struct ChatsData<M: Method + ReferencedTypes> {
-    items: HashMap<ChatId, ChatData<M>>,
+    items: IntMap<ChatId, ChatData<M>>,
     pinned: Vec<(PinOrder, M::RecipientReference)>,
     /// Count of the total number of chat items held across all values in `items`.
     pub chat_items_count: usize,
@@ -394,7 +396,7 @@ impl<M: Method + ReferencedTypes> PartialBackup<M> {
             recipients: Default::default(),
             chats: Default::default(),
             ad_hoc_calls: Default::default(),
-            sticker_packs: HashMap::new(),
+            sticker_packs: Default::default(),
             unusual_timestamp_tracker,
         })
     }
@@ -445,8 +447,8 @@ impl<M: Method + ReferencedTypes> PartialBackup<M> {
         let err_with_id = |e| RecipientFrameError(id, e);
         let recipient = M::try_convert_recipient(recipient, self).map_err(err_with_id)?;
         match self.recipients.entry(id) {
-            hash_map::Entry::Occupied(_) => Err(err_with_id(RecipientError::DuplicateRecipient)),
-            hash_map::Entry::Vacant(v) => {
+            intmap::Entry::Occupied(_) => Err(err_with_id(RecipientError::DuplicateRecipient)),
+            intmap::Entry::Vacant(v) => {
                 let _ = v.insert(recipient);
                 Ok(())
             }
@@ -502,8 +504,8 @@ impl<M: Method + ReferencedTypes> ChatsData<M> {
         } = self;
 
         match items.entry(id) {
-            hash_map::Entry::Occupied(_) => Err(ChatFrameError(id, ChatError::DuplicateId)),
-            hash_map::Entry::Vacant(v) => {
+            intmap::Entry::Occupied(_) => Err(ChatFrameError(id, ChatError::DuplicateId)),
+            intmap::Entry::Vacant(v) => {
                 if let Some(pin) = chat.pinned_order {
                     pinned.push((pin, chat.recipient.clone()));
                 }
@@ -680,6 +682,8 @@ fn uuid_bytes_to_aci(bytes: Vec<u8>) -> Result<Aci, InvalidAci> {
 
 #[cfg(test)]
 mod test {
+    use std::collections::HashMap;
+
     use assert_matches::assert_matches;
     use test_case::{test_case, test_matrix};
 
@@ -826,10 +830,10 @@ mod test {
             .expect("valid completed backup")
             .chats
             .items
-            .into_iter()
-            .map(|(chat_id, items)| {
+            .into_iter_with_raw_keys()
+            .map(|(raw_chat_id, items)| {
                 (
-                    chat_id,
+                    raw_chat_id,
                     items
                         .items
                         .into_iter()
@@ -837,11 +841,11 @@ mod test {
                         .collect(),
                 )
             })
-            .collect::<HashMap<ChatId, Vec<usize>>>();
+            .collect::<HashMap<u64, Vec<usize>>>();
 
         assert_eq!(
             chat_order_indices,
-            HashMap::from([(ChatId(1), vec![0, 2, 4]), (ChatId(2), vec![1, 3, 5])])
+            HashMap::from([(1, vec![0, 2, 4]), (2, vec![1, 3, 5])])
         );
     }
 }
diff --git a/rust/message-backup/src/backup/chat.rs b/rust/message-backup/src/backup/chat.rs
index d0ad85b97..a7503d14f 100644
--- a/rust/message-backup/src/backup/chat.rs
+++ b/rust/message-backup/src/backup/chat.rs
@@ -9,7 +9,6 @@
 #![allow(clippy::manual_non_exhaustive)]
 
 use std::fmt::Debug;
-use std::hash::Hash;
 use std::num::NonZeroU32;
 
 use derive_where::derive_where;
diff --git a/rust/message-backup/src/backup/chat/reactions.rs b/rust/message-backup/src/backup/chat/reactions.rs
index 4889dbe44..d39259165 100644
--- a/rust/message-backup/src/backup/chat/reactions.rs
+++ b/rust/message-backup/src/backup/chat/reactions.rs
@@ -3,11 +3,11 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 
-use std::collections::HashMap;
-
+use derive_where::derive_where;
 use itertools::Itertools;
 
 use crate::backup::frame::RecipientId;
+use crate::backup::map::IntMap;
 use crate::backup::method::LookupPair;
 use crate::backup::recipient::DestinationKind;
 use crate::backup::serialize::SerializeOrder;
@@ -92,8 +92,9 @@ impl<R: Clone, C: LookupPair<RecipientId, DestinationKind, R> + ReportUnusualTim
 }
 
 #[derive(Debug)]
+#[derive_where(Default)]
 pub struct ReactionSet<Recipient> {
-    reactions: HashMap<RecipientId, Reaction<Recipient>>,
+    reactions: IntMap<RecipientId, Reaction<Recipient>>,
 }
 
 impl<R: Clone, C: LookupPair<RecipientId, DestinationKind, R> + ReportUnusualTimestamp>
@@ -102,7 +103,7 @@ impl<R: Clone, C: LookupPair<RecipientId, DestinationKind, R> + ReportUnusualTim
     type Error = ReactionError;
 
     fn try_from_with(items: Vec<proto::Reaction>, context: &C) -> Result<Self, Self::Error> {
-        let mut reactions = HashMap::with_capacity(items.len());
+        let mut reactions = IntMap::with_capacity(items.len());
 
         for item in items {
             let author_id = RecipientId(item.authorId);
@@ -135,7 +136,7 @@ where
 impl<R> FromIterator<(RecipientId, Reaction<R>)> for ReactionSet<R> {
     fn from_iter<T: IntoIterator<Item = (RecipientId, Reaction<R>)>>(iter: T) -> Self {
         Self {
-            reactions: HashMap::from_iter(iter),
+            reactions: IntMap::from_iter(iter),
         }
     }
 }
diff --git a/rust/message-backup/src/backup/frame.rs b/rust/message-backup/src/backup/frame.rs
index 0188bafc8..bc0012625 100644
--- a/rust/message-backup/src/backup/frame.rs
+++ b/rust/message-backup/src/backup/frame.rs
@@ -3,6 +3,7 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 
+use crate::backup::map::IntKey;
 use crate::backup::WithId;
 use crate::proto::backup::{Chat, Recipient};
 
@@ -22,6 +23,12 @@ macro_rules! impl_with_id {
                 $id(self.$id_field)
             }
         }
+
+        impl IntKey for $id {
+            fn int_key(&self) -> u64 {
+                self.0
+            }
+        }
     };
 }
 
diff --git a/rust/message-backup/src/backup/map.rs b/rust/message-backup/src/backup/map.rs
new file mode 100644
index 000000000..e1ae53e99
--- /dev/null
+++ b/rust/message-backup/src/backup/map.rs
@@ -0,0 +1,72 @@
+//
+// Copyright (C) 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+
+use std::marker::PhantomData;
+
+use derive_where::derive_where;
+
+/// A wrapper around [`intmap::IntMap`] that preserves type-safety for keys.
+///
+/// All methods forward to the underlying map unless otherwise specified.
+#[derive(Debug)]
+#[derive_where(Default)]
+pub struct IntMap<K, V> {
+    inner: intmap::IntMap<V>,
+    _keys: PhantomData<K>,
+}
+
+/// Helper for [`IntMap`] to get a numeric key from an arbitrary type.
+pub trait IntKey {
+    fn int_key(&self) -> u64;
+}
+
+impl<K: IntKey, V> IntMap<K, V> {
+    pub fn with_capacity(capacity: usize) -> Self {
+        Self {
+            inner: intmap::IntMap::with_capacity(capacity),
+            _keys: PhantomData,
+        }
+    }
+
+    pub fn get(&self, key: &K) -> Option<&V> {
+        self.inner.get(key.int_key())
+    }
+
+    pub fn get_mut(&mut self, key: &K) -> Option<&mut V> {
+        self.inner.get_mut(key.int_key())
+    }
+
+    pub fn insert(&mut self, key: K, value: V) -> Option<V> {
+        self.inner.insert(key.int_key(), value)
+    }
+
+    pub fn entry(&mut self, key: K) -> intmap::Entry<'_, V> {
+        self.inner.entry(key.int_key())
+    }
+
+    pub fn values(&self) -> impl Iterator<Item = &'_ V> {
+        self.inner.values()
+    }
+
+    pub fn into_values(self) -> impl Iterator<Item = V> {
+        self.inner.into_iter().map(|(_k, v)| v)
+    }
+
+    /// Like `into_iter`, but [`IntKey`] doesn't provide a way to map the keys back to the original
+    /// type.
+    #[cfg(test)]
+    pub fn into_iter_with_raw_keys(self) -> impl Iterator<Item = (u64, V)> {
+        self.inner.into_iter()
+    }
+}
+
+impl<K: IntKey, V> FromIterator<(K, V)> for IntMap<K, V> {
+    fn from_iter<T: IntoIterator<Item = (K, V)>>(iter: T) -> Self {
+        Self {
+            inner: iter.into_iter().map(|(k, v)| (k.int_key(), v)).collect(),
+            _keys: PhantomData,
+        }
+    }
+}
diff --git a/rust/message-backup/src/backup/method.rs b/rust/message-backup/src/backup/method.rs
index 7f78bf848..7e9d5b2a9 100644
--- a/rust/message-backup/src/backup/method.rs
+++ b/rust/message-backup/src/backup/method.rs
@@ -1,3 +1,8 @@
+//
+// Copyright (C) 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+
 use std::borrow::Borrow;
 use std::collections::HashMap;
 use std::fmt::Debug;

From e1a46cc696ef771bdd5a312adb7b8686fb5183e3 Mon Sep 17 00:00:00 2001
From: moiseev-signal <122060238+moiseev-signal@users.noreply.github.com>
Date: Fri, 15 Nov 2024 11:44:06 -0800
Subject: [PATCH 04/57] keytrans: Update proto definitions

---
 rust/keytrans/benches/verify.rs     |   6 +-
 rust/keytrans/build.rs              |  12 +-
 rust/keytrans/src/lib.rs            |  24 ++--
 rust/keytrans/src/prefix.rs         |   2 +-
 rust/keytrans/src/proto.rs          |   8 ++
 rust/keytrans/src/proto/chat.proto  |  55 ++++++++
 rust/keytrans/src/proto/store.proto |  22 +++
 rust/keytrans/src/proto/wire.proto  | 145 +++++++++++++++++++
 rust/keytrans/src/verify.rs         |  53 +++----
 rust/keytrans/src/wire.proto        | 209 ----------------------------
 rust/keytrans/src/wire.rs           |   3 -
 rust/net/src/keytrans.rs            |  16 +--
 12 files changed, 281 insertions(+), 274 deletions(-)
 create mode 100644 rust/keytrans/src/proto.rs
 create mode 100644 rust/keytrans/src/proto/chat.proto
 create mode 100644 rust/keytrans/src/proto/store.proto
 create mode 100644 rust/keytrans/src/proto/wire.proto
 delete mode 100644 rust/keytrans/src/wire.proto
 delete mode 100644 rust/keytrans/src/wire.rs

diff --git a/rust/keytrans/benches/verify.rs b/rust/keytrans/benches/verify.rs
index 5cf5fa5d4..af943e8be 100644
--- a/rust/keytrans/benches/verify.rs
+++ b/rust/keytrans/benches/verify.rs
@@ -8,8 +8,8 @@ use std::time::{Duration, SystemTime};
 use criterion::{criterion_group, criterion_main, Criterion};
 use hex_literal::hex;
 use libsignal_keytrans::{
-    DeploymentMode, KeyTransparency, PublicConfig, SearchContext, SearchResponse,
-    SlimSearchRequest, VerifyingKey, VrfPublicKey,
+    DeploymentMode, KeyTransparency, PublicConfig, SearchContext, SlimSearchRequest,
+    TreeSearchResponse, VerifyingKey, VrfPublicKey,
 };
 use prost::Message as _;
 
@@ -33,7 +33,7 @@ fn bench_verify_search(c: &mut Criterion) {
     };
     let response = {
         let bytes = include_bytes!("../res/kt-search-response.dat");
-        SearchResponse::decode(bytes.as_slice()).unwrap()
+        TreeSearchResponse::decode(bytes.as_slice()).unwrap()
     };
     let valid_at = SystemTime::UNIX_EPOCH + Duration::from_secs(1724279958);
     let kt = KeyTransparency {
diff --git a/rust/keytrans/build.rs b/rust/keytrans/build.rs
index 30cd21173..760974473 100644
--- a/rust/keytrans/build.rs
+++ b/rust/keytrans/build.rs
@@ -1,9 +1,17 @@
+//
+// Copyright 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
 fn main() {
-    let protos = ["src/wire.proto"];
+    let protos = [
+        "src/proto/wire.proto",
+        "src/proto/store.proto",
+        "src/proto/chat.proto",
+    ];
     let mut prost_build = prost_build::Config::new();
     prost_build.protoc_arg("--experimental_allow_proto3_optional");
     prost_build
-        .compile_protos(&protos, &["src"])
+        .compile_protos(&protos, &["src/proto"])
         .expect("Protobufs in src are valid");
     for proto in &protos {
         println!("cargo:rerun-if-changed={}", proto);
diff --git a/rust/keytrans/src/lib.rs b/rust/keytrans/src/lib.rs
index e34e95092..8802439a2 100644
--- a/rust/keytrans/src/lib.rs
+++ b/rust/keytrans/src/lib.rs
@@ -11,24 +11,24 @@ mod implicit;
 mod left_balanced;
 mod log;
 mod prefix;
+mod proto;
 mod verify;
 mod vrf;
-mod wire;
 
 use std::collections::HashMap;
 use std::time::SystemTime;
 
 pub use ed25519_dalek::VerifyingKey;
+pub use proto::{
+    CondensedTreeSearchResponse, DistinguishedResponse as ChatDistinguishedResponse, FullTreeHead,
+    MonitorRequest, MonitorResponse, SearchResponse as ChatSearchResponse, StoredMonitoringData,
+    StoredTreeHead, TreeHead, TreeSearchRequest, TreeSearchResponse, UpdateRequest, UpdateResponse,
+};
 pub use verify::Error;
 use verify::{
     truncate_search_response, verify_distinguished, verify_monitor, verify_search, verify_update,
 };
 pub use vrf::PublicKey as VrfPublicKey;
-pub use wire::{
-    ChatDistinguishedResponse, ChatSearchResponse, CondensedTreeSearchResponse, FullTreeHead,
-    MonitorRequest, MonitorResponse, SearchRequest, SearchResponse, StoredMonitoringData,
-    StoredTreeHead, TreeHead, UpdateRequest, UpdateResponse,
-};
 
 /// DeploymentMode specifies the way that a transparency log is deployed.
 #[derive(PartialEq, Clone, Copy)]
@@ -145,9 +145,9 @@ impl SlimSearchRequest {
     }
 }
 
-impl From<SearchRequest> for SlimSearchRequest {
-    fn from(request: SearchRequest) -> Self {
-        let SearchRequest {
+impl From<TreeSearchRequest> for SlimSearchRequest {
+    fn from(request: TreeSearchRequest) -> Self {
+        let TreeSearchRequest {
             search_key,
             version,
             ..
@@ -172,7 +172,7 @@ impl KeyTransparency {
     pub fn verify_search(
         &self,
         request: SlimSearchRequest,
-        response: SearchResponse,
+        response: TreeSearchResponse,
         context: SearchContext,
         force_monitor: bool,
         now: SystemTime,
@@ -210,8 +210,8 @@ impl KeyTransparency {
     /// Most validation is skipped so the SearchResponse MUST already be verified.
     pub fn truncate_search_response(
         &self,
-        request: &SearchRequest,
-        response: &SearchResponse,
+        request: &TreeSearchRequest,
+        response: &TreeSearchResponse,
     ) -> Result<(u64, [u8; 32]), verify::Error> {
         truncate_search_response(&self.config, request, response)
     }
diff --git a/rust/keytrans/src/prefix.rs b/rust/keytrans/src/prefix.rs
index 65efb6014..e2b99ba98 100644
--- a/rust/keytrans/src/prefix.rs
+++ b/rust/keytrans/src/prefix.rs
@@ -7,7 +7,7 @@ use std::result::Result;
 
 use sha2::{Digest as _, Sha256};
 
-use crate::wire::PrefixProof as SearchResult;
+use crate::proto::PrefixProof as SearchResult;
 
 const KEY_LENGTH: usize = 32;
 
diff --git a/rust/keytrans/src/proto.rs b/rust/keytrans/src/proto.rs
new file mode 100644
index 000000000..ed226a040
--- /dev/null
+++ b/rust/keytrans/src/proto.rs
@@ -0,0 +1,8 @@
+//
+// Copyright 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+#![allow(clippy::derive_partial_eq_without_eq)]
+
+// Both proto files in the proto folder specify the same package name, so they end up in the same .rs file.
+include!(concat!(env!("OUT_DIR"), "/signal.keytrans.rs"));
diff --git a/rust/keytrans/src/proto/chat.proto b/rust/keytrans/src/proto/chat.proto
new file mode 100644
index 000000000..d50336054
--- /dev/null
+++ b/rust/keytrans/src/proto/chat.proto
@@ -0,0 +1,55 @@
+//
+// Copyright 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+syntax = "proto3";
+package signal.keytrans;
+
+import "wire.proto";
+
+/**
+ * ChatSearchResponse contains search proofs for each of the requested identifiers.
+ * Callers should use the top-level `FullTreeHead` for verification;
+ * the `FullTreeHead` field on the individual `SearchResponse`s will be empty.
+ */
+// This message is not used in the crate, but is simply reexported for convenience.
+message SearchResponse {
+  /**
+   * A signed representation of the log tree's current state along with some
+   * additional information necessary for validation such as a consistency proof and an auditor-signed tree head.
+   */
+  FullTreeHead tree_head = 1;
+  /**
+   * The ACI search response is always provided.
+   */
+  CondensedTreeSearchResponse aci = 2;
+  /**
+   * This response is only provided if all of the conditions are met:
+   * - the E164 exists in the log
+   * - its mapped ACI matches the one provided in the request
+   * - the account associated with the ACI is discoverable
+   * - the unidentified access key provided in E164SearchRequest matches the one on the account
+   */
+  optional CondensedTreeSearchResponse e164 = 3;
+  /**
+   * This response is only provided if the username hash exists in the log and
+   * its mapped ACI matches the one provided in the request.
+   */
+  optional CondensedTreeSearchResponse username_hash = 4;
+}
+
+/**
+ * DistinguishedResponse contains the tree head and search proof for the most
+ * recent `distinguished` key in the log.
+ */
+message DistinguishedResponse {
+  /**
+   * A signed representation of the log tree's current state along with some
+   * additional information necessary for validation such as a consistency proof and an auditor-signed tree head.
+   */
+  FullTreeHead tree_head = 1;
+  /**
+   * This search response is always provided.
+   */
+  CondensedTreeSearchResponse distinguished = 2;
+}
diff --git a/rust/keytrans/src/proto/store.proto b/rust/keytrans/src/proto/store.proto
new file mode 100644
index 000000000..6ae3b1802
--- /dev/null
+++ b/rust/keytrans/src/proto/store.proto
@@ -0,0 +1,22 @@
+//
+// Copyright 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+syntax = "proto3";
+package signal.keytrans;
+
+import "wire.proto";
+
+// StoredTreeHead is an encoded tree head stored on-disk.
+message StoredTreeHead {
+  TreeHead tree_head = 1;
+  bytes root = 2;
+}
+
+// StoredMonitoringData is encoded monitoring data stored on-disk.
+message StoredMonitoringData {
+  bytes index = 1;
+  uint64 pos = 2;
+  map<uint64, uint32> ptrs = 3;
+  bool owned = 4;
+}
diff --git a/rust/keytrans/src/proto/wire.proto b/rust/keytrans/src/proto/wire.proto
new file mode 100644
index 000000000..2c64a50ca
--- /dev/null
+++ b/rust/keytrans/src/proto/wire.proto
@@ -0,0 +1,145 @@
+//
+// Copyright 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+syntax = "proto3";
+package signal.keytrans;
+
+message PrefixProof {
+  repeated bytes proof = 1;
+  uint32 counter = 2;
+}
+
+// TreeHead contains the operator's signature on the most recent version of the
+// log.
+message TreeHead {
+  uint64 tree_size = 1;
+  int64 timestamp = 2;
+  bytes signature = 3;
+}
+
+// AuditorTreeHead is provided to end-users when third-party auditing is used,
+// as evidence that the log is behaving honestly.
+message AuditorTreeHead {
+  TreeHead tree_head = 1;
+  optional bytes root_value = 2;
+  repeated bytes consistency = 3;
+}
+
+// FullTreeHead wraps a basic TreeHead with additional information that may be
+// needed for validation.
+message FullTreeHead {
+  TreeHead tree_head = 1;
+  repeated bytes last = 2;
+  repeated bytes distinguished = 3;
+  optional AuditorTreeHead auditor_tree_head = 4;
+}
+
+// ProofStep is the output of one step of a binary search through the log.
+message ProofStep {
+  PrefixProof prefix = 1;
+  bytes commitment = 2;
+}
+
+// SearchProof contains the output of a binary search through the log.
+message SearchProof {
+  uint64 pos = 1;
+  repeated ProofStep steps = 2;
+  repeated bytes inclusion = 3;
+}
+
+// UpdateValue wraps the new value for a key with an optional signature from the
+// service provider.
+message UpdateValue {
+  // optional bytes signature = 1; TODO
+  bytes value = 2;
+}
+
+// Consistency specifies the parameters of the consistency proof(s) that should
+// be returned.
+message Consistency {
+  optional uint64 last = 1;
+  optional uint64 distinguished = 2;
+}
+
+// TreeSearchRequest comes from a user that wishes to lookup a key.
+message TreeSearchRequest {
+  bytes search_key = 1;
+  optional uint32 version = 2;
+  Consistency consistency = 3;
+}
+
+// TreeSearchResponse is the output of executing a search on the tree.
+message TreeSearchResponse {
+  FullTreeHead tree_head = 1;
+  bytes vrf_proof = 2;
+  SearchProof search = 3;
+
+  bytes opening = 4;
+  UpdateValue value = 5;
+}
+
+message CondensedTreeSearchResponse {
+  /**
+   * A proof that is combined with the original requested identifier and the VRF public key
+   * and outputs whether the proof is valid, and if so, the commitment index.
+   */
+  bytes vrf_proof = 1;
+  /**
+   * A proof that the binary search for the given identifier was done correctly.
+   */
+  SearchProof search = 2;
+  /**
+   * A 32-byte value computed based on the log position of the identifier
+   * and a random 32 byte key that is only known by the key transparency service.
+   * It is provided so that clients can recompute and verify the commitment.
+   */
+  bytes opening = 3;
+  /**
+   * The new or updated value that the identifier maps to.
+   */
+  UpdateValue value = 4;
+}
+
+// UpdateRequest comes from a user that wishes to update a key.
+message UpdateRequest {
+  bytes search_key = 1;
+  bytes value = 2;
+  Consistency consistency = 3;
+}
+
+// UpdateResponse is the output of executing an update on the tree.
+message UpdateResponse {
+  FullTreeHead tree_head = 1;
+  bytes vrf_proof = 2;
+  SearchProof search = 3;
+
+  bytes opening = 4;
+  // optional bytes signature = 5; TODO
+}
+
+// MonitorKey is a single key that the user would like to monitor.
+message MonitorKey {
+  bytes search_key = 1;
+  repeated uint64 entries = 2;
+  // the commitment index for the search key
+  bytes commitment_index = 3;
+}
+
+// MonitorRequest comes from a user that wishes to monitor a set of keys.
+message MonitorRequest {
+  repeated MonitorKey keys = 1;
+  Consistency consistency = 2;
+}
+
+// MonitorProof proves that a single key has been correctly managed in the log.
+message MonitorProof {
+  repeated ProofStep steps = 1;
+}
+
+// MonitorResponse is the output of a monitoring operation.
+message MonitorResponse {
+  FullTreeHead tree_head = 1;
+  repeated MonitorProof proofs = 2;
+  repeated bytes inclusion = 4;
+}
diff --git a/rust/keytrans/src/verify.rs b/rust/keytrans/src/verify.rs
index ffd1a9fb0..715446d42 100644
--- a/rust/keytrans/src/verify.rs
+++ b/rust/keytrans/src/verify.rs
@@ -13,7 +13,7 @@ use crate::guide::{InvalidState, ProofGuide};
 use crate::implicit::{full_monitoring_path, monitoring_path};
 use crate::log::{evaluate_batch_proof, truncate_batch_proof, verify_consistency_proof};
 use crate::prefix::{evaluate as evaluate_prefix, MalformedProof};
-use crate::wire::*;
+use crate::proto::*;
 use crate::{
     guide, log, vrf, DeploymentMode, LastTreeHead, LocalStateUpdate, MonitorContext,
     MonitoringData, PublicConfig, SearchContext, SlimSearchRequest,
@@ -366,7 +366,7 @@ fn evaluate_vrf_proof(
 fn verify_search_internal(
     config: &PublicConfig,
     req: SlimSearchRequest,
-    res: SearchResponse,
+    res: TreeSearchResponse,
     context: SearchContext,
     monitor: bool,
     now: SystemTime,
@@ -376,7 +376,7 @@ fn verify_search_internal(
         search_key,
         version,
     } = req;
-    let SearchResponse {
+    let TreeSearchResponse {
         tree_head,
         vrf_proof,
         search,
@@ -499,7 +499,7 @@ fn verify_search_internal(
 pub fn verify_search(
     config: &PublicConfig,
     req: SlimSearchRequest,
-    res: SearchResponse,
+    res: TreeSearchResponse,
     context: SearchContext,
     force_monitor: bool,
     now: SystemTime,
@@ -522,7 +522,7 @@ pub fn verify_update(
             search_key: req.search_key.clone(),
             version: None,
         },
-        SearchResponse {
+        TreeSearchResponse {
             tree_head: res.tree_head.clone(),
             vrf_proof: res.vrf_proof.clone(),
             search: res.search.clone(),
@@ -548,14 +548,9 @@ pub fn verify_monitor<'a>(
     now: SystemTime,
 ) -> Result<LocalStateUpdate> {
     // Verify proof responses are the expected lengths.
-    if req.owned_keys.len() != res.owned_proofs.len() {
+    if req.keys.len() != res.proofs.len() {
         return Err(Error::VerificationFailed(
-            "monitoring response is malformed: wrong number of owned key proofs".to_string(),
-        ));
-    }
-    if req.contact_keys.len() != res.contact_proofs.len() {
-        return Err(Error::VerificationFailed(
-            "monitoring response is malformed: wrong number of contact key proofs".to_string(),
+            "monitoring response is malformed: wrong number of key proofs".to_string(),
         ));
     }
 
@@ -570,10 +565,7 @@ pub fn verify_monitor<'a>(
 
     // Process all the individual MonitorProof structures.
     let mut mpa = MonitorProofAcc::new(tree_size);
-    for (key, proof) in req.owned_keys.iter().zip(res.owned_proofs.iter()) {
-        mpa.process(&data, key, proof)?;
-    }
-    for (key, proof) in req.contact_keys.iter().zip(res.contact_proofs.iter()) {
+    for (key, proof) in req.keys.iter().zip(res.proofs.iter()) {
         mpa.process(&data, key, proof)?;
     }
 
@@ -598,19 +590,11 @@ pub fn verify_monitor<'a>(
     let updated_tree_head =
         verify_full_tree_head(config, full_tree_head, root, last_tree_head, now)?;
 
-    let MonitorRequest {
-        owned_keys,
-        contact_keys,
-        consistency,
-    } = req;
+    let MonitorRequest { keys, consistency } = req;
 
-    let mut data_updates = Vec::with_capacity(owned_keys.len() + contact_keys.len());
+    let mut data_updates = Vec::with_capacity(keys.len());
     // Update monitoring data.
-    for (key, entry) in owned_keys
-        .iter()
-        .chain(contact_keys.iter())
-        .zip(mpa.entries.iter())
-    {
+    for (key, entry) in keys.iter().zip(mpa.entries.iter()) {
         let size = if key.search_key == b"distinguished" {
             // Generally an effort has been made to avoid referencing the
             // "distinguished" key in the core keytrans library, but it
@@ -868,13 +852,13 @@ impl MonitoringDataWrapper {
 }
 
 /// Returns the TreeHead that would've been issued immediately after the value
-/// being searched for in `SearchResponse` was sequenced.
+/// being searched for in `TreeSearchResponse` was sequenced.
 ///
-/// Most validation is skipped so the SearchResponse MUST already be verified.
+/// Most validation is skipped so the TreeSearchResponse MUST already be verified.
 pub fn truncate_search_response(
     config: &PublicConfig,
-    req: &SearchRequest,
-    res: &SearchResponse,
+    req: &TreeSearchRequest,
+    res: &TreeSearchResponse,
 ) -> Result<(u64, [u8; 32])> {
     // NOTE: Update this function in tandem with verify_search_internal.
 
@@ -943,7 +927,6 @@ mod test {
     use test_case::test_case;
 
     use super::*;
-    use crate::wire;
 
     const MAX_AHEAD: Duration = Duration::from_secs(42);
     const MAX_BEHIND: Duration = Duration::from_secs(42);
@@ -995,16 +978,14 @@ mod test {
         ))
         .unwrap();
         let aci = uuid::uuid!("84fd7196-b3fa-4d4d-bbf8-8f1cdf2b7cea");
-        let request = wire::SearchRequest {
+        let request = TreeSearchRequest {
             search_key: [b"a", aci.as_bytes().as_slice()].concat(),
             version: None,
             consistency: None,
-            mapped_value: vec![],
-            unidentified_access_key: None,
         };
         let response = {
             let bytes = include_bytes!("../res/kt-search-response.dat");
-            wire::SearchResponse::decode(bytes.as_slice()).unwrap()
+            TreeSearchResponse::decode(bytes.as_slice()).unwrap()
         };
         let valid_at = SystemTime::UNIX_EPOCH + Duration::from_secs(1724279958);
         let config = PublicConfig {
diff --git a/rust/keytrans/src/wire.proto b/rust/keytrans/src/wire.proto
deleted file mode 100644
index 0e537cfb4..000000000
--- a/rust/keytrans/src/wire.proto
+++ /dev/null
@@ -1,209 +0,0 @@
-syntax = "proto3";
-package signal.keytrans.wire;
-
-message PrefixProof {
-    repeated bytes proof = 1;
-    uint32 counter = 2;
-}
-
-// TreeHead contains the operator's signature on the most recent version of the
-// log.
-message TreeHead {
-    uint64 tree_size = 1;
-    int64 timestamp = 2;
-    bytes signature = 3;
-}
-
-// AuditorTreeHead is provided to end-users when third-party auditing is used,
-// as evidence that the log is behaving honestly.
-message AuditorTreeHead {
-    TreeHead tree_head = 1;
-    optional bytes root_value = 2;
-    repeated bytes consistency = 3;
-}
-
-// FullTreeHead wraps a basic TreeHead with additional information that may be
-// needed for validation.
-message FullTreeHead {
-    TreeHead tree_head = 1;
-    repeated bytes last = 2;
-    repeated bytes distinguished = 3;
-    optional AuditorTreeHead auditor_tree_head = 4;
-}
-
-// ProofStep is the output of one step of a binary search through the log.
-message ProofStep {
-    PrefixProof prefix = 1;
-    bytes commitment = 2;
-}
-
-// SearchProof contains the output of a binary search through the log.
-message SearchProof {
-    uint64 pos = 1;
-    repeated ProofStep steps = 2;
-    repeated bytes inclusion = 3;
-}
-
-// UpdateValue wraps the new value for a key with an optional signature from the
-// service provider.
-message UpdateValue {
-    // optional bytes signature = 1; TODO
-    bytes value = 2;
-}
-
-// Consistency specifies the parameters of the consistency proof(s) that should
-// be returned.
-message Consistency {
-    optional uint64 last = 1;
-    optional uint64 distinguished = 2;
-}
-
-// SearchRequest comes from a user that wishes to lookup a key.
-message SearchRequest {
-    bytes search_key = 1;
-    optional uint32 version = 2;
-    Consistency consistency = 3;
-    // The value that the search key maps to in the transparency log.
-    // This will be ACI if the search key is a phone number or username hash,
-    // and ACI identity key if the search key is an ACI.
-    // If the client is looking up the distinguished key, this field may be empty.
-    bytes mapped_value = 4;
-    optional bytes unidentified_access_key = 5;
-}
-
-// SearchResponse is the output of executing a search on the tree.
-message SearchResponse {
-    FullTreeHead tree_head = 1;
-    bytes vrf_proof = 2;
-    SearchProof search = 3;
-
-    bytes opening = 4;
-    UpdateValue value = 5;
-}
-
-// UpdateRequest comes from a user that wishes to update a key.
-message UpdateRequest {
-    bytes search_key = 1;
-    bytes value = 2;
-    Consistency consistency = 3;
-}
-
-// UpdateResponse is the output of executing an update on the tree.
-message UpdateResponse {
-    FullTreeHead tree_head = 1;
-    bytes vrf_proof = 2;
-    SearchProof search = 3;
-
-    bytes opening = 4;
-    // optional bytes signature = 5; TODO
-}
-
-// MonitorKey is a single key that the user would like to monitor.
-message MonitorKey {
-    bytes search_key = 1;
-    repeated uint64 entries = 2;
-}
-
-// MonitorRequest comes from a user that wishes to monitor a set of keys.
-message MonitorRequest {
-    repeated MonitorKey owned_keys = 1;
-    repeated MonitorKey contact_keys = 2;
-    Consistency consistency = 3;
-}
-
-// MonitorProof proves that a single key has been correctly managed in the log.
-message MonitorProof {
-    repeated ProofStep steps = 1;
-}
-
-// MonitorResponse is the output of a monitoring operation.
-message MonitorResponse {
-    FullTreeHead tree_head = 1;
-    repeated MonitorProof owned_proofs = 2;
-    repeated MonitorProof contact_proofs = 3;
-    repeated bytes inclusion = 4;
-}
-
-
-/**
- * ChatSearchResponse contains search proofs for each of the requested identifiers.
- * Callers should use the top-level `FullTreeHead` for verification;
- * the `FullTreeHead` field on the individual `SearchResponse`s will be empty.
- */
-// This message is not used in the crate, but is simply reexported for convenience.
-message ChatSearchResponse {
-    /**
-     * A signed representation of the log tree's current state along with some
-     * additional information necessary for validation such as a consistency proof and an auditor-signed tree head.
-     */
-    FullTreeHead tree_head = 1;
-    /**
-     * The ACI search response is always provided.
-     */
-    CondensedTreeSearchResponse aci = 2;
-    /**
-     * This response is only provided if all of the conditions are met:
-     * - the E164 exists in the log
-     * - its mapped ACI matches the one provided in the request
-     * - the account associated with the ACI is discoverable
-     * - the unidentified access key provided in E164SearchRequest matches the one on the account
-     */
-    optional CondensedTreeSearchResponse e164 = 3;
-    /**
-     * This response is only provided if the username hash exists in the log and
-     * its mapped ACI matches the one provided in the request.
-     */
-    optional CondensedTreeSearchResponse username_hash = 4;
-}
-
-/**
- * DistinguishedResponse contains the tree head and search proof for the most
- * recent `distinguished` key in the log.
- */
-message ChatDistinguishedResponse {
-  /**
-   * A signed representation of the log tree's current state along with some
-   * additional information necessary for validation such as a consistency proof and an auditor-signed tree head.
-   */
-  FullTreeHead tree_head = 1;
-  /**
-   * This search response is always provided.
-   */
-  CondensedTreeSearchResponse distinguished = 2;
-}
-
-message CondensedTreeSearchResponse {
-  /**
-   * A proof that is combined with the original requested identifier and the VRF public key
-   * and outputs whether the proof is valid, and if so, the commitment index.
-   */
-  bytes vrf_proof = 1;
-  /**
-   * A proof that the binary search for the given identifier was done correctly.
-   */
-  SearchProof search = 2;
-  /**
-   * A 32-byte value computed based on the log position of the identifier
-   * and a random 32 byte key that is only known by the key transparency service.
-   * It is provided so that clients can recompute and verify the commitment.
-   */
-  bytes opening = 3;
-  /**
-   * The new or updated value that the identifier maps to.
-   */
-  UpdateValue value = 4;
-}
-
-// StoredTreeHead is an encoded tree head stored on-disk.
-message StoredTreeHead {
-    TreeHead tree_head = 1;
-    bytes root = 2;
-}
-
-// StoredMonitoringData is encoded monitoring data stored on-disk.
-message StoredMonitoringData {
-    bytes index = 1;
-    uint64 pos = 2;
-    map<uint64, uint32> ptrs = 3;
-    bool owned = 4;
-}
diff --git a/rust/keytrans/src/wire.rs b/rust/keytrans/src/wire.rs
deleted file mode 100644
index 84648d8ad..000000000
--- a/rust/keytrans/src/wire.rs
+++ /dev/null
@@ -1,3 +0,0 @@
-#![allow(clippy::derive_partial_eq_without_eq)]
-
-include!(concat!(env!("OUT_DIR"), "/signal.keytrans.wire.rs"));
diff --git a/rust/net/src/keytrans.rs b/rust/net/src/keytrans.rs
index eae1a309f..4da98fe4b 100644
--- a/rust/net/src/keytrans.rs
+++ b/rust/net/src/keytrans.rs
@@ -16,8 +16,8 @@ use http::uri::PathAndQuery;
 use libsignal_core::{Aci, E164};
 use libsignal_keytrans::{
     ChatDistinguishedResponse, ChatSearchResponse, CondensedTreeSearchResponse, KeyTransparency,
-    LastTreeHead, LocalStateUpdate, MonitoringData, SearchContext, SearchResponse,
-    SlimSearchRequest, StoredMonitoringData, StoredTreeHead, VerifiedSearchResult,
+    LastTreeHead, LocalStateUpdate, MonitoringData, SearchContext, SlimSearchRequest,
+    StoredMonitoringData, StoredTreeHead, TreeSearchResponse, VerifiedSearchResult,
 };
 use libsignal_protocol::{IdentityKey, PublicKey};
 use prost::{DecodeError, Message};
@@ -108,9 +108,9 @@ impl TryFrom<chat::Response> for RawChatSerializedResponse {
 }
 
 struct TypedChatSearchResponse {
-    aci_search_response: SearchResponse,
-    e164_search_response: Option<SearchResponse>,
-    username_hash_search_response: Option<SearchResponse>,
+    aci_search_response: TreeSearchResponse,
+    e164_search_response: Option<TreeSearchResponse>,
+    username_hash_search_response: Option<TreeSearchResponse>,
 }
 
 impl TryFrom<RawChatSerializedResponse> for TypedChatSearchResponse {
@@ -130,14 +130,14 @@ impl TryFrom<RawChatSerializedResponse> for TypedChatSearchResponse {
         // and sends a single tree head in a top-level field.
         // libsignal-keytrans, however, operates on individual responses,
         // therefore to match the two we need to repopulate the tree head value.
-        let prepare_full_response = |condensed: CondensedTreeSearchResponse| -> SearchResponse {
+        let prepare_full_response = |condensed: CondensedTreeSearchResponse| -> TreeSearchResponse {
             let CondensedTreeSearchResponse {
                 vrf_proof,
                 search,
                 opening,
                 value,
             } = condensed;
-            SearchResponse {
+            TreeSearchResponse {
                 tree_head: Some(common_tree_head.clone()),
                 vrf_proof,
                 search,
@@ -473,7 +473,7 @@ impl<'a> Kt<'a> {
             value,
         } = distinguished.ok_or(Error::InvalidResponse("search response must be present"))?;
         // TODO: this should be gone when tree_head is stripped in the next proto update
-        let search_response = SearchResponse {
+        let search_response = TreeSearchResponse {
             tree_head: Some(tree_head),
             vrf_proof,
             search,

From d05021b624eb8ec614c76448aae51379489ebd6c Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Tue, 12 Nov 2024 17:21:49 -0800
Subject: [PATCH 05/57] backup: Pipeline backup processing

Allow the protobuf parsing and validation of frames to happen in
parallel with the reading and splitting *into* frames from a backup
file, particularly an *encrypted* backup file. Pays the fixed cost of
spawning a thread in order to make things better for larger backups.
On a Pixel 2, this provides almost a textbook pipelining speedup of
25-30%. (There are other possible split points in the pipeline, but
this one is the most straightforward.)

Note that there were a lot of finicky choices here; in particular,
using blocking recv() instead of a manual sleep loop barely showed any
improvement at all, mostly because the producer thread was spending
too much time waking up the consumer thread.
---
 rust/message-backup/src/backup/method.rs |   2 +-
 rust/message-backup/src/lib.rs           | 123 +++++++++++++++++++----
 2 files changed, 102 insertions(+), 23 deletions(-)

diff --git a/rust/message-backup/src/backup/method.rs b/rust/message-backup/src/backup/method.rs
index 7e9d5b2a9..c82920f35 100644
--- a/rust/message-backup/src/backup/method.rs
+++ b/rust/message-backup/src/backup/method.rs
@@ -37,7 +37,7 @@ where
 // implement `serde::Serialize`. That's not correct in this case but it's
 // simpler to just roll with it since the no-op implementations can be trivially
 // derived.
-pub trait Method: serde::Serialize {
+pub trait Method: serde::Serialize + 'static {
     type Value<T: Debug + serde::Serialize>: Debug + serde::Serialize;
     type BoxedValue<T: Debug + serde::Serialize>: Debug + serde::Serialize;
     type List<T: Debug>: Extend<T> + Default + Debug;
diff --git a/rust/message-backup/src/lib.rs b/rust/message-backup/src/lib.rs
index 035e5d6e1..48a959ac2 100644
--- a/rust/message-backup/src/lib.rs
+++ b/rust/message-backup/src/lib.rs
@@ -7,6 +7,8 @@
 //!
 //! Contains code to read and validate message backup files.
 
+use std::time::Duration;
+
 use futures::AsyncRead;
 use mediasan_common::AsyncSkip;
 use protobuf::Message as _;
@@ -133,7 +135,10 @@ impl<R: AsyncRead + Unpin + VerifyHmac> BackupReader<R> {
 
     pub async fn collect_all<M: backup::method::Method + backup::ReferencedTypes>(
         self,
-    ) -> ReadResult<backup::PartialBackup<M>> {
+    ) -> ReadResult<backup::PartialBackup<M>>
+    where
+        backup::PartialBackup<M>: Send,
+    {
         let Self {
             reader,
             visitor,
@@ -178,37 +183,111 @@ impl<R: AsyncRead + AsyncSkip + Unpin> BackupReader<frame::FramesReader<R>> {
 async fn read_all_frames<M: backup::method::Method + backup::ReferencedTypes>(
     purpose: Purpose,
     mut reader: VarintDelimitedReader<impl AsyncRead + Unpin + VerifyHmac>,
-    mut visitor: impl FnMut(&dyn std::fmt::Debug),
-    unknown_fields: &mut impl Extend<FoundUnknownField>,
-) -> Result<backup::PartialBackup<M>, Error> {
-    let mut add_found_unknown = |found_unknown: Vec<_>, index| {
-        let iter = found_unknown
-            .into_iter()
-            .map(|(path, value)| FoundUnknownField {
-                frame_index: index,
-                path,
-                value,
-            });
-        unknown_fields.extend(iter);
-    };
+    mut visitor: impl FnMut(&dyn std::fmt::Debug) + Send + 'static,
+    unknown_fields: &mut Vec<FoundUnknownField>,
+) -> Result<backup::PartialBackup<M>, Error>
+where
+    backup::PartialBackup<M>: Send,
+{
+    let add_found_unknown =
+        |unknown_fields: &mut Vec<FoundUnknownField>, found_unknown: Vec<_>, index| {
+            let iter = found_unknown
+                .into_iter()
+                .map(|(path, value)| FoundUnknownField {
+                    frame_index: index,
+                    path,
+                    value,
+                });
+            unknown_fields.extend(iter);
+        };
 
     let first = reader.read_next().await?.ok_or(Error::NoFrames)?;
     let backup_info = proto::backup::BackupInfo::parse_from_bytes(&first)?;
 
     visitor(&backup_info);
-    add_found_unknown(backup_info.collect_unknown_fields(), 0);
+    add_found_unknown(unknown_fields, backup_info.collect_unknown_fields(), 0);
 
     let mut backup = backup::PartialBackup::new(backup_info, purpose)?;
-    let mut frame_index = 1;
 
-    while let Some(frame) = reader.read_next().await? {
-        let frame_proto = proto::backup::Frame::parse_from_bytes(&frame)?;
-        visitor(&frame_proto);
-        add_found_unknown(frame_proto.collect_unknown_fields(), frame_index);
-        frame_index += 1;
+    // From here on we split the work into two separate threads:
+    // - this thread, which reads frames from the reader
+    // - the "frame-processing thread", which parses and validates frames
+    // Processing frames is faster than reading them, so the channel between threads shouldn't fill
+    // up, but just in case there's a bound on the channel for the processing thread to apply
+    // backpressure. Why not split the pipeline more evenly? Above VarintDelimitedReader, we have a
+    // bytestream; only below it do we have data divided into chunks *known* to correspond to units
+    // of work.
+    const FRAMES_IN_FLIGHT: usize = 20;
+    let (frame_tx, frame_rx) = std::sync::mpsc::sync_channel::<Box<[u8]>>(FRAMES_IN_FLIGHT);
+
+    let frame_processing_thread = std::thread::Builder::new()
+        .name("libsignal-backup-processing".to_owned())
+        .spawn(move || {
+            let mut unknown_fields = vec![];
+            let mut frame_index = 1;
+
+            // Continue until all frames have been read from the stream...
+            loop {
+                let frame = loop {
+                    match frame_rx.try_recv() {
+                        Ok(frame) => break frame,
+                        Err(std::sync::mpsc::TryRecvError::Disconnected) => {
+                            // ...as signalled by the sender being dropped.
+                            return Ok::<_, Error>((backup, unknown_fields));
+                        }
+                        Err(std::sync::mpsc::TryRecvError::Empty) => {
+                            // Rather than doing a blocking read, just sleep quickly to let the
+                            // other side catch up. This turns out to be faster than waiting for a
+                            // proper wake from the reader side, at the cost of a bit of CPU.
+                            // Yielding rather than sleeping *does* make the process even faster,
+                            // but there's a possibility of getting in a hot spin loop.
+                            std::thread::sleep(Duration::from_nanos(100));
+                        }
+                    }
+                };
+
+                let frame_proto = proto::backup::Frame::parse_from_bytes(&frame)?;
+                visitor(&frame_proto);
+                add_found_unknown(
+                    &mut unknown_fields,
+                    frame_proto.collect_unknown_fields(),
+                    frame_index,
+                );
+                frame_index += 1;
 
-        backup.add_frame(frame_proto)?
+                backup.add_frame(frame_proto)?;
+            }
+        })
+        .expect("can create threads");
+
+    'outer: while let Some(mut buf) = reader.read_next().await? {
+        // Try to send to the processing thread in a spin-loop.
+        // Normally the processing thread is faster than the reader thread, so this should only spin
+        // a few times before success, which is faster than going to sleep and waiting to be woken.
+        loop {
+            buf = match frame_tx.try_send(buf) {
+                Ok(()) => break,
+                Err(std::sync::mpsc::TrySendError::Disconnected(_)) => {
+                    // If the frame-processing thread ends early, there must have been an error in
+                    // an earlier frame. In that case, no point in continuing to read.
+                    break 'outer;
+                }
+                Err(std::sync::mpsc::TrySendError::Full(buf)) => {
+                    std::thread::yield_now();
+                    buf
+                }
+            }
+        }
     }
+    // Let the frame-processing thread know there's nothing more to read.
+    drop(frame_tx);
+
+    let (backup, inner_unknown_fields) = match frame_processing_thread.join() {
+        Ok(Ok(success)) => success,
+        Ok(Err(validation_error)) => return Err(validation_error),
+        Err(panic) => std::panic::resume_unwind(panic),
+    };
+    unknown_fields.extend(inner_unknown_fields);
 
     // Before reporting success, check that the HMAC still matches. This
     // prevents TOC/TOU issues.

From 7265ca67044427e936c8d7e054e3bbfcc4dcf56b Mon Sep 17 00:00:00 2001
From: Alex Konradi <akonradi@signal.org>
Date: Fri, 15 Nov 2024 15:49:54 -0500
Subject: [PATCH 06/57] Add top-level connection establishment impl

---
 rust/net/examples/cdsi_lookup.rs     | 130 ++++++--
 rust/net/infra/src/route.rs          | 474 ++++++++++++++++++++++++++-
 rust/net/infra/src/route/provider.rs |  24 ++
 rust/net/infra/src/route/resolve.rs  |  94 +++---
 rust/net/infra/src/route/schedule.rs |  60 +---
 rust/net/infra/src/route/ws.rs       |  58 +++-
 rust/net/infra/src/utils.rs          |   4 +-
 rust/net/infra/src/utils/future.rs   |  33 ++
 rust/net/src/cdsi.rs                 |  17 +-
 9 files changed, 760 insertions(+), 134 deletions(-)
 create mode 100644 rust/net/infra/src/route/provider.rs
 create mode 100644 rust/net/infra/src/utils/future.rs

diff --git a/rust/net/examples/cdsi_lookup.rs b/rust/net/examples/cdsi_lookup.rs
index 6a57da4eb..5ab1316a3 100644
--- a/rust/net/examples/cdsi_lookup.rs
+++ b/rust/net/examples/cdsi_lookup.rs
@@ -4,42 +4,71 @@
 //! authentication, then reads phone numbers from stdin until the end of the
 //! file.
 
+use std::ops::ControlFlow;
 use std::time::Duration;
 
+use clap::Parser;
+use http::HeaderName;
 use libsignal_net::auth::Auth;
 use libsignal_net::cdsi::{CdsiConnection, LookupError, LookupRequest, LookupResponse};
-use libsignal_net::enclave::{Cdsi, EnclaveEndpointConnection};
-use libsignal_net::infra::connection_manager::ConnectionManager;
+use libsignal_net::enclave::EnclaveEndpointConnection;
 use libsignal_net::infra::dns::DnsResolver;
-use libsignal_net::infra::tcp_ssl::DirectConnector as TcpSslTransportConnector;
 use libsignal_net::infra::utils::ObservableEvent;
-use libsignal_net::infra::TransportConnector;
+use libsignal_net::infra::AsHttpHeader as _;
+use libsignal_net::ws::WebSocketServiceConnectError;
+use libsignal_net_infra::connection_manager::{ErrorClass, ErrorClassifier};
+use libsignal_net_infra::route::testutils::NoDelay;
+use libsignal_net_infra::route::{ComposedConnector, RouteProviderExt, RouteResolver};
+use libsignal_net_infra::tcp_ssl::DirectConnector;
+use libsignal_net_infra::ws::WebSocketConnectError;
 use tokio::io::AsyncBufReadExt as _;
+use tokio::time::Instant;
 
 async fn cdsi_lookup(
-    auth: Auth,
-    endpoint: &EnclaveEndpointConnection<Cdsi, impl ConnectionManager>,
-    transport_connector: impl TransportConnector,
+    cdsi: CdsiConnection,
     request: LookupRequest,
     timeout: Duration,
 ) -> Result<LookupResponse, LookupError> {
-    let connected = CdsiConnection::connect(endpoint, transport_connector, auth).await?;
     let (_token, remaining_response) = libsignal_net::infra::utils::timeout(
         timeout,
         LookupError::ConnectionTimedOut,
-        connected.send_request(request),
+        cdsi.send_request(request),
     )
     .await?;
 
     remaining_response.collect().await
 }
 
+type StatelessTlsConnector = libsignal_net::infra::tcp_ssl::StatelessDirect;
+type StatelessTcpConnector = libsignal_net::infra::tcp_ssl::StatelessDirect;
+type StatelessConnector = ComposedConnector<
+    libsignal_net::infra::ws::Stateless,
+    ComposedConnector<StatelessTlsConnector, StatelessTcpConnector, WebSocketConnectError>,
+    WebSocketConnectError,
+>;
+
+#[derive(clap::Parser)]
+struct CliArgs {
+    #[arg(long, default_value_t = false)]
+    use_routes: bool,
+    #[arg(long, default_value_t = std::env::var("USERNAME").unwrap())]
+    username: String,
+    #[arg(long, default_value_t = std::env::var("PASSWORD").unwrap())]
+    password: String,
+}
+
 #[tokio::main]
 async fn main() {
     env_logger::init();
 
-    let username = std::env::var("USERNAME").unwrap();
-    let password = std::env::var("PASSWORD").unwrap();
+    let CliArgs {
+        use_routes,
+        username,
+        password,
+    } = CliArgs::parse();
+
+    let auth = Auth { username, password };
+
     let mut new_e164s = vec![];
     let mut lines = tokio::io::BufReader::new(tokio::io::stdin()).lines();
 
@@ -53,21 +82,74 @@ async fn main() {
         return_acis_without_uaks: true,
         ..Default::default()
     };
-    let env = libsignal_net::env::PROD;
+
+    let cdsi_env = libsignal_net::env::PROD.cdsi;
     let network_change_event = ObservableEvent::default();
-    let endpoint_connection =
-        EnclaveEndpointConnection::new(&env.cdsi, Duration::from_secs(10), &network_change_event);
-    let transport_connection =
-        TcpSslTransportConnector::new(DnsResolver::new(&network_change_event));
-    let cdsi_response = cdsi_lookup(
-        Auth { username, password },
-        &endpoint_connection,
-        transport_connection,
-        request,
-        Duration::from_secs(10),
-    )
-    .await
+    let resolver = DnsResolver::new(&network_change_event);
+
+    let connected = if use_routes {
+        let provider = cdsi_env.route_provider().map_routes(|mut route| {
+            route.fragment.headers.extend([auth.as_header()]);
+            route
+        });
+        let delay_policy = NoDelay;
+        let confirmation_header_name = cdsi_env
+            .domain_config
+            .connect
+            .confirmation_header_name
+            .map(HeaderName::from_static);
+
+        // No need to keep the outcomes updates since we're not reusing the
+        // connector.
+        let (result, _updates) = libsignal_net::infra::route::connect(
+            &RouteResolver::default(),
+            &delay_policy,
+            &provider,
+            &resolver,
+            StatelessConnector::default(),
+            |error| {
+                let service_error = WebSocketServiceConnectError::from_websocket_error(
+                    error,
+                    confirmation_header_name.as_ref(),
+                    Instant::now(),
+                );
+
+                match service_error.classify() {
+                    ErrorClass::Intermittent => ControlFlow::Continue(()),
+                    ErrorClass::RetryAt(instant) => ControlFlow::Break(format!(
+                        "retry in {}s",
+                        instant.saturating_duration_since(Instant::now()).as_secs()
+                    )),
+                    ErrorClass::Fatal => ControlFlow::Break(service_error.to_string()),
+                }
+            },
+        )
+        .await;
+
+        CdsiConnection::connect_over(
+            result.unwrap(),
+            &cdsi_env.params,
+            libsignal_net_infra::ws2::Config {
+                local_idle_timeout: Duration::from_secs(10),
+                remote_idle_ping_timeout: Duration::from_secs(10),
+                remote_idle_disconnect_timeout: Duration::from_secs(30),
+            },
+        )
+        .await
+    } else {
+        let endpoint_connection = EnclaveEndpointConnection::new(
+            &cdsi_env,
+            Duration::from_secs(10),
+            &network_change_event,
+        );
+        let transport_connection = DirectConnector::new(DnsResolver::new(&network_change_event));
+        CdsiConnection::connect(&endpoint_connection, transport_connection, auth).await
+    }
     .unwrap();
 
+    let cdsi_response = cdsi_lookup(connected, request, Duration::from_secs(10))
+        .await
+        .unwrap();
+
     println!("{:?}", cdsi_response);
 }
diff --git a/rust/net/infra/src/route.rs b/rust/net/infra/src/route.rs
index 05da968e7..f7ef56cf7 100644
--- a/rust/net/infra/src/route.rs
+++ b/rust/net/infra/src/route.rs
@@ -3,8 +3,19 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 
+use std::hash::Hash;
 use std::net::IpAddr;
+use std::ops::ControlFlow;
 use std::sync::Arc;
+use std::time::Duration;
+
+use futures_util::stream::FuturesUnordered;
+use futures_util::{FutureExt, StreamExt};
+use tokio::time::Instant;
+use tokio_util::either::Either;
+
+use crate::host::Host;
+use crate::utils::future::SomeOrPending;
 
 mod connect;
 pub use connect::*;
@@ -12,6 +23,9 @@ pub use connect::*;
 mod http;
 pub use http::*;
 
+pub mod provider;
+pub use crate::route::provider::RouteProviderExt;
+
 mod proxy;
 pub use proxy::*;
 
@@ -30,7 +44,9 @@ pub use tls::*;
 mod ws;
 pub use ws::*;
 
-use crate::host::Host;
+/// How long to hold back a route that gets resolved before its predecessor
+/// before trying to connect with it anyway.
+const OUT_OF_ORDER_RESOLUTION_DEBOUNCE_TIME: Duration = Duration::from_secs(5);
 
 /// Produces routes to a destination.
 ///
@@ -50,7 +66,7 @@ pub trait RouteProvider {
 }
 
 /// A hostname in a route that can later be resolved to IP addresses.
-#[derive(Clone, Debug, PartialEq)]
+#[derive(Clone, Debug, PartialEq, Eq, Hash)]
 pub struct UnresolvedHost(Arc<str>);
 
 /// Allows replacing part of a route.
@@ -95,26 +111,265 @@ pub type HttpsServiceRoute = HttpsTlsRoute<TransportRoute>;
 /// [`WebSocketRoute`] that contains [`IpAddr`]s.
 pub type WebSocketServiceRoute = WebSocketRoute<HttpsServiceRoute>;
 
+/// Error for [`connect`].
+#[derive(Copy, Clone, Debug, PartialEq, Eq)]
+pub enum ConnectError<E> {
+    /// The route provider did not produce any routes.
+    NoResolvedRoutes,
+    /// All attempts to connect failed, but none fatally.
+    AllAttemptsFailed,
+    /// An attempt to connect failed fatally.
+    FatalConnect(E),
+}
+
+/// Recorded success and failure information from [`connect`].
+///
+/// This should be used to update the internal state of the delay policy after
+/// the connection attempt completes.
+#[must_use]
+#[derive(Debug, PartialEq)]
+pub struct OutcomeUpdates<R> {
+    /// A list of routes for which connection attempts finished, and the
+    /// respective statuses.
+    outcomes: Vec<(R, AttemptOutcome)>,
+    /// The time at which the connect attempt finished.
+    finished_at: Instant,
+}
+
+/// Attempt to connect to routes from the given [`RouteProvider`].
+///
+/// Generates the sequence of routes from the given `RouteProvider` and then
+/// attempts to connect to them. The order in which connetion attempts are made
+/// depends on recorded state from previous connection attempts and the order in
+/// which the unresolved routes get resolved. The first successful connection
+/// attempt is returned, along with a set of updates that should be used to
+/// update the provided `RouteDelayPolicy` implementer.
+///
+/// When a connection attempt fails, the error is passed to the provided
+/// callback to determine whether it is severe enough to fail the entire
+/// connection attempt. An example of such a fatal error would be if the remote
+/// server is reachable but immediately closes the connection with an HTTP 4xx
+/// error.
+///
+/// The `Future` returned by this function resolves when all connection attempts
+/// are exhausted or a one of them produces a fatal error.
+pub async fn connect<R, P, C, FatalError>(
+    route_resolver: &RouteResolver,
+    delay_policy: &impl RouteDelayPolicy<R>,
+    route_provider: P,
+    resolver: &impl Resolver,
+    connector: C,
+    mut on_error: impl FnMut(C::Error) -> ControlFlow<FatalError>,
+) -> (
+    Result<C::Connection, ConnectError<FatalError>>,
+    OutcomeUpdates<R>,
+)
+where
+    R: Clone,
+    C: Connector<R, ()>,
+    P: RouteProvider,
+    P::Route: ResolveHostnames<Resolved = R> + Clone + 'static,
+    R: ResolvedRoute,
+{
+    let ordered_routes = route_provider.routes();
+    let resolver_stream = route_resolver.resolve(ordered_routes, resolver);
+    let schedule = Some(Schedule::new(
+        resolver_stream,
+        delay_policy,
+        OUT_OF_ORDER_RESOLUTION_DEBOUNCE_TIME,
+    ));
+    let mut schedule = std::pin::pin!(schedule);
+
+    let mut sleep_until_start_next_connection = tokio::time::sleep(Duration::ZERO);
+    let mut sleep_until_start_next_connection = std::pin::pin!(sleep_until_start_next_connection);
+
+    // Whether the Schedule should be polled for its next route.
+    let mut poll_schedule_for_next = true;
+    let mut connects_in_progress = FuturesUnordered::new();
+    let mut outcomes = Vec::new();
+
+    #[derive(Debug)]
+    enum Event<C, R> {
+        StartNextConnection,
+        ConnectionAttemptFinished(C),
+        NextRouteAvailable(R),
+    }
+
+    let outcome = loop {
+        // If there's still a Schedule to pull from, poll it for more routes
+        // or sleep until that's supposed to start.
+        let poll_or_wait = schedule.as_mut().as_pin_mut().map(|schedule| {
+            if poll_schedule_for_next {
+                Either::Left(schedule.next().map(Event::NextRouteAvailable))
+            } else {
+                Either::Right(
+                    sleep_until_start_next_connection
+                        .as_mut()
+                        .map(|()| Event::StartNextConnection),
+                )
+            }
+        });
+
+        // Wait for the next in-progress connection attempt to finish, if
+        // there are any
+        let next_connect_in_progress = (!connects_in_progress.is_empty()).then(|| {
+            connects_in_progress
+                .next()
+                .map(|o| o.expect("checked non-empty"))
+        });
+
+        // If there aren't any connection attempts in progress and there
+        // also aren't gonna be any more, we've run out of possibilities.
+        if poll_or_wait.is_none() && next_connect_in_progress.is_none() {
+            break Err(ConnectError::AllAttemptsFailed);
+        }
+
+        let event = tokio::select! {
+            event = SomeOrPending::from(poll_or_wait) => event,
+            c = SomeOrPending::from(next_connect_in_progress) => Event::ConnectionAttemptFinished(c),
+        };
+
+        match event {
+            Event::StartNextConnection => {
+                poll_schedule_for_next = true;
+            }
+
+            Event::NextRouteAvailable(Some(route)) => {
+                connects_in_progress.push(async {
+                    let started = Instant::now();
+                    let result = connector.connect(route.clone()).await;
+                    (route, result, started)
+                });
+                poll_schedule_for_next = false;
+
+                sleep_until_start_next_connection
+                    .as_mut()
+                    .reset(Instant::now() + pull_next_route_delay(&connects_in_progress));
+            }
+            Event::NextRouteAvailable(None) => {
+                // The Schedule is empty, so make sure it's not polled again.
+                schedule.set(None);
+                poll_schedule_for_next = false;
+            }
+            Event::ConnectionAttemptFinished((route, result, started)) => {
+                let make_outcome = |result| (route, AttemptOutcome { started, result });
+                match result.map_err(&mut on_error) {
+                    Ok(connection) => {
+                        // We've got a successful connection!
+                        outcomes.push(make_outcome(Ok(())));
+                        break Ok(connection);
+                    }
+                    Err(ControlFlow::Continue(())) => {
+                        // Record the non-fatal error outcome and move on.
+                        outcomes.push(make_outcome(Err(UnsuccessfulOutcome)));
+                    }
+                    Err(ControlFlow::Break(fatal_err)) => {
+                        // This isn't a route-level error, it's a
+                        // service-level error. It doesn't necessarily mean
+                        // the route is bad, so don't record the
+                        // unsuccessful attempt.
+                        break Err(ConnectError::FatalConnect(fatal_err));
+                    }
+                }
+            }
+        }
+    };
+    (
+        outcome,
+        OutcomeUpdates {
+            outcomes,
+            finished_at: Instant::now(),
+        },
+    )
+}
+
+const PER_CONNECTION_WAIT_DURATION: Duration = Duration::from_millis(500);
+
+fn pull_next_route_delay<F>(connects_in_progress: &FuturesUnordered<F>) -> Duration {
+    let connections_factor = connects_in_progress.len().try_into().unwrap_or(u32::MAX);
+
+    PER_CONNECTION_WAIT_DURATION * connections_factor
+}
+
+impl<R: RouteProvider> RouteProvider for &R {
+    type Route = R::Route;
+
+    fn routes(&self) -> impl Iterator<Item = Self::Route> + '_ {
+        R::routes(self)
+    }
+}
+
 impl From<Arc<str>> for UnresolvedHost {
     fn from(value: Arc<str>) -> Self {
         Self(value)
     }
 }
 
+#[cfg(any(test, feature = "test-util"))]
+pub mod testutils {
+    use std::net::IpAddr;
+
+    pub use super::resolve::testutils::*;
+    use super::*;
+
+    #[derive(Copy, Clone, Debug, PartialEq, Eq, Hash)]
+    pub struct FakeRoute<A>(pub A);
+
+    impl<A: ResolveHostnames> ResolveHostnames for FakeRoute<A> {
+        type Resolved = FakeRoute<A::Resolved>;
+
+        fn hostnames(&self) -> impl Iterator<Item = &UnresolvedHost> {
+            self.0.hostnames()
+        }
+
+        fn resolve(self, lookup: impl FnMut(&str) -> IpAddr) -> Self::Resolved {
+            FakeRoute(self.0.resolve(lookup))
+        }
+    }
+
+    impl<A: ResolvedRoute> ResolvedRoute for FakeRoute<A> {
+        fn immediate_target(&self) -> &IpAddr {
+            self.0.immediate_target()
+        }
+    }
+
+    /// [`RouteDelayPolicy`] that always returns a delay of zero.
+    #[derive(Copy, Clone, Debug)]
+    pub struct NoDelay;
+
+    impl<R> RouteDelayPolicy<R> for NoDelay {
+        fn compute_delay(&self, _route: &R, _now: Instant) -> Duration {
+            Duration::ZERO
+        }
+    }
+}
+
 #[cfg(test)]
 mod test {
     use std::borrow::Cow;
+    use std::convert::Infallible;
+    use std::fmt::Debug;
+    use std::future::Future;
+    use std::net::{IpAddr, Ipv4Addr};
     use std::num::NonZeroU16;
 
     use ::http::uri::PathAndQuery;
     use ::http::HeaderMap;
+    use assert_matches::assert_matches;
+    use const_str::ip_addr;
+    use futures_util::{Stream, StreamExt};
     use itertools::Itertools as _;
     use nonzero_ext::nonzero;
+    use tokio::sync::{mpsc, oneshot};
+    use tokio_stream::wrappers::UnboundedReceiverStream;
     use tungstenite::protocol::WebSocketConfig;
 
     use super::*;
     use crate::certs::RootCertificates;
+    use crate::dns::lookup_result::LookupResult;
     use crate::host::Host;
+    use crate::route::resolve::testutils::FakeResolver;
+    use crate::route::testutils::{FakeRoute, NoDelay};
     use crate::tcp_ssl::proxy::socks;
     use crate::Alpn;
 
@@ -363,4 +618,219 @@ mod test {
             >,
         >();
     }
+
+    #[derive(Debug, PartialEq)]
+    struct FakeConnection<R>(R);
+
+    #[derive(Debug, PartialEq)]
+    struct FakeConnectError;
+
+    #[derive(Debug)]
+    struct FakeConnector<R> {
+        outgoing: mpsc::UnboundedSender<FakeConnectResponder<R>>,
+    }
+
+    #[derive(Debug)]
+    struct FakeConnectResponder<R>(
+        R,
+        oneshot::Sender<Result<FakeConnection<R>, FakeConnectError>>,
+    );
+
+    impl<R: Debug> FakeConnectResponder<R> {
+        fn route(&self) -> &R {
+            &self.0
+        }
+        fn respond(self, result: Result<(), FakeConnectError>) {
+            self.1
+                .send(result.map(|()| FakeConnection(self.0)))
+                .expect("not dropped")
+        }
+    }
+
+    impl<R> FakeConnector<R> {
+        fn new() -> (Self, impl Stream<Item = FakeConnectResponder<R>>) {
+            let (outgoing, incoming) = mpsc::unbounded_channel();
+
+            (Self { outgoing }, UnboundedReceiverStream::new(incoming))
+        }
+    }
+
+    impl<R: Send> Connector<R, ()> for FakeConnector<R> {
+        type Connection = FakeConnection<R>;
+        type Error = FakeConnectError;
+
+        fn connect_over(
+            &self,
+            (): (),
+            route: R,
+        ) -> impl Future<Output = Result<Self::Connection, Self::Error>> + Send {
+            let (sender, receiver) = oneshot::channel();
+            self.outgoing
+                .send(FakeConnectResponder(route, sender))
+                .unwrap();
+            receiver.map(|r| r.unwrap())
+        }
+    }
+
+    impl<R: Clone> RouteProvider for Vec<R> {
+        type Route = R;
+
+        fn routes(&self) -> impl Iterator<Item = Self::Route> + '_ {
+            self.iter().cloned()
+        }
+    }
+
+    #[tokio::test(start_paused = true)]
+    async fn connect_slows_down_after_starting_a_connection() {
+        const HOSTNAMES: &[(&str, Ipv4Addr)] = &[
+            ("A", ip_addr!(v4, "1.1.1.1")),
+            ("B", ip_addr!(v4, "2.2.2.2")),
+            ("C", ip_addr!(v4, "3.3.3.3")),
+            ("D", ip_addr!(v4, "4.4.4.4")),
+            ("E", ip_addr!(v4, "5.5.5.5")),
+            ("F", ip_addr!(v4, "6.6.6.6")),
+            ("G", ip_addr!(v4, "7.7.7.7")),
+        ];
+        let (connector, mut connection_responders) = FakeConnector::new();
+        let outcomes = NoDelay;
+        let (resolver, mut resolution_responders) = FakeResolver::new();
+
+        let _connection_task = tokio::spawn(async move {
+            connect(
+                &RouteResolver::default(),
+                &outcomes,
+                HOSTNAMES
+                    .iter()
+                    .map(|(h, _addr)| FakeRoute(UnresolvedHost::from(Arc::from(*h))))
+                    .collect_vec(),
+                &resolver,
+                connector,
+                |_err: FakeConnectError| ControlFlow::<Infallible>::Continue(()),
+            )
+            .await
+        });
+
+        // We should see all routes resolved in parallel. If we let those finish
+        // immediately we should start seeing connection attempts.
+        for (host, addr) in HOSTNAMES {
+            let responder = resolution_responders.next().await.unwrap();
+            assert_eq!(responder.hostname(), *host);
+            responder.respond(Ok(LookupResult::new(
+                crate::DnsSource::Test,
+                vec![*addr],
+                vec![],
+            )));
+        }
+
+        // Let the task run so it can kick off some connection attempts.
+        tokio::task::yield_now().await;
+
+        let connections_in_progress: Vec<_> =
+            std::iter::from_fn(|| connection_responders.next().now_or_never().flatten()).collect();
+
+        assert_eq!(
+            connections_in_progress
+                .iter()
+                .map(|responder| responder.route().0)
+                .collect_vec(),
+            HOSTNAMES[..1]
+                .iter()
+                .map(|(_, addr)| IpAddr::V4(*addr))
+                .collect_vec()
+        );
+
+        // There shouldn't be any more connections in progress.
+        assert_matches!(
+            futures_util::poll!(connection_responders.next()),
+            std::task::Poll::Pending
+        );
+
+        let start = Instant::now();
+        // If, however, we wait a little longer, we will see another one!
+        let next_connection = connection_responders.next().await.unwrap();
+        assert_eq!(next_connection.route().0, IpAddr::V4(HOSTNAMES[1].1));
+        assert_eq!(start.elapsed(), PER_CONNECTION_WAIT_DURATION);
+    }
+
+    #[tokio::test(start_paused = true)]
+    async fn connect_takes_first_successful() {
+        const HOSTNAMES: &[(&str, Ipv4Addr)] = &[
+            ("A", ip_addr!(v4, "1.1.1.1")),
+            ("B", ip_addr!(v4, "2.2.2.2")),
+            ("C", ip_addr!(v4, "3.3.3.3")),
+            ("D", ip_addr!(v4, "4.4.4.4")),
+            ("E", ip_addr!(v4, "5.5.5.5")),
+            ("F", ip_addr!(v4, "6.6.6.6")),
+            ("G", ip_addr!(v4, "7.7.7.7")),
+        ];
+
+        let (connector, mut connection_responders) = FakeConnector::<FakeRoute<IpAddr>>::new();
+        let outcomes = NoDelay;
+        let (resolver, mut resolution_responders) = FakeResolver::new();
+
+        const SUCCESSFUL_ROUTE_INDEX: usize = 4;
+
+        let _connect_task = tokio::spawn(async move {
+            while let Some(responder) = connection_responders.next().await {
+                // Simulate the connection taking some time to succeed or fail.
+                const SIMULATED_CONNECTION_DELAY: Duration = Duration::from_secs(1);
+
+                let should_succeed =
+                    responder.route().0 == IpAddr::V4(HOSTNAMES[SUCCESSFUL_ROUTE_INDEX].1);
+                tokio::task::spawn(async move {
+                    tokio::time::sleep(SIMULATED_CONNECTION_DELAY).await;
+                    responder.respond(should_succeed.then_some(()).ok_or(FakeConnectError));
+                });
+            }
+        });
+        let _resolve_task = tokio::spawn(async move {
+            // The routes should be sent for resolution in order.
+            for (host, addr) in HOSTNAMES {
+                let responder = resolution_responders.next().await.unwrap();
+                assert_eq!(responder.hostname(), *host);
+                responder.respond(Ok(LookupResult::new(
+                    crate::DnsSource::Test,
+                    vec![*addr],
+                    vec![],
+                )));
+            }
+        });
+
+        let (result, updates) = connect(
+            &RouteResolver::default(),
+            &outcomes,
+            HOSTNAMES
+                .iter()
+                .map(|(h, _addr)| FakeRoute(UnresolvedHost::from(Arc::from(*h))))
+                .collect_vec(),
+            &resolver,
+            connector,
+            |_err: FakeConnectError| ControlFlow::<Infallible>::Continue(()),
+        )
+        .await;
+
+        assert_eq!(
+            result,
+            Ok(FakeConnection(FakeRoute(IpAddr::V4(
+                HOSTNAMES[SUCCESSFUL_ROUTE_INDEX].1
+            ))))
+        );
+
+        let update_outcomes = updates
+            .outcomes
+            .into_iter()
+            .map(|(r, a)| (r, a.result))
+            .collect_vec();
+        assert_eq!(
+            update_outcomes,
+            HOSTNAMES[..SUCCESSFUL_ROUTE_INDEX]
+                .iter()
+                .map(|(_, ip)| (FakeRoute(IpAddr::V4(*ip)), Err(UnsuccessfulOutcome)))
+                .chain(std::iter::once({
+                    let (_, ip) = HOSTNAMES[SUCCESSFUL_ROUTE_INDEX];
+                    (FakeRoute(IpAddr::V4(ip)), Ok(()))
+                }))
+                .collect_vec()
+        );
+    }
 }
diff --git a/rust/net/infra/src/route/provider.rs b/rust/net/infra/src/route/provider.rs
new file mode 100644
index 000000000..d3b2094e2
--- /dev/null
+++ b/rust/net/infra/src/route/provider.rs
@@ -0,0 +1,24 @@
+//
+// Copyright 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+
+use crate::route::RouteProvider;
+
+pub trait RouteProviderExt: RouteProvider + Sized {
+    fn map_routes<F: Fn(Self::Route) -> T, T>(self, f: F) -> Map<Self, F> {
+        Map(self, f)
+    }
+}
+
+impl<R: RouteProvider> RouteProviderExt for R {}
+
+pub struct Map<R, F>(R, F);
+
+impl<R: RouteProvider, F: Fn(R::Route) -> T, T> RouteProvider for Map<R, F> {
+    type Route = T;
+
+    fn routes(&self) -> impl Iterator<Item = Self::Route> + '_ {
+        self.0.routes().map(&self.1)
+    }
+}
diff --git a/rust/net/infra/src/route/resolve.rs b/rust/net/infra/src/route/resolve.rs
index 1b676e5d6..cd4fbc04f 100644
--- a/rust/net/infra/src/route/resolve.rs
+++ b/rust/net/infra/src/route/resolve.rs
@@ -29,7 +29,7 @@ use crate::route::{
 /// `UnresolvedHost`, which implements this trait.
 pub trait ResolveHostnames {
     /// The new route type with no unresolved hostnames.
-    type Resolved;
+    type Resolved: ResolvedRoute;
 
     /// Enumerates all the unresolved hostnames in `self`.
     fn hostnames(&self) -> impl Iterator<Item = &UnresolvedHost>;
@@ -233,24 +233,6 @@ impl<D: ResolveHostnames, P: ResolveHostnames> ResolveHostnames for DirectOrProx
     }
 }
 
-impl<A: ResolveHostnames> ResolveHostnames for SocksTarget<A> {
-    type Resolved = SocksTarget<A::Resolved>;
-
-    fn hostnames(&self) -> impl Iterator<Item = &UnresolvedHost> {
-        match self {
-            SocksTarget::ResolvedLocally(a) => Either::Left(a.hostnames()),
-            SocksTarget::ResolvedRemotely { name: _ } => Either::Right(std::iter::empty()),
-        }
-    }
-
-    fn resolve(self, lookup: impl FnMut(&str) -> IpAddr) -> Self::Resolved {
-        match self {
-            SocksTarget::ResolvedLocally(a) => SocksTarget::ResolvedLocally(a.resolve(lookup)),
-            SocksTarget::ResolvedRemotely { name } => SocksTarget::ResolvedRemotely { name },
-        }
-    }
-}
-
 impl<A: ResolveHostnames> ResolveHostnames for ConnectionProxyRoute<A> {
     type Resolved = ConnectionProxyRoute<A::Resolved>;
 
@@ -287,7 +269,10 @@ impl<A: ResolveHostnames> ResolveHostnames for SocksRoute<A> {
             target_port: _,
             protocol: _,
         } = self;
-        proxy.hostnames().chain(target_addr.hostnames())
+        proxy.hostnames().chain(match target_addr {
+            SocksTarget::ResolvedLocally(addr) => Either::Left(addr.hostnames()),
+            SocksTarget::ResolvedRemotely { name: _ } => Either::Right(std::iter::empty()),
+        })
     }
 
     fn resolve(self, mut lookup: impl FnMut(&str) -> IpAddr) -> Self::Resolved {
@@ -297,9 +282,15 @@ impl<A: ResolveHostnames> ResolveHostnames for SocksRoute<A> {
             target_port,
             protocol,
         } = self;
+        let target_addr = match target_addr {
+            SocksTarget::ResolvedLocally(addr) => {
+                SocksTarget::ResolvedLocally(addr.resolve(&mut lookup))
+            }
+            SocksTarget::ResolvedRemotely { name } => SocksTarget::ResolvedRemotely { name },
+        };
         SocksRoute {
-            proxy: proxy.resolve(&mut lookup),
-            target_addr: target_addr.resolve(lookup),
+            proxy: proxy.resolve(lookup),
+            target_addr,
             target_port,
             protocol,
         }
@@ -358,44 +349,28 @@ impl<A: ResolvedRoute> ResolvedRoute for SocksRoute<A> {
     }
 }
 
-#[cfg(test)]
-mod test {
-    use std::collections::{HashMap, HashSet};
-    use std::num::NonZeroU16;
-
-    use assert_matches::assert_matches;
-    use const_str::ip_addr;
-    use futures_util::{pin_mut, FutureExt as _, Stream, StreamExt as _};
-    use nonzero_ext::nonzero;
+#[cfg(any(test, feature = "test-util"))]
+pub mod testutils {
+    use futures_util::Stream;
     use tokio::sync::{mpsc, oneshot};
     use tokio_stream::wrappers::UnboundedReceiverStream;
 
     use super::*;
-    use crate::certs::RootCertificates;
-    use crate::host::Host;
-    use crate::route::{
-        DirectOrProxyRoute, HttpRouteFragment, SocksRoute, TlsRouteFragment,
-        UnresolvedHttpsServiceRoute,
-    };
-    use crate::tcp_ssl::proxy::socks;
-    use crate::DnsSource;
-
-    const PROXY_PORT: NonZeroU16 = nonzero!(444u16);
-    const TARGET_PORT: NonZeroU16 = nonzero!(888u16);
 
     /// Implementation of [`Resolver`] that gets results from
     /// [`FakeResponder`]s.
-    struct FakeResolver {
+    pub struct FakeResolver {
         request_tx: mpsc::UnboundedSender<FakeResponder>,
     }
 
-    struct FakeResponder {
+    #[derive(Debug)]
+    pub struct FakeResponder {
         hostname: String,
         result_sender: oneshot::Sender<Result<LookupResult, DnsError>>,
     }
 
     impl FakeResolver {
-        fn new() -> (FakeResolver, impl Stream<Item = FakeResponder> + Unpin) {
+        pub fn new() -> (FakeResolver, impl Stream<Item = FakeResponder> + Unpin) {
             let (request_tx, request_rx) = mpsc::unbounded_channel();
             (
                 FakeResolver { request_tx },
@@ -424,13 +399,38 @@ mod test {
     }
 
     impl FakeResponder {
-        fn hostname(&self) -> &str {
+        pub fn hostname(&self) -> &str {
             &self.hostname
         }
-        fn respond(self, result: Result<LookupResult, DnsError>) {
+        pub fn respond(self, result: Result<LookupResult, DnsError>) {
             let _ignore_error = self.result_sender.send(result);
         }
     }
+}
+
+#[cfg(test)]
+mod test {
+    use std::collections::{HashMap, HashSet};
+    use std::num::NonZeroU16;
+
+    use assert_matches::assert_matches;
+    use const_str::ip_addr;
+    use futures_util::{pin_mut, FutureExt as _, StreamExt as _};
+    use nonzero_ext::nonzero;
+
+    use super::*;
+    use crate::certs::RootCertificates;
+    use crate::host::Host;
+    use crate::route::resolve::testutils::{FakeResolver, FakeResponder};
+    use crate::route::{
+        DirectOrProxyRoute, HttpRouteFragment, SocksRoute, TlsRouteFragment,
+        UnresolvedHttpsServiceRoute,
+    };
+    use crate::tcp_ssl::proxy::socks;
+    use crate::DnsSource;
+
+    const PROXY_PORT: NonZeroU16 = nonzero!(444u16);
+    const TARGET_PORT: NonZeroU16 = nonzero!(888u16);
 
     /// Let us use a `Vec` for testing [`resolve_route`] instead of a real route
     /// type that would require us to specify a bunch of unnecessary extra
diff --git a/rust/net/infra/src/route/schedule.rs b/rust/net/infra/src/route/schedule.rs
index 0a4be3f6e..9e633d111 100644
--- a/rust/net/infra/src/route/schedule.rs
+++ b/rust/net/infra/src/route/schedule.rs
@@ -21,6 +21,7 @@ use crate::dns::dns_utils::log_safe_domain;
 use crate::dns::DnsError;
 use crate::route::{ResolveHostnames, ResolvedRoute, Resolver};
 use crate::utils::binary_heap::{MinKeyValueQueue, Queue};
+use crate::utils::future::SomeOrPending;
 
 /// Resolves routes with domain names to equivalent routes with IP addresses.
 ///
@@ -83,6 +84,12 @@ pub struct ConnectionOutcomeParams {
     pub max_delay: Duration,
 }
 
+impl Default for RouteResolver {
+    fn default() -> Self {
+        Self { allow_ipv6: true }
+    }
+}
+
 impl RouteResolver {
     /// Resolve an ordered sequence of routes with hostnames as a stream of
     /// resolved routes.
@@ -237,6 +244,7 @@ where
     }
 }
 
+#[derive(Copy, Clone, Debug, PartialEq, Eq)]
 pub struct AttemptOutcome {
     pub started: Instant,
     pub result: Result<(), UnsuccessfulOutcome>,
@@ -246,6 +254,7 @@ pub struct AttemptOutcome {
 ///
 /// Right now the cause of the failure is unimportant, though if that changes in
 /// the future this should be made an `enum`.
+#[derive(Copy, Clone, Debug, PartialEq, Eq)]
 pub struct UnsuccessfulOutcome;
 
 impl<R: Hash + Eq + Clone> ConnectionOutcomes<R> {
@@ -439,24 +448,6 @@ impl<S: FusedStream<Item = (A, B)>, A, B> FusedStream for SwapPairStream<S> {
     }
 }
 
-/// [`Future`] that delegates to the inner `F: Future` or never resolves.
-#[pin_project]
-struct SomeOrPending<F>(#[pin] Option<F>);
-
-impl<F: Future> Future for SomeOrPending<F> {
-    type Output = F::Output;
-
-    fn poll(
-        self: Pin<&mut Self>,
-        cx: &mut std::task::Context<'_>,
-    ) -> std::task::Poll<Self::Output> {
-        match self.project().0.as_pin_mut() {
-            Some(f) => f.poll(cx),
-            None => std::task::Poll::Pending,
-        }
-    }
-}
-
 const HAPPY_EYEBALLS_DELAY: Duration = Duration::from_millis(300);
 
 /// A group of resolved routes that came from the same unresolved route.
@@ -663,45 +654,16 @@ mod test {
 
     use super::*;
     use crate::dns::lookup_result::LookupResult;
+    use crate::route::testutils::{FakeRoute, NoDelay};
     use crate::route::UnresolvedHost;
     use crate::DnsSource;
 
-    struct NoDelay;
-
-    impl<R> RouteDelayPolicy<R> for NoDelay {
-        fn compute_delay(&self, _route: &R, _now: Instant) -> Duration {
-            Duration::ZERO
-        }
-    }
-
-    #[derive(Copy, Clone, Debug, PartialEq, Eq, Hash)]
-    struct FakeRoute<A>(A);
-
-    impl<A: ResolveHostnames> ResolveHostnames for FakeRoute<A> {
-        type Resolved = FakeRoute<A::Resolved>;
-
-        fn hostnames(&self) -> impl Iterator<Item = &UnresolvedHost> {
-            self.0.hostnames()
-        }
-
-        fn resolve(self, lookup: impl FnMut(&str) -> IpAddr) -> Self::Resolved {
-            FakeRoute(self.0.resolve(lookup))
-        }
-    }
-
-    impl<A: ResolvedRoute> ResolvedRoute for FakeRoute<A> {
-        fn immediate_target(&self) -> &IpAddr {
-            self.0.immediate_target()
-        }
-    }
-
     impl<S, R, SP> Schedule<S, R, SP>
     where
         S: FusedStream<Item = (ResolvedRoutes<R>, ResolveMeta)>,
         SP: RouteDelayPolicy<R>,
     {
-        pub fn as_stream<'a>(self: Pin<&'a mut Self>) -> impl Stream<Item = R> + 'a
-where {
+        pub fn as_stream<'a>(self: Pin<&'a mut Self>) -> impl Stream<Item = R> + 'a {
             let schedule = self;
             futures_util::stream::unfold(schedule, |mut schedule| async {
                 schedule.as_mut().next().await.map(|r| (r, schedule))
diff --git a/rust/net/infra/src/route/ws.rs b/rust/net/infra/src/route/ws.rs
index 46cd596d2..196352d08 100644
--- a/rust/net/infra/src/route/ws.rs
+++ b/rust/net/infra/src/route/ws.rs
@@ -3,6 +3,8 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 
+use std::hash::Hash;
+
 use http::uri::PathAndQuery;
 use http::HeaderMap;
 use tungstenite::protocol::WebSocketConfig;
@@ -66,12 +68,33 @@ impl<R: ReplaceFragment<S>, S> ReplaceFragment<S> for WebSocketRoute<R> {
 /// implement [`PartialEq`].
 impl PartialEq for WebSocketRouteFragment {
     fn eq(&self, other: &Self) -> bool {
-        self.endpoint == other.endpoint && ws_config_eq(self.ws_config, other.ws_config)
+        let Self {
+            ws_config,
+            endpoint,
+            headers,
+        } = self;
+        endpoint == &other.endpoint
+            && headers == &other.headers
+            && ws_config_eq(ws_config, &other.ws_config)
+    }
+}
+
+impl Eq for WebSocketRouteFragment {}
+
+impl std::hash::Hash for WebSocketRouteFragment {
+    fn hash<H: std::hash::Hasher>(&self, state: &mut H) {
+        let Self {
+            ws_config,
+            endpoint,
+            headers: _,
+        } = self;
+        ws_config_hash(ws_config, state);
+        endpoint.hash(state);
     }
 }
 
 #[allow(deprecated)]
-fn ws_config_eq(lhs: WebSocketConfig, rhs: WebSocketConfig) -> bool {
+fn ws_config_eq(lhs: &WebSocketConfig, rhs: &WebSocketConfig) -> bool {
     let WebSocketConfig {
         max_send_queue,
         write_buffer_size,
@@ -81,10 +104,29 @@ fn ws_config_eq(lhs: WebSocketConfig, rhs: WebSocketConfig) -> bool {
         accept_unmasked_frames,
     } = lhs;
 
-    max_send_queue == rhs.max_send_queue
-        && write_buffer_size == rhs.write_buffer_size
-        && max_write_buffer_size == rhs.max_write_buffer_size
-        && max_message_size == rhs.max_message_size
-        && max_frame_size == rhs.max_frame_size
-        && accept_unmasked_frames == rhs.accept_unmasked_frames
+    max_send_queue == &rhs.max_send_queue
+        && write_buffer_size == &rhs.write_buffer_size
+        && max_write_buffer_size == &rhs.max_write_buffer_size
+        && max_message_size == &rhs.max_message_size
+        && max_frame_size == &rhs.max_frame_size
+        && accept_unmasked_frames == &rhs.accept_unmasked_frames
+}
+
+#[allow(deprecated)]
+fn ws_config_hash(ws: &WebSocketConfig, state: &mut impl std::hash::Hasher) {
+    let WebSocketConfig {
+        max_send_queue,
+        write_buffer_size,
+        max_write_buffer_size,
+        max_message_size,
+        max_frame_size,
+        accept_unmasked_frames,
+    } = ws;
+
+    max_send_queue.hash(state);
+    write_buffer_size.hash(state);
+    max_write_buffer_size.hash(state);
+    max_message_size.hash(state);
+    max_frame_size.hash(state);
+    accept_unmasked_frames.hash(state);
 }
diff --git a/rust/net/infra/src/utils.rs b/rust/net/infra/src/utils.rs
index d3f103b68..e2b6781ad 100644
--- a/rust/net/infra/src/utils.rs
+++ b/rust/net/infra/src/utils.rs
@@ -3,7 +3,6 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 
-use std::future;
 use std::future::Future;
 use std::sync::Arc;
 use std::time::Duration;
@@ -14,6 +13,7 @@ use futures_util::StreamExt;
 use http::HeaderValue;
 
 pub(crate) mod binary_heap;
+pub mod future;
 
 /// Constructs the value of the `Authorization` header for the `Basic` auth scheme.
 pub fn basic_authorization(username: &str, password: &str) -> HeaderValue {
@@ -49,7 +49,7 @@ where
     I: IntoIterator<Item = F>,
 {
     FuturesUnordered::from_iter(futures)
-        .filter_map(|result| future::ready(result.ok()))
+        .filter_map(|result| std::future::ready(result.ok()))
         .next()
         .await
 }
diff --git a/rust/net/infra/src/utils/future.rs b/rust/net/infra/src/utils/future.rs
new file mode 100644
index 000000000..8286f9a9d
--- /dev/null
+++ b/rust/net/infra/src/utils/future.rs
@@ -0,0 +1,33 @@
+//
+// Copyright 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+
+use std::future::Future;
+use std::pin::Pin;
+
+use pin_project::pin_project;
+
+/// [`Future`] that delegates to the inner `F: Future` or never resolves.
+#[pin_project]
+pub struct SomeOrPending<F>(#[pin] pub(crate) Option<F>);
+
+impl<F> From<Option<F>> for SomeOrPending<F> {
+    fn from(value: Option<F>) -> Self {
+        Self(value)
+    }
+}
+
+impl<F: Future> Future for SomeOrPending<F> {
+    type Output = F::Output;
+
+    fn poll(
+        self: Pin<&mut Self>,
+        cx: &mut std::task::Context<'_>,
+    ) -> std::task::Poll<Self::Output> {
+        match self.project().0.as_pin_mut() {
+            Some(f) => f.poll(cx),
+            None => std::task::Poll::Pending,
+        }
+    }
+}
diff --git a/rust/net/src/cdsi.rs b/rust/net/src/cdsi.rs
index c73c78c50..bebf96965 100644
--- a/rust/net/src/cdsi.rs
+++ b/rust/net/src/cdsi.rs
@@ -14,15 +14,16 @@ use libsignal_net_infra::ws::{NextOrClose, WebSocketConnectError, WebSocketServi
 use libsignal_net_infra::ws2::attested::{
     AttestedConnection, AttestedConnectionError, AttestedProtocolError,
 };
-use libsignal_net_infra::{extract_retry_after_seconds, TransportConnector};
+use libsignal_net_infra::{extract_retry_after_seconds, AsyncDuplexStream, TransportConnector};
 use prost::Message as _;
 use thiserror::Error;
+use tokio_tungstenite::WebSocketStream;
 use tungstenite::protocol::frame::coding::CloseCode;
 use tungstenite::protocol::CloseFrame;
 use uuid::Uuid;
 
 use crate::auth::Auth;
-use crate::enclave::{Cdsi, EnclaveEndpointConnection};
+use crate::enclave::{Cdsi, EnclaveEndpointConnection, EndpointParams, NewHandshake as _};
 use crate::proto::cds2::{ClientRequest, ClientResponse};
 use crate::ws::WebSocketServiceConnectError;
 
@@ -347,6 +348,18 @@ impl CdsiConnection {
         Ok(Self(connection))
     }
 
+    pub async fn connect_over(
+        ws: WebSocketStream<impl AsyncDuplexStream + 'static>,
+        params: &EndpointParams<'_, Cdsi>,
+        ws_config: crate::infra::ws2::Config,
+    ) -> Result<Self, LookupError> {
+        let connection = AttestedConnection::connect(ws, ws_config, move |attestation_message| {
+            Cdsi::new_handshake(params, attestation_message)
+        })
+        .await?;
+        Ok(Self(connection))
+    }
+
     pub async fn send_request(
         mut self,
         request: LookupRequest,

From 96beed703012f7714e0048e0ae787ee3fcb589a5 Mon Sep 17 00:00:00 2001
From: Alex Konradi <akonradi@signal.org>
Date: Fri, 15 Nov 2024 16:25:00 -0500
Subject: [PATCH 07/57] Add CDSI route-based connect fn

---
 rust/bridge/shared/types/src/net.rs      |  40 +++++--
 rust/bridge/shared/types/src/net/cdsi.rs |  58 ++++++++++
 rust/net/examples/cdsi_lookup.rs         |  83 +++++---------
 rust/net/infra/src/route.rs              |   4 +-
 rust/net/infra/src/route/proxy.rs        |   2 +-
 rust/net/src/cdsi.rs                     |  30 +++--
 rust/net/src/connect_state.rs            | 133 +++++++++++++++++++++++
 rust/net/src/enclave.rs                  |   6 +
 rust/net/src/lib.rs                      |   1 +
 9 files changed, 278 insertions(+), 79 deletions(-)
 create mode 100644 rust/net/src/connect_state.rs

diff --git a/rust/bridge/shared/types/src/net.rs b/rust/bridge/shared/types/src/net.rs
index d4690b730..7d1dda91e 100644
--- a/rust/bridge/shared/types/src/net.rs
+++ b/rust/bridge/shared/types/src/net.rs
@@ -7,11 +7,13 @@ use std::marker::PhantomData;
 use std::num::{NonZeroU16, NonZeroU32};
 use std::panic::RefUnwindSafe;
 use std::sync::Arc;
+use std::time::Duration;
 
 use aes_gcm_siv::aead::rand_core::CryptoRngCore;
 use async_trait::async_trait;
 use futures_util::future::join3;
 use libsignal_net::auth::Auth;
+use libsignal_net::connect_state::ConnectState;
 use libsignal_net::enclave::{
     Cdsi, EnclaveEndpoint, EnclaveEndpointConnection, EnclaveKind, Nitro, PpssSetup, Sgx, Tpm2Snp,
 };
@@ -19,6 +21,7 @@ use libsignal_net::env::{add_user_agent_header, Env, Svr3Env, UserAgent};
 use libsignal_net::infra::connection_manager::MultiRouteConnectionManager;
 use libsignal_net::infra::dns::DnsResolver;
 use libsignal_net::infra::host::Host;
+use libsignal_net::infra::route::ConnectionOutcomeParams;
 use libsignal_net::infra::tcp_ssl::proxy::tls::TlsProxyConnector as TcpSslProxyConnector;
 use libsignal_net::infra::tcp_ssl::{DirectConnector as TcpSslDirectConnector, TcpSslConnector};
 use libsignal_net::infra::timeouts::ONE_ROUTE_CONNECTION_TIMEOUT;
@@ -53,6 +56,15 @@ impl Environment {
         }
     }
 }
+const CONNECT_PARAMS: ConnectionOutcomeParams = {
+    ConnectionOutcomeParams {
+        age_cutoff: Duration::from_secs(5 * 60),
+        cooldown_growth_factor: 10.0,
+        max_count: 5,
+        max_delay: Duration::from_secs(30),
+        count_growth_factor: 10.0,
+    }
+};
 
 type Svr3EndpointConnections = (
     EnclaveEndpointConnection<Sgx, MultiRouteConnectionManager>,
@@ -69,7 +81,7 @@ struct EndpointConnections {
 impl EndpointConnections {
     fn new(
         env: &Env<'static, Svr3Env<'static>>,
-        user_agent: &str,
+        user_agent: &UserAgent,
         use_fallbacks: bool,
         network_change_event: &ObservableEvent,
     ) -> Self {
@@ -81,31 +93,30 @@ impl EndpointConnections {
             // testing. (Or the person running this isn't Signal.)
             env.chat_domain_config.connect.hostname
         );
-        let user_agent = UserAgent::with_libsignal_version(user_agent);
         let chat = libsignal_net::chat::endpoint_connection(
             &env.chat_domain_config.connect,
-            &user_agent,
+            user_agent,
             use_fallbacks,
             network_change_event,
         );
         let cdsi =
-            Self::endpoint_connection(&env.cdsi, &user_agent, use_fallbacks, network_change_event);
+            Self::endpoint_connection(&env.cdsi, user_agent, use_fallbacks, network_change_event);
         let svr3 = (
             Self::endpoint_connection(
                 env.svr3.sgx(),
-                &user_agent,
+                user_agent,
                 use_fallbacks,
                 network_change_event,
             ),
             Self::endpoint_connection(
                 env.svr3.nitro(),
-                &user_agent,
+                user_agent,
                 use_fallbacks,
                 network_change_event,
             ),
             Self::endpoint_connection(
                 env.svr3.tpm2snp(),
-                &user_agent,
+                user_agent,
                 use_fallbacks,
                 network_change_event,
             ),
@@ -139,7 +150,9 @@ impl EndpointConnections {
 
 pub struct ConnectionManager {
     env: Env<'static, Svr3Env<'static>>,
-    user_agent: String,
+    user_agent: UserAgent,
+    dns_resolver: DnsResolver,
+    connect: ::tokio::sync::RwLock<ConnectState>,
     // We could split this up to a separate mutex on each kind of connection,
     // but we don't hold it for very long anyway (just enough to clone the Arc).
     endpoints: std::sync::Mutex<Arc<EndpointConnections>>,
@@ -160,17 +173,21 @@ impl ConnectionManager {
         user_agent: &str,
     ) -> Self {
         let network_change_event = ObservableEvent::new();
+        let user_agent = UserAgent::with_libsignal_version(user_agent);
+
         let dns_resolver =
             DnsResolver::new_with_static_fallback(env.static_fallback(), &network_change_event);
         let transport_connector =
-            std::sync::Mutex::new(TcpSslDirectConnector::new(dns_resolver).into());
+            std::sync::Mutex::new(TcpSslDirectConnector::new(dns_resolver.clone()).into());
         let endpoints = std::sync::Mutex::new(
-            EndpointConnections::new(&env, user_agent, false, &network_change_event).into(),
+            EndpointConnections::new(&env, &user_agent, false, &network_change_event).into(),
         );
         Self {
             env,
-            user_agent: user_agent.to_owned(),
             endpoints,
+            user_agent,
+            connect: ConnectState::new(CONNECT_PARAMS),
+            dns_resolver,
             transport_connector,
             network_change_event,
         }
@@ -221,6 +238,7 @@ impl ConnectionManager {
     pub fn set_ipv6_enabled(&self, ipv6_enabled: bool) {
         let mut guard = self.transport_connector.lock().expect("not poisoned");
         guard.set_ipv6_enabled(ipv6_enabled);
+        self.connect.blocking_write().route_resolver.allow_ipv6 = ipv6_enabled;
     }
 
     /// Resets the endpoint connections to include or exclude censorship circumvention routes.
diff --git a/rust/bridge/shared/types/src/net/cdsi.rs b/rust/bridge/shared/types/src/net/cdsi.rs
index bab2e71ce..404d9fc3a 100644
--- a/rust/bridge/shared/types/src/net/cdsi.rs
+++ b/rust/bridge/shared/types/src/net/cdsi.rs
@@ -3,8 +3,12 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 
+use http::HeaderName;
 use libsignal_net::auth::Auth;
 use libsignal_net::cdsi::{self, CdsiConnection, ClientResponseCollector, Token};
+use libsignal_net::infra::route::{DirectOrProxyProvider, RouteProviderExt};
+use libsignal_net::infra::tcp_ssl::InvalidProxyConfig;
+use libsignal_net::infra::AsHttpHeader as _;
 
 use crate::net::ConnectionManager;
 use crate::*;
@@ -72,6 +76,60 @@ impl CdsiLookup {
         })
     }
 
+    pub async fn new_routes(
+        connection_manager: &ConnectionManager,
+        auth: Auth,
+        request: cdsi::LookupRequest,
+    ) -> Result<Self, cdsi::LookupError> {
+        let ConnectionManager {
+            env,
+            dns_resolver,
+            connect,
+            user_agent,
+            transport_connector,
+            endpoints,
+            ..
+        } = connection_manager;
+
+        let proxy_config: Option<libsignal_net::infra::route::ConnectionProxyConfig> =
+            (&*transport_connector.lock().expect("not poisoned"))
+                .try_into()
+                .map_err(|InvalidProxyConfig| {
+                    cdsi::LookupError::ConnectTransport(
+                        libsignal_net::infra::errors::TransportConnectError::InvalidConfiguration,
+                    )
+                })?;
+
+        let ws_config = endpoints.lock().expect("not poisoned").cdsi.ws2_config();
+        let env_cdsi = &env.cdsi;
+        let route_provider = env_cdsi.route_provider().map_routes(|mut route| {
+            route.fragment.headers.extend([user_agent.as_header()]);
+            route
+        });
+        let confirmation_header_name = env_cdsi
+            .domain_config
+            .connect
+            .confirmation_header_name
+            .map(HeaderName::from_static);
+
+        let connected = CdsiConnection::connect_with(
+            connect,
+            dns_resolver,
+            DirectOrProxyProvider::maybe_proxied(route_provider, proxy_config),
+            confirmation_header_name,
+            ws_config,
+            &env.cdsi.params,
+            auth,
+        )
+        .await?;
+        let (token, remaining_response) = connected.send_request(request).await?;
+
+        Ok(CdsiLookup {
+            token,
+            remaining: std::sync::Mutex::new(Some(remaining_response)),
+        })
+    }
+
     pub fn take_remaining(&self) -> Option<ClientResponseCollector> {
         self.remaining.lock().expect("not poisoned").take()
     }
diff --git a/rust/net/examples/cdsi_lookup.rs b/rust/net/examples/cdsi_lookup.rs
index 5ab1316a3..0f9ef4bc9 100644
--- a/rust/net/examples/cdsi_lookup.rs
+++ b/rust/net/examples/cdsi_lookup.rs
@@ -4,25 +4,19 @@
 //! authentication, then reads phone numbers from stdin until the end of the
 //! file.
 
-use std::ops::ControlFlow;
 use std::time::Duration;
 
 use clap::Parser;
 use http::HeaderName;
 use libsignal_net::auth::Auth;
 use libsignal_net::cdsi::{CdsiConnection, LookupError, LookupRequest, LookupResponse};
+use libsignal_net::connect_state::ConnectState;
 use libsignal_net::enclave::EnclaveEndpointConnection;
 use libsignal_net::infra::dns::DnsResolver;
 use libsignal_net::infra::utils::ObservableEvent;
-use libsignal_net::infra::AsHttpHeader as _;
-use libsignal_net::ws::WebSocketServiceConnectError;
-use libsignal_net_infra::connection_manager::{ErrorClass, ErrorClassifier};
-use libsignal_net_infra::route::testutils::NoDelay;
-use libsignal_net_infra::route::{ComposedConnector, RouteProviderExt, RouteResolver};
+use libsignal_net_infra::route::{ConnectionOutcomeParams, DirectOrProxyProvider};
 use libsignal_net_infra::tcp_ssl::DirectConnector;
-use libsignal_net_infra::ws::WebSocketConnectError;
 use tokio::io::AsyncBufReadExt as _;
-use tokio::time::Instant;
 
 async fn cdsi_lookup(
     cdsi: CdsiConnection,
@@ -39,14 +33,6 @@ async fn cdsi_lookup(
     remaining_response.collect().await
 }
 
-type StatelessTlsConnector = libsignal_net::infra::tcp_ssl::StatelessDirect;
-type StatelessTcpConnector = libsignal_net::infra::tcp_ssl::StatelessDirect;
-type StatelessConnector = ComposedConnector<
-    libsignal_net::infra::ws::Stateless,
-    ComposedConnector<StatelessTlsConnector, StatelessTcpConnector, WebSocketConnectError>,
-    WebSocketConnectError,
->;
-
 #[derive(clap::Parser)]
 struct CliArgs {
     #[arg(long, default_value_t = false)]
@@ -57,6 +43,22 @@ struct CliArgs {
     password: String,
 }
 
+const CONNECT_PARAMS: ConnectionOutcomeParams = {
+    ConnectionOutcomeParams {
+        age_cutoff: Duration::from_secs(5 * 60),
+        cooldown_growth_factor: 10.0,
+        max_count: 5,
+        max_delay: Duration::from_secs(30),
+        count_growth_factor: 10.0,
+    }
+};
+
+const WS2_CONFIG: libsignal_net_infra::ws2::Config = libsignal_net_infra::ws2::Config {
+    local_idle_timeout: Duration::from_secs(10),
+    remote_idle_ping_timeout: Duration::from_secs(10),
+    remote_idle_disconnect_timeout: Duration::from_secs(30),
+};
+
 #[tokio::main]
 async fn main() {
     env_logger::init();
@@ -88,52 +90,21 @@ async fn main() {
     let resolver = DnsResolver::new(&network_change_event);
 
     let connected = if use_routes {
-        let provider = cdsi_env.route_provider().map_routes(|mut route| {
-            route.fragment.headers.extend([auth.as_header()]);
-            route
-        });
-        let delay_policy = NoDelay;
-        let confirmation_header_name = cdsi_env
+        let confirmation_header = cdsi_env
             .domain_config
             .connect
             .confirmation_header_name
             .map(HeaderName::from_static);
+        let connect_state = ConnectState::new(CONNECT_PARAMS);
 
-        // No need to keep the outcomes updates since we're not reusing the
-        // connector.
-        let (result, _updates) = libsignal_net::infra::route::connect(
-            &RouteResolver::default(),
-            &delay_policy,
-            &provider,
+        CdsiConnection::connect_with(
+            &connect_state,
             &resolver,
-            StatelessConnector::default(),
-            |error| {
-                let service_error = WebSocketServiceConnectError::from_websocket_error(
-                    error,
-                    confirmation_header_name.as_ref(),
-                    Instant::now(),
-                );
-
-                match service_error.classify() {
-                    ErrorClass::Intermittent => ControlFlow::Continue(()),
-                    ErrorClass::RetryAt(instant) => ControlFlow::Break(format!(
-                        "retry in {}s",
-                        instant.saturating_duration_since(Instant::now()).as_secs()
-                    )),
-                    ErrorClass::Fatal => ControlFlow::Break(service_error.to_string()),
-                }
-            },
-        )
-        .await;
-
-        CdsiConnection::connect_over(
-            result.unwrap(),
+            DirectOrProxyProvider::maybe_proxied(cdsi_env.route_provider(), None),
+            confirmation_header,
+            WS2_CONFIG,
             &cdsi_env.params,
-            libsignal_net_infra::ws2::Config {
-                local_idle_timeout: Duration::from_secs(10),
-                remote_idle_ping_timeout: Duration::from_secs(10),
-                remote_idle_disconnect_timeout: Duration::from_secs(30),
-            },
+            auth,
         )
         .await
     } else {
@@ -142,7 +113,7 @@ async fn main() {
             Duration::from_secs(10),
             &network_change_event,
         );
-        let transport_connection = DirectConnector::new(DnsResolver::new(&network_change_event));
+        let transport_connection = DirectConnector::new(resolver);
         CdsiConnection::connect(&endpoint_connection, transport_connection, auth).await
     }
     .unwrap();
diff --git a/rust/net/infra/src/route.rs b/rust/net/infra/src/route.rs
index f7ef56cf7..d65c92250 100644
--- a/rust/net/infra/src/route.rs
+++ b/rust/net/infra/src/route.rs
@@ -131,9 +131,9 @@ pub enum ConnectError<E> {
 pub struct OutcomeUpdates<R> {
     /// A list of routes for which connection attempts finished, and the
     /// respective statuses.
-    outcomes: Vec<(R, AttemptOutcome)>,
+    pub outcomes: Vec<(R, AttemptOutcome)>,
     /// The time at which the connect attempt finished.
-    finished_at: Instant,
+    pub finished_at: Instant,
 }
 
 /// Attempt to connect to routes from the given [`RouteProvider`].
diff --git a/rust/net/infra/src/route/proxy.rs b/rust/net/infra/src/route/proxy.rs
index 224d07d14..83e0014c6 100644
--- a/rust/net/infra/src/route/proxy.rs
+++ b/rust/net/infra/src/route/proxy.rs
@@ -56,7 +56,7 @@ pub enum DirectOrProxyProvider<D, P> {
     Proxy(P),
 }
 
-#[derive(Debug)]
+#[derive(Debug, Clone)]
 pub enum ConnectionProxyConfig {
     TlsProxy {
         proxy_host: Host<Arc<str>>,
diff --git a/rust/net/src/cdsi.rs b/rust/net/src/cdsi.rs
index bebf96965..a48ce13f9 100644
--- a/rust/net/src/cdsi.rs
+++ b/rust/net/src/cdsi.rs
@@ -6,23 +6,25 @@
 use std::default::Default;
 
 use futures_util::TryFutureExt as _;
-use http::StatusCode;
+use http::{HeaderName, StatusCode};
 use libsignal_core::{Aci, Pni, E164};
 use libsignal_net_infra::connection_manager::ConnectionManager;
+use libsignal_net_infra::dns::DnsResolver;
 use libsignal_net_infra::errors::{LogSafeDisplay, TransportConnectError};
+use libsignal_net_infra::route::{RouteProvider, UnresolvedWebsocketServiceRoute};
 use libsignal_net_infra::ws::{NextOrClose, WebSocketConnectError, WebSocketServiceError};
 use libsignal_net_infra::ws2::attested::{
     AttestedConnection, AttestedConnectionError, AttestedProtocolError,
 };
-use libsignal_net_infra::{extract_retry_after_seconds, AsyncDuplexStream, TransportConnector};
+use libsignal_net_infra::{extract_retry_after_seconds, TransportConnector};
 use prost::Message as _;
 use thiserror::Error;
-use tokio_tungstenite::WebSocketStream;
 use tungstenite::protocol::frame::coding::CloseCode;
 use tungstenite::protocol::CloseFrame;
 use uuid::Uuid;
 
 use crate::auth::Auth;
+use crate::connect_state::ConnectState;
 use crate::enclave::{Cdsi, EnclaveEndpointConnection, EndpointParams, NewHandshake as _};
 use crate::proto::cds2::{ClientRequest, ClientResponse};
 use crate::ws::WebSocketServiceConnectError;
@@ -348,14 +350,24 @@ impl CdsiConnection {
         Ok(Self(connection))
     }
 
-    pub async fn connect_over(
-        ws: WebSocketStream<impl AsyncDuplexStream + 'static>,
-        params: &EndpointParams<'_, Cdsi>,
+    pub async fn connect_with(
+        connect: &tokio::sync::RwLock<ConnectState>,
+        resolver: &DnsResolver,
+        route_provider: impl RouteProvider<Route = UnresolvedWebsocketServiceRoute>,
+        confirmation_header_name: Option<HeaderName>,
         ws_config: crate::infra::ws2::Config,
+        params: &EndpointParams<'_, Cdsi>,
+        auth: Auth,
     ) -> Result<Self, LookupError> {
-        let connection = AttestedConnection::connect(ws, ws_config, move |attestation_message| {
-            Cdsi::new_handshake(params, attestation_message)
-        })
+        let connection = ConnectState::connect_attested_ws(
+            connect,
+            route_provider,
+            auth,
+            resolver,
+            confirmation_header_name,
+            ws_config,
+            move |attestation_message| Cdsi::new_handshake(params, attestation_message),
+        )
         .await?;
         Ok(Self(connection))
     }
diff --git a/rust/net/src/connect_state.rs b/rust/net/src/connect_state.rs
new file mode 100644
index 000000000..b1cb11488
--- /dev/null
+++ b/rust/net/src/connect_state.rs
@@ -0,0 +1,133 @@
+//
+// Copyright 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+
+use std::default::Default;
+use std::ops::ControlFlow;
+
+use http::HeaderName;
+use libsignal_net_infra::connection_manager::{ErrorClass, ErrorClassifier as _};
+use libsignal_net_infra::dns::DnsResolver;
+use libsignal_net_infra::route::{
+    ComposedConnector, ConnectError, ConnectionOutcomeParams, ConnectionOutcomes, Connector,
+    HttpRouteFragment, RouteProvider, RouteProviderExt as _, RouteResolver,
+    StatelessTransportConnector, TransportRoute, UnresolvedWebsocketServiceRoute,
+    WebSocketRouteFragment, WebSocketServiceRoute,
+};
+use libsignal_net_infra::ws2::attested::AttestedConnection;
+use libsignal_net_infra::AsHttpHeader as _;
+use tokio::time::Instant;
+
+use crate::auth::Auth;
+use crate::ws::WebSocketServiceConnectError;
+
+/// Endpoint-agnostic state for establishing a connection with
+/// [`crate::infra::route::connect`].
+pub struct ConnectState {
+    pub route_resolver: RouteResolver,
+    /// Transport-level connector used for all connections.
+    transport_connector: StatelessTransportConnector,
+    /// Record of connection outcomes.
+    attempts_record: ConnectionOutcomes<WebSocketServiceRoute>,
+}
+
+/// The type of connection produced by [`StatelessTransportConnector`].
+///
+/// Extracted as a type alias for readability.
+type StatelessTransportConnection =
+    <StatelessTransportConnector as Connector<TransportRoute, ()>>::Connection;
+
+impl ConnectState {
+    pub fn new(connect_params: ConnectionOutcomeParams) -> tokio::sync::RwLock<Self> {
+        Self {
+            route_resolver: RouteResolver::default(),
+            transport_connector: StatelessTransportConnector::default(),
+            attempts_record: ConnectionOutcomes::new(connect_params),
+        }
+        .into()
+    }
+
+    pub async fn connect_ws<WC, E>(
+        this: &tokio::sync::RwLock<Self>,
+        routes: impl RouteProvider<Route = UnresolvedWebsocketServiceRoute>,
+        ws_connector: WC,
+        resolver: &DnsResolver,
+        confirmation_header_name: Option<&HeaderName>,
+        mut on_error: impl FnMut(WebSocketServiceConnectError) -> ControlFlow<E>,
+    ) -> Result<WC::Connection, ConnectError<E>>
+    where
+        WC: Connector<
+                (WebSocketRouteFragment, HttpRouteFragment),
+                StatelessTransportConnection,
+                Error = tungstenite::Error,
+            > + Send
+            + Sync,
+    {
+        let connect_read = this.read().await;
+
+        let (result, updates) = crate::infra::route::connect(
+            &connect_read.route_resolver,
+            &connect_read.attempts_record,
+            routes,
+            resolver,
+            ComposedConnector::new(ws_connector, &connect_read.transport_connector),
+            |error| {
+                let error = WebSocketServiceConnectError::from_websocket_error(
+                    error,
+                    confirmation_header_name,
+                    Instant::now(),
+                );
+                on_error(error)
+            },
+        )
+        .await;
+
+        this.write()
+            .await
+            .attempts_record
+            .apply_outcome_updates(updates.outcomes, updates.finished_at);
+
+        result
+    }
+
+    pub(crate) async fn connect_attested_ws(
+        connect: &tokio::sync::RwLock<ConnectState>,
+        routes: impl RouteProvider<Route = UnresolvedWebsocketServiceRoute>,
+        auth: Auth,
+        resolver: &DnsResolver,
+        confirmation_header_name: Option<HeaderName>,
+        ws_config: libsignal_net_infra::ws2::Config,
+        new_handshake: impl FnOnce(&[u8]) -> Result<attest::enclave::Handshake, attest::enclave::Error>,
+    ) -> Result<AttestedConnection, crate::enclave::Error> {
+        let ws_routes = routes.map_routes(|mut route| {
+            route.fragment.headers.extend([auth.as_header()]);
+            route
+        });
+
+        let ws = ConnectState::connect_ws(
+            connect,
+            ws_routes,
+            crate::infra::ws::Stateless,
+            resolver,
+            confirmation_header_name.as_ref(),
+            |error| match error.classify() {
+                ErrorClass::Intermittent => ControlFlow::Continue(()),
+                ErrorClass::RetryAt(_) | ErrorClass::Fatal => {
+                    ControlFlow::Break(crate::enclave::Error::WebSocketConnect(error))
+                }
+            },
+        )
+        .await
+        .map_err(|e| match e {
+            ConnectError::NoResolvedRoutes | ConnectError::AllAttemptsFailed => {
+                crate::enclave::Error::ConnectionTimedOut
+            }
+            ConnectError::FatalConnect(e) => e,
+        })?;
+
+        AttestedConnection::connect(ws, ws_config, new_handshake)
+            .await
+            .map_err(Into::into)
+    }
+}
diff --git a/rust/net/src/enclave.rs b/rust/net/src/enclave.rs
index eea1ef366..dddc7a935 100644
--- a/rust/net/src/enclave.rs
+++ b/rust/net/src/enclave.rs
@@ -270,6 +270,12 @@ impl From<AttestedConnectionError> for Error {
     }
 }
 
+impl<E: EnclaveKind, C> EnclaveEndpointConnection<E, C> {
+    pub fn ws2_config(&self) -> libsignal_net_infra::ws2::Config {
+        self.endpoint_connection.config.ws2_config()
+    }
+}
+
 impl<E: EnclaveKind + NewHandshake, C: ConnectionManager> EnclaveEndpointConnection<E, C> {
     pub(crate) async fn connect<S: AsyncDuplexStream, T: TransportConnector<Stream = S>>(
         &self,
diff --git a/rust/net/src/lib.rs b/rust/net/src/lib.rs
index 4c458b463..852b33911 100644
--- a/rust/net/src/lib.rs
+++ b/rust/net/src/lib.rs
@@ -7,6 +7,7 @@ pub mod auth;
 pub mod cdsi;
 pub mod certs;
 pub mod chat;
+pub mod connect_state;
 pub mod enclave;
 pub mod env;
 pub mod keytrans;

From 212482772347080026e51b3412e2ab120855b8f1 Mon Sep 17 00:00:00 2001
From: Alex Konradi <akonradi@signal.org>
Date: Fri, 15 Nov 2024 16:52:11 -0500
Subject: [PATCH 08/57] Mark returned cancellable Promises in TS

---
 node/Native.d.ts                      | 56 ++++++++++++++-------------
 node/ts/net.ts                        |  8 +---
 rust/bridge/node/bin/Native.d.ts.in   |  4 ++
 rust/bridge/node/bin/gen_ts_decl.py   |  4 ++
 rust/bridge/shared/macros/src/node.rs |  8 ++--
 5 files changed, 44 insertions(+), 36 deletions(-)

diff --git a/node/Native.d.ts b/node/Native.d.ts
index db5894df8..4329c2260 100644
--- a/node/Native.d.ts
+++ b/node/Native.d.ts
@@ -135,6 +135,10 @@ interface MessageBackupValidationOutcome {
   unknownFieldMessages: Array<string>;
 }
 
+interface CancellablePromise<T> extends Promise<T> {
+  _cancellationToken: bigint
+}
+
 // eslint-disable-next-line @typescript-eslint/no-unused-vars
 type Serialized<T> = Buffer;
 
@@ -190,21 +194,21 @@ export function CallLinkSecretParams_DecryptUserId(paramsBytes: Buffer, userId:
 export function CallLinkSecretParams_DeriveFromRootKey(rootKey: Buffer): Buffer;
 export function CallLinkSecretParams_GetPublicParams(paramsBytes: Buffer): Buffer;
 export function Cds2ClientState_New(mrenclave: Buffer, attestationMsg: Buffer, currentTimestamp: Timestamp): SgxClientState;
-export function CdsiLookup_complete(asyncRuntime: Wrapper<TokioAsyncContext>, lookup: Wrapper<CdsiLookup>): Promise<LookupResponse>;
-export function CdsiLookup_new(asyncRuntime: Wrapper<TokioAsyncContext>, connectionManager: Wrapper<ConnectionManager>, username: string, password: string, request: Wrapper<LookupRequest>): Promise<CdsiLookup>;
+export function CdsiLookup_complete(asyncRuntime: Wrapper<TokioAsyncContext>, lookup: Wrapper<CdsiLookup>): CancellablePromise<LookupResponse>;
+export function CdsiLookup_new(asyncRuntime: Wrapper<TokioAsyncContext>, connectionManager: Wrapper<ConnectionManager>, username: string, password: string, request: Wrapper<LookupRequest>): CancellablePromise<CdsiLookup>;
 export function CdsiLookup_token(lookup: Wrapper<CdsiLookup>): Buffer;
 export function ChatService_SetListenerAuth(runtime: Wrapper<TokioAsyncContext>, chat: Wrapper<AuthChat>, listener: ChatListener | null): void;
 export function ChatService_SetListenerUnauth(runtime: Wrapper<TokioAsyncContext>, chat: Wrapper<UnauthChat>, listener: ChatListener | null): void;
-export function ChatService_auth_send(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<AuthChat>, httpRequest: Wrapper<HttpRequest>, timeoutMillis: number): Promise<ChatResponse>;
-export function ChatService_auth_send_and_debug(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<AuthChat>, httpRequest: Wrapper<HttpRequest>, timeoutMillis: number): Promise<ResponseAndDebugInfo>;
-export function ChatService_connect_auth(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<AuthChat>): Promise<ChatServiceDebugInfo>;
-export function ChatService_connect_unauth(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<UnauthChat>): Promise<ChatServiceDebugInfo>;
-export function ChatService_disconnect_auth(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<AuthChat>): Promise<void>;
-export function ChatService_disconnect_unauth(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<UnauthChat>): Promise<void>;
+export function ChatService_auth_send(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<AuthChat>, httpRequest: Wrapper<HttpRequest>, timeoutMillis: number): CancellablePromise<ChatResponse>;
+export function ChatService_auth_send_and_debug(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<AuthChat>, httpRequest: Wrapper<HttpRequest>, timeoutMillis: number): CancellablePromise<ResponseAndDebugInfo>;
+export function ChatService_connect_auth(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<AuthChat>): CancellablePromise<ChatServiceDebugInfo>;
+export function ChatService_connect_unauth(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<UnauthChat>): CancellablePromise<ChatServiceDebugInfo>;
+export function ChatService_disconnect_auth(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<AuthChat>): CancellablePromise<void>;
+export function ChatService_disconnect_unauth(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<UnauthChat>): CancellablePromise<void>;
 export function ChatService_new_auth(connectionManager: Wrapper<ConnectionManager>, username: string, password: string, receiveStories: boolean): AuthChat;
 export function ChatService_new_unauth(connectionManager: Wrapper<ConnectionManager>): UnauthChat;
-export function ChatService_unauth_send(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<UnauthChat>, httpRequest: Wrapper<HttpRequest>, timeoutMillis: number): Promise<ChatResponse>;
-export function ChatService_unauth_send_and_debug(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<UnauthChat>, httpRequest: Wrapper<HttpRequest>, timeoutMillis: number): Promise<ResponseAndDebugInfo>;
+export function ChatService_unauth_send(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<UnauthChat>, httpRequest: Wrapper<HttpRequest>, timeoutMillis: number): CancellablePromise<ChatResponse>;
+export function ChatService_unauth_send_and_debug(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<UnauthChat>, httpRequest: Wrapper<HttpRequest>, timeoutMillis: number): CancellablePromise<ResponseAndDebugInfo>;
 export function CiphertextMessage_FromPlaintextContent(m: Wrapper<PlaintextContent>): CiphertextMessage;
 export function CiphertextMessage_Serialize(obj: Wrapper<CiphertextMessage>): Buffer;
 export function CiphertextMessage_Type(msg: Wrapper<CiphertextMessage>): number;
@@ -445,7 +449,7 @@ export function ServerCertificate_GetKeyId(obj: Wrapper<ServerCertificate>): num
 export function ServerCertificate_GetSerialized(obj: Wrapper<ServerCertificate>): Buffer;
 export function ServerCertificate_GetSignature(obj: Wrapper<ServerCertificate>): Buffer;
 export function ServerCertificate_New(keyId: number, serverKey: Wrapper<PublicKey>, trustRoot: Wrapper<PrivateKey>): ServerCertificate;
-export function ServerMessageAck_SendStatus(asyncRuntime: Wrapper<TokioAsyncContext>, ack: Wrapper<ServerMessageAck>, status: number): Promise<void>;
+export function ServerMessageAck_SendStatus(asyncRuntime: Wrapper<TokioAsyncContext>, ack: Wrapper<ServerMessageAck>, status: number): CancellablePromise<void>;
 export function ServerPublicParams_CreateAuthCredentialWithPniPresentationDeterministic(serverPublicParams: Wrapper<ServerPublicParams>, randomness: Buffer, groupSecretParams: Serialized<GroupSecretParams>, authCredentialWithPniBytes: Buffer): Buffer;
 export function ServerPublicParams_CreateExpiringProfileKeyCredentialPresentationDeterministic(serverPublicParams: Wrapper<ServerPublicParams>, randomness: Buffer, groupSecretParams: Serialized<GroupSecretParams>, profileKeyCredential: Serialized<ExpiringProfileKeyCredential>): Buffer;
 export function ServerPublicParams_CreateProfileKeyCredentialRequestContextDeterministic(serverPublicParams: Wrapper<ServerPublicParams>, randomness: Buffer, userId: Buffer, profileKey: Serialized<ProfileKey>): Serialized<ProfileKeyCredentialRequestContext>;
@@ -505,11 +509,11 @@ export function SignedPreKeyRecord_GetSignature(obj: Wrapper<SignedPreKeyRecord>
 export function SignedPreKeyRecord_GetTimestamp(obj: Wrapper<SignedPreKeyRecord>): Timestamp;
 export function SignedPreKeyRecord_New(id: number, timestamp: Timestamp, pubKey: Wrapper<PublicKey>, privKey: Wrapper<PrivateKey>, signature: Buffer): SignedPreKeyRecord;
 export function SignedPreKeyRecord_Serialize(obj: Wrapper<SignedPreKeyRecord>): Buffer;
-export function Svr3Backup(asyncRuntime: Wrapper<TokioAsyncContext>, connectionManager: Wrapper<ConnectionManager>, secret: Buffer, password: string, maxTries: number, username: string, enclavePassword: string): Promise<Buffer>;
-export function Svr3Remove(asyncRuntime: Wrapper<TokioAsyncContext>, connectionManager: Wrapper<ConnectionManager>, username: string, enclavePassword: string): Promise<void>;
-export function Svr3Restore(asyncRuntime: Wrapper<TokioAsyncContext>, connectionManager: Wrapper<ConnectionManager>, password: string, shareSet: Buffer, username: string, enclavePassword: string): Promise<Buffer>;
+export function Svr3Backup(asyncRuntime: Wrapper<TokioAsyncContext>, connectionManager: Wrapper<ConnectionManager>, secret: Buffer, password: string, maxTries: number, username: string, enclavePassword: string): CancellablePromise<Buffer>;
+export function Svr3Remove(asyncRuntime: Wrapper<TokioAsyncContext>, connectionManager: Wrapper<ConnectionManager>, username: string, enclavePassword: string): CancellablePromise<void>;
+export function Svr3Restore(asyncRuntime: Wrapper<TokioAsyncContext>, connectionManager: Wrapper<ConnectionManager>, password: string, shareSet: Buffer, username: string, enclavePassword: string): CancellablePromise<Buffer>;
 export function TESTING_CdsiLookupErrorConvert(errorDescription: string): void;
-export function TESTING_CdsiLookupResponseConvert(asyncRuntime: Wrapper<TokioAsyncContext>): Promise<LookupResponse>;
+export function TESTING_CdsiLookupResponseConvert(asyncRuntime: Wrapper<TokioAsyncContext>): CancellablePromise<LookupResponse>;
 export function TESTING_ChatRequestGetBody(request: Wrapper<HttpRequest>): Buffer;
 export function TESTING_ChatRequestGetHeaderValue(request: Wrapper<HttpRequest>, headerName: string): string;
 export function TESTING_ChatRequestGetMethod(request: Wrapper<HttpRequest>): string;
@@ -523,30 +527,30 @@ export function TESTING_ChatService_InjectIntentionalDisconnect(chat: Wrapper<Au
 export function TESTING_ChatService_InjectRawServerRequest(chat: Wrapper<AuthChat>, bytes: Buffer): void;
 export function TESTING_ConnectionManager_newLocalOverride(userAgent: string, chatPort: number, cdsiPort: number, svr2Port: number, svr3SgxPort: number, svr3NitroPort: number, svr3Tpm2SnpPort: number, rootCertificateDer: Buffer): ConnectionManager;
 export function TESTING_ErrorOnBorrowAsync(_input: null): Promise<void>;
-export function TESTING_ErrorOnBorrowIo(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, _input: null): Promise<void>;
+export function TESTING_ErrorOnBorrowIo(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, _input: null): CancellablePromise<void>;
 export function TESTING_ErrorOnBorrowSync(_input: null): void;
 export function TESTING_ErrorOnReturnAsync(_needsCleanup: null): Promise<null>;
-export function TESTING_ErrorOnReturnIo(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, _needsCleanup: null): Promise<null>;
+export function TESTING_ErrorOnReturnIo(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, _needsCleanup: null): CancellablePromise<null>;
 export function TESTING_ErrorOnReturnSync(_needsCleanup: null): null;
-export function TESTING_FutureFailure(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, _input: number): Promise<number>;
-export function TESTING_FutureProducesOtherPointerType(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, input: string): Promise<OtherTestingHandleType>;
-export function TESTING_FutureProducesPointerType(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, input: number): Promise<TestingHandleType>;
-export function TESTING_FutureSuccess(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, input: number): Promise<number>;
+export function TESTING_FutureFailure(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, _input: number): CancellablePromise<number>;
+export function TESTING_FutureProducesOtherPointerType(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, input: string): CancellablePromise<OtherTestingHandleType>;
+export function TESTING_FutureProducesPointerType(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, input: number): CancellablePromise<TestingHandleType>;
+export function TESTING_FutureSuccess(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, input: number): CancellablePromise<number>;
 export function TESTING_InputStreamReadIntoZeroLengthSlice(capsAlphabetInput: InputStream): Promise<Buffer>;
 export function TESTING_NonSuspendingBackgroundThreadRuntime_New(): NonSuspendingBackgroundThreadRuntime;
-export function TESTING_OnlyCompletesByCancellation(asyncRuntime: Wrapper<TokioAsyncContext>): Promise<void>;
+export function TESTING_OnlyCompletesByCancellation(asyncRuntime: Wrapper<TokioAsyncContext>): CancellablePromise<void>;
 export function TESTING_OtherTestingHandleType_getValue(handle: Wrapper<OtherTestingHandleType>): string;
 export function TESTING_PanicInBodyAsync(_input: null): Promise<void>;
-export function TESTING_PanicInBodyIo(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, _input: null): Promise<void>;
+export function TESTING_PanicInBodyIo(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, _input: null): CancellablePromise<void>;
 export function TESTING_PanicInBodySync(_input: null): void;
 export function TESTING_PanicOnBorrowAsync(_input: null): Promise<void>;
-export function TESTING_PanicOnBorrowIo(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, _input: null): Promise<void>;
+export function TESTING_PanicOnBorrowIo(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, _input: null): CancellablePromise<void>;
 export function TESTING_PanicOnBorrowSync(_input: null): void;
 export function TESTING_PanicOnLoadAsync(_needsCleanup: null, _input: null): Promise<void>;
-export function TESTING_PanicOnLoadIo(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, _needsCleanup: null, _input: null): Promise<void>;
+export function TESTING_PanicOnLoadIo(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, _needsCleanup: null, _input: null): CancellablePromise<void>;
 export function TESTING_PanicOnLoadSync(_needsCleanup: null, _input: null): void;
 export function TESTING_PanicOnReturnAsync(_needsCleanup: null): Promise<null>;
-export function TESTING_PanicOnReturnIo(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, _needsCleanup: null): Promise<null>;
+export function TESTING_PanicOnReturnIo(asyncRuntime: Wrapper<NonSuspendingBackgroundThreadRuntime>, _needsCleanup: null): CancellablePromise<null>;
 export function TESTING_PanicOnReturnSync(_needsCleanup: null): null;
 export function TESTING_ProcessBytestringArray(input: Buffer[]): Buffer[];
 export function TESTING_ReturnStringArray(): string[];
diff --git a/node/ts/net.ts b/node/ts/net.ts
index adee8ce7d..fcc397db0 100644
--- a/node/ts/net.ts
+++ b/node/ts/net.ts
@@ -81,13 +81,9 @@ export class TokioAsyncContext {
 
   makeCancellable<T>(
     abortSignal: AbortSignal | undefined,
-    promise: Promise<T>
+    promise: Native.CancellablePromise<T>
   ): Promise<T> {
-    if (
-      abortSignal !== undefined &&
-      '_cancellationToken' in promise &&
-      typeof promise._cancellationToken === 'bigint'
-    ) {
+    if (abortSignal !== undefined) {
       const cancellationToken = promise._cancellationToken;
       const cancel = () => {
         Native.TokioAsyncContext_cancel(this, cancellationToken);
diff --git a/rust/bridge/node/bin/Native.d.ts.in b/rust/bridge/node/bin/Native.d.ts.in
index b1417fcc4..a41ba46f3 100644
--- a/rust/bridge/node/bin/Native.d.ts.in
+++ b/rust/bridge/node/bin/Native.d.ts.in
@@ -135,6 +135,10 @@ interface MessageBackupValidationOutcome {
   unknownFieldMessages: Array<string>;
 }
 
+interface CancellablePromise<T> extends Promise<T> {
+  _cancellationToken: bigint
+}
+
 // eslint-disable-next-line @typescript-eslint/no-unused-vars
 type Serialized<T> = Buffer;
 
diff --git a/rust/bridge/node/bin/gen_ts_decl.py b/rust/bridge/node/bin/gen_ts_decl.py
index 53ebf231b..1c3647a68 100755
--- a/rust/bridge/node/bin/gen_ts_decl.py
+++ b/rust/bridge/node/bin/gen_ts_decl.py
@@ -136,6 +136,10 @@ def translate_to_ts(typ: str) -> str:
         assert typ.endswith('>')
         return 'Promise<' + translate_to_ts(typ[8:-1]) + '>'
 
+    if typ.startswith('CancellablePromise<'):
+        assert typ.endswith('>')
+        return 'CancellablePromise<' + translate_to_ts(typ[19:-1]) + '>'
+
     if typ.startswith('AsType<'):
         assert typ.endswith('>')
         assert ',' in typ
diff --git a/rust/bridge/shared/macros/src/node.rs b/rust/bridge/shared/macros/src/node.rs
index 41965a42b..8279cca4c 100644
--- a/rust/bridge/shared/macros/src/node.rs
+++ b/rust/bridge/shared/macros/src/node.rs
@@ -230,10 +230,10 @@ fn generate_ts_signature_comment(
             .map(|arg| arg.to_token_stream().to_string()),
     );
 
-    let result_type_format = if sig.asyncness.is_some() {
-        |ty| format!("Promise<{}>", ty)
-    } else {
-        |ty| format!("{}", ty)
+    let result_type_format = match (sig.asyncness, bridging_kind) {
+        (Some(_), BridgingKind::Io { .. }) => |ty| format!("CancellablePromise<{}>", ty),
+        (Some(_), _) => |ty| format!("Promise<{}>", ty),
+        (None, _) => |ty| format!("{}", ty),
     };
     let result_type_str = result_type_format(result_type(&sig.output));
 

From 06b85159b8850cad5a8863840255181dbc76018e Mon Sep 17 00:00:00 2001
From: moiseev-signal <122060238+moiseev-signal@users.noreply.github.com>
Date: Fri, 15 Nov 2024 14:24:03 -0800
Subject: [PATCH 09/57] keytrans: Retire TreeSearchRequest/TreeSearchResponse
 protos

---
 rust/keytrans/benches/verify.rs               |  30 ++++-
 ...e.dat => kt-search-response-condensed.dat} | Bin 107410 -> 107249 bytes
 rust/keytrans/src/lib.rs                      |  34 +++--
 rust/keytrans/src/proto/wire.proto            |  17 ---
 rust/keytrans/src/verify.rs                   | 126 ++++++++++++------
 rust/net/src/keytrans.rs                      |  81 ++++-------
 6 files changed, 156 insertions(+), 132 deletions(-)
 rename rust/keytrans/res/{kt-search-response.dat => kt-search-response-condensed.dat} (99%)

diff --git a/rust/keytrans/benches/verify.rs b/rust/keytrans/benches/verify.rs
index af943e8be..b9fc90bce 100644
--- a/rust/keytrans/benches/verify.rs
+++ b/rust/keytrans/benches/verify.rs
@@ -8,8 +8,8 @@ use std::time::{Duration, SystemTime};
 use criterion::{criterion_group, criterion_main, Criterion};
 use hex_literal::hex;
 use libsignal_keytrans::{
-    DeploymentMode, KeyTransparency, PublicConfig, SearchContext, SlimSearchRequest,
-    TreeSearchResponse, VerifyingKey, VrfPublicKey,
+    CondensedTreeSearchResponse, DeploymentMode, FullSearchResponse, FullTreeHead, KeyTransparency,
+    PublicConfig, SearchContext, SlimSearchRequest, VerifyingKey, VrfPublicKey,
 };
 use prost::Message as _;
 
@@ -31,10 +31,30 @@ fn bench_verify_search(c: &mut Criterion) {
         search_key: [b"a", aci.as_bytes().as_slice()].concat(),
         version: None,
     };
-    let response = {
-        let bytes = include_bytes!("../res/kt-search-response.dat");
-        TreeSearchResponse::decode(bytes.as_slice()).unwrap()
+    let condensed_response = {
+        let bytes = include_bytes!("../res/kt-search-response-condensed.dat");
+        CondensedTreeSearchResponse::decode(bytes.as_slice()).unwrap()
     };
+    let response_tree_head = FullTreeHead::decode(
+        hex!(
+            "0a4c08f23710bbd4dfb897321a40385a"
+            "2eee61b2a0ef463251e8f0301389c3a3"
+            "34a0146bc6f2cb9b35938d9c16ba9922"
+            "3a651e963fab86e64e02484e49b5718d"
+            "d826aafe7c3e38dfe53226220603224e"
+            "0a4c08f23710e1d4e0b897321a40a973"
+            "dd2f6a412287f93b051bd7a5da9dc99b"
+            "61d86db8a25c861934e00ee6895097b5"
+            "5272f5f71de8b610b5da0b49fc263e0c"
+            "5e33cd3de26d3a9f98fd5d2aae06")
+        .as_slice(),
+    )
+    .expect("valid test full tree head");
+    let response = FullSearchResponse {
+        condensed: condensed_response,
+        tree_head: &response_tree_head,
+    };
+
     let valid_at = SystemTime::UNIX_EPOCH + Duration::from_secs(1724279958);
     let kt = KeyTransparency {
         config: PublicConfig {
diff --git a/rust/keytrans/res/kt-search-response.dat b/rust/keytrans/res/kt-search-response-condensed.dat
similarity index 99%
rename from rust/keytrans/res/kt-search-response.dat
rename to rust/keytrans/res/kt-search-response-condensed.dat
index 747d69cc8857c72b9723fe022614319add254ac8..d76ed882f3636fe2bb94cb7861352ded98f4eddf 100644
GIT binary patch
delta 45
zcmV+|0Mh@G#|H7m1_26@qEP`7f%LWX0cN5T8W0O!avWWF6I>wdz-V3Khg>3;ZKDAt
Don8^5

delta 220
zcmV<203-kL#Rihc27d~k0SZhA@;4B>)Ze(5G8#ZQS}yKkvY_uqGEwO8FcXQxqcort
zYsT`+n>CY-oEEy7B06OrmOrb8=1u}gPD!<Kjo2ot{(L?--{mqUA_fB@P6|v2@;4CS
z)Zn<6G8#asbKNg$K_Z9wI|UoprP`gzn_<{(xT0K!88qMy<|Bzvm$g!I_4gg<wh*=2
z3rYMYJ`7$n%{}66I-i*RT`H~y5|IH>2O8tV1_;_Kvw<Q!A%m46x0N9QB!Lqm5DQ*%
W99?)5Tp;YgXkFrmTq>8$q5&nvvtQl-

diff --git a/rust/keytrans/src/lib.rs b/rust/keytrans/src/lib.rs
index 8802439a2..511354a27 100644
--- a/rust/keytrans/src/lib.rs
+++ b/rust/keytrans/src/lib.rs
@@ -22,7 +22,7 @@ pub use ed25519_dalek::VerifyingKey;
 pub use proto::{
     CondensedTreeSearchResponse, DistinguishedResponse as ChatDistinguishedResponse, FullTreeHead,
     MonitorRequest, MonitorResponse, SearchResponse as ChatSearchResponse, StoredMonitoringData,
-    StoredTreeHead, TreeHead, TreeSearchRequest, TreeSearchResponse, UpdateRequest, UpdateResponse,
+    StoredTreeHead, TreeHead, UpdateRequest, UpdateResponse,
 };
 pub use verify::Error;
 use verify::{
@@ -145,16 +145,22 @@ impl SlimSearchRequest {
     }
 }
 
-impl From<TreeSearchRequest> for SlimSearchRequest {
-    fn from(request: TreeSearchRequest) -> Self {
-        let TreeSearchRequest {
-            search_key,
-            version,
-            ..
-        } = request;
+/// Self-sufficient key transparency search response.
+///
+/// In order to produce a consistent result chat server returns three [`CondensedTreeSearchResponse`]
+/// with a single [`FullTreeHead`], however each such response is individually verifiable. This type
+/// re-creates the original self-sufficient search response.
+#[derive(Clone, Debug)]
+pub struct FullSearchResponse<'a> {
+    pub condensed: CondensedTreeSearchResponse,
+    pub tree_head: &'a FullTreeHead,
+}
+
+impl<'a> FullSearchResponse<'a> {
+    pub fn new(condensed: CondensedTreeSearchResponse, tree_head: &'a FullTreeHead) -> Self {
         Self {
-            search_key,
-            version,
+            condensed,
+            tree_head,
         }
     }
 }
@@ -172,12 +178,12 @@ impl KeyTransparency {
     pub fn verify_search(
         &self,
         request: SlimSearchRequest,
-        response: TreeSearchResponse,
+        response: FullSearchResponse,
         context: SearchContext,
         force_monitor: bool,
         now: SystemTime,
     ) -> Result<VerifiedSearchResult, verify::Error> {
-        let unverified_value = response.value.as_ref().map(|v| v.value.clone());
+        let unverified_value = response.condensed.value.as_ref().map(|v| v.value.clone());
         let state_update =
             verify_search(&self.config, request, response, context, force_monitor, now)?;
         Ok(VerifiedSearchResult {
@@ -210,8 +216,8 @@ impl KeyTransparency {
     /// Most validation is skipped so the SearchResponse MUST already be verified.
     pub fn truncate_search_response(
         &self,
-        request: &TreeSearchRequest,
-        response: &TreeSearchResponse,
+        request: &SlimSearchRequest,
+        response: &FullSearchResponse,
     ) -> Result<(u64, [u8; 32]), verify::Error> {
         truncate_search_response(&self.config, request, response)
     }
diff --git a/rust/keytrans/src/proto/wire.proto b/rust/keytrans/src/proto/wire.proto
index 2c64a50ca..a22a1652b 100644
--- a/rust/keytrans/src/proto/wire.proto
+++ b/rust/keytrans/src/proto/wire.proto
@@ -62,23 +62,6 @@ message Consistency {
   optional uint64 distinguished = 2;
 }
 
-// TreeSearchRequest comes from a user that wishes to lookup a key.
-message TreeSearchRequest {
-  bytes search_key = 1;
-  optional uint32 version = 2;
-  Consistency consistency = 3;
-}
-
-// TreeSearchResponse is the output of executing a search on the tree.
-message TreeSearchResponse {
-  FullTreeHead tree_head = 1;
-  bytes vrf_proof = 2;
-  SearchProof search = 3;
-
-  bytes opening = 4;
-  UpdateValue value = 5;
-}
-
 message CondensedTreeSearchResponse {
   /**
    * A proof that is combined with the original requested identifier and the VRF public key
diff --git a/rust/keytrans/src/verify.rs b/rust/keytrans/src/verify.rs
index 715446d42..b3efc4f9e 100644
--- a/rust/keytrans/src/verify.rs
+++ b/rust/keytrans/src/verify.rs
@@ -15,8 +15,8 @@ use crate::log::{evaluate_batch_proof, truncate_batch_proof, verify_consistency_
 use crate::prefix::{evaluate as evaluate_prefix, MalformedProof};
 use crate::proto::*;
 use crate::{
-    guide, log, vrf, DeploymentMode, LastTreeHead, LocalStateUpdate, MonitorContext,
-    MonitoringData, PublicConfig, SearchContext, SlimSearchRequest,
+    guide, log, vrf, DeploymentMode, FullSearchResponse, LastTreeHead, LocalStateUpdate,
+    MonitorContext, MonitoringData, PublicConfig, SearchContext, SlimSearchRequest,
 };
 
 /// The range of allowed timestamp values relative to "now".
@@ -366,7 +366,7 @@ fn evaluate_vrf_proof(
 fn verify_search_internal(
     config: &PublicConfig,
     req: SlimSearchRequest,
-    res: TreeSearchResponse,
+    res: FullSearchResponse,
     context: SearchContext,
     monitor: bool,
     now: SystemTime,
@@ -376,18 +376,20 @@ fn verify_search_internal(
         search_key,
         version,
     } = req;
-    let TreeSearchResponse {
-        tree_head,
-        vrf_proof,
-        search,
-        opening,
-        value,
+    let FullSearchResponse {
+        condensed:
+            CondensedTreeSearchResponse {
+                vrf_proof,
+                search,
+                opening,
+                value,
+            },
+        tree_head: full_tree_head,
     } = res;
 
     let index = evaluate_vrf_proof(&vrf_proof, &config.vrf_key, &search_key)?;
 
     // Evaluate the search proof.
-    let full_tree_head = get_proto_field(&tree_head)?;
     let tree_size = {
         let tree_head = get_proto_field(&full_tree_head.tree_head)?;
         tree_head.tree_size
@@ -499,7 +501,7 @@ fn verify_search_internal(
 pub fn verify_search(
     config: &PublicConfig,
     req: SlimSearchRequest,
-    res: TreeSearchResponse,
+    res: FullSearchResponse,
     context: SearchContext,
     force_monitor: bool,
     now: SystemTime,
@@ -516,21 +518,29 @@ pub fn verify_update(
     context: SearchContext,
     now: SystemTime,
 ) -> Result<LocalStateUpdate> {
+    let UpdateResponse {
+        tree_head,
+        vrf_proof,
+        search,
+        opening,
+    } = res;
     verify_search_internal(
         config,
         SlimSearchRequest {
             search_key: req.search_key.clone(),
             version: None,
         },
-        TreeSearchResponse {
-            tree_head: res.tree_head.clone(),
-            vrf_proof: res.vrf_proof.clone(),
-            search: res.search.clone(),
-
-            opening: res.opening.clone(),
-            value: Some(UpdateValue {
-                value: req.value.clone(),
-            }),
+        FullSearchResponse {
+            condensed: CondensedTreeSearchResponse {
+                vrf_proof: vrf_proof.clone(),
+                search: search.clone(),
+
+                opening: opening.clone(),
+                value: Some(UpdateValue {
+                    value: req.value.clone(),
+                }),
+            },
+            tree_head: tree_head.as_ref().ok_or(Error::RequiredFieldMissing)?,
         },
         context,
         true,
@@ -857,22 +867,35 @@ impl MonitoringDataWrapper {
 /// Most validation is skipped so the TreeSearchResponse MUST already be verified.
 pub fn truncate_search_response(
     config: &PublicConfig,
-    req: &TreeSearchRequest,
-    res: &TreeSearchResponse,
+    req: &SlimSearchRequest,
+    res: &FullSearchResponse,
 ) -> Result<(u64, [u8; 32])> {
     // NOTE: Update this function in tandem with verify_search_internal.
+    let SlimSearchRequest {
+        search_key,
+        version,
+    } = req;
+    let FullSearchResponse {
+        condensed:
+            CondensedTreeSearchResponse {
+                vrf_proof,
+                search,
+                opening: _,
+                value: _,
+            },
+        tree_head: full_tree_head,
+    } = res;
 
-    let index = evaluate_vrf_proof(&res.vrf_proof, &config.vrf_key, &req.search_key)?;
+    let index = evaluate_vrf_proof(vrf_proof, &config.vrf_key, search_key)?;
 
     // Evaluate the SearchProof to find the terminal leaf.
-    let full_tree_head = get_proto_field(&res.tree_head)?;
     let tree_size = {
         let tree_head = get_proto_field(&full_tree_head.tree_head)?;
         tree_head.tree_size
     };
-    let search_proof = get_proto_field(&res.search)?;
+    let search_proof = get_proto_field(search)?;
 
-    let guide = ProofGuide::new(req.version, search_proof.pos, tree_size);
+    let guide = ProofGuide::new(*version, search_proof.pos, tree_size);
 
     let mut i = 0;
     let mut leaves = HashMap::new();
@@ -978,15 +1001,32 @@ mod test {
         ))
         .unwrap();
         let aci = uuid::uuid!("84fd7196-b3fa-4d4d-bbf8-8f1cdf2b7cea");
-        let request = TreeSearchRequest {
-            search_key: [b"a", aci.as_bytes().as_slice()].concat(),
-            version: None,
-            consistency: None,
+        let request = SlimSearchRequest::new([b"a", aci.as_bytes().as_slice()].concat());
+
+        let condensed_response = {
+            let bytes = include_bytes!("../res/kt-search-response-condensed.dat");
+            CondensedTreeSearchResponse::decode(bytes.as_slice()).unwrap()
         };
-        let response = {
-            let bytes = include_bytes!("../res/kt-search-response.dat");
-            TreeSearchResponse::decode(bytes.as_slice()).unwrap()
+        let response_tree_head = FullTreeHead::decode(
+            hex!(
+            "0a4c08f23710bbd4dfb897321a40385a"
+            "2eee61b2a0ef463251e8f0301389c3a3"
+            "34a0146bc6f2cb9b35938d9c16ba9922"
+            "3a651e963fab86e64e02484e49b5718d"
+            "d826aafe7c3e38dfe53226220603224e"
+            "0a4c08f23710e1d4e0b897321a40a973"
+            "dd2f6a412287f93b051bd7a5da9dc99b"
+            "61d86db8a25c861934e00ee6895097b5"
+            "5272f5f71de8b610b5da0b49fc263e0c"
+            "5e33cd3de26d3a9f98fd5d2aae06")
+            .as_slice(),
+        )
+        .expect("valid test full tree head");
+        let response = FullSearchResponse {
+            condensed: condensed_response,
+            tree_head: &response_tree_head,
         };
+
         let valid_at = SystemTime::UNIX_EPOCH + Duration::from_secs(1724279958);
         let config = PublicConfig {
             mode: DeploymentMode::ThirdPartyAuditing(auditor_key),
@@ -994,12 +1034,16 @@ mod test {
             vrf_key,
         };
 
-        let last_tree_head =
-            TreeHead {
-                tree_size: 7154,
-                timestamp: 1724279941691,
-                signature: hex!("385a2eee61b2a0ef463251e8f0301389c3a334a0146bc6f2cb9b35938d9c16ba99223a651e963fab86e64e02484e49b5718dd826aafe7c3e38dfe53226220603").to_vec(),
-            };
+        let last_tree_head = TreeHead {
+            tree_size: 7154,
+            timestamp: 1724279941691,
+            signature: hex!(
+                    "385a2eee61b2a0ef463251e8f0301389"
+                    "c3a334a0146bc6f2cb9b35938d9c16ba"
+                    "99223a651e963fab86e64e02484e49b5"
+                    "718dd826aafe7c3e38dfe53226220603")
+            .to_vec(),
+        };
         let last_root = hex!("1a7ff40e291a276bdcb63d97fe363edfc1c209971e06a806b82d16cbdcb38611");
         let expected_data_update = MonitoringData {
             index: hex!("28fb992ac153f6d44485cc242b5e4b0d51aa0f0b31548b1a65161feebbb8d84d"),
@@ -1008,7 +1052,7 @@ mod test {
             owned: true,
         };
         assert_matches!(
-            verify_search_internal(&config, request.clone().into(), response.clone(), SearchContext::default(), true, valid_at),
+            verify_search_internal(&config, request.clone(), response.clone(), SearchContext::default(), true, valid_at),
             Ok(update) => {
                 assert_eq!(update.tree_head, last_tree_head);
                 assert_eq!(update.tree_root, last_root);
@@ -1017,7 +1061,7 @@ mod test {
             }
         );
         assert_matches!(
-            verify_search_internal(&config, request.into(), response.clone(), SearchContext::default(), false, valid_at),
+            verify_search_internal(&config, request, response, SearchContext::default(), false, valid_at),
             Ok(update) => {
                 assert_eq!(update.tree_head, last_tree_head);
                 assert_eq!(update.tree_root, last_root);
diff --git a/rust/net/src/keytrans.rs b/rust/net/src/keytrans.rs
index 4da98fe4b..8cf265c4a 100644
--- a/rust/net/src/keytrans.rs
+++ b/rust/net/src/keytrans.rs
@@ -15,9 +15,9 @@ use http::header::{ACCEPT, CONTENT_TYPE};
 use http::uri::PathAndQuery;
 use libsignal_core::{Aci, E164};
 use libsignal_keytrans::{
-    ChatDistinguishedResponse, ChatSearchResponse, CondensedTreeSearchResponse, KeyTransparency,
-    LastTreeHead, LocalStateUpdate, MonitoringData, SearchContext, SlimSearchRequest,
-    StoredMonitoringData, StoredTreeHead, TreeSearchResponse, VerifiedSearchResult,
+    ChatDistinguishedResponse, ChatSearchResponse, CondensedTreeSearchResponse, FullSearchResponse,
+    FullTreeHead, KeyTransparency, LastTreeHead, LocalStateUpdate, MonitoringData, SearchContext,
+    SlimSearchRequest, StoredMonitoringData, StoredTreeHead, VerifiedSearchResult,
 };
 use libsignal_protocol::{IdentityKey, PublicKey};
 use prost::{DecodeError, Message};
@@ -107,59 +107,39 @@ impl TryFrom<chat::Response> for RawChatSerializedResponse {
     }
 }
 
+// Differs from [`ChatSearchResponse`] by establishing proper optionality of fields.
 struct TypedChatSearchResponse {
-    aci_search_response: TreeSearchResponse,
-    e164_search_response: Option<TreeSearchResponse>,
-    username_hash_search_response: Option<TreeSearchResponse>,
+    full_tree_head: FullTreeHead,
+    aci_search_response: CondensedTreeSearchResponse,
+    e164_search_response: Option<CondensedTreeSearchResponse>,
+    username_hash_search_response: Option<CondensedTreeSearchResponse>,
 }
 
 impl TryFrom<RawChatSerializedResponse> for TypedChatSearchResponse {
     type Error = Error;
 
     fn try_from(raw: RawChatSerializedResponse) -> Result<Self> {
-        let chat_search_response: ChatSearchResponse = raw
+        let ChatSearchResponse {
+            tree_head,
+            aci,
+            e164,
+            username_hash,
+        } = raw
             .serialized_response
             .ok_or(Error::InvalidResponse("serializedResponse is missing"))
             .and_then(decode_response)?;
 
-        let common_tree_head = chat_search_response
-            .tree_head
-            .ok_or(Error::InvalidResponse("must have TreeHead"))?;
-
-        // Chat server strips the tree heads from individual search responses
-        // and sends a single tree head in a top-level field.
-        // libsignal-keytrans, however, operates on individual responses,
-        // therefore to match the two we need to repopulate the tree head value.
-        let prepare_full_response = |condensed: CondensedTreeSearchResponse| -> TreeSearchResponse {
-            let CondensedTreeSearchResponse {
-                vrf_proof,
-                search,
-                opening,
-                value,
-            } = condensed;
-            TreeSearchResponse {
-                tree_head: Some(common_tree_head.clone()),
-                vrf_proof,
-                search,
-                opening,
-                value,
-            }
-        };
-
-        let aci_search_response = chat_search_response
-            .aci
-            .map(prepare_full_response)
-            .ok_or(Error::InvalidResponse("must have ACI search response"))?;
+        let tree_head = tree_head.ok_or(Error::InvalidResponse("must contain the tree head"))?;
 
-        let e164_search_response = chat_search_response.e164.map(prepare_full_response);
+        let aci_search_response = aci.ok_or(Error::InvalidResponse(
+            "must contain the ACI search response",
+        ))?;
 
-        let username_hash_search_response = chat_search_response
-            .username_hash
-            .map(prepare_full_response);
         Ok(Self {
+            full_tree_head: tree_head,
             aci_search_response,
-            e164_search_response,
-            username_hash_search_response,
+            e164_search_response: e164,
+            username_hash_search_response: username_hash,
         })
     }
 }
@@ -408,6 +388,8 @@ impl<'a> Kt<'a> {
                 (Some(request), Some(response)) => {
                     let data = monitor.map(MonitoringData::from);
                     let context = make_single_context(data);
+                    let response =
+                        FullSearchResponse::new(response, &search_response.full_tree_head);
                     self.inner
                         .verify_search(request, response, context, true, now)?
                 }
@@ -466,20 +448,9 @@ impl<'a> Kt<'a> {
             .and_then(ChatDistinguishedResponse::try_from)?;
 
         let tree_head = tree_head.ok_or(Error::InvalidResponse("tree head must be present"))?;
-        let CondensedTreeSearchResponse {
-            vrf_proof,
-            search,
-            opening,
-            value,
-        } = distinguished.ok_or(Error::InvalidResponse("search response must be present"))?;
-        // TODO: this should be gone when tree_head is stripped in the next proto update
-        let search_response = TreeSearchResponse {
-            tree_head: Some(tree_head),
-            vrf_proof,
-            search,
-            opening,
-            value,
-        };
+        let condensed_response =
+            distinguished.ok_or(Error::InvalidResponse("search response must be present"))?;
+        let search_response = FullSearchResponse::new(condensed_response, &tree_head);
 
         let slim_search_request = SlimSearchRequest::new(b"distinguished".to_vec());
 

From 0dd5a0242f74271225f5a848db625619b0ef7e4d Mon Sep 17 00:00:00 2001
From: Alex Konradi <akonradi@signal.org>
Date: Mon, 18 Nov 2024 09:50:47 -0500
Subject: [PATCH 10/57] Remove CDSI return_acis_without_uaks

---
 .../libsignal/net/CdsiLookupRequest.java      | 28 ++++++++++---------
 .../org/signal/libsignal/internal/Native.java |  1 -
 node/Native.d.ts                              |  3 +-
 node/ts/net.ts                                |  9 ++----
 rust/bridge/node/bin/Native.d.ts.in           |  2 +-
 rust/bridge/shared/src/net/cdsi.rs            |  5 ----
 rust/net/examples/cdsi_lookup.rs              |  1 -
 rust/net/src/cdsi.rs                          |  7 -----
 rust/net/src/proto/cds2.proto                 |  5 ++--
 swift/Sources/LibSignalClient/CdsTypes.swift  | 23 ++++++++++++---
 swift/Sources/LibSignalClient/Net.swift       | 15 ++++++++--
 swift/Sources/SignalFfi/signal_ffi.h          |  2 --
 .../Tests/LibSignalClientTests/NetTests.swift |  3 +-
 13 files changed, 55 insertions(+), 49 deletions(-)

diff --git a/java/client/src/main/java/org/signal/libsignal/net/CdsiLookupRequest.java b/java/client/src/main/java/org/signal/libsignal/net/CdsiLookupRequest.java
index 8a5609b77..0d6e7a6c3 100644
--- a/java/client/src/main/java/org/signal/libsignal/net/CdsiLookupRequest.java
+++ b/java/client/src/main/java/org/signal/libsignal/net/CdsiLookupRequest.java
@@ -22,15 +22,12 @@ public class CdsiLookupRequest {
 
   final Map<ServiceId, ProfileKey> serviceIds;
 
-  final boolean requireAcis;
-
   final byte[] token;
 
   public CdsiLookupRequest(
       Set<String> previousE164s,
       Set<String> newE164s,
       Map<ServiceId, ProfileKey> serviceIds,
-      boolean requireAcis,
       Optional<byte[]> token) {
     if (previousE164s.size() > 0 && !token.isPresent()) {
       throw new IllegalArgumentException("You must have a token if you have previousE164s!");
@@ -40,18 +37,26 @@ public CdsiLookupRequest(
     this.newE164s = newE164s;
     this.removedE164s = Collections.emptySet();
     this.serviceIds = serviceIds;
-    this.requireAcis = requireAcis;
     this.token = token.orElse(null);
   }
 
+  /**
+   * @deprecated The requireAcis field is no longer read by the server. Use the overload that
+   *     doesn't take it as an argument.
+   */
+  @Deprecated
+  public CdsiLookupRequest(
+      Set<String> previousE164s,
+      Set<String> newE164s,
+      Map<ServiceId, ProfileKey> serviceIds,
+      boolean requireAcis,
+      Optional<byte[]> token) {
+    this(previousE164s, newE164s, serviceIds, token);
+  }
+
   NativeRequest makeNative() {
     return new NativeRequest(
-        this.previousE164s,
-        this.newE164s,
-        this.removedE164s,
-        this.serviceIds,
-        this.requireAcis,
-        this.token);
+        this.previousE164s, this.newE164s, this.removedE164s, this.serviceIds, this.token);
   }
 
   class NativeRequest {
@@ -60,7 +65,6 @@ private NativeRequest(
         Set<String> newE164s,
         Set<String> removedE164s,
         Map<ServiceId, ProfileKey> serviceIds,
-        boolean requireAcis,
         byte[] token) {
       this.nativeHandle = Native.LookupRequest_new();
 
@@ -82,8 +86,6 @@ private NativeRequest(
             }
           });
 
-      Native.LookupRequest_setReturnAcisWithoutUaks(this.nativeHandle, requireAcis);
-
       if (token != null) {
         Native.LookupRequest_setToken(this.nativeHandle, token);
       }
diff --git a/java/shared/java/org/signal/libsignal/internal/Native.java b/java/shared/java/org/signal/libsignal/internal/Native.java
index 5309e027e..d5fa1ba3a 100644
--- a/java/shared/java/org/signal/libsignal/internal/Native.java
+++ b/java/shared/java/org/signal/libsignal/internal/Native.java
@@ -410,7 +410,6 @@ private Native() {}
   public static native void LookupRequest_addE164(long request, String e164);
   public static native void LookupRequest_addPreviousE164(long request, String e164);
   public static native long LookupRequest_new();
-  public static native void LookupRequest_setReturnAcisWithoutUaks(long request, boolean returnAcisWithoutUaks);
   public static native void LookupRequest_setToken(long request, byte[] token);
 
   public static native void MessageBackupKey_Destroy(long handle);
diff --git a/node/Native.d.ts b/node/Native.d.ts
index 4329c2260..c0db57e42 100644
--- a/node/Native.d.ts
+++ b/node/Native.d.ts
@@ -136,7 +136,7 @@ interface MessageBackupValidationOutcome {
 }
 
 interface CancellablePromise<T> extends Promise<T> {
-  _cancellationToken: bigint
+  _cancellationToken: bigint;
 }
 
 // eslint-disable-next-line @typescript-eslint/no-unused-vars
@@ -320,7 +320,6 @@ export function LookupRequest_addAciAndAccessKey(request: Wrapper<LookupRequest>
 export function LookupRequest_addE164(request: Wrapper<LookupRequest>, e164: string): void;
 export function LookupRequest_addPreviousE164(request: Wrapper<LookupRequest>, e164: string): void;
 export function LookupRequest_new(): LookupRequest;
-export function LookupRequest_setReturnAcisWithoutUaks(request: Wrapper<LookupRequest>, returnAcisWithoutUaks: boolean): void;
 export function LookupRequest_setToken(request: Wrapper<LookupRequest>, token: Buffer): void;
 export function MessageBackupKey_FromAccountEntropyPool(accountEntropy: string, aci: Buffer): MessageBackupKey;
 export function MessageBackupKey_FromBackupKeyAndBackupId(backupKey: Buffer, backupId: Buffer): MessageBackupKey;
diff --git a/node/ts/net.ts b/node/ts/net.ts
index fcc397db0..01bae7e8e 100644
--- a/node/ts/net.ts
+++ b/node/ts/net.ts
@@ -36,6 +36,9 @@ export type ServiceAuth = {
 export type CDSRequestOptionsType = {
   e164s: Array<string>;
   acisAndAccessKeys: Array<{ aci: string; accessKey: string }>;
+  /**
+   * @deprecated this option is ignored by the server.
+   */
   returnAcisWithoutUaks: boolean;
   abortSignal?: AbortSignal;
 };
@@ -562,7 +565,6 @@ export class Net {
     {
       e164s,
       acisAndAccessKeys,
-      returnAcisWithoutUaks,
       abortSignal,
     }: ReadonlyDeep<CDSRequestOptionsType>
   ): Promise<CDSResponseType<string, string>> {
@@ -579,11 +581,6 @@ export class Net {
       );
     });
 
-    Native.LookupRequest_setReturnAcisWithoutUaks(
-      request,
-      returnAcisWithoutUaks
-    );
-
     const lookup = await this.asyncContext.makeCancellable(
       abortSignal,
       Native.CdsiLookup_new(
diff --git a/rust/bridge/node/bin/Native.d.ts.in b/rust/bridge/node/bin/Native.d.ts.in
index a41ba46f3..42460889c 100644
--- a/rust/bridge/node/bin/Native.d.ts.in
+++ b/rust/bridge/node/bin/Native.d.ts.in
@@ -136,7 +136,7 @@ interface MessageBackupValidationOutcome {
 }
 
 interface CancellablePromise<T> extends Promise<T> {
-  _cancellationToken: bigint
+  _cancellationToken: bigint;
 }
 
 // eslint-disable-next-line @typescript-eslint/no-unused-vars
diff --git a/rust/bridge/shared/src/net/cdsi.rs b/rust/bridge/shared/src/net/cdsi.rs
index 2adfab205..2e01a421a 100644
--- a/rust/bridge/shared/src/net/cdsi.rs
+++ b/rust/bridge/shared/src/net/cdsi.rs
@@ -56,11 +56,6 @@ fn LookupRequest_addAciAndAccessKey(
     Ok(())
 }
 
-#[bridge_fn]
-fn LookupRequest_setReturnAcisWithoutUaks(request: &LookupRequest, return_acis_without_uaks: bool) {
-    request.lock().return_acis_without_uaks = return_acis_without_uaks;
-}
-
 bridge_handle_fns!(CdsiLookup, clone = false);
 
 #[bridge_io(TokioAsyncContext)]
diff --git a/rust/net/examples/cdsi_lookup.rs b/rust/net/examples/cdsi_lookup.rs
index 0f9ef4bc9..ca808efc4 100644
--- a/rust/net/examples/cdsi_lookup.rs
+++ b/rust/net/examples/cdsi_lookup.rs
@@ -81,7 +81,6 @@ async fn main() {
     let request = LookupRequest {
         new_e164s,
         acis_and_access_keys: vec![],
-        return_acis_without_uaks: true,
         ..Default::default()
     };
 
diff --git a/rust/net/src/cdsi.rs b/rust/net/src/cdsi.rs
index a48ce13f9..3c55c571b 100644
--- a/rust/net/src/cdsi.rs
+++ b/rust/net/src/cdsi.rs
@@ -88,7 +88,6 @@ pub struct LookupRequest {
     pub new_e164s: Vec<E164>,
     pub prev_e164s: Vec<E164>,
     pub acis_and_access_keys: Vec<AciAndAccessKey>,
-    pub return_acis_without_uaks: bool,
     pub token: Box<[u8]>,
 }
 
@@ -98,7 +97,6 @@ impl LookupRequest {
             new_e164s,
             prev_e164s,
             acis_and_access_keys,
-            return_acis_without_uaks,
             token,
         } = self;
 
@@ -110,7 +108,6 @@ impl LookupRequest {
             aci_uak_pairs,
             new_e164s,
             prev_e164s,
-            return_acis_without_uaks,
             token: token.into_vec(),
             token_ack: false,
             // TODO: use these for supporting non-desktop client requirements.
@@ -439,7 +436,6 @@ struct LookupRequestDebugInfo {
     new_e164s: usize,
     prev_e164s: usize,
     acis_and_access_keys: usize,
-    return_acis_without_uaks: bool,
     token: usize,
 }
 
@@ -449,7 +445,6 @@ impl std::fmt::Display for LookupRequestDebugInfo {
             .field("new_e164s", &self.new_e164s)
             .field("prev_e164s", &self.prev_e164s)
             .field("acis_and_access_keys", &self.acis_and_access_keys)
-            .field("return_acis_without_uaks", &self.return_acis_without_uaks)
             .field("token", &self.token)
             .finish()
     }
@@ -463,14 +458,12 @@ impl From<&LookupRequest> for LookupRequestDebugInfo {
             new_e164s,
             prev_e164s,
             acis_and_access_keys,
-            return_acis_without_uaks,
             token,
         } = value;
         Self {
             new_e164s: new_e164s.len(),
             prev_e164s: prev_e164s.len(),
             acis_and_access_keys: acis_and_access_keys.len(),
-            return_acis_without_uaks: *return_acis_without_uaks,
             token: token.len(),
         }
     }
diff --git a/rust/net/src/proto/cds2.proto b/rust/net/src/proto/cds2.proto
index 7304fa780..0b5cd3f55 100644
--- a/rust/net/src/proto/cds2.proto
+++ b/rust/net/src/proto/cds2.proto
@@ -26,9 +26,8 @@ message ClientRequest {
   // containing a token_ack.
   bool token_ack = 7;
 
-  // Request that, if the server allows, both ACI and PNI be returned even
-  // if the aci_uak_pairs don't match.
-  bool return_acis_without_uaks = 8;
+  // [deprecated] bool return_acis_without_uaks = 8
+  reserved 8;
 }
 
 message ClientResponse {
diff --git a/swift/Sources/LibSignalClient/CdsTypes.swift b/swift/Sources/LibSignalClient/CdsTypes.swift
index b37c8bf43..ddbbb23ba 100644
--- a/swift/Sources/LibSignalClient/CdsTypes.swift
+++ b/swift/Sources/LibSignalClient/CdsTypes.swift
@@ -37,8 +37,7 @@ public class CdsiLookupRequest: NativeHandleOwner {
         e164s: [String],
         prevE164s: [String],
         acisAndAccessKeys: [AciAndAccessKey],
-        token: Data?,
-        returnAcisWithoutUaks: Bool
+        token: Data?
     ) throws {
         self.init()
         try self.withNativeHandle { handle in
@@ -66,11 +65,27 @@ public class CdsiLookupRequest: NativeHandleOwner {
                 }
                 self.hasToken = true
             }
-
-            try checkError(signal_lookup_request_set_return_acis_without_uaks(handle, returnAcisWithoutUaks))
         }
     }
 
+    /// Creates a new `CdsiLookupRequest` with the provided data.
+    ///
+    /// Phone numbers should be passed in as string-encoded numeric values,
+    /// optionally with a leading `+` character.
+    ///
+    /// - Throws: a ``SignalError`` if any of the arguments are invalid,
+    /// including the phone numbers or the access keys.
+    @available(*, deprecated, message: "returnAcisWithoutUaks is deprecated; use the overload that does not have it as an argument")
+    public convenience init(
+        e164s: [String],
+        prevE164s: [String],
+        acisAndAccessKeys: [AciAndAccessKey],
+        token: Data?,
+        returnAcisWithoutUaks: Bool
+    ) throws {
+        try self.init(e164s: e164s, prevE164s: prevE164s, acisAndAccessKeys: acisAndAccessKeys, token: token)
+    }
+
     override internal class func destroyNativeHandle(_ handle: OpaquePointer) -> SignalFfiErrorRef? {
         signal_lookup_request_destroy(handle)
     }
diff --git a/swift/Sources/LibSignalClient/Net.swift b/swift/Sources/LibSignalClient/Net.swift
index 476614a44..f81a27f74 100644
--- a/swift/Sources/LibSignalClient/Net.swift
+++ b/swift/Sources/LibSignalClient/Net.swift
@@ -85,13 +85,24 @@ public class Net {
         prevE164s: [String],
         e164s: [String],
         acisAndAccessKeys: [AciAndAccessKey],
-        returnAcisWithoutUaks: Bool,
         token: Data?
     ) async throws -> CdsiLookup {
-        let request = try CdsiLookupRequest(e164s: e164s, prevE164s: prevE164s, acisAndAccessKeys: acisAndAccessKeys, token: token, returnAcisWithoutUaks: returnAcisWithoutUaks)
+        let request = try CdsiLookupRequest(e164s: e164s, prevE164s: prevE164s, acisAndAccessKeys: acisAndAccessKeys, token: token)
         return try await self.cdsiLookup(auth: auth, request: request)
     }
 
+    @available(*, deprecated, message: "returnAcisWithoutUaks is deprecated; use the overload that does not have it as an argument")
+    public func cdsiLookup(
+        auth: Auth,
+        prevE164s: [String],
+        e164s: [String],
+        acisAndAccessKeys: [AciAndAccessKey],
+        returnAcisWithoutUaks: Bool,
+        token: Data?
+    ) async throws -> CdsiLookup {
+        return try await self.cdsiLookup(auth: auth, prevE164s: prevE164s, e164s: e164s, acisAndAccessKeys: acisAndAccessKeys, token: token)
+    }
+
     /// Starts a new CDSI lookup request.
     ///
     /// Initiates a new CDSI request. Once the attested connection has been
diff --git a/swift/Sources/SignalFfi/signal_ffi.h b/swift/Sources/SignalFfi/signal_ffi.h
index 440591f22..fca8d5b5f 100644
--- a/swift/Sources/SignalFfi/signal_ffi.h
+++ b/swift/Sources/SignalFfi/signal_ffi.h
@@ -1509,8 +1509,6 @@ SignalFfiError *signal_lookup_request_set_token(const SignalLookupRequest *reque
 
 SignalFfiError *signal_lookup_request_add_aci_and_access_key(const SignalLookupRequest *request, const SignalServiceIdFixedWidthBinaryBytes *aci, SignalBorrowedBuffer access_key);
 
-SignalFfiError *signal_lookup_request_set_return_acis_without_uaks(const SignalLookupRequest *request, bool return_acis_without_uaks);
-
 SignalFfiError *signal_cdsi_lookup_destroy(SignalCdsiLookup *p);
 
 SignalFfiError *signal_cdsi_lookup_new(SignalCPromiseCdsiLookup *promise, const SignalTokioAsyncContext *async_runtime, const SignalConnectionManager *connection_manager, const char *username, const char *password, const SignalLookupRequest *request);
diff --git a/swift/Tests/LibSignalClientTests/NetTests.swift b/swift/Tests/LibSignalClientTests/NetTests.swift
index 0034545fe..3893132fa 100644
--- a/swift/Tests/LibSignalClientTests/NetTests.swift
+++ b/swift/Tests/LibSignalClientTests/NetTests.swift
@@ -116,8 +116,7 @@ final class NetTests: XCTestCase {
             e164s: [],
             prevE164s: [],
             acisAndAccessKeys: [],
-            token: nil,
-            returnAcisWithoutUaks: false
+            token: nil
         )
         let net = Net(env: .staging, userAgent: userAgent)
 

From b0117ea6add0ac4863e34b451e5fe45559e70379 Mon Sep 17 00:00:00 2001
From: Alex Konradi <akonradi@signal.org>
Date: Tue, 19 Nov 2024 07:35:23 -0500
Subject: [PATCH 11/57] Deprecate PniAsServiceId credential issuer methods

---
 .../zkgroup/integrationtests/ZkGroupTest.java | 189 +-----------------
 .../zkgroup/auth/ServerZkAuthOperations.java  |  10 +
 node/ts/test/ZKGroup-test.ts                  |  86 --------
 .../ts/zkgroup/auth/ServerZkAuthOperations.ts |   6 +
 .../zkgroup/ServerZkAuthOperations.swift      |   2 +
 .../LibSignalClientTests/ZKGroupTests.swift   |  50 -----
 6 files changed, 19 insertions(+), 324 deletions(-)

diff --git a/java/client/src/test/java/org/signal/libsignal/zkgroup/integrationtests/ZkGroupTest.java b/java/client/src/test/java/org/signal/libsignal/zkgroup/integrationtests/ZkGroupTest.java
index 115ff7337..72ceac9ed 100644
--- a/java/client/src/test/java/org/signal/libsignal/zkgroup/integrationtests/ZkGroupTest.java
+++ b/java/client/src/test/java/org/signal/libsignal/zkgroup/integrationtests/ZkGroupTest.java
@@ -136,7 +136,7 @@ public void testAuthIntegrationCurrentTime()
     // SERVER
     // Issue credential
     AuthCredentialWithPniResponse authCredentialResponse =
-        serverZkAuth.issueAuthCredentialWithPniAsServiceId(
+        serverZkAuth.issueAuthCredentialWithPniZkc(
             createSecureRandom(TEST_ARRAY_32_2), aci, pni, redemptionInstant);
 
     // CLIENT
@@ -191,193 +191,6 @@ public void testAuthIntegrationCurrentTime()
     }
   }
 
-  @Test
-  public void testAuthWithPniIntegration()
-      throws VerificationFailedException, InvalidInputException {
-
-    Aci aci = new Aci(TEST_UUID);
-    Pni pni = new Pni(TEST_UUID_1);
-    Instant redemptionTime = Instant.now().truncatedTo(ChronoUnit.DAYS);
-
-    // Generate keys (client's are per-group, server's are not)
-    // ---
-
-    // SERVER
-    ServerSecretParams serverSecretParams =
-        ServerSecretParams.generate(createSecureRandom(TEST_ARRAY_32));
-    ServerPublicParams serverPublicParams = serverSecretParams.getPublicParams();
-
-    ServerZkAuthOperations serverZkAuth = new ServerZkAuthOperations(serverSecretParams);
-
-    // CLIENT
-    GroupMasterKey masterKey = new GroupMasterKey(TEST_ARRAY_32_1);
-    GroupSecretParams groupSecretParams = GroupSecretParams.deriveFromMasterKey(masterKey);
-
-    assertArrayEquals(groupSecretParams.getMasterKey().serialize(), masterKey.serialize());
-
-    GroupPublicParams groupPublicParams = groupSecretParams.getPublicParams();
-
-    // SERVER
-    // Issue credential
-    AuthCredentialWithPniResponse authCredentialResponse =
-        serverZkAuth.issueAuthCredentialWithPniAsServiceId(
-            createSecureRandom(TEST_ARRAY_32_2), aci, pni, redemptionTime);
-
-    // CLIENT
-    // Receive credential
-    ClientZkAuthOperations clientZkAuthCipher = new ClientZkAuthOperations(serverPublicParams);
-    ClientZkGroupCipher clientZkGroupCipher = new ClientZkGroupCipher(groupSecretParams);
-    AuthCredentialWithPni authCredential =
-        clientZkAuthCipher.receiveAuthCredentialWithPniAsServiceId(
-            aci, pni, redemptionTime.getEpochSecond(), authCredentialResponse);
-
-    // CLIENT - deserialize test
-    {
-      new AuthCredentialWithPniResponse(authCredentialResponse.serialize());
-      try {
-        byte[] temp = new byte[10];
-        new AuthCredentialWithPniResponse(temp);
-        throw new AssertionError(
-            "Failed to catch invalid AuthCredentialWithPniResponse deserialize 1");
-      } catch (InvalidInputException e) {
-        // expected
-      }
-      try {
-        new AuthCredentialWithPniResponse(makeBadArray(authCredentialResponse.serialize()));
-        throw new AssertionError(
-            "Failed to catch invalid AuthCredentialWithPniResponse deserialize 2");
-      } catch (InvalidInputException e) {
-        // expected
-      }
-    }
-
-    // CLIENT - verify test
-    {
-      try {
-        // Switch ACI and PNI
-        clientZkAuthCipher.receiveAuthCredentialWithPniAsServiceId(
-            new Aci(pni.getRawUUID()),
-            new Pni(aci.getRawUUID()),
-            redemptionTime.getEpochSecond(),
-            authCredentialResponse);
-        throw new AssertionError("Failed to catch invalid AuthCredentialWithPni 1");
-      } catch (VerificationFailedException e) {
-        // expected
-      }
-
-      byte[] temp = authCredentialResponse.serialize();
-      temp[1]++;
-      AuthCredentialWithPniResponse badResponse = new AuthCredentialWithPniResponse(temp);
-      try {
-        clientZkAuthCipher.receiveAuthCredentialWithPniAsServiceId(
-            aci, pni, redemptionTime.getEpochSecond(), badResponse);
-        throw new AssertionError("Failed to catch invalid AuthCredentialWithPni 2");
-      } catch (VerificationFailedException e) {
-        // expected
-      }
-    }
-
-    // Create and decrypt user entry
-    UuidCiphertext aciCiphertext = clientZkGroupCipher.encrypt(aci);
-    ServiceId aciPlaintext = clientZkGroupCipher.decrypt(aciCiphertext);
-    assertEquals(aci, aciPlaintext);
-    UuidCiphertext pniCiphertext = clientZkGroupCipher.encrypt(pni);
-    ServiceId pniPlaintext = clientZkGroupCipher.decrypt(pniCiphertext);
-    assertEquals(pni, pniPlaintext);
-
-    // CLIENT - Create presentation
-    AuthCredentialPresentation presentation =
-        clientZkAuthCipher.createAuthCredentialPresentation(
-            createSecureRandom(TEST_ARRAY_32_5), groupSecretParams, authCredential);
-    assertEquals(
-        presentation.serialize()[0],
-        2); // Check V3 (versions start from 1 but are encoded starting from 0)
-    assertEquals(presentation.getVersion(), AuthCredentialPresentation.Version.V3);
-
-    // CLIENT - deserialize test
-    {
-      new AuthCredentialPresentation(presentation.serialize());
-      byte[] temp = new byte[10];
-      try {
-        new AuthCredentialPresentation(temp);
-        throw new AssertionError(
-            "Failed to catch invalid AuthCredentialPresentation deserialize 1");
-      } catch (InvalidInputException e) {
-        // expected
-      }
-      try {
-        new AuthCredentialPresentation(makeBadArray(presentation.serialize()));
-        throw new AssertionError(
-            "Failed to catch invalid AuthCredentialPresentation deserialize 2");
-      } catch (InvalidInputException e) {
-        // expected
-      }
-    }
-
-    // SERVER - Verify presentation, using times at the edge of the acceptable window
-    assertArrayEquals(aciCiphertext.serialize(), presentation.getUuidCiphertext().serialize());
-    assertArrayEquals(pniCiphertext.serialize(), presentation.getPniCiphertext().serialize());
-    assertEquals(presentation.getRedemptionTime(), redemptionTime);
-
-    serverZkAuth.verifyAuthCredentialPresentation(
-        groupPublicParams, presentation, redemptionTime.minus(1, ChronoUnit.DAYS));
-    serverZkAuth.verifyAuthCredentialPresentation(
-        groupPublicParams, presentation, redemptionTime.plus(2, ChronoUnit.DAYS));
-
-    try {
-      serverZkAuth.verifyAuthCredentialPresentation(
-          groupPublicParams,
-          presentation,
-          redemptionTime.minus(1, ChronoUnit.DAYS).minus(1, ChronoUnit.SECONDS));
-      throw new AssertionError("verifyAuthCredentialPresentation should fail #1!");
-    } catch (VerificationFailedException e) {
-      // good
-    }
-
-    try {
-      serverZkAuth.verifyAuthCredentialPresentation(
-          groupPublicParams,
-          presentation,
-          redemptionTime.plus(2, ChronoUnit.DAYS).plus(1, ChronoUnit.SECONDS));
-      throw new AssertionError("verifyAuthCredentialPresentation should fail #2!");
-    } catch (VerificationFailedException e) {
-      // good
-    }
-
-    try {
-      byte[] temp = presentation.serialize();
-      temp[3] += 5; // We need a bad presentation that passes deserialization, this seems to work
-      AuthCredentialPresentation presentationTemp = new AuthCredentialPresentation(temp);
-      serverZkAuth.verifyAuthCredentialPresentation(
-          groupPublicParams, presentationTemp, redemptionTime);
-      throw new AssertionError("verifyAuthCredentialPresentation should fail #3!");
-    } catch (VerificationFailedException e) {
-      // expected
-    }
-
-    try {
-      byte[] temp = presentation.serialize();
-      temp[0] = 0; // This interprets a V3 as V1, so should fail
-      AuthCredentialPresentation presentationTemp = new AuthCredentialPresentation(temp);
-      serverZkAuth.verifyAuthCredentialPresentation(
-          groupPublicParams, presentationTemp, redemptionTime);
-      throw new AssertionError("verifyAuthCredentialPresentation should fail #4");
-    } catch (InvalidInputException e) {
-      // expected
-    }
-
-    try {
-      byte[] temp = presentation.serialize();
-      temp[0] = 40; // This interprets a V3 as a non-existent version, so should fail
-      AuthCredentialPresentation presentationTemp = new AuthCredentialPresentation(temp);
-      serverZkAuth.verifyAuthCredentialPresentation(
-          groupPublicParams, presentationTemp, redemptionTime);
-      throw new AssertionError("verifyAuthCredentialPresentation should fail #5");
-    } catch (InvalidInputException e) {
-      // expected
-    }
-  }
-
   @Test
   public void testAuthWithPniZkcIntegration()
       throws VerificationFailedException, InvalidInputException {
diff --git a/java/shared/java/org/signal/libsignal/zkgroup/auth/ServerZkAuthOperations.java b/java/shared/java/org/signal/libsignal/zkgroup/auth/ServerZkAuthOperations.java
index 9bd47c702..fca4f5001 100644
--- a/java/shared/java/org/signal/libsignal/zkgroup/auth/ServerZkAuthOperations.java
+++ b/java/shared/java/org/signal/libsignal/zkgroup/auth/ServerZkAuthOperations.java
@@ -26,11 +26,21 @@ public ServerZkAuthOperations(ServerSecretParams serverSecretParams) {
     this.serverSecretParams = serverSecretParams;
   }
 
+  /**
+   * @deprecated These credentials are no longer supported by the server; use {@link
+   *     #issueAuthCredentialWithPniZkc} instead.
+   */
+  @Deprecated
   public AuthCredentialWithPniResponse issueAuthCredentialWithPniAsServiceId(
       Aci aci, Pni pni, Instant redemptionTime) {
     return issueAuthCredentialWithPniAsServiceId(new SecureRandom(), aci, pni, redemptionTime);
   }
 
+  /**
+   * @deprecated These credentials are no longer supported by the server; use {@link
+   *     #issueAuthCredentialWithPniZkc} instead.
+   */
+  @Deprecated
   public AuthCredentialWithPniResponse issueAuthCredentialWithPniAsServiceId(
       SecureRandom secureRandom, Aci aci, Pni pni, Instant redemptionTime) {
     byte[] random = new byte[RANDOM_LENGTH];
diff --git a/node/ts/test/ZKGroup-test.ts b/node/ts/test/ZKGroup-test.ts
index 2fb36fc79..7a6903d6e 100644
--- a/node/ts/test/ZKGroup-test.ts
+++ b/node/ts/test/ZKGroup-test.ts
@@ -182,92 +182,6 @@ describe('ZKGroup', () => {
     );
   });
 
-  it('testAuthWithPniIntegration', () => {
-    const aci = Aci.fromUuid(TEST_UUID);
-    const pni = Pni.fromUuid(TEST_UUID_1);
-    const redemptionTime = 123456 * SECONDS_PER_DAY;
-
-    // Generate keys (client's are per-group, server's are not)
-    // ---
-
-    // SERVER
-    const serverSecretParams =
-      ServerSecretParams.generateWithRandom(TEST_ARRAY_32);
-    const serverPublicParams = serverSecretParams.getPublicParams();
-    const serverZkAuth = new ServerZkAuthOperations(serverSecretParams);
-
-    // CLIENT
-    const masterKey = new GroupMasterKey(TEST_ARRAY_32_1);
-    const groupSecretParams = GroupSecretParams.deriveFromMasterKey(masterKey);
-
-    assertArrayEquals(
-      groupSecretParams.getMasterKey().serialize(),
-      masterKey.serialize()
-    );
-
-    const groupPublicParams = groupSecretParams.getPublicParams();
-
-    // SERVER
-    // Issue credential
-    const authCredentialResponse =
-      serverZkAuth.issueAuthCredentialWithPniAsServiceIdWithRandom(
-        TEST_ARRAY_32_2,
-        aci,
-        pni,
-        redemptionTime
-      );
-
-    // CLIENT
-    // Receive credential
-    const clientZkAuthCipher = new ClientZkAuthOperations(serverPublicParams);
-    const clientZkGroupCipher = new ClientZkGroupCipher(groupSecretParams);
-    const authCredential =
-      clientZkAuthCipher.receiveAuthCredentialWithPniAsServiceId(
-        aci,
-        pni,
-        redemptionTime,
-        authCredentialResponse
-      );
-
-    // Create and decrypt user entry
-    const aciCiphertext = clientZkGroupCipher.encryptServiceId(aci);
-    const aciPlaintext = clientZkGroupCipher.decryptServiceId(aciCiphertext);
-    assert(aci.isEqual(aciPlaintext));
-    const pniCiphertext = clientZkGroupCipher.encryptServiceId(pni);
-    const pniPlaintext = clientZkGroupCipher.decryptServiceId(pniCiphertext);
-    assert(pni.isEqual(pniPlaintext));
-
-    // Create presentation
-    const presentation =
-      clientZkAuthCipher.createAuthCredentialWithPniPresentationWithRandom(
-        TEST_ARRAY_32_5,
-        groupSecretParams,
-        authCredential
-      );
-
-    // Verify presentation
-    assertArrayEquals(
-      aciCiphertext.serialize(),
-      presentation.getUuidCiphertext().serialize()
-    );
-    const presentationPniCiphertext = presentation.getPniCiphertext();
-    // Use a generic assertion instead of assert.isNotNull because TypeScript understands it.
-    assert(presentationPniCiphertext !== null);
-    assertArrayEquals(
-      pniCiphertext.serialize(),
-      presentationPniCiphertext.serialize()
-    );
-    assert.deepEqual(
-      presentation.getRedemptionTime(),
-      new Date(1000 * redemptionTime)
-    );
-    serverZkAuth.verifyAuthCredentialPresentation(
-      groupPublicParams,
-      presentation,
-      new Date(1000 * redemptionTime)
-    );
-  });
-
   it('testAuthZkcIntegration', () => {
     const aci = Aci.fromUuid(TEST_UUID);
     const pni = Pni.fromUuid(TEST_UUID_1);
diff --git a/node/ts/zkgroup/auth/ServerZkAuthOperations.ts b/node/ts/zkgroup/auth/ServerZkAuthOperations.ts
index 6ce9ed215..8fd29d500 100644
--- a/node/ts/zkgroup/auth/ServerZkAuthOperations.ts
+++ b/node/ts/zkgroup/auth/ServerZkAuthOperations.ts
@@ -20,6 +20,9 @@ export default class ServerZkAuthOperations {
     this.serverSecretParams = serverSecretParams;
   }
 
+  /**
+   * @deprecated These credentials are no longer supported by the server; use `issueAuthCredentialWithPniZkc` instead.
+   */
   issueAuthCredentialWithPniAsServiceId(
     aci: Aci,
     pni: Pni,
@@ -35,6 +38,9 @@ export default class ServerZkAuthOperations {
     );
   }
 
+  /**
+   * @deprecated These credentials are no longer supported by the server; use `issueAuthCredentialWithPniZkc` instead.
+   */
   issueAuthCredentialWithPniAsServiceIdWithRandom(
     random: Buffer,
     aci: Aci,
diff --git a/swift/Sources/LibSignalClient/zkgroup/ServerZkAuthOperations.swift b/swift/Sources/LibSignalClient/zkgroup/ServerZkAuthOperations.swift
index ea05d3d8f..ae079f53e 100644
--- a/swift/Sources/LibSignalClient/zkgroup/ServerZkAuthOperations.swift
+++ b/swift/Sources/LibSignalClient/zkgroup/ServerZkAuthOperations.swift
@@ -13,10 +13,12 @@ public class ServerZkAuthOperations {
         self.serverSecretParams = serverSecretParams
     }
 
+    @available(*, deprecated, message: "these credentials are no longer supported by the server; use issueAuthCredentialWithPniZkc instead")
     public func issueAuthCredentialWithPniAsServiceId(aci: Aci, pni: Pni, redemptionTime: UInt64) throws -> AuthCredentialWithPniResponse {
         return try self.issueAuthCredentialWithPniAsServiceId(randomness: Randomness.generate(), aci: aci, pni: pni, redemptionTime: redemptionTime)
     }
 
+    @available(*, deprecated, message: "these credentials are no longer supported by the server; use issueAuthCredentialWithPniZkc instead")
     public func issueAuthCredentialWithPniAsServiceId(randomness: Randomness, aci: Aci, pni: Pni, redemptionTime: UInt64) throws -> AuthCredentialWithPniResponse {
         return try self.serverSecretParams.withNativeHandle { serverSecretParams in
             try randomness.withUnsafePointerToBytes { randomness in
diff --git a/swift/Tests/LibSignalClientTests/ZKGroupTests.swift b/swift/Tests/LibSignalClientTests/ZKGroupTests.swift
index 318bf1796..8d261fb21 100644
--- a/swift/Tests/LibSignalClientTests/ZKGroupTests.swift
+++ b/swift/Tests/LibSignalClientTests/ZKGroupTests.swift
@@ -92,56 +92,6 @@ class ZKGroupTests: TestCaseBase {
         XCTAssertEqual(serializedPublicParams, try ServerPublicParams(contents: serializedPublicParams).serialize())
     }
 
-    func testAuthWithPniIntegration() throws {
-        let aci = Aci(fromUUID: TEST_ARRAY_16)
-        let pni = Pni(fromUUID: TEST_ARRAY_16_1)
-        let redemptionTime: UInt64 = 123_456 * SECONDS_PER_DAY
-
-        // Generate keys (client's are per-group, server's are not)
-        // ---
-
-        // SERVER
-        let serverSecretParams = try ServerSecretParams.generate(randomness: self.TEST_ARRAY_32)
-        let serverPublicParams = try serverSecretParams.getPublicParams()
-        let serverZkAuth = ServerZkAuthOperations(serverSecretParams: serverSecretParams)
-
-        // CLIENT
-        let masterKey = try GroupMasterKey(contents: TEST_ARRAY_32_1)
-        let groupSecretParams = try GroupSecretParams.deriveFromMasterKey(groupMasterKey: masterKey)
-
-        XCTAssertEqual((try groupSecretParams.getMasterKey()).serialize(), masterKey.serialize())
-
-        let groupPublicParams = try groupSecretParams.getPublicParams()
-
-        // SERVER
-        // Issue credential
-        let authCredentialResponse = try serverZkAuth.issueAuthCredentialWithPniAsServiceId(randomness: self.TEST_ARRAY_32_2, aci: aci, pni: pni, redemptionTime: redemptionTime)
-
-        // CLIENT
-        // Receive credential
-        let clientZkAuthCipher = ClientZkAuthOperations(serverPublicParams: serverPublicParams)
-        let clientZkGroupCipher = ClientZkGroupCipher(groupSecretParams: groupSecretParams)
-        let authCredential = try clientZkAuthCipher.receiveAuthCredentialWithPniAsServiceId(aci: aci, pni: pni, redemptionTime: redemptionTime, authCredentialResponse: authCredentialResponse)
-
-        // Create and decrypt user entry
-        let aciCiphertext = try clientZkGroupCipher.encrypt(aci)
-        let aciPlaintext = try clientZkGroupCipher.decrypt(aciCiphertext)
-        XCTAssertEqual(aci, aciPlaintext)
-        let pniCiphertext = try clientZkGroupCipher.encrypt(pni)
-        let pniPlaintext = try clientZkGroupCipher.decrypt(pniCiphertext)
-        XCTAssertEqual(pni, pniPlaintext)
-
-        // Create presentation
-        let presentation = try clientZkAuthCipher.createAuthCredentialPresentation(randomness: self.TEST_ARRAY_32_5, groupSecretParams: groupSecretParams, authCredential: authCredential)
-
-        // Verify presentation
-        let uuidCiphertextRecv = try presentation.getUuidCiphertext()
-        XCTAssertEqual(aciCiphertext.serialize(), uuidCiphertextRecv.serialize())
-        XCTAssertEqual(pniCiphertext.serialize(), try presentation.getPniCiphertext()?.serialize())
-        XCTAssertEqual(try presentation.getRedemptionTime(), Date(timeIntervalSince1970: TimeInterval(redemptionTime)))
-        try serverZkAuth.verifyAuthCredentialPresentation(groupPublicParams: groupPublicParams, authCredentialPresentation: presentation, now: Date(timeIntervalSince1970: TimeInterval(redemptionTime)))
-    }
-
     func testAuthZkcIntegration() throws {
         let aci = Aci(fromUUID: TEST_ARRAY_16)
         let pni = Pni(fromUUID: TEST_ARRAY_16_1)

From b59ec95a902ef2dd6126d7a6e4e165bf92e49d5d Mon Sep 17 00:00:00 2001
From: Alex Konradi <akonradi@signal.org>
Date: Wed, 20 Nov 2024 11:08:47 -0500
Subject: [PATCH 12/57] Justfile quality-of-life improvements

---
 justfile | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/justfile b/justfile
index e19efa9b5..37d164d8a 100644
--- a/justfile
+++ b/justfile
@@ -16,6 +16,10 @@ generate-ffi:
 generate-node:
     rust/bridge/node/bin/gen_ts_decl.py
 
+alias generate-java := generate-jni
+alias generate-swift := generate-ffi
+alias generate-ts := generate-node
+
 # Regenerate bridge code for all three app languages.
 generate-bridge: generate-jni generate-node generate-ffi
 
@@ -23,11 +27,15 @@ format-jni:
     (cd java && ./gradlew spotlessApply)
 
 format-ffi:
-    (cd swift && swiftformat --swiftversion 5 . --lint)
+    (cd swift && swiftformat --swiftversion 5 .)
 
 format-node:
     (cd node && npm run format)
 
+alias format-java := format-jni
+alias format-swift := format-ffi
+alias format-ts := format-node
+
 # Auto-format code in Java, Rust, Swift, and TypeScript
 format-all: format-jni format-ffi format-node
     cargo fmt

From 1438cddc4776628e224d95b94f614d1e22090e30 Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Tue, 19 Nov 2024 16:36:11 -0800
Subject: [PATCH 13/57] backup: Update Backup.proto for new IAPSubscriberData

---
 .../message-backup/src/backup/account_data.rs | 83 ++++++++++++++++---
 .../backup/expected_serialized_backup.json    |  5 +-
 rust/message-backup/src/proto/backup.proto    | 14 +++-
 3 files changed, 87 insertions(+), 15 deletions(-)

diff --git a/rust/message-backup/src/backup/account_data.rs b/rust/message-backup/src/backup/account_data.rs
index 42cb87640..627f8fb93 100644
--- a/rust/message-backup/src/backup/account_data.rs
+++ b/rust/message-backup/src/backup/account_data.rs
@@ -25,6 +25,7 @@ use crate::proto::backup as proto;
     M::Value<Option<UsernameData>>: PartialEq,
     M::Value<String>: PartialEq,
     M::Value<Option<Subscription>>: PartialEq,
+    M::Value<Option<IapSubscriberData>>: PartialEq,
     AccountSettings<M>: PartialEq,
 ))]
 pub struct AccountData<M: Method + ReferencedTypes> {
@@ -39,7 +40,7 @@ pub struct AccountData<M: Method + ReferencedTypes> {
     pub account_settings: AccountSettings<M>,
     pub avatar_url_path: M::Value<String>,
     pub donation_subscription: M::Value<Option<Subscription>>,
-    pub backup_subscription: M::Value<Option<Subscription>>,
+    pub backup_subscription: M::Value<Option<IapSubscriberData>>,
 }
 
 #[derive(Debug, serde::Serialize)]
@@ -73,6 +74,21 @@ pub struct Subscription {
 const SUBSCRIBER_ID_LENGTH: usize = 32;
 type SubscriberId = [u8; SUBSCRIBER_ID_LENGTH];
 
+#[derive(Debug, serde::Serialize)]
+#[cfg_attr(test, derive(PartialEq))]
+pub struct IapSubscriberData {
+    #[serde(with = "hex")]
+    pub subscriber_id: SubscriberId,
+    pub subscription_id: IapSubscriptionId,
+}
+
+#[derive(Debug, serde::Serialize)]
+#[cfg_attr(test, derive(PartialEq))]
+pub enum IapSubscriptionId {
+    PlayStorePurchaseToken(String),
+    IosAppStoreOriginalTransactionId(u64),
+}
+
 #[derive_where(Debug)]
 #[derive(serde::Serialize)]
 #[cfg_attr(test, derive_where(PartialEq;
@@ -146,6 +162,8 @@ pub enum SubscriptionError {
     InvalidSubscriberId(usize),
     /// subscriber ID was present but not the currency code
     EmptyCurrency,
+    /// missing IAP subscription ID
+    MissingIapSubscriptionId,
 }
 
 impl<M: Method + ReferencedTypes, C: ReportUnusualTimestamp> TryFromWith<proto::AccountData, C>
@@ -191,7 +209,7 @@ impl<M: Method + ReferencedTypes, C: ReportUnusualTimestamp> TryFromWith<proto::
             .map_err(AccountDataError::DonationSubscription)?;
         let backup_subscription = backupsSubscriberData
             .into_option()
-            .map(Subscription::try_from)
+            .map(IapSubscriberData::try_from)
             .transpose()
             .map_err(AccountDataError::BackupSubscription)?;
 
@@ -235,6 +253,41 @@ impl TryFrom<proto::account_data::SubscriberData> for Subscription {
     }
 }
 
+impl TryFrom<proto::account_data::IAPSubscriberData> for IapSubscriberData {
+    type Error = SubscriptionError;
+
+    fn try_from(value: proto::account_data::IAPSubscriberData) -> Result<Self, Self::Error> {
+        let proto::account_data::IAPSubscriberData {
+            subscriberId,
+            iapSubscriptionId,
+            special_fields: _,
+        } = value;
+        let subscriber_id = subscriberId
+            .try_into()
+            .map_err(|id: Vec<u8>| SubscriptionError::InvalidSubscriberId(id.len()))?;
+
+        let subscription_id = {
+            use proto::account_data::iapsubscriber_data::IapSubscriptionId as ProtoIapSubscriptionId;
+            match iapSubscriptionId.ok_or(SubscriptionError::MissingIapSubscriptionId)? {
+                ProtoIapSubscriptionId::PurchaseToken(token) => {
+                    if token.is_empty() {
+                        return Err(SubscriptionError::MissingIapSubscriptionId);
+                    }
+                    IapSubscriptionId::PlayStorePurchaseToken(token)
+                }
+                ProtoIapSubscriptionId::OriginalTransactionId(id) => {
+                    IapSubscriptionId::IosAppStoreOriginalTransactionId(id)
+                }
+            }
+        };
+
+        Ok(IapSubscriberData {
+            subscriber_id,
+            subscription_id,
+        })
+    }
+}
+
 impl TryFrom<(String, Option<proto::account_data::UsernameLink>)> for UsernameData {
     type Error = AccountDataError;
 
@@ -376,12 +429,13 @@ mod test {
                     ..Default::default()
                 })
                 .into(),
-                backupsSubscriberData: Some(proto::account_data::SubscriberData {
+                backupsSubscriberData: Some(proto::account_data::IAPSubscriberData {
                     subscriberId: FAKE_SUBSCRIBER_ID.to_vec(),
-                    currencyCode: "XTS".to_string(),
+                    iapSubscriptionId: Some(
+                        proto::account_data::iapsubscriber_data::IapSubscriptionId::OriginalTransactionId(5)
+                    ),
                     ..Default::default()
-                })
-                .into(),
+                }).into(),
                 ..Default::default()
             }
         }
@@ -480,10 +534,9 @@ mod test {
                     custom_chat_colors: CustomColorMap::from_proto_test_data(),
                 },
                 avatar_url_path: "".to_string(),
-                backup_subscription: Some(Subscription {
+                backup_subscription: Some(IapSubscriberData {
                     subscriber_id: FAKE_SUBSCRIBER_ID,
-                    currency_code: "XTS".to_string(),
-                    manually_canceled: false,
+                    subscription_id: IapSubscriptionId::IosAppStoreOriginalTransactionId(5),
                 }),
                 donation_subscription: None,
             }
@@ -522,14 +575,20 @@ mod test {
     #[test_case(|x| x.backupsSubscriberData.as_mut().unwrap().subscriberId = vec![] =>
         Err(AccountDataError::BackupSubscription(SubscriptionError::InvalidSubscriberId(0)));
         "empty_subscriber_id")]
-    #[test_case(|x| x.backupsSubscriberData.as_mut().unwrap().currencyCode = "".to_owned() =>
-        Err(AccountDataError::BackupSubscription(SubscriptionError::EmptyCurrency));
-        "empty_subscriber_currency")]
+    #[test_case(|x| x.backupsSubscriberData.as_mut().unwrap().iapSubscriptionId = None =>
+        Err(AccountDataError::BackupSubscription(SubscriptionError::MissingIapSubscriptionId));
+        "missing_subscriber_iap_id")]
     #[test_case(|x| {
             x.backupsSubscriberData = None.into();
             x.donationSubscriberData = None.into();
         } => Ok(()); "no_subscriptions"
     )]
+    #[test_case(|x| {
+        x.donationSubscriberData = Some(proto::account_data::SubscriberData {
+            subscriberId: FAKE_SUBSCRIBER_ID.into(),
+            ..Default::default()
+        }).into();
+    } => Err(AccountDataError::DonationSubscription(SubscriptionError::EmptyCurrency)); "empty_subscriber_currency")]
     #[test_case(
         |x| x.accountSettings.as_mut().unwrap().customChatColors.clear() =>
         Err(AccountDataError::ChatStyle(ChatStyleError::UnknownCustomColorId(FAKE_CUSTOM_COLOR_ID.0)));
diff --git a/rust/message-backup/src/backup/expected_serialized_backup.json b/rust/message-backup/src/backup/expected_serialized_backup.json
index a280a1759..732041e54 100644
--- a/rust/message-backup/src/backup/expected_serialized_backup.json
+++ b/rust/message-backup/src/backup/expected_serialized_backup.json
@@ -57,8 +57,9 @@
     "donation_subscription": null,
     "backup_subscription": {
       "subscriber_id": "3737373737373737373737373737373737373737373737373737373737373737",
-      "currency_code": "XTS",
-      "manually_canceled": false
+      "subscription_id": {
+        "IosAppStoreOriginalTransactionId": 5
+      }
     }
   },
   "recipients": [],
diff --git a/rust/message-backup/src/proto/backup.proto b/rust/message-backup/src/proto/backup.proto
index 0e9abcb92..1e44f961c 100644
--- a/rust/message-backup/src/proto/backup.proto
+++ b/rust/message-backup/src/proto/backup.proto
@@ -86,6 +86,17 @@ message AccountData {
     bool manuallyCancelled = 3;
   }
 
+  message IAPSubscriberData {
+    bytes subscriberId = 1;
+
+    oneof iapSubscriptionId {
+      // Identifies an Android Play Store IAP subscription.
+      string purchaseToken = 2;
+      // Identifies an iOS App Store IAP subscription.
+      uint64 originalTransactionId = 3;
+    }
+  }
+
   bytes profileKey = 1;
   optional string username = 2;
   UsernameLink usernameLink = 3;
@@ -93,8 +104,9 @@ message AccountData {
   string familyName = 5;
   string avatarUrlPath = 6;
   SubscriberData donationSubscriberData = 7;
-  SubscriberData backupsSubscriberData = 8;
+  reserved /*backupsSubscriberData*/ 8; // A deprecated format
   AccountSettings accountSettings = 9;
+  IAPSubscriberData backupsSubscriberData = 10;
 }
 
 message Recipient {

From 1431cac1832a28dbc68284a211a3e8f6f35104f8 Mon Sep 17 00:00:00 2001
From: Alex Konradi <akonradi@signal.org>
Date: Wed, 20 Nov 2024 14:26:28 -0500
Subject: [PATCH 14/57] Define Native.d.ts input/output shapes as types

---
 node/Native.d.ts                    | 39 ++++++++++++++++-------------
 rust/bridge/node/bin/Native.d.ts.in | 39 ++++++++++++++++-------------
 2 files changed, 42 insertions(+), 36 deletions(-)

diff --git a/node/Native.d.ts b/node/Native.d.ts
index c0db57e42..c56e3bd43 100644
--- a/node/Native.d.ts
+++ b/node/Native.d.ts
@@ -11,42 +11,45 @@ type Uuid = Buffer;
 /// what's important is that it's an integer less than Number.MAX_SAFE_INTEGER.
 type Timestamp = number;
 
-interface LookupResponse {
+// Rust code produces or consumes values that conform to these interface
+// definitions. They must be kept in sync to prevent bridging errors.
+
+type LookupResponse = {
   entries: Map<string, LookupResponseEntry>;
   debugPermitsUsed: number;
 }
 
-interface LookupResponseEntry {
+type LookupResponseEntry = {
   readonly aci: string | undefined;
   readonly pni: string | undefined;
 }
 
-interface ChatResponse {
+type ChatResponse = {
   status: number;
   message: string | undefined;
   headers: ReadonlyArray<[string, string]>;
   body: Buffer | undefined;
 }
 
-interface ChatServiceDebugInfo {
+type ChatServiceDebugInfo = {
   ipType: number;
   durationMillis: number;
   connectionInfo: string;
 }
 
-interface ResponseAndDebugInfo {
+type ResponseAndDebugInfo = {
   response: ChatResponse;
   debugInfo: ChatServiceDebugInfo;
 }
 
-interface SealedSenderMultiRecipientMessageRecipient {
+type SealedSenderMultiRecipientMessageRecipient = {
   deviceIds: number[];
   registrationIds: number[];
   rangeOffset: number;
   rangeLen: number;
 }
 
-interface SealedSenderMultiRecipientMessage {
+type SealedSenderMultiRecipientMessage = {
   recipientMap: {
     [serviceId: string]: SealedSenderMultiRecipientMessageRecipient;
   };
@@ -54,7 +57,7 @@ interface SealedSenderMultiRecipientMessage {
   offsetOfSharedData: number;
 }
 
-export abstract class IdentityKeyStore {
+type IdentityKeyStore = {
   _getIdentityKey(): Promise<PrivateKey>;
   _getLocalRegistrationId(): Promise<number>;
   _saveIdentity(name: ProtocolAddress, key: PublicKey): Promise<boolean>;
@@ -66,18 +69,18 @@ export abstract class IdentityKeyStore {
   _getIdentity(name: ProtocolAddress): Promise<PublicKey | null>;
 }
 
-export abstract class SessionStore {
+type SessionStore = {
   _saveSession(addr: ProtocolAddress, record: SessionRecord): Promise<void>;
   _getSession(addr: ProtocolAddress): Promise<SessionRecord | null>;
 }
 
-export abstract class PreKeyStore {
+type PreKeyStore = {
   _savePreKey(preKeyId: number, record: PreKeyRecord): Promise<void>;
   _getPreKey(preKeyId: number): Promise<PreKeyRecord>;
   _removePreKey(preKeyId: number): Promise<void>;
 }
 
-export abstract class SignedPreKeyStore {
+type SignedPreKeyStore = {
   _saveSignedPreKey(
     signedPreKeyId: number,
     record: SignedPreKeyRecord
@@ -85,7 +88,7 @@ export abstract class SignedPreKeyStore {
   _getSignedPreKey(signedPreKeyId: number): Promise<SignedPreKeyRecord>;
 }
 
-export abstract class KyberPreKeyStore {
+type KyberPreKeyStore = {
   _saveKyberPreKey(
     kyberPreKeyId: number,
     record: KyberPreKeyRecord
@@ -94,7 +97,7 @@ export abstract class KyberPreKeyStore {
   _markKyberPreKeyUsed(kyberPreKeyId: number): Promise<void>;
 }
 
-export abstract class SenderKeyStore {
+type SenderKeyStore = {
   _saveSenderKey(
     sender: ProtocolAddress,
     distributionId: Uuid,
@@ -106,14 +109,14 @@ export abstract class SenderKeyStore {
   ): Promise<SenderKeyRecord | null>;
 }
 
-export abstract class InputStream {
+type InputStream = {
   _read(amount: number): Promise<Buffer>;
   _skip(amount: number): Promise<void>;
 }
 
-export abstract class SyncInputStream extends Buffer {}
+type SyncInputStream = Buffer;
 
-export abstract class ChatListener {
+type ChatListener = {
   _incoming_message(
     envelope: Buffer,
     timestamp: number,
@@ -130,12 +133,12 @@ type Wrapper<T> = Readonly<{
   _nativeHandle: T;
 }>;
 
-interface MessageBackupValidationOutcome {
+type MessageBackupValidationOutcome = {
   errorMessage: string | null;
   unknownFieldMessages: Array<string>;
 }
 
-interface CancellablePromise<T> extends Promise<T> {
+type CancellablePromise<T> = Promise<T> & {
   _cancellationToken: bigint;
 }
 
diff --git a/rust/bridge/node/bin/Native.d.ts.in b/rust/bridge/node/bin/Native.d.ts.in
index 42460889c..cf05d3fdc 100644
--- a/rust/bridge/node/bin/Native.d.ts.in
+++ b/rust/bridge/node/bin/Native.d.ts.in
@@ -11,42 +11,45 @@ type Uuid = Buffer;
 /// what's important is that it's an integer less than Number.MAX_SAFE_INTEGER.
 type Timestamp = number;
 
-interface LookupResponse {
+// Rust code produces or consumes values that conform to these interface
+// definitions. They must be kept in sync to prevent bridging errors.
+
+type LookupResponse = {
   entries: Map<string, LookupResponseEntry>;
   debugPermitsUsed: number;
 }
 
-interface LookupResponseEntry {
+type LookupResponseEntry = {
   readonly aci: string | undefined;
   readonly pni: string | undefined;
 }
 
-interface ChatResponse {
+type ChatResponse = {
   status: number;
   message: string | undefined;
   headers: ReadonlyArray<[string, string]>;
   body: Buffer | undefined;
 }
 
-interface ChatServiceDebugInfo {
+type ChatServiceDebugInfo = {
   ipType: number;
   durationMillis: number;
   connectionInfo: string;
 }
 
-interface ResponseAndDebugInfo {
+type ResponseAndDebugInfo = {
   response: ChatResponse;
   debugInfo: ChatServiceDebugInfo;
 }
 
-interface SealedSenderMultiRecipientMessageRecipient {
+type SealedSenderMultiRecipientMessageRecipient = {
   deviceIds: number[];
   registrationIds: number[];
   rangeOffset: number;
   rangeLen: number;
 }
 
-interface SealedSenderMultiRecipientMessage {
+type SealedSenderMultiRecipientMessage = {
   recipientMap: {
     [serviceId: string]: SealedSenderMultiRecipientMessageRecipient;
   };
@@ -54,7 +57,7 @@ interface SealedSenderMultiRecipientMessage {
   offsetOfSharedData: number;
 }
 
-export abstract class IdentityKeyStore {
+type IdentityKeyStore = {
   _getIdentityKey(): Promise<PrivateKey>;
   _getLocalRegistrationId(): Promise<number>;
   _saveIdentity(name: ProtocolAddress, key: PublicKey): Promise<boolean>;
@@ -66,18 +69,18 @@ export abstract class IdentityKeyStore {
   _getIdentity(name: ProtocolAddress): Promise<PublicKey | null>;
 }
 
-export abstract class SessionStore {
+type SessionStore = {
   _saveSession(addr: ProtocolAddress, record: SessionRecord): Promise<void>;
   _getSession(addr: ProtocolAddress): Promise<SessionRecord | null>;
 }
 
-export abstract class PreKeyStore {
+type PreKeyStore = {
   _savePreKey(preKeyId: number, record: PreKeyRecord): Promise<void>;
   _getPreKey(preKeyId: number): Promise<PreKeyRecord>;
   _removePreKey(preKeyId: number): Promise<void>;
 }
 
-export abstract class SignedPreKeyStore {
+type SignedPreKeyStore = {
   _saveSignedPreKey(
     signedPreKeyId: number,
     record: SignedPreKeyRecord
@@ -85,7 +88,7 @@ export abstract class SignedPreKeyStore {
   _getSignedPreKey(signedPreKeyId: number): Promise<SignedPreKeyRecord>;
 }
 
-export abstract class KyberPreKeyStore {
+type KyberPreKeyStore = {
   _saveKyberPreKey(
     kyberPreKeyId: number,
     record: KyberPreKeyRecord
@@ -94,7 +97,7 @@ export abstract class KyberPreKeyStore {
   _markKyberPreKeyUsed(kyberPreKeyId: number): Promise<void>;
 }
 
-export abstract class SenderKeyStore {
+type SenderKeyStore = {
   _saveSenderKey(
     sender: ProtocolAddress,
     distributionId: Uuid,
@@ -106,14 +109,14 @@ export abstract class SenderKeyStore {
   ): Promise<SenderKeyRecord | null>;
 }
 
-export abstract class InputStream {
+type InputStream = {
   _read(amount: number): Promise<Buffer>;
   _skip(amount: number): Promise<void>;
 }
 
-export abstract class SyncInputStream extends Buffer {}
+type SyncInputStream = Buffer;
 
-export abstract class ChatListener {
+type ChatListener = {
   _incoming_message(
     envelope: Buffer,
     timestamp: number,
@@ -130,12 +133,12 @@ type Wrapper<T> = Readonly<{
   _nativeHandle: T;
 }>;
 
-interface MessageBackupValidationOutcome {
+type MessageBackupValidationOutcome = {
   errorMessage: string | null;
   unknownFieldMessages: Array<string>;
 }
 
-interface CancellablePromise<T> extends Promise<T> {
+type CancellablePromise<T> = Promise<T> & {
   _cancellationToken: bigint;
 }
 

From 9299dbe8b95e9c3ce8e6ed9e8566d3826e2f3734 Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Fri, 15 Nov 2024 16:52:47 -0800
Subject: [PATCH 15/57] swift: Consolidate separate backup error
 representations

MessageBackupValidationError and `SignalError.backupValidation` carry
the same information, and the former is already checked for by name in
the iOS code, so let's standardize on that.
---
 swift/Sources/LibSignalClient/ComparableBackup.swift | 4 ++--
 swift/Sources/LibSignalClient/Error.swift            | 7 +++++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/swift/Sources/LibSignalClient/ComparableBackup.swift b/swift/Sources/LibSignalClient/ComparableBackup.swift
index a1a95c412..4a91604d2 100644
--- a/swift/Sources/LibSignalClient/ComparableBackup.swift
+++ b/swift/Sources/LibSignalClient/ComparableBackup.swift
@@ -29,8 +29,8 @@ public class ComparableBackup: NativeHandleOwner {
     ///  - stream: An InputStream that produces the backup contents.
     ///
     /// - Throws:
-    ///  - `SignalError.ioError`: If an IO error on the input occurs.
-    ///  - `SignalError.backupValidation`: If validation of the input fails.
+    ///  - ``SignalError/ioError(_:)``: If an IO error on the input occurs.
+    ///  - ``MessageBackupValidationError``: If validation of the input fails.
     public convenience init(purpose: MessageBackupPurpose, length: UInt64, stream: SignalInputStream) throws {
         var handle: OpaquePointer?
         try checkError(
diff --git a/swift/Sources/LibSignalClient/Error.swift b/swift/Sources/LibSignalClient/Error.swift
index 2da4d0146..1e10f81d1 100644
--- a/swift/Sources/LibSignalClient/Error.swift
+++ b/swift/Sources/LibSignalClient/Error.swift
@@ -63,7 +63,6 @@ public enum SignalError: Error {
     case chatServiceIntentionallyDisconnected(String)
     case appExpired(String)
     case deviceDeregistered(String)
-    case backupValidation(unknownFields: [String], message: String)
 
     case unknown(UInt32, String)
 }
@@ -225,7 +224,11 @@ internal func checkError(_ error: SignalFfiErrorRef?) throws {
         let unknownFields = try invokeFnReturningStringArray {
             signal_error_get_unknown_fields(error, $0)
         }
-        throw SignalError.backupValidation(unknownFields: unknownFields, message: errStr)
+        // Special case: we have a dedicated type for this one.
+        throw MessageBackupValidationError(
+            errorMessage: errStr,
+            unknownFields: MessageBackupUnknownFields(fields: unknownFields)
+        )
     default:
         throw SignalError.unknown(errType, errStr)
     }

From 1c4ec0f868e9b09946336605be73906afa6305bf Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Fri, 15 Nov 2024 18:12:12 -0800
Subject: [PATCH 16/57] bridge: don't require all BridgeHandles to be Sync

This was mostly a convenience; we can move the Sync constraint to the
places that need it instead.
---
 rust/bridge/shared/types/src/node/convert.rs | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/rust/bridge/shared/types/src/node/convert.rs b/rust/bridge/shared/types/src/node/convert.rs
index 53de11595..06e45943d 100644
--- a/rust/bridge/shared/types/src/node/convert.rs
+++ b/rust/bridge/shared/types/src/node/convert.rs
@@ -1169,7 +1169,7 @@ pub(crate) const NATIVE_HANDLE_PROPERTY: &str = "_nativeHandle";
 /// operations that might differ across types have been factored into the [`BridgeHandleStrategy`]
 /// trait. The [`bridge_as_handle`](crate::support::bridge_as_handle) macro will automatically choose the
 /// correct strategy.
-pub trait BridgeHandle: Send + Sync + Sized + 'static {
+pub trait BridgeHandle: Send + Sized + 'static {
     /// Factors out operations that differ between mutable and immutable bridge handles.
     type Strategy: BridgeHandleStrategy<Self>;
 }
@@ -1321,7 +1321,7 @@ pub struct PersistentBorrowedJsBoxedBridgeHandle<T: Send + Sync + 'static> {
     value_ref: &'static T,
 }
 
-impl<T: BridgeHandle<Strategy = Immutable<T>>> PersistentBorrowedJsBoxedBridgeHandle<T> {
+impl<T: BridgeHandle<Strategy = Immutable<T>> + Sync> PersistentBorrowedJsBoxedBridgeHandle<T> {
     /// Persists `wrapper`, assuming it does in fact reference a boxed Rust value under the
     /// `_nativeHandle` property.
     ///
@@ -1370,7 +1370,9 @@ pub struct PersistentArrayOfBorrowedJsBoxedBridgeHandles<T: Send + Sync + 'stati
     value_refs: Vec<&'static T>,
 }
 
-impl<T: BridgeHandle<Strategy = Immutable<T>>> PersistentArrayOfBorrowedJsBoxedBridgeHandles<T> {
+impl<T: BridgeHandle<Strategy = Immutable<T>> + Sync>
+    PersistentArrayOfBorrowedJsBoxedBridgeHandles<T>
+{
     /// Persists `array`, assuming it does in fact contain an array of objects referencing a boxed
     /// Rust value under the `_nativeHandle` property.
     ///
@@ -1410,7 +1412,7 @@ impl<T: Send + Sync + 'static> Finalize for PersistentArrayOfBorrowedJsBoxedBrid
     }
 }
 
-impl<'storage, T: BridgeHandle<Strategy = Immutable<T>>> AsyncArgTypeInfo<'storage>
+impl<'storage, T: BridgeHandle<Strategy = Immutable<T>> + Sync> AsyncArgTypeInfo<'storage>
     for &'storage [&'storage T]
 {
     type ArgType = JsArray;

From e03e665c57d5c67db63eff06ec29335ebc4cc324 Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Mon, 18 Nov 2024 14:05:36 -0800
Subject: [PATCH 17/57] Introduce OnlineBackupValidator

Validates a backup frame-by-frame, bypassing the encryption,
compression, and integrity-checking layers. Intended for use during an
export the user is waiting for, such as linking a new device.
---
 .../messagebackup/MessageBackup.java          |  1 +
 .../messagebackup/OnlineBackupValidator.java  | 83 +++++++++++++++++
 .../messagebackup/ComparableBackupTest.java   |  2 +-
 .../MessageBackupValidationTest.java          | 58 ++++++++++++
 .../org/signal/libsignal/internal/Native.java |  5 +
 node/Native.d.ts                              |  4 +
 node/ts/MessageBackup.ts                      | 61 +++++++++++++
 node/ts/test/MessageBackupTest.ts             | 91 +++++++++++++++++--
 rust/bridge/shared/src/message_backup.rs      | 42 ++++++++-
 .../bridge/shared/types/src/message_backup.rs | 54 ++++++++++-
 rust/message-backup/src/backup.rs             |  3 +-
 rust/message-backup/src/lib.rs                | 60 ++++++++++--
 .../LibSignalClient/MessageBackup.swift       | 72 ++++++++++++++-
 swift/Sources/SignalFfi/signal_ffi.h          | 10 ++
 .../MessageBackupTests.swift                  | 52 +++++++++++
 15 files changed, 576 insertions(+), 22 deletions(-)
 create mode 100644 java/client/src/main/java/org/signal/libsignal/messagebackup/OnlineBackupValidator.java

diff --git a/java/client/src/main/java/org/signal/libsignal/messagebackup/MessageBackup.java b/java/client/src/main/java/org/signal/libsignal/messagebackup/MessageBackup.java
index 122b9ff65..85d79551a 100644
--- a/java/client/src/main/java/org/signal/libsignal/messagebackup/MessageBackup.java
+++ b/java/client/src/main/java/org/signal/libsignal/messagebackup/MessageBackup.java
@@ -49,6 +49,7 @@ public static enum Purpose {
    * @return informational result about the successful validation
    * @throws ValidationError with an error message if the input is invalid
    * @throws IOException if the input could not be read
+   * @see OnlineBackupValidator
    */
   public static ValidationResult validate(
       MessageBackupKey key, Purpose purpose, Supplier<InputStream> streamFactory, long streamLength)
diff --git a/java/client/src/main/java/org/signal/libsignal/messagebackup/OnlineBackupValidator.java b/java/client/src/main/java/org/signal/libsignal/messagebackup/OnlineBackupValidator.java
new file mode 100644
index 000000000..e2763da55
--- /dev/null
+++ b/java/client/src/main/java/org/signal/libsignal/messagebackup/OnlineBackupValidator.java
@@ -0,0 +1,83 @@
+//
+// Copyright 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+
+package org.signal.libsignal.messagebackup;
+
+import static org.signal.libsignal.internal.FilterExceptions.filterExceptions;
+
+import org.signal.libsignal.internal.Native;
+import org.signal.libsignal.internal.NativeHandleGuard;
+
+/**
+ * An alternative to {@link MessageBackup#validate} that validates a backup frame-by-frame.
+ *
+ * <p>This is much faster than using {@code MessageBackup.validate()} because it bypasses the
+ * decryption and decompression steps, but that also means it's validating less. Don't forget to
+ * call {@code close()} or use try-with-resources syntax!
+ *
+ * <p>Unlike {@code MessageBackup.validate()}, unknown fields are treated as "soft" errors and
+ * logged, rather than collected and returned to the app for processing.
+ *
+ * <h2>Example</h2>
+ *
+ * <pre>
+ * const validator = new OnlineBackupValidator(
+ *     backupInfoProto.serialize(),
+ *     MessageBackup.Purpose.DEVICE_TRANSFER)
+ * repeat {
+ *   // ...generate Frames...
+ *   validator.addFrame(frameProto.serialize())
+ * }
+ * validator.finalize() // don't forget this!
+ * </pre>
+ */
+public class OnlineBackupValidator extends NativeHandleGuard.SimpleOwner implements AutoCloseable {
+  /**
+   * Initializes an OnlineBackupValidator from the given BackupInfo protobuf message.
+   *
+   * <p>"Soft" errors will be logged, including unrecognized fields in the protobuf.
+   *
+   * @throws ValidationError on error
+   */
+  public OnlineBackupValidator(byte[] backupInfo, MessageBackup.Purpose purpose)
+      throws ValidationError {
+    super(
+        filterExceptions(
+            ValidationError.class,
+            () -> Native.OnlineBackupValidator_New(backupInfo, purpose.ordinal())));
+  }
+
+  @Override
+  protected void release(long nativeHandle) {
+    Native.OnlineBackupValidator_Destroy(nativeHandle);
+  }
+
+  /**
+   * Processes a single Frame protobuf message.
+   *
+   * <p>"Soft" errors will be logged, including unrecognized fields in the protobuf.
+   *
+   * @throws ValidationError on error
+   */
+  public void addFrame(byte[] frame) throws ValidationError {
+    filterExceptions(
+        ValidationError.class,
+        () -> guardedRunChecked(h -> Native.OnlineBackupValidator_AddFrame(h, frame)));
+  }
+
+  /**
+   * Marks that a backup is complete, and does any final checks that require whole-file knowledge.
+   *
+   * <p>"Soft" errors will be logged.
+   *
+   * @throws ValidationError on error
+   */
+  @Override
+  public void close() throws ValidationError {
+    filterExceptions(
+        ValidationError.class,
+        () -> guardedRunChecked(h -> Native.OnlineBackupValidator_Finalize(h)));
+  }
+}
diff --git a/java/client/src/test/java/org/signal/libsignal/messagebackup/ComparableBackupTest.java b/java/client/src/test/java/org/signal/libsignal/messagebackup/ComparableBackupTest.java
index b8ecc555e..e01cc5673 100644
--- a/java/client/src/test/java/org/signal/libsignal/messagebackup/ComparableBackupTest.java
+++ b/java/client/src/test/java/org/signal/libsignal/messagebackup/ComparableBackupTest.java
@@ -20,7 +20,7 @@ public class ComparableBackupTest {
   static final String CANONICAL_BACKUP_PROTO_NAME = "canonical-backup.binproto";
   static final String CANONICAL_BACKUP_STRING_NAME = "canonical-backup.expected.json";
 
-  private static InputStream getCanonicalBackupInputStream() {
+  static InputStream getCanonicalBackupInputStream() {
     return ComparableBackupTest.class.getResourceAsStream(CANONICAL_BACKUP_PROTO_NAME);
   }
 
diff --git a/java/client/src/test/java/org/signal/libsignal/messagebackup/MessageBackupValidationTest.java b/java/client/src/test/java/org/signal/libsignal/messagebackup/MessageBackupValidationTest.java
index e36af804d..4aa3e8d95 100644
--- a/java/client/src/test/java/org/signal/libsignal/messagebackup/MessageBackupValidationTest.java
+++ b/java/client/src/test/java/org/signal/libsignal/messagebackup/MessageBackupValidationTest.java
@@ -22,6 +22,7 @@
 import org.signal.libsignal.protocol.ServiceId.Aci;
 import org.signal.libsignal.protocol.kdf.HKDF;
 import org.signal.libsignal.protocol.util.ByteUtil;
+import org.signal.libsignal.util.Base64;
 import org.signal.libsignal.util.ResourceReader;
 
 public class MessageBackupValidationTest {
@@ -80,6 +81,63 @@ public void validBackupFile() throws IOException, ValidationError {
     assertArrayEquals(result2.unknownFieldMessages, new String[0]);
   }
 
+  @Test
+  public void onlineValidation() throws IOException, ValidationError {
+    final InputStream input = ComparableBackupTest.getCanonicalBackupInputStream();
+
+    final int backupInfoLength = input.read();
+    assertFalse("unexpected EOF", backupInfoLength == -1);
+    assertTrue("single-byte varint", backupInfoLength < 0x80);
+    final byte[] backupInfo = new byte[backupInfoLength];
+    assertEquals("unexpected EOF", input.read(backupInfo), backupInfoLength);
+    final OnlineBackupValidator backup = new OnlineBackupValidator(backupInfo, BACKUP_PURPOSE);
+
+    int frameLength;
+    while ((frameLength = input.read()) != -1) {
+      // Tiny varint parser, only supports two bytes.
+      if (frameLength >= 0x80) {
+        final int secondByte = input.read();
+        assertFalse("unexpected EOF", secondByte == -1);
+        assertTrue("at most a two-byte varint", secondByte < 0x80);
+        frameLength -= 0x80;
+        frameLength |= secondByte << 7;
+      }
+      final byte[] frame = new byte[frameLength];
+      assertEquals("unexpected EOF", input.read(frame), frameLength);
+      backup.addFrame(frame);
+    }
+
+    backup.close();
+  }
+
+  @Test
+  public void onlineValidatorRejectsInvalidBackupInfo() {
+    assertThrows(
+        ValidationError.class, () -> new OnlineBackupValidator(new byte[0], BACKUP_PURPOSE));
+  }
+
+  // The following payload was generated via protoscope.
+  // % protoscope -s | base64
+  // The fields are described by Backup.proto.
+  //
+  // 1: 1
+  // 2: 1731715200000
+  // 3: {`00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff`}
+  private static byte[] VALID_BACKUP_INFO =
+      Base64.decode("CAEQgOiTkrMyGiAAESIzRFVmd4iZqrvM3e7/ABEiM0RVZneImaq7zN3u/w==");
+
+  @Test
+  public void onlineValidatorRejectsInvalidFrame() throws ValidationError {
+    final var backup = new OnlineBackupValidator(VALID_BACKUP_INFO, BACKUP_PURPOSE);
+    assertThrows(ValidationError.class, () -> backup.addFrame(new byte[0]));
+  }
+
+  @Test
+  public void onlineValidatorRejectsInvalidAtClose() throws ValidationError {
+    final var backup = new OnlineBackupValidator(VALID_BACKUP_INFO, BACKUP_PURPOSE);
+    assertThrows(ValidationError.class, () -> backup.close());
+  }
+
   @Test
   public void messageBackupKeyPartsSmokeTest() {
     MessageBackupKey key = makeMessageBackupKey();
diff --git a/java/shared/java/org/signal/libsignal/internal/Native.java b/java/shared/java/org/signal/libsignal/internal/Native.java
index d5fa1ba3a..f0b808327 100644
--- a/java/shared/java/org/signal/libsignal/internal/Native.java
+++ b/java/shared/java/org/signal/libsignal/internal/Native.java
@@ -432,6 +432,11 @@ private Native() {}
   public static native byte[] NumericFingerprintGenerator_GetScannableEncoding(long obj) throws Exception;
   public static native long NumericFingerprintGenerator_New(int iterations, int version, byte[] localIdentifier, byte[] localKey, byte[] remoteIdentifier, byte[] remoteKey) throws Exception;
 
+  public static native void OnlineBackupValidator_AddFrame(long backup, byte[] frame) throws Exception;
+  public static native void OnlineBackupValidator_Destroy(long handle);
+  public static native void OnlineBackupValidator_Finalize(long backup) throws Exception;
+  public static native long OnlineBackupValidator_New(byte[] backupInfoFrame, int purpose) throws Exception;
+
   public static native byte[] PinHash_AccessKey(long ph);
   public static native void PinHash_Destroy(long handle);
   public static native byte[] PinHash_EncryptionKey(long ph);
diff --git a/node/Native.d.ts b/node/Native.d.ts
index c56e3bd43..5b5a2d08d 100644
--- a/node/Native.d.ts
+++ b/node/Native.d.ts
@@ -332,6 +332,9 @@ export function MessageBackupKey_GetHmacKey(key: Wrapper<MessageBackupKey>): Buf
 export function MessageBackupValidator_Validate(key: Wrapper<MessageBackupKey>, firstStream: InputStream, secondStream: InputStream, len: bigint, purpose: number): Promise<MessageBackupValidationOutcome>;
 export function MinidumpToJSONString(buffer: Buffer): string;
 export function Mp4Sanitizer_Sanitize(input: InputStream, len: bigint): Promise<SanitizedMetadata>;
+export function OnlineBackupValidator_AddFrame(backup: Wrapper<OnlineBackupValidator>, frame: Buffer): void;
+export function OnlineBackupValidator_Finalize(backup: Wrapper<OnlineBackupValidator>): void;
+export function OnlineBackupValidator_New(backupInfoFrame: Buffer, purpose: number): OnlineBackupValidator;
 export function PlaintextContent_Deserialize(data: Buffer): PlaintextContent;
 export function PlaintextContent_FromDecryptionErrorMessage(m: Wrapper<DecryptionErrorMessage>): PlaintextContent;
 export function PlaintextContent_GetBody(obj: Wrapper<PlaintextContent>): Buffer;
@@ -606,6 +609,7 @@ interface KyberSecretKey { readonly __type: unique symbol; }
 interface LookupRequest { readonly __type: unique symbol; }
 interface MessageBackupKey { readonly __type: unique symbol; }
 interface NonSuspendingBackgroundThreadRuntime { readonly __type: unique symbol; }
+interface OnlineBackupValidator { readonly __type: unique symbol; }
 interface OtherTestingHandleType { readonly __type: unique symbol; }
 interface PlaintextContent { readonly __type: unique symbol; }
 interface PreKeyBundle { readonly __type: unique symbol; }
diff --git a/node/ts/MessageBackup.ts b/node/ts/MessageBackup.ts
index 882b1bf9c..4ca62ea5a 100644
--- a/node/ts/MessageBackup.ts
+++ b/node/ts/MessageBackup.ts
@@ -141,6 +141,8 @@ export enum Purpose {
  * @param length The exact length of the input stream.
  * @returns The outcome of validation, including any errors and warnings.
  * @throws IoError If an IO error on the input occurs.
+ *
+ * @see OnlineBackupValidator
  */
 export async function validate(
   backupKey: MessageBackupKey,
@@ -161,6 +163,65 @@ export async function validate(
   );
 }
 
+/**
+ * An alternative to {@link validate()} that validates a backup frame-by-frame.
+ *
+ * This is much faster than using `validate()` because it bypasses the decryption and decompression
+ * steps, but that also means it's validating less. Don't forget to call `finalize()`!
+ *
+ * Unlike `validate()`, unknown fields are treated as "soft" errors and logged, rather than
+ * collected and returned to the app for processing.
+ *
+ * # Example
+ *
+ * ```
+ * const validator = new OnlineBackupValidator(
+ *     backupInfoProto.serialize(),
+ *     Purpose.deviceTransfer)
+ * repeat {
+ *   // ...generate Frames...
+ *   validator.addFrame(frameProto.serialize())
+ * }
+ * validator.finalize() // don't forget this!
+ * ```
+ */
+export class OnlineBackupValidator {
+  readonly _nativeHandle: Native.OnlineBackupValidator;
+
+  /**
+   * Initializes an OnlineBackupValidator from the given BackupInfo protobuf message.
+   *
+   * "Soft" errors will be logged, including unrecognized fields in the protobuf.
+   *
+   * @throws BackupValidationError on error
+   */
+  constructor(backupInfo: Buffer, purpose: Purpose) {
+    this._nativeHandle = Native.OnlineBackupValidator_New(backupInfo, purpose);
+  }
+
+  /**
+   * Processes a single Frame protobuf message.
+   *
+   * "Soft" errors will be logged, including unrecognized fields in the protobuf.
+   *
+   * @throws BackupValidationError on error
+   */
+  addFrame(frame: Buffer): void {
+    Native.OnlineBackupValidator_AddFrame(this, frame);
+  }
+
+  /**
+   * Marks that a backup is complete, and does any final checks that require whole-file knowledge.
+   *
+   * "Soft" errors will be logged.
+   *
+   * @throws BackupValidationError on error
+   */
+  finalize(): void {
+    Native.OnlineBackupValidator_Finalize(this);
+  }
+}
+
 /**
  * An in-memory representation of a backup file used to compare contents.
  *
diff --git a/node/ts/test/MessageBackupTest.ts b/node/ts/test/MessageBackupTest.ts
index e53f97e1b..41537b662 100644
--- a/node/ts/test/MessageBackupTest.ts
+++ b/node/ts/test/MessageBackupTest.ts
@@ -12,6 +12,7 @@ import * as fs from 'node:fs';
 import * as path from 'node:path';
 import { hkdf, LogLevel } from '..';
 import { BackupKey } from '../AccountKeys';
+import { Readable } from 'node:stream';
 
 util.initLogger(LogLevel.Trace);
 
@@ -98,17 +99,17 @@ describe('MessageBackup', () => {
   });
 });
 
+const exampleBackup = fs.readFileSync(
+  path.join(__dirname, '../../ts/test/canonical-backup.binproto')
+);
+
 describe('ComparableBackup', () => {
   describe('exampleBackup', () => {
-    const input = fs.readFileSync(
-      path.join(__dirname, '../../ts/test/canonical-backup.binproto')
-    );
-
     it('stringifies to the expected value', async () => {
       const comparable = await MessageBackup.ComparableBackup.fromUnencrypted(
         MessageBackup.Purpose.RemoteBackup,
-        new Uint8ArrayInputStream(input),
-        BigInt(input.length)
+        new Uint8ArrayInputStream(exampleBackup),
+        BigInt(exampleBackup.length)
       );
 
       const expectedOutput = fs.readFileSync(
@@ -119,3 +120,81 @@ describe('ComparableBackup', () => {
     });
   });
 });
+
+describe('OnlineBackupValidator', () => {
+  it('can read frames from a valid file', () => {
+    // `Readable.read` normally returns `any`, because it supports settable encodings.
+    // Here we override that `read` member with one that always produces a Buffer,
+    // for more convenient use in the test. Note that this is unchecked.
+    type ReadableUsingBuffer = Omit<Readable, 'read'> & {
+      read(size: number): Buffer;
+    };
+    const input: ReadableUsingBuffer = new Readable();
+    input.push(exampleBackup);
+    input.push(null);
+
+    const backupInfoLength = input.read(1)[0];
+    assert.isBelow(backupInfoLength, 0x80, 'single-byte varint');
+    const backupInfo = input.read(backupInfoLength);
+    assert.equal(backupInfo.length, backupInfoLength, 'unexpected EOF');
+    const backup = new MessageBackup.OnlineBackupValidator(
+      backupInfo,
+      MessageBackup.Purpose.RemoteBackup
+    );
+
+    let frameLengthBuf;
+    while ((frameLengthBuf = input.read(1))) {
+      let frameLength = frameLengthBuf[0];
+      // Tiny varint parser, only supports two bytes.
+      if (frameLength >= 0x80) {
+        const secondByte = input.read(1)[0];
+        assert.isBelow(secondByte, 0x80, 'at most a two-byte varint');
+        frameLength -= 0x80;
+        frameLength |= secondByte << 7;
+      }
+      const frame = input.read(frameLength);
+      assert.equal(frame.length, frameLength, 'unexpected EOF');
+      backup.addFrame(frame);
+    }
+
+    backup.finalize();
+  });
+
+  it('rejects invalid BackupInfo', () => {
+    assert.throws(
+      () =>
+        new MessageBackup.OnlineBackupValidator(
+          Buffer.of(),
+          MessageBackup.Purpose.RemoteBackup
+        )
+    );
+  });
+
+  // The following payload was generated via protoscope.
+  // % protoscope -s | base64
+  // The fields are described by Backup.proto.
+  //
+  // 1: 1
+  // 2: 1731715200000
+  // 3: {`00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff`}
+  const VALID_BACKUP_INFO: Buffer = Buffer.from(
+    'CAEQgOiTkrMyGiAAESIzRFVmd4iZqrvM3e7/ABEiM0RVZneImaq7zN3u/w==',
+    'base64'
+  );
+
+  it('rejects invalid Frames', () => {
+    const backup = new MessageBackup.OnlineBackupValidator(
+      VALID_BACKUP_INFO,
+      MessageBackup.Purpose.RemoteBackup
+    );
+    assert.throws(() => backup.addFrame(Buffer.of()));
+  });
+
+  it('rejects invalid backups on finalize', () => {
+    const backup = new MessageBackup.OnlineBackupValidator(
+      VALID_BACKUP_INFO,
+      MessageBackup.Purpose.RemoteBackup
+    );
+    assert.throws(() => backup.finalize());
+  });
+});
diff --git a/rust/bridge/shared/src/message_backup.rs b/rust/bridge/shared/src/message_backup.rs
index bddf5c823..c411505bb 100644
--- a/rust/bridge/shared/src/message_backup.rs
+++ b/rust/bridge/shared/src/message_backup.rs
@@ -8,7 +8,7 @@ use libsignal_bridge_macros::*;
 use libsignal_bridge_types::message_backup::*;
 use libsignal_message_backup::backup::Purpose;
 use libsignal_message_backup::frame::LimitedReaderFactory;
-use libsignal_message_backup::{BackupReader, ReadResult};
+use libsignal_message_backup::{BackupReader, FoundUnknownField, ReadError, ReadResult};
 use libsignal_protocol::Aci;
 
 use crate::io::{AsyncInput, InputStream};
@@ -114,3 +114,43 @@ async fn MessageBackupValidator_Validate(
         found_unknown_fields,
     })
 }
+
+bridge_handle_fns!(OnlineBackupValidator, clone = false);
+
+#[bridge_fn]
+fn OnlineBackupValidator_New(
+    backup_info_frame: &[u8],
+    purpose: AsType<Purpose, u8>,
+) -> Result<OnlineBackupValidator, ReadError> {
+    OnlineBackupValidator::from_backup_info_frame(backup_info_frame, purpose.into_inner())
+        .map_err(ReadError::with_error_only)
+}
+
+#[bridge_fn]
+fn OnlineBackupValidator_AddFrame(
+    backup: &mut OnlineBackupValidator,
+    frame: &[u8],
+) -> Result<(), ReadError> {
+    let unknown_fields = backup
+        .get_mut()
+        .parse_and_add_frame(frame, |_| ())
+        .map_err(ReadError::with_error_only)?;
+
+    for (path, value) in unknown_fields {
+        log::warn!(
+            "{}",
+            FoundUnknownField {
+                frame_index: 0,
+                path,
+                value,
+            }
+        );
+    }
+
+    Ok(())
+}
+
+#[bridge_fn]
+fn OnlineBackupValidator_Finalize(backup: &mut OnlineBackupValidator) -> Result<(), ReadError> {
+    backup.finalize().map_err(ReadError::with_error_only)
+}
diff --git a/rust/bridge/shared/types/src/message_backup.rs b/rust/bridge/shared/types/src/message_backup.rs
index 2062d146b..a76fff333 100644
--- a/rust/bridge/shared/types/src/message_backup.rs
+++ b/rust/bridge/shared/types/src/message_backup.rs
@@ -9,7 +9,7 @@ use libsignal_account_keys::{AccountEntropyPool, BackupId, BackupKey, BACKUP_KEY
 use libsignal_message_backup::frame::ValidationError as FrameValidationError;
 use libsignal_message_backup::key::MessageBackupKey as MessageBackupKeyInner;
 use libsignal_message_backup::parse::ParseError;
-use libsignal_message_backup::{Error, FoundUnknownField};
+use libsignal_message_backup::{backup, Error, FoundUnknownField};
 use libsignal_protocol::Aci;
 
 use crate::*;
@@ -95,8 +95,58 @@ pub struct MessageBackupValidationOutcome {
 bridge_as_handle!(MessageBackupValidationOutcome, jni = false, node = false);
 
 pub struct ComparableBackup {
-    pub backup: libsignal_message_backup::backup::serialize::Backup,
+    pub backup: backup::serialize::Backup,
     pub found_unknown_fields: Vec<FoundUnknownField>,
 }
 
 bridge_as_handle!(ComparableBackup);
+
+pub struct OnlineBackupValidator {
+    backup: Option<backup::PartialBackup<backup::ValidateOnly>>,
+}
+
+impl OnlineBackupValidator {
+    pub fn from_backup_info_frame(
+        backup_info: &[u8],
+        purpose: backup::Purpose,
+    ) -> Result<Self, Error> {
+        Ok(Self {
+            backup: Some(backup::PartialBackup::by_parsing(
+                backup_info,
+                purpose,
+                |_| (),
+            )?),
+        })
+    }
+
+    pub fn get_mut(&mut self) -> &mut backup::PartialBackup<backup::ValidateOnly> {
+        self.backup
+            .as_mut()
+            .expect("OnlineBackupValidator has not yet been finalized")
+    }
+
+    pub fn finalize(&mut self) -> Result<(), Error> {
+        let partial_backup = self
+            .backup
+            .take()
+            .expect("OnlineBackupValidator has not yet been finalized");
+        _ = backup::CompletedBackup::try_from(partial_backup)?;
+        Ok(())
+    }
+}
+
+// This isn't strictly correct; OnlineBackupValidator *does* contain interior mutability.
+// However, because it only allows `&mut` access to its state, it can't be an issue in practice.
+// (`bridge_fn` doesn't know that and so it expects RefUnwindSafe simply for being passed as a pointer.)
+impl std::panic::RefUnwindSafe for OnlineBackupValidator {}
+static_assertions::assert_impl_all!(OnlineBackupValidator: std::panic::UnwindSafe);
+
+bridge_as_handle!(OnlineBackupValidator, mut = true);
+
+impl Drop for OnlineBackupValidator {
+    fn drop(&mut self) {
+        if self.backup.is_some() {
+            log::warn!("OnlineBackupValidator is dropped without calling finalize");
+        }
+    }
+}
diff --git a/rust/message-backup/src/backup.rs b/rust/message-backup/src/backup.rs
index 258a46683..a60a39241 100644
--- a/rust/message-backup/src/backup.rs
+++ b/rust/message-backup/src/backup.rs
@@ -18,7 +18,8 @@ use crate::backup::chat::chat_style::{CustomChatColor, CustomColorId};
 use crate::backup::chat::{ChatData, ChatError, ChatItemData, ChatItemError, PinOrder};
 use crate::backup::frame::{ChatId, RecipientId};
 use crate::backup::map::IntMap;
-use crate::backup::method::{Lookup, LookupPair, Method, Store, ValidateOnly};
+use crate::backup::method::{Lookup, LookupPair, Method};
+pub use crate::backup::method::{Store, ValidateOnly};
 use crate::backup::recipient::{
     DestinationKind, FullRecipientData, MinimalRecipientData, RecipientError,
 };
diff --git a/rust/message-backup/src/lib.rs b/rust/message-backup/src/lib.rs
index 48a959ac2..d8976c2bd 100644
--- a/rust/message-backup/src/lib.rs
+++ b/rust/message-backup/src/lib.rs
@@ -66,6 +66,19 @@ pub struct ReadError {
     pub found_unknown_fields: Vec<FoundUnknownField>,
 }
 
+impl ReadError {
+    /// Creates a `ReadError` without including any unknown field info.
+    ///
+    /// Not a `From` implementation to remind callers not to *discard* unknown field info they may
+    /// have.
+    pub fn with_error_only(error: Error) -> Self {
+        Self {
+            error,
+            found_unknown_fields: vec![],
+        }
+    }
+}
+
 impl std::fmt::Display for ReadError {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         let Self {
@@ -246,16 +259,9 @@ where
                     }
                 };
 
-                let frame_proto = proto::backup::Frame::parse_from_bytes(&frame)?;
-                visitor(&frame_proto);
-                add_found_unknown(
-                    &mut unknown_fields,
-                    frame_proto.collect_unknown_fields(),
-                    frame_index,
-                );
+                let these_unknown_fields = backup.parse_and_add_frame(&frame, &mut visitor)?;
+                add_found_unknown(&mut unknown_fields, these_unknown_fields, frame_index);
                 frame_index += 1;
-
-                backup.add_frame(frame_proto)?;
             }
         })
         .expect("can create threads");
@@ -296,6 +302,42 @@ where
     Ok(backup)
 }
 
+impl<M: backup::method::Method + backup::ReferencedTypes> backup::PartialBackup<M> {
+    pub fn by_parsing(
+        raw_backup_info: &[u8],
+        purpose: Purpose,
+        mut visitor: impl FnMut(&dyn std::fmt::Debug) + Send,
+    ) -> Result<Self, crate::Error> {
+        let backup_info_proto = proto::backup::BackupInfo::parse_from_bytes(raw_backup_info)?;
+        visitor(&backup_info_proto);
+        for (path, value) in backup_info_proto.collect_unknown_fields() {
+            // This API doesn't have a good way to report unknown fields; logging is the best we can
+            // do if we don't want a fatal error.
+            log::warn!(
+                "BackupInfo proto: {}",
+                FoundUnknownField {
+                    frame_index: 0,
+                    path,
+                    value
+                }
+            );
+        }
+        Ok(Self::new(backup_info_proto, purpose)?)
+    }
+
+    pub fn parse_and_add_frame(
+        &mut self,
+        raw_frame: &[u8],
+        mut visitor: impl FnMut(&dyn std::fmt::Debug) + Send,
+    ) -> Result<Vec<(Vec<PathPart>, UnknownValue)>, crate::Error> {
+        let frame_proto = proto::backup::Frame::parse_from_bytes(raw_frame)?;
+        visitor(&frame_proto);
+        let unknown_fields = frame_proto.collect_unknown_fields();
+        self.add_frame(frame_proto)?;
+        Ok(unknown_fields)
+    }
+}
+
 impl From<VerifyHmacError> for Error {
     fn from(value: VerifyHmacError) -> Self {
         match value {
diff --git a/swift/Sources/LibSignalClient/MessageBackup.swift b/swift/Sources/LibSignalClient/MessageBackup.swift
index 526eece72..620b66ec9 100644
--- a/swift/Sources/LibSignalClient/MessageBackup.swift
+++ b/swift/Sources/LibSignalClient/MessageBackup.swift
@@ -107,8 +107,10 @@ public enum MessageBackupPurpose: UInt8, Sendable {
 /// - Returns: an object describing the validation outcome.
 ///
 /// - Throws:
-///  - `SignalError.ioError`: If an IO error on the input occurs.
-///  - `MessageBackupValidationError`: If validation fails
+///  - ``SignalError/ioError(_:)``: If an IO error on the input occurs.
+///  - ``MessageBackupValidationError``: If validation fails
+///
+/// - SeeAlso: ``OnlineBackupValidator``
 public func validateMessageBackup(
     key: MessageBackupKey, purpose: MessageBackupPurpose, length: UInt64, makeStream: () throws -> SignalInputStream
 ) throws -> MessageBackupUnknownFields {
@@ -128,6 +130,72 @@ public func validateMessageBackup(
     return outcome.unknownFields
 }
 
+/// An alternative to ``validateMessageBackup(key:purpose:length:makeStream:)`` that validates a backup frame-by-frame.
+///
+/// This is much faster than using `validateMessageBackup(...)` because it bypasses the decryption and decompression steps, but that also means it's validating less. Don't forget to call `finalize()`!
+///
+/// Unlike `validateMessageBackup(...)`, unknown fields are treated as "soft" errors and logged, rather than collected and returned to the app for processing.
+///
+/// # Example
+///
+/// ```
+/// let validator = try OnlineBackupValidator(
+///     backupInfo: backupInfoProto.serialize(),
+///     purpose: .deviceTransfer)
+/// repeat {
+///   // ...generate Frames...
+///   try validator.addFrame(frameProto.serialize())
+/// }
+/// try validator.finalize() // don't forget this!
+/// ```
+public class OnlineBackupValidator: NativeHandleOwner {
+    /// Initializes an OnlineBackupValidator from the given BackupInfo protobuf message.
+    ///
+    /// "Soft" errors will be logged, including unrecognized fields in the protobuf.
+    ///
+    /// - Throws: ``MessageBackupValidationError`` on error.
+    public convenience init<Bytes: ContiguousBytes>(backupInfo: Bytes, purpose: MessageBackupPurpose) throws {
+        let handle = try backupInfo.withUnsafeBorrowedBuffer { backupInfo in
+            var outputHandle: OpaquePointer?
+            try checkError(signal_online_backup_validator_new(&outputHandle, backupInfo, purpose.rawValue))
+            return outputHandle!
+        }
+        self.init(owned: handle)
+    }
+
+    internal required init(owned handle: OpaquePointer) {
+        super.init(owned: handle)
+    }
+
+    override internal class func destroyNativeHandle(_ handle: OpaquePointer) -> SignalFfiErrorRef? {
+        signal_online_backup_validator_destroy(handle)
+    }
+
+    /// Processes a single Frame protobuf message.
+    ///
+    /// "Soft" errors will be logged, including unrecognized fields in the protobuf.
+    ///
+    /// - Throws: ``MessageBackupValidationError`` on error.
+    public func addFrame<Bytes: ContiguousBytes>(_ frame: Bytes) throws {
+        try withNativeHandle { handle in
+            try frame.withUnsafeBorrowedBuffer { frame in
+                try checkError(signal_online_backup_validator_add_frame(handle, frame))
+            }
+        }
+    }
+
+    /// Marks that a backup is complete, and does any final checks that require whole-file knowledge.
+    ///
+    /// "Soft" errors will be logged.
+    ///
+    /// - Throws: ``MessageBackupValidationError`` on error.
+    public func finalize() throws {
+        try withNativeHandle { handle in
+            try checkError(signal_online_backup_validator_finalize(handle))
+        }
+    }
+}
+
 /// The outcome of a failed validation attempt.
 public struct MessageBackupValidationError: Error {
     /// The human-readable error that caused validation to fail.
diff --git a/swift/Sources/SignalFfi/signal_ffi.h b/swift/Sources/SignalFfi/signal_ffi.h
index fca8d5b5f..780de4ccc 100644
--- a/swift/Sources/SignalFfi/signal_ffi.h
+++ b/swift/Sources/SignalFfi/signal_ffi.h
@@ -256,6 +256,8 @@ typedef struct SignalMessageBackupKey SignalMessageBackupKey;
 
 typedef struct SignalMessageBackupValidationOutcome SignalMessageBackupValidationOutcome;
 
+typedef struct SignalOnlineBackupValidator SignalOnlineBackupValidator;
+
 typedef struct SignalPinHash SignalPinHash;
 
 typedef struct SignalPlaintextContent SignalPlaintextContent;
@@ -1637,6 +1639,14 @@ SignalFfiError *signal_message_backup_validation_outcome_get_unknown_fields(Sign
 
 SignalFfiError *signal_message_backup_validator_validate(SignalMessageBackupValidationOutcome **out, const SignalMessageBackupKey *key, const SignalInputStream *first_stream, const SignalInputStream *second_stream, uint64_t len, uint8_t purpose);
 
+SignalFfiError *signal_online_backup_validator_destroy(SignalOnlineBackupValidator *p);
+
+SignalFfiError *signal_online_backup_validator_new(SignalOnlineBackupValidator **out, SignalBorrowedBuffer backup_info_frame, uint8_t purpose);
+
+SignalFfiError *signal_online_backup_validator_add_frame(SignalOnlineBackupValidator *backup, SignalBorrowedBuffer frame);
+
+SignalFfiError *signal_online_backup_validator_finalize(SignalOnlineBackupValidator *backup);
+
 SignalFfiError *signal_username_hash(uint8_t (*out)[32], const char *username);
 
 SignalFfiError *signal_username_proof(SignalOwnedBuffer *out, const char *username, SignalBorrowedBuffer randomness);
diff --git a/swift/Tests/LibSignalClientTests/MessageBackupTests.swift b/swift/Tests/LibSignalClientTests/MessageBackupTests.swift
index 2489bf6b7..17592c690 100644
--- a/swift/Tests/LibSignalClientTests/MessageBackupTests.swift
+++ b/swift/Tests/LibSignalClientTests/MessageBackupTests.swift
@@ -79,6 +79,29 @@ class MessageBackupTests: TestCaseBase {
         }
     }
 
+    func testOnlineValidatorInvalidBackupInfo() throws {
+        XCTAssertThrowsError(try OnlineBackupValidator(backupInfo: [], purpose: .remoteBackup))
+    }
+
+    // The following payload was generated via protoscope.
+    // % protoscope -s | base64
+    // The fields are described by Backup.proto.
+    //
+    // 1: 1
+    // 2: 1731715200000
+    // 3: {`00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff`}
+    private let VALID_BACKUP_INFO: Data = .init(base64Encoded: "CAEQgOiTkrMyGiAAESIzRFVmd4iZqrvM3e7/ABEiM0RVZneImaq7zN3u/w==")!
+
+    func testOnlineValidatorInvalidFrame() throws {
+        let backup = try OnlineBackupValidator(backupInfo: VALID_BACKUP_INFO, purpose: .remoteBackup)
+        XCTAssertThrowsError(try backup.addFrame([]))
+    }
+
+    func testOnlineValidatorInvalidFinalize() throws {
+        let backup = try OnlineBackupValidator(backupInfo: VALID_BACKUP_INFO, purpose: .remoteBackup)
+        XCTAssertThrowsError(try backup.finalize())
+    }
+
 #if !os(iOS) || targetEnvironment(simulator)
     func testComparableBackup() throws {
         let bytes = readResource(forName: "canonical-backup.binproto")
@@ -88,6 +111,35 @@ class MessageBackupTests: TestCaseBase {
         let expected = String(data: readResource(forName: "canonical-backup.expected.json"), encoding: .utf8)!
         XCTAssertEqual(comparableString, expected)
     }
+
+    func testOnlineValidation() throws {
+        var bytes = readResource(forName: "canonical-backup.binproto")
+
+        let backupInfoLength = Int(bytes[0])
+        XCTAssertLessThan(backupInfoLength, 0x80, "single-byte varint")
+        let backupInfo = bytes.dropFirst(1).prefix(backupInfoLength)
+        XCTAssertEqual(backupInfo.count, backupInfoLength, "unexpected EOF")
+        let backup = try OnlineBackupValidator(backupInfo: backupInfo, purpose: .remoteBackup)
+        bytes = bytes[backupInfo.endIndex...]
+
+        while var frameLength = bytes.first.map({ Int($0) }) {
+            bytes = bytes.dropFirst()
+            // Tiny varint parser, only supports two bytes.
+            if frameLength >= 0x80 {
+                let secondByte = Int(bytes.first!)
+                XCTAssertLessThan(secondByte, 0x80, "at most a two-byte varint")
+                frameLength -= 0x80
+                frameLength |= secondByte << 7
+                bytes = bytes.dropFirst()
+            }
+            let frame = bytes.prefix(frameLength)
+            XCTAssertEqual(frame.count, frameLength, "unexpected EOF")
+            try backup.addFrame(frame)
+            bytes = bytes[frame.endIndex...]
+        }
+
+        try backup.finalize()
+    }
 #endif
 
     static func validateBackup(bytes: some Collection<UInt8>) throws -> MessageBackupUnknownFields {

From 5a7f08f81489f5356605a51cf08cf604ee09e715 Mon Sep 17 00:00:00 2001
From: Alex Konradi <akonradi@signal.org>
Date: Wed, 20 Nov 2024 17:27:27 -0500
Subject: [PATCH 18/57] Node: Update to ES2021

---
 node/tsconfig.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/node/tsconfig.json b/node/tsconfig.json
index f1254c731..7de3e1bcf 100644
--- a/node/tsconfig.json
+++ b/node/tsconfig.json
@@ -1,6 +1,6 @@
 {
   "compilerOptions": {
-    "target": "es2020",
+    "target": "es2021",
     "module": "commonjs",
     "declaration": true,
     "outDir": "./dist",

From 322f258e83a87a5e63eab1212bf9aab64d4a7022 Mon Sep 17 00:00:00 2001
From: Alex Konradi <akonradi@signal.org>
Date: Thu, 21 Nov 2024 08:38:33 -0500
Subject: [PATCH 19/57] Impl new chat and bridge to node

---
 node/Native.d.ts                             |   8 +
 node/ts/net.ts                               | 280 +++++++++++++++++--
 node/ts/test/NetTest.ts                      |  96 +++++--
 rust/bridge/shared/src/net/chat.rs           |  81 ++++++
 rust/bridge/shared/types/src/ffi/chat.rs     |   1 +
 rust/bridge/shared/types/src/net/chat.rs     | 145 +++++++++-
 rust/bridge/shared/types/src/node/convert.rs |  16 ++
 rust/net/src/chat.rs                         | 109 +++++++-
 rust/net/src/chat/server_requests.rs         |  19 +-
 9 files changed, 690 insertions(+), 65 deletions(-)

diff --git a/node/Native.d.ts b/node/Native.d.ts
index 5b5a2d08d..afb3822eb 100644
--- a/node/Native.d.ts
+++ b/node/Native.d.ts
@@ -160,6 +160,9 @@ export function AuthCredentialPresentation_GetRedemptionTime(presentationBytes:
 export function AuthCredentialPresentation_GetUuidCiphertext(presentationBytes: Buffer): Serialized<UuidCiphertext>;
 export function AuthCredentialWithPniResponse_CheckValidContents(bytes: Buffer): void;
 export function AuthCredentialWithPni_CheckValidContents(bytes: Buffer): void;
+export function AuthenticatedChatConnection_connect(asyncRuntime: Wrapper<TokioAsyncContext>, connectionManager: Wrapper<ConnectionManager>, username: string, password: string, receiveStories: boolean, listener: ChatListener | null): CancellablePromise<AuthenticatedChatConnection>;
+export function AuthenticatedChatConnection_disconnect(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<AuthenticatedChatConnection>): CancellablePromise<void>;
+export function AuthenticatedChatConnection_send(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<AuthenticatedChatConnection>, httpRequest: Wrapper<HttpRequest>, timeoutMillis: number): CancellablePromise<ChatResponse>;
 export function BackupAuthCredentialPresentation_CheckValidContents(presentationBytes: Buffer): void;
 export function BackupAuthCredentialPresentation_GetBackupId(presentationBytes: Buffer): Buffer;
 export function BackupAuthCredentialPresentation_GetBackupLevel(presentationBytes: Buffer): number;
@@ -563,6 +566,9 @@ export function TESTING_ServerMessageAck_Create(): ServerMessageAck;
 export function TESTING_TestingHandleType_getValue(handle: Wrapper<TestingHandleType>): number;
 export function TokioAsyncContext_cancel(context: Wrapper<TokioAsyncContext>, rawCancellationId: bigint): void;
 export function TokioAsyncContext_new(): TokioAsyncContext;
+export function UnauthenticatedChatConnection_connect(asyncRuntime: Wrapper<TokioAsyncContext>, connectionManager: Wrapper<ConnectionManager>, listener: ChatListener | null): CancellablePromise<UnauthenticatedChatConnection>;
+export function UnauthenticatedChatConnection_disconnect(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<UnauthenticatedChatConnection>): CancellablePromise<void>;
+export function UnauthenticatedChatConnection_send(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<UnauthenticatedChatConnection>, httpRequest: Wrapper<HttpRequest>, timeoutMillis: number): CancellablePromise<ChatResponse>;
 export function UnidentifiedSenderMessageContent_Deserialize(data: Buffer): UnidentifiedSenderMessageContent;
 export function UnidentifiedSenderMessageContent_GetContentHint(m: Wrapper<UnidentifiedSenderMessageContent>): number;
 export function UnidentifiedSenderMessageContent_GetContents(obj: Wrapper<UnidentifiedSenderMessageContent>): Buffer;
@@ -587,6 +593,7 @@ export function initLogger(maxLevel: LogLevel, callback: (level: LogLevel, targe
 export function test_only_fn_returns_123(): number;
 interface Aes256GcmSiv { readonly __type: unique symbol; }
 interface AuthChat { readonly __type: unique symbol; }
+interface AuthenticatedChatConnection { readonly __type: unique symbol; }
 interface CdsiLookup { readonly __type: unique symbol; }
 interface CiphertextMessage { readonly __type: unique symbol; }
 interface ComparableBackup { readonly __type: unique symbol; }
@@ -645,6 +652,7 @@ interface SignedPreKeyRecord { readonly __type: unique symbol; }
 interface TestingHandleType { readonly __type: unique symbol; }
 interface TokioAsyncContext { readonly __type: unique symbol; }
 interface UnauthChat { readonly __type: unique symbol; }
+interface UnauthenticatedChatConnection { readonly __type: unique symbol; }
 interface UnidentifiedSenderMessageContent { readonly __type: unique symbol; }
 interface UuidCiphertext { readonly __type: unique symbol; }
 interface ValidatingMac { readonly __type: unique symbol; }
diff --git a/node/ts/net.ts b/node/ts/net.ts
index 01bae7e8e..6d55cb6d9 100644
--- a/node/ts/net.ts
+++ b/node/ts/net.ts
@@ -216,6 +216,182 @@ export type ChatService = {
   ): Promise<Native.ChatResponse>;
 };
 
+/**
+ * A connection to the Chat Service.
+ *
+ * Provides API methods to communicate with the remote service. Make sure to
+ * call {@link #disconnect()} when the instance is no longer needed.
+ */
+export type ChatConnection = {
+  /**
+   * Initiates termination of the underlying connection to the Chat Service. After the service is
+   * disconnected, it cannot be used again.
+   */
+  disconnect(): Promise<void>;
+
+  /**
+   * Sends request to the Chat Service.
+   */
+  fetch(
+    chatRequest: ChatRequest,
+    options?: { abortSignal?: AbortSignal }
+  ): Promise<Native.ChatResponse>;
+};
+
+export class UnauthenticatedChatConnection implements ChatConnection {
+  static async connect(
+    asyncContext: TokioAsyncContext,
+    connectionManager: ConnectionManager,
+    listener: ConnectionEventsListener,
+    options?: { abortSignal?: AbortSignal }
+  ): Promise<UnauthenticatedChatConnection> {
+    const nativeChatListener = makeNativeChatListener(asyncContext, listener);
+    const connect = Native.UnauthenticatedChatConnection_connect(
+      asyncContext,
+      connectionManager,
+      new WeakListenerWrapper(nativeChatListener)
+    );
+    const chat = await asyncContext.makeCancellable(
+      options?.abortSignal,
+      connect
+    );
+
+    return new UnauthenticatedChatConnection(
+      asyncContext,
+      newNativeHandle(chat),
+      nativeChatListener
+    );
+  }
+
+  private constructor(
+    private readonly asyncContext: TokioAsyncContext,
+    private readonly chatService: Wrapper<Native.UnauthenticatedChatConnection>,
+    // Unused except to keep the listener alive since the Rust code only holds a
+    // weak reference to the same object.
+    private readonly chatListener: Native.ChatListener
+  ) {}
+
+  fetch(
+    chatRequest: ChatRequest,
+    options?: { abortSignal?: AbortSignal }
+  ): Promise<Native.ChatResponse> {
+    return this.asyncContext.makeCancellable(
+      options?.abortSignal,
+      Native.UnauthenticatedChatConnection_send(
+        this.asyncContext,
+        this.chatService,
+        buildHttpRequest(chatRequest),
+        chatRequest.timeoutMillis ?? DEFAULT_CHAT_REQUEST_TIMEOUT_MILLIS
+      )
+    );
+  }
+
+  disconnect(): Promise<void> {
+    return Native.UnauthenticatedChatConnection_disconnect(
+      this.asyncContext,
+      this.chatService
+    );
+  }
+}
+
+export class AuthenticatedChatConnection implements ChatConnection {
+  static async connect(
+    asyncContext: TokioAsyncContext,
+    connectionManager: ConnectionManager,
+    username: string,
+    password: string,
+    receiveStories: boolean,
+    listener: ChatServiceListener,
+    options?: { abortSignal?: AbortSignal }
+  ): Promise<AuthenticatedChatConnection> {
+    const nativeChatListener = makeNativeChatListener(asyncContext, listener);
+    const connect = Native.AuthenticatedChatConnection_connect(
+      asyncContext,
+      connectionManager,
+      username,
+      password,
+      receiveStories,
+      new WeakListenerWrapper(nativeChatListener)
+    );
+    const chat = await asyncContext.makeCancellable(
+      options?.abortSignal,
+      connect
+    );
+    return new AuthenticatedChatConnection(
+      asyncContext,
+      newNativeHandle(chat),
+      nativeChatListener
+    );
+  }
+
+  private constructor(
+    private readonly asyncContext: TokioAsyncContext,
+    private readonly chatService: Wrapper<Native.AuthenticatedChatConnection>,
+    // Unused except to keep the listener alive since the Rust code only holds a
+    // weak reference to the same object.
+    private readonly chatListener: Native.ChatListener
+  ) {}
+
+  fetch(
+    chatRequest: ChatRequest,
+    options?: { abortSignal?: AbortSignal }
+  ): Promise<Native.ChatResponse> {
+    return this.asyncContext.makeCancellable(
+      options?.abortSignal,
+      Native.AuthenticatedChatConnection_send(
+        this.asyncContext,
+        this.chatService,
+        buildHttpRequest(chatRequest),
+        chatRequest.timeoutMillis ?? DEFAULT_CHAT_REQUEST_TIMEOUT_MILLIS
+      )
+    );
+  }
+
+  disconnect(): Promise<void> {
+    return Native.AuthenticatedChatConnection_disconnect(
+      this.asyncContext,
+      this.chatService
+    );
+  }
+}
+
+/**
+ * Holds a {@link Native.ChatListener} by {@link WeakRef} and delegates
+ * `ChatListener` calls to it.
+ *
+ * This lets us avoid passing anything across the bridge that has a normal
+ * (strong) reference to the app-side listener. The danger is that the passed-in
+ * listener might gain a reference to the JS connection object; that would
+ * result in a reference cycle that Node can't clean up because one of the
+ * references is through a Rust `Box`.
+ *
+ * When constructing a connection, calling code should wrap an app-side listener
+ * in this type and pass it across the bridge, then hold its own strong
+ * reference to the same listener as a field. This ensures that if there is a
+ * reference cycle between the connection and app-side listener, that cycle is
+ * visible to the Node runtime, while still ensuring the passed-in listener
+ * stays alive as long as the connection does.
+ */
+class WeakListenerWrapper implements Native.ChatListener {
+  private listener: WeakRef<Native.ChatListener>;
+  constructor(listener: Native.ChatListener) {
+    this.listener = new WeakRef(listener);
+  }
+  _connection_interrupted(reason: Error | null): void {
+    this.listener.deref()?._connection_interrupted(reason);
+  }
+  _incoming_message(
+    envelope: Buffer,
+    timestamp: number,
+    ack: ServerMessageAck
+  ): void {
+    this.listener.deref()?._incoming_message(envelope, timestamp, ack);
+  }
+  _queue_empty(): void {
+    this.listener.deref()?._queue_empty();
+  }
+}
+
 /**
  * Provides API methods to connect and communicate with the Chat Service over an authenticated channel.
  */
@@ -253,8 +429,8 @@ export class AuthenticatedChatService implements ChatService {
       _queue_empty(): void {
         listener.onQueueEmpty();
       },
-      _connection_interrupted(cause: Error | null): void {
-        listener.onConnectionInterrupted(cause as LibSignalError | null);
+      _connection_interrupted(cause: LibSignalError | null): void {
+        listener.onConnectionInterrupted(cause);
       },
     };
     Native.ChatService_SetListenerAuth(
@@ -325,21 +501,7 @@ export class UnauthenticatedChatService implements ChatService {
     this.chatService = newNativeHandle(
       Native.ChatService_new_unauth(connectionManager)
     );
-    const nativeChatListener = {
-      _incoming_message(
-        _envelope: Buffer,
-        _timestamp: number,
-        _ack: ServerMessageAck
-      ): void {
-        throw new Error('Event not supported on unauthenticated connection');
-      },
-      _queue_empty(): void {
-        throw new Error('Event not supported on unauthenticated connection');
-      },
-      _connection_interrupted(cause: LibSignalError | null): void {
-        listener.onConnectionInterrupted(cause);
-      },
-    };
+    const nativeChatListener = makeNativeChatListener(asyncContext, listener);
     Native.ChatService_SetListenerUnauth(
       asyncContext,
       this.chatService,
@@ -394,6 +556,49 @@ export class UnauthenticatedChatService implements ChatService {
   }
 }
 
+function makeNativeChatListener(
+  asyncContext: TokioAsyncContext,
+  listener: ConnectionEventsListener | ChatServiceListener
+): Native.ChatListener {
+  if ('onQueueEmpty' in listener) {
+    return {
+      _incoming_message(
+        envelope: Buffer,
+        timestamp: number,
+        ack: ServerMessageAck
+      ): void {
+        listener.onIncomingMessage(
+          envelope,
+          timestamp,
+          new ChatServerMessageAck(asyncContext, ack)
+        );
+      },
+      _queue_empty(): void {
+        listener.onQueueEmpty();
+      },
+      _connection_interrupted(cause: Error | null): void {
+        listener.onConnectionInterrupted(cause as LibSignalError | null);
+      },
+    };
+  }
+
+  return {
+    _incoming_message(
+      _envelope: Buffer,
+      _timestamp: number,
+      _ack: ServerMessageAck
+    ): void {
+      throw new Error('Event not supported on unauthenticated connection');
+    },
+    _queue_empty(): void {
+      throw new Error('Event not supported on unauthenticated connection');
+    },
+    _connection_interrupted(cause: LibSignalError | null): void {
+      listener.onConnectionInterrupted(cause);
+    },
+  };
+}
+
 export function buildHttpRequest(
   chatRequest: ChatRequest
 ): Wrapper<Native.HttpRequest> {
@@ -499,6 +704,47 @@ export class Net {
     );
   }
 
+  /**
+   *
+   * Creates a new instance of {@link UnauthenticatedChatConnection}.
+   * @param listener the listener for incoming events.
+   * @param options additional options to pass through.
+   * @param options.abortSignal an {@link AbortSignal} that will cancel the connection attempt.
+   * @returns the connected listener, if the connection succeeds.
+   */
+  public async connectUnauthenticatedChat(
+    listener: ConnectionEventsListener,
+    options?: { abortSignal?: AbortSignal }
+  ): Promise<UnauthenticatedChatConnection> {
+    return UnauthenticatedChatConnection.connect(
+      this.asyncContext,
+      this.connectionManager,
+      listener,
+      options
+    );
+  }
+
+  /**
+   * Creates a new instance of {@link AuthenticatedChatConnection}.
+   */
+  public connectAuthenticatedChat(
+    username: string,
+    password: string,
+    receiveStories: boolean,
+    listener: ChatServiceListener,
+    options?: { abortSignal?: AbortSignal }
+  ): Promise<AuthenticatedChatConnection> {
+    return AuthenticatedChatConnection.connect(
+      this.asyncContext,
+      this.connectionManager,
+      username,
+      password,
+      receiveStories,
+      listener,
+      options
+    );
+  }
+
   /**
    * Enables/disables IPv6 for all new connections (until changed).
    *
diff --git a/node/ts/test/NetTest.ts b/node/ts/test/NetTest.ts
index 0a1f9e8d5..0fa24270d 100644
--- a/node/ts/test/NetTest.ts
+++ b/node/ts/test/NetTest.ts
@@ -13,8 +13,11 @@ import * as Native from '../../Native';
 import { ErrorCode, LibSignalErrorBase } from '../Errors';
 import {
   buildHttpRequest,
+  ChatConnection,
   ChatServerMessageAck,
+  ChatService,
   ChatServiceListener,
+  ConnectionEventsListener,
   Environment,
   Net,
   newNativeHandle,
@@ -187,40 +190,71 @@ describe('chat service api', () => {
       }
     });
 
-    const connectChatUnauthenticated = async (net: Net) => {
-      const onInterrupted = sinon.promise();
-      const listener = {
-        onConnectionInterrupted: (...args: [unknown]) =>
-          onInterrupted.resolve(args),
-      };
-      const chatService = net.newUnauthenticatedChatService(listener);
-      await chatService.connect();
-      await chatService.disconnect();
-      await onInterrupted;
-      expect(onInterrupted.resolvedValue).to.eql([null]);
-    };
-
-    it('can connect unauthenticated', async () => {
-      const net = new Net({
-        env: Environment.Production,
-        userAgent: userAgent,
-      });
-      await connectChatUnauthenticated(net);
-    }).timeout(10000);
+    ['ChatService', 'ChatConnection'].forEach((impl) => {
+      describe(impl, () => {
+        let connectChat: (
+          net: Net,
+          listener: ConnectionEventsListener
+        ) => Promise<ChatService | ChatConnection>;
+        switch (impl) {
+          case 'ChatService':
+            connectChat = async (
+              net: Net,
+              listener: ConnectionEventsListener
+            ) => {
+              const chat = net.newUnauthenticatedChatService(listener);
+              await chat.connect();
+              return chat;
+            };
+            break;
+          case 'ChatConnection':
+            connectChat = async (
+              net: Net,
+              listener: ConnectionEventsListener
+            ) => {
+              return await net.connectUnauthenticatedChat(listener);
+            };
+            break;
+        }
+
+        const connectChatUnauthenticated = async (net: Net) => {
+          const onInterrupted = sinon.promise();
+          const listener = {
+            onConnectionInterrupted: (...args: [unknown]) =>
+              onInterrupted.resolve(args),
+          };
+          const chat = await connectChat(net, listener);
+          await chat.disconnect();
+          await onInterrupted;
+          expect(onInterrupted.resolvedValue).to.eql([null]);
+        };
+
+        it('can connect unauthenticated', async () => {
+          const net = new Net({
+            env: Environment.Production,
+            userAgent: userAgent,
+          });
+          await connectChatUnauthenticated(net);
+        }).timeout(10000);
 
-    it('can connect through a proxy server', async () => {
-      const PROXY_SERVER = process.env.LIBSIGNAL_TESTING_PROXY_SERVER;
-      assert(PROXY_SERVER, 'checked above');
+        it('can connect through a proxy server', async () => {
+          const PROXY_SERVER = process.env.LIBSIGNAL_TESTING_PROXY_SERVER;
+          assert(PROXY_SERVER, 'checked above');
 
-      // The default TLS proxy config doesn't support staging, so we connect to production.
-      const net = new Net({
-        env: Environment.Production,
-        userAgent: userAgent,
+          // The default TLS proxy config doesn't support staging, so we connect to production.
+          const net = new Net({
+            env: Environment.Production,
+            userAgent: userAgent,
+          });
+          const [host = PROXY_SERVER, port = '443'] = PROXY_SERVER.split(
+            ':',
+            2
+          );
+          net.setProxy(host, parseInt(port, 10));
+          await connectChatUnauthenticated(net);
+        }).timeout(10000);
       });
-      const [host = PROXY_SERVER, port = '443'] = PROXY_SERVER.split(':', 2);
-      net.setProxy(host, parseInt(port, 10));
-      await connectChatUnauthenticated(net);
-    }).timeout(10000);
+    });
   });
 
   // The following payloads were generated via protoscope.
diff --git a/rust/bridge/shared/src/net/chat.rs b/rust/bridge/shared/src/net/chat.rs
index bcf65ffe9..af1ad722b 100644
--- a/rust/bridge/shared/src/net/chat.rs
+++ b/rust/bridge/shared/src/net/chat.rs
@@ -22,6 +22,18 @@ use crate::*;
 bridge_handle_fns!(AuthChat, clone = false);
 bridge_handle_fns!(UnauthChat, clone = false);
 bridge_handle_fns!(HttpRequest, clone = false);
+bridge_handle_fns!(
+    UnauthenticatedChatConnection,
+    clone = false,
+    ffi = false,
+    jni = false
+);
+bridge_handle_fns!(
+    AuthenticatedChatConnection,
+    clone = false,
+    ffi = false,
+    jni = false
+);
 
 #[bridge_fn(ffi = false)]
 fn HttpRequest_new(
@@ -77,6 +89,75 @@ fn ChatService_new_auth(
     )
 }
 
+#[bridge_io(TokioAsyncContext, ffi = false, jni = false)]
+async fn UnauthenticatedChatConnection_connect(
+    connection_manager: &ConnectionManager,
+    listener: Option<Box<dyn ChatListener>>,
+) -> Result<UnauthenticatedChatConnection, ChatServiceError> {
+    UnauthenticatedChatConnection::connect(connection_manager, listener).await
+}
+
+#[bridge_io(TokioAsyncContext, ffi = false, jni = false)]
+async fn UnauthenticatedChatConnection_send(
+    chat: &UnauthenticatedChatConnection,
+    http_request: &HttpRequest,
+    timeout_millis: u32,
+) -> Result<ChatResponse, ChatServiceError> {
+    let headers = http_request.headers.lock().expect("not poisoned").clone();
+    let request = chat::Request {
+        method: http_request.method.clone(),
+        path: http_request.path.clone(),
+        headers,
+        body: http_request.body.clone(),
+    };
+    chat.send(request, Duration::from_millis(timeout_millis.into()))
+        .await
+}
+
+#[bridge_io(TokioAsyncContext, ffi = false, jni = false)]
+async fn UnauthenticatedChatConnection_disconnect(chat: &UnauthenticatedChatConnection) {
+    chat.disconnect().await
+}
+
+#[bridge_io(TokioAsyncContext, ffi = false, jni = false)]
+async fn AuthenticatedChatConnection_connect(
+    connection_manager: &ConnectionManager,
+    username: String,
+    password: String,
+    receive_stories: bool,
+    listener: Option<Box<dyn ChatListener>>,
+) -> Result<AuthenticatedChatConnection, ChatServiceError> {
+    AuthenticatedChatConnection::connect(
+        connection_manager,
+        listener,
+        Auth { username, password },
+        receive_stories,
+    )
+    .await
+}
+
+#[bridge_io(TokioAsyncContext, ffi = false, jni = false)]
+async fn AuthenticatedChatConnection_send(
+    chat: &AuthenticatedChatConnection,
+    http_request: &HttpRequest,
+    timeout_millis: u32,
+) -> Result<ChatResponse, ChatServiceError> {
+    let headers = http_request.headers.lock().expect("not poisoned").clone();
+    let request = chat::Request {
+        method: http_request.method.clone(),
+        path: http_request.path.clone(),
+        headers,
+        body: http_request.body.clone(),
+    };
+    chat.send(request, Duration::from_millis(timeout_millis.into()))
+        .await
+}
+
+#[bridge_io(TokioAsyncContext, ffi = false, jni = false)]
+async fn AuthenticatedChatConnection_disconnect(chat: &AuthenticatedChatConnection) {
+    chat.disconnect().await
+}
+
 #[bridge_io(TokioAsyncContext)]
 async fn ChatService_disconnect_unauth(chat: &UnauthChat) {
     chat.service.0.disconnect().await
diff --git a/rust/bridge/shared/types/src/ffi/chat.rs b/rust/bridge/shared/types/src/ffi/chat.rs
index 2e0c7051b..ad25480ca 100644
--- a/rust/bridge/shared/types/src/ffi/chat.rs
+++ b/rust/bridge/shared/types/src/ffi/chat.rs
@@ -74,6 +74,7 @@ impl FfiChatListenerStruct {
 // SAFETY: Chat listeners are used from multiple threads. It's up to the creator of the C struct to
 // make sure `ctx` is appropriate for this.
 unsafe impl Send for FfiChatListenerStruct {}
+unsafe impl Sync for FfiChatListenerStruct {}
 
 struct ChatListenerStruct(FfiChatListenerStruct);
 
diff --git a/rust/bridge/shared/types/src/net/chat.rs b/rust/bridge/shared/types/src/net/chat.rs
index 627620c28..378ffb8c7 100644
--- a/rust/bridge/shared/types/src/net/chat.rs
+++ b/rust/bridge/shared/types/src/net/chat.rs
@@ -4,9 +4,10 @@
 //
 
 use std::future::Future;
-use std::panic::{self, RefUnwindSafe};
+use std::panic::{self, RefUnwindSafe, UnwindSafe};
 use std::str::FromStr;
 use std::sync::Arc;
+use std::time::Duration;
 
 use atomic_take::AtomicTake;
 use futures_util::stream::BoxStream;
@@ -16,8 +17,11 @@ use http::uri::{InvalidUri, PathAndQuery};
 use http::{HeaderMap, HeaderName, HeaderValue};
 use libsignal_net::auth::Auth;
 use libsignal_net::chat::{
-    self, ChatServiceError, DebugInfo as ChatServiceDebugInfo, Response as ChatResponse,
+    self, ChatConnection, ChatServiceError, DebugInfo as ChatServiceDebugInfo, Request,
+    Response as ChatResponse,
 };
+use libsignal_net::infra::route::{ConnectionProxyConfig, DirectOrProxyProvider};
+use libsignal_net::infra::tcp_ssl::InvalidProxyConfig;
 use libsignal_protocol::Timestamp;
 use tokio::sync::{mpsc, oneshot};
 
@@ -213,6 +217,128 @@ impl Chat<UnauthChatService> {
 pub type UnauthChat = Chat<UnauthChatService>;
 pub type AuthChat = Chat<AuthChatService>;
 
+pub struct UnauthenticatedChatConnection {
+    inner: ChatConnection,
+}
+bridge_as_handle!(UnauthenticatedChatConnection);
+impl UnwindSafe for UnauthenticatedChatConnection {}
+impl RefUnwindSafe for UnauthenticatedChatConnection {}
+
+pub struct AuthenticatedChatConnection {
+    inner: ChatConnection,
+}
+bridge_as_handle!(AuthenticatedChatConnection);
+impl UnwindSafe for AuthenticatedChatConnection {}
+impl RefUnwindSafe for AuthenticatedChatConnection {}
+
+impl UnauthenticatedChatConnection {
+    pub async fn connect(
+        connection_manager: &ConnectionManager,
+        listener: Option<Box<dyn ChatListener>>,
+    ) -> Result<Self, ChatServiceError> {
+        let inner = establish_chat_connection(connection_manager, listener, None).await?;
+        log::info!("connected unauthenticated chat");
+        Ok(Self { inner })
+    }
+
+    pub async fn send(
+        &self,
+        message: Request,
+        timeout: Duration,
+    ) -> Result<ChatResponse, ChatServiceError> {
+        self.inner.send(message, timeout).await
+    }
+
+    pub async fn disconnect(&self) {
+        self.inner.disconect().await
+    }
+}
+
+impl AuthenticatedChatConnection {
+    pub async fn connect(
+        connection_manager: &ConnectionManager,
+        listener: Option<Box<dyn ChatListener>>,
+        auth: Auth,
+        receive_stories: bool,
+    ) -> Result<Self, ChatServiceError> {
+        let inner = establish_chat_connection(
+            connection_manager,
+            listener,
+            Some(chat::AuthenticatedChatHeaders {
+                auth,
+                receive_stories: receive_stories.into(),
+            }),
+        )
+        .await?;
+        log::info!("connected authenticated chat");
+        Ok(Self { inner })
+    }
+
+    pub async fn send(
+        &self,
+        message: Request,
+        timeout: Duration,
+    ) -> Result<ChatResponse, ChatServiceError> {
+        self.inner.send(message, timeout).await
+    }
+
+    pub async fn disconnect(&self) {
+        self.inner.disconect().await
+    }
+}
+
+async fn establish_chat_connection(
+    connection_manager: &ConnectionManager,
+    listener: Option<Box<dyn ChatListener>>,
+    auth: Option<chat::AuthenticatedChatHeaders>,
+) -> Result<ChatConnection, ChatServiceError> {
+    let ConnectionManager {
+        env,
+        dns_resolver,
+        connect,
+        user_agent,
+        transport_connector,
+        endpoints,
+        ..
+    } = connection_manager;
+
+    let proxy_config: Option<ConnectionProxyConfig> =
+        (&*transport_connector.lock().expect("not poisoned"))
+            .try_into()
+            .map_err(|InvalidProxyConfig| ChatServiceError::ServiceUnavailable)?;
+
+    let libsignal_net::infra::ws2::Config {
+        local_idle_timeout,
+        remote_idle_disconnect_timeout,
+        ..
+    } = endpoints
+        .lock()
+        .expect("not poisoned")
+        .chat
+        .config
+        .ws2_config();
+
+    let chat_connect = &env.chat_domain_config.connect;
+
+    ChatConnection::connect_with(
+        connect,
+        dns_resolver,
+        DirectOrProxyProvider::maybe_proxied(chat_connect.route_provider(), proxy_config),
+        chat_connect
+            .confirmation_header_name
+            .map(HeaderName::from_static),
+        user_agent,
+        libsignal_net::chat::ws2::Config {
+            local_idle_timeout,
+            remote_idle_timeout: remote_idle_disconnect_timeout,
+            initial_request_id: 0,
+        },
+        listener.map(|l| l.into_event_listener()),
+        auth,
+    )
+    .await
+}
+
 pub struct HttpRequest {
     pub method: http::Method,
     pub path: PathAndQuery,
@@ -321,7 +447,7 @@ impl dyn ChatListener {
     /// Consumes `self`. Returns the remaining request stream, in case another listener will be set
     /// later.
     async fn start_listening(
-        self: Box<dyn ChatListener>,
+        self: Box<Self>,
         request_stream_future: impl Future<
             Output = Result<
                 BoxStream<'static, chat::server_requests::ServerEvent>,
@@ -378,6 +504,19 @@ impl dyn ChatListener {
         // Pass the stream along to the next listener, if there is one.
         request_stream
     }
+
+    fn into_event_listener(mut self: Box<Self>) -> Box<dyn FnMut(chat::ws2::ListenerEvent) + Send> {
+        Box::new(move |event| {
+            let event: chat::server_requests::ServerEvent = match event.try_into() {
+                Ok(event) => event,
+                Err(err) => {
+                    log::error!("{err}");
+                    return;
+                }
+            };
+            self.received_server_request(event);
+        })
+    }
 }
 
 /// Wraps a named type and a single-use guard around [`chat::server_requests::AckEnvelopeFuture`].
diff --git a/rust/bridge/shared/types/src/node/convert.rs b/rust/bridge/shared/types/src/node/convert.rs
index 06e45943d..1e37596ef 100644
--- a/rust/bridge/shared/types/src/node/convert.rs
+++ b/rust/bridge/shared/types/src/node/convert.rs
@@ -668,6 +668,22 @@ impl<'storage, 'context: 'storage> ArgTypeInfo<'storage, 'context> for Box<dyn C
     }
 }
 
+impl<'a> AsyncArgTypeInfo<'a> for Box<dyn ChatListener> {
+    type ArgType = JsObject;
+    type StoredType = NodeChatListener;
+
+    fn save_async_arg(
+        cx: &mut FunctionContext,
+        foreign: Handle<Self::ArgType>,
+    ) -> NeonResult<Self::StoredType> {
+        NodeChatListener::new(cx, foreign)
+    }
+
+    fn load_async_arg(stored: &'a mut Self::StoredType) -> Self {
+        stored.make_listener()
+    }
+}
+
 impl<'storage, 'context: 'storage> ArgTypeInfo<'storage, 'context>
     for &'storage mut dyn SyncInputStream
 {
diff --git a/rust/net/src/chat.rs b/rust/net/src/chat.rs
index a137ff56d..5bcb66c36 100644
--- a/rust/net/src/chat.rs
+++ b/rust/net/src/chat.rs
@@ -2,6 +2,8 @@
 // Copyright 2023 Signal Messenger, LLC.
 // SPDX-License-Identifier: AGPL-3.0-only
 //
+
+use std::ops::ControlFlow;
 use std::sync::Arc;
 use std::time::Duration;
 
@@ -9,7 +11,14 @@ use ::http::uri::PathAndQuery;
 use ::http::{HeaderMap, HeaderName, HeaderValue, StatusCode};
 use async_trait::async_trait;
 use futures_util::future::BoxFuture;
-use libsignal_net_infra::connection_manager::MultiRouteConnectionManager;
+use libsignal_net_infra::connection_manager::{
+    ErrorClass, ErrorClassifier, MultiRouteConnectionManager,
+};
+use libsignal_net_infra::dns::DnsResolver;
+use libsignal_net_infra::route::{
+    RouteProvider, RouteProviderExt, ThrottlingConnector, UnresolvedHttpsServiceRoute,
+    UnresolvedWebsocketServiceRoute, WebSocketRoute, WebSocketRouteFragment,
+};
 use libsignal_net_infra::service::{Service, ServiceConnectorWithDecorator};
 use libsignal_net_infra::timeouts::{MULTI_ROUTE_CONNECTION_TIMEOUT, ONE_ROUTE_CONNECTION_TIMEOUT};
 use libsignal_net_infra::utils::ObservableEvent;
@@ -21,6 +30,7 @@ use libsignal_net_infra::{
 
 use crate::auth::Auth;
 use crate::chat::ws::{ChatOverWebSocketServiceConnector, ServerEvent};
+use crate::connect_state::ConnectState;
 use crate::env::{add_user_agent_header, ConnectionConfig, UserAgent};
 use crate::proto;
 
@@ -505,6 +515,103 @@ pub fn endpoint_connection(
     )
 }
 
+pub struct ChatConnection {
+    inner: self::ws2::Chat,
+}
+
+pub struct AuthenticatedChatHeaders {
+    pub auth: Auth,
+    pub receive_stories: ReceiveStories,
+}
+
+pub type ChatServiceRoute = UnresolvedWebsocketServiceRoute;
+
+impl ChatConnection {
+    pub async fn connect_with(
+        connect: &tokio::sync::RwLock<ConnectState>,
+        resolver: &DnsResolver,
+        http_route_provider: impl RouteProvider<Route = UnresolvedHttpsServiceRoute>,
+        confirmation_header_name: Option<HeaderName>,
+        user_agent: &UserAgent,
+        ws_config: self::ws2::Config,
+        listener: self::ws2::EventListener,
+        auth: Option<AuthenticatedChatHeaders>,
+    ) -> Result<Self, ChatServiceError> {
+        let headers = auth
+            .into_iter()
+            .flat_map(
+                |AuthenticatedChatHeaders {
+                     auth,
+                     receive_stories,
+                 }| [auth.as_header(), receive_stories.as_header()],
+            )
+            .chain([user_agent.as_header()]);
+        let ws_fragment = WebSocketRouteFragment {
+            ws_config: Default::default(),
+            endpoint: PathAndQuery::from_static(crate::env::constants::WEB_SOCKET_PATH),
+            headers: HeaderMap::from_iter(headers),
+        };
+        let ws_routes = http_route_provider.map_routes(|http| WebSocketRoute {
+            inner: http,
+            fragment: ws_fragment.clone(),
+        });
+
+        let result = ConnectState::connect_ws(
+            connect,
+            ws_routes,
+            // If we create multiple authenticated chat websocket connections at
+            // the same time, the server will terminate earlier ones as later
+            // ones complete. Throttling at the websocket connection level
+            // lets us get connection parallelism at the transport level (which
+            // is useful) while limiting us to one fully established connection
+            // at a time.
+            ThrottlingConnector::new(crate::infra::ws::Stateless, 1),
+            resolver,
+            confirmation_header_name.as_ref(),
+            |error| match error.classify() {
+                ErrorClass::Intermittent => ControlFlow::Continue(()),
+                ErrorClass::Fatal | ErrorClass::RetryAt(_) => {
+                    ControlFlow::Break(ChatServiceError::from(error))
+                }
+            },
+        )
+        .await;
+
+        match result {
+            Ok(ws_connection) => Ok(Self {
+                inner: self::ws2::Chat::new(ws_connection, ws_config, listener),
+            }),
+            Err(e) => {
+                use crate::infra::route::ConnectError;
+                Err(match e {
+                    ConnectError::NoResolvedRoutes => {
+                        ChatServiceError::AllConnectionRoutesFailed { attempts: 0 }
+                    }
+                    ConnectError::AllAttemptsFailed => {
+                        ChatServiceError::AllConnectionRoutesFailed { attempts: 1 }
+                    }
+                    ConnectError::FatalConnect(err) => err,
+                })
+            }
+        }
+    }
+
+    pub async fn send(
+        &self,
+        msg: Request,
+        timeout: Duration,
+    ) -> Result<Response, ChatServiceError> {
+        let send_result = tokio::time::timeout(timeout, self.inner.send(msg))
+            .await
+            .map_err(|_elapsed| ChatServiceError::Timeout)?;
+        Ok(send_result?)
+    }
+
+    pub async fn disconect(&self) {
+        self.inner.disconnect().await
+    }
+}
+
 #[cfg(feature = "test-util")]
 pub mod test_support {
     use std::sync::Arc;
diff --git a/rust/net/src/chat/server_requests.rs b/rust/net/src/chat/server_requests.rs
index d96c805b9..264ef6fc7 100644
--- a/rust/net/src/chat/server_requests.rs
+++ b/rust/net/src/chat/server_requests.rs
@@ -54,30 +54,23 @@ impl std::fmt::Debug for ServerEvent {
     }
 }
 
-#[derive(Debug)]
+#[derive(Debug, displaydoc::Display)]
 pub enum ServerEventError {
+    /// server request used unexpected verb {0}
     UnexpectedVerb(String),
+    /// server request missing path
     MissingPath,
+    /// server sent an unknown request: {0}
     UnrecognizedPath(String),
 }
 
 pub fn stream_incoming_messages(
     receiver: mpsc::Receiver<WsServerEvent<impl AsyncDuplexStream + 'static>>,
 ) -> impl Stream<Item = ServerEvent> {
-    ReceiverStream::new(receiver).filter_map(|request| match request.try_into() {
+    ReceiverStream::new(receiver).filter_map(|request| match ServerEvent::try_from(request) {
         Ok(request) => Some(request),
         Err(e) => {
-            match e {
-                ServerEventError::UnexpectedVerb(verb) => {
-                    log::error!("server request used unexpected verb {verb}",);
-                }
-                ServerEventError::MissingPath => {
-                    log::error!("server request missing path");
-                }
-                ServerEventError::UnrecognizedPath(unknown_path) => {
-                    log::error!("server sent an unknown request: {unknown_path}");
-                }
-            };
+            log::error!("{e}");
             None
         }
     })

From 175f6bc26f6ea05fd34b80cace8c6ec94c05fa7a Mon Sep 17 00:00:00 2001
From: Alex Konradi <akonradi@signal.org>
Date: Thu, 21 Nov 2024 13:29:09 -0500
Subject: [PATCH 20/57] Add connection info to Node ChatConnection

---
 node/Native.d.ts                             |  5 ++
 node/ts/net.ts                               | 46 +++++++++++-
 rust/bridge/shared/src/net/chat.rs           | 22 ++++++
 rust/bridge/shared/testing/src/net.rs        |  2 +-
 rust/bridge/shared/types/src/ffi/convert.rs  |  2 +-
 rust/bridge/shared/types/src/jni/convert.rs  |  2 +-
 rust/bridge/shared/types/src/net/chat.rs     | 14 ++++
 rust/bridge/shared/types/src/node/convert.rs |  2 +-
 rust/net/infra/src/lib.rs                    | 74 +++++++++++++++-----
 rust/net/infra/src/route/connect/throttle.rs |  7 ++
 rust/net/infra/src/service.rs                |  6 +-
 rust/net/infra/src/tcp_ssl.rs                | 14 ++--
 rust/net/infra/src/tcp_ssl/proxy.rs          | 20 ++++++
 rust/net/infra/src/tcp_ssl/proxy/socks.rs    | 20 ++++--
 rust/net/infra/src/tcp_ssl/proxy/tls.rs      |  9 +--
 rust/net/infra/src/ws.rs                     | 22 ++++--
 rust/net/src/chat.rs                         | 21 ++++--
 rust/net/src/chat/service.rs                 |  2 +-
 rust/net/src/chat/ws.rs                      |  8 +--
 rust/net/src/enclave.rs                      |  8 +--
 rust/net/tests/fake_transport/connector.rs   |  4 +-
 21 files changed, 250 insertions(+), 60 deletions(-)

diff --git a/node/Native.d.ts b/node/Native.d.ts
index afb3822eb..ca8e0caed 100644
--- a/node/Native.d.ts
+++ b/node/Native.d.ts
@@ -162,6 +162,7 @@ export function AuthCredentialWithPniResponse_CheckValidContents(bytes: Buffer):
 export function AuthCredentialWithPni_CheckValidContents(bytes: Buffer): void;
 export function AuthenticatedChatConnection_connect(asyncRuntime: Wrapper<TokioAsyncContext>, connectionManager: Wrapper<ConnectionManager>, username: string, password: string, receiveStories: boolean, listener: ChatListener | null): CancellablePromise<AuthenticatedChatConnection>;
 export function AuthenticatedChatConnection_disconnect(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<AuthenticatedChatConnection>): CancellablePromise<void>;
+export function AuthenticatedChatConnection_info(chat: Wrapper<AuthenticatedChatConnection>): ConnectionInfo;
 export function AuthenticatedChatConnection_send(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<AuthenticatedChatConnection>, httpRequest: Wrapper<HttpRequest>, timeoutMillis: number): CancellablePromise<ChatResponse>;
 export function BackupAuthCredentialPresentation_CheckValidContents(presentationBytes: Buffer): void;
 export function BackupAuthCredentialPresentation_GetBackupId(presentationBytes: Buffer): Buffer;
@@ -221,6 +222,8 @@ export function CiphertextMessage_Type(msg: Wrapper<CiphertextMessage>): number;
 export function ComparableBackup_GetComparableString(backup: Wrapper<ComparableBackup>): string;
 export function ComparableBackup_GetUnknownFields(backup: Wrapper<ComparableBackup>): string[];
 export function ComparableBackup_ReadUnencrypted(stream: InputStream, len: bigint, purpose: number): Promise<ComparableBackup>;
+export function ConnectionInfo_ip_version(connectionInfo: Wrapper<ConnectionInfo>): number;
+export function ConnectionInfo_local_port(connectionInfo: Wrapper<ConnectionInfo>): number;
 export function ConnectionManager_clear_proxy(connectionManager: Wrapper<ConnectionManager>): void;
 export function ConnectionManager_new(environment: number, userAgent: string): ConnectionManager;
 export function ConnectionManager_on_network_change(connectionManager: Wrapper<ConnectionManager>): void;
@@ -568,6 +571,7 @@ export function TokioAsyncContext_cancel(context: Wrapper<TokioAsyncContext>, ra
 export function TokioAsyncContext_new(): TokioAsyncContext;
 export function UnauthenticatedChatConnection_connect(asyncRuntime: Wrapper<TokioAsyncContext>, connectionManager: Wrapper<ConnectionManager>, listener: ChatListener | null): CancellablePromise<UnauthenticatedChatConnection>;
 export function UnauthenticatedChatConnection_disconnect(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<UnauthenticatedChatConnection>): CancellablePromise<void>;
+export function UnauthenticatedChatConnection_info(chat: Wrapper<UnauthenticatedChatConnection>): ConnectionInfo;
 export function UnauthenticatedChatConnection_send(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<UnauthenticatedChatConnection>, httpRequest: Wrapper<HttpRequest>, timeoutMillis: number): CancellablePromise<ChatResponse>;
 export function UnidentifiedSenderMessageContent_Deserialize(data: Buffer): UnidentifiedSenderMessageContent;
 export function UnidentifiedSenderMessageContent_GetContentHint(m: Wrapper<UnidentifiedSenderMessageContent>): number;
@@ -598,6 +602,7 @@ interface CdsiLookup { readonly __type: unique symbol; }
 interface CiphertextMessage { readonly __type: unique symbol; }
 interface ComparableBackup { readonly __type: unique symbol; }
 interface ComparableBackup { readonly __type: unique symbol; }
+interface ConnectionInfo { readonly __type: unique symbol; }
 interface ConnectionManager { readonly __type: unique symbol; }
 interface DecryptionErrorMessage { readonly __type: unique symbol; }
 interface ExpiringProfileKeyCredential { readonly __type: unique symbol; }
diff --git a/node/ts/net.ts b/node/ts/net.ts
index 6d55cb6d9..10949195c 100644
--- a/node/ts/net.ts
+++ b/node/ts/net.ts
@@ -230,14 +230,46 @@ export type ChatConnection = {
   disconnect(): Promise<void>;
 
   /**
-   * Sends request to the Chat Service.
+   * Sends request to the Chat service.
    */
   fetch(
     chatRequest: ChatRequest,
     options?: { abortSignal?: AbortSignal }
   ): Promise<Native.ChatResponse>;
+
+  /**
+   * Information about the connection to the Chat service.
+   */
+  connectionInfo(): ConnectionInfo;
 };
 
+export interface ConnectionInfo {
+  localPort: number;
+  ipVersion: 'IPv4' | 'IPv6';
+}
+
+class ConnectionInfoImpl
+  implements Wrapper<Native.ConnectionInfo>, ConnectionInfo
+{
+  constructor(public _nativeHandle: Native.ConnectionInfo) {}
+
+  public get localPort(): number {
+    return Native.ConnectionInfo_local_port(this);
+  }
+
+  public get ipVersion(): 'IPv4' | 'IPv6' {
+    const value = Native.ConnectionInfo_ip_version(this);
+    switch (value) {
+      case 1:
+        return 'IPv4';
+      case 2:
+        return 'IPv6';
+      default:
+        throw new TypeError(`ip type was unexpectedly ${value}`);
+    }
+  }
+}
+
 export class UnauthenticatedChatConnection implements ChatConnection {
   static async connect(
     asyncContext: TokioAsyncContext,
@@ -292,6 +324,12 @@ export class UnauthenticatedChatConnection implements ChatConnection {
       this.chatService
     );
   }
+
+  connectionInfo(): ConnectionInfo {
+    return new ConnectionInfoImpl(
+      Native.UnauthenticatedChatConnection_info(this.chatService)
+    );
+  }
 }
 
 export class AuthenticatedChatConnection implements ChatConnection {
@@ -353,6 +391,12 @@ export class AuthenticatedChatConnection implements ChatConnection {
       this.chatService
     );
   }
+
+  connectionInfo(): ConnectionInfo {
+    return new ConnectionInfoImpl(
+      Native.AuthenticatedChatConnection_info(this.chatService)
+    );
+  }
 }
 
 /**
diff --git a/rust/bridge/shared/src/net/chat.rs b/rust/bridge/shared/src/net/chat.rs
index af1ad722b..3e9bac0d1 100644
--- a/rust/bridge/shared/src/net/chat.rs
+++ b/rust/bridge/shared/src/net/chat.rs
@@ -15,6 +15,7 @@ use libsignal_net::auth::Auth;
 use libsignal_net::chat::{
     self, ChatServiceError, DebugInfo as ChatServiceDebugInfo, Request, Response as ChatResponse,
 };
+use libsignal_net::infra::{Connection, ConnectionInfo};
 
 use crate::support::*;
 use crate::*;
@@ -34,6 +35,7 @@ bridge_handle_fns!(
     ffi = false,
     jni = false
 );
+bridge_handle_fns!(ConnectionInfo, clone = false, ffi = false, jni = false);
 
 #[bridge_fn(ffi = false)]
 fn HttpRequest_new(
@@ -70,6 +72,16 @@ fn HttpRequest_add_header(
     request.add_header(name.into_inner(), value.into_inner())
 }
 
+#[bridge_fn(ffi = false, jni = false)]
+fn ConnectionInfo_local_port(connection_info: &ConnectionInfo) -> u16 {
+    connection_info.local_port
+}
+
+#[bridge_fn(ffi = false, jni = false)]
+fn ConnectionInfo_ip_version(connection_info: &ConnectionInfo) -> u8 {
+    connection_info.ip_version as u8
+}
+
 #[bridge_fn]
 fn ChatService_new_unauth(connection_manager: &ConnectionManager) -> UnauthChat {
     Chat::new_unauth(connection_manager)
@@ -119,6 +131,11 @@ async fn UnauthenticatedChatConnection_disconnect(chat: &UnauthenticatedChatConn
     chat.disconnect().await
 }
 
+#[bridge_fn(jni = false, ffi = false)]
+fn UnauthenticatedChatConnection_info(chat: &UnauthenticatedChatConnection) -> ConnectionInfo {
+    chat.connection_info()
+}
+
 #[bridge_io(TokioAsyncContext, ffi = false, jni = false)]
 async fn AuthenticatedChatConnection_connect(
     connection_manager: &ConnectionManager,
@@ -158,6 +175,11 @@ async fn AuthenticatedChatConnection_disconnect(chat: &AuthenticatedChatConnecti
     chat.disconnect().await
 }
 
+#[bridge_fn(jni = false, ffi = false)]
+fn AuthenticatedChatConnection_info(chat: &AuthenticatedChatConnection) -> ConnectionInfo {
+    chat.connection_info()
+}
+
 #[bridge_io(TokioAsyncContext)]
 async fn ChatService_disconnect_unauth(chat: &UnauthChat) {
     chat.service.0.disconnect().await
diff --git a/rust/bridge/shared/testing/src/net.rs b/rust/bridge/shared/testing/src/net.rs
index b0b9f48e0..1a8900afb 100644
--- a/rust/bridge/shared/testing/src/net.rs
+++ b/rust/bridge/shared/testing/src/net.rs
@@ -230,7 +230,7 @@ fn TESTING_ChatServiceResponseConvert(
 #[bridge_fn]
 fn TESTING_ChatServiceDebugInfoConvert() -> Result<ChatServiceDebugInfo, ChatServiceError> {
     Ok(ChatServiceDebugInfo {
-        ip_type: IpType::V4,
+        ip_type: Some(IpType::V4),
         duration: Duration::from_millis(200),
         connection_info: "connection_info".to_string(),
     })
diff --git a/rust/bridge/shared/types/src/ffi/convert.rs b/rust/bridge/shared/types/src/ffi/convert.rs
index d0c216c23..2945a2f65 100644
--- a/rust/bridge/shared/types/src/ffi/convert.rs
+++ b/rust/bridge/shared/types/src/ffi/convert.rs
@@ -718,7 +718,7 @@ impl ResultTypeInfo for libsignal_net::chat::DebugInfo {
         } = self;
 
         Ok(FfiChatServiceDebugInfo {
-            raw_ip_type: ip_type as u8,
+            raw_ip_type: ip_type.map_or(0, |i| i as u8),
             duration_secs: duration.as_secs_f64(),
             connection_info: connection_info.convert_into()?,
         })
diff --git a/rust/bridge/shared/types/src/jni/convert.rs b/rust/bridge/shared/types/src/jni/convert.rs
index 56e7c6c74..78b98f873 100644
--- a/rust/bridge/shared/types/src/jni/convert.rs
+++ b/rust/bridge/shared/types/src/jni/convert.rs
@@ -1226,7 +1226,7 @@ impl<'a> ResultTypeInfo<'a> for libsignal_net::chat::DebugInfo {
         } = self;
 
         // ip type as code
-        let ip_type_byte = ip_type as i8;
+        let ip_type_byte = ip_type.map_or(0, |i| i as i8);
 
         // duration as millis
         let duration_ms: i32 = duration.as_millis().try_into().expect("within i32 range");
diff --git a/rust/bridge/shared/types/src/net/chat.rs b/rust/bridge/shared/types/src/net/chat.rs
index 378ffb8c7..58c5c2080 100644
--- a/rust/bridge/shared/types/src/net/chat.rs
+++ b/rust/bridge/shared/types/src/net/chat.rs
@@ -22,6 +22,7 @@ use libsignal_net::chat::{
 };
 use libsignal_net::infra::route::{ConnectionProxyConfig, DirectOrProxyProvider};
 use libsignal_net::infra::tcp_ssl::InvalidProxyConfig;
+use libsignal_net::infra::{Connection, ConnectionInfo};
 use libsignal_protocol::Timestamp;
 use tokio::sync::{mpsc, oneshot};
 
@@ -286,6 +287,17 @@ impl AuthenticatedChatConnection {
         self.inner.disconect().await
     }
 }
+impl Connection for UnauthenticatedChatConnection {
+    fn connection_info(&self) -> ConnectionInfo {
+        self.inner.connection_info()
+    }
+}
+
+impl Connection for AuthenticatedChatConnection {
+    fn connection_info(&self) -> ConnectionInfo {
+        self.inner.connection_info()
+    }
+}
 
 async fn establish_chat_connection(
     connection_manager: &ConnectionManager,
@@ -542,3 +554,5 @@ bridge_as_handle!(ServerMessageAck);
 // makes it `!RefUnwindSafe`. We're putting that back; because we only manipulate the `AtomicTake`
 // using its atomic operations, it can never be in an invalid state.
 impl std::panic::RefUnwindSafe for ServerMessageAck {}
+
+bridge_as_handle!(ConnectionInfo);
diff --git a/rust/bridge/shared/types/src/node/convert.rs b/rust/bridge/shared/types/src/node/convert.rs
index 1e37596ef..29e9bb4c5 100644
--- a/rust/bridge/shared/types/src/node/convert.rs
+++ b/rust/bridge/shared/types/src/node/convert.rs
@@ -1000,7 +1000,7 @@ impl<'a> ResultTypeInfo<'a> for libsignal_net::chat::DebugInfo {
         } = self;
         let obj = JsObject::new(cx);
 
-        let ip_type = cx.number(ip_type as u8);
+        let ip_type = cx.number(ip_type.map_or(0, |i| i as u8));
         let duration = cx.number(duration.as_millis().try_into().unwrap_or(u32::MAX));
         let connection_info = cx.string(connection_info);
 
diff --git a/rust/net/infra/src/lib.rs b/rust/net/infra/src/lib.rs
index 10cde5460..361f9cb43 100644
--- a/rust/net/infra/src/lib.rs
+++ b/rust/net/infra/src/lib.rs
@@ -42,19 +42,28 @@ pub mod ws;
 pub mod ws2;
 
 #[derive(Copy, Clone, Debug)]
+#[cfg_attr(test, derive(PartialEq))]
 #[repr(u8)]
 pub enum IpType {
-    Unknown = 0,
     V4 = 1,
     V6 = 2,
 }
 
 impl IpType {
-    pub fn from_host<S>(host: &Host<S>) -> Self {
+    pub fn from_host<S>(host: &Host<S>) -> Option<Self> {
         match host {
-            Host::Domain(_) => IpType::Unknown,
-            Host::Ip(IpAddr::V4(_)) => IpType::V4,
-            Host::Ip(IpAddr::V6(_)) => IpType::V6,
+            Host::Domain(_) => None,
+            Host::Ip(IpAddr::V4(_)) => Some(IpType::V4),
+            Host::Ip(IpAddr::V6(_)) => Some(IpType::V6),
+        }
+    }
+}
+
+impl From<&IpAddr> for IpType {
+    fn from(value: &IpAddr) -> Self {
+        match value {
+            IpAddr::V4(_) => Self::V4,
+            IpAddr::V6(_) => Self::V6,
         }
     }
 }
@@ -148,7 +157,7 @@ pub struct TransportConnectionParams {
 
 #[derive(Debug, Clone)]
 #[cfg_attr(test, derive(PartialEq))]
-pub struct ConnectionInfo {
+pub struct ServiceConnectionInfo {
     /// Type of the connection, e.g. direct or via proxy
     pub route_type: RouteType,
 
@@ -162,6 +171,24 @@ pub struct ConnectionInfo {
     pub address: Host<Arc<str>>,
 }
 
+/// Information about a currently- or previously-established connection to a
+/// remote host.
+#[derive(Debug, Clone)]
+#[cfg_attr(test, derive(PartialEq))]
+pub struct ConnectionInfo {
+    /// The IP address version over which the connection is established.
+    pub ip_version: IpType,
+
+    /// The local port number for the connection.
+    pub local_port: u16,
+}
+
+/// An established connection.
+pub trait Connection {
+    /// Returns information about the connection.
+    fn connection_info(&self) -> ConnectionInfo;
+}
+
 /// Source for the result of a hostname lookup.
 #[derive(Copy, Clone, Debug, Eq, PartialEq, Hash, strum::Display)]
 #[strum(serialize_all = "lowercase")]
@@ -202,13 +229,16 @@ pub enum RouteType {
     Test,
 }
 
-impl ConnectionInfo {
+impl ServiceConnectionInfo {
     pub fn description(&self) -> String {
+        let ip_type = match IpType::from_host(&self.address) {
+            Some(IpType::V4) => "V4",
+            Some(IpType::V6) => "V6",
+            None => "Unknown",
+        };
         format!(
-            "route={};dns_source={};ip_type={:?}",
-            self.route_type,
-            self.dns_source,
-            IpType::from_host(&self.address)
+            "route={};dns_source={};ip_type={}",
+            self.route_type, self.dns_source, ip_type
         )
     }
 }
@@ -256,7 +286,7 @@ impl HttpRequestDecorator {
 }
 
 #[derive(Debug)]
-pub struct StreamAndInfo<T>(pub T, pub ConnectionInfo);
+pub struct StreamAndInfo<T>(pub T, pub ServiceConnectionInfo);
 
 impl<T> StreamAndInfo<T> {
     fn map_stream<U>(self, f: impl FnOnce(T) -> U) -> StreamAndInfo<U> {
@@ -377,8 +407,8 @@ pub mod testutil {
     use crate::errors::{LogSafeDisplay, TransportConnectError};
     use crate::service::{CancellationToken, ServiceConnector, ServiceInitializer, ServiceState};
     use crate::{
-        Alpn, ConnectionInfo, DnsSource, RouteType, StreamAndInfo, TransportConnectionParams,
-        TransportConnector,
+        Alpn, DnsSource, RouteType, ServiceConnectionInfo, StreamAndInfo,
+        TransportConnectionParams, TransportConnector,
     };
 
     #[derive(Debug, Display)]
@@ -475,7 +505,7 @@ pub mod testutil {
             });
             Ok(StreamAndInfo(
                 client,
-                ConnectionInfo {
+                ServiceConnectionInfo {
                     route_type: RouteType::Test,
                     dns_source: DnsSource::Test,
                     address: connection_params.tcp_host.clone(),
@@ -597,15 +627,16 @@ pub mod testutil {
 
 #[cfg(test)]
 pub(crate) mod test {
+    use const_str::ip_addr;
     use http::Request;
 
     use crate::host::Host;
     use crate::utils::basic_authorization;
-    use crate::{ConnectionInfo, DnsSource, HttpRequestDecorator, RouteType};
+    use crate::{DnsSource, HttpRequestDecorator, RouteType, ServiceConnectionInfo};
 
     #[test]
     fn connection_info_description() {
-        let connection_info = ConnectionInfo {
+        let connection_info = ServiceConnectionInfo {
             address: Host::Domain("test.signal.org".into()),
             dns_source: DnsSource::SystemLookup,
             route_type: RouteType::Test,
@@ -615,6 +646,15 @@ pub(crate) mod test {
             connection_info.description(),
             "route=test;dns_source=systemlookup;ip_type=Unknown"
         );
+
+        assert_eq!(
+            ServiceConnectionInfo {
+                address: Host::Ip(ip_addr!("1.2.3.4")),
+                ..connection_info
+            }
+            .description(),
+            "route=test;dns_source=systemlookup;ip_type=V4"
+        )
     }
 
     #[test]
diff --git a/rust/net/infra/src/route/connect/throttle.rs b/rust/net/infra/src/route/connect/throttle.rs
index 9c5f5fb7e..98aab9354 100644
--- a/rust/net/infra/src/route/connect/throttle.rs
+++ b/rust/net/infra/src/route/connect/throttle.rs
@@ -12,6 +12,7 @@ use pin_project::pin_project;
 use tokio::sync::{OwnedSemaphorePermit, Semaphore};
 
 use crate::route::connect::Connector;
+use crate::{Connection, ConnectionInfo};
 
 /// [`Connector`] wrapper that limits the number of concurrent connection
 /// attempts.
@@ -136,3 +137,9 @@ impl<S: Sink<T>, T> Sink<T> for ThrottledConnection<S> {
         self.as_pin_mut().poll_close(cx)
     }
 }
+
+impl<C: Connection> Connection for ThrottledConnection<C> {
+    fn connection_info(&self) -> ConnectionInfo {
+        self.0.connection_info()
+    }
+}
diff --git a/rust/net/infra/src/service.rs b/rust/net/infra/src/service.rs
index b961e60a6..64ed3bc06 100644
--- a/rust/net/infra/src/service.rs
+++ b/rust/net/infra/src/service.rs
@@ -16,7 +16,7 @@ use crate::connection_manager::{
     ConnectionAttemptOutcome, ConnectionManager, ErrorClass, ErrorClassifier,
 };
 use crate::errors::LogSafeDisplay;
-use crate::{ConnectionInfo, ConnectionParams, HttpRequestDecorator};
+use crate::{ConnectionParams, HttpRequestDecorator, ServiceConnectionInfo};
 
 // A duration where, if this is all that's left on the timeout, we're more likely to fail than not.
 // Useful for debouncing repeated connection attempts.
@@ -55,7 +55,7 @@ pub type CancellationToken = cancel_token::CancellationToken<CancellationReason>
 
 pub trait RemoteAddressInfo {
     /// Provides information about the remote address the service is connected to
-    fn connection_info(&self) -> ConnectionInfo;
+    fn connection_info(&self) -> ServiceConnectionInfo;
 }
 
 /// Creates connections to a "service" representing a remote resource accessible over HTTPS.
@@ -280,7 +280,7 @@ where
     C: ServiceConnector,
     C::Service: RemoteAddressInfo,
 {
-    pub async fn connection_info(&self) -> Result<ConnectionInfo, StateError> {
+    pub async fn connection_info(&self) -> Result<ServiceConnectionInfo, StateError> {
         self.map_service(|s| s.connection_info().clone()).await
     }
 }
diff --git a/rust/net/infra/src/tcp_ssl.rs b/rust/net/infra/src/tcp_ssl.rs
index 64c70377a..546f22080 100644
--- a/rust/net/infra/src/tcp_ssl.rs
+++ b/rust/net/infra/src/tcp_ssl.rs
@@ -30,8 +30,8 @@ use crate::timeouts::TCP_CONNECTION_ATTEMPT_DELAY;
 use crate::utils::development_only_enable_nss_standard_debug_interop;
 use crate::utils::first_ok;
 use crate::{
-    Alpn, AsyncDuplexStream, ConnectionInfo, RouteType, StreamAndInfo, TransportConnectionParams,
-    TransportConnector,
+    Alpn, AsyncDuplexStream, Connection, RouteType, ServiceConnectionInfo, StreamAndInfo,
+    TransportConnectionParams, TransportConnector,
 };
 
 pub mod proxy;
@@ -175,6 +175,12 @@ where
     }
 }
 
+impl<S: Connection> Connection for SslStream<S> {
+    fn connection_info(&self) -> crate::ConnectionInfo {
+        self.get_ref().connection_info()
+    }
+}
+
 fn ssl_config(
     certs: &RootCertificates,
     host: Host<&str>,
@@ -267,7 +273,7 @@ async fn connect_tcp(
                     log::debug!("successfully connected to IP [{ip}]");
                     StreamAndInfo(
                         r,
-                        ConnectionInfo {
+                        ServiceConnectionInfo {
                             route_type,
                             dns_source,
                             address: ip.into(),
@@ -453,7 +459,7 @@ mod test {
 
         assert_eq!(
             info,
-            ConnectionInfo {
+            ServiceConnectionInfo {
                 address: Host::Ip(Ipv6Addr::LOCALHOST.into()),
                 dns_source: crate::DnsSource::Static,
                 route_type: RouteType::Direct,
diff --git a/rust/net/infra/src/tcp_ssl/proxy.rs b/rust/net/infra/src/tcp_ssl/proxy.rs
index ade2c6315..62db3044c 100644
--- a/rust/net/infra/src/tcp_ssl/proxy.rs
+++ b/rust/net/infra/src/tcp_ssl/proxy.rs
@@ -14,6 +14,7 @@ use tokio_util::either::Either;
 use crate::errors::TransportConnectError;
 use crate::route::{ConnectionProxyRoute, Connector, ConnectorExt as _, TlsRoute};
 use crate::tcp_ssl::proxy::socks::SocksStream;
+use crate::{Connection, IpType};
 
 pub mod socks;
 pub mod tls;
@@ -65,6 +66,25 @@ impl Connector<ConnectionProxyRoute<IpAddr>, ()> for StatelessProxied {
     }
 }
 
+impl<L: Connection, R: Connection> Connection for Either<L, R> {
+    fn connection_info(&self) -> crate::ConnectionInfo {
+        match self {
+            Self::Left(l) => l.connection_info(),
+            Self::Right(r) => r.connection_info(),
+        }
+    }
+}
+
+impl Connection for TcpStream {
+    fn connection_info(&self) -> crate::ConnectionInfo {
+        let local_addr = self.local_addr().expect("has local addr");
+        crate::ConnectionInfo {
+            ip_version: IpType::from(&local_addr.ip()),
+            local_port: local_addr.port(),
+        }
+    }
+}
+
 #[cfg(test)]
 pub(crate) mod testutil {
     use std::future::Future;
diff --git a/rust/net/infra/src/tcp_ssl/proxy/socks.rs b/rust/net/infra/src/tcp_ssl/proxy/socks.rs
index f667135fa..69bd6ea70 100644
--- a/rust/net/infra/src/tcp_ssl/proxy/socks.rs
+++ b/rust/net/infra/src/tcp_ssl/proxy/socks.rs
@@ -24,8 +24,8 @@ use crate::errors::TransportConnectError;
 use crate::host::Host;
 use crate::route::{Connector, ConnectorExt as _, SocksRoute, TcpRoute};
 use crate::{
-    Alpn, ConnectionInfo, DnsSource, RouteType, StreamAndInfo, TransportConnectionParams,
-    TransportConnector,
+    Alpn, Connection, DnsSource, RouteType, ServiceConnectionInfo, StreamAndInfo,
+    TransportConnectionParams, TransportConnector,
 };
 
 #[derive(Clone)]
@@ -140,7 +140,7 @@ impl TransportConnector for SocksConnector {
         log::info!("connection through SOCKS proxy established successfully");
         Ok(StreamAndInfo(
             stream,
-            ConnectionInfo {
+            ServiceConnectionInfo {
                 route_type: RouteType::SocksProxy,
                 dns_source,
                 address: remote_address.address,
@@ -200,6 +200,18 @@ impl Connector<SocksRoute<IpAddr>, ()> for super::StatelessProxied {
     }
 }
 
+impl Connection for Socks4Stream<TcpStream> {
+    fn connection_info(&self) -> crate::ConnectionInfo {
+        (**self).connection_info()
+    }
+}
+
+impl Connection for Socks5Stream<TcpStream> {
+    fn connection_info(&self) -> crate::ConnectionInfo {
+        (**self).connection_info()
+    }
+}
+
 impl Protocol {
     async fn connect_to_proxy<S: AsyncRead + AsyncWrite + Unpin>(
         &self,
@@ -507,7 +519,7 @@ mod test {
 
         assert_eq!(
             client_info,
-            ConnectionInfo {
+            ServiceConnectionInfo {
                 route_type: RouteType::SocksProxy,
                 dns_source: expected_dns_source,
                 address: Host::Ip(tls_server.tcp.listen_addr.ip())
diff --git a/rust/net/infra/src/tcp_ssl/proxy/tls.rs b/rust/net/infra/src/tcp_ssl/proxy/tls.rs
index 6ce7ed700..ced0143ed 100644
--- a/rust/net/infra/src/tcp_ssl/proxy/tls.rs
+++ b/rust/net/infra/src/tcp_ssl/proxy/tls.rs
@@ -18,7 +18,8 @@ use crate::host::Host;
 use crate::route::ConnectionProxyConfig;
 use crate::tcp_ssl::{connect_tcp, connect_tls, ssl_config};
 use crate::{
-    Alpn, ConnectionInfo, RouteType, StreamAndInfo, TransportConnectionParams, TransportConnector,
+    Alpn, RouteType, ServiceConnectionInfo, StreamAndInfo, TransportConnectionParams,
+    TransportConnector,
 };
 
 /// A [`TransportConnector`] that proxies through a TLS server.
@@ -95,7 +96,7 @@ impl TransportConnector for TlsProxyConnector {
 
         Ok(StreamAndInfo(
             tls_stream,
-            ConnectionInfo {
+            ServiceConnectionInfo {
                 route_type: RouteType::TlsProxy,
                 ..remote_address
             },
@@ -220,7 +221,7 @@ mod test {
 
         assert_eq!(
             info,
-            ConnectionInfo {
+            ServiceConnectionInfo {
                 address: Host::Ip(Ipv6Addr::LOCALHOST.into()),
                 dns_source: crate::DnsSource::Static,
                 route_type: RouteType::TlsProxy,
@@ -263,7 +264,7 @@ mod test {
 
         assert_eq!(
             info,
-            ConnectionInfo {
+            ServiceConnectionInfo {
                 address: Host::Ip(Ipv6Addr::LOCALHOST.into()),
                 dns_source: crate::DnsSource::Static,
                 route_type: RouteType::TlsProxy
diff --git a/rust/net/infra/src/ws.rs b/rust/net/infra/src/ws.rs
index c38ec4cfc..1a99f9d07 100644
--- a/rust/net/infra/src/ws.rs
+++ b/rust/net/infra/src/ws.rs
@@ -27,8 +27,8 @@ use crate::service::{CancellationReason, CancellationToken, ServiceConnector};
 use crate::utils::timeout;
 use crate::ws::error::{HttpFormatError, ProtocolError, SpaceError};
 use crate::{
-    Alpn, AsyncDuplexStream, ConnectionInfo, ConnectionParams, HttpRequestDecorator, StreamAndInfo,
-    TransportConnector,
+    Alpn, AsyncDuplexStream, Connection, ConnectionParams, HttpRequestDecorator,
+    ServiceConnectionInfo, StreamAndInfo, TransportConnector,
 };
 
 pub mod error;
@@ -264,8 +264,8 @@ where
     E: Send + Sync,
     WebSocketServiceError: Into<E>,
 {
-    type Service = (WebSocketClient<T::Stream, E>, ConnectionInfo);
-    type Channel = (WebSocketStream<T::Stream>, ConnectionInfo);
+    type Service = (WebSocketClient<T::Stream, E>, ServiceConnectionInfo);
+    type Channel = (WebSocketStream<T::Stream>, ServiceConnectionInfo);
     type ConnectError = WebSocketConnectError;
 
     async fn connect_channel(
@@ -289,8 +289,8 @@ impl<T> ServiceConnector for WebSocketStreamConnector<T>
 where
     T: TransportConnector,
 {
-    type Service = (WebSocketStream<T::Stream>, ConnectionInfo);
-    type Channel = (WebSocketStream<T::Stream>, ConnectionInfo);
+    type Service = (WebSocketStream<T::Stream>, ServiceConnectionInfo);
+    type Channel = (WebSocketStream<T::Stream>, ServiceConnectionInfo);
     type ConnectError = WebSocketConnectError;
 
     async fn connect_channel(
@@ -484,7 +484,7 @@ async fn connect_websocket<T: TransportConnector>(
     endpoint: PathAndQuery,
     ws_config: tungstenite::protocol::WebSocketConfig,
     transport_connector: &T,
-) -> Result<(WebSocketStream<T::Stream>, ConnectionInfo), WebSocketConnectError> {
+) -> Result<(WebSocketStream<T::Stream>, ServiceConnectionInfo), WebSocketConnectError> {
     let StreamAndInfo(ssl_stream, remote_address) = transport_connector
         .connect(&connection_params.transport, Alpn::Http1_1)
         .await?;
@@ -613,6 +613,14 @@ impl<T> NextOrClose<T> {
     }
 }
 
+impl<S: Connection + tokio::io::AsyncRead + tokio::io::AsyncWrite + Unpin> Connection
+    for tokio_tungstenite::WebSocketStream<S>
+{
+    fn connection_info(&self) -> crate::ConnectionInfo {
+        self.get_ref().connection_info()
+    }
+}
+
 /// Test utilities related to websockets.
 #[cfg(any(test, feature = "test-util"))]
 pub mod testutil {
diff --git a/rust/net/src/chat.rs b/rust/net/src/chat.rs
index 5bcb66c36..95dab4c61 100644
--- a/rust/net/src/chat.rs
+++ b/rust/net/src/chat.rs
@@ -24,8 +24,8 @@ use libsignal_net_infra::timeouts::{MULTI_ROUTE_CONNECTION_TIMEOUT, ONE_ROUTE_CO
 use libsignal_net_infra::utils::ObservableEvent;
 use libsignal_net_infra::ws::WebSocketClientConnector;
 use libsignal_net_infra::{
-    make_ws_config, AsHttpHeader, EndpointConnection, HttpRequestDecorator, IpType,
-    TransportConnector,
+    make_ws_config, AsHttpHeader, Connection, ConnectionInfo, EndpointConnection,
+    HttpRequestDecorator, IpType, TransportConnector,
 };
 
 use crate::auth::Auth;
@@ -84,7 +84,7 @@ pub trait ChatServiceWithDebugInfo: ChatService {
 #[derive(Debug)]
 pub struct DebugInfo {
     /// IP type of the connection that was used for the request.
-    pub ip_type: IpType,
+    pub ip_type: Option<IpType>,
     /// Time it took to complete the request.
     pub duration: Duration,
     /// Connection information summary.
@@ -517,6 +517,13 @@ pub fn endpoint_connection(
 
 pub struct ChatConnection {
     inner: self::ws2::Chat,
+    connection_info: ConnectionInfo,
+}
+
+impl Connection for ChatConnection {
+    fn connection_info(&self) -> ConnectionInfo {
+        self.connection_info.clone()
+    }
 }
 
 pub struct AuthenticatedChatHeaders {
@@ -578,8 +585,12 @@ impl ChatConnection {
         .await;
 
         match result {
-            Ok(ws_connection) => Ok(Self {
-                inner: self::ws2::Chat::new(ws_connection, ws_config, listener),
+            Ok(ws_connection) => Ok({
+                let connection_info = ws_connection.connection_info();
+                Self {
+                    inner: self::ws2::Chat::new(ws_connection, ws_config, listener),
+                    connection_info,
+                }
             }),
             Err(e) => {
                 use crate::infra::route::ConnectError;
diff --git a/rust/net/src/chat/service.rs b/rust/net/src/chat/service.rs
index bf31761fb..1fa141e96 100644
--- a/rust/net/src/chat/service.rs
+++ b/rust/net/src/chat/service.rs
@@ -82,7 +82,7 @@ where
                     s.connection_info().description(),
                 )
             }
-            Err(e) => (Err(e.into()), IpType::Unknown, "".to_string()),
+            Err(e) => (Err(e.into()), None, "".to_string()),
         };
         let duration = start.elapsed();
         (
diff --git a/rust/net/src/chat/ws.rs b/rust/net/src/chat/ws.rs
index 655f1e142..674763ad3 100644
--- a/rust/net/src/chat/ws.rs
+++ b/rust/net/src/chat/ws.rs
@@ -20,7 +20,7 @@ use libsignal_net_infra::ws::{
     WebSocketClientWriter, WebSocketServiceError,
 };
 use libsignal_net_infra::{
-    AsyncDuplexStream, ConnectionInfo, ConnectionParams, TransportConnector,
+    AsyncDuplexStream, ConnectionParams, ServiceConnectionInfo, TransportConnector,
 };
 use prost::Message;
 use tokio::sync::{mpsc, oneshot, Mutex};
@@ -166,7 +166,7 @@ impl<T: TransportConnector> ChatOverWebSocketServiceConnector<T> {
 #[async_trait]
 impl<T: TransportConnector> ServiceConnector for ChatOverWebSocketServiceConnector<T> {
     type Service = ChatOverWebSocket<T::Stream>;
-    type Channel = (WebSocketStream<T::Stream>, ConnectionInfo);
+    type Channel = (WebSocketStream<T::Stream>, ServiceConnectionInfo);
     type ConnectError = WebSocketServiceConnectError;
 
     async fn connect_channel(
@@ -326,11 +326,11 @@ pub struct ChatOverWebSocket<S> {
     ws_client_writer: WebSocketClientWriter<S, ChatServiceError>,
     service_cancellation: CancellationToken,
     pending_messages: Arc<Mutex<PendingMessagesMap>>,
-    connection_info: ConnectionInfo,
+    connection_info: ServiceConnectionInfo,
 }
 
 impl<S> RemoteAddressInfo for ChatOverWebSocket<S> {
-    fn connection_info(&self) -> ConnectionInfo {
+    fn connection_info(&self) -> ServiceConnectionInfo {
         self.connection_info.clone()
     }
 }
diff --git a/rust/net/src/enclave.rs b/rust/net/src/enclave.rs
index dddc7a935..0a7ee78ca 100644
--- a/rust/net/src/enclave.rs
+++ b/rust/net/src/enclave.rs
@@ -28,8 +28,8 @@ use libsignal_net_infra::ws2::attested::{
     AttestedConnection, AttestedConnectionError, AttestedProtocolError,
 };
 use libsignal_net_infra::{
-    make_ws_config, AsHttpHeader as _, AsyncDuplexStream, ConnectionInfo, ConnectionParams,
-    EndpointConnection, TransportConnector,
+    make_ws_config, AsHttpHeader as _, AsyncDuplexStream, ConnectionParams, EndpointConnection,
+    ServiceConnectionInfo, TransportConnector,
 };
 
 use crate::auth::Auth;
@@ -281,7 +281,7 @@ impl<E: EnclaveKind + NewHandshake, C: ConnectionManager> EnclaveEndpointConnect
         &self,
         auth: Auth,
         transport_connector: T,
-    ) -> Result<(AttestedConnection, ConnectionInfo), Error>
+    ) -> Result<(AttestedConnection, ServiceConnectionInfo), Error>
     where
         C: ConnectionManager,
     {
@@ -330,7 +330,7 @@ async fn connect_attested<C: ConnectionManager, T: TransportConnector>(
     auth: Auth,
     transport_connector: T,
     do_handshake: &(dyn Sync + Fn(&[u8]) -> enclave::Result<enclave::Handshake>),
-) -> Result<(AttestedConnection, ConnectionInfo), Error> {
+) -> Result<(AttestedConnection, ServiceConnectionInfo), Error> {
     let connector = WebSocketStreamConnector::new(
         transport_connector,
         WebSocketRouteFragment {
diff --git a/rust/net/tests/fake_transport/connector.rs b/rust/net/tests/fake_transport/connector.rs
index 3f79ecb38..b8d38f7a1 100644
--- a/rust/net/tests/fake_transport/connector.rs
+++ b/rust/net/tests/fake_transport/connector.rs
@@ -9,7 +9,7 @@ use std::sync::{Arc, Mutex};
 use async_trait::async_trait;
 use libsignal_net::infra::errors::TransportConnectError;
 use libsignal_net::infra::{
-    Alpn, ConnectionInfo, DnsSource, RouteType, StreamAndInfo, TransportConnectionParams,
+    Alpn, DnsSource, RouteType, ServiceConnectionInfo, StreamAndInfo, TransportConnectionParams,
     TransportConnector,
 };
 use tokio::io::DuplexStream;
@@ -97,7 +97,7 @@ impl TransportConnector for FakeTransportConnector {
 
         Ok(StreamAndInfo(
             client_stream,
-            ConnectionInfo {
+            ServiceConnectionInfo {
                 route_type: RouteType::Direct,
                 dns_source: DnsSource::Static,
                 address: tcp_host.clone(),

From 7823c97b8a97db44e0babc7cd310731ad3e0f16d Mon Sep 17 00:00:00 2001
From: Alex Konradi <akonradi@signal.org>
Date: Thu, 21 Nov 2024 16:21:56 -0500
Subject: [PATCH 21/57] Fix deadlock bug in ConnectState::connect_ws

---
 Cargo.lock                            |  12 ++
 acknowledgments/acknowledgments.html  |  31 ++++-
 acknowledgments/acknowledgments.md    |  27 +++++
 acknowledgments/acknowledgments.plist |  31 +++++
 rust/net/infra/Cargo.toml             |   1 +
 rust/net/infra/src/dns.rs             |   1 +
 rust/net/infra/src/route.rs           |  17 +--
 rust/net/infra/src/route/connect.rs   |  29 +++++
 rust/net/src/connect_state.rs         | 161 ++++++++++++++++++++++++--
 9 files changed, 289 insertions(+), 21 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 20e882cf8..ff98b1abe 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2429,6 +2429,7 @@ dependencies = [
  "tokio-util",
  "tungstenite 0.23.0",
  "url",
+ "visibility",
  "warp",
 ]
 
@@ -4816,6 +4817,17 @@ version = "0.9.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
 
+[[package]]
+name = "visibility"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d674d135b4a8c1d7e813e2f8d1c9a58308aee4a680323066025e53132218bd91"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.77",
+]
+
 [[package]]
 name = "wait-timeout"
 version = "0.2.0"
diff --git a/acknowledgments/acknowledgments.html b/acknowledgments/acknowledgments.html
index 12dc620ad..581276f3e 100644
--- a/acknowledgments/acknowledgments.html
+++ b/acknowledgments/acknowledgments.html
@@ -46,7 +46,7 @@ <h1>Third Party Licenses</h1>
     
         <h2>Overview of licenses:</h2>
         <ul class="licenses-overview">
-            <li><a href="#MIT">MIT License</a> (332)</li>
+            <li><a href="#MIT">MIT License</a> (333)</li>
             <li><a href="#AGPL-3.0">GNU Affero General Public License v3.0</a> (29)</li>
             <li><a href="#Apache-2.0">Apache License 2.0</a> (16)</li>
             <li><a href="#BSD-3-Clause">BSD 3-Clause &quot;New&quot; or &quot;Revised&quot; License</a> (9)</li>
@@ -7325,6 +7325,35 @@ <h4>Used by:</h4>
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 
+THE SOFTWARE IS PROVIDED &quot;AS IS&quot;, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+</pre>
+            </li>
+            <li class="license">
+                <h3 id="MIT">MIT License</h3>
+                <h4>Used by:</h4>
+                <ul class="license-used-by">
+                    <li><a href="https://github.com/danielhenrymantilla/visibility.rs">visibility 0.1.1</a></li>
+                </ul>
+                <pre class="license-text">MIT License
+
+Copyright (c) 2024 Daniel Henry-Mantilla
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the &quot;Software&quot;), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
 THE SOFTWARE IS PROVIDED &quot;AS IS&quot;, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
diff --git a/acknowledgments/acknowledgments.md b/acknowledgments/acknowledgments.md
index 2acb72816..4df0869f9 100644
--- a/acknowledgments/acknowledgments.md
+++ b/acknowledgments/acknowledgments.md
@@ -6808,6 +6808,33 @@ SOFTWARE.
 
 ```
 
+## visibility 0.1.1
+
+```
+MIT License
+
+Copyright (c) 2024 Daniel Henry-Mantilla
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+```
+
 ## cesu8 1.1.0, half 2.4.1, pqcrypto-internals 0.2.5, pqcrypto-kyber 0.7.9, pqcrypto-kyber 0.8.1, pqcrypto-traits 0.3.5
 
 ```
diff --git a/acknowledgments/acknowledgments.plist b/acknowledgments/acknowledgments.plist
index e10bdf868..43eac9b67 100644
--- a/acknowledgments/acknowledgments.plist
+++ b/acknowledgments/acknowledgments.plist
@@ -7494,6 +7494,37 @@ SOFTWARE.
 			<key>FooterText</key>
 			<string>MIT License
 
+Copyright (c) 2024 Daniel Henry-Mantilla
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the &quot;Software&quot;), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED &quot;AS IS&quot;, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+</string>
+			<key>License</key>
+			<string>MIT License</string>
+			<key>Title</key>
+			<string>visibility 0.1.1</string>
+			<key>Type</key>
+			<string>PSGroupSpecifier</string>
+		</dict>
+		<dict>
+			<key>FooterText</key>
+			<string>MIT License
+
 Copyright (c) &lt;year&gt; &lt;copyright holders&gt;
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the &quot;Software&quot;), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
diff --git a/rust/net/infra/Cargo.toml b/rust/net/infra/Cargo.toml
index 1528c91aa..5b6c15a0d 100644
--- a/rust/net/infra/Cargo.toml
+++ b/rust/net/infra/Cargo.toml
@@ -50,6 +50,7 @@ tokio-tungstenite = "0.23.0"
 tokio-util = "0.7.9"
 tungstenite = { version = "0.23.0", features = ["url"] }
 url = "2.4.1"
+visibility = "0.1.1"
 warp = { version = "0.3.6", features = ["tls"], optional = true }
 
 [dev-dependencies]
diff --git a/rust/net/infra/src/dns.rs b/rust/net/infra/src/dns.rs
index dbdf69414..6076900bd 100644
--- a/rust/net/infra/src/dns.rs
+++ b/rust/net/infra/src/dns.rs
@@ -102,6 +102,7 @@ impl DnsResolver {
 
     /// Creates a DNS resolver that will only use a provided static map
     /// to resolve DNS lookups
+    #[cfg_attr(feature = "test-util", visibility::make(pub))]
     pub(crate) fn new_from_static_map(static_map: HashMap<&'static str, LookupResult>) -> Self {
         DnsResolver {
             lookup_options: Arc::new([LookupOption {
diff --git a/rust/net/infra/src/route.rs b/rust/net/infra/src/route.rs
index d65c92250..b20eecb9c 100644
--- a/rust/net/infra/src/route.rs
+++ b/rust/net/infra/src/route.rs
@@ -309,6 +309,7 @@ impl From<Arc<str>> for UnresolvedHost {
 pub mod testutils {
     use std::net::IpAddr;
 
+    pub use super::connect::testutils::*;
     pub use super::resolve::testutils::*;
     use super::*;
 
@@ -342,6 +343,14 @@ pub mod testutils {
             Duration::ZERO
         }
     }
+
+    impl<R: Clone> RouteProvider for Vec<R> {
+        type Route = R;
+
+        fn routes(&self) -> impl Iterator<Item = Self::Route> + '_ {
+            self.iter().cloned()
+        }
+    }
 }
 
 #[cfg(test)]
@@ -672,14 +681,6 @@ mod test {
         }
     }
 
-    impl<R: Clone> RouteProvider for Vec<R> {
-        type Route = R;
-
-        fn routes(&self) -> impl Iterator<Item = Self::Route> + '_ {
-            self.iter().cloned()
-        }
-    }
-
     #[tokio::test(start_paused = true)]
     async fn connect_slows_down_after_starting_a_connection() {
         const HOSTNAMES: &[(&str, Ipv4Addr)] = &[
diff --git a/rust/net/infra/src/route/connect.rs b/rust/net/infra/src/route/connect.rs
index 272adb1e8..9c4d3526b 100644
--- a/rust/net/infra/src/route/connect.rs
+++ b/rust/net/infra/src/route/connect.rs
@@ -268,3 +268,32 @@ impl From<std::io::Error> for WebSocketConnectError {
         Self::WebSocketError(value.into())
     }
 }
+
+#[cfg(any(test, feature = "test-util"))]
+pub mod testutils {
+    use super::*;
+
+    /// [`Connector`] impl that wraps a [`Fn`].
+    ///
+    /// Using unnamed functions as Connector impls isn't great for readability,
+    /// so only allow it in test code.
+    pub struct ConnectFn<F>(pub F);
+
+    impl<R, Inner, Fut, F, C, E> Connector<R, Inner> for ConnectFn<F>
+    where
+        F: Fn(Inner, R) -> Fut,
+        Fut: Future<Output = Result<C, E>> + Send,
+    {
+        type Connection = C;
+
+        type Error = E;
+
+        fn connect_over(
+            &self,
+            over: Inner,
+            route: R,
+        ) -> impl Future<Output = Result<Self::Connection, Self::Error>> + Send {
+            self.0(over, route)
+        }
+    }
+}
diff --git a/rust/net/src/connect_state.rs b/rust/net/src/connect_state.rs
index b1cb11488..53860e173 100644
--- a/rust/net/src/connect_state.rs
+++ b/rust/net/src/connect_state.rs
@@ -15,8 +15,9 @@ use libsignal_net_infra::route::{
     StatelessTransportConnector, TransportRoute, UnresolvedWebsocketServiceRoute,
     WebSocketRouteFragment, WebSocketServiceRoute,
 };
+use libsignal_net_infra::ws::WebSocketConnectError;
 use libsignal_net_infra::ws2::attested::AttestedConnection;
-use libsignal_net_infra::AsHttpHeader as _;
+use libsignal_net_infra::{AsHttpHeader as _, AsyncDuplexStream};
 use tokio::time::Instant;
 
 use crate::auth::Auth;
@@ -24,20 +25,14 @@ use crate::ws::WebSocketServiceConnectError;
 
 /// Endpoint-agnostic state for establishing a connection with
 /// [`crate::infra::route::connect`].
-pub struct ConnectState {
+pub struct ConnectState<TC = StatelessTransportConnector> {
     pub route_resolver: RouteResolver,
     /// Transport-level connector used for all connections.
-    transport_connector: StatelessTransportConnector,
+    transport_connector: TC,
     /// Record of connection outcomes.
     attempts_record: ConnectionOutcomes<WebSocketServiceRoute>,
 }
 
-/// The type of connection produced by [`StatelessTransportConnector`].
-///
-/// Extracted as a type alias for readability.
-type StatelessTransportConnection =
-    <StatelessTransportConnector as Connector<TransportRoute, ()>>::Connection;
-
 impl ConnectState {
     pub fn new(connect_params: ConnectionOutcomeParams) -> tokio::sync::RwLock<Self> {
         Self {
@@ -47,7 +42,13 @@ impl ConnectState {
         }
         .into()
     }
+}
 
+impl<TC> ConnectState<TC>
+where
+    TC: Connector<TransportRoute, ()> + Sync,
+    TC::Error: Into<WebSocketConnectError>,
+{
     pub async fn connect_ws<WC, E>(
         this: &tokio::sync::RwLock<Self>,
         routes: impl RouteProvider<Route = UnresolvedWebsocketServiceRoute>,
@@ -59,7 +60,7 @@ impl ConnectState {
     where
         WC: Connector<
                 (WebSocketRouteFragment, HttpRouteFragment),
-                StatelessTransportConnection,
+                TC::Connection,
                 Error = tungstenite::Error,
             > + Send
             + Sync,
@@ -83,6 +84,11 @@ impl ConnectState {
         )
         .await;
 
+        // Drop our read lock so we can re-acquire as a writer. It's okay if we
+        // race with other writers since the order in which updates are applied
+        // doesn't matter.
+        drop(connect_read);
+
         this.write()
             .await
             .attempts_record
@@ -92,14 +98,17 @@ impl ConnectState {
     }
 
     pub(crate) async fn connect_attested_ws(
-        connect: &tokio::sync::RwLock<ConnectState>,
+        connect: &tokio::sync::RwLock<Self>,
         routes: impl RouteProvider<Route = UnresolvedWebsocketServiceRoute>,
         auth: Auth,
         resolver: &DnsResolver,
         confirmation_header_name: Option<HeaderName>,
         ws_config: libsignal_net_infra::ws2::Config,
         new_handshake: impl FnOnce(&[u8]) -> Result<attest::enclave::Handshake, attest::enclave::Error>,
-    ) -> Result<AttestedConnection, crate::enclave::Error> {
+    ) -> Result<AttestedConnection, crate::enclave::Error>
+    where
+        TC::Connection: AsyncDuplexStream + 'static,
+    {
         let ws_routes = routes.map_routes(|mut route| {
             route.fragment.headers.extend([auth.as_header()]);
             route
@@ -131,3 +140,131 @@ impl ConnectState {
             .map_err(Into::into)
     }
 }
+
+#[cfg(test)]
+mod test {
+    use std::collections::HashMap;
+    use std::sync::Arc;
+    use std::time::Duration;
+
+    use assert_matches::assert_matches;
+    use const_str::ip_addr;
+    use http::uri::PathAndQuery;
+    use http::HeaderMap;
+    use libsignal_net_infra::certs::RootCertificates;
+    use libsignal_net_infra::dns::lookup_result::LookupResult;
+    use libsignal_net_infra::host::Host;
+    use libsignal_net_infra::route::testutils::ConnectFn;
+    use libsignal_net_infra::route::{
+        DirectOrProxyRoute, HttpsTlsRoute, TcpRoute, TlsRoute, TlsRouteFragment, UnresolvedHost,
+        WebSocketRoute,
+    };
+    use libsignal_net_infra::{Alpn, DnsSource};
+    use nonzero_ext::nonzero;
+
+    use super::*;
+
+    const FAKE_CONNECT_PARAMS: ConnectionOutcomeParams = ConnectionOutcomeParams {
+        age_cutoff: Duration::from_secs(100),
+        cooldown_growth_factor: 10.0,
+        count_growth_factor: 10.0,
+        max_count: 3,
+        max_delay: Duration::from_secs(5),
+    };
+
+    #[tokio::test(start_paused = true)]
+    async fn connect_ws_successful() {
+        // This doesn't actually matter since we're using a fake connector, but
+        // using the real route type is easier than trying to add yet more
+        // generic parameters.
+        let fake_transport_route = TlsRoute {
+            fragment: TlsRouteFragment {
+                root_certs: RootCertificates::Native,
+                sni: Host::Domain("fake-sni".into()),
+                alpn: Some(Alpn::Http1_1),
+            },
+            inner: DirectOrProxyRoute::Direct(TcpRoute {
+                address: UnresolvedHost::from(Arc::from("direct-host")),
+                port: nonzero!(1234u16),
+            }),
+        };
+
+        let failing_route = WebSocketRoute {
+            fragment: WebSocketRouteFragment {
+                ws_config: Default::default(),
+                endpoint: PathAndQuery::from_static("/failing"),
+                headers: HeaderMap::new(),
+            },
+            inner: HttpsTlsRoute {
+                fragment: HttpRouteFragment {
+                    host_header: "failing-host".into(),
+                    path_prefix: "".into(),
+                },
+                inner: fake_transport_route.clone(),
+            },
+        };
+
+        let succeeding_route = WebSocketRoute {
+            fragment: WebSocketRouteFragment {
+                ws_config: Default::default(),
+                endpoint: PathAndQuery::from_static("/successful"),
+                headers: HeaderMap::new(),
+            },
+            inner: HttpsTlsRoute {
+                fragment: HttpRouteFragment {
+                    host_header: "successful-host".into(),
+                    path_prefix: "".into(),
+                },
+                inner: fake_transport_route,
+            },
+        };
+
+        let ws_connector = ConnectFn(|(), route| {
+            let (ws, http) = &route;
+            std::future::ready(
+                if (ws, http) == (&failing_route.fragment, &failing_route.inner.fragment) {
+                    Err(tungstenite::Error::ConnectionClosed)
+                } else {
+                    Ok(route)
+                },
+            )
+        });
+        let resolver = DnsResolver::new_from_static_map(HashMap::from([(
+            "direct-host",
+            LookupResult::new(DnsSource::Static, vec![ip_addr!(v4, "1.1.1.1")], vec![]),
+        )]));
+
+        let fake_transport_connector =
+            ConnectFn(move |(), _| std::future::ready(Ok::<_, WebSocketConnectError>(())));
+
+        let state = ConnectState {
+            route_resolver: RouteResolver::default(),
+            attempts_record: ConnectionOutcomes::new(FAKE_CONNECT_PARAMS),
+            transport_connector: fake_transport_connector,
+        }
+        .into();
+
+        let result = ConnectState::connect_ws(
+            &state,
+            vec![failing_route.clone(), succeeding_route.clone()],
+            ws_connector,
+            &resolver,
+            None,
+            |e| {
+                let e = assert_matches!(e, WebSocketServiceConnectError::Connect(e, _) => e);
+                assert_matches!(
+                    e,
+                    WebSocketConnectError::WebSocketError(tungstenite::Error::ConnectionClosed)
+                );
+                ControlFlow::<()>::Continue(())
+            },
+        )
+        // This previously hung forever due to a deadlock bug.
+        .await;
+
+        assert_eq!(
+            result,
+            Ok((succeeding_route.fragment, succeeding_route.inner.fragment))
+        )
+    }
+}

From 0e5d359eac37a02071875d5502946fde8210c70e Mon Sep 17 00:00:00 2001
From: Alex Konradi <akonradi@signal.org>
Date: Fri, 22 Nov 2024 11:21:30 -0500
Subject: [PATCH 22/57] Use a string label for SVR3 connection info

---
 rust/net/src/enclave.rs       | 57 ++++++++++++++++++++++++++---------
 rust/net/src/svr.rs           | 17 ++++++-----
 rust/net/src/svr3/ppss_ops.rs | 51 +++++++++++++++----------------
 3 files changed, 78 insertions(+), 47 deletions(-)

diff --git a/rust/net/src/enclave.rs b/rust/net/src/enclave.rs
index 0a7ee78ca..8c14580a5 100644
--- a/rust/net/src/enclave.rs
+++ b/rust/net/src/enclave.rs
@@ -4,7 +4,6 @@
 //
 
 use std::marker::PhantomData;
-use std::sync::Arc;
 use std::time::{Duration, SystemTime};
 
 use attest::svr2::RaftConfig;
@@ -16,7 +15,6 @@ use libsignal_net_infra::connection_manager::{
     ConnectionManager, MultiRouteConnectionManager, SingleRouteThrottlingConnectionManager,
 };
 use libsignal_net_infra::errors::LogSafeDisplay;
-use libsignal_net_infra::host::Host;
 use libsignal_net_infra::route::{
     DirectTcpRouteProvider, DomainFrontRouteProvider, HttpsProvider, TlsRouteProvider,
     WebSocketProvider, WebSocketRouteFragment,
@@ -119,24 +117,39 @@ impl Svr3Flavor for Nitro {}
 
 impl Svr3Flavor for Tpm2Snp {}
 
-type ConnectionAndHost = (AttestedConnection, Host<Arc<str>>);
+/// Log-safe human-readable label for a connection.
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub struct ConnectionLabel(String);
+
+pub type LabeledConnection = (AttestedConnection, ConnectionLabel);
 
 pub trait IntoConnectionResults {
-    type ConnectionResults: ArrayIsh<Result<ConnectionAndHost, Error>> + Send;
+    type ConnectionResults: ArrayIsh<Result<LabeledConnection, Error>> + Send;
     fn into_connection_results(self) -> Self::ConnectionResults;
 }
 
-pub trait IntoAttestedConnection: Into<ConnectionAndHost> {}
+/// Provides an [`AttestedConnection`] with a label for logging.
+///
+/// This trait provides useful indirection by allowing us to implement
+/// [`IntoConnectionResults`] for heterogeneous tuples with types that implement
+/// this trait.
+pub trait IntoAttestedConnection {
+    fn into_labeled_connection(self) -> LabeledConnection;
+}
 
-impl IntoAttestedConnection for ConnectionAndHost {}
+impl IntoAttestedConnection for LabeledConnection {
+    fn into_labeled_connection(self) -> LabeledConnection {
+        self
+    }
+}
 
 impl<A> IntoConnectionResults for Result<A, Error>
 where
     A: IntoAttestedConnection,
 {
-    type ConnectionResults = [Result<ConnectionAndHost, Error>; 1];
+    type ConnectionResults = [Result<LabeledConnection, Error>; 1];
     fn into_connection_results(self) -> Self::ConnectionResults {
-        [self.map(Into::into)]
+        [self.map(IntoAttestedConnection::into_labeled_connection)]
     }
 }
 
@@ -145,9 +158,12 @@ where
     A: IntoAttestedConnection,
     B: IntoAttestedConnection,
 {
-    type ConnectionResults = [Result<ConnectionAndHost, Error>; 2];
+    type ConnectionResults = [Result<LabeledConnection, Error>; 2];
     fn into_connection_results(self) -> Self::ConnectionResults {
-        [self.0.map(Into::into), self.1.map(Into::into)]
+        [
+            self.0.map(IntoAttestedConnection::into_labeled_connection),
+            self.1.map(IntoAttestedConnection::into_labeled_connection),
+        ]
     }
 }
 
@@ -157,16 +173,29 @@ where
     B: IntoAttestedConnection,
     C: IntoAttestedConnection,
 {
-    type ConnectionResults = [Result<ConnectionAndHost, Error>; 3];
+    type ConnectionResults = [Result<LabeledConnection, Error>; 3];
     fn into_connection_results(self) -> Self::ConnectionResults {
         [
-            self.0.map(Into::into),
-            self.1.map(Into::into),
-            self.2.map(Into::into),
+            self.0.map(IntoAttestedConnection::into_labeled_connection),
+            self.1.map(IntoAttestedConnection::into_labeled_connection),
+            self.2.map(IntoAttestedConnection::into_labeled_connection),
         ]
     }
 }
 
+impl ConnectionLabel {
+    pub fn from_log_safe(value: String) -> Self {
+        Self(value)
+    }
+}
+
+impl LogSafeDisplay for ConnectionLabel {}
+impl std::fmt::Display for ConnectionLabel {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        f.write_str(&self.0)
+    }
+}
+
 pub trait ArrayIsh<T>: AsRef<[T]> + IntoIterator<Item = T> {
     const N: usize;
 }
diff --git a/rust/net/src/svr.rs b/rust/net/src/svr.rs
index 06b155b82..5638789be 100644
--- a/rust/net/src/svr.rs
+++ b/rust/net/src/svr.rs
@@ -13,22 +13,25 @@ use libsignal_net_infra::TransportConnector;
 
 use crate::auth::Auth;
 pub use crate::enclave::Error;
-use crate::enclave::{EnclaveEndpointConnection, IntoAttestedConnection, NewHandshake, Svr3Flavor};
+use crate::enclave::{
+    ConnectionLabel, EnclaveEndpointConnection, IntoAttestedConnection, LabeledConnection,
+    NewHandshake, Svr3Flavor,
+};
 
 pub struct SvrConnection<Flavor: Svr3Flavor> {
     inner: AttestedConnection,
-    remote_address: Host<std::sync::Arc<str>>,
+    remote_address: Host<Arc<str>>,
     witness: PhantomData<Flavor>,
 }
 
-impl<Flavor: Svr3Flavor> From<SvrConnection<Flavor>> for (AttestedConnection, Host<Arc<str>>) {
-    fn from(conn: SvrConnection<Flavor>) -> Self {
-        (conn.inner, conn.remote_address)
+impl<Flavor: Svr3Flavor> IntoAttestedConnection for SvrConnection<Flavor> {
+    fn into_labeled_connection(self) -> LabeledConnection {
+        let label = ConnectionLabel::from_log_safe(self.remote_address.to_string());
+        let connection = self.inner;
+        (connection, label)
     }
 }
 
-impl<Flavor: Svr3Flavor> IntoAttestedConnection for SvrConnection<Flavor> {}
-
 impl<E: Svr3Flavor> SvrConnection<E>
 where
     E: Svr3Flavor + NewHandshake + Sized,
diff --git a/rust/net/src/svr3/ppss_ops.rs b/rust/net/src/svr3/ppss_ops.rs
index ee75c72c4..78136b225 100644
--- a/rust/net/src/svr3/ppss_ops.rs
+++ b/rust/net/src/svr3/ppss_ops.rs
@@ -9,12 +9,11 @@
 //! each individual operation, as implied by `Svr3Client` trait.
 use std::collections::VecDeque;
 use std::num::NonZeroU32;
-use std::sync::Arc;
 
 use futures_util::future::join_all;
-use libsignal_net_infra::host::Host;
+use futures_util::TryFutureExt as _;
 use libsignal_net_infra::ws::NextOrClose;
-use libsignal_net_infra::ws2::attested::{run_attested_interaction, AttestedConnection};
+use libsignal_net_infra::ws2::attested::AttestedConnectionError;
 use libsignal_svr3::{
     Backup4, EvaluationResult, MaskedSecret, Query4, Remove4, Restore1, RotationMachine,
     MAX_ROTATION_STEPS,
@@ -22,7 +21,9 @@ use libsignal_svr3::{
 use rand_core::CryptoRngCore;
 
 use super::{Error, OpaqueMaskedShareSet};
-use crate::enclave::{ArrayIsh, IntoConnectionResults, PpssSetup};
+use crate::enclave::{
+    ArrayIsh, ConnectionLabel, IntoConnectionResults, LabeledConnection, PpssSetup,
+};
 
 pub async fn do_backup<Env: PpssSetup>(
     connect_results: Env::ConnectionResults,
@@ -33,7 +34,6 @@ pub async fn do_backup<Env: PpssSetup>(
 ) -> Result<OpaqueMaskedShareSet, Error> {
     let ConnectionContext {
         mut connections,
-        addresses,
         errors,
     } = ConnectionContext::new(connect_results);
     if let Some(err) = errors.into_iter().next() {
@@ -56,7 +56,7 @@ pub async fn do_backup<Env: PpssSetup>(
         .await
         .into_iter()
         .collect::<Result<Vec<_>, _>>();
-    collect_responses(results?, addresses.iter())?;
+    collect_responses(results?)?;
     Ok(OpaqueMaskedShareSet::new(backup.masked_secret))
 }
 
@@ -68,7 +68,6 @@ pub async fn do_restore(
 ) -> Result<EvaluationResult, Error> {
     let ConnectionContext {
         mut connections,
-        addresses,
         errors,
     } = ConnectionContext::new(connect_results);
     if let Some(err) = errors.into_iter().next() {
@@ -87,12 +86,12 @@ pub async fn do_restore(
             .await
             .into_iter()
             .collect::<Result<Vec<_>, _>>();
-        collect_responses(results?, addresses.iter())?
+        collect_responses(results?)?
     };
 
     let handshake_hashes = connections
         .iter()
-        .map(|c| c.handshake_hash())
+        .map(|c| c.0.handshake_hash())
         .collect::<Vec<_>>();
     let restore2 = restore1.restore2(&responses1, &handshake_hashes, rng)?;
     let tries_remaining = restore2.tries_remaining;
@@ -105,7 +104,7 @@ pub async fn do_restore(
             .await
             .into_iter()
             .collect::<Result<Vec<_>, _>>();
-        collect_responses(results?, addresses.iter())?
+        collect_responses(results?)?
     };
     let output = restore2.restore(&responses2)?;
 
@@ -118,7 +117,6 @@ pub async fn do_restore(
 pub async fn do_remove(connect_results: impl IntoConnectionResults) -> Result<(), Error> {
     let ConnectionContext {
         mut connections,
-        addresses,
         errors,
     } = ConnectionContext::new(connect_results);
     for err in errors {
@@ -135,14 +133,13 @@ pub async fn do_remove(connect_results: impl IntoConnectionResults) -> Result<()
         .await
         .into_iter()
         .collect::<Result<Vec<_>, _>>();
-    let _responses = collect_responses(results?, addresses.iter())?;
+    collect_responses(results?)?;
     Ok(())
 }
 
 pub async fn do_query(connect_results: impl IntoConnectionResults) -> Result<u32, Error> {
     let ConnectionContext {
         mut connections,
-        addresses,
         errors,
     } = ConnectionContext::new(connect_results);
     if let Some(err) = errors.into_iter().next() {
@@ -157,7 +154,7 @@ pub async fn do_query(connect_results: impl IntoConnectionResults) -> Result<u32
         .await
         .into_iter()
         .collect::<Result<Vec<_>, _>>();
-    let responses = collect_responses(results?, addresses.iter())?;
+    let responses = collect_responses(results?)?;
     Ok(Query4::finalize(&responses)?)
 }
 
@@ -168,7 +165,6 @@ pub async fn do_rotate(
 ) -> Result<(), Error> {
     let ConnectionContext {
         mut connections,
-        addresses,
         errors,
     } = ConnectionContext::new(connect_results);
     if let Some(err) = errors.into_iter().next() {
@@ -191,7 +187,7 @@ pub async fn do_rotate(
             .await
             .into_iter()
             .collect::<Result<Vec<_>, _>>();
-        let responses = collect_responses(results?, addresses.iter())?;
+        let responses = collect_responses(results?)?;
         rotation_machine.handle_responses(responses.as_ref())?;
     }
     if rotation_machine.is_done() {
@@ -201,41 +197,44 @@ pub async fn do_rotate(
     }
 }
 
+async fn run_attested_interaction<'a>(
+    connection: &mut LabeledConnection,
+    request: impl AsRef<[u8]>,
+) -> Result<(NextOrClose<Vec<u8>>, &ConnectionLabel), AttestedConnectionError> {
+    libsignal_net_infra::ws2::attested::run_attested_interaction(&mut connection.0, request)
+        .map_ok(|n| (n, &connection.1))
+        .await
+}
+
 struct ConnectionContext {
-    connections: Vec<AttestedConnection>,
-    addresses: Vec<Host<Arc<str>>>,
+    connections: Vec<LabeledConnection>,
     errors: VecDeque<Error>,
 }
 
 impl ConnectionContext {
     fn new<Arr: IntoConnectionResults>(connect_results: Arr) -> Self {
         let mut connections = Vec::with_capacity(Arr::ConnectionResults::N);
-        let mut addresses = Vec::with_capacity(Arr::ConnectionResults::N);
         let mut errors = VecDeque::with_capacity(Arr::ConnectionResults::N);
         for connect_result in connect_results.into_connection_results().into_iter() {
             match connect_result {
                 Ok((connection, remote_address)) => {
-                    addresses.push(remote_address);
-                    connections.push(connection);
+                    connections.push((connection, remote_address));
                 }
                 Err(err) => errors.push_back(err.into()),
             }
         }
         Self {
             connections,
-            addresses,
             errors,
         }
     }
 }
 
 fn collect_responses<'a>(
-    results: impl IntoIterator<Item = NextOrClose<Vec<u8>>>,
-    addresses: impl IntoIterator<Item = &'a Host<impl AsRef<str> + 'a>>,
+    results: impl IntoIterator<Item = (NextOrClose<Vec<u8>>, &'a ConnectionLabel)>,
 ) -> Result<Vec<Vec<u8>>, Error> {
     results
         .into_iter()
-        .zip(addresses)
         .map(|(next_or_close, address)| {
             next_or_close.next_or(Error::Protocol(format!("no response from {}", address)))
         })
@@ -266,7 +265,7 @@ mod test {
     struct NotConnectedResults;
 
     impl IntoConnectionResults for NotConnectedResults {
-        type ConnectionResults = [Result<(AttestedConnection, Host<Arc<str>>), Error>; 2];
+        type ConnectionResults = [Result<LabeledConnection, Error>; 2];
 
         fn into_connection_results(self) -> Self::ConnectionResults {
             [

From f73b2ed33c65d747ea646c8212d46ee8513dbd4c Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Fri, 22 Nov 2024 10:36:02 -0800
Subject: [PATCH 23/57] backup: Add benchmarks for the various parts of
 validation

---
 Cargo.lock                                    |   3 +
 Cargo.toml                                    |   1 +
 TESTING.md                                    |   9 +
 rust/message-backup/Cargo.toml                |  20 +-
 rust/message-backup/benches/generation/mod.rs | 220 +++++++++
 rust/message-backup/benches/validation.rs     | 443 ++++++++++++++++++
 .../message-backup/examples/encrypt_backup.rs |  56 +--
 rust/message-backup/src/export.rs             |  61 +++
 rust/message-backup/src/frame.rs              |  10 +-
 rust/message-backup/src/frame/aes_read.rs     |  11 +-
 rust/message-backup/src/frame/mac_read.rs     |   6 +-
 rust/message-backup/src/lib.rs                |  18 +
 rust/message-backup/src/parse.rs              |   7 +-
 rust/net/infra/Cargo.toml                     |   2 +-
 14 files changed, 802 insertions(+), 65 deletions(-)
 create mode 100644 rust/message-backup/benches/generation/mod.rs
 create mode 100644 rust/message-backup/benches/validation.rs
 create mode 100644 rust/message-backup/src/export.rs

diff --git a/Cargo.lock b/Cargo.lock
index ff98b1abe..5670a6b6a 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2264,6 +2264,7 @@ dependencies = [
  "cbc",
  "clap",
  "clap-stdin",
+ "criterion",
  "derive-where",
  "dir-test",
  "displaydoc",
@@ -2291,6 +2292,7 @@ dependencies = [
  "protobuf",
  "protobuf-codegen",
  "protobuf-json-mapping",
+ "rand",
  "serde",
  "serde_json",
  "sha2",
@@ -2303,6 +2305,7 @@ dependencies = [
  "thiserror",
  "usernames",
  "uuid",
+ "visibility",
  "zkcredential",
  "zkgroup",
 ]
diff --git a/Cargo.toml b/Cargo.toml
index 885fef601..6645b8e4b 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -150,6 +150,7 @@ thiserror = "1.0.57"
 tokio = "1"
 tokio-stream = "0.1.14"
 uuid = "1.1.2"
+visibility = "0.1.1"
 x25519-dalek = "2.0.0"
 zerocopy = "0.7.34"
 
diff --git a/TESTING.md b/TESTING.md
index d4623ee0d..aec98e3f2 100644
--- a/TESTING.md
+++ b/TESTING.md
@@ -17,6 +17,15 @@ For the most part, libsignal is tested using each language's usual testing infra
 However, sometimes there are some more interesting test configurations; those are documented here.
 
 
+# Rust Benchmarks
+
+- If you are testing on an ARM64 device (including Desktop), you should compile with `RUSTFLAGS="--cfg aes_armv8"` to enable hardware support in the `aes` crate.
+
+- Similarly, although most tests are not very sensitive to the speed of SHA-2, you should also compile with `--features sha2/asm`. (`libsignal-message-backup` turns this on by default as a dev-dependency.) This will go away when we get to update to sha2 0.11.
+
+All of these configuration options are normally set either at the bridge crate level or in the build scripts for each bridged platform, but they may not be set when running with plain `cargo bench`.
+
+
 # Running cross-compiling Rust tests with custom runners
 
 Rust allows running tests with cross-compiled targets, but normally that only works if your system supports executing the cross-compiled binary (like Intel targets on ARM64 macOS or Windows, or 32-bit targets on 64-bit Linux or Windows). However, by overriding the "runner" setting for a particular target, we can run cross-compiled tests as well.
diff --git a/rust/message-backup/Cargo.toml b/rust/message-backup/Cargo.toml
index 356a20843..27943ce9e 100644
--- a/rust/message-backup/Cargo.toml
+++ b/rust/message-backup/Cargo.toml
@@ -15,6 +15,7 @@ workspace = true
 [features]
 # Enables code to allow conversion of backups to and from JSON.
 json = ["dep:serde_json", "dep:protobuf-json-mapping"]
+test-util = []
 
 [[example]]
 name = "json_to_binproto"
@@ -24,6 +25,11 @@ required-features = ["json"]
 name = "binproto_to_json"
 required-features = ["json"]
 
+[[bench]]
+name = "validation"
+harness = false
+required-features = ["test-util"]
+
 [dependencies]
 libsignal-account-keys = { workspace = true }
 libsignal-core = { workspace = true }
@@ -67,14 +73,16 @@ strum_macros = { version = "0.26.4" }
 subtle = { workspace = true }
 thiserror = { workspace = true }
 uuid = { workspace = true, features = ["serde"] }
+visibility = { workspace = true }
 
 [dev-dependencies]
-libsignal-message-backup = { path = "./", features = ["json"] }
+libsignal-message-backup = { path = "./", features = ["json", "test-util"] }
 signal-crypto = { workspace = true }
 
 array-concat = { workspace = true }
 assert_cmd = "2.0.13"
 assert_matches = { workspace = true }
+criterion = { workspace = true }
 dir-test = "0.2.0"
 futures = { workspace = true, features = ["executor"] }
 hex-literal = { workspace = true }
@@ -82,9 +90,19 @@ json5 = "0.4.1"
 nonzero_ext = { workspace = true }
 once_cell = { workspace = true }
 pretty_assertions = { workspace = true }
+rand = { workspace = true }
 test-case = { workspace = true }
 test-log = "0.2.14"
+uuid = { workspace = true, features = ["v4"] }
 
 [build-dependencies]
 protobuf = "3.3.0"
 protobuf-codegen = "3.3.0"
+
+# Enable sha2 asm for local builds (there is a similar block in libsignal-bridge-types).
+[target.'cfg(not(any(windows, target_arch = "x86")))'.dev-dependencies]
+# sha2's asm implementation uses standalone .S files that aren't compiled correctly on Windows,
+# and aren't linked correctly on x86 Android.
+# This will be fixed in sha2 0.11, which also removes the "asm" feature and turns it on by default.
+# So when sha2 0.11 is released, this section will go away.
+sha2 = { workspace = true, features = ["asm"] }
diff --git a/rust/message-backup/benches/generation/mod.rs b/rust/message-backup/benches/generation/mod.rs
new file mode 100644
index 000000000..2975c03e5
--- /dev/null
+++ b/rust/message-backup/benches/generation/mod.rs
@@ -0,0 +1,220 @@
+//
+// Copyright 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+
+use std::str::FromStr as _;
+use std::time::SystemTime;
+
+use futures::{StreamExt as _, TryStreamExt as _};
+use libsignal_account_keys::{AccountEntropyPool, BackupKey};
+use libsignal_message_backup::export::{
+    aes_cbc_encrypt, gzip_compress, hmac_checksum, pad_gzipped_bucketed,
+};
+use libsignal_message_backup::key::MessageBackupKey;
+use libsignal_message_backup::proto::backup as proto;
+use protobuf::Message as _;
+use rand::rngs::OsRng;
+use rand::RngCore as _;
+
+use super::{DEFAULT_ACCOUNT_ENTROPY, DEFAULT_ACI};
+
+/// Generates a compressed, encrypted, MAC'd backup with the given settings.
+///
+/// The backup is not very realistic, just `number_of_conversations` 1:1 conversations and
+/// `number_of_messages` total messages in those conversations.
+pub fn generate_backup(number_of_conversations: usize, number_of_messages: usize) -> Vec<u8> {
+    let account_entropy = AccountEntropyPool::from_str(DEFAULT_ACCOUNT_ENTROPY).expect("valid");
+    let backup_key = BackupKey::derive_from_account_entropy_pool(&account_entropy);
+    let backup_id = backup_key.derive_backup_id(&DEFAULT_ACI);
+    let message_backup_key = MessageBackupKey::derive(&backup_key, &backup_id);
+
+    let iv = {
+        let mut iv = [0; 16];
+        OsRng.fill_bytes(&mut iv);
+        iv
+    };
+
+    let uncompressed = generate_backup_frames(number_of_conversations, number_of_messages)
+        .map(Ok)
+        .into_async_read();
+
+    let mut compressed_contents = gzip_compress(futures::io::BufReader::new(uncompressed));
+    pad_gzipped_bucketed(&mut compressed_contents);
+    aes_cbc_encrypt(&message_backup_key.aes_key, &iv, &mut compressed_contents);
+    let hmac = hmac_checksum(&message_backup_key.hmac_key, &iv, &compressed_contents);
+    compressed_contents.splice(0..0, iv);
+    compressed_contents.extend(hmac);
+
+    compressed_contents
+}
+
+fn generate_backup_frames(
+    number_of_conversations: usize,
+    number_of_messages: usize,
+) -> impl futures::Stream<Item = Vec<u8>> {
+    fn frame(item: impl Into<proto::frame::Item>) -> proto::Frame {
+        proto::Frame {
+            item: Some(item.into()),
+            ..Default::default()
+        }
+    }
+
+    let backup_info = futures::stream::once(std::future::ready(
+        proto::BackupInfo {
+            version: 1,
+            backupTimeMs: SystemTime::now()
+                .duration_since(SystemTime::UNIX_EPOCH)
+                .unwrap()
+                .as_millis()
+                .try_into()
+                .unwrap(),
+            mediaRootBackupKey: vec![0; 32],
+            ..Default::default()
+        }
+        .write_length_delimited_to_bytes()
+        .unwrap(),
+    ));
+
+    // Based on Desktop's similar test defaults,
+    // https://github.com/signalapp/Signal-Desktop/blob/0bc6368c642a7ddf2456e994db1016034380f72d/ts/test-both/helpers/generateBackup.ts#L105
+    let account_data = futures::stream::once(std::future::ready(
+        frame(proto::AccountData {
+            profileKey: vec![1; 32],
+            givenName: "Backup".into(),
+            familyName: "Benchmark".into(),
+            accountSettings: Some(proto::account_data::AccountSettings {
+                displayBadgesOnProfile: true,
+                hasSetMyStoriesPrivacy: true,
+                hasSeenGroupStoryEducationSheet: true,
+                hasCompletedUsernameOnboarding: true,
+                phoneNumberSharingMode: proto::account_data::PhoneNumberSharingMode::EVERYBODY
+                    .into(),
+                ..Default::default()
+            })
+            .into(),
+            ..Default::default()
+        })
+        .write_length_delimited_to_bytes()
+        .unwrap(),
+    ));
+
+    let self_id = 0;
+    let self_recipient = futures::stream::once(std::future::ready(
+        frame(proto::Recipient {
+            id: self_id,
+            destination: Some(proto::recipient::Destination::Self_(Default::default())),
+            ..Default::default()
+        })
+        .write_length_delimited_to_bytes()
+        .unwrap(),
+    ));
+
+    let recipient_frames = futures::stream::iter((1..).map(|id| {
+        frame(proto::Recipient {
+            id,
+            destination: Some(
+                proto::Contact {
+                    aci: Some(uuid::Uuid::new_v4().into_bytes().into()),
+                    visibility: proto::contact::Visibility::VISIBLE.into(),
+                    profileKey: Some(vec![2; 32]),
+                    profileSharing: true,
+                    profileGivenName: Some(format!("Contact {id}")),
+                    profileFamilyName: Some("Generated".into()),
+                    registration: Some(
+                        proto::contact::Registration::Registered(Default::default()),
+                    ),
+                    ..Default::default()
+                }
+                .into(),
+            ),
+            ..Default::default()
+        })
+        .write_length_delimited_to_bytes()
+        .unwrap()
+    }))
+    .take(number_of_conversations);
+
+    let chat_frames = futures::stream::iter((1..).map(|id| {
+        frame(proto::Chat {
+            id,
+            recipientId: id,
+            expireTimerVersion: 1,
+            ..Default::default()
+        })
+        .write_length_delimited_to_bytes()
+        .unwrap()
+    }))
+    .take(number_of_conversations);
+
+    const START_OF_2024_IN_MILLIS: u64 = 1704067200000; // 2024-01-01T00:00:00Z
+    let message_frames = futures::stream::iter((1..).map(move |i| {
+        let number_of_conversations = u64::try_from(number_of_conversations).unwrap();
+        let chat_id = i % number_of_conversations + 1; // skip the Self recipient
+        let date_sent = START_OF_2024_IN_MILLIS + i * 1000;
+
+        let is_incoming = (i % 2) == 0;
+        let directional_details: proto::chat_item::DirectionalDetails = if is_incoming {
+            proto::chat_item::IncomingMessageDetails {
+                dateReceived: date_sent,
+                dateServerSent: Some(date_sent),
+                read: true,
+                sealedSender: true,
+                ..Default::default()
+            }
+            .into()
+        } else {
+            proto::chat_item::OutgoingMessageDetails {
+                sendStatus: vec![proto::SendStatus {
+                    recipientId: chat_id,
+                    timestamp: date_sent,
+                    deliveryStatus: Some(proto::send_status::DeliveryStatus::Delivered(
+                        proto::send_status::Delivered {
+                            sealedSender: true,
+                            ..Default::default()
+                        },
+                    )),
+                    ..Default::default()
+                }],
+                ..Default::default()
+            }
+            .into()
+        };
+
+        let is_long_message = (i % 11) == 0;
+        let body = if is_long_message {
+            format!("A longer message ({i})\n").repeat(20)
+        } else {
+            format!("Message {i}")
+        };
+
+        frame(proto::ChatItem {
+            chatId: chat_id,
+            authorId: if is_incoming { chat_id } else { self_id },
+            dateSent: date_sent,
+            item: Some(
+                proto::StandardMessage {
+                    text: Some(proto::Text {
+                        body,
+                        ..Default::default()
+                    })
+                    .into(),
+                    ..Default::default()
+                }
+                .into(),
+            ),
+            directionalDetails: Some(directional_details),
+            ..Default::default()
+        })
+        .write_length_delimited_to_bytes()
+        .unwrap()
+    }))
+    .take(number_of_messages);
+
+    backup_info
+        .chain(account_data)
+        .chain(self_recipient)
+        .chain(recipient_frames)
+        .chain(chat_frames)
+        .chain(message_frames)
+}
diff --git a/rust/message-backup/benches/validation.rs b/rust/message-backup/benches/validation.rs
new file mode 100644
index 000000000..b643f4a29
--- /dev/null
+++ b/rust/message-backup/benches/validation.rs
@@ -0,0 +1,443 @@
+//
+// Copyright 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+
+use criterion::{black_box, criterion_group, criterion_main, Criterion};
+use futures::io::{BufReader, Cursor};
+use futures::AsyncRead;
+use libsignal_account_keys::BackupKey;
+use libsignal_core::Aci;
+use libsignal_message_backup::backup::{CompletedBackup, PartialBackup, ValidateOnly};
+use libsignal_message_backup::frame::{
+    Aes256CbcReader, CursorFactory, FramesReader, MacReader, ReaderFactory, AES_IV_SIZE,
+    AES_KEY_SIZE,
+};
+use libsignal_message_backup::key::MessageBackupKey;
+use libsignal_message_backup::parse::VarintDelimitedReader;
+use libsignal_message_backup::BackupReader;
+use mediasan_common::AsyncSkip;
+use protobuf::Message as _;
+use sha2::Digest as _;
+
+mod generation;
+use generation::*;
+
+const DEFAULT_ACI: Aci = Aci::from_uuid_bytes([0x11; 16]);
+const DEFAULT_ACCOUNT_ENTROPY: &str =
+    "mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm";
+
+const NUMBER_OF_CONVERSATIONS: usize = 100;
+const NUMBER_OF_MESSAGES: usize = 20_000;
+
+/// An [`AsyncRead`] implementation that [yields][] for every callback.
+///
+/// Meant to be used with [`Cursor`] or similar to more closely approximate the best case of reading
+/// from a file.
+///
+/// [yields]: std::thread::yield_now
+struct YieldingReader<R>(R);
+
+/// This could be done without Unpin, but we don't need to support that right now.
+impl<R: AsyncRead + Unpin> AsyncRead for YieldingReader<R> {
+    fn poll_read(
+        self: std::pin::Pin<&mut Self>,
+        cx: &mut std::task::Context<'_>,
+        buf: &mut [u8],
+    ) -> std::task::Poll<std::io::Result<usize>> {
+        std::thread::yield_now();
+        std::pin::Pin::new(&mut self.get_mut().0).poll_read(cx, buf)
+    }
+}
+
+/// This could be done without Unpin, but we don't need to support that right now.
+impl<R: AsyncSkip + Unpin> AsyncSkip for YieldingReader<R> {
+    fn poll_skip(
+        self: std::pin::Pin<&mut Self>,
+        cx: &mut std::task::Context<'_>,
+        amount: u64,
+    ) -> std::task::Poll<std::io::Result<()>> {
+        std::thread::yield_now();
+        std::pin::Pin::new(&mut self.get_mut().0).poll_skip(cx, amount)
+    }
+
+    fn poll_stream_position(
+        self: std::pin::Pin<&mut Self>,
+        cx: &mut std::task::Context<'_>,
+    ) -> std::task::Poll<std::io::Result<u64>> {
+        // No yield for this, consider it internal state.
+        std::pin::Pin::new(&mut self.get_mut().0).poll_stream_position(cx)
+    }
+
+    fn poll_stream_len(
+        self: std::pin::Pin<&mut Self>,
+        cx: &mut std::task::Context<'_>,
+    ) -> std::task::Poll<std::io::Result<u64>> {
+        // No yield for this, consider it internal state.
+        std::pin::Pin::new(&mut self.get_mut().0).poll_stream_len(cx)
+    }
+}
+
+impl<'a, B: AsRef<[u8]> + ?Sized> ReaderFactory for YieldingReader<CursorFactory<&'a B>> {
+    type Reader = YieldingReader<Cursor<&'a B>>;
+
+    fn make_reader(&mut self) -> futures::io::Result<Self::Reader> {
+        Ok(YieldingReader(self.0.make_reader()?))
+    }
+}
+
+fn cursor_without_appended_hash(backup: &[u8]) -> Cursor<&'_ [u8]> {
+    Cursor::new(&backup[..backup.len() - sha2::Sha256::output_size()])
+}
+
+fn hmac_only(c: &mut Criterion) {
+    let backup = generate_backup(NUMBER_OF_CONVERSATIONS, NUMBER_OF_MESSAGES);
+
+    let backup_key =
+        BackupKey::derive_from_account_entropy_pool(&DEFAULT_ACCOUNT_ENTROPY.parse().unwrap());
+    let message_backup_key =
+        MessageBackupKey::derive(&backup_key, &backup_key.derive_backup_id(&DEFAULT_ACI));
+
+    fn process<R: AsyncRead + Unpin>(input: R, hmac_key: &[u8]) {
+        let reader = MacReader::new_sha256(input, hmac_key);
+        futures::executor::block_on(futures::io::copy(reader, &mut futures::io::sink()))
+            .expect("success");
+    }
+
+    c.benchmark_group("MacReader")
+        .bench_function("direct", |b| {
+            b.iter(|| {
+                process(
+                    cursor_without_appended_hash(&backup),
+                    &message_backup_key.hmac_key,
+                )
+            })
+        })
+        .bench_function("YieldingReader", |b| {
+            b.iter(|| {
+                process(
+                    YieldingReader(cursor_without_appended_hash(&backup)),
+                    &message_backup_key.hmac_key,
+                )
+            })
+        });
+}
+
+fn decrypt_only(c: &mut Criterion) {
+    let backup = generate_backup(NUMBER_OF_CONVERSATIONS, NUMBER_OF_MESSAGES);
+    let iv = &backup[..AES_IV_SIZE].try_into().unwrap();
+
+    let backup_key =
+        BackupKey::derive_from_account_entropy_pool(&DEFAULT_ACCOUNT_ENTROPY.parse().unwrap());
+    let message_backup_key =
+        MessageBackupKey::derive(&backup_key, &backup_key.derive_backup_id(&DEFAULT_ACI));
+
+    fn process<R: AsyncRead + Unpin>(
+        input: R,
+        aes_key: &[u8; AES_KEY_SIZE],
+        iv: &[u8; AES_IV_SIZE],
+    ) {
+        let reader = Aes256CbcReader::new(aes_key, iv, input);
+        futures::executor::block_on(futures::io::copy(reader, &mut futures::io::sink()))
+            .expect("success");
+    }
+
+    c.benchmark_group("Aes256CbcReader")
+        .bench_function("direct", |b| {
+            b.iter(|| {
+                process(
+                    cursor_without_appended_hash(&backup),
+                    &message_backup_key.aes_key,
+                    iv,
+                )
+            })
+        })
+        .bench_function("YieldingReader", |b| {
+            b.iter(|| {
+                process(
+                    YieldingReader(cursor_without_appended_hash(&backup)),
+                    &message_backup_key.aes_key,
+                    iv,
+                )
+            })
+        });
+}
+
+fn decrypt_and_decompress_and_hmac(c: &mut Criterion) {
+    let backup = generate_backup(NUMBER_OF_CONVERSATIONS, NUMBER_OF_MESSAGES);
+
+    let backup_key =
+        BackupKey::derive_from_account_entropy_pool(&DEFAULT_ACCOUNT_ENTROPY.parse().unwrap());
+    let message_backup_key =
+        MessageBackupKey::derive(&backup_key, &backup_key.derive_backup_id(&DEFAULT_ACI));
+
+    fn process<R: ReaderFactory>(input: R, key: &MessageBackupKey)
+    where
+        R::Reader: Unpin,
+    {
+        futures::executor::block_on(async {
+            let reader = FramesReader::new(key, input).await.expect("success");
+            futures::io::copy(reader, &mut futures::io::sink())
+                .await
+                .expect("success");
+        })
+    }
+
+    c.benchmark_group("FramesReader")
+        .bench_function("direct", |b| {
+            b.iter(|| process(CursorFactory::new(&backup), &message_backup_key))
+        })
+        .bench_function("YieldingReader", |b| {
+            b.iter(|| {
+                process(
+                    YieldingReader(CursorFactory::new(&backup)),
+                    &message_backup_key,
+                )
+            })
+        });
+}
+
+fn decrypt_and_decompress_and_hmac_and_segment(c: &mut Criterion) {
+    let backup = generate_backup(NUMBER_OF_CONVERSATIONS, NUMBER_OF_MESSAGES);
+
+    let backup_key =
+        BackupKey::derive_from_account_entropy_pool(&DEFAULT_ACCOUNT_ENTROPY.parse().unwrap());
+    let message_backup_key =
+        MessageBackupKey::derive(&backup_key, &backup_key.derive_backup_id(&DEFAULT_ACI));
+
+    fn process<R: ReaderFactory, R2: AsyncRead + Unpin>(
+        input: R,
+        key: &MessageBackupKey,
+        transform: impl FnOnce(FramesReader<R::Reader>) -> R2,
+    ) where
+        R::Reader: Unpin,
+    {
+        futures::executor::block_on(async move {
+            let reader = FramesReader::new(key, input).await.expect("success");
+            let mut stream = VarintDelimitedReader::new(transform(reader));
+            while let Some(next) = stream.read_next().await.expect("valid") {
+                black_box(next);
+            }
+        })
+    }
+
+    c.benchmark_group("FramesReader + VarintDelimitedReader")
+        .bench_function("direct", |b| {
+            b.iter(|| process(CursorFactory::new(&backup), &message_backup_key, |r| r))
+        })
+        .bench_function("direct + BufReader", |b| {
+            b.iter(|| {
+                process(
+                    CursorFactory::new(&backup),
+                    &message_backup_key,
+                    BufReader::new,
+                )
+            })
+        })
+        .bench_function("YieldingReader", |b| {
+            b.iter(|| {
+                process(
+                    YieldingReader(CursorFactory::new(&backup)),
+                    &message_backup_key,
+                    |r| r,
+                )
+            })
+        })
+        .bench_function("YieldingReader + BufReader", |b| {
+            b.iter(|| {
+                process(
+                    YieldingReader(CursorFactory::new(&backup)),
+                    &message_backup_key,
+                    BufReader::new,
+                )
+            })
+        });
+}
+
+fn decrypt_and_decompress_and_hmac_and_segment_and_parse(c: &mut Criterion) {
+    let backup = generate_backup(NUMBER_OF_CONVERSATIONS, NUMBER_OF_MESSAGES);
+
+    let backup_key =
+        BackupKey::derive_from_account_entropy_pool(&DEFAULT_ACCOUNT_ENTROPY.parse().unwrap());
+    let message_backup_key =
+        MessageBackupKey::derive(&backup_key, &backup_key.derive_backup_id(&DEFAULT_ACI));
+
+    fn process<R: ReaderFactory, R2: AsyncRead + Unpin>(
+        input: R,
+        key: &MessageBackupKey,
+        transform: impl FnOnce(FramesReader<R::Reader>) -> R2,
+    ) where
+        R::Reader: Unpin,
+    {
+        futures::executor::block_on(async move {
+            let reader = FramesReader::new(key, input).await.expect("success");
+            let mut stream = VarintDelimitedReader::new(transform(reader));
+            // Throw away the BackupInfo message.
+            _ = stream
+                .read_next()
+                .await
+                .expect("valid")
+                .expect("contains BackupInfo message");
+            while let Some(next) = stream.read_next().await.expect("valid") {
+                black_box(
+                    libsignal_message_backup::proto::backup::Frame::parse_from_bytes(&next)
+                        .expect("valid"),
+                );
+            }
+        })
+    }
+
+    c.benchmark_group("FramesReader + VarintDelimitedReader + Frame::parse")
+        .bench_function("direct", |b| {
+            b.iter(|| process(CursorFactory::new(&backup), &message_backup_key, |r| r))
+        })
+        .bench_function("direct + BufReader", |b| {
+            b.iter(|| {
+                process(
+                    CursorFactory::new(&backup),
+                    &message_backup_key,
+                    BufReader::new,
+                )
+            })
+        })
+        .bench_function("YieldingReader", |b| {
+            b.iter(|| {
+                process(
+                    YieldingReader(CursorFactory::new(&backup)),
+                    &message_backup_key,
+                    |r| r,
+                )
+            })
+        })
+        .bench_function("YieldingReader + BufReader", |b| {
+            b.iter(|| {
+                process(
+                    YieldingReader(CursorFactory::new(&backup)),
+                    &message_backup_key,
+                    BufReader::new,
+                )
+            })
+        });
+}
+
+fn decrypt_and_decompress_and_hmac_and_segment_and_parse_and_validate(c: &mut Criterion) {
+    let backup = generate_backup(NUMBER_OF_CONVERSATIONS, NUMBER_OF_MESSAGES);
+
+    let backup_key =
+        BackupKey::derive_from_account_entropy_pool(&DEFAULT_ACCOUNT_ENTROPY.parse().unwrap());
+    let message_backup_key =
+        MessageBackupKey::derive(&backup_key, &backup_key.derive_backup_id(&DEFAULT_ACI));
+
+    fn process<R: ReaderFactory, R2: AsyncRead + Unpin>(
+        input: R,
+        key: &MessageBackupKey,
+        transform: impl FnOnce(FramesReader<R::Reader>) -> R2,
+    ) where
+        R::Reader: Unpin,
+    {
+        futures::executor::block_on(async move {
+            let reader = FramesReader::new(key, input).await.expect("success");
+            let mut stream = VarintDelimitedReader::new(transform(reader));
+            let backup_info = stream
+                .read_next()
+                .await
+                .expect("valid")
+                .expect("contains BackupInfo message");
+            let mut backup = PartialBackup::<ValidateOnly>::by_parsing(
+                &backup_info,
+                libsignal_message_backup::backup::Purpose::RemoteBackup,
+                |_| (),
+            )
+            .expect("valid");
+            while let Some(next) = stream.read_next().await.expect("valid") {
+                backup.parse_and_add_frame(&next, |_| ()).expect("valid");
+            }
+            _ = CompletedBackup::try_from(backup).expect("valid");
+        })
+    }
+
+    c.benchmark_group("FramesReader + VarintDelimitedReader + PartialBackup")
+        .bench_function("direct", |b| {
+            b.iter(|| process(CursorFactory::new(&backup), &message_backup_key, |r| r))
+        })
+        .bench_function("direct + BufReader", |b| {
+            b.iter(|| {
+                process(
+                    CursorFactory::new(&backup),
+                    &message_backup_key,
+                    BufReader::new,
+                )
+            })
+        })
+        .bench_function("YieldingReader", |b| {
+            b.iter(|| {
+                process(
+                    YieldingReader(CursorFactory::new(&backup)),
+                    &message_backup_key,
+                    |r| r,
+                )
+            })
+        })
+        .bench_function("YieldingReader + BufReader", |b| {
+            b.iter(|| {
+                process(
+                    YieldingReader(CursorFactory::new(&backup)),
+                    &message_backup_key,
+                    BufReader::new,
+                )
+            })
+        });
+}
+
+fn validate_using_full_backup_reader(c: &mut Criterion) {
+    let backup = generate_backup(NUMBER_OF_CONVERSATIONS, NUMBER_OF_MESSAGES);
+
+    let backup_key =
+        BackupKey::derive_from_account_entropy_pool(&DEFAULT_ACCOUNT_ENTROPY.parse().unwrap());
+    let message_backup_key =
+        MessageBackupKey::derive(&backup_key, &backup_key.derive_backup_id(&DEFAULT_ACI));
+
+    fn process<R: ReaderFactory>(input: R, key: &MessageBackupKey)
+    where
+        R::Reader: Unpin,
+    {
+        futures::executor::block_on(async {
+            BackupReader::new_encrypted_compressed(
+                key,
+                input,
+                libsignal_message_backup::backup::Purpose::RemoteBackup,
+            )
+            .await
+            .expect("valid")
+            .validate_all()
+            .await
+            .result
+            .expect("valid");
+        })
+    }
+
+    c.benchmark_group("BackupReader")
+        .bench_function("direct", |b| {
+            b.iter(|| process(CursorFactory::new(&backup), &message_backup_key))
+        })
+        .bench_function("YieldingReader", |b| {
+            b.iter(|| {
+                process(
+                    YieldingReader(CursorFactory::new(&backup)),
+                    &message_backup_key,
+                )
+            })
+        });
+}
+
+criterion_group!(
+    validation,
+    hmac_only,
+    decrypt_only,
+    decrypt_and_decompress_and_hmac,
+    decrypt_and_decompress_and_hmac_and_segment,
+    decrypt_and_decompress_and_hmac_and_segment_and_parse,
+    decrypt_and_decompress_and_hmac_and_segment_and_parse_and_validate,
+    validate_using_full_backup_reader,
+);
+criterion_main!(validation);
diff --git a/rust/message-backup/examples/encrypt_backup.rs b/rust/message-backup/examples/encrypt_backup.rs
index fb3659143..a4aa0321b 100644
--- a/rust/message-backup/examples/encrypt_backup.rs
+++ b/rust/message-backup/examples/encrypt_backup.rs
@@ -7,22 +7,17 @@ use std::fmt::Display;
 use std::io::{stdout, Read as _, Write};
 use std::str::FromStr as _;
 
-use aes::cipher::block_padding::Pkcs7;
 use aes::cipher::crypto_common::rand_core::{OsRng, RngCore};
-use aes::cipher::{BlockEncryptMut, KeyIvInit};
-use aes::Aes256;
-use async_compression::futures::bufread::GzipEncoder;
 use clap::builder::TypedValueParser;
 use clap::{ArgAction, Parser};
 use clap_stdin::FileOrStdin;
-use futures::io::Cursor;
-use futures::AsyncReadExt;
-use hmac::Mac;
 use libsignal_account_keys::{AccountEntropyPool, BackupKey};
 use libsignal_core::Aci;
 use libsignal_message_backup::args::{parse_aci, parse_hex_bytes};
+use libsignal_message_backup::export::{
+    aes_cbc_encrypt, gzip_compress, hmac_checksum, pad_gzipped_bucketed,
+};
 use libsignal_message_backup::key::MessageBackupKey;
-use sha2::Sha256;
 
 const DEFAULT_ACI: Aci = Aci::from_uuid_bytes([0x11; 16]);
 const DEFAULT_ACCOUNT_ENTROPY: &str =
@@ -97,7 +92,7 @@ fn main() {
     let contents = read_file(filename);
     eprintln!("read {} bytes", contents.len());
 
-    let mut compressed_contents = gzip_compress(contents);
+    let mut compressed_contents = gzip_compress(futures::io::Cursor::new(contents));
     eprintln!("compressed to {} bytes", compressed_contents.len());
 
     if pad_bucketed {
@@ -109,11 +104,11 @@ fn main() {
 
     write_bytes("IV", iv);
 
-    let encrypted_contents = aes_cbc_encrypt(aes_key, &iv, compressed_contents);
-    eprintln!("encrypted to {} bytes", encrypted_contents.len());
+    aes_cbc_encrypt(aes_key, &iv, &mut compressed_contents);
+    eprintln!("encrypted to {} bytes", compressed_contents.len());
 
-    let hmac = hmac_checksum(hmac_key, &iv, &encrypted_contents);
-    write_bytes("encrypted", encrypted_contents);
+    let hmac = hmac_checksum(hmac_key, &iv, &compressed_contents);
+    write_bytes("encrypted", compressed_contents);
 
     write_bytes("HMAC", hmac);
 }
@@ -129,41 +124,6 @@ fn read_file(filename: FileOrStdin) -> Vec<u8> {
     contents
 }
 
-fn aes_cbc_encrypt(aes_key: &[u8; 32], iv: &[u8; 16], compressed_contents: Vec<u8>) -> Vec<u8> {
-    let encryptor = cbc::Encryptor::<Aes256>::new(aes_key.into(), iv.into());
-
-    encryptor.encrypt_padded_vec_mut::<Pkcs7>(&compressed_contents)
-}
-fn hmac_checksum(hmac_key: &[u8; 32], iv: &[u8], encrypted_contents: &[u8]) -> [u8; 32] {
-    let mut hmac = hmac::Hmac::<Sha256>::new_from_slice(hmac_key).expect("correct key size");
-    hmac.update(iv);
-    hmac.update(encrypted_contents);
-    hmac.finalize().into_bytes().into()
-}
-
-fn gzip_compress(contents: Vec<u8>) -> Vec<u8> {
-    let mut compressed_contents = Vec::new();
-    futures::executor::block_on(
-        GzipEncoder::new(Cursor::new(contents)).read_to_end(&mut compressed_contents),
-    )
-    .expect("failed to compress");
-
-    compressed_contents
-}
-
-fn pad_gzipped_bucketed(out: &mut Vec<u8>) {
-    const BASE: f64 = 1.05;
-    let len = u32::try_from(out.len()).expect("backup < 4GB");
-
-    #[allow(clippy::cast_possible_truncation)]
-    let padded_len = {
-        let exp = f64::log(len.into(), BASE).ceil();
-        u32::max(541, BASE.powf(exp).floor() as u32)
-    };
-
-    out.resize(padded_len.try_into().unwrap(), 0);
-}
-
 fn write_bytes(label: &'static str, bytes: impl AsRef<[u8]>) {
     let bytes = bytes.as_ref();
     stdout().write_all(bytes).expect("failed to write");
diff --git a/rust/message-backup/src/export.rs b/rust/message-backup/src/export.rs
new file mode 100644
index 000000000..cfd4f42b0
--- /dev/null
+++ b/rust/message-backup/src/export.rs
@@ -0,0 +1,61 @@
+//
+// Copyright (C) 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+
+//! Utilities for exporting backups.
+//!
+//! See `encrypt_backup` or `generation/mod.rs` for how they fit together.
+
+use aes::cipher::{BlockEncryptMut as _, BlockSizeUser as _, KeyIvInit as _};
+use async_compression::futures::bufread::GzipEncoder;
+use futures::{AsyncBufRead, AsyncReadExt as _};
+use hmac::Mac as _;
+use sha2::Sha256;
+
+use crate::frame::{AES_IV_SIZE, AES_KEY_SIZE};
+
+pub fn gzip_compress<R: AsyncBufRead + Unpin>(contents: R) -> Vec<u8> {
+    let mut compressed_contents = Vec::new();
+    futures::executor::block_on(GzipEncoder::new(contents).read_to_end(&mut compressed_contents))
+        .expect("failed to compress");
+
+    compressed_contents
+}
+
+pub fn pad_gzipped_bucketed(out: &mut Vec<u8>) {
+    let len = u32::try_from(out.len()).expect("backup < 4GB");
+    out.resize(
+        crate::padded_length(len).try_into().expect("usize >= u32"),
+        0,
+    );
+}
+
+/// Encrypts `contents` in-place.
+pub fn aes_cbc_encrypt(
+    aes_key: &[u8; AES_KEY_SIZE],
+    iv: &[u8; AES_IV_SIZE],
+    contents: &mut Vec<u8>,
+) {
+    let len_to_encrypt = contents.len();
+    // Leave room for Pkcs7 padding.
+    contents.resize(len_to_encrypt + aes::Aes256::block_size(), 0);
+    let encryptor = cbc::Encryptor::<aes::Aes256>::new(aes_key.into(), iv.into());
+    let len_encrypted = encryptor
+        .encrypt_padded_mut::<aes::cipher::block_padding::Pkcs7>(&mut *contents, len_to_encrypt)
+        .expect("provided enough room for padding")
+        .len();
+    contents.truncate(len_encrypted);
+}
+
+pub fn hmac_checksum(
+    hmac_key: &[u8; 32],
+    iv: &[u8; AES_IV_SIZE],
+    encrypted_contents: &[u8],
+) -> [u8; 32] {
+    let mut hmac =
+        hmac::Hmac::<Sha256>::new_from_slice(hmac_key.as_slice()).expect("correct key size");
+    hmac.update(iv);
+    hmac.update(encrypted_contents);
+    hmac.finalize().into_bytes().into()
+}
diff --git a/rust/message-backup/src/frame.rs b/rust/message-backup/src/frame.rs
index ffb8790a8..d693e80d9 100644
--- a/rust/message-backup/src/frame.rs
+++ b/rust/message-backup/src/frame.rs
@@ -16,8 +16,6 @@ use mediasan_common::{AsyncSkip, AsyncSkipExt as _};
 use sha2::Sha256;
 use subtle::ConstantTimeEq as _;
 
-use crate::frame::aes_read::{Aes256CbcReader, AES_IV_SIZE};
-use crate::frame::mac_read::MacReader;
 use crate::key::MessageBackupKey;
 
 mod aes_read;
@@ -27,6 +25,12 @@ mod mac_read;
 mod reader_factory;
 mod unpad;
 
+#[cfg(feature = "test-util")]
+pub use aes_read::AES_KEY_SIZE;
+#[cfg_attr(feature = "test-util", visibility::make(pub))]
+use aes_read::{Aes256CbcReader, AES_IV_SIZE};
+#[cfg_attr(feature = "test-util", visibility::make(pub))]
+use mac_read::MacReader;
 pub use reader_factory::{CursorFactory, FileReaderFactory, LimitedReaderFactory, ReaderFactory};
 
 const HMAC_LEN: usize = <<Hmac<Sha256> as OutputSizeUser>::OutputSize as Unsigned>::USIZE;
@@ -138,7 +142,7 @@ impl<R: AsyncRead + Unpin> AsyncRead for FramesReader<R> {
 }
 
 impl<R> MacReader<R, Hmac<Sha256>> {
-    fn new_sha256(reader: R, hmac_key: &[u8]) -> Self {
+    pub fn new_sha256(reader: R, hmac_key: &[u8]) -> Self {
         Self::new(
             reader,
             Hmac::<Sha256>::new_from_slice(hmac_key)
diff --git a/rust/message-backup/src/frame/aes_read.rs b/rust/message-backup/src/frame/aes_read.rs
index a54c0a35c..a145f899f 100644
--- a/rust/message-backup/src/frame/aes_read.rs
+++ b/rust/message-backup/src/frame/aes_read.rs
@@ -19,9 +19,8 @@ use crate::frame::cbc::CbcStreamDecryptor;
 use crate::frame::unpad::UnpadLast;
 
 const AES_BLOCK_SIZE: usize = <<Aes256 as BlockSizeUser>::BlockSize as Unsigned>::USIZE;
-const AES_KEY_SIZE: usize = <<Aes256 as KeySizeUser>::KeySize as Unsigned>::USIZE;
-pub(super) const AES_IV_SIZE: usize =
-    <<cbc::Decryptor<Aes256> as IvSizeUser>::IvSize as Unsigned>::USIZE;
+pub const AES_KEY_SIZE: usize = <<Aes256 as KeySizeUser>::KeySize as Unsigned>::USIZE;
+pub const AES_IV_SIZE: usize = <<cbc::Decryptor<Aes256> as IvSizeUser>::IvSize as Unsigned>::USIZE;
 
 /// Decrypting implementation of [`futures::io::AsyncRead`].
 ///
@@ -30,7 +29,7 @@ pub(super) const AES_IV_SIZE: usize =
 ///
 /// This exists as a named type to allow it to be held as a field in other types.
 #[derive(Debug)]
-pub(crate) struct Aes256CbcReader<R: AsyncRead + Unpin> {
+pub struct Aes256CbcReader<R: AsyncRead + Unpin> {
     /// Reader for the bytes being produced.
     ///
     /// Bytes are pulled from the wrapped `R` reader, chunked into blocks which
@@ -45,7 +44,7 @@ pub(crate) struct Aes256CbcReader<R: AsyncRead + Unpin> {
 }
 
 impl<R: AsyncRead + Unpin> Aes256CbcReader<R> {
-    pub(crate) fn new(key: &[u8; AES_KEY_SIZE], iv: &[u8; AES_IV_SIZE], reader: R) -> Self {
+    pub fn new(key: &[u8; AES_KEY_SIZE], iv: &[u8; AES_IV_SIZE], reader: R) -> Self {
         let rc_reader = Rc::new(RefCell::new(reader));
         let reader = RcReader(rc_reader.clone());
         let stream: BlockStream<_> = ExactReadBlockStream::from_reader(reader).map_ok(Into::into);
@@ -63,7 +62,7 @@ impl<R: AsyncRead + Unpin> Aes256CbcReader<R> {
     /// If this reader is exhaused (a call to [`AsyncRead::poll_read`] returned
     /// `Poll::Ready(Ok(0))`), then the returned reader is also exhausted.
     /// Otherwise no guarantees are made about the returned value.
-    pub(crate) fn into_inner(self) -> R {
+    pub fn into_inner(self) -> R {
         let Self { reader, inner } = self;
         drop(reader);
 
diff --git a/rust/message-backup/src/frame/mac_read.rs b/rust/message-backup/src/frame/mac_read.rs
index 466c5ab8d..86707a4a4 100644
--- a/rust/message-backup/src/frame/mac_read.rs
+++ b/rust/message-backup/src/frame/mac_read.rs
@@ -11,17 +11,17 @@ use hmac::Mac;
 
 /// [`AsyncRead`]er that computes an HMAC of the produced contents.
 #[derive(Clone, Debug)]
-pub(crate) struct MacReader<R, M> {
+pub struct MacReader<R, M> {
     reader: R,
     mac: M,
 }
 
 impl<R, M> MacReader<R, M> {
-    pub(crate) fn new(reader: R, mac: M) -> Self {
+    pub fn new(reader: R, mac: M) -> Self {
         Self { reader, mac }
     }
 
-    pub(crate) fn finalize(self) -> GenericArray<u8, M::OutputSize>
+    pub fn finalize(self) -> GenericArray<u8, M::OutputSize>
     where
         M: Mac,
     {
diff --git a/rust/message-backup/src/lib.rs b/rust/message-backup/src/lib.rs
index d8976c2bd..f41f78cbb 100644
--- a/rust/message-backup/src/lib.rs
+++ b/rust/message-backup/src/lib.rs
@@ -29,8 +29,15 @@ pub mod key;
 pub mod parse;
 pub mod unknown;
 
+// visibility::make isn't supported for modules, so we have to write it twice instead.
+#[cfg(feature = "test-util")]
+pub mod proto;
+#[cfg(not(feature = "test-util"))]
 pub(crate) mod proto;
 
+#[cfg(feature = "test-util")]
+pub mod export;
+
 pub struct BackupReader<R> {
     purpose: Purpose,
     reader: VarintDelimitedReader<R>,
@@ -346,3 +353,14 @@ impl From<VerifyHmacError> for Error {
         }
     }
 }
+
+/// Rounds `content_length` up to obscure the exact size of a backup.
+pub fn padded_length(content_length: u32) -> u32 {
+    const BASE: f64 = 1.05;
+    let exp = f64::log(content_length.into(), BASE).ceil();
+
+    #[allow(clippy::cast_possible_truncation)]
+    {
+        u32::max(541, BASE.powf(exp).floor() as u32)
+    }
+}
diff --git a/rust/message-backup/src/parse.rs b/rust/message-backup/src/parse.rs
index 1ea8eaf75..0d0044ffa 100644
--- a/rust/message-backup/src/parse.rs
+++ b/rust/message-backup/src/parse.rs
@@ -18,20 +18,21 @@ pub enum ParseError {
 
 const VARINT_MAX_LENGTH: usize = 10;
 
+#[cfg_attr(feature = "test-util", visibility::make(pub))]
 pub(crate) struct VarintDelimitedReader<R> {
     reader: R,
     buffer: ArrayVec<u8, VARINT_MAX_LENGTH>,
 }
 
 impl<R: AsyncRead + Unpin> VarintDelimitedReader<R> {
-    pub(crate) fn new(reader: R) -> Self {
+    pub fn new(reader: R) -> Self {
         Self {
             reader,
             buffer: ArrayVec::new(),
         }
     }
 
-    pub(crate) async fn read_next(&mut self) -> Result<Option<Box<[u8]>>, ParseError> {
+    pub async fn read_next(&mut self) -> Result<Option<Box<[u8]>>, ParseError> {
         let length = match self.read_next_varint().await? {
             None => return Ok(None),
             Some(length) => length,
@@ -55,7 +56,7 @@ impl<R: AsyncRead + Unpin> VarintDelimitedReader<R> {
     }
 
     /// Consumes self, returning the inner [`AsyncRead`]er.
-    pub(crate) fn into_inner(self) -> R {
+    pub fn into_inner(self) -> R {
         self.reader
     }
 
diff --git a/rust/net/infra/Cargo.toml b/rust/net/infra/Cargo.toml
index 5b6c15a0d..ec6acbc76 100644
--- a/rust/net/infra/Cargo.toml
+++ b/rust/net/infra/Cargo.toml
@@ -50,7 +50,7 @@ tokio-tungstenite = "0.23.0"
 tokio-util = "0.7.9"
 tungstenite = { version = "0.23.0", features = ["url"] }
 url = "2.4.1"
-visibility = "0.1.1"
+visibility = { workspace = true }
 warp = { version = "0.3.6", features = ["tls"], optional = true }
 
 [dev-dependencies]

From 286243f8dec3e972dbf306339ed0222441c4aacb Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Wed, 20 Nov 2024 15:28:44 -0800
Subject: [PATCH 24/57] backup: Run the validation benchmarks on multiple sizes
 of backup

---
 rust/message-backup/benches/validation.rs | 167 +++++++++++-----------
 1 file changed, 87 insertions(+), 80 deletions(-)

diff --git a/rust/message-backup/benches/validation.rs b/rust/message-backup/benches/validation.rs
index b643f4a29..fdf103872 100644
--- a/rust/message-backup/benches/validation.rs
+++ b/rust/message-backup/benches/validation.rs
@@ -3,7 +3,7 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 
-use criterion::{black_box, criterion_group, criterion_main, Criterion};
+use criterion::{black_box, criterion_group, criterion_main, BenchmarkId, Criterion};
 use futures::io::{BufReader, Cursor};
 use futures::AsyncRead;
 use libsignal_account_keys::BackupKey;
@@ -27,9 +27,6 @@ const DEFAULT_ACI: Aci = Aci::from_uuid_bytes([0x11; 16]);
 const DEFAULT_ACCOUNT_ENTROPY: &str =
     "mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm";
 
-const NUMBER_OF_CONVERSATIONS: usize = 100;
-const NUMBER_OF_MESSAGES: usize = 20_000;
-
 /// An [`AsyncRead`] implementation that [yields][] for every callback.
 ///
 /// Meant to be used with [`Cursor`] or similar to more closely approximate the best case of reading
@@ -90,9 +87,15 @@ fn cursor_without_appended_hash(backup: &[u8]) -> Cursor<&'_ [u8]> {
     Cursor::new(&backup[..backup.len() - sha2::Sha256::output_size()])
 }
 
-fn hmac_only(c: &mut Criterion) {
-    let backup = generate_backup(NUMBER_OF_CONVERSATIONS, NUMBER_OF_MESSAGES);
+fn benchmark_multiple_backup_sizes(mut body: impl FnMut(usize, &[u8])) {
+    const MESSAGES_PER_CONVERSATION: usize = 200;
+    for size in [30, 100, 300] {
+        let backup = generate_backup(size, MESSAGES_PER_CONVERSATION * size);
+        body(size, &backup);
+    }
+}
 
+fn hmac_only(c: &mut Criterion) {
     let backup_key =
         BackupKey::derive_from_account_entropy_pool(&DEFAULT_ACCOUNT_ENTROPY.parse().unwrap());
     let message_backup_key =
@@ -104,29 +107,29 @@ fn hmac_only(c: &mut Criterion) {
             .expect("success");
     }
 
-    c.benchmark_group("MacReader")
-        .bench_function("direct", |b| {
+    let mut group = c.benchmark_group("MacReader");
+    benchmark_multiple_backup_sizes(|size, backup| {
+        group.bench_function(BenchmarkId::new("direct", size), |b| {
             b.iter(|| {
                 process(
-                    cursor_without_appended_hash(&backup),
+                    cursor_without_appended_hash(backup),
                     &message_backup_key.hmac_key,
                 )
             })
-        })
-        .bench_function("YieldingReader", |b| {
+        });
+
+        group.bench_function(BenchmarkId::new("YieldingReader", size), |b| {
             b.iter(|| {
                 process(
-                    YieldingReader(cursor_without_appended_hash(&backup)),
+                    YieldingReader(cursor_without_appended_hash(backup)),
                     &message_backup_key.hmac_key,
                 )
             })
         });
+    });
 }
 
 fn decrypt_only(c: &mut Criterion) {
-    let backup = generate_backup(NUMBER_OF_CONVERSATIONS, NUMBER_OF_MESSAGES);
-    let iv = &backup[..AES_IV_SIZE].try_into().unwrap();
-
     let backup_key =
         BackupKey::derive_from_account_entropy_pool(&DEFAULT_ACCOUNT_ENTROPY.parse().unwrap());
     let message_backup_key =
@@ -142,30 +145,32 @@ fn decrypt_only(c: &mut Criterion) {
             .expect("success");
     }
 
-    c.benchmark_group("Aes256CbcReader")
-        .bench_function("direct", |b| {
+    let mut group = c.benchmark_group("Aes256CbcReader");
+    benchmark_multiple_backup_sizes(|size, backup| {
+        let iv = backup[..AES_IV_SIZE].try_into().unwrap();
+
+        group.bench_function(BenchmarkId::new("direct", size), |b| {
             b.iter(|| {
                 process(
-                    cursor_without_appended_hash(&backup),
+                    cursor_without_appended_hash(backup),
                     &message_backup_key.aes_key,
-                    iv,
+                    &iv,
                 )
             })
-        })
-        .bench_function("YieldingReader", |b| {
+        });
+        group.bench_function(BenchmarkId::new("YieldingReader", size), |b| {
             b.iter(|| {
                 process(
-                    YieldingReader(cursor_without_appended_hash(&backup)),
+                    YieldingReader(cursor_without_appended_hash(backup)),
                     &message_backup_key.aes_key,
-                    iv,
+                    &iv,
                 )
             })
         });
+    });
 }
 
 fn decrypt_and_decompress_and_hmac(c: &mut Criterion) {
-    let backup = generate_backup(NUMBER_OF_CONVERSATIONS, NUMBER_OF_MESSAGES);
-
     let backup_key =
         BackupKey::derive_from_account_entropy_pool(&DEFAULT_ACCOUNT_ENTROPY.parse().unwrap());
     let message_backup_key =
@@ -183,11 +188,12 @@ fn decrypt_and_decompress_and_hmac(c: &mut Criterion) {
         })
     }
 
-    c.benchmark_group("FramesReader")
-        .bench_function("direct", |b| {
-            b.iter(|| process(CursorFactory::new(&backup), &message_backup_key))
-        })
-        .bench_function("YieldingReader", |b| {
+    let mut group = c.benchmark_group("FramesReader");
+    benchmark_multiple_backup_sizes(|size, backup| {
+        group.bench_function(BenchmarkId::new("direct", size), |b| {
+            b.iter(|| process(CursorFactory::new(backup), &message_backup_key))
+        });
+        group.bench_function(BenchmarkId::new("YieldingReader", size), |b| {
             b.iter(|| {
                 process(
                     YieldingReader(CursorFactory::new(&backup)),
@@ -195,11 +201,10 @@ fn decrypt_and_decompress_and_hmac(c: &mut Criterion) {
                 )
             })
         });
+    });
 }
 
 fn decrypt_and_decompress_and_hmac_and_segment(c: &mut Criterion) {
-    let backup = generate_backup(NUMBER_OF_CONVERSATIONS, NUMBER_OF_MESSAGES);
-
     let backup_key =
         BackupKey::derive_from_account_entropy_pool(&DEFAULT_ACCOUNT_ENTROPY.parse().unwrap());
     let message_backup_key =
@@ -221,42 +226,42 @@ fn decrypt_and_decompress_and_hmac_and_segment(c: &mut Criterion) {
         })
     }
 
-    c.benchmark_group("FramesReader + VarintDelimitedReader")
-        .bench_function("direct", |b| {
-            b.iter(|| process(CursorFactory::new(&backup), &message_backup_key, |r| r))
-        })
-        .bench_function("direct + BufReader", |b| {
+    let mut group = c.benchmark_group("FramesReader + VarintDelimitedReader");
+    benchmark_multiple_backup_sizes(|size, backup| {
+        group.bench_function(BenchmarkId::new("direct", size), |b| {
+            b.iter(|| process(CursorFactory::new(backup), &message_backup_key, |r| r))
+        });
+        group.bench_function(BenchmarkId::new("direct + BufReader", size), |b| {
             b.iter(|| {
                 process(
-                    CursorFactory::new(&backup),
+                    CursorFactory::new(backup),
                     &message_backup_key,
                     BufReader::new,
                 )
             })
-        })
-        .bench_function("YieldingReader", |b| {
+        });
+        group.bench_function(BenchmarkId::new("YieldingReader", size), |b| {
             b.iter(|| {
                 process(
-                    YieldingReader(CursorFactory::new(&backup)),
+                    YieldingReader(CursorFactory::new(backup)),
                     &message_backup_key,
                     |r| r,
                 )
             })
-        })
-        .bench_function("YieldingReader + BufReader", |b| {
+        });
+        group.bench_function(BenchmarkId::new("YieldingReader + BufReader", size), |b| {
             b.iter(|| {
                 process(
-                    YieldingReader(CursorFactory::new(&backup)),
+                    YieldingReader(CursorFactory::new(backup)),
                     &message_backup_key,
                     BufReader::new,
                 )
             })
         });
+    });
 }
 
 fn decrypt_and_decompress_and_hmac_and_segment_and_parse(c: &mut Criterion) {
-    let backup = generate_backup(NUMBER_OF_CONVERSATIONS, NUMBER_OF_MESSAGES);
-
     let backup_key =
         BackupKey::derive_from_account_entropy_pool(&DEFAULT_ACCOUNT_ENTROPY.parse().unwrap());
     let message_backup_key =
@@ -287,42 +292,42 @@ fn decrypt_and_decompress_and_hmac_and_segment_and_parse(c: &mut Criterion) {
         })
     }
 
-    c.benchmark_group("FramesReader + VarintDelimitedReader + Frame::parse")
-        .bench_function("direct", |b| {
-            b.iter(|| process(CursorFactory::new(&backup), &message_backup_key, |r| r))
-        })
-        .bench_function("direct + BufReader", |b| {
+    let mut group = c.benchmark_group("FramesReader + VarintDelimitedReader + Frame::parse");
+    benchmark_multiple_backup_sizes(|size, backup| {
+        group.bench_function(BenchmarkId::new("direct", size), |b| {
+            b.iter(|| process(CursorFactory::new(backup), &message_backup_key, |r| r))
+        });
+        group.bench_function(BenchmarkId::new("direct + BufReader", size), |b| {
             b.iter(|| {
                 process(
-                    CursorFactory::new(&backup),
+                    CursorFactory::new(backup),
                     &message_backup_key,
                     BufReader::new,
                 )
             })
-        })
-        .bench_function("YieldingReader", |b| {
+        });
+        group.bench_function(BenchmarkId::new("YieldingReader", size), |b| {
             b.iter(|| {
                 process(
-                    YieldingReader(CursorFactory::new(&backup)),
+                    YieldingReader(CursorFactory::new(backup)),
                     &message_backup_key,
                     |r| r,
                 )
             })
-        })
-        .bench_function("YieldingReader + BufReader", |b| {
+        });
+        group.bench_function(BenchmarkId::new("YieldingReader + BufReader", size), |b| {
             b.iter(|| {
                 process(
-                    YieldingReader(CursorFactory::new(&backup)),
+                    YieldingReader(CursorFactory::new(backup)),
                     &message_backup_key,
                     BufReader::new,
                 )
             })
         });
+    });
 }
 
 fn decrypt_and_decompress_and_hmac_and_segment_and_parse_and_validate(c: &mut Criterion) {
-    let backup = generate_backup(NUMBER_OF_CONVERSATIONS, NUMBER_OF_MESSAGES);
-
     let backup_key =
         BackupKey::derive_from_account_entropy_pool(&DEFAULT_ACCOUNT_ENTROPY.parse().unwrap());
     let message_backup_key =
@@ -356,42 +361,42 @@ fn decrypt_and_decompress_and_hmac_and_segment_and_parse_and_validate(c: &mut Cr
         })
     }
 
-    c.benchmark_group("FramesReader + VarintDelimitedReader + PartialBackup")
-        .bench_function("direct", |b| {
-            b.iter(|| process(CursorFactory::new(&backup), &message_backup_key, |r| r))
-        })
-        .bench_function("direct + BufReader", |b| {
+    let mut group = c.benchmark_group("FramesReader + VarintDelimitedReader + PartialBackup");
+    benchmark_multiple_backup_sizes(|size, backup| {
+        group.bench_function(BenchmarkId::new("direct", size), |b| {
+            b.iter(|| process(CursorFactory::new(backup), &message_backup_key, |r| r))
+        });
+        group.bench_function(BenchmarkId::new("direct + BufReader", size), |b| {
             b.iter(|| {
                 process(
-                    CursorFactory::new(&backup),
+                    CursorFactory::new(backup),
                     &message_backup_key,
                     BufReader::new,
                 )
             })
-        })
-        .bench_function("YieldingReader", |b| {
+        });
+        group.bench_function(BenchmarkId::new("YieldingReader", size), |b| {
             b.iter(|| {
                 process(
-                    YieldingReader(CursorFactory::new(&backup)),
+                    YieldingReader(CursorFactory::new(backup)),
                     &message_backup_key,
                     |r| r,
                 )
             })
-        })
-        .bench_function("YieldingReader + BufReader", |b| {
+        });
+        group.bench_function(BenchmarkId::new("YieldingReader + BufReader", size), |b| {
             b.iter(|| {
                 process(
-                    YieldingReader(CursorFactory::new(&backup)),
+                    YieldingReader(CursorFactory::new(backup)),
                     &message_backup_key,
                     BufReader::new,
                 )
             })
         });
+    });
 }
 
 fn validate_using_full_backup_reader(c: &mut Criterion) {
-    let backup = generate_backup(NUMBER_OF_CONVERSATIONS, NUMBER_OF_MESSAGES);
-
     let backup_key =
         BackupKey::derive_from_account_entropy_pool(&DEFAULT_ACCOUNT_ENTROPY.parse().unwrap());
     let message_backup_key =
@@ -416,18 +421,20 @@ fn validate_using_full_backup_reader(c: &mut Criterion) {
         })
     }
 
-    c.benchmark_group("BackupReader")
-        .bench_function("direct", |b| {
-            b.iter(|| process(CursorFactory::new(&backup), &message_backup_key))
-        })
-        .bench_function("YieldingReader", |b| {
+    let mut group = c.benchmark_group("BackupReader");
+    benchmark_multiple_backup_sizes(|size, backup| {
+        group.bench_function(BenchmarkId::new("direct", size), |b| {
+            b.iter(|| process(CursorFactory::new(backup), &message_backup_key))
+        });
+        group.bench_function(BenchmarkId::new("YieldingReader", size), |b| {
             b.iter(|| {
                 process(
-                    YieldingReader(CursorFactory::new(&backup)),
+                    YieldingReader(CursorFactory::new(backup)),
                     &message_backup_key,
                 )
             })
         });
+    });
 }
 
 criterion_group!(

From 9a7813c405a1c29809eae4b837171ba7ad7762fa Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Wed, 20 Nov 2024 16:45:51 -0800
Subject: [PATCH 25/57] backup: Add benchmarks for online validation

---
 rust/message-backup/benches/generation/mod.rs | 132 +++++++++---------
 rust/message-backup/benches/validation.rs     |  49 ++++++-
 2 files changed, 113 insertions(+), 68 deletions(-)

diff --git a/rust/message-backup/benches/generation/mod.rs b/rust/message-backup/benches/generation/mod.rs
index 2975c03e5..e46b5c152 100644
--- a/rust/message-backup/benches/generation/mod.rs
+++ b/rust/message-backup/benches/generation/mod.rs
@@ -35,9 +35,7 @@ pub fn generate_backup(number_of_conversations: usize, number_of_messages: usize
         iv
     };
 
-    let uncompressed = generate_backup_frames(number_of_conversations, number_of_messages)
-        .map(Ok)
-        .into_async_read();
+    let uncompressed = generate_backup_contents(number_of_conversations, number_of_messages);
 
     let mut compressed_contents = gzip_compress(futures::io::BufReader::new(uncompressed));
     pad_gzipped_bucketed(&mut compressed_contents);
@@ -49,10 +47,46 @@ pub fn generate_backup(number_of_conversations: usize, number_of_messages: usize
     compressed_contents
 }
 
-fn generate_backup_frames(
+fn generate_backup_contents(
+    number_of_conversations: usize,
+    number_of_messages: usize,
+) -> impl futures::AsyncRead {
+    let backup_info = futures::stream::once(std::future::ready(
+        generate_backup_info()
+            .write_length_delimited_to_bytes()
+            .unwrap(),
+    ));
+
+    backup_info
+        .chain(futures::stream::iter(
+            generate_frames(number_of_conversations, number_of_messages)
+                .map(|frame| frame.write_length_delimited_to_bytes().unwrap()),
+        ))
+        .map(Ok)
+        .into_async_read()
+}
+
+pub fn generate_backup_info() -> proto::BackupInfo {
+    proto::BackupInfo {
+        version: 1,
+        backupTimeMs: SystemTime::now()
+            .duration_since(SystemTime::UNIX_EPOCH)
+            .unwrap()
+            .as_millis()
+            .try_into()
+            .unwrap(),
+        mediaRootBackupKey: vec![0; 32],
+        ..Default::default()
+    }
+}
+
+pub fn generate_frames(
     number_of_conversations: usize,
     number_of_messages: usize,
-) -> impl futures::Stream<Item = Vec<u8>> {
+) -> impl Iterator<Item = proto::Frame> {
+    let number_of_conversations = u64::try_from(number_of_conversations).unwrap();
+    let number_of_messages = u64::try_from(number_of_messages).unwrap();
+
     fn frame(item: impl Into<proto::frame::Item>) -> proto::Frame {
         proto::Frame {
             item: Some(item.into()),
@@ -60,57 +94,32 @@ fn generate_backup_frames(
         }
     }
 
-    let backup_info = futures::stream::once(std::future::ready(
-        proto::BackupInfo {
-            version: 1,
-            backupTimeMs: SystemTime::now()
-                .duration_since(SystemTime::UNIX_EPOCH)
-                .unwrap()
-                .as_millis()
-                .try_into()
-                .unwrap(),
-            mediaRootBackupKey: vec![0; 32],
-            ..Default::default()
-        }
-        .write_length_delimited_to_bytes()
-        .unwrap(),
-    ));
-
     // Based on Desktop's similar test defaults,
     // https://github.com/signalapp/Signal-Desktop/blob/0bc6368c642a7ddf2456e994db1016034380f72d/ts/test-both/helpers/generateBackup.ts#L105
-    let account_data = futures::stream::once(std::future::ready(
-        frame(proto::AccountData {
-            profileKey: vec![1; 32],
-            givenName: "Backup".into(),
-            familyName: "Benchmark".into(),
-            accountSettings: Some(proto::account_data::AccountSettings {
-                displayBadgesOnProfile: true,
-                hasSetMyStoriesPrivacy: true,
-                hasSeenGroupStoryEducationSheet: true,
-                hasCompletedUsernameOnboarding: true,
-                phoneNumberSharingMode: proto::account_data::PhoneNumberSharingMode::EVERYBODY
-                    .into(),
-                ..Default::default()
-            })
-            .into(),
+    let account_data = frame(proto::AccountData {
+        profileKey: vec![1; 32],
+        givenName: "Backup".into(),
+        familyName: "Benchmark".into(),
+        accountSettings: Some(proto::account_data::AccountSettings {
+            displayBadgesOnProfile: true,
+            hasSetMyStoriesPrivacy: true,
+            hasSeenGroupStoryEducationSheet: true,
+            hasCompletedUsernameOnboarding: true,
+            phoneNumberSharingMode: proto::account_data::PhoneNumberSharingMode::EVERYBODY.into(),
             ..Default::default()
         })
-        .write_length_delimited_to_bytes()
-        .unwrap(),
-    ));
+        .into(),
+        ..Default::default()
+    });
 
     let self_id = 0;
-    let self_recipient = futures::stream::once(std::future::ready(
-        frame(proto::Recipient {
-            id: self_id,
-            destination: Some(proto::recipient::Destination::Self_(Default::default())),
-            ..Default::default()
-        })
-        .write_length_delimited_to_bytes()
-        .unwrap(),
-    ));
+    let self_recipient = frame(proto::Recipient {
+        id: self_id,
+        destination: Some(proto::recipient::Destination::Self_(Default::default())),
+        ..Default::default()
+    });
 
-    let recipient_frames = futures::stream::iter((1..).map(|id| {
+    let recipient_frames = (1..=number_of_conversations).map(|id| {
         frame(proto::Recipient {
             id,
             destination: Some(
@@ -130,26 +139,19 @@ fn generate_backup_frames(
             ),
             ..Default::default()
         })
-        .write_length_delimited_to_bytes()
-        .unwrap()
-    }))
-    .take(number_of_conversations);
+    });
 
-    let chat_frames = futures::stream::iter((1..).map(|id| {
+    let chat_frames = (1..=number_of_conversations).map(|id| {
         frame(proto::Chat {
             id,
             recipientId: id,
             expireTimerVersion: 1,
             ..Default::default()
         })
-        .write_length_delimited_to_bytes()
-        .unwrap()
-    }))
-    .take(number_of_conversations);
+    });
 
     const START_OF_2024_IN_MILLIS: u64 = 1704067200000; // 2024-01-01T00:00:00Z
-    let message_frames = futures::stream::iter((1..).map(move |i| {
-        let number_of_conversations = u64::try_from(number_of_conversations).unwrap();
+    let message_frames = (1..=number_of_messages).map(move |i| {
         let chat_id = i % number_of_conversations + 1; // skip the Self recipient
         let date_sent = START_OF_2024_IN_MILLIS + i * 1000;
 
@@ -206,14 +208,10 @@ fn generate_backup_frames(
             directionalDetails: Some(directional_details),
             ..Default::default()
         })
-        .write_length_delimited_to_bytes()
-        .unwrap()
-    }))
-    .take(number_of_messages);
+    });
 
-    backup_info
-        .chain(account_data)
-        .chain(self_recipient)
+    [account_data, self_recipient]
+        .into_iter()
         .chain(recipient_frames)
         .chain(chat_frames)
         .chain(message_frames)
diff --git a/rust/message-backup/benches/validation.rs b/rust/message-backup/benches/validation.rs
index fdf103872..13728fd28 100644
--- a/rust/message-backup/benches/validation.rs
+++ b/rust/message-backup/benches/validation.rs
@@ -26,6 +26,7 @@ use generation::*;
 const DEFAULT_ACI: Aci = Aci::from_uuid_bytes([0x11; 16]);
 const DEFAULT_ACCOUNT_ENTROPY: &str =
     "mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm";
+const MESSAGES_PER_CONVERSATION: usize = 200;
 
 /// An [`AsyncRead`] implementation that [yields][] for every callback.
 ///
@@ -88,7 +89,6 @@ fn cursor_without_appended_hash(backup: &[u8]) -> Cursor<&'_ [u8]> {
 }
 
 fn benchmark_multiple_backup_sizes(mut body: impl FnMut(usize, &[u8])) {
-    const MESSAGES_PER_CONVERSATION: usize = 200;
     for size in [30, 100, 300] {
         let backup = generate_backup(size, MESSAGES_PER_CONVERSATION * size);
         body(size, &backup);
@@ -437,6 +437,51 @@ fn validate_using_full_backup_reader(c: &mut Criterion) {
     });
 }
 
+fn parse_only(c: &mut Criterion) {
+    let mut group = c.benchmark_group("Frame::parse");
+    benchmark_multiple_backup_sizes(|size, _backup| {
+        let frames: Vec<Vec<u8>> = generate_frames(size, MESSAGES_PER_CONVERSATION * size)
+            .map(|frame| frame.write_to_bytes().unwrap())
+            .collect();
+
+        group.bench_function(BenchmarkId::from_parameter(size), |b| {
+            b.iter(|| {
+                for next in &frames {
+                    black_box(
+                        libsignal_message_backup::proto::backup::Frame::parse_from_bytes(next)
+                            .expect("valid"),
+                    );
+                }
+            })
+        });
+    });
+}
+
+fn parse_and_validate(c: &mut Criterion) {
+    let mut group = c.benchmark_group("PartialBackup");
+    benchmark_multiple_backup_sizes(|size, _backup| {
+        let backup_info = generate_backup_info().write_to_bytes().unwrap();
+        let frames: Vec<Vec<u8>> = generate_frames(size, MESSAGES_PER_CONVERSATION * size)
+            .map(|frame| frame.write_to_bytes().unwrap())
+            .collect();
+
+        group.bench_function(BenchmarkId::from_parameter(size), |b| {
+            b.iter(|| {
+                let mut backup = PartialBackup::<ValidateOnly>::by_parsing(
+                    &backup_info,
+                    libsignal_message_backup::backup::Purpose::RemoteBackup,
+                    |_| (),
+                )
+                .expect("valid");
+                for next in &frames {
+                    backup.parse_and_add_frame(next, |_| ()).expect("valid");
+                }
+                _ = CompletedBackup::try_from(backup).expect("valid");
+            })
+        });
+    });
+}
+
 criterion_group!(
     validation,
     hmac_only,
@@ -446,5 +491,7 @@ criterion_group!(
     decrypt_and_decompress_and_hmac_and_segment_and_parse,
     decrypt_and_decompress_and_hmac_and_segment_and_parse_and_validate,
     validate_using_full_backup_reader,
+    parse_only,
+    parse_and_validate,
 );
 criterion_main!(validation);

From c52b419a0c403de7fb40ca298f297378825788f7 Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Thu, 21 Nov 2024 16:35:37 -0800
Subject: [PATCH 26/57] backup: Remove early-exiting from unknown field
 checking

We only used this in tests, but the production code still had to
*check* whether there were any early exits. Not doing that leads to a
modest speedup.
---
 rust/message-backup/macros/src/lib.rs         | 25 ++++----
 rust/message-backup/src/unknown.rs            | 25 ++++----
 rust/message-backup/src/unknown/visit_dyn.rs  | 28 +++------
 .../src/unknown/visit_static.rs               | 58 ++++++++-----------
 4 files changed, 53 insertions(+), 83 deletions(-)

diff --git a/rust/message-backup/macros/src/lib.rs b/rust/message-backup/macros/src/lib.rs
index f35b8f4bf..6e00dab92 100644
--- a/rust/message-backup/macros/src/lib.rs
+++ b/rust/message-backup/macros/src/lib.rs
@@ -72,12 +72,10 @@ fn derive_has_unknown_fields_struct_impl(ident: Ident, e: syn::DataStruct) -> To
 
     quote! {
         impl #VisitUnknownFields for #ident {
-            fn visit_unknown_fields(&self, #PathArgName: #PathType, #VisitorArgName: &mut impl #Visitor) -> std::ops::ControlFlow<()>{
+            fn visit_unknown_fields(&self, #PathArgName: #PathType, #VisitorArgName: &mut impl #Visitor) {
                 let Self #destruct = self;
 
                 #({ #visit_fields };)*
-
-                std::ops::ControlFlow::Continue(())
             }
         }
     }
@@ -123,11 +121,10 @@ fn derive_has_unknown_fields_enum_impl(ident: Ident, e: syn::DataEnum) -> TokenS
 
     quote! {
         impl #VisitUnknownFields for #ident {
-            fn visit_unknown_fields(&self, path: #PathType, #VisitorArgName: &mut impl #Visitor) -> std::ops::ControlFlow<()> {
+            fn visit_unknown_fields(&self, path: #PathType, #VisitorArgName: &mut impl #Visitor) {
                 match self {
                     #(#arms,)*
                 };
-                std::ops::ControlFlow::Continue(())
             }
         }
     }
@@ -159,7 +156,7 @@ impl ToTokens for VisitField {
                     field_name: #field_name,
                     part: #Part::Field,
                 };
-                #VisitUnknownFields::visit_unknown_fields(#field_ident, #PathArgName, #VisitorArgName)?
+                #VisitUnknownFields::visit_unknown_fields(#field_ident, #PathArgName, #VisitorArgName)
             },
             FieldType::Container => quote! {
                 #VisitContainerUnknownFields::visit_unknown_fields_within(
@@ -167,7 +164,7 @@ impl ToTokens for VisitField {
                     #PathArgName,
                     #field_name,
                     #VisitorArgName
-                )?
+                )
             },
         }.to_tokens(tokens)
     }
@@ -264,7 +261,7 @@ mod test {
                     fn visit_unknown_fields(
                             &self,
                             path: crate::unknown::Path<'_>,
-                            visitor: &mut impl crate::unknown::visit_static::Visitor) -> std::ops::ControlFlow<()>
+                            visitor: &mut impl crate::unknown::visit_static::Visitor)
                     {
                         let Self {
                             pub_field, priv_field
@@ -276,7 +273,7 @@ mod test {
                                 field_name: "pub_field",
                                 part: crate::unknown::Part::Field,
                             };
-                            crate::unknown::visit_static::VisitUnknownFields::visit_unknown_fields(pub_field, path, visitor)?
+                            crate::unknown::visit_static::VisitUnknownFields::visit_unknown_fields(pub_field, path, visitor)
                         };
                         {
                             let path = crate::unknown::Path::Branch {
@@ -284,9 +281,8 @@ mod test {
                                 field_name: "priv_field",
                                 part: crate::unknown::Part::Field,
                             };
-                            crate::unknown::visit_static::VisitUnknownFields::visit_unknown_fields(priv_field, path, visitor)?
+                            crate::unknown::visit_static::VisitUnknownFields::visit_unknown_fields(priv_field, path, visitor)
                         };
-                        std::ops::ControlFlow::Continue(())
                     }
                 }
             },
@@ -306,7 +302,7 @@ mod test {
                     fn visit_unknown_fields(
                             &self,
                             path: crate::unknown::Path<'_>,
-                            visitor: &mut impl crate::unknown::visit_static::Visitor) -> std::ops::ControlFlow<()>
+                            visitor: &mut impl crate::unknown::visit_static::Visitor)
                     {
                         match self {
                             Self::AField(a_field) => {
@@ -315,7 +311,7 @@ mod test {
                                     field_name: "a_field",
                                     part: crate::unknown::Part::Field,
                                 };
-                                crate::unknown::visit_static::VisitUnknownFields::visit_unknown_fields(a_field, path, visitor)?
+                                crate::unknown::visit_static::VisitUnknownFields::visit_unknown_fields(a_field, path, visitor)
                             },
                             Self::BField(b_field) => {
                                 let path = crate::unknown::Path::Branch {
@@ -323,10 +319,9 @@ mod test {
                                     field_name: "b_field",
                                     part: crate::unknown::Part::Field,
                                 };
-                                crate::unknown::visit_static::VisitUnknownFields::visit_unknown_fields(b_field, path, visitor)?
+                                crate::unknown::visit_static::VisitUnknownFields::visit_unknown_fields(b_field, path, visitor)
                             },
                         };
-                        std::ops::ControlFlow::Continue(())
                     }
                 }
             },
diff --git a/rust/message-backup/src/unknown.rs b/rust/message-backup/src/unknown.rs
index 95ba8f201..c354ceae0 100644
--- a/rust/message-backup/src/unknown.rs
+++ b/rust/message-backup/src/unknown.rs
@@ -5,8 +5,6 @@
 
 //! Protobuf unknown field searching.
 
-use std::ops::ControlFlow;
-
 #[cfg(test)]
 mod visit_dyn;
 
@@ -151,13 +149,12 @@ pub(crate) trait VisitUnknownFields {
 }
 
 /// Convenience "alias" for a callable visitor.
-pub trait UnknownFieldVisitor: FnMut(Vec<PathPart>, UnknownValue) -> ControlFlow<()> {}
-impl<F: FnMut(Vec<PathPart>, UnknownValue) -> ControlFlow<()>> UnknownFieldVisitor for F {}
+pub trait UnknownFieldVisitor: FnMut(Vec<PathPart>, UnknownValue) {}
+impl<F: FnMut(Vec<PathPart>, UnknownValue)> UnknownFieldVisitor for F {}
 
 impl<M: visit_static::VisitUnknownFields> VisitUnknownFields for M {
     fn visit_unknown_fields<F: UnknownFieldVisitor>(&self, mut visitor: F) {
-        let _: ControlFlow<()> =
-            visit_static::VisitUnknownFields::visit_unknown_fields(self, Path::Root, &mut visitor);
+        visit_static::VisitUnknownFields::visit_unknown_fields(self, Path::Root, &mut visitor);
     }
 }
 
@@ -179,7 +176,6 @@ impl<V: VisitUnknownFields> VisitUnknownFieldsExt for V {
         let mut found = Vec::new();
         self.visit_unknown_fields(|path, value| {
             found.push((path, value));
-            ControlFlow::Continue(())
         });
         found
     }
@@ -187,8 +183,9 @@ impl<V: VisitUnknownFields> VisitUnknownFieldsExt for V {
     fn find_unknown_field(&self) -> Option<(Vec<PathPart>, UnknownValue)> {
         let mut found = None;
         self.visit_unknown_fields(|path, value| {
-            found = Some((path, value));
-            ControlFlow::Break(())
+            if found.is_none() {
+                found = Some((path, value));
+            }
         });
 
         found
@@ -241,7 +238,7 @@ mod test {
         }
     }
 
-    fn never_visits(_: Vec<PathPart>, _: UnknownValue) -> ControlFlow<()> {
+    fn never_visits(_: Vec<PathPart>, _: UnknownValue) {
         unreachable!("unexpectedly visited")
     }
 
@@ -250,21 +247,19 @@ mod test {
 
     impl VisitUnknownFields for ViaProtoDescriptors<proto::TestMessage> {
         fn visit_unknown_fields<F: UnknownFieldVisitor>(&self, mut visitor: F) {
-            let _: ControlFlow<()> =
-                visit_dyn::visit_unknown_fields(&self.0, Path::Root, &mut visitor);
+            visit_dyn::visit_unknown_fields(&self.0, Path::Root, &mut visitor);
         }
     }
 
     impl VisitUnknownFields for ViaProtoDescriptors<proto::TestMessageWithExtraFields> {
         fn visit_unknown_fields<F: UnknownFieldVisitor>(&self, mut visitor: F) {
-            let _: ControlFlow<()> =
-                visit_dyn::visit_unknown_fields(&self.0, Path::Root, &mut visitor);
+            visit_dyn::visit_unknown_fields(&self.0, Path::Root, &mut visitor);
         }
     }
 
     impl<M: visit_static::VisitUnknownFields> VisitUnknownFields for ViaStaticDispatch<M> {
         fn visit_unknown_fields<F: UnknownFieldVisitor>(&self, mut visitor: F) {
-            let _: ControlFlow<()> = visit_static::VisitUnknownFields::visit_unknown_fields(
+            visit_static::VisitUnknownFields::visit_unknown_fields(
                 &self.0,
                 Path::Root,
                 &mut visitor,
diff --git a/rust/message-backup/src/unknown/visit_dyn.rs b/rust/message-backup/src/unknown/visit_dyn.rs
index b2fb93140..b2c40adf0 100644
--- a/rust/message-backup/src/unknown/visit_dyn.rs
+++ b/rust/message-backup/src/unknown/visit_dyn.rs
@@ -6,8 +6,6 @@
 //! Unknown field searching via dynamic traversal of protubuf message
 //! descriptors.
 
-use std::ops::ControlFlow;
-
 use protobuf::reflect::{ReflectFieldRef, ReflectValueRef};
 use protobuf::MessageDyn;
 
@@ -22,9 +20,9 @@ pub(super) fn visit_unknown_fields(
     // to fail to determine whether `&mut &mut .... &mut impl
     // UnknownFieldVisitor` implements `UnknownFieldVisitor`.
     visitor: &mut impl UnknownFieldVisitor,
-) -> ControlFlow<()> {
+) {
     for (tag, _value) in message.unknown_fields_dyn() {
-        visitor(path.owned_parts(), UnknownValue::Field { tag })?
+        visitor(path.owned_parts(), UnknownValue::Field { tag })
     }
 
     for field in message.descriptor_dyn().fields() {
@@ -37,10 +35,8 @@ pub(super) fn visit_unknown_fields(
                 part: Part::Field,
             },
         };
-        visit_child_unknown_fields(field.get_reflect(message), path, field.name(), visitor)?
+        visit_child_unknown_fields(field.get_reflect(message), path, field.name(), visitor)
     }
-
-    ControlFlow::Continue(())
 }
 
 fn visit_child_unknown_fields<'s>(
@@ -48,7 +44,7 @@ fn visit_child_unknown_fields<'s>(
     parent_path: Path<'s>,
     field_name: &'s str,
     visitor: &mut impl UnknownFieldVisitor,
-) -> ControlFlow<()> {
+) {
     let make_path = |part| Path::Branch {
         parent: &parent_path,
         field_name,
@@ -58,24 +54,20 @@ fn visit_child_unknown_fields<'s>(
     match field {
         ReflectFieldRef::Optional(value) => {
             let Some(value) = value.value() else {
-                return ControlFlow::Continue(());
+                return;
             };
             visit_field(value, visitor, make_path(Part::Field))
         }
         ReflectFieldRef::Repeated(values) => {
             for (index, value) in values.into_iter().enumerate() {
-                visit_field(value, visitor, make_path(Part::Repeated { index }))?;
+                visit_field(value, visitor, make_path(Part::Repeated { index }));
             }
-
-            ControlFlow::Continue(())
         }
         ReflectFieldRef::Map(values) => {
             for (key, value) in &values {
                 let key = key.into();
-                visit_field(value, visitor, make_path(Part::MapValue { key }))?;
+                visit_field(value, visitor, make_path(Part::MapValue { key }));
             }
-
-            ControlFlow::Continue(())
         }
     }
 }
@@ -84,7 +76,7 @@ fn visit_field<'s>(
     value: ReflectValueRef<'s>,
     visitor: &mut impl UnknownFieldVisitor,
     path: Path<'s>,
-) -> ControlFlow<()> {
+) {
     match value {
         ReflectValueRef::U32(_)
         | ReflectValueRef::U64(_)
@@ -94,12 +86,10 @@ fn visit_field<'s>(
         | ReflectValueRef::F64(_)
         | ReflectValueRef::Bool(_)
         | ReflectValueRef::String(_)
-        | ReflectValueRef::Bytes(_) => ControlFlow::Continue(()),
+        | ReflectValueRef::Bytes(_) => {}
         ReflectValueRef::Enum(descriptor, number) => {
             if descriptor.value_by_number(number).is_none() {
                 visitor(path.owned_parts(), UnknownValue::EnumValue { number })
-            } else {
-                ControlFlow::Continue(())
             }
         }
         ReflectValueRef::Message(message) => {
diff --git a/rust/message-backup/src/unknown/visit_static.rs b/rust/message-backup/src/unknown/visit_static.rs
index b08aa9c70..a473ba406 100644
--- a/rust/message-backup/src/unknown/visit_static.rs
+++ b/rust/message-backup/src/unknown/visit_static.rs
@@ -4,7 +4,6 @@
 //
 
 use std::collections::HashMap;
-use std::ops::ControlFlow;
 
 pub(crate) use libsignal_message_backup_macros::VisitUnknownFields;
 use protobuf::{EnumOrUnknown, MessageField, SpecialFields, UnknownFields};
@@ -12,19 +11,18 @@ use protobuf::{EnumOrUnknown, MessageField, SpecialFields, UnknownFields};
 use crate::unknown::{MapKey, Part, Path, UnknownFieldVisitor, UnknownValue};
 
 pub(crate) trait Visitor {
-    fn unknown_fields(&mut self, path: Path<'_>, unknown: &UnknownFields) -> ControlFlow<()>;
-    fn unknown_enum(&mut self, path: Path<'_>, value: i32) -> ControlFlow<()>;
+    fn unknown_fields(&mut self, path: Path<'_>, unknown: &UnknownFields);
+    fn unknown_enum(&mut self, path: Path<'_>, value: i32);
 }
 
 impl<U: UnknownFieldVisitor> Visitor for U {
-    fn unknown_fields(&mut self, path: Path<'_>, unknown: &UnknownFields) -> ControlFlow<()> {
+    fn unknown_fields(&mut self, path: Path<'_>, unknown: &UnknownFields) {
         for (tag, _value) in unknown {
-            self(path.owned_parts(), UnknownValue::Field { tag })?
+            self(path.owned_parts(), UnknownValue::Field { tag })
         }
-        ControlFlow::Continue(())
     }
 
-    fn unknown_enum(&mut self, path: Path<'_>, value: i32) -> ControlFlow<()> {
+    fn unknown_enum(&mut self, path: Path<'_>, value: i32) {
         self(
             path.owned_parts(),
             UnknownValue::EnumValue { number: value },
@@ -34,35 +32,35 @@ impl<U: UnknownFieldVisitor> Visitor for U {
 
 pub(crate) trait VisitUnknownFields {
     /// Calls the visitor for each unknown field in the message.
-    fn visit_unknown_fields(&self, path: Path<'_>, visitor: &mut impl Visitor) -> ControlFlow<()>;
+    fn visit_unknown_fields(&self, path: Path<'_>, visitor: &mut impl Visitor);
 }
 
 impl<V: VisitUnknownFields> VisitUnknownFields for &V {
-    fn visit_unknown_fields(&self, path: Path<'_>, visitor: &mut impl Visitor) -> ControlFlow<()> {
+    fn visit_unknown_fields(&self, path: Path<'_>, visitor: &mut impl Visitor) {
         V::visit_unknown_fields(self, path, visitor)
     }
 }
 
 impl<E: protobuf::Enum> VisitUnknownFields for EnumOrUnknown<E> {
-    fn visit_unknown_fields(&self, path: Path<'_>, visitor: &mut impl Visitor) -> ControlFlow<()> {
+    fn visit_unknown_fields(&self, path: Path<'_>, visitor: &mut impl Visitor) {
         match self.enum_value() {
-            Ok(_) => ControlFlow::Continue(()),
+            Ok(_) => (),
             Err(v) => visitor.unknown_enum(path, v),
         }
     }
 }
 
 impl<E: VisitUnknownFields> VisitUnknownFields for Box<E> {
-    fn visit_unknown_fields(&self, path: Path<'_>, visitor: &mut impl Visitor) -> ControlFlow<()> {
+    fn visit_unknown_fields(&self, path: Path<'_>, visitor: &mut impl Visitor) {
         E::visit_unknown_fields(self, path, visitor)
     }
 }
 
 impl<E: VisitUnknownFields> VisitUnknownFields for MessageField<E> {
-    fn visit_unknown_fields(&self, path: Path<'_>, visitor: &mut impl Visitor) -> ControlFlow<()> {
-        self.0.as_ref().map_or(ControlFlow::Continue(()), |inner| {
-            inner.visit_unknown_fields(path, visitor)
-        })
+    fn visit_unknown_fields(&self, path: Path<'_>, visitor: &mut impl Visitor) {
+        if let Some(inner) = self.0.as_ref() {
+            inner.visit_unknown_fields(path, visitor);
+        }
     }
 }
 
@@ -72,7 +70,7 @@ pub(crate) trait VisitContainerUnknownFields {
         parent_path: Path<'_>,
         field_name: &str,
         visitor: &mut impl Visitor,
-    ) -> ControlFlow<()>;
+    );
 }
 
 impl VisitContainerUnknownFields for SpecialFields {
@@ -81,7 +79,7 @@ impl VisitContainerUnknownFields for SpecialFields {
         parent_path: Path<'_>,
         _field_name: &str,
         visitor: &mut impl Visitor,
-    ) -> ControlFlow<()> {
+    ) {
         debug_assert_eq!(_field_name, "special_fields");
         visitor.unknown_fields(parent_path, self.unknown_fields())
     }
@@ -93,16 +91,15 @@ impl<U: VisitUnknownFields> VisitContainerUnknownFields for Vec<U> {
         parent_path: Path<'_>,
         field_name: &str,
         visitor: &mut impl Visitor,
-    ) -> ControlFlow<()> {
+    ) {
         for (index, item) in self.iter().enumerate() {
             let path = Path::Branch {
                 parent: &parent_path,
                 field_name,
                 part: Part::Repeated { index },
             };
-            item.visit_unknown_fields(path, visitor)?
+            item.visit_unknown_fields(path, visitor)
         }
-        ControlFlow::Continue(())
     }
 }
 
@@ -115,16 +112,15 @@ where
         parent_path: Path<'_>,
         field_name: &str,
         visitor: &mut impl Visitor,
-    ) -> ControlFlow<()> {
+    ) {
         for (key, value) in self.iter() {
             let path = Path::Branch {
                 parent: &parent_path,
                 field_name,
                 part: Part::MapValue { key: key.into() },
             };
-            value.visit_unknown_fields(path, visitor)?
+            value.visit_unknown_fields(path, visitor)
         }
-        ControlFlow::Continue(())
     }
 }
 
@@ -134,8 +130,8 @@ impl<U: VisitUnknownFields> VisitContainerUnknownFields for Option<U> {
         parent_path: Path<'_>,
         field_name: &str,
         visitor: &mut impl Visitor,
-    ) -> ControlFlow<()> {
-        self.as_ref().map_or(ControlFlow::Continue(()), |inner| {
+    ) {
+        if let Some(inner) = self.as_ref() {
             inner.visit_unknown_fields(
                 Path::Branch {
                     parent: &parent_path,
@@ -144,20 +140,14 @@ impl<U: VisitUnknownFields> VisitContainerUnknownFields for Option<U> {
                 },
                 visitor,
             )
-        })
+        }
     }
 }
 
 macro_rules! no_unknown_fields {
     ($type:path) => {
         impl VisitUnknownFields for $type {
-            fn visit_unknown_fields(
-                &self,
-                _path: Path<'_>,
-                _visitor: &mut impl Visitor,
-            ) -> ControlFlow<()> {
-                ControlFlow::Continue(())
-            }
+            fn visit_unknown_fields(&self, _path: Path<'_>, _visitor: &mut impl Visitor) {}
         }
     };
 }

From 2b57cf5d9acbfda75297188a95052df03dcab84d Mon Sep 17 00:00:00 2001
From: Alex Konradi <akonradi@signal.org>
Date: Fri, 22 Nov 2024 14:07:18 -0500
Subject: [PATCH 27/57] Plumb disabling domain fronts to route connect fns

---
 rust/bridge/shared/types/src/net.rs      | 10 +++-
 rust/bridge/shared/types/src/net/cdsi.rs | 16 ++++--
 rust/bridge/shared/types/src/net/chat.rs | 20 ++++---
 rust/net/examples/cdsi_lookup.rs         |  6 ++-
 rust/net/infra/src/lib.rs                |  4 ++
 rust/net/src/enclave.rs                  |  4 +-
 rust/net/src/env.rs                      | 68 +++++++++++++++++++++++-
 7 files changed, 110 insertions(+), 18 deletions(-)

diff --git a/rust/bridge/shared/types/src/net.rs b/rust/bridge/shared/types/src/net.rs
index 7d1dda91e..372cd3671 100644
--- a/rust/bridge/shared/types/src/net.rs
+++ b/rust/bridge/shared/types/src/net.rs
@@ -26,7 +26,7 @@ use libsignal_net::infra::tcp_ssl::proxy::tls::TlsProxyConnector as TcpSslProxyC
 use libsignal_net::infra::tcp_ssl::{DirectConnector as TcpSslDirectConnector, TcpSslConnector};
 use libsignal_net::infra::timeouts::ONE_ROUTE_CONNECTION_TIMEOUT;
 use libsignal_net::infra::utils::ObservableEvent;
-use libsignal_net::infra::EndpointConnection;
+use libsignal_net::infra::{EnableDomainFronting, EndpointConnection};
 use libsignal_net::svr::SvrConnection;
 use libsignal_net::svr3::traits::*;
 use libsignal_net::svr3::{Error, OpaqueMaskedShareSet};
@@ -76,6 +76,7 @@ struct EndpointConnections {
     chat: EndpointConnection<MultiRouteConnectionManager>,
     cdsi: EnclaveEndpointConnection<Cdsi, MultiRouteConnectionManager>,
     svr3: Svr3EndpointConnections,
+    enable_fronting: EnableDomainFronting,
 }
 
 impl EndpointConnections {
@@ -121,7 +122,12 @@ impl EndpointConnections {
                 network_change_event,
             ),
         );
-        Self { chat, cdsi, svr3 }
+        Self {
+            chat,
+            cdsi,
+            svr3,
+            enable_fronting: EnableDomainFronting(use_fallbacks),
+        }
     }
 
     fn endpoint_connection<E: EnclaveKind>(
diff --git a/rust/bridge/shared/types/src/net/cdsi.rs b/rust/bridge/shared/types/src/net/cdsi.rs
index 404d9fc3a..dc9dc6e6f 100644
--- a/rust/bridge/shared/types/src/net/cdsi.rs
+++ b/rust/bridge/shared/types/src/net/cdsi.rs
@@ -100,12 +100,18 @@ impl CdsiLookup {
                     )
                 })?;
 
-        let ws_config = endpoints.lock().expect("not poisoned").cdsi.ws2_config();
+        let (ws_config, enable_domain_fronting) = {
+            let guard = endpoints.lock().expect("not poisoned");
+            (guard.cdsi.ws2_config(), guard.enable_fronting)
+        };
         let env_cdsi = &env.cdsi;
-        let route_provider = env_cdsi.route_provider().map_routes(|mut route| {
-            route.fragment.headers.extend([user_agent.as_header()]);
-            route
-        });
+        let route_provider =
+            env_cdsi
+                .route_provider(enable_domain_fronting)
+                .map_routes(|mut route| {
+                    route.fragment.headers.extend([user_agent.as_header()]);
+                    route
+                });
         let confirmation_header_name = env_cdsi
             .domain_config
             .connect
diff --git a/rust/bridge/shared/types/src/net/chat.rs b/rust/bridge/shared/types/src/net/chat.rs
index 58c5c2080..54d9219ad 100644
--- a/rust/bridge/shared/types/src/net/chat.rs
+++ b/rust/bridge/shared/types/src/net/chat.rs
@@ -319,23 +319,29 @@ async fn establish_chat_connection(
             .try_into()
             .map_err(|InvalidProxyConfig| ChatServiceError::ServiceUnavailable)?;
 
+    let (ws_config, enable_domain_fronting) = {
+        let endpoints_guard = endpoints.lock().expect("not poisoned");
+        (
+            endpoints_guard.chat.config.ws2_config(),
+            endpoints_guard.enable_fronting,
+        )
+    };
+
     let libsignal_net::infra::ws2::Config {
         local_idle_timeout,
         remote_idle_disconnect_timeout,
         ..
-    } = endpoints
-        .lock()
-        .expect("not poisoned")
-        .chat
-        .config
-        .ws2_config();
+    } = ws_config;
 
     let chat_connect = &env.chat_domain_config.connect;
 
     ChatConnection::connect_with(
         connect,
         dns_resolver,
-        DirectOrProxyProvider::maybe_proxied(chat_connect.route_provider(), proxy_config),
+        DirectOrProxyProvider::maybe_proxied(
+            chat_connect.route_provider(enable_domain_fronting),
+            proxy_config,
+        ),
         chat_connect
             .confirmation_header_name
             .map(HeaderName::from_static),
diff --git a/rust/net/examples/cdsi_lookup.rs b/rust/net/examples/cdsi_lookup.rs
index ca808efc4..3082a66e6 100644
--- a/rust/net/examples/cdsi_lookup.rs
+++ b/rust/net/examples/cdsi_lookup.rs
@@ -16,6 +16,7 @@ use libsignal_net::infra::dns::DnsResolver;
 use libsignal_net::infra::utils::ObservableEvent;
 use libsignal_net_infra::route::{ConnectionOutcomeParams, DirectOrProxyProvider};
 use libsignal_net_infra::tcp_ssl::DirectConnector;
+use libsignal_net_infra::EnableDomainFronting;
 use tokio::io::AsyncBufReadExt as _;
 
 async fn cdsi_lookup(
@@ -99,7 +100,10 @@ async fn main() {
         CdsiConnection::connect_with(
             &connect_state,
             &resolver,
-            DirectOrProxyProvider::maybe_proxied(cdsi_env.route_provider(), None),
+            DirectOrProxyProvider::maybe_proxied(
+                cdsi_env.route_provider(EnableDomainFronting(false)),
+                None,
+            ),
             confirmation_header,
             WS2_CONFIG,
             &cdsi_env.params,
diff --git a/rust/net/infra/src/lib.rs b/rust/net/infra/src/lib.rs
index 361f9cb43..6e4cff111 100644
--- a/rust/net/infra/src/lib.rs
+++ b/rust/net/infra/src/lib.rs
@@ -68,6 +68,10 @@ impl From<&IpAddr> for IpType {
     }
 }
 
+/// Whether or not to enable domain fronting.
+#[derive(Copy, Clone, Debug, Eq, Hash, PartialEq)]
+pub struct EnableDomainFronting(pub bool);
+
 /// A collection of commonly used decorators for HTTP requests.
 #[derive(Clone, Debug, PartialEq, Eq)]
 pub enum HttpRequestDecorator {
diff --git a/rust/net/src/enclave.rs b/rust/net/src/enclave.rs
index 8c14580a5..37ab27cee 100644
--- a/rust/net/src/enclave.rs
+++ b/rust/net/src/enclave.rs
@@ -32,6 +32,7 @@ use libsignal_net_infra::{
 
 use crate::auth::Auth;
 use crate::env::{DomainConfig, Svr3Env};
+use crate::infra::EnableDomainFronting;
 use crate::svr::SvrConnection;
 use crate::ws::{WebSocketServiceConnectError, WebSocketServiceConnector};
 
@@ -331,6 +332,7 @@ impl<E: EnclaveKind + NewHandshake, C: ConnectionManager> EnclaveEndpointConnect
 impl<'a, E: EnclaveKind> EnclaveEndpoint<'a, E> {
     pub fn route_provider(
         &self,
+        enable_domain_fronting: EnableDomainFronting,
     ) -> WebSocketProvider<
         HttpsProvider<DomainFrontRouteProvider, TlsRouteProvider<DirectTcpRouteProvider>>,
     > {
@@ -338,7 +340,7 @@ impl<'a, E: EnclaveKind> EnclaveEndpoint<'a, E> {
             domain_config,
             params,
         } = self;
-        let http_provider = domain_config.connect.route_provider();
+        let http_provider = domain_config.connect.route_provider(enable_domain_fronting);
 
         let ws_fragment = WebSocketRouteFragment {
             ws_config: Default::default(),
diff --git a/rust/net/src/env.rs b/rust/net/src/env.rs
index 508c561f0..2af81079f 100644
--- a/rust/net/src/env.rs
+++ b/rust/net/src/env.rs
@@ -21,8 +21,8 @@ use libsignal_net_infra::route::{
     HttpsProvider, TlsRouteProvider,
 };
 use libsignal_net_infra::{
-    AsHttpHeader, ConnectionParams, DnsSource, HttpRequestDecorator, HttpRequestDecoratorSeq,
-    RouteType, TransportConnectionParams,
+    AsHttpHeader, ConnectionParams, DnsSource, EnableDomainFronting, HttpRequestDecorator,
+    HttpRequestDecoratorSeq, RouteType, TransportConnectionParams,
 };
 use nonzero_ext::nonzero;
 use rand::seq::SliceRandom;
@@ -418,6 +418,7 @@ impl ConnectionConfig {
 
     pub fn route_provider(
         &self,
+        enable_domain_fronting: EnableDomainFronting,
     ) -> HttpsProvider<DomainFrontRouteProvider, TlsRouteProvider<DirectTcpRouteProvider>> {
         let Self {
             hostname,
@@ -428,6 +429,7 @@ impl ConnectionConfig {
         } = self;
         let domain_front_configs = proxy
             .as_ref()
+            .and_then(|proxy| enable_domain_fronting.0.then_some(proxy))
             .map(
                 |ConnectionProxyConfig {
                      path_prefix,
@@ -692,6 +694,12 @@ pub mod constants {
 
 #[cfg(test)]
 mod test {
+    use itertools::Itertools as _;
+    use libsignal_net_infra::route::{
+        HttpRouteFragment, HttpsTlsRoute, RouteProvider as _, TcpRoute, TlsRoute, TlsRouteFragment,
+        UnresolvedHost,
+    };
+    use libsignal_net_infra::Alpn;
     use test_case::test_matrix;
 
     use super::*;
@@ -743,4 +751,60 @@ mod test {
             );
         }
     }
+
+    #[test_matrix([true, false])]
+    fn connect_config_routes_enable_domain_fronting(enable_domain_fronting: bool) {
+        const PORT: NonZeroU16 = nonzero!(123u16);
+        const CONNECT_CONFIG: ConnectionConfig = ConnectionConfig {
+            hostname: "host",
+            port: PORT,
+            cert: RootCertificates::Native,
+            confirmation_header_name: None,
+            proxy: Some(ConnectionProxyConfig {
+                path_prefix: "proxy-prefix",
+                configs: [
+                    ProxyConfig {
+                        route_type: RouteType::ProxyF,
+                        http_host: "proxy-host-1",
+                        sni_list: &["sni-1-a", "sni-1-b"],
+                        certs: RootCertificates::Native,
+                    },
+                    ProxyConfig {
+                        route_type: RouteType::ProxyF,
+                        http_host: "proxy-host0",
+                        sni_list: &["sni-2-a", "sni-2-b"],
+                        certs: RootCertificates::Native,
+                    },
+                ],
+            }),
+        };
+        let route_provider =
+            CONNECT_CONFIG.route_provider(EnableDomainFronting(enable_domain_fronting));
+        let routes = route_provider.routes().collect_vec();
+
+        let expected_direct_route = HttpsTlsRoute {
+            fragment: HttpRouteFragment {
+                host_header: "host".into(),
+                path_prefix: "".into(),
+            },
+            inner: TlsRoute {
+                fragment: TlsRouteFragment {
+                    root_certs: RootCertificates::Native,
+                    sni: Host::Domain("host".into()),
+                    alpn: Some(Alpn::Http1_1),
+                },
+                inner: TcpRoute {
+                    address: UnresolvedHost::from(Arc::from("host")),
+                    port: PORT,
+                },
+            },
+        };
+
+        if enable_domain_fronting {
+            assert_eq!(routes.first(), Some(&expected_direct_route));
+            assert_eq!(routes.len(), 5, "{routes:?}");
+        } else {
+            assert_eq!(routes, [expected_direct_route]);
+        };
+    }
 }

From ecb35a6b84e8b8cb123b49f0988ffa3a30012bd3 Mon Sep 17 00:00:00 2001
From: Alex Konradi <akonradi@signal.org>
Date: Fri, 22 Nov 2024 14:08:19 -0500
Subject: [PATCH 28/57] Fix Native.d.ts formatting

---
 node/Native.d.ts                    | 34 ++++++++++++++---------------
 rust/bridge/node/bin/Native.d.ts.in | 34 ++++++++++++++---------------
 2 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/node/Native.d.ts b/node/Native.d.ts
index ca8e0caed..f1c9a89c2 100644
--- a/node/Native.d.ts
+++ b/node/Native.d.ts
@@ -17,37 +17,37 @@ type Timestamp = number;
 type LookupResponse = {
   entries: Map<string, LookupResponseEntry>;
   debugPermitsUsed: number;
-}
+};
 
 type LookupResponseEntry = {
   readonly aci: string | undefined;
   readonly pni: string | undefined;
-}
+};
 
 type ChatResponse = {
   status: number;
   message: string | undefined;
   headers: ReadonlyArray<[string, string]>;
   body: Buffer | undefined;
-}
+};
 
 type ChatServiceDebugInfo = {
   ipType: number;
   durationMillis: number;
   connectionInfo: string;
-}
+};
 
 type ResponseAndDebugInfo = {
   response: ChatResponse;
   debugInfo: ChatServiceDebugInfo;
-}
+};
 
 type SealedSenderMultiRecipientMessageRecipient = {
   deviceIds: number[];
   registrationIds: number[];
   rangeOffset: number;
   rangeLen: number;
-}
+};
 
 type SealedSenderMultiRecipientMessage = {
   recipientMap: {
@@ -55,7 +55,7 @@ type SealedSenderMultiRecipientMessage = {
   };
   excludedRecipients: string[];
   offsetOfSharedData: number;
-}
+};
 
 type IdentityKeyStore = {
   _getIdentityKey(): Promise<PrivateKey>;
@@ -67,18 +67,18 @@ type IdentityKeyStore = {
     sending: boolean
   ): Promise<boolean>;
   _getIdentity(name: ProtocolAddress): Promise<PublicKey | null>;
-}
+};
 
 type SessionStore = {
   _saveSession(addr: ProtocolAddress, record: SessionRecord): Promise<void>;
   _getSession(addr: ProtocolAddress): Promise<SessionRecord | null>;
-}
+};
 
 type PreKeyStore = {
   _savePreKey(preKeyId: number, record: PreKeyRecord): Promise<void>;
   _getPreKey(preKeyId: number): Promise<PreKeyRecord>;
   _removePreKey(preKeyId: number): Promise<void>;
-}
+};
 
 type SignedPreKeyStore = {
   _saveSignedPreKey(
@@ -86,7 +86,7 @@ type SignedPreKeyStore = {
     record: SignedPreKeyRecord
   ): Promise<void>;
   _getSignedPreKey(signedPreKeyId: number): Promise<SignedPreKeyRecord>;
-}
+};
 
 type KyberPreKeyStore = {
   _saveKyberPreKey(
@@ -95,7 +95,7 @@ type KyberPreKeyStore = {
   ): Promise<void>;
   _getKyberPreKey(kyberPreKeyId: number): Promise<KyberPreKeyRecord>;
   _markKyberPreKeyUsed(kyberPreKeyId: number): Promise<void>;
-}
+};
 
 type SenderKeyStore = {
   _saveSenderKey(
@@ -107,12 +107,12 @@ type SenderKeyStore = {
     sender: ProtocolAddress,
     distributionId: Uuid
   ): Promise<SenderKeyRecord | null>;
-}
+};
 
 type InputStream = {
   _read(amount: number): Promise<Buffer>;
   _skip(amount: number): Promise<void>;
-}
+};
 
 type SyncInputStream = Buffer;
 
@@ -127,7 +127,7 @@ type ChatListener = {
     // A LibSignalError or null, but not naming the type to avoid circular import dependencies.
     reason: Error | null
   ): void;
-}
+};
 
 type Wrapper<T> = Readonly<{
   _nativeHandle: T;
@@ -136,11 +136,11 @@ type Wrapper<T> = Readonly<{
 type MessageBackupValidationOutcome = {
   errorMessage: string | null;
   unknownFieldMessages: Array<string>;
-}
+};
 
 type CancellablePromise<T> = Promise<T> & {
   _cancellationToken: bigint;
-}
+};
 
 // eslint-disable-next-line @typescript-eslint/no-unused-vars
 type Serialized<T> = Buffer;
diff --git a/rust/bridge/node/bin/Native.d.ts.in b/rust/bridge/node/bin/Native.d.ts.in
index cf05d3fdc..e4062a0f1 100644
--- a/rust/bridge/node/bin/Native.d.ts.in
+++ b/rust/bridge/node/bin/Native.d.ts.in
@@ -17,37 +17,37 @@ type Timestamp = number;
 type LookupResponse = {
   entries: Map<string, LookupResponseEntry>;
   debugPermitsUsed: number;
-}
+};
 
 type LookupResponseEntry = {
   readonly aci: string | undefined;
   readonly pni: string | undefined;
-}
+};
 
 type ChatResponse = {
   status: number;
   message: string | undefined;
   headers: ReadonlyArray<[string, string]>;
   body: Buffer | undefined;
-}
+};
 
 type ChatServiceDebugInfo = {
   ipType: number;
   durationMillis: number;
   connectionInfo: string;
-}
+};
 
 type ResponseAndDebugInfo = {
   response: ChatResponse;
   debugInfo: ChatServiceDebugInfo;
-}
+};
 
 type SealedSenderMultiRecipientMessageRecipient = {
   deviceIds: number[];
   registrationIds: number[];
   rangeOffset: number;
   rangeLen: number;
-}
+};
 
 type SealedSenderMultiRecipientMessage = {
   recipientMap: {
@@ -55,7 +55,7 @@ type SealedSenderMultiRecipientMessage = {
   };
   excludedRecipients: string[];
   offsetOfSharedData: number;
-}
+};
 
 type IdentityKeyStore = {
   _getIdentityKey(): Promise<PrivateKey>;
@@ -67,18 +67,18 @@ type IdentityKeyStore = {
     sending: boolean
   ): Promise<boolean>;
   _getIdentity(name: ProtocolAddress): Promise<PublicKey | null>;
-}
+};
 
 type SessionStore = {
   _saveSession(addr: ProtocolAddress, record: SessionRecord): Promise<void>;
   _getSession(addr: ProtocolAddress): Promise<SessionRecord | null>;
-}
+};
 
 type PreKeyStore = {
   _savePreKey(preKeyId: number, record: PreKeyRecord): Promise<void>;
   _getPreKey(preKeyId: number): Promise<PreKeyRecord>;
   _removePreKey(preKeyId: number): Promise<void>;
-}
+};
 
 type SignedPreKeyStore = {
   _saveSignedPreKey(
@@ -86,7 +86,7 @@ type SignedPreKeyStore = {
     record: SignedPreKeyRecord
   ): Promise<void>;
   _getSignedPreKey(signedPreKeyId: number): Promise<SignedPreKeyRecord>;
-}
+};
 
 type KyberPreKeyStore = {
   _saveKyberPreKey(
@@ -95,7 +95,7 @@ type KyberPreKeyStore = {
   ): Promise<void>;
   _getKyberPreKey(kyberPreKeyId: number): Promise<KyberPreKeyRecord>;
   _markKyberPreKeyUsed(kyberPreKeyId: number): Promise<void>;
-}
+};
 
 type SenderKeyStore = {
   _saveSenderKey(
@@ -107,12 +107,12 @@ type SenderKeyStore = {
     sender: ProtocolAddress,
     distributionId: Uuid
   ): Promise<SenderKeyRecord | null>;
-}
+};
 
 type InputStream = {
   _read(amount: number): Promise<Buffer>;
   _skip(amount: number): Promise<void>;
-}
+};
 
 type SyncInputStream = Buffer;
 
@@ -127,7 +127,7 @@ type ChatListener = {
     // A LibSignalError or null, but not naming the type to avoid circular import dependencies.
     reason: Error | null
   ): void;
-}
+};
 
 type Wrapper<T> = Readonly<{
   _nativeHandle: T;
@@ -136,11 +136,11 @@ type Wrapper<T> = Readonly<{
 type MessageBackupValidationOutcome = {
   errorMessage: string | null;
   unknownFieldMessages: Array<string>;
-}
+};
 
 type CancellablePromise<T> = Promise<T> & {
   _cancellationToken: bigint;
-}
+};
 
 // eslint-disable-next-line @typescript-eslint/no-unused-vars
 type Serialized<T> = Buffer;

From c3ceca0f62625fbe808b55dfc9304ae6a29710af Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Thu, 21 Nov 2024 17:17:42 -0800
Subject: [PATCH 29/57] backup: Add a fast path for text with no body ranges

This *ought* to be redundant with MessageText::try_from, but backups
contain *so many plain text messages* that *avoiding the function
call* and knowing there's no early-exit is enough to be a win. (Of
course, this is most pronounced in the synthetic backup test case,
which has no body ranges at all.)
---
 .../src/backup/chat/standard_message.rs            | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/rust/message-backup/src/backup/chat/standard_message.rs b/rust/message-backup/src/backup/chat/standard_message.rs
index c5d404d30..b9293cb55 100644
--- a/rust/message-backup/src/backup/chat/standard_message.rs
+++ b/rust/message-backup/src/backup/chat/standard_message.rs
@@ -55,7 +55,19 @@ impl<R: Clone, C: LookupPair<RecipientId, DestinationKind, R> + ReportUnusualTim
             .map(|q| q.try_into_with(context))
             .transpose()?;
 
-        let text = text.into_option().map(MessageText::try_from).transpose()?;
+        let text = match text.into_option() {
+            None => None,
+            // Fast-path for a message with no body-ranges.
+            Some(proto::Text {
+                body,
+                bodyRanges,
+                special_fields: _,
+            }) if bodyRanges.is_empty() => Some(MessageText {
+                text: body,
+                ranges: Default::default(),
+            }),
+            Some(text) => Some(text.try_into()?),
+        };
 
         let link_previews = linkPreview
             .into_iter()

From 5030408e52dac1ba86e2d9640bb52617d3d6a434 Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Thu, 21 Nov 2024 13:35:01 -0800
Subject: [PATCH 30/57] backup: Use system libz on Android

---
 Cargo.lock                            | 26 ++++++++++
 acknowledgments/acknowledgments.html  | 71 ++++++++++++++++++++++++-
 acknowledgments/acknowledgments.md    | 66 +++++++++++++++++++++++-
 acknowledgments/acknowledgments.plist | 74 ++++++++++++++++++++++++++-
 rust/bridge/jni/Cargo.toml            |  2 +
 rust/message-backup/Cargo.toml        |  5 ++
 6 files changed, 241 insertions(+), 3 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 5670a6b6a..ea37f75a5 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1244,6 +1244,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "324a1be68054ef05ad64b861cc9eaf1d623d2d8cb25b4bf2cb9cdd902b4bf253"
 dependencies = [
  "crc32fast",
+ "libz-sys",
  "miniz_oxide",
 ]
 
@@ -2210,6 +2211,7 @@ version = "0.62.0"
 dependencies = [
  "cfg-if",
  "cpufeatures",
+ "flate2",
  "jni 0.19.0",
  "jni 0.21.1",
  "libsignal-bridge",
@@ -2269,6 +2271,7 @@ dependencies = [
  "dir-test",
  "displaydoc",
  "env_logger",
+ "flate2",
  "futures",
  "hex",
  "hex-literal",
@@ -2521,6 +2524,17 @@ dependencies = [
  "zerocopy",
 ]
 
+[[package]]
+name = "libz-sys"
+version = "1.1.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d2d16453e800a8cf6dd2fc3eb4bc99b786a9b90c663b8559a5b1a041bf89e472"
+dependencies = [
+ "cc",
+ "pkg-config",
+ "vcpkg",
+]
+
 [[package]]
 name = "linkme"
 version = "0.3.28"
@@ -3159,6 +3173,12 @@ dependencies = [
  "spki",
 ]
 
+[[package]]
+name = "pkg-config"
+version = "0.3.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "953ec861398dccce10c670dfeaf3ec4911ca479e9c02154b3a215178c5f566f2"
+
 [[package]]
 name = "plotters"
 version = "0.3.7"
@@ -4814,6 +4834,12 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"
 
+[[package]]
+name = "vcpkg"
+version = "0.2.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
+
 [[package]]
 name = "version_check"
 version = "0.9.5"
diff --git a/acknowledgments/acknowledgments.html b/acknowledgments/acknowledgments.html
index 581276f3e..32038ca34 100644
--- a/acknowledgments/acknowledgments.html
+++ b/acknowledgments/acknowledgments.html
@@ -46,7 +46,7 @@ <h1>Third Party Licenses</h1>
     
         <h2>Overview of licenses:</h2>
         <ul class="licenses-overview">
-            <li><a href="#MIT">MIT License</a> (333)</li>
+            <li><a href="#MIT">MIT License</a> (336)</li>
             <li><a href="#AGPL-3.0">GNU Affero General Public License v3.0</a> (29)</li>
             <li><a href="#Apache-2.0">Apache License 2.0</a> (16)</li>
             <li><a href="#BSD-3-Clause">BSD 3-Clause &quot;New&quot; or &quot;Revised&quot; License</a> (9)</li>
@@ -3113,6 +3113,7 @@ <h4>Used by:</h4>
                     <li><a href="https://github.com/rust-lang/flate2-rs">flate2 1.0.33</a></li>
                     <li><a href="https://github.com/rust-lang/jobserver-rs">jobserver 0.1.32</a></li>
                     <li><a href="https://github.com/alexcrichton/openssl-probe">openssl-probe 0.1.5</a></li>
+                    <li><a href="https://github.com/rust-lang/pkg-config-rs">pkg-config 0.3.31</a></li>
                     <li><a href="https://github.com/rust-lang/rustc-demangle">rustc-demangle 0.1.24</a></li>
                     <li><a href="https://github.com/alexcrichton/scoped-tls">scoped-tls 1.0.1</a></li>
                     <li><a href="https://github.com/rust-lang/socket2">socket2 0.5.7</a></li>
@@ -3167,6 +3168,40 @@ <h4>Used by:</h4>
 shall be included in all copies or substantial portions
 of the Software.
 
+THE SOFTWARE IS PROVIDED &quot;AS IS&quot;, WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+</pre>
+            </li>
+            <li class="license">
+                <h3 id="MIT">MIT License</h3>
+                <h4>Used by:</h4>
+                <ul class="license-used-by">
+                    <li><a href="https://github.com/rust-lang/libz-sys">libz-sys 1.1.20</a></li>
+                </ul>
+                <pre class="license-text">Copyright (c) 2014 Alex Crichton
+Copyright (c) 2020 Josh Triplett
+
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the &quot;Software&quot;), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
 THE SOFTWARE IS PROVIDED &quot;AS IS&quot;, WITHOUT WARRANTY OF
 ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
 TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
@@ -4849,6 +4884,40 @@ <h4>Used by:</h4>
 LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+</pre>
+            </li>
+            <li class="license">
+                <h3 id="MIT">MIT License</h3>
+                <h4>Used by:</h4>
+                <ul class="license-used-by">
+                    <li><a href="https://github.com/mcgoo/vcpkg-rs">vcpkg 0.2.15</a></li>
+                </ul>
+                <pre class="license-text">Copyright (c) 2017 Jim McGrath
+
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the &quot;Software&quot;), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED &quot;AS IS&quot;, WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+
 </pre>
             </li>
             <li class="license">
diff --git a/acknowledgments/acknowledgments.md b/acknowledgments/acknowledgments.md
index 4df0869f9..04632268b 100644
--- a/acknowledgments/acknowledgments.md
+++ b/acknowledgments/acknowledgments.md
@@ -2926,7 +2926,7 @@ DEALINGS IN THE SOFTWARE.
 
 ```
 
-## backtrace 0.3.74, cc 1.1.18, cfg-if 1.0.0, cmake 0.1.48, flate2 1.0.33, jobserver 0.1.32, openssl-probe 0.1.5, rustc-demangle 0.1.24, scoped-tls 1.0.1, socket2 0.5.7
+## backtrace 0.3.74, cc 1.1.18, cfg-if 1.0.0, cmake 0.1.48, flate2 1.0.33, jobserver 0.1.32, openssl-probe 0.1.5, pkg-config 0.3.31, rustc-demangle 0.1.24, scoped-tls 1.0.1, socket2 0.5.7
 
 ```
 Copyright (c) 2014 Alex Crichton
@@ -2989,6 +2989,38 @@ DEALINGS IN THE SOFTWARE.
 
 ```
 
+## libz-sys 1.1.20
+
+```
+Copyright (c) 2014 Alex Crichton
+Copyright (c) 2020 Josh Triplett
+
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the "Software"), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+
+```
+
 ## mio 1.0.2
 
 ```
@@ -4520,6 +4552,38 @@ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
+```
+
+## vcpkg 0.2.15
+
+```
+Copyright (c) 2017 Jim McGrath
+
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the "Software"), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+
+
 ```
 
 ## foreign-types-macros 0.2.3, foreign-types-shared 0.3.1, foreign-types 0.5.0
diff --git a/acknowledgments/acknowledgments.plist b/acknowledgments/acknowledgments.plist
index 43eac9b67..f09e7e363 100644
--- a/acknowledgments/acknowledgments.plist
+++ b/acknowledgments/acknowledgments.plist
@@ -3099,7 +3099,7 @@ DEALINGS IN THE SOFTWARE.
 			<key>License</key>
 			<string>MIT License</string>
 			<key>Title</key>
-			<string>backtrace 0.3.74, cc 1.1.18, cfg-if 1.0.0, cmake 0.1.48, flate2 1.0.33, jobserver 0.1.32, openssl-probe 0.1.5, rustc-demangle 0.1.24, scoped-tls 1.0.1, socket2 0.5.7</string>
+			<string>backtrace 0.3.74, cc 1.1.18, cfg-if 1.0.0, cmake 0.1.48, flate2 1.0.33, jobserver 0.1.32, openssl-probe 0.1.5, pkg-config 0.3.31, rustc-demangle 0.1.24, scoped-tls 1.0.1, socket2 0.5.7</string>
 			<key>Type</key>
 			<string>PSGroupSpecifier</string>
 		</dict>
@@ -3139,6 +3139,42 @@ DEALINGS IN THE SOFTWARE.
 			<key>Type</key>
 			<string>PSGroupSpecifier</string>
 		</dict>
+		<dict>
+			<key>FooterText</key>
+			<string>Copyright (c) 2014 Alex Crichton
+Copyright (c) 2020 Josh Triplett
+
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the &quot;Software&quot;), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED &quot;AS IS&quot;, WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+</string>
+			<key>License</key>
+			<string>MIT License</string>
+			<key>Title</key>
+			<string>libz-sys 1.1.20</string>
+			<key>Type</key>
+			<string>PSGroupSpecifier</string>
+		</dict>
 		<dict>
 			<key>FooterText</key>
 			<string>Copyright (c) 2014 Carl Lerche and other MIO contributors
@@ -4888,6 +4924,42 @@ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 			<key>Type</key>
 			<string>PSGroupSpecifier</string>
 		</dict>
+		<dict>
+			<key>FooterText</key>
+			<string>Copyright (c) 2017 Jim McGrath
+
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the &quot;Software&quot;), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED &quot;AS IS&quot;, WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+
+</string>
+			<key>License</key>
+			<string>MIT License</string>
+			<key>Title</key>
+			<string>vcpkg 0.2.15</string>
+			<key>Type</key>
+			<string>PSGroupSpecifier</string>
+		</dict>
 		<dict>
 			<key>FooterText</key>
 			<string>Copyright (c) 2017 The foreign-types Developers
diff --git a/rust/bridge/jni/Cargo.toml b/rust/bridge/jni/Cargo.toml
index 54c8b9ca0..68966c89c 100644
--- a/rust/bridge/jni/Cargo.toml
+++ b/rust/bridge/jni/Cargo.toml
@@ -33,3 +33,5 @@ cpufeatures = "0.2.2" # Make sure 64-bit Android gets optimized crypto
 [target.'cfg(target_os = "android")'.dependencies]
 jni19 = { version = "0.19", package = "jni" }
 rustls-platform-verifier = "0.3.1"
+# Make sure we're using the system zlib on Android.
+flate2 = { version = "1", default-features = false, features = ["zlib"] }
diff --git a/rust/message-backup/Cargo.toml b/rust/message-backup/Cargo.toml
index 27943ce9e..516ed20a2 100644
--- a/rust/message-backup/Cargo.toml
+++ b/rust/message-backup/Cargo.toml
@@ -106,3 +106,8 @@ protobuf-codegen = "3.3.0"
 # This will be fixed in sha2 0.11, which also removes the "asm" feature and turns it on by default.
 # So when sha2 0.11 is released, this section will go away.
 sha2 = { workspace = true, features = ["asm"] }
+
+# Prefer the system zlib for Android.
+# We'd probably prefer to use this everywhere, but some of our tests depend on exact output.
+[target.'cfg(target_os = "android")'.dev-dependencies]
+flate2 = { version = "1", default-features = false, features = ["zlib"] }

From 6cce17ddcc6d1a70e0f56c8da43fbfda30c31eb8 Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Fri, 22 Nov 2024 12:57:31 -0800
Subject: [PATCH 31/57] backup: Use an unreleased intmap with allocation-less
 empty maps

---
 Cargo.lock                     | 3 +--
 rust/message-backup/Cargo.toml | 4 +++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index ea37f75a5..7039f3a7f 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1841,8 +1841,7 @@ dependencies = [
 [[package]]
 name = "intmap"
 version = "2.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ee87fd093563344074bacf24faa0bb0227fb6969fb223e922db798516de924d6"
+source = "git+https://github.com/JesperAxelsson/rust-intmap?rev=e7edd6e8fb452506ca2570e91f62b14dc29a950c#e7edd6e8fb452506ca2570e91f62b14dc29a950c"
 
 [[package]]
 name = "ipnet"
diff --git a/rust/message-backup/Cargo.toml b/rust/message-backup/Cargo.toml
index 516ed20a2..d20f06d54 100644
--- a/rust/message-backup/Cargo.toml
+++ b/rust/message-backup/Cargo.toml
@@ -54,7 +54,9 @@ futures = { workspace = true }
 hex = { workspace = true, features = ["serde"] }
 hkdf = { workspace = true }
 hmac = { workspace = true }
-intmap = "2.0.0"
+# The main branch of intmap supports allocation-less empty maps.
+# When there's a release for this, we can remove the pin.
+intmap = { version = "2.0.0", git = 'https://github.com/JesperAxelsson/rust-intmap', rev = "e7edd6e8fb452506ca2570e91f62b14dc29a950c" }
 itertools = { workspace = true }
 log = { workspace = true }
 macro_rules_attribute = "0.2.0"

From b52183b00062f3777038f35e3cd618153d11c565 Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Fri, 22 Nov 2024 13:45:15 -0800
Subject: [PATCH 32/57] backup: Include the timestamp of a ChatItem on error

---
 rust/message-backup/src/backup.rs             | 23 +++++++++++++++----
 rust/message-backup/src/backup/chat.rs        |  7 ++++--
 rust/message-backup/src/backup/time.rs        | 15 ++++++++----
 .../group-update-invalid-aci.jsonproto        |  1 +
 ...roup-update-invalid-aci.jsonproto.expected |  2 +-
 .../invalid/sticker-pack-id.jsonproto         |  1 +
 .../sticker-pack-id.jsonproto.expected        |  2 +-
 7 files changed, 38 insertions(+), 13 deletions(-)

diff --git a/rust/message-backup/src/backup.rs b/rust/message-backup/src/backup.rs
index a60a39241..113364cb7 100644
--- a/rust/message-backup/src/backup.rs
+++ b/rust/message-backup/src/backup.rs
@@ -469,10 +469,19 @@ impl<M: Method + ReferencedTypes> PartialBackup<M> {
 
     fn add_chat_item(&mut self, chat_item: proto::ChatItem) -> Result<(), ValidationError> {
         let chat_id = ChatId(chat_item.chatId);
+        let raw_timestamp = chat_item.dateSent;
 
         let chat_item_data = chat_item
             .try_into_with(self)
-            .map_err(|e: ChatItemError| ChatFrameError(chat_id, e.into()))?;
+            .map_err(|error: ChatItemError| {
+                ChatFrameError(
+                    chat_id,
+                    ChatError::ChatItem {
+                        raw_timestamp,
+                        error,
+                    },
+                )
+            })?;
 
         Ok(self.chats.add_chat_item(chat_id, chat_item_data)?)
     }
@@ -527,9 +536,15 @@ impl<M: Method + ReferencedTypes> ChatsData<M> {
             pinned: _,
         } = self;
 
-        let chat_data = items
-            .get_mut(&chat_id)
-            .ok_or(ChatFrameError(chat_id, ChatItemError::NoChatForItem.into()))?;
+        let chat_data = items.get_mut(&chat_id).ok_or_else(|| {
+            ChatFrameError(
+                chat_id,
+                ChatError::ChatItem {
+                    raw_timestamp: item.sent_at.as_millis(),
+                    error: ChatItemError::NoChatForItem,
+                },
+            )
+        })?;
 
         item.total_chat_item_order_index = *chat_items_count;
 
diff --git a/rust/message-backup/src/backup/chat.rs b/rust/message-backup/src/backup/chat.rs
index a7503d14f..b1579211e 100644
--- a/rust/message-backup/src/backup/chat.rs
+++ b/rust/message-backup/src/backup/chat.rs
@@ -76,8 +76,11 @@ pub enum ChatError {
     InvalidRecipient(RecipientId, DestinationKind),
     /// chat with {0:?} has an expirationTimerMs but no expireTimerVersion
     MissingExpireTimerVersion(RecipientId),
-    /// chat item: {0}
-    ChatItem(#[from] ChatItemError),
+    /// chat item {raw_timestamp}: {error}
+    ChatItem {
+        raw_timestamp: u64,
+        error: ChatItemError,
+    },
     /// {0:?} already appeared
     DuplicatePinnedOrder(PinOrder),
     /// style error: {0}
diff --git a/rust/message-backup/src/backup/time.rs b/rust/message-backup/src/backup/time.rs
index 5a2ed48bf..a45b1b60b 100644
--- a/rust/message-backup/src/backup/time.rs
+++ b/rust/message-backup/src/backup/time.rs
@@ -88,6 +88,15 @@ impl Timestamp {
     pub(super) fn into_inner(self) -> SystemTime {
         self.0
     }
+
+    pub fn as_millis(&self) -> u64 {
+        self.0
+            .duration_since(UNIX_EPOCH)
+            .expect("should not be possible to construct a Timestamp older than UNIX_EPOCH")
+            .as_millis()
+            .try_into()
+            .expect("should not be possible to construct a Timestamp that requires u128 millis since UNIX_EPOCH")
+    }
 }
 
 impl serde::Serialize for Timestamp {
@@ -95,11 +104,7 @@ impl serde::Serialize for Timestamp {
     where
         S: serde::Serializer,
     {
-        let offset = self
-            .0
-            .duration_since(UNIX_EPOCH)
-            .expect("should not be possible to construct a Timestamp older than UNIX_EPOCH");
-        serde::Serialize::serialize(&Duration(offset), serializer)
+        self.as_millis().serialize(serializer)
     }
 }
 
diff --git a/rust/message-backup/tests/res/test-cases/invalid/group-update-invalid-aci.jsonproto b/rust/message-backup/tests/res/test-cases/invalid/group-update-invalid-aci.jsonproto
index 853162352..e695c44f4 100644
--- a/rust/message-backup/tests/res/test-cases/invalid/group-update-invalid-aci.jsonproto
+++ b/rust/message-backup/tests/res/test-cases/invalid/group-update-invalid-aci.jsonproto
@@ -29,6 +29,7 @@
     "chatItem": {
       "chatId": "1",
       "authorId": "1",
+      "dateSent": 12345,
       "directionless": {},
       "updateMessage": {
         "groupChange": {
diff --git a/rust/message-backup/tests/res/test-cases/invalid/group-update-invalid-aci.jsonproto.expected b/rust/message-backup/tests/res/test-cases/invalid/group-update-invalid-aci.jsonproto.expected
index 519a70575..7a8afcfe2 100644
--- a/rust/message-backup/tests/res/test-cases/invalid/group-update-invalid-aci.jsonproto.expected
+++ b/rust/message-backup/tests/res/test-cases/invalid/group-update-invalid-aci.jsonproto.expected
@@ -1 +1 @@
-chat frame ChatId(1) error: chat item: group update: group update: SelfInvitedToGroupUpdate.inviterAci: invalid ACI
\ No newline at end of file
+chat frame ChatId(1) error: chat item 12345: group update: group update: SelfInvitedToGroupUpdate.inviterAci: invalid ACI
\ No newline at end of file
diff --git a/rust/message-backup/tests/res/test-cases/invalid/sticker-pack-id.jsonproto b/rust/message-backup/tests/res/test-cases/invalid/sticker-pack-id.jsonproto
index a7ca46944..7bad1f25d 100644
--- a/rust/message-backup/tests/res/test-cases/invalid/sticker-pack-id.jsonproto
+++ b/rust/message-backup/tests/res/test-cases/invalid/sticker-pack-id.jsonproto
@@ -21,6 +21,7 @@
       "chatId": "1",
       "authorId": "1",
       "directionless": {},
+      "dateSent": 12345,
       "stickerMessage": {
         "sticker": {
           "packId": "YXNkZgo=",
diff --git a/rust/message-backup/tests/res/test-cases/invalid/sticker-pack-id.jsonproto.expected b/rust/message-backup/tests/res/test-cases/invalid/sticker-pack-id.jsonproto.expected
index b3b97d424..02aa52ea0 100644
--- a/rust/message-backup/tests/res/test-cases/invalid/sticker-pack-id.jsonproto.expected
+++ b/rust/message-backup/tests/res/test-cases/invalid/sticker-pack-id.jsonproto.expected
@@ -1 +1 @@
-chat frame ChatId(1) error: chat item: sticker message: pack ID is invalid
\ No newline at end of file
+chat frame ChatId(1) error: chat item 12345: sticker message: pack ID is invalid
\ No newline at end of file

From ce37d4c845b8cfbd1b977be86dda8f4d7aee2d52 Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Fri, 22 Nov 2024 14:32:33 -0800
Subject: [PATCH 33/57] Bump to version v0.63.0

---
 Cargo.lock                         | 8 ++++----
 LibSignalClient.podspec            | 2 +-
 java/build.gradle                  | 2 +-
 java/code_size.json                | 3 ++-
 node/package-lock.json             | 4 ++--
 node/package.json                  | 2 +-
 rust/bridge/ffi/Cargo.toml         | 2 +-
 rust/bridge/jni/Cargo.toml         | 2 +-
 rust/bridge/jni/testing/Cargo.toml | 2 +-
 rust/bridge/node/Cargo.toml        | 2 +-
 rust/core/src/version.rs           | 2 +-
 11 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 7039f3a7f..d5737c2c6 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2191,7 +2191,7 @@ dependencies = [
 
 [[package]]
 name = "libsignal-ffi"
-version = "0.62.0"
+version = "0.63.0"
 dependencies = [
  "cpufeatures",
  "futures-util",
@@ -2206,7 +2206,7 @@ dependencies = [
 
 [[package]]
 name = "libsignal-jni"
-version = "0.62.0"
+version = "0.63.0"
 dependencies = [
  "cfg-if",
  "cpufeatures",
@@ -2223,7 +2223,7 @@ dependencies = [
 
 [[package]]
 name = "libsignal-jni-testing"
-version = "0.62.0"
+version = "0.63.0"
 dependencies = [
  "jni 0.21.1",
  "libsignal-bridge-testing",
@@ -2440,7 +2440,7 @@ dependencies = [
 
 [[package]]
 name = "libsignal-node"
-version = "0.62.0"
+version = "0.63.0"
 dependencies = [
  "cmake",
  "futures",
diff --git a/LibSignalClient.podspec b/LibSignalClient.podspec
index 154d9a1ad..d7d2de345 100644
--- a/LibSignalClient.podspec
+++ b/LibSignalClient.podspec
@@ -5,7 +5,7 @@
 
 Pod::Spec.new do |s|
   s.name             = 'LibSignalClient'
-  s.version          = '0.62.0'
+  s.version          = '0.63.0'
   s.summary          = 'A Swift wrapper library for communicating with the Signal messaging service.'
 
   s.homepage         = 'https://github.com/signalapp/libsignal'
diff --git a/java/build.gradle b/java/build.gradle
index e92e89372..cda1e5e5d 100644
--- a/java/build.gradle
+++ b/java/build.gradle
@@ -6,7 +6,7 @@ plugins {
 }
 
 allprojects {
-    version = "0.62.0"
+    version = "0.63.0"
     group   = "org.signal"
 }
 
diff --git a/java/code_size.json b/java/code_size.json
index 4c65df8a5..27b2b0979 100644
--- a/java/code_size.json
+++ b/java/code_size.json
@@ -116,5 +116,6 @@
     { "version": "v0.60.1", "size": 4762664 },
     { "version": "v0.60.2", "size": 4765608 },
     { "version": "v0.61.0", "size": 4768848 },
-    { "version": "v0.62.0", "size": 4937504 }
+    { "version": "v0.62.0", "size": 4937504 },
+    { "version": "v0.63.0", "size": 4949424 }
 ]
diff --git a/node/package-lock.json b/node/package-lock.json
index a8e718933..aaa495f1f 100644
--- a/node/package-lock.json
+++ b/node/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@signalapp/libsignal-client",
-  "version": "0.62.0",
+  "version": "0.63.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@signalapp/libsignal-client",
-      "version": "0.62.0",
+      "version": "0.63.0",
       "hasInstallScript": true,
       "license": "AGPL-3.0-only",
       "dependencies": {
diff --git a/node/package.json b/node/package.json
index 2efdfc59d..0654b7290 100644
--- a/node/package.json
+++ b/node/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@signalapp/libsignal-client",
-  "version": "0.62.0",
+  "version": "0.63.0",
   "license": "AGPL-3.0-only",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
diff --git a/rust/bridge/ffi/Cargo.toml b/rust/bridge/ffi/Cargo.toml
index e705f9435..48a73680e 100644
--- a/rust/bridge/ffi/Cargo.toml
+++ b/rust/bridge/ffi/Cargo.toml
@@ -5,7 +5,7 @@
 
 [package]
 name = "libsignal-ffi"
-version = "0.62.0"
+version = "0.63.0"
 authors = ["Signal Messenger LLC"]
 edition = "2021"
 license = "AGPL-3.0-only"
diff --git a/rust/bridge/jni/Cargo.toml b/rust/bridge/jni/Cargo.toml
index 68966c89c..9f5f77e34 100644
--- a/rust/bridge/jni/Cargo.toml
+++ b/rust/bridge/jni/Cargo.toml
@@ -5,7 +5,7 @@
 
 [package]
 name = "libsignal-jni"
-version = "0.62.0"
+version = "0.63.0"
 authors = ["Signal Messenger LLC"]
 edition = "2021"
 license = "AGPL-3.0-only"
diff --git a/rust/bridge/jni/testing/Cargo.toml b/rust/bridge/jni/testing/Cargo.toml
index 811175b89..7800bfe9a 100644
--- a/rust/bridge/jni/testing/Cargo.toml
+++ b/rust/bridge/jni/testing/Cargo.toml
@@ -5,7 +5,7 @@
 
 [package]
 name = "libsignal-jni-testing"
-version = "0.62.0"
+version = "0.63.0"
 authors = ["Signal Messenger LLC"]
 edition = "2021"
 license = "AGPL-3.0-only"
diff --git a/rust/bridge/node/Cargo.toml b/rust/bridge/node/Cargo.toml
index 2efa17046..469005a62 100644
--- a/rust/bridge/node/Cargo.toml
+++ b/rust/bridge/node/Cargo.toml
@@ -5,7 +5,7 @@
 
 [package]
 name = "libsignal-node"
-version = "0.62.0"
+version = "0.63.0"
 authors = ["Signal Messenger LLC"]
 license = "AGPL-3.0-only"
 edition = "2021"
diff --git a/rust/core/src/version.rs b/rust/core/src/version.rs
index d9ac1f504..197c0ad83 100644
--- a/rust/core/src/version.rs
+++ b/rust/core/src/version.rs
@@ -5,4 +5,4 @@
 
 // The value of this constant is updated by the script
 // and should not be manually modified
-pub const VERSION: &str = "0.62.0";
+pub const VERSION: &str = "0.63.0";

From 7f4801ed3966176c6a4942464c4422ff7ae92e9f Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Fri, 22 Nov 2024 15:53:07 -0800
Subject: [PATCH 34/57] backup: Avoid having to move parsed protobuf out of
 Result::Ok

---
 rust/message-backup/src/lib.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/rust/message-backup/src/lib.rs b/rust/message-backup/src/lib.rs
index f41f78cbb..0d97cad0c 100644
--- a/rust/message-backup/src/lib.rs
+++ b/rust/message-backup/src/lib.rs
@@ -337,7 +337,10 @@ impl<M: backup::method::Method + backup::ReferencedTypes> backup::PartialBackup<
         raw_frame: &[u8],
         mut visitor: impl FnMut(&dyn std::fmt::Debug) + Send,
     ) -> Result<Vec<(Vec<PathPart>, UnknownValue)>, crate::Error> {
-        let frame_proto = proto::backup::Frame::parse_from_bytes(raw_frame)?;
+        // Using `merge_from_bytes` instead of `parse_from_bytes` avoids having to unpack the Ok
+        // case of the Result. (This is guaranteed equivalent by protobuf.)
+        let mut frame_proto = proto::backup::Frame::new();
+        frame_proto.merge_from_bytes(raw_frame)?;
         visitor(&frame_proto);
         let unknown_fields = frame_proto.collect_unknown_fields();
         self.add_frame(frame_proto)?;

From 4299564b0d161ef425ebad5654c81a4d08f6e5c5 Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Fri, 22 Nov 2024 18:27:35 -0800
Subject: [PATCH 35/57] backup: Add a likely_empty hint for collections

---
 rust/message-backup/src/backup.rs             | 15 +++++++++++
 rust/message-backup/src/backup/chat.rs        | 12 +++++----
 rust/message-backup/src/backup/chat/quote.rs  | 10 +++----
 .../src/backup/chat/standard_message.rs       | 18 ++++++-------
 rust/message-backup/src/backup/chat/text.rs   | 10 +++----
 .../src/backup/recipient/group.rs             | 26 +++++++++----------
 6 files changed, 54 insertions(+), 37 deletions(-)

diff --git a/rust/message-backup/src/backup.rs b/rust/message-backup/src/backup.rs
index 113364cb7..11767d18b 100644
--- a/rust/message-backup/src/backup.rs
+++ b/rust/message-backup/src/backup.rs
@@ -696,6 +696,21 @@ fn uuid_bytes_to_aci(bytes: Vec<u8>) -> Result<Aci, InvalidAci> {
         .map_err(|_| InvalidAci)
 }
 
+/// Hint for processing a collection that's usually empty.
+///
+/// This saves a small amount of time by not setting up an iteration loop in `collect` only to throw
+/// it away.
+fn likely_empty<I, T: Default, E>(
+    input: Vec<I>,
+    process: impl FnOnce(std::vec::IntoIter<I>) -> Result<T, E>,
+) -> Result<T, E> {
+    if input.is_empty() {
+        Ok(T::default())
+    } else {
+        process(input.into_iter())
+    }
+}
+
 #[cfg(test)]
 mod test {
     use std::collections::HashMap;
diff --git a/rust/message-backup/src/backup/chat.rs b/rust/message-backup/src/backup/chat.rs
index b1579211e..a2be00d35 100644
--- a/rust/message-backup/src/backup/chat.rs
+++ b/rust/message-backup/src/backup/chat.rs
@@ -21,7 +21,9 @@ use crate::backup::recipient::DestinationKind;
 use crate::backup::serialize::{SerializeOrder, UnorderedList};
 use crate::backup::sticker::MessageStickerError;
 use crate::backup::time::{Duration, ReportUnusualTimestamp, Timestamp, TimestampOrForever};
-use crate::backup::{BackupMeta, CallError, ReferencedTypes, TryFromWith, TryIntoWith as _};
+use crate::backup::{
+    likely_empty, BackupMeta, CallError, ReferencedTypes, TryFromWith, TryIntoWith as _,
+};
 use crate::proto::backup as proto;
 
 mod contact_message;
@@ -469,9 +471,8 @@ impl<
             (_, _) => Ok(()),
         }?;
 
-        let revisions: Vec<_> = revisions
-            .into_iter()
-            .map(|rev| {
+        let revisions: Vec<_> = likely_empty(revisions, |iter| {
+            iter.map(|rev| {
                 // We have to test this on the raw IDs because RecipientReference isn't necessarily
                 // comparable.
                 if author_id.0 != rev.authorId {
@@ -520,7 +521,8 @@ impl<
                 }
                 Ok(item)
             })
-            .collect::<Result<_, _>>()?;
+            .collect::<Result<_, _>>()
+        })?;
 
         let sent_at = Timestamp::from_millis(dateSent, "ChatItem.dateSent", context);
         let expire_start = expireStartDate
diff --git a/rust/message-backup/src/backup/chat/quote.rs b/rust/message-backup/src/backup/chat/quote.rs
index 852ab89b7..96201d5fb 100644
--- a/rust/message-backup/src/backup/chat/quote.rs
+++ b/rust/message-backup/src/backup/chat/quote.rs
@@ -9,7 +9,7 @@ use crate::backup::frame::RecipientId;
 use crate::backup::method::LookupPair;
 use crate::backup::recipient::DestinationKind;
 use crate::backup::time::{ReportUnusualTimestamp, Timestamp};
-use crate::backup::TryFromWith;
+use crate::backup::{likely_empty, TryFromWith};
 use crate::proto::backup as proto;
 
 /// Validated version of [`proto::Quote`]
@@ -105,10 +105,10 @@ impl<R: Clone, C: LookupPair<RecipientId, DestinationKind, R> + ReportUnusualTim
 
         let text = text.into_option().map(|text| text.try_into()).transpose()?;
 
-        let attachments = attachments
-            .into_iter()
-            .map(|attachment| QuotedAttachment::try_from_with(attachment, context))
-            .collect::<Result<_, _>>()?;
+        let attachments = likely_empty(attachments, |iter| {
+            iter.map(|attachment| QuotedAttachment::try_from_with(attachment, context))
+                .collect::<Result<_, _>>()
+        })?;
 
         Ok(Self {
             author,
diff --git a/rust/message-backup/src/backup/chat/standard_message.rs b/rust/message-backup/src/backup/chat/standard_message.rs
index b9293cb55..712fd9351 100644
--- a/rust/message-backup/src/backup/chat/standard_message.rs
+++ b/rust/message-backup/src/backup/chat/standard_message.rs
@@ -15,7 +15,7 @@ use crate::backup::method::LookupPair;
 use crate::backup::recipient::DestinationKind;
 use crate::backup::serialize::SerializeOrder;
 use crate::backup::time::ReportUnusualTimestamp;
-use crate::backup::{TryFromWith, TryIntoWith as _};
+use crate::backup::{likely_empty, TryFromWith, TryIntoWith as _};
 use crate::proto::backup as proto;
 
 /// Validated version of [`proto::StandardMessage`].
@@ -69,10 +69,10 @@ impl<R: Clone, C: LookupPair<RecipientId, DestinationKind, R> + ReportUnusualTim
             Some(text) => Some(text.try_into()?),
         };
 
-        let link_previews = linkPreview
-            .into_iter()
-            .map(|preview| LinkPreview::try_from_with(preview, context))
-            .collect::<Result<_, _>>()?;
+        let link_previews = likely_empty(linkPreview, |iter| {
+            iter.map(|preview| LinkPreview::try_from_with(preview, context))
+                .collect::<Result<_, _>>()
+        })?;
 
         let long_text = longText
             .into_option()
@@ -80,10 +80,10 @@ impl<R: Clone, C: LookupPair<RecipientId, DestinationKind, R> + ReportUnusualTim
             .transpose()
             .map_err(ChatItemError::LongText)?;
 
-        let attachments = attachments
-            .into_iter()
-            .map(|attachment| MessageAttachment::try_from_with(attachment, context))
-            .collect::<Result<_, _>>()?;
+        let attachments = likely_empty(attachments, |iter| {
+            iter.map(|attachment| MessageAttachment::try_from_with(attachment, context))
+                .collect::<Result<_, _>>()
+        })?;
 
         Ok(Self {
             text,
diff --git a/rust/message-backup/src/backup/chat/text.rs b/rust/message-backup/src/backup/chat/text.rs
index 95c60d744..70a2f653d 100644
--- a/rust/message-backup/src/backup/chat/text.rs
+++ b/rust/message-backup/src/backup/chat/text.rs
@@ -6,7 +6,7 @@
 use libsignal_core::Aci;
 
 use crate::backup::serialize::{self, UnorderedList};
-use crate::backup::uuid_bytes_to_aci;
+use crate::backup::{likely_empty, uuid_bytes_to_aci};
 use crate::proto::backup as proto;
 
 /// Validated version of [`proto::Text`].
@@ -51,9 +51,8 @@ impl TryFrom<proto::Text> for MessageText {
             special_fields: _,
         } = value;
 
-        let ranges = bodyRanges
-            .into_iter()
-            .map(|range| {
+        let ranges = likely_empty(bodyRanges, |iter| {
+            iter.map(|range| {
                 let proto::BodyRange {
                     start,
                     length,
@@ -77,7 +76,8 @@ impl TryFrom<proto::Text> for MessageText {
                     effect,
                 })
             })
-            .collect::<Result<_, _>>()?;
+            .collect::<Result<_, _>>()
+        })?;
         Ok(Self { text: body, ranges })
     }
 }
diff --git a/rust/message-backup/src/backup/recipient/group.rs b/rust/message-backup/src/backup/recipient/group.rs
index 171d3bb33..e9b5e593c 100644
--- a/rust/message-backup/src/backup/recipient/group.rs
+++ b/rust/message-backup/src/backup/recipient/group.rs
@@ -14,7 +14,7 @@ use zkgroup::GroupMasterKeyBytes;
 
 use crate::backup::serialize::{self, UnorderedList};
 use crate::backup::time::{Duration, ReportUnusualTimestamp};
-use crate::backup::{TryFromWith, TryIntoWith};
+use crate::backup::{likely_empty, TryFromWith, TryIntoWith};
 use crate::proto::backup as proto;
 
 mod members;
@@ -243,20 +243,20 @@ impl<C: ReportUnusualTimestamp> TryFromWith<proto::group::GroupSnapshot, C> for
             .map(GroupMember::try_from)
             .try_collect()?;
 
-        let members_pending_profile_key = membersPendingProfileKey
-            .into_iter()
-            .map(|m| GroupMemberPendingProfileKey::try_from_with(m, context))
-            .try_collect()?;
+        let members_pending_profile_key = likely_empty(membersPendingProfileKey, |iter| {
+            iter.map(|m| GroupMemberPendingProfileKey::try_from_with(m, context))
+                .try_collect()
+        })?;
 
-        let members_pending_admin_approval = membersPendingAdminApproval
-            .into_iter()
-            .map(|m| GroupMemberPendingAdminApproval::try_from_with(m, context))
-            .try_collect()?;
+        let members_pending_admin_approval = likely_empty(membersPendingAdminApproval, |iter| {
+            iter.map(|m| GroupMemberPendingAdminApproval::try_from_with(m, context))
+                .try_collect()
+        })?;
 
-        let members_banned = members_banned
-            .into_iter()
-            .map(|m| GroupMemberBanned::try_from_with(m, context))
-            .try_collect()?;
+        let members_banned = likely_empty(members_banned, |iter| {
+            iter.map(|m| GroupMemberBanned::try_from_with(m, context))
+                .try_collect()
+        })?;
 
         Ok(Self {
             title,

From d372bcf1ae2b905c9f23989e65d7bf4949569c35 Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Mon, 25 Nov 2024 12:53:40 -0800
Subject: [PATCH 36/57] backup: Allow running benchmarks on an arbitrary backup
 file as input

Use
- LIBSIGNAL_TESTING_BACKUP_FILE=path/to/backup
- LIBSIGNAL_TESTING_BACKUP_FILE_HMAC_KEY=11aa22bb
- LIBSIGNAL_TESTING_BACKUP_FILE_AES_KEY=aa11bb22
---
 rust/message-backup/benches/generation/mod.rs |  15 +-
 rust/message-backup/benches/validation.rs     | 131 ++++++++++--------
 2 files changed, 75 insertions(+), 71 deletions(-)

diff --git a/rust/message-backup/benches/generation/mod.rs b/rust/message-backup/benches/generation/mod.rs
index e46b5c152..c13e54161 100644
--- a/rust/message-backup/benches/generation/mod.rs
+++ b/rust/message-backup/benches/generation/mod.rs
@@ -3,11 +3,9 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 
-use std::str::FromStr as _;
 use std::time::SystemTime;
 
 use futures::{StreamExt as _, TryStreamExt as _};
-use libsignal_account_keys::{AccountEntropyPool, BackupKey};
 use libsignal_message_backup::export::{
     aes_cbc_encrypt, gzip_compress, hmac_checksum, pad_gzipped_bucketed,
 };
@@ -17,18 +15,15 @@ use protobuf::Message as _;
 use rand::rngs::OsRng;
 use rand::RngCore as _;
 
-use super::{DEFAULT_ACCOUNT_ENTROPY, DEFAULT_ACI};
-
 /// Generates a compressed, encrypted, MAC'd backup with the given settings.
 ///
 /// The backup is not very realistic, just `number_of_conversations` 1:1 conversations and
 /// `number_of_messages` total messages in those conversations.
-pub fn generate_backup(number_of_conversations: usize, number_of_messages: usize) -> Vec<u8> {
-    let account_entropy = AccountEntropyPool::from_str(DEFAULT_ACCOUNT_ENTROPY).expect("valid");
-    let backup_key = BackupKey::derive_from_account_entropy_pool(&account_entropy);
-    let backup_id = backup_key.derive_backup_id(&DEFAULT_ACI);
-    let message_backup_key = MessageBackupKey::derive(&backup_key, &backup_id);
-
+pub fn generate_backup(
+    number_of_conversations: usize,
+    number_of_messages: usize,
+    message_backup_key: &MessageBackupKey,
+) -> Vec<u8> {
     let iv = {
         let mut iv = [0; 16];
         OsRng.fill_bytes(&mut iv);
diff --git a/rust/message-backup/benches/validation.rs b/rust/message-backup/benches/validation.rs
index 13728fd28..71e8a55b3 100644
--- a/rust/message-backup/benches/validation.rs
+++ b/rust/message-backup/benches/validation.rs
@@ -3,6 +3,12 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 
+//! Benchmarks for the various steps of validating a backup.
+//!
+//! By default, the benchmarks are run on synthetic input (see the `generation` module), but most
+//! (but not all) of them can be run on an externally-provided backup file as well. See the
+//! `LIBSIGNAL_TESTING`-prefixed environment variables below.
+
 use criterion::{black_box, criterion_group, criterion_main, BenchmarkId, Criterion};
 use futures::io::{BufReader, Cursor};
 use futures::AsyncRead;
@@ -23,6 +29,10 @@ use sha2::Digest as _;
 mod generation;
 use generation::*;
 
+const CUSTOM_BACKUP_FILE_ENV_VAR: &str = "LIBSIGNAL_TESTING_BACKUP_FILE";
+const CUSTOM_BACKUP_FILE_HMAC_KEY_ENV_VAR: &str = "LIBSIGNAL_TESTING_BACKUP_FILE_HMAC_KEY";
+const CUSTOM_BACKUP_FILE_AES_KEY_ENV_VAR: &str = "LIBSIGNAL_TESTING_BACKUP_FILE_AES_KEY";
+
 const DEFAULT_ACI: Aci = Aci::from_uuid_bytes([0x11; 16]);
 const DEFAULT_ACCOUNT_ENTROPY: &str =
     "mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm";
@@ -88,19 +98,40 @@ fn cursor_without_appended_hash(backup: &[u8]) -> Cursor<&'_ [u8]> {
     Cursor::new(&backup[..backup.len() - sha2::Sha256::output_size()])
 }
 
-fn benchmark_multiple_backup_sizes(mut body: impl FnMut(usize, &[u8])) {
-    for size in [30, 100, 300] {
-        let backup = generate_backup(size, MESSAGES_PER_CONVERSATION * size);
-        body(size, &backup);
+fn benchmark_multiple_backup_sizes(mut body: impl FnMut(usize, &[u8], &MessageBackupKey)) {
+    if let Some(backup_file) = std::env::var_os(CUSTOM_BACKUP_FILE_ENV_VAR) {
+        let mut message_backup_key = MessageBackupKey {
+            hmac_key: [0; 32],
+            aes_key: [0; AES_KEY_SIZE],
+        };
+        hex::decode_to_slice(
+            std::env::var(CUSTOM_BACKUP_FILE_HMAC_KEY_ENV_VAR).expect("HMAC key provided"),
+            &mut message_backup_key.hmac_key,
+        )
+        .expect("valid HMAC key");
+        hex::decode_to_slice(
+            std::env::var(CUSTOM_BACKUP_FILE_AES_KEY_ENV_VAR).expect("AES key provided"),
+            &mut message_backup_key.aes_key,
+        )
+        .expect("valid AES key");
+
+        let contents = std::fs::read(backup_file).expect("can read backup file");
+        body(0, &contents, &message_backup_key);
+        return;
     }
-}
 
-fn hmac_only(c: &mut Criterion) {
     let backup_key =
         BackupKey::derive_from_account_entropy_pool(&DEFAULT_ACCOUNT_ENTROPY.parse().unwrap());
     let message_backup_key =
         MessageBackupKey::derive(&backup_key, &backup_key.derive_backup_id(&DEFAULT_ACI));
 
+    for size in [30, 100, 300] {
+        let backup = generate_backup(size, MESSAGES_PER_CONVERSATION * size, &message_backup_key);
+        body(size, &backup, &message_backup_key);
+    }
+}
+
+fn hmac_only(c: &mut Criterion) {
     fn process<R: AsyncRead + Unpin>(input: R, hmac_key: &[u8]) {
         let reader = MacReader::new_sha256(input, hmac_key);
         futures::executor::block_on(futures::io::copy(reader, &mut futures::io::sink()))
@@ -108,7 +139,7 @@ fn hmac_only(c: &mut Criterion) {
     }
 
     let mut group = c.benchmark_group("MacReader");
-    benchmark_multiple_backup_sizes(|size, backup| {
+    benchmark_multiple_backup_sizes(|size, backup, message_backup_key| {
         group.bench_function(BenchmarkId::new("direct", size), |b| {
             b.iter(|| {
                 process(
@@ -130,11 +161,6 @@ fn hmac_only(c: &mut Criterion) {
 }
 
 fn decrypt_only(c: &mut Criterion) {
-    let backup_key =
-        BackupKey::derive_from_account_entropy_pool(&DEFAULT_ACCOUNT_ENTROPY.parse().unwrap());
-    let message_backup_key =
-        MessageBackupKey::derive(&backup_key, &backup_key.derive_backup_id(&DEFAULT_ACI));
-
     fn process<R: AsyncRead + Unpin>(
         input: R,
         aes_key: &[u8; AES_KEY_SIZE],
@@ -146,7 +172,7 @@ fn decrypt_only(c: &mut Criterion) {
     }
 
     let mut group = c.benchmark_group("Aes256CbcReader");
-    benchmark_multiple_backup_sizes(|size, backup| {
+    benchmark_multiple_backup_sizes(|size, backup, message_backup_key| {
         let iv = backup[..AES_IV_SIZE].try_into().unwrap();
 
         group.bench_function(BenchmarkId::new("direct", size), |b| {
@@ -171,11 +197,6 @@ fn decrypt_only(c: &mut Criterion) {
 }
 
 fn decrypt_and_decompress_and_hmac(c: &mut Criterion) {
-    let backup_key =
-        BackupKey::derive_from_account_entropy_pool(&DEFAULT_ACCOUNT_ENTROPY.parse().unwrap());
-    let message_backup_key =
-        MessageBackupKey::derive(&backup_key, &backup_key.derive_backup_id(&DEFAULT_ACI));
-
     fn process<R: ReaderFactory>(input: R, key: &MessageBackupKey)
     where
         R::Reader: Unpin,
@@ -189,15 +210,15 @@ fn decrypt_and_decompress_and_hmac(c: &mut Criterion) {
     }
 
     let mut group = c.benchmark_group("FramesReader");
-    benchmark_multiple_backup_sizes(|size, backup| {
+    benchmark_multiple_backup_sizes(|size, backup, message_backup_key| {
         group.bench_function(BenchmarkId::new("direct", size), |b| {
-            b.iter(|| process(CursorFactory::new(backup), &message_backup_key))
+            b.iter(|| process(CursorFactory::new(backup), message_backup_key))
         });
         group.bench_function(BenchmarkId::new("YieldingReader", size), |b| {
             b.iter(|| {
                 process(
                     YieldingReader(CursorFactory::new(&backup)),
-                    &message_backup_key,
+                    message_backup_key,
                 )
             })
         });
@@ -205,11 +226,6 @@ fn decrypt_and_decompress_and_hmac(c: &mut Criterion) {
 }
 
 fn decrypt_and_decompress_and_hmac_and_segment(c: &mut Criterion) {
-    let backup_key =
-        BackupKey::derive_from_account_entropy_pool(&DEFAULT_ACCOUNT_ENTROPY.parse().unwrap());
-    let message_backup_key =
-        MessageBackupKey::derive(&backup_key, &backup_key.derive_backup_id(&DEFAULT_ACI));
-
     fn process<R: ReaderFactory, R2: AsyncRead + Unpin>(
         input: R,
         key: &MessageBackupKey,
@@ -227,15 +243,15 @@ fn decrypt_and_decompress_and_hmac_and_segment(c: &mut Criterion) {
     }
 
     let mut group = c.benchmark_group("FramesReader + VarintDelimitedReader");
-    benchmark_multiple_backup_sizes(|size, backup| {
+    benchmark_multiple_backup_sizes(|size, backup, message_backup_key| {
         group.bench_function(BenchmarkId::new("direct", size), |b| {
-            b.iter(|| process(CursorFactory::new(backup), &message_backup_key, |r| r))
+            b.iter(|| process(CursorFactory::new(backup), message_backup_key, |r| r))
         });
         group.bench_function(BenchmarkId::new("direct + BufReader", size), |b| {
             b.iter(|| {
                 process(
                     CursorFactory::new(backup),
-                    &message_backup_key,
+                    message_backup_key,
                     BufReader::new,
                 )
             })
@@ -244,7 +260,7 @@ fn decrypt_and_decompress_and_hmac_and_segment(c: &mut Criterion) {
             b.iter(|| {
                 process(
                     YieldingReader(CursorFactory::new(backup)),
-                    &message_backup_key,
+                    message_backup_key,
                     |r| r,
                 )
             })
@@ -253,7 +269,7 @@ fn decrypt_and_decompress_and_hmac_and_segment(c: &mut Criterion) {
             b.iter(|| {
                 process(
                     YieldingReader(CursorFactory::new(backup)),
-                    &message_backup_key,
+                    message_backup_key,
                     BufReader::new,
                 )
             })
@@ -262,11 +278,6 @@ fn decrypt_and_decompress_and_hmac_and_segment(c: &mut Criterion) {
 }
 
 fn decrypt_and_decompress_and_hmac_and_segment_and_parse(c: &mut Criterion) {
-    let backup_key =
-        BackupKey::derive_from_account_entropy_pool(&DEFAULT_ACCOUNT_ENTROPY.parse().unwrap());
-    let message_backup_key =
-        MessageBackupKey::derive(&backup_key, &backup_key.derive_backup_id(&DEFAULT_ACI));
-
     fn process<R: ReaderFactory, R2: AsyncRead + Unpin>(
         input: R,
         key: &MessageBackupKey,
@@ -293,15 +304,15 @@ fn decrypt_and_decompress_and_hmac_and_segment_and_parse(c: &mut Criterion) {
     }
 
     let mut group = c.benchmark_group("FramesReader + VarintDelimitedReader + Frame::parse");
-    benchmark_multiple_backup_sizes(|size, backup| {
+    benchmark_multiple_backup_sizes(|size, backup, message_backup_key| {
         group.bench_function(BenchmarkId::new("direct", size), |b| {
-            b.iter(|| process(CursorFactory::new(backup), &message_backup_key, |r| r))
+            b.iter(|| process(CursorFactory::new(backup), message_backup_key, |r| r))
         });
         group.bench_function(BenchmarkId::new("direct + BufReader", size), |b| {
             b.iter(|| {
                 process(
                     CursorFactory::new(backup),
-                    &message_backup_key,
+                    message_backup_key,
                     BufReader::new,
                 )
             })
@@ -310,7 +321,7 @@ fn decrypt_and_decompress_and_hmac_and_segment_and_parse(c: &mut Criterion) {
             b.iter(|| {
                 process(
                     YieldingReader(CursorFactory::new(backup)),
-                    &message_backup_key,
+                    message_backup_key,
                     |r| r,
                 )
             })
@@ -319,7 +330,7 @@ fn decrypt_and_decompress_and_hmac_and_segment_and_parse(c: &mut Criterion) {
             b.iter(|| {
                 process(
                     YieldingReader(CursorFactory::new(backup)),
-                    &message_backup_key,
+                    message_backup_key,
                     BufReader::new,
                 )
             })
@@ -328,11 +339,6 @@ fn decrypt_and_decompress_and_hmac_and_segment_and_parse(c: &mut Criterion) {
 }
 
 fn decrypt_and_decompress_and_hmac_and_segment_and_parse_and_validate(c: &mut Criterion) {
-    let backup_key =
-        BackupKey::derive_from_account_entropy_pool(&DEFAULT_ACCOUNT_ENTROPY.parse().unwrap());
-    let message_backup_key =
-        MessageBackupKey::derive(&backup_key, &backup_key.derive_backup_id(&DEFAULT_ACI));
-
     fn process<R: ReaderFactory, R2: AsyncRead + Unpin>(
         input: R,
         key: &MessageBackupKey,
@@ -362,15 +368,15 @@ fn decrypt_and_decompress_and_hmac_and_segment_and_parse_and_validate(c: &mut Cr
     }
 
     let mut group = c.benchmark_group("FramesReader + VarintDelimitedReader + PartialBackup");
-    benchmark_multiple_backup_sizes(|size, backup| {
+    benchmark_multiple_backup_sizes(|size, backup, message_backup_key| {
         group.bench_function(BenchmarkId::new("direct", size), |b| {
-            b.iter(|| process(CursorFactory::new(backup), &message_backup_key, |r| r))
+            b.iter(|| process(CursorFactory::new(backup), message_backup_key, |r| r))
         });
         group.bench_function(BenchmarkId::new("direct + BufReader", size), |b| {
             b.iter(|| {
                 process(
                     CursorFactory::new(backup),
-                    &message_backup_key,
+                    message_backup_key,
                     BufReader::new,
                 )
             })
@@ -379,7 +385,7 @@ fn decrypt_and_decompress_and_hmac_and_segment_and_parse_and_validate(c: &mut Cr
             b.iter(|| {
                 process(
                     YieldingReader(CursorFactory::new(backup)),
-                    &message_backup_key,
+                    message_backup_key,
                     |r| r,
                 )
             })
@@ -388,7 +394,7 @@ fn decrypt_and_decompress_and_hmac_and_segment_and_parse_and_validate(c: &mut Cr
             b.iter(|| {
                 process(
                     YieldingReader(CursorFactory::new(backup)),
-                    &message_backup_key,
+                    message_backup_key,
                     BufReader::new,
                 )
             })
@@ -397,11 +403,6 @@ fn decrypt_and_decompress_and_hmac_and_segment_and_parse_and_validate(c: &mut Cr
 }
 
 fn validate_using_full_backup_reader(c: &mut Criterion) {
-    let backup_key =
-        BackupKey::derive_from_account_entropy_pool(&DEFAULT_ACCOUNT_ENTROPY.parse().unwrap());
-    let message_backup_key =
-        MessageBackupKey::derive(&backup_key, &backup_key.derive_backup_id(&DEFAULT_ACI));
-
     fn process<R: ReaderFactory>(input: R, key: &MessageBackupKey)
     where
         R::Reader: Unpin,
@@ -422,15 +423,15 @@ fn validate_using_full_backup_reader(c: &mut Criterion) {
     }
 
     let mut group = c.benchmark_group("BackupReader");
-    benchmark_multiple_backup_sizes(|size, backup| {
+    benchmark_multiple_backup_sizes(|size, backup, message_backup_key| {
         group.bench_function(BenchmarkId::new("direct", size), |b| {
-            b.iter(|| process(CursorFactory::new(backup), &message_backup_key))
+            b.iter(|| process(CursorFactory::new(backup), message_backup_key))
         });
         group.bench_function(BenchmarkId::new("YieldingReader", size), |b| {
             b.iter(|| {
                 process(
                     YieldingReader(CursorFactory::new(backup)),
-                    &message_backup_key,
+                    message_backup_key,
                 )
             })
         });
@@ -439,7 +440,11 @@ fn validate_using_full_backup_reader(c: &mut Criterion) {
 
 fn parse_only(c: &mut Criterion) {
     let mut group = c.benchmark_group("Frame::parse");
-    benchmark_multiple_backup_sizes(|size, _backup| {
+    benchmark_multiple_backup_sizes(|size, _backup, _key| {
+        if size == 0 {
+            return;
+        }
+
         let frames: Vec<Vec<u8>> = generate_frames(size, MESSAGES_PER_CONVERSATION * size)
             .map(|frame| frame.write_to_bytes().unwrap())
             .collect();
@@ -459,7 +464,11 @@ fn parse_only(c: &mut Criterion) {
 
 fn parse_and_validate(c: &mut Criterion) {
     let mut group = c.benchmark_group("PartialBackup");
-    benchmark_multiple_backup_sizes(|size, _backup| {
+    benchmark_multiple_backup_sizes(|size, _backup, _key| {
+        if size == 0 {
+            return;
+        }
+
         let backup_info = generate_backup_info().write_to_bytes().unwrap();
         let frames: Vec<Vec<u8>> = generate_frames(size, MESSAGES_PER_CONVERSATION * size)
             .map(|frame| frame.write_to_bytes().unwrap())

From e42af4d3da79c0e097c49ffbd252d99ec95c3e70 Mon Sep 17 00:00:00 2001
From: Alex Konradi <akonradi@signal.org>
Date: Mon, 25 Nov 2024 16:21:17 -0500
Subject: [PATCH 37/57] Split bridged chat connect function

---
 node/Native.d.ts                         |   6 +-
 node/ts/net.ts                           |  21 +-
 rust/bridge/shared/src/net/chat.rs       |  21 +-
 rust/bridge/shared/types/src/net/chat.rs | 145 +++++++---
 rust/net/src/chat.rs                     |  65 ++++-
 rust/net/src/chat/ws2.rs                 | 346 +++++++----------------
 6 files changed, 307 insertions(+), 297 deletions(-)

diff --git a/node/Native.d.ts b/node/Native.d.ts
index f1c9a89c2..c7d851e10 100644
--- a/node/Native.d.ts
+++ b/node/Native.d.ts
@@ -160,9 +160,10 @@ export function AuthCredentialPresentation_GetRedemptionTime(presentationBytes:
 export function AuthCredentialPresentation_GetUuidCiphertext(presentationBytes: Buffer): Serialized<UuidCiphertext>;
 export function AuthCredentialWithPniResponse_CheckValidContents(bytes: Buffer): void;
 export function AuthCredentialWithPni_CheckValidContents(bytes: Buffer): void;
-export function AuthenticatedChatConnection_connect(asyncRuntime: Wrapper<TokioAsyncContext>, connectionManager: Wrapper<ConnectionManager>, username: string, password: string, receiveStories: boolean, listener: ChatListener | null): CancellablePromise<AuthenticatedChatConnection>;
+export function AuthenticatedChatConnection_connect(asyncRuntime: Wrapper<TokioAsyncContext>, connectionManager: Wrapper<ConnectionManager>, username: string, password: string, receiveStories: boolean): CancellablePromise<AuthenticatedChatConnection>;
 export function AuthenticatedChatConnection_disconnect(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<AuthenticatedChatConnection>): CancellablePromise<void>;
 export function AuthenticatedChatConnection_info(chat: Wrapper<AuthenticatedChatConnection>): ConnectionInfo;
+export function AuthenticatedChatConnection_init_listener(chat: Wrapper<AuthenticatedChatConnection>, listener: ChatListener): void;
 export function AuthenticatedChatConnection_send(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<AuthenticatedChatConnection>, httpRequest: Wrapper<HttpRequest>, timeoutMillis: number): CancellablePromise<ChatResponse>;
 export function BackupAuthCredentialPresentation_CheckValidContents(presentationBytes: Buffer): void;
 export function BackupAuthCredentialPresentation_GetBackupId(presentationBytes: Buffer): Buffer;
@@ -569,9 +570,10 @@ export function TESTING_ServerMessageAck_Create(): ServerMessageAck;
 export function TESTING_TestingHandleType_getValue(handle: Wrapper<TestingHandleType>): number;
 export function TokioAsyncContext_cancel(context: Wrapper<TokioAsyncContext>, rawCancellationId: bigint): void;
 export function TokioAsyncContext_new(): TokioAsyncContext;
-export function UnauthenticatedChatConnection_connect(asyncRuntime: Wrapper<TokioAsyncContext>, connectionManager: Wrapper<ConnectionManager>, listener: ChatListener | null): CancellablePromise<UnauthenticatedChatConnection>;
+export function UnauthenticatedChatConnection_connect(asyncRuntime: Wrapper<TokioAsyncContext>, connectionManager: Wrapper<ConnectionManager>): CancellablePromise<UnauthenticatedChatConnection>;
 export function UnauthenticatedChatConnection_disconnect(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<UnauthenticatedChatConnection>): CancellablePromise<void>;
 export function UnauthenticatedChatConnection_info(chat: Wrapper<UnauthenticatedChatConnection>): ConnectionInfo;
+export function UnauthenticatedChatConnection_init_listener(chat: Wrapper<UnauthenticatedChatConnection>, listener: ChatListener): void;
 export function UnauthenticatedChatConnection_send(asyncRuntime: Wrapper<TokioAsyncContext>, chat: Wrapper<UnauthenticatedChatConnection>, httpRequest: Wrapper<HttpRequest>, timeoutMillis: number): CancellablePromise<ChatResponse>;
 export function UnidentifiedSenderMessageContent_Deserialize(data: Buffer): UnidentifiedSenderMessageContent;
 export function UnidentifiedSenderMessageContent_GetContentHint(m: Wrapper<UnidentifiedSenderMessageContent>): number;
diff --git a/node/ts/net.ts b/node/ts/net.ts
index 10949195c..2963b91a3 100644
--- a/node/ts/net.ts
+++ b/node/ts/net.ts
@@ -280,17 +280,22 @@ export class UnauthenticatedChatConnection implements ChatConnection {
     const nativeChatListener = makeNativeChatListener(asyncContext, listener);
     const connect = Native.UnauthenticatedChatConnection_connect(
       asyncContext,
-      connectionManager,
-      new WeakListenerWrapper(nativeChatListener)
+      connectionManager
     );
     const chat = await asyncContext.makeCancellable(
       options?.abortSignal,
       connect
     );
 
+    const connection = newNativeHandle(chat);
+    Native.UnauthenticatedChatConnection_init_listener(
+      connection,
+      new WeakListenerWrapper(nativeChatListener)
+    );
+
     return new UnauthenticatedChatConnection(
       asyncContext,
-      newNativeHandle(chat),
+      connection,
       nativeChatListener
     );
   }
@@ -348,16 +353,20 @@ export class AuthenticatedChatConnection implements ChatConnection {
       connectionManager,
       username,
       password,
-      receiveStories,
-      new WeakListenerWrapper(nativeChatListener)
+      receiveStories
     );
     const chat = await asyncContext.makeCancellable(
       options?.abortSignal,
       connect
     );
+    const connection = newNativeHandle(chat);
+    Native.AuthenticatedChatConnection_init_listener(
+      connection,
+      new WeakListenerWrapper(nativeChatListener)
+    );
     return new AuthenticatedChatConnection(
       asyncContext,
-      newNativeHandle(chat),
+      connection,
       nativeChatListener
     );
   }
diff --git a/rust/bridge/shared/src/net/chat.rs b/rust/bridge/shared/src/net/chat.rs
index 3e9bac0d1..b71f2f4cb 100644
--- a/rust/bridge/shared/src/net/chat.rs
+++ b/rust/bridge/shared/src/net/chat.rs
@@ -104,9 +104,16 @@ fn ChatService_new_auth(
 #[bridge_io(TokioAsyncContext, ffi = false, jni = false)]
 async fn UnauthenticatedChatConnection_connect(
     connection_manager: &ConnectionManager,
-    listener: Option<Box<dyn ChatListener>>,
 ) -> Result<UnauthenticatedChatConnection, ChatServiceError> {
-    UnauthenticatedChatConnection::connect(connection_manager, listener).await
+    UnauthenticatedChatConnection::connect(connection_manager).await
+}
+
+#[bridge_fn(ffi = false, jni = false)]
+fn UnauthenticatedChatConnection_init_listener(
+    chat: &UnauthenticatedChatConnection,
+    listener: Box<dyn ChatListener>,
+) {
+    chat.init_listener(listener)
 }
 
 #[bridge_io(TokioAsyncContext, ffi = false, jni = false)]
@@ -142,17 +149,23 @@ async fn AuthenticatedChatConnection_connect(
     username: String,
     password: String,
     receive_stories: bool,
-    listener: Option<Box<dyn ChatListener>>,
 ) -> Result<AuthenticatedChatConnection, ChatServiceError> {
     AuthenticatedChatConnection::connect(
         connection_manager,
-        listener,
         Auth { username, password },
         receive_stories,
     )
     .await
 }
 
+#[bridge_fn(ffi = false, jni = false)]
+fn AuthenticatedChatConnection_init_listener(
+    chat: &AuthenticatedChatConnection,
+    listener: Box<dyn ChatListener>,
+) {
+    chat.init_listener(listener)
+}
+
 #[bridge_io(TokioAsyncContext, ffi = false, jni = false)]
 async fn AuthenticatedChatConnection_send(
     chat: &AuthenticatedChatConnection,
diff --git a/rust/bridge/shared/types/src/net/chat.rs b/rust/bridge/shared/types/src/net/chat.rs
index 54d9219ad..d585f6ff1 100644
--- a/rust/bridge/shared/types/src/net/chat.rs
+++ b/rust/bridge/shared/types/src/net/chat.rs
@@ -219,52 +219,53 @@ pub type UnauthChat = Chat<UnauthChatService>;
 pub type AuthChat = Chat<AuthChatService>;
 
 pub struct UnauthenticatedChatConnection {
-    inner: ChatConnection,
+    /// The possibly-still-being-constructed [`ChatConnection`].
+    ///
+    /// See [`AuthenticatedChatConnection::inner`] for rationale around lack of
+    /// reader/writer contention.
+    inner: tokio::sync::RwLock<MaybeChatConnection>,
 }
 bridge_as_handle!(UnauthenticatedChatConnection);
 impl UnwindSafe for UnauthenticatedChatConnection {}
 impl RefUnwindSafe for UnauthenticatedChatConnection {}
 
 pub struct AuthenticatedChatConnection {
-    inner: ChatConnection,
+    /// The possibly-still-being-constructed [`ChatConnection`].
+    ///
+    /// This is a `RwLock` so that bridging functions can always take a
+    /// `&AuthenticatedChatConnection`, even when finishing construction of the
+    /// `ChatConnection`. The lock will only be held in writer mode once, when
+    /// finishing construction, and after that will be held in read mode, so
+    /// there won't be any contention.
+    inner: tokio::sync::RwLock<MaybeChatConnection>,
 }
 bridge_as_handle!(AuthenticatedChatConnection);
 impl UnwindSafe for AuthenticatedChatConnection {}
 impl RefUnwindSafe for AuthenticatedChatConnection {}
 
+enum MaybeChatConnection {
+    Running(ChatConnection),
+    WaitingForListener(chat::PendingChatConnection),
+    TemporarilyEvicted,
+}
+
 impl UnauthenticatedChatConnection {
-    pub async fn connect(
-        connection_manager: &ConnectionManager,
-        listener: Option<Box<dyn ChatListener>>,
-    ) -> Result<Self, ChatServiceError> {
-        let inner = establish_chat_connection(connection_manager, listener, None).await?;
+    pub async fn connect(connection_manager: &ConnectionManager) -> Result<Self, ChatServiceError> {
+        let inner = establish_chat_connection(connection_manager, None).await?;
         log::info!("connected unauthenticated chat");
-        Ok(Self { inner })
-    }
-
-    pub async fn send(
-        &self,
-        message: Request,
-        timeout: Duration,
-    ) -> Result<ChatResponse, ChatServiceError> {
-        self.inner.send(message, timeout).await
-    }
-
-    pub async fn disconnect(&self) {
-        self.inner.disconect().await
+        Ok(Self {
+            inner: MaybeChatConnection::WaitingForListener(inner).into(),
+        })
     }
 }
-
 impl AuthenticatedChatConnection {
     pub async fn connect(
         connection_manager: &ConnectionManager,
-        listener: Option<Box<dyn ChatListener>>,
         auth: Auth,
         receive_stories: bool,
     ) -> Result<Self, ChatServiceError> {
-        let inner = establish_chat_connection(
+        let pending = establish_chat_connection(
             connection_manager,
-            listener,
             Some(chat::AuthenticatedChatHeaders {
                 auth,
                 receive_stories: receive_stories.into(),
@@ -272,38 +273,111 @@ impl AuthenticatedChatConnection {
         )
         .await?;
         log::info!("connected authenticated chat");
-        Ok(Self { inner })
+        Ok(Self {
+            inner: MaybeChatConnection::WaitingForListener(pending).into(),
+        })
+    }
+}
+
+impl AsRef<tokio::sync::RwLock<MaybeChatConnection>> for AuthenticatedChatConnection {
+    fn as_ref(&self) -> &tokio::sync::RwLock<MaybeChatConnection> {
+        &self.inner
+    }
+}
+
+impl AsRef<tokio::sync::RwLock<MaybeChatConnection>> for UnauthenticatedChatConnection {
+    fn as_ref(&self) -> &tokio::sync::RwLock<MaybeChatConnection> {
+        &self.inner
+    }
+}
+
+pub trait BridgeChatConnection {
+    fn init_listener(&self, listener: Box<dyn ChatListener>);
+
+    fn send(
+        &self,
+        message: Request,
+        timeout: Duration,
+    ) -> impl Future<Output = Result<ChatResponse, ChatServiceError>> + Send;
+
+    fn disconnect(&self) -> impl Future<Output = ()> + Send;
+
+    fn info(&self) -> ConnectionInfo;
+}
+
+impl<C: AsRef<tokio::sync::RwLock<MaybeChatConnection>>> BridgeChatConnection for C {
+    fn init_listener(&self, listener: Box<dyn ChatListener>) {
+        init_listener(&mut self.as_ref().blocking_write(), listener)
     }
 
-    pub async fn send(
+    fn send(
         &self,
         message: Request,
         timeout: Duration,
-    ) -> Result<ChatResponse, ChatServiceError> {
-        self.inner.send(message, timeout).await
+    ) -> impl Future<Output = Result<ChatResponse, ChatServiceError>> + Send {
+        let guard = self.as_ref().blocking_read();
+        async move {
+            let MaybeChatConnection::Running(inner) = &*guard else {
+                panic!("listener was not set")
+            };
+            inner.send(message, timeout).await
+        }
     }
 
-    pub async fn disconnect(&self) {
-        self.inner.disconect().await
+    fn disconnect(&self) -> impl Future<Output = ()> + Send {
+        let guard = self.as_ref().blocking_read();
+        async move {
+            let MaybeChatConnection::Running(inner) = &*guard else {
+                panic!("listener was not set")
+            };
+            inner.disconect().await
+        }
+    }
+
+    fn info(&self) -> ConnectionInfo {
+        let guard = self.as_ref().blocking_read();
+        match &*guard {
+            MaybeChatConnection::Running(chat_connection) => chat_connection.connection_info(),
+            MaybeChatConnection::WaitingForListener(pending_chat_connection) => {
+                pending_chat_connection.connection_info()
+            }
+            MaybeChatConnection::TemporarilyEvicted => unreachable!("unobservable state"),
+        }
     }
 }
+
+fn init_listener(connection: &mut MaybeChatConnection, listener: Box<dyn ChatListener>) {
+    let pending = match std::mem::replace(connection, MaybeChatConnection::TemporarilyEvicted) {
+        MaybeChatConnection::Running(chat_connection) => {
+            *connection = MaybeChatConnection::Running(chat_connection);
+            panic!("listener already set")
+        }
+        MaybeChatConnection::WaitingForListener(pending_chat_connection) => pending_chat_connection,
+        MaybeChatConnection::TemporarilyEvicted => panic!("should be a temporary state"),
+    };
+
+    *connection = MaybeChatConnection::Running(ChatConnection::finish_connect(
+        pending,
+        listener.into_event_listener(),
+    ))
+}
+
 impl Connection for UnauthenticatedChatConnection {
     fn connection_info(&self) -> ConnectionInfo {
-        self.inner.connection_info()
+        BridgeChatConnection::info(self)
     }
 }
 
 impl Connection for AuthenticatedChatConnection {
     fn connection_info(&self) -> ConnectionInfo {
-        self.inner.connection_info()
+        BridgeChatConnection::info(self)
     }
 }
 
 async fn establish_chat_connection(
     connection_manager: &ConnectionManager,
-    listener: Option<Box<dyn ChatListener>>,
     auth: Option<chat::AuthenticatedChatHeaders>,
-) -> Result<ChatConnection, ChatServiceError> {
+) -> Result<chat::PendingChatConnection, ChatServiceError> {
     let ConnectionManager {
         env,
         dns_resolver,
@@ -335,7 +409,7 @@ async fn establish_chat_connection(
 
     let chat_connect = &env.chat_domain_config.connect;
 
-    ChatConnection::connect_with(
+    ChatConnection::start_connect_with(
         connect,
         dns_resolver,
         DirectOrProxyProvider::maybe_proxied(
@@ -351,7 +425,6 @@ async fn establish_chat_connection(
             remote_idle_timeout: remote_idle_disconnect_timeout,
             initial_request_id: 0,
         },
-        listener.map(|l| l.into_event_listener()),
         auth,
     )
     .await
diff --git a/rust/net/src/chat.rs b/rust/net/src/chat.rs
index 95dab4c61..01bca081c 100644
--- a/rust/net/src/chat.rs
+++ b/rust/net/src/chat.rs
@@ -16,13 +16,14 @@ use libsignal_net_infra::connection_manager::{
 };
 use libsignal_net_infra::dns::DnsResolver;
 use libsignal_net_infra::route::{
-    RouteProvider, RouteProviderExt, ThrottlingConnector, UnresolvedHttpsServiceRoute,
-    UnresolvedWebsocketServiceRoute, WebSocketRoute, WebSocketRouteFragment,
+    ComposedConnector, Connector, RouteProvider, RouteProviderExt, StatelessTransportConnector,
+    ThrottlingConnector, UnresolvedHttpsServiceRoute, UnresolvedWebsocketServiceRoute,
+    WebSocketRoute, WebSocketRouteFragment, WebSocketServiceRoute,
 };
 use libsignal_net_infra::service::{Service, ServiceConnectorWithDecorator};
 use libsignal_net_infra::timeouts::{MULTI_ROUTE_CONNECTION_TIMEOUT, ONE_ROUTE_CONNECTION_TIMEOUT};
 use libsignal_net_infra::utils::ObservableEvent;
-use libsignal_net_infra::ws::WebSocketClientConnector;
+use libsignal_net_infra::ws::{WebSocketClientConnector, WebSocketConnectError};
 use libsignal_net_infra::{
     make_ws_config, AsHttpHeader, Connection, ConnectionInfo, EndpointConnection,
     HttpRequestDecorator, IpType, TransportConnector,
@@ -526,6 +527,25 @@ impl Connection for ChatConnection {
     }
 }
 
+type ChatConnector = ComposedConnector<
+    ThrottlingConnector<crate::infra::ws::Stateless>,
+    StatelessTransportConnector,
+    WebSocketConnectError,
+>;
+type ChatWebSocketConnection = <ChatConnector as Connector<WebSocketServiceRoute, ()>>::Connection;
+
+pub struct PendingChatConnection {
+    connection: ChatWebSocketConnection,
+    ws_config: ws2::Config,
+    connection_info: ConnectionInfo,
+}
+
+impl Connection for PendingChatConnection {
+    fn connection_info(&self) -> ConnectionInfo {
+        self.connection_info.clone()
+    }
+}
+
 pub struct AuthenticatedChatHeaders {
     pub auth: Auth,
     pub receive_stories: ReceiveStories,
@@ -544,6 +564,28 @@ impl ChatConnection {
         listener: self::ws2::EventListener,
         auth: Option<AuthenticatedChatHeaders>,
     ) -> Result<Self, ChatServiceError> {
+        let pending = Self::start_connect_with(
+            connect,
+            resolver,
+            http_route_provider,
+            confirmation_header_name,
+            user_agent,
+            ws_config,
+            auth,
+        )
+        .await?;
+        Ok(Self::finish_connect(pending, listener))
+    }
+
+    pub async fn start_connect_with(
+        connect: &tokio::sync::RwLock<ConnectState>,
+        resolver: &DnsResolver,
+        http_route_provider: impl RouteProvider<Route = UnresolvedHttpsServiceRoute>,
+        confirmation_header_name: Option<HeaderName>,
+        user_agent: &UserAgent,
+        ws_config: self::ws2::Config,
+        auth: Option<AuthenticatedChatHeaders>,
+    ) -> Result<PendingChatConnection, ChatServiceError> {
         let headers = auth
             .into_iter()
             .flat_map(
@@ -587,9 +629,10 @@ impl ChatConnection {
         match result {
             Ok(ws_connection) => Ok({
                 let connection_info = ws_connection.connection_info();
-                Self {
-                    inner: self::ws2::Chat::new(ws_connection, ws_config, listener),
+                PendingChatConnection {
+                    connection: ws_connection,
                     connection_info,
+                    ws_config,
                 }
             }),
             Err(e) => {
@@ -607,6 +650,18 @@ impl ChatConnection {
         }
     }
 
+    pub fn finish_connect(pending: PendingChatConnection, listener: ws2::EventListener) -> Self {
+        let PendingChatConnection {
+            connection,
+            connection_info,
+            ws_config,
+        } = pending;
+        Self {
+            inner: crate::chat::ws2::Chat::new(connection, ws_config, listener),
+            connection_info,
+        }
+    }
+
     pub async fn send(
         &self,
         msg: Request,
diff --git a/rust/net/src/chat/ws2.rs b/rust/net/src/chat/ws2.rs
index 2c18f6888..c6f884489 100644
--- a/rust/net/src/chat/ws2.rs
+++ b/rust/net/src/chat/ws2.rs
@@ -9,7 +9,6 @@ use std::future::Future;
 use std::io::ErrorKind as IoErrorKind;
 use std::panic::AssertUnwindSafe;
 use std::pin::Pin;
-use std::sync::{Arc, Mutex};
 
 use futures_util::{pin_mut, Sink, Stream, StreamExt as _};
 use http::uri::PathAndQuery;
@@ -48,9 +47,6 @@ pub struct Chat {
     /// points. If it were a regular [`Mutex`] the futures produced by methods
     /// on `Chat` would not be `Send`.
     state: TokioMutex<TaskState>,
-
-    /// The listener that will receive events from the task.
-    incoming_event_listener: Arc<Mutex<ListenerState>>,
 }
 
 /// Instantiation-time configuration for a [`Chat`] instance.
@@ -144,7 +140,7 @@ pub struct Responder {
     tx: mpsc::WeakUnboundedSender<OutgoingResponse>,
 }
 
-pub type EventListener = Option<Box<dyn FnMut(ListenerEvent) + Send>>;
+pub type EventListener = Box<dyn FnMut(ListenerEvent) + Send>;
 
 impl Chat {
     pub fn new<T>(transport: T, config: Config, listener: EventListener) -> Self
@@ -179,10 +175,7 @@ impl Chat {
     /// If the request can't be sent or the response isn't received, this
     /// returns an error.
     pub async fn send(&self, request: Request) -> Result<Response, SendError> {
-        let Self {
-            state,
-            incoming_event_listener: _,
-        } = self;
+        let Self { state } = self;
 
         let Request {
             method,
@@ -237,23 +230,6 @@ impl Chat {
         *guard = new_state
     }
 
-    /// Sets the handler that will receive [`ListenerEvent`]s from the server.
-    ///
-    /// To remove an existing listener, provide a value of `None`.
-    pub fn set_listener(&self, listener: EventListener) {
-        let mut guard = self.incoming_event_listener.lock().expect("not poisoned");
-
-        *guard = match &mut *guard {
-            ListenerState::NotRunning(_) => ListenerState::NotRunning(listener),
-            ListenerState::Running => ListenerState::ReplacedWhileRunning(listener),
-            ListenerState::ReplacedWhileRunning(_) => {
-                // No reason the listener can't replace itself twice during the
-                // same run.
-                ListenerState::ReplacedWhileRunning(listener)
-            }
-        };
-    }
-
     /// Returns `true` if the websocket is known to be connected.
     ///
     /// If this returns `false`, the websocket is either disconnected or in the
@@ -323,11 +299,10 @@ impl Chat {
             inner: inner_connection,
             requests_in_flight,
         };
-        let incoming_event_listener = Arc::new(Mutex::new(ListenerState::NotRunning(listener)));
 
         let task = tokio::spawn(spawned_task_body(
             connection,
-            Arc::clone(&incoming_event_listener),
+            listener,
             response_tx.downgrade(),
         ));
         let state = TaskState::MaybeStillRunning {
@@ -338,7 +313,6 @@ impl Chat {
 
         Self {
             state: TokioMutex::new(state),
-            incoming_event_listener,
         }
     }
 }
@@ -523,36 +497,25 @@ enum OutgoingMeta {
 }
 
 /// State for a registered [`EventListener`]
-enum ListenerState {
-    NotRunning(EventListener),
-    Running,
-    ReplacedWhileRunning(EventListener),
+struct ListenerState {
+    // only `None` when the listener is being run.
+    listener: Option<EventListener>,
 }
 
 impl ListenerState {
-    async fn send_event(
-        listener: &Mutex<ListenerState>,
-        tokio_rt: &tokio::runtime::Handle,
-        make_event: impl FnOnce() -> ListenerEvent,
-    ) {
-        let mut taken_listener = {
-            let mut guard = listener.lock().expect("not poisoned");
-            match std::mem::replace(&mut *guard, ListenerState::Running) {
-                ListenerState::NotRunning(None) => {
-                    *guard = ListenerState::NotRunning(None);
-                    return;
-                }
-                ListenerState::NotRunning(Some(listener)) => listener,
-                ListenerState::Running | ListenerState::ReplacedWhileRunning(_) => {
-                    unreachable!("the listener can't already be running")
-                }
-            }
-        };
-        // This callback might take a while, so execute it without blocking the
-        // Tokio runtime or holding the lock.
+    fn new(listener: EventListener) -> Self {
+        Self {
+            listener: Some(listener),
+        }
+    }
+}
 
-        let event = make_event();
+impl ListenerState {
+    async fn send_event(&mut self, tokio_rt: &tokio::runtime::Handle, event: ListenerEvent) {
+        let mut taken_listener = self.listener.take().expect("not running");
 
+        // This callback might take a while, so execute it without blocking the
+        // Tokio runtime.
         let returned_listener = match tokio_rt
             .spawn_blocking(move || {
                 taken_listener(event);
@@ -560,50 +523,18 @@ impl ListenerState {
             })
             .await
         {
-            Ok(listener) => Some(listener),
+            Ok(listener) => listener,
             Err(_join_error) => {
                 log::error!("listener panicked on event; removing it");
-                None
+                Box::new(|_| ())
             }
         };
 
-        // It's possible that a new listener was set while the current one was
-        // executing (maybe even by the listener itself). Don't overwrite it if so!
-        let mut guard = listener.lock().expect("not poisoned");
-        match &mut *guard {
-            ListenerState::NotRunning(_) => unreachable!("listener was running"),
-            ListenerState::Running => *guard = ListenerState::NotRunning(returned_listener),
-            ListenerState::ReplacedWhileRunning(new_listener) => {
-                // Keep the new listener, not the one that just ran.
-                *guard = ListenerState::NotRunning(new_listener.take())
-            }
-        }
+        self.listener = Some(returned_listener);
     }
 
-    fn send_event_blocking(
-        listener: Arc<Mutex<ListenerState>>,
-        make_event: impl FnOnce() -> ListenerEvent,
-    ) {
-        let mut guard = listener.lock().expect("not poisoned");
-        let taken_listener = match std::mem::replace(&mut *guard, ListenerState::Running) {
-            ListenerState::NotRunning(None) => {
-                *guard = ListenerState::NotRunning(None);
-                return;
-            }
-            ListenerState::NotRunning(Some(listener)) => listener,
-            unexpected_state
-            @ (ListenerState::Running | ListenerState::ReplacedWhileRunning(_)) => {
-                // This shouldn't happen; if it does it probably means the
-                // listener has panicked. There's nothing more we can do here
-                // other than not crash.
-                log::error!("chat task listener was found in an invalid state");
-                *guard = unexpected_state;
-                return;
-            }
-        };
-        // This callback might take a while, so execute it without blocking the
-        // Tokio runtime or holding the lock.
-        drop(guard);
+    fn send_event_blocking(&mut self, event: ListenerEvent) {
+        let taken_listener = self.listener.take().expect("not running");
 
         // If there's a panic in the listener, the event and listener won't
         // escape, and so won't be used again on this thread. That means that
@@ -611,7 +542,7 @@ impl ListenerState {
         // those won't be visible outside the `catch_unwind` call. This is
         // notionally equivalent to using `std::thread::spawn` and then joining
         // on the created thread, but without the overhead.
-        let unwind_safe = AssertUnwindSafe((make_event(), taken_listener));
+        let unwind_safe = AssertUnwindSafe((event, taken_listener));
 
         let returned_listener = match std::panic::catch_unwind(move || {
             let _ = &unwind_safe; // Force the compiler to move the entire value into the closure.
@@ -619,24 +550,14 @@ impl ListenerState {
             (*taken_listener)(event);
             taken_listener
         }) {
-            Ok(listener) => Some(listener),
-            Err(_panic) => {
+            Ok(listener) => listener,
+            Err(_join_error) => {
                 log::error!("listener panicked on event; removing it");
-                None
+                Box::new(|_| ())
             }
         };
 
-        // It's possible that a new listener was set while the current one was
-        // executing (maybe even by the listener itself). Don't overwrite it if so!
-        let mut guard = listener.lock().expect("not poisoned");
-        match &mut *guard {
-            ListenerState::NotRunning(_) => unreachable!("listener was running"),
-            ListenerState::Running => *guard = ListenerState::NotRunning(returned_listener),
-            ListenerState::ReplacedWhileRunning(new_listener) => {
-                // Keep the new listener, not the one that just ran.
-                *guard = ListenerState::NotRunning(new_listener.take())
-            }
-        }
+        self.listener = Some(returned_listener);
     }
 }
 
@@ -646,19 +567,18 @@ impl ListenerState {
 /// [`Outcome::Finished`].
 async fn spawned_task_body<I: InnerConnection>(
     connection: ConnectionImpl<I>,
-    listener: Arc<Mutex<ListenerState>>,
+    listener: EventListener,
     weak_response_tx: mpsc::WeakUnboundedSender<OutgoingResponse>,
 ) -> Result<FinishReason, TaskErrorState> {
     pin_mut!(connection);
     let tokio_rt = tokio::runtime::Handle::current();
+    let listener_state = ListenerState::new(listener);
 
     // In case the task panics, make sure the callback at least knows about the
     // disconnection.
-    let listener = scopeguard::guard_on_unwind(listener, |listener| {
+    let mut listener_state = scopeguard::guard_on_unwind(listener_state, |mut listener_state| {
         log::error!("chat handler task exited abnormally");
-        ListenerState::send_event_blocking(listener, || {
-            ListenerEvent::Finished(Err(FinishError::Unknown))
-        });
+        listener_state.send_event_blocking(ListenerEvent::Finished(Err(FinishError::Unknown)));
     });
     let result = loop {
         let (id, incoming_request) = match connection.as_mut().handle_one_event().await {
@@ -670,26 +590,27 @@ async fn spawned_task_body<I: InnerConnection>(
         };
 
         log::debug!("received incoming request from server: {id}");
-        ListenerState::send_event(&listener, &tokio_rt, || {
-            ListenerEvent::ReceivedMessage(
-                incoming_request,
-                Responder {
-                    id,
-                    tx: weak_response_tx.clone(),
-                },
-            )
-        })
-        .await;
+
+        let event = ListenerEvent::ReceivedMessage(
+            incoming_request,
+            Responder {
+                id,
+                tx: weak_response_tx.clone(),
+            },
+        );
+        listener_state.send_event(&tokio_rt, event).await;
     };
     let task_result = result.as_ref().map_err(Into::into).copied();
 
     // The loop is finishing. Make sure to tell the listener after disarming the
     // scope guard.
-    let listener = scopeguard::ScopeGuard::into_inner(listener);
-    ListenerState::send_event(&listener, &tokio_rt, move || {
-        ListenerEvent::Finished(result.map_err(FinishError::Error))
-    })
-    .await;
+    let mut listener = scopeguard::ScopeGuard::into_inner(listener_state);
+    listener
+        .send_event(
+            &tokio_rt,
+            ListenerEvent::Finished(result.map_err(FinishError::Error)),
+        )
+        .await;
 
     task_result
 }
@@ -1264,12 +1185,18 @@ mod test {
             pub initial_request_id: u64,
         }
 
-        pub(super) fn new_chat() -> (Chat, FakeTxRxChannels) {
-            new_chat_with_config(FakeConfig {
-                initial_request_id: INITIAL_REQUEST_ID,
-            })
+        pub(super) fn new_chat(listener: EventListener) -> (Chat, FakeTxRxChannels) {
+            new_chat_with_config(
+                FakeConfig {
+                    initial_request_id: INITIAL_REQUEST_ID,
+                },
+                listener,
+            )
         }
-        pub(super) fn new_chat_with_config(config: FakeConfig) -> (Chat, FakeTxRxChannels) {
+        pub(super) fn new_chat_with_config(
+            config: FakeConfig,
+            listener: EventListener,
+        ) -> (Chat, FakeTxRxChannels) {
             let FakeConfig { initial_request_id } = config;
             let (outgoing_events_tx, outgoing_events_rx) = mpsc::unbounded_channel();
             let (incoming_events_tx, incoming_events_rx) = mpsc::unbounded_channel();
@@ -1279,7 +1206,7 @@ mod test {
                     incoming_events: incoming_events_rx,
                 },
                 initial_request_id,
-                None,
+                listener,
             );
 
             (chat, (outgoing_events_rx, incoming_events_tx))
@@ -1386,15 +1313,15 @@ mod test {
 
     impl IntoEventListener for mpsc::UnboundedSender<ListenerEvent> {
         fn into_event_listener(self) -> EventListener {
-            Some(Box::new(move |event| {
+            Box::new(move |event| {
                 let _ignore_failure = self.send(event);
-            }))
+            })
         }
     }
 
     #[test_log::test(tokio::test(start_paused = true))]
     async fn sends_requests_and_receives_responses() {
-        let (chat, (mut chat_events, inner_responses)) = fake::new_chat();
+        let (chat, (mut chat_events, inner_responses)) = fake::new_chat(Box::new(|_| ()));
         assert!(chat.is_connected().await);
 
         const REQUEST_PATHS: [&str; 3] = ["/first", "/second", "/third"];
@@ -1502,10 +1429,10 @@ mod test {
     async fn receives_incoming_server_requests_and_responds() {
         const INITIAL_INCOMING_REQUEST_ID: u64 = 88;
 
-        let (chat, (mut inner_events, inner_responses)) = fake::new_chat();
-
         let (received_events_tx, mut received_events_rx) = mpsc::unbounded_channel();
-        chat.set_listener(received_events_tx.into_event_listener());
+
+        let (_chat, (mut inner_events, inner_responses)) =
+            fake::new_chat(received_events_tx.into_event_listener());
 
         const INCOMING_REQUEST_PATHS: [&str; 3] = ["/first", "/second", "/third"];
 
@@ -1617,10 +1544,9 @@ mod test {
     #[test_case(false; "client called disconnect")]
     #[test_log::test(tokio::test(start_paused = true))]
     async fn send_error_if_server_disconnected_before_response(remote_initiated: bool) {
-        let (chat, (mut inner_events, inner_responses)) = fake::new_chat();
-
         let (received_events_tx, mut received_events_rx) = mpsc::unbounded_channel();
-        chat.set_listener(received_events_tx.into_event_listener());
+        let (chat, (mut inner_events, inner_responses)) =
+            fake::new_chat(received_events_tx.into_event_listener());
 
         inner_responses
             .send(
@@ -1674,7 +1600,7 @@ mod test {
 
     #[test_log::test(tokio::test(start_paused = true))]
     async fn disconnects_server_on_client_disconnect() {
-        let (chat, (mut inner_events, _inner_responses)) = fake::new_chat();
+        let (chat, (mut inner_events, _inner_responses)) = fake::new_chat(Box::new(|_| ()));
 
         chat.disconnect().await;
         assert!(!chat.is_connected().await);
@@ -1696,7 +1622,7 @@ mod test {
 
     #[test_log::test(tokio::test(start_paused = true))]
     async fn client_disconnect_twice() {
-        let (chat, (_inner_events, _inner_responses)) = fake::new_chat();
+        let (chat, (_inner_events, _inner_responses)) = fake::new_chat(Box::new(|_| ()));
 
         chat.disconnect().await;
         chat.disconnect().await;
@@ -1706,7 +1632,15 @@ mod test {
     #[test_case(false; "response to incoming request")]
     #[test_log::test(tokio::test(start_paused = true))]
     async fn send_failure_causes_disconnect(outgoing_request_fails: bool) {
-        let (chat, (mut chat_events, inner_responses)) = fake::new_chat();
+        let (received_events_tx, mut received_events_rx) = mpsc::unbounded_channel();
+        let listener = if outgoing_request_fails {
+            Box::new(|_| ()) as EventListener
+        } else {
+            Box::new(move |event| {
+                let _ignore_send_failure = received_events_tx.send(event);
+            })
+        };
+        let (chat, (mut chat_events, inner_responses)) = fake::new_chat(listener);
 
         let mut send_future = if outgoing_request_fails {
             let send = chat.send(Request {
@@ -1718,12 +1652,6 @@ mod test {
             Some(send)
         } else {
             // Send an incoming request and send a response to it.
-            let (received_events_tx, mut received_events_rx) = mpsc::unbounded_channel();
-            chat.set_listener({
-                Some(Box::new(move |event| {
-                    let _ignore_send_failure = received_events_tx.send(event);
-                }))
-            });
 
             inner_responses
                 .send(
@@ -1783,11 +1711,10 @@ mod test {
 
     #[test_log::test(tokio::test(start_paused = true))]
     async fn sends_listener_close_on_remote_disconnect() {
-        let (chat, (_inner_events, inner_responses)) = fake::new_chat();
-
         let (received_events_tx, mut received_events_rx) = mpsc::unbounded_channel();
 
-        chat.set_listener(received_events_tx.into_event_listener());
+        let (_chat, (_inner_events, inner_responses)) =
+            fake::new_chat(received_events_tx.into_event_listener());
 
         inner_responses
             .send(Outcome::Finished(Ok(FinishReason::RemoteDisconnect)).into())
@@ -1800,14 +1727,22 @@ mod test {
 
     #[test_log::test(tokio::test(start_paused = true))]
     async fn is_not_connected_after_remote_close() {
-        let (chat, (_inner_events, inner_responses)) = fake::new_chat();
+        let (received_close_tx, mut received_close_rx) = mpsc::unbounded_channel();
+        let (chat, (_inner_events, inner_responses)) = fake::new_chat(Box::new(move |e| {
+            if let ListenerEvent::Finished(_) = e {
+                let _ignore_error = received_close_tx.send(());
+            }
+        }));
 
         inner_responses
             .send(Outcome::Finished(Ok(FinishReason::RemoteDisconnect)).into())
             .expect("can send");
 
-        // Let the other task run so the response can be propagated to the task.
-        tokio::task::yield_now().await;
+        received_close_rx.recv().await;
+        // Wait for some amount of simulated time to elapse. Since the Chat's
+        // background task isn't just waiting for time to elapse it will
+        // receive the incoming message and terminate the connection.
+        tokio::time::sleep(Duration::from_millis(1)).await;
 
         assert!(!chat.is_connected().await);
     }
@@ -1824,11 +1759,10 @@ mod test {
                 }; "invalid request")]
     #[test_log::test(tokio::test(start_paused = true))]
     async fn continues_on_invalid_incoming_message(incoming: MessageProto) {
-        let (chat, (_inner_events, inner_responses)) = fake::new_chat();
-
         let (received_events_tx, mut received_events_rx) = mpsc::unbounded_channel();
 
-        chat.set_listener(received_events_tx.into_event_listener());
+        let (_chat, (_inner_events, inner_responses)) =
+            fake::new_chat(received_events_tx.into_event_listener());
 
         // Send 2 incoming requests. Since they are processed in order, if the
         // second one comes in we know the first one didn't cause the worker to
@@ -1863,10 +1797,12 @@ mod test {
 
     #[test_log::test(tokio::test(start_paused = true))]
     async fn request_id_wraps_around() {
-        let (chat, (mut inner_events, inner_responses)) =
-            fake::new_chat_with_config(fake::FakeConfig {
+        let (chat, (mut inner_events, inner_responses)) = fake::new_chat_with_config(
+            fake::FakeConfig {
                 initial_request_id: u64::MAX,
-            });
+            },
+            Box::new(|_| ()),
+        );
 
         let mut send_requests = FuturesUnordered::from_iter(["/a", "/b"].map(|path| {
             chat.send(Request {
@@ -1915,93 +1851,16 @@ mod test {
         )
     }
 
-    #[test_log::test(tokio::test(start_paused = true))]
-    async fn can_set_listener_inside_listener() {
-        let (chat, (_inner_events, inner_responses)) = fake::new_chat();
-        // Allow sharing the `Chat` with the listener which needs to be 'static.
-        let chat = Arc::new(chat);
-
-        let (received_events_tx, mut received_events_rx) = mpsc::unbounded_channel();
-
-        let listener = {
-            let chat = Arc::clone(&chat);
-            move |event| {
-                // Send the event and set the second listener.
-                let _ignore_send_failure = received_events_tx.send(("from first listener", event));
-                let second_listener = {
-                    let chat = Arc::clone(&chat);
-                    let tx = received_events_tx.clone();
-                    move |event| {
-                        // Send the event and remove the listener.
-                        let _ignore_send_failure = tx.send(("from second listener", event));
-                        chat.set_listener(None);
-                    }
-                };
-                chat.set_listener(Some(Box::new(second_listener)));
-            }
-        };
-
-        chat.set_listener(Some(Box::new(listener)));
-
-        const INCOMING_REQUEST_PATHS: [&str; 3] = ["/first", "/second", "/third"];
-
-        let incoming_requests = INCOMING_REQUEST_PATHS
-            .iter()
-            .enumerate()
-            .map(|(index, path)| RequestProto {
-                id: Some(index as u64),
-                verb: Some(Method::GET.to_string()),
-                path: Some(path.to_string()),
-                headers: vec!["req-header: value".to_string()],
-                body: None,
-            })
-            .collect_vec();
-
-        for request in &incoming_requests {
-            inner_responses
-                .send(
-                    Outcome::Continue(MessageEvent::ReceivedMessage(TextOrBinary::Binary(
-                        MessageProto {
-                            r#type: Some(ChatMessageType::Request.into()),
-                            request: Some(request.clone()),
-                            response: None,
-                        }
-                        .encode_to_vec(),
-                    )))
-                    .into(),
-                )
-                .expect("can send requests from server");
-        }
-
-        // Because the task running in the background is continuing to run, it
-        // should send events to the listener for the incoming requests and the
-        // listener will bounce those to the channel.
-        assert_matches!(
-            received_events_rx.recv().await,
-            Some(("from first listener", ListenerEvent::ReceivedMessage(_, _)))
-        );
-        assert_matches!(
-            received_events_rx.recv().await,
-            Some(("from second listener", ListenerEvent::ReceivedMessage(_, _)))
-        );
-        assert_matches!(
-            received_events_rx.recv().await,
-            None,
-            "second listener didn't clear the listener"
-        );
-    }
-
     #[test_log::test(tokio::test(start_paused = true))]
     async fn listener_panic_on_receive_incoming() {
-        let (chat, (_inner_events, inner_responses)) = fake::new_chat();
         let (listener_tx, mut listener_rx) = mpsc::unbounded_channel();
 
-        chat.set_listener(Some(Box::new(move |event| {
+        let (_chat, (_inner_events, inner_responses)) = fake::new_chat(Box::new(move |event| {
             listener_tx.send(()).expect("listener exists");
             if let ListenerEvent::ReceivedMessage(req, _responder) = event {
                 panic!("expected panic on receiving {req:?}");
             }
-        })));
+        }));
 
         inner_responses
             .send(
@@ -2023,10 +1882,9 @@ mod test {
 
     #[test_log::test(tokio::test(start_paused = true))]
     async fn listener_panic_during_task_panic_doesnt_abort() {
-        let (chat, (_inner_events, inner_responses)) = fake::new_chat();
         let (listener_tx, mut listener_rx) = mpsc::unbounded_channel();
 
-        chat.set_listener(Some(Box::new(move |event| {
+        let (_chat, (_inner_events, inner_responses)) = fake::new_chat(Box::new(move |event| {
             listener_tx
                 .send(matches!(
                     event,
@@ -2034,7 +1892,7 @@ mod test {
                 ))
                 .expect("can send");
             panic!("expected panic on receiving {event:?}");
-        })));
+        }));
 
         inner_responses
             .send(fake::OutcomeOrPanic::IntentionalPanic("oh noes!"))

From 0e28a0840170a3a68aa4a56535dcb60c15b81ff7 Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Mon, 25 Nov 2024 17:22:29 -0800
Subject: [PATCH 38/57] backup: Factor out key-parsing logic for tools

This allows decrypt_backup and encrypt_backup to use the full set of
options for specifying key material as the main validator CLI, though
they will continue to use a fallback AEP and ACI if no key material is
provided. The upcoming scrambler tool will likewise use the same
options for decrypting.
---
 .../message-backup/examples/decrypt_backup.rs |  73 ++---------
 .../message-backup/examples/encrypt_backup.rs |  80 +++----------
 rust/message-backup/src/bin/support/mod.rs    | 113 ++++++++++++++++++
 rust/message-backup/src/bin/validator/main.rs | 113 ++++--------------
 4 files changed, 163 insertions(+), 216 deletions(-)
 create mode 100644 rust/message-backup/src/bin/support/mod.rs

diff --git a/rust/message-backup/examples/decrypt_backup.rs b/rust/message-backup/examples/decrypt_backup.rs
index a5b9fbd38..310c72a01 100644
--- a/rust/message-backup/examples/decrypt_backup.rs
+++ b/rust/message-backup/examples/decrypt_backup.rs
@@ -3,71 +3,32 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 
-use std::fmt::Display;
 use std::io::Read as _;
-use std::str::FromStr as _;
 
-use clap::builder::TypedValueParser;
 use clap::Parser;
 use clap_stdin::FileOrStdin;
-use libsignal_account_keys::{AccountEntropyPool, BackupKey};
-use libsignal_core::Aci;
-use libsignal_message_backup::args::{parse_aci, parse_hex_bytes};
 use libsignal_message_backup::frame::{CursorFactory, FramesReader};
-use libsignal_message_backup::key::MessageBackupKey;
 
-const DEFAULT_ACI: Aci = Aci::from_uuid_bytes([0x11; 16]);
-const DEFAULT_ACCOUNT_ENTROPY: &str =
-    "mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm";
+#[path = "../src/bin/support/mod.rs"]
+mod support;
+use support::KeyArgs;
 
 #[derive(Parser)]
 /// Decrypts and decompresses an encrypted backup file.
+///
+/// If no key is provided, the default testing key is assumed.
 struct CliArgs {
     /// the file to read from, or '-' to read from stdin
     filename: FileOrStdin,
 
-    /// the ACI to decrypt the backup file for
-    #[arg(
-        long,
-        value_parser=parse_aci.map(WrapCliArg),
-        default_value_t=WrapCliArg(DEFAULT_ACI)
-    )]
-    aci: WrapCliArg<Aci>,
-
-    /// account entropy pool used (with the ACI) to derive the backup keys
-    #[arg(long, conflicts_with = "master_key")]
-    account_entropy: Option<String>,
-
-    /// master key used (with the ACI) to derive the backup keys (deprecated)
-    #[arg(long, conflicts_with="account_entropy", value_parser=parse_hex_bytes::<32>.map(WrapCliArg))]
-    master_key: Option<WrapCliArg<[u8; BackupKey::MASTER_KEY_LEN]>>,
+    #[command(flatten)]
+    key_args: KeyArgs,
 }
 
 fn main() {
-    let CliArgs {
-        filename,
-        account_entropy,
-        master_key,
-        aci: WrapCliArg(aci),
-    } = CliArgs::parse();
+    let CliArgs { filename, key_args } = CliArgs::parse();
 
-    let key = match (account_entropy, master_key) {
-        (Some(_), Some(_)) => unreachable!("enforced by clap"),
-        (None, Some(WrapCliArg(master_key))) => {
-            #[allow(deprecated)]
-            let backup_key = BackupKey::derive_from_master_key(&master_key);
-            let backup_id = backup_key.derive_backup_id(&aci);
-            MessageBackupKey::derive(&backup_key, &backup_id)
-        }
-        (entropy_arg, None) => {
-            let entropy_str = entropy_arg.as_deref().unwrap_or(DEFAULT_ACCOUNT_ENTROPY);
-            let account_entropy =
-                AccountEntropyPool::from_str(entropy_str).expect("valid account-entropy");
-            let backup_key = BackupKey::derive_from_account_entropy_pool(&account_entropy);
-            let backup_id = backup_key.derive_backup_id(&aci);
-            MessageBackupKey::derive(&backup_key, &backup_id)
-        }
-    };
+    let key = key_args.into_key_or_default();
 
     eprintln!("reading from {:?}", filename.source);
 
@@ -95,19 +56,3 @@ fn read_file(filename: FileOrStdin) -> Vec<u8> {
         .expect("IO error");
     contents
 }
-
-/// Wrapper struct to provide custom [`Display`] impls.
-#[derive(Copy, Clone, Debug, Eq, PartialEq)]
-struct WrapCliArg<T>(T);
-
-impl Display for WrapCliArg<Aci> {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        write!(f, "{}", self.0.service_id_string())
-    }
-}
-
-impl Display for WrapCliArg<[u8; 32]> {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        write!(f, "{}", hex::encode(self.0))
-    }
-}
diff --git a/rust/message-backup/examples/encrypt_backup.rs b/rust/message-backup/examples/encrypt_backup.rs
index a4aa0321b..ae5ba8b9f 100644
--- a/rust/message-backup/examples/encrypt_backup.rs
+++ b/rust/message-backup/examples/encrypt_backup.rs
@@ -3,85 +3,51 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 
-use std::fmt::Display;
 use std::io::{stdout, Read as _, Write};
-use std::str::FromStr as _;
 
 use aes::cipher::crypto_common::rand_core::{OsRng, RngCore};
-use clap::builder::TypedValueParser;
 use clap::{ArgAction, Parser};
 use clap_stdin::FileOrStdin;
-use libsignal_account_keys::{AccountEntropyPool, BackupKey};
-use libsignal_core::Aci;
-use libsignal_message_backup::args::{parse_aci, parse_hex_bytes};
+use libsignal_message_backup::args::parse_hex_bytes;
 use libsignal_message_backup::export::{
     aes_cbc_encrypt, gzip_compress, hmac_checksum, pad_gzipped_bucketed,
 };
 use libsignal_message_backup::key::MessageBackupKey;
 
-const DEFAULT_ACI: Aci = Aci::from_uuid_bytes([0x11; 16]);
-const DEFAULT_ACCOUNT_ENTROPY: &str =
-    "mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm";
+#[path = "../src/bin/support/mod.rs"]
+mod support;
+use support::KeyArgs;
 
 #[derive(Parser)]
 /// Compresses and encrypts an unencrypted backup file.
+///
+/// If no key is provided, the default testing key is assumed.
 struct CliArgs {
     /// the file to read from, or '-' to read from stdin
     filename: FileOrStdin,
 
-    /// the ACI to encrypt the backup file for
-    #[arg(
-        long,
-        value_parser=parse_aci.map(WrapCliArg),
-        default_value_t=WrapCliArg(DEFAULT_ACI)
-    )]
-    aci: WrapCliArg<Aci>,
-
-    /// account entropy pool used (with the ACI) to derive the backup keys
-    #[arg(long, conflicts_with = "master_key")]
-    account_entropy: Option<String>,
-
-    /// master key used (with the ACI) to derive the backup keys (deprecated)
-    #[arg(long, conflicts_with="account_entropy", value_parser=parse_hex_bytes::<32>.map(WrapCliArg))]
-    master_key: Option<WrapCliArg<[u8; BackupKey::MASTER_KEY_LEN]>>,
-
-    #[arg(long, value_parser=parse_hex_bytes::<16>.map(WrapCliArg))]
-    iv: Option<WrapCliArg<[u8; 16]>>,
+    #[arg(long, value_parser=parse_hex_bytes::<16>)]
+    iv: Option<[u8; 16]>,
 
     /// pad the compressed output to a bucket boundary before encrypting
     #[arg(long, default_value_t = true, action=ArgAction::Set)]
     pad_bucketed: bool,
+
+    #[command(flatten)]
+    key_args: KeyArgs,
 }
 
 fn main() {
     let CliArgs {
         filename,
-        account_entropy,
-        master_key,
-        aci: WrapCliArg(aci),
         iv,
         pad_bucketed,
+        key_args,
     } = CliArgs::parse();
 
-    let key = match (account_entropy, master_key) {
-        (Some(_), Some(_)) => unreachable!("enforced by clap"),
-        (None, Some(WrapCliArg(master_key))) => {
-            #[allow(deprecated)]
-            let backup_key = BackupKey::derive_from_master_key(&master_key);
-            let backup_id = backup_key.derive_backup_id(&aci);
-            MessageBackupKey::derive(&backup_key, &backup_id)
-        }
-        (entropy_arg, None) => {
-            let entropy_str = entropy_arg.as_deref().unwrap_or(DEFAULT_ACCOUNT_ENTROPY);
-            let account_entropy =
-                AccountEntropyPool::from_str(entropy_str).expect("valid account-entropy");
-            let backup_key = BackupKey::derive_from_account_entropy_pool(&account_entropy);
-            let backup_id = backup_key.derive_backup_id(&aci);
-            MessageBackupKey::derive(&backup_key, &backup_id)
-        }
-    };
-
-    let iv = iv.map(|WrapCliArg(iv)| iv).unwrap_or_else(|| {
+    let key = key_args.into_key_or_default();
+
+    let iv = iv.unwrap_or_else(|| {
         let mut iv = [0; 16];
         OsRng.fill_bytes(&mut iv);
         iv
@@ -129,19 +95,3 @@ fn write_bytes(label: &'static str, bytes: impl AsRef<[u8]>) {
     stdout().write_all(bytes).expect("failed to write");
     eprintln!("wrote {} {label} bytes", bytes.len())
 }
-
-/// Wrapper struct to provide custom [`Display`] impls.
-#[derive(Copy, Clone, Debug, Eq, PartialEq)]
-struct WrapCliArg<T>(T);
-
-impl Display for WrapCliArg<Aci> {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        write!(f, "{}", self.0.service_id_string())
-    }
-}
-
-impl Display for WrapCliArg<[u8; 32]> {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        write!(f, "{}", hex::encode(self.0))
-    }
-}
diff --git a/rust/message-backup/src/bin/support/mod.rs b/rust/message-backup/src/bin/support/mod.rs
new file mode 100644
index 000000000..a671be4cc
--- /dev/null
+++ b/rust/message-backup/src/bin/support/mod.rs
@@ -0,0 +1,113 @@
+//
+// Copyright 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+
+//! Key derivation from arguments, also shared with the examples.
+//!
+//! These *don't* live in the main library because they depend on clap.
+
+use std::str::FromStr as _;
+
+use clap::Args;
+use libsignal_account_keys::{AccountEntropyPool, BackupKey};
+use libsignal_core::Aci;
+use libsignal_message_backup::args::{parse_aci, parse_hex_bytes};
+use libsignal_message_backup::key::MessageBackupKey;
+
+// Only used for encrypt_backup/decrypt_backup, which need a default.
+const DEFAULT_ACI: Aci = Aci::from_uuid_bytes([0x11; 16]);
+const DEFAULT_ACCOUNT_ENTROPY: &str =
+    "mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm";
+
+#[derive(Debug, Args, PartialEq)]
+pub struct KeyArgs {
+    // TODO once https://github.com/clap-rs/clap/issues/5092 is resolved, make
+    // this `derive_key` and `key_parts` Optional at the top level.
+    #[command(flatten)]
+    pub derive_key: DeriveKey,
+    #[command(flatten)]
+    pub key_parts: KeyParts,
+}
+
+#[derive(Debug, Args, PartialEq)]
+#[group(conflicts_with = "KeyParts")]
+pub struct DeriveKey {
+    /// account entropy pool, used with the ACI to derive the message backup key
+    #[arg(long, conflicts_with = "master_key", requires = "aci")]
+    pub account_entropy: Option<String>,
+    /// master key used (with the ACI) to derive the backup keys (deprecated)
+    #[arg(long, conflicts_with = "account_entropy", value_parser=parse_hex_bytes::<32>)]
+    pub master_key: Option<[u8; BackupKey::MASTER_KEY_LEN]>,
+    /// ACI for the backup creator
+    #[arg(long, value_parser=parse_aci)]
+    pub aci: Option<Aci>,
+}
+
+#[derive(Debug, Args, PartialEq)]
+#[group(conflicts_with = "DeriveKey")]
+pub struct KeyParts {
+    /// HMAC key, used if the account entropy pool is not provided
+    #[arg(long, value_parser=parse_hex_bytes::<32>, requires_all=["aes_key"])]
+    pub hmac_key: Option<[u8; MessageBackupKey::HMAC_KEY_LEN]>,
+    /// AES encryption key, used if the account entropy pool is not provided
+    #[arg(long, value_parser=parse_hex_bytes::<32>, requires_all=["hmac_key"])]
+    pub aes_key: Option<[u8; MessageBackupKey::AES_KEY_LEN]>,
+}
+
+impl KeyArgs {
+    pub fn into_key(self) -> Option<MessageBackupKey> {
+        let Self {
+            derive_key,
+            key_parts,
+        } = self;
+
+        let derive_key = {
+            let DeriveKey {
+                account_entropy,
+                master_key,
+                aci,
+            } = derive_key;
+            aci.map(|aci| (aci, account_entropy, master_key))
+        };
+        let key_parts = {
+            let KeyParts { hmac_key, aes_key } = key_parts;
+            hmac_key.zip(aes_key)
+        };
+
+        match (derive_key, key_parts) {
+            (None, None) => None,
+            (None, Some((hmac_key, aes_key))) => Some(MessageBackupKey { aes_key, hmac_key }),
+            (Some((_aci, None, None)), None) => {
+                panic!("ACI provided, but no account-entropy or master-key")
+            }
+            (Some((aci, None, Some(master_key))), None) => Some({
+                #[allow(deprecated)]
+                let backup_key = BackupKey::derive_from_master_key(&master_key);
+                let backup_id = backup_key.derive_backup_id(&aci);
+                MessageBackupKey::derive(&backup_key, &backup_id)
+            }),
+            (Some((aci, Some(account_entropy), None)), None) => Some({
+                let account_entropy =
+                    AccountEntropyPool::from_str(&account_entropy).expect("valid account-entropy");
+                let backup_key = BackupKey::derive_from_account_entropy_pool(&account_entropy);
+                let backup_id = backup_key.derive_backup_id(&aci);
+                MessageBackupKey::derive(&backup_key, &backup_id)
+            }),
+            (Some((_aci, Some(_), Some(_))), None) => {
+                unreachable!("disallowed by clap arg parser")
+            }
+            (Some(_), Some(_)) => unreachable!("disallowed by clap arg parser"),
+        }
+    }
+
+    #[allow(unused)] // only used from some targets
+    pub fn into_key_or_default(self) -> MessageBackupKey {
+        self.into_key().unwrap_or_else(|| {
+            let account_entropy =
+                AccountEntropyPool::from_str(DEFAULT_ACCOUNT_ENTROPY).expect("valid");
+            let backup_key = BackupKey::derive_from_account_entropy_pool(&account_entropy);
+            MessageBackupKey::derive(&backup_key, &backup_key.derive_backup_id(&DEFAULT_ACI))
+        })
+    }
+}
diff --git a/rust/message-backup/src/bin/validator/main.rs b/rust/message-backup/src/bin/validator/main.rs
index aea7bdb9b..7050a530d 100644
--- a/rust/message-backup/src/bin/validator/main.rs
+++ b/rust/message-backup/src/bin/validator/main.rs
@@ -4,20 +4,15 @@
 //
 
 use std::io::Read as _;
-use std::str::FromStr as _;
 
-use clap::{Args, Parser};
+use clap::Parser;
 use futures::io::AllowStdIo;
 use futures::AsyncRead;
-use libsignal_account_keys::{AccountEntropyPool, BackupKey};
-use libsignal_core::Aci;
-use libsignal_message_backup::args::{parse_aci, parse_hex_bytes};
 use libsignal_message_backup::backup::Purpose;
 use libsignal_message_backup::frame::{
     CursorFactory, FileReaderFactory, FramesReader, ReaderFactory, UnvalidatedHmacReader,
     VerifyHmac,
 };
-use libsignal_message_backup::key::MessageBackupKey;
 use libsignal_message_backup::{BackupReader, Error, FoundUnknownField, ReadResult};
 use mediasan_common::SeekSkipAdapter;
 
@@ -25,6 +20,10 @@ use crate::args::ParseVerbosity;
 
 mod args;
 
+#[path = "../support/mod.rs"]
+mod support;
+use support::KeyArgs;
+
 /// Validates, and optionally prints the contents of, message backup files.
 ///
 /// Backups can be read from a file or from stdin. If no keys are provided, the
@@ -49,38 +48,8 @@ struct Cli {
     #[arg(long, default_value_t=Purpose::RemoteBackup)]
     purpose: Purpose,
 
-    // TODO once https://github.com/clap-rs/clap/issues/5092 is resolved, make
-    // `derive_key` and `key_parts` Optional at the top level.
-    #[command(flatten)]
-    derive_key: DeriveKey,
-
     #[command(flatten)]
-    key_parts: KeyParts,
-}
-
-#[derive(Debug, Args, PartialEq)]
-#[group(conflicts_with = "KeyParts")]
-struct DeriveKey {
-    /// account entropy pool, used with the ACI to derive the message backup key
-    #[arg(long, conflicts_with = "master_key", requires = "aci")]
-    account_entropy: Option<String>,
-    /// master key used (with the ACI) to derive the backup keys (deprecated)
-    #[arg(long, conflicts_with = "account_entropy", value_parser=parse_hex_bytes::<32>)]
-    master_key: Option<[u8; BackupKey::MASTER_KEY_LEN]>,
-    /// ACI for the backup creator
-    #[arg(long, value_parser=parse_aci)]
-    aci: Option<Aci>,
-}
-
-#[derive(Debug, Args, PartialEq)]
-#[group(conflicts_with = "DeriveKey")]
-struct KeyParts {
-    /// HMAC key, used if the account entropy pool is not provided
-    #[arg(long, value_parser=parse_hex_bytes::<32>, requires_all=["aes_key"])]
-    hmac_key: Option<[u8; MessageBackupKey::HMAC_KEY_LEN]>,
-    /// AES encryption key, used if the account entropy pool is not provided
-    #[arg(long, value_parser=parse_hex_bytes::<32>, requires_all=["hmac_key"])]
-    aes_key: Option<[u8; MessageBackupKey::AES_KEY_LEN]>,
+    key_args: KeyArgs,
 }
 
 fn main() {
@@ -90,11 +59,7 @@ fn main() {
 async fn async_main() {
     let Cli {
         file: file_or_stdin,
-
-        derive_key,
-
-        key_parts,
-
+        key_args,
         purpose,
         print,
         verbose,
@@ -105,43 +70,7 @@ async fn async_main() {
 
     let verbosity = verbose.into();
 
-    let derive_key = {
-        let DeriveKey {
-            account_entropy,
-            master_key,
-            aci,
-        } = derive_key;
-        aci.map(|aci| (aci, account_entropy, master_key))
-    };
-    let key_parts = {
-        let KeyParts { hmac_key, aes_key } = key_parts;
-        hmac_key.zip(aes_key)
-    };
-
-    let key = {
-        match (derive_key, key_parts) {
-            (None, None) => None,
-            (None, Some((hmac_key, aes_key))) => Some(MessageBackupKey { aes_key, hmac_key }),
-            (Some((_aci, None, None)), None) => {
-                panic!("ACI provided, but no account-entropy or master-key")
-            }
-            (Some((aci, None, Some(master_key))), None) => Some({
-                #[allow(deprecated)]
-                let backup_key = BackupKey::derive_from_master_key(&master_key);
-                let backup_id = backup_key.derive_backup_id(&aci);
-                MessageBackupKey::derive(&backup_key, &backup_id)
-            }),
-            (Some((aci, Some(account_entropy), None)), None) => Some({
-                let account_entropy =
-                    AccountEntropyPool::from_str(&account_entropy).expect("valid account-entropy");
-                let backup_key = BackupKey::derive_from_account_entropy_pool(&account_entropy);
-                let backup_id = backup_key.derive_backup_id(&aci);
-                MessageBackupKey::derive(&backup_key, &backup_id)
-            }),
-            (Some((_aci, Some(_), Some(_))), None) => unreachable!("disallowed by clap arg parser"),
-            (Some(_), Some(_)) => unreachable!("disallowed by clap arg parser"),
-        }
-    };
+    let key = key_args.into_key();
 
     let contents = FilenameOrContents::from(file_or_stdin);
     let mut factory = AsyncReaderFactory::from(&contents);
@@ -279,6 +208,8 @@ fn print_unknown_fields(found_unknown_fields: Vec<FoundUnknownField>) {
 mod test {
     use assert_matches::assert_matches;
     use clap_stdin::FileOrStdin;
+    use libsignal_core::Aci;
+    use support::{DeriveKey, KeyParts};
     use test_case::test_case;
 
     use super::*;
@@ -306,8 +237,10 @@ mod test {
             verbose: 0,
             print: false,
             purpose: Purpose::RemoteBackup,
-            derive_key: DeriveKey { account_entropy: None, master_key: None, aci: None },
-            key_parts: KeyParts { hmac_key: None, aes_key: None },
+            key_args: KeyArgs {
+                derive_key: DeriveKey { account_entropy: None, master_key: None, aci: None },
+                key_parts: KeyParts { hmac_key: None, aes_key: None }
+            },
         }) =>  file_source);
         assert_eq!(file_source, "filename");
     }
@@ -332,8 +265,10 @@ mod test {
             verbose: 0,
             print: false,
             purpose: Purpose::RemoteBackup,
-            derive_key,
-            key_parts: KeyParts { hmac_key: None, aes_key: None },
+            key_args: KeyArgs {
+                derive_key,
+                key_parts: KeyParts { hmac_key: None, aes_key: None }
+            },
         }) => (file_source, derive_key));
         assert_eq!(file_source, "filename");
         assert_eq!(
@@ -366,8 +301,10 @@ mod test {
             verbose: 0,
             print: false,
             purpose: Purpose::RemoteBackup,
-            derive_key,
-            key_parts: KeyParts { hmac_key: None, aes_key: None },
+            key_args: KeyArgs {
+                derive_key,
+                key_parts: KeyParts { hmac_key: None, aes_key: None }
+            },
         }) => (file_source, derive_key));
         assert_eq!(file_source, "filename");
         assert_eq!(
@@ -400,8 +337,10 @@ mod test {
             verbose: 0,
             print: false,
             purpose: Purpose::RemoteBackup,
-            derive_key: DeriveKey { account_entropy: None, master_key: None, aci: None},
-            key_parts,
+            key_args: KeyArgs {
+                derive_key: DeriveKey { account_entropy: None, master_key: None, aci: None},
+                key_parts,
+            }
         }) => (file_source, key_parts));
         assert_eq!(file_source, "filename");
         assert_eq!(

From e25a1555aa02cb8103d793dcac55062c4dceffbd Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Mon, 25 Nov 2024 17:27:50 -0800
Subject: [PATCH 39/57] json_to_binproto: The json5 crate expects certain chars
 to be escaped

---
 rust/message-backup/examples/json_to_binproto.rs | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/rust/message-backup/examples/json_to_binproto.rs b/rust/message-backup/examples/json_to_binproto.rs
index 94b4f1533..aa0ceff0e 100644
--- a/rust/message-backup/examples/json_to_binproto.rs
+++ b/rust/message-backup/examples/json_to_binproto.rs
@@ -21,8 +21,12 @@ fn main() {
 
     eprintln!("reading from {:?}", filename.source);
 
-    let contents = json5::from_str(&String::from_utf8(read_file(filename)).expect("not a string"))
-        .expect("invalid JSON");
+    let json_input = String::from_utf8(read_file(filename))
+        .expect("not a string")
+        // Work around https://github.com/callum-oakley/json5-rs/issues/21
+        .replace("\u{2028}", "\\u2028")
+        .replace("\u{2029}", "\\u2029");
+    let contents = json5::from_str(&json_input).expect("invalid JSON");
 
     let contents = assert_matches!(contents, serde_json::Value::Array(contents) => contents);
     let serialized =

From fd42249fb4f48a4cf6506558860ed801958d79ae Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Mon, 25 Nov 2024 17:29:32 -0800
Subject: [PATCH 40/57] backup: Use stronger types for protobuf visitor
 callbacks

---
 rust/message-backup/src/lib.rs | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/rust/message-backup/src/lib.rs b/rust/message-backup/src/lib.rs
index 0d97cad0c..39cbeb8e2 100644
--- a/rust/message-backup/src/lib.rs
+++ b/rust/message-backup/src/lib.rs
@@ -266,7 +266,8 @@ where
                     }
                 };
 
-                let these_unknown_fields = backup.parse_and_add_frame(&frame, &mut visitor)?;
+                let these_unknown_fields =
+                    backup.parse_and_add_frame(&frame, |frame| visitor(frame))?;
                 add_found_unknown(&mut unknown_fields, these_unknown_fields, frame_index);
                 frame_index += 1;
             }
@@ -313,7 +314,7 @@ impl<M: backup::method::Method + backup::ReferencedTypes> backup::PartialBackup<
     pub fn by_parsing(
         raw_backup_info: &[u8],
         purpose: Purpose,
-        mut visitor: impl FnMut(&dyn std::fmt::Debug) + Send,
+        mut visitor: impl FnMut(&proto::backup::BackupInfo) + Send,
     ) -> Result<Self, crate::Error> {
         let backup_info_proto = proto::backup::BackupInfo::parse_from_bytes(raw_backup_info)?;
         visitor(&backup_info_proto);
@@ -335,7 +336,7 @@ impl<M: backup::method::Method + backup::ReferencedTypes> backup::PartialBackup<
     pub fn parse_and_add_frame(
         &mut self,
         raw_frame: &[u8],
-        mut visitor: impl FnMut(&dyn std::fmt::Debug) + Send,
+        mut visitor: impl FnMut(&proto::backup::Frame) + Send,
     ) -> Result<Vec<(Vec<PathPart>, UnknownValue)>, crate::Error> {
         // Using `merge_from_bytes` instead of `parse_from_bytes` avoids having to unpack the Ok
         // case of the Result. (This is guaranteed equivalent by protobuf.)

From 27b66eb7266bcc4ef83aa7fa571cf36e016ea716 Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Mon, 25 Nov 2024 17:21:52 -0800
Subject: [PATCH 41/57] backup: Expose VisitUnknownFields under "test-util"
 feature

---
 rust/message-backup/src/unknown.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rust/message-backup/src/unknown.rs b/rust/message-backup/src/unknown.rs
index c354ceae0..131d7f606 100644
--- a/rust/message-backup/src/unknown.rs
+++ b/rust/message-backup/src/unknown.rs
@@ -143,6 +143,7 @@ impl PathPart {
 }
 
 /// Visitor for unknown fields on a [`protobuf::Message`].
+#[cfg_attr(feature = "test-util", visibility::make(pub))]
 pub(crate) trait VisitUnknownFields {
     /// Calls the visitor for each unknown field in the message.
     fn visit_unknown_fields<F: UnknownFieldVisitor>(&self, visitor: F);
@@ -159,6 +160,7 @@ impl<M: visit_static::VisitUnknownFields> VisitUnknownFields for M {
 }
 
 /// Extension trait for [`VisitUnknownFields`] with convenience methods.
+#[cfg_attr(feature = "test-util", visibility::make(pub))]
 pub(crate) trait VisitUnknownFieldsExt {
     #[allow(dead_code)]
     fn has_unknown_fields(&self) -> bool;

From 4e6ebceee89d406fa92ee6de6a8479afd8478201 Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Wed, 27 Nov 2024 14:29:21 -0800
Subject: [PATCH 42/57] backup: Move FilenameOrContents and AsyncReaderFactory
 to `support`

The scrambler tool will need them as well.
---
 rust/message-backup/src/bin/support/mod.rs    | 64 +++++++++++++++++
 rust/message-backup/src/bin/validator/main.rs | 69 +------------------
 2 files changed, 66 insertions(+), 67 deletions(-)

diff --git a/rust/message-backup/src/bin/support/mod.rs b/rust/message-backup/src/bin/support/mod.rs
index a671be4cc..b27ea24a4 100644
--- a/rust/message-backup/src/bin/support/mod.rs
+++ b/rust/message-backup/src/bin/support/mod.rs
@@ -7,13 +7,16 @@
 //!
 //! These *don't* live in the main library because they depend on clap.
 
+use std::io::Read as _;
 use std::str::FromStr as _;
 
 use clap::Args;
 use libsignal_account_keys::{AccountEntropyPool, BackupKey};
 use libsignal_core::Aci;
 use libsignal_message_backup::args::{parse_aci, parse_hex_bytes};
+use libsignal_message_backup::frame::{CursorFactory, FileReaderFactory, ReaderFactory};
 use libsignal_message_backup::key::MessageBackupKey;
+use mediasan_common::SeekSkipAdapter;
 
 // Only used for encrypt_backup/decrypt_backup, which need a default.
 const DEFAULT_ACI: Aci = Aci::from_uuid_bytes([0x11; 16]);
@@ -111,3 +114,64 @@ impl KeyArgs {
         })
     }
 }
+
+/// Filename or in-memory buffer of contents.
+pub enum FilenameOrContents {
+    Filename(String),
+    Contents(Box<[u8]>),
+}
+
+impl From<clap_stdin::FileOrStdin> for FilenameOrContents {
+    fn from(arg: clap_stdin::FileOrStdin) -> Self {
+        match arg.source {
+            clap_stdin::Source::Stdin => {
+                let mut buffer = vec![];
+                std::io::stdin()
+                    .lock()
+                    .read_to_end(&mut buffer)
+                    .expect("failed to read from stdin");
+                Self::Contents(buffer.into_boxed_slice())
+            }
+            clap_stdin::Source::Arg(path) => Self::Filename(path),
+        }
+    }
+}
+
+/// [`ReaderFactory`] impl backed by a [`FilenameOrContents`].
+pub enum AsyncReaderFactory<'a> {
+    // Using `AllowStdIo` with a `File` isn't generally a good idea since
+    // the `Read` implementation will block. Since we're using a
+    // single-threaded executor, though, the blocking I/O isn't a problem.
+    // If that changes, this should be changed to an async-aware type, like
+    // something from the `tokio` or `async-std` crates.
+    File(FileReaderFactory<&'a str>),
+    Cursor(CursorFactory<&'a [u8]>),
+}
+
+impl<'a> From<&'a FilenameOrContents> for AsyncReaderFactory<'a> {
+    fn from(value: &'a FilenameOrContents) -> Self {
+        match value {
+            FilenameOrContents::Filename(path) => Self::File(FileReaderFactory { path }),
+            FilenameOrContents::Contents(contents) => Self::Cursor(CursorFactory::new(contents)),
+        }
+    }
+}
+
+impl<'a> ReaderFactory for AsyncReaderFactory<'a> {
+    type Reader = SeekSkipAdapter<
+        futures::future::Either<
+            futures::io::BufReader<futures::io::AllowStdIo<std::fs::File>>,
+            <CursorFactory<&'a [u8]> as ReaderFactory>::Reader,
+        >,
+    >;
+
+    fn make_reader(&mut self) -> futures::io::Result<Self::Reader> {
+        match self {
+            AsyncReaderFactory::File(f) => f.make_reader().map(|SeekSkipAdapter(f)| {
+                futures::future::Either::Left(futures::io::BufReader::new(f))
+            }),
+            AsyncReaderFactory::Cursor(c) => c.make_reader().map(futures::future::Either::Right),
+        }
+        .map(SeekSkipAdapter)
+    }
+}
diff --git a/rust/message-backup/src/bin/validator/main.rs b/rust/message-backup/src/bin/validator/main.rs
index 7050a530d..08e36bddd 100644
--- a/rust/message-backup/src/bin/validator/main.rs
+++ b/rust/message-backup/src/bin/validator/main.rs
@@ -3,18 +3,13 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 
-use std::io::Read as _;
-
 use clap::Parser;
-use futures::io::AllowStdIo;
 use futures::AsyncRead;
 use libsignal_message_backup::backup::Purpose;
 use libsignal_message_backup::frame::{
-    CursorFactory, FileReaderFactory, FramesReader, ReaderFactory, UnvalidatedHmacReader,
-    VerifyHmac,
+    FramesReader, ReaderFactory as _, UnvalidatedHmacReader, VerifyHmac,
 };
 use libsignal_message_backup::{BackupReader, Error, FoundUnknownField, ReadResult};
-use mediasan_common::SeekSkipAdapter;
 
 use crate::args::ParseVerbosity;
 
@@ -22,7 +17,7 @@ mod args;
 
 #[path = "../support/mod.rs"]
 mod support;
-use support::KeyArgs;
+use support::{AsyncReaderFactory, FilenameOrContents, KeyArgs};
 
 /// Validates, and optionally prints the contents of, message backup files.
 ///
@@ -94,66 +89,6 @@ async fn async_main() {
         .unwrap_or_else(|e| panic!("backup error: {e:#}"));
 }
 
-/// Filename or in-memory buffer of contents.
-enum FilenameOrContents {
-    Filename(String),
-    Contents(Box<[u8]>),
-}
-
-impl From<clap_stdin::FileOrStdin> for FilenameOrContents {
-    fn from(arg: clap_stdin::FileOrStdin) -> Self {
-        match arg.source {
-            clap_stdin::Source::Stdin => {
-                let mut buffer = vec![];
-                std::io::stdin()
-                    .lock()
-                    .read_to_end(&mut buffer)
-                    .expect("failed to read from stdin");
-                Self::Contents(buffer.into_boxed_slice())
-            }
-            clap_stdin::Source::Arg(path) => Self::Filename(path),
-        }
-    }
-}
-
-/// [`ReaderFactory`] impl backed by a [`FilenameOrContents`].
-enum AsyncReaderFactory<'a> {
-    // Using `AllowStdIo` with a `File` isn't generally a good idea since
-    // the `Read` implementation will block. Since we're using a
-    // single-threaded executor, though, the blocking I/O isn't a problem.
-    // If that changes, this should be changed to an async-aware type, like
-    // something from the `tokio` or `async-std` crates.
-    File(FileReaderFactory<&'a str>),
-    Cursor(CursorFactory<&'a [u8]>),
-}
-
-impl<'a> From<&'a FilenameOrContents> for AsyncReaderFactory<'a> {
-    fn from(value: &'a FilenameOrContents) -> Self {
-        match value {
-            FilenameOrContents::Filename(path) => Self::File(FileReaderFactory { path }),
-            FilenameOrContents::Contents(contents) => Self::Cursor(CursorFactory::new(contents)),
-        }
-    }
-}
-
-impl<'a> ReaderFactory for AsyncReaderFactory<'a> {
-    type Reader = SeekSkipAdapter<
-        futures::future::Either<
-            futures::io::BufReader<AllowStdIo<std::fs::File>>,
-            <CursorFactory<&'a [u8]> as ReaderFactory>::Reader,
-        >,
-    >;
-
-    fn make_reader(&mut self) -> futures::io::Result<Self::Reader> {
-        match self {
-            AsyncReaderFactory::File(f) => f.make_reader().map(|SeekSkipAdapter(f)| {
-                futures::future::Either::Left(futures::io::BufReader::new(f))
-            }),
-            AsyncReaderFactory::Cursor(c) => c.make_reader().map(futures::future::Either::Right),
-        }
-        .map(SeekSkipAdapter)
-    }
-}
 /// Wrapper over encrypted- or plaintext-sourced [`BackupReader`].
 enum MaybeEncryptedBackupReader<R: AsyncRead + Unpin> {
     EncryptedCompressed(Box<BackupReader<FramesReader<R>>>),

From 2ba89c4b4f77d455260d96f7c4513e54a61ee9a7 Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Mon, 25 Nov 2024 17:30:06 -0800
Subject: [PATCH 43/57] backup: Introduce a "scramble" CLI tool

`scramble` replaces the most obvious identifying information in an backup.

The backup will still be identifiable in practice (e.g. from its
timestamps), but all text, names, ACIs, etc will be scrambled. The
input can be encrypted or unencrypted; the output (on stdout) is
unencrypted binproto.
---
 rust/message-backup/Cargo.toml                |    9 +-
 rust/message-backup/examples/scramble.rs      |  189 ++
 rust/message-backup/src/backup.rs             |    3 +
 rust/message-backup/src/backup/recipient.rs   |    4 +-
 rust/message-backup/src/lib.rs                |    3 +
 rust/message-backup/src/parse.rs              |    3 +-
 rust/message-backup/src/scramble.rs           | 1952 +++++++++++++++++
 rust/message-backup/src/scramble/randomize.rs |   64 +
 rust/message-backup/src/unknown.rs            |    6 +-
 .../canonical-backup.scrambled.expected.json  |   77 +
 rust/message-backup/tests/test_cases.rs       |   36 +-
 11 files changed, 2334 insertions(+), 12 deletions(-)
 create mode 100644 rust/message-backup/examples/scramble.rs
 create mode 100644 rust/message-backup/src/scramble.rs
 create mode 100644 rust/message-backup/src/scramble/randomize.rs
 create mode 100644 rust/message-backup/tests/res/canonical-backup.scrambled.expected.json

diff --git a/rust/message-backup/Cargo.toml b/rust/message-backup/Cargo.toml
index d20f06d54..9d6c3fa1e 100644
--- a/rust/message-backup/Cargo.toml
+++ b/rust/message-backup/Cargo.toml
@@ -15,6 +15,7 @@ workspace = true
 [features]
 # Enables code to allow conversion of backups to and from JSON.
 json = ["dep:serde_json", "dep:protobuf-json-mapping"]
+scramble = ["dep:rand"]
 test-util = []
 
 [[example]]
@@ -25,6 +26,10 @@ required-features = ["json"]
 name = "binproto_to_json"
 required-features = ["json"]
 
+[[example]]
+name = "scramble"
+required-features = ["scramble"]
+
 [[bench]]
 name = "validation"
 harness = false
@@ -64,6 +69,7 @@ mediasan-common = { workspace = true }
 num_enum = { workspace = true }
 protobuf = "3.3.0"
 protobuf-json-mapping = { version = "3.3.0", optional = true }
+rand = { workspace = true, optional = true }
 serde = { workspace = true, features = ["derive", "rc"] }
 serde_json = { workspace = true, optional = true, features = ["preserve_order"] }
 sha2 = { workspace = true }
@@ -78,7 +84,7 @@ uuid = { workspace = true, features = ["serde"] }
 visibility = { workspace = true }
 
 [dev-dependencies]
-libsignal-message-backup = { path = "./", features = ["json", "test-util"] }
+libsignal-message-backup = { path = "./", features = ["json", "scramble", "test-util"] }
 signal-crypto = { workspace = true }
 
 array-concat = { workspace = true }
@@ -92,7 +98,6 @@ json5 = "0.4.1"
 nonzero_ext = { workspace = true }
 once_cell = { workspace = true }
 pretty_assertions = { workspace = true }
-rand = { workspace = true }
 test-case = { workspace = true }
 test-log = "0.2.14"
 uuid = { workspace = true, features = ["v4"] }
diff --git a/rust/message-backup/examples/scramble.rs b/rust/message-backup/examples/scramble.rs
new file mode 100644
index 000000000..53fce052d
--- /dev/null
+++ b/rust/message-backup/examples/scramble.rs
@@ -0,0 +1,189 @@
+//
+// Copyright (C) 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+
+use std::process::ExitCode;
+
+use clap::Parser;
+use clap_stdin::FileOrStdin;
+use futures::future::Either;
+use libsignal_message_backup::backup::{CompletedBackup, PartialBackup, Purpose, ValidateOnly};
+use libsignal_message_backup::frame::{FramesReader, ReaderFactory as _};
+use libsignal_message_backup::parse::VarintDelimitedReader;
+use libsignal_message_backup::scramble::Scrambler;
+use libsignal_message_backup::unknown::VisitUnknownFieldsExt as _;
+use libsignal_message_backup::FoundUnknownField;
+
+#[path = "../src/bin/support/mod.rs"]
+mod support;
+use support::{AsyncReaderFactory, FilenameOrContents, KeyArgs};
+
+#[derive(Parser)]
+/// Replaces the most obvious identifying information in an backup.
+///
+/// The backup will still be identifiable in practice (e.g. from its timestamps), but all text,
+/// names, ACIs, etc will be scrambled. The output (on stdout) is unencrypted binproto.
+struct CliArgs {
+    /// the file to read from, or '-' to read from stdin
+    #[arg(value_hint = clap::ValueHint::FilePath)]
+    filename: FileOrStdin,
+
+    /// the purpose the backup is intended for, used to check that validation results haven't
+    /// changed
+    #[arg(long, default_value_t=Purpose::RemoteBackup)]
+    purpose: Purpose,
+
+    #[command(flatten)]
+    key_args: KeyArgs,
+}
+
+fn main() -> ExitCode {
+    // We don't enable warnings from the main validator by default, because we don't want the
+    // scrambler's warnings to be drowned out.
+    env_logger::Builder::new()
+        .filter_level(log::LevelFilter::Error)
+        .filter_module(module_path!(), log::LevelFilter::Info)
+        .parse_default_env()
+        .init();
+    let CliArgs {
+        filename,
+        purpose,
+        key_args,
+    } = CliArgs::parse();
+
+    let source = filename.source.clone();
+    let contents = FilenameOrContents::from(filename);
+    let mut factory = AsyncReaderFactory::from(&contents);
+
+    futures::executor::block_on(async move {
+        let reader = if let Some(key) = key_args.into_key() {
+            log::info!("reading from {source:?}");
+            Either::Left(
+                FramesReader::new(&key, factory)
+                    .await
+                    .expect("can read from input"),
+            )
+        } else {
+            log::info!("reading from UNENCRYPTED {source:?}");
+            Either::Right(factory.make_reader().expect("can read from input"))
+        };
+
+        let mut reader = VarintDelimitedReader::new(reader);
+        let mut scrambler = Scrambler::new();
+        let mut exit_code = ExitCode::SUCCESS;
+
+        let raw_backup_info = reader
+            .read_next()
+            .await
+            .expect("can read from input")
+            .expect("has backup info");
+        let mut new_backup_info = None;
+        let mut original_backup =
+            PartialBackup::<ValidateOnly>::by_parsing(&raw_backup_info, purpose, |info| {
+                new_backup_info = Some(scrambler.scramble(info))
+            })
+            .expect("valid BackupInfo, at least");
+        let new_backup_info = new_backup_info.expect("processed successfully");
+        emit_proto(&new_backup_info);
+        let mut new_backup = PartialBackup::<ValidateOnly>::new_validator(new_backup_info, purpose)
+            .expect("original backup only fails if new backup does");
+
+        let mut frame_index = 0;
+        while let Some(raw_frame) = reader.read_next().await.expect("can read from input") {
+            let mut new_frame = None;
+            let original_result = original_backup.parse_and_add_frame(&raw_frame, |frame| {
+                new_frame = Some(scrambler.scramble(frame))
+            });
+            frame_index += 1;
+
+            match &original_result {
+                Ok(unknown_fields) => {
+                    for (path, value) in unknown_fields {
+                        log::warn!(
+                            "{}",
+                            FoundUnknownField {
+                                frame_index,
+                                path: path.clone(),
+                                value: *value,
+                            }
+                        );
+                    }
+                }
+                Err(e) => {
+                    log::warn!("frame {frame_index} did not validate: {e}");
+                }
+            }
+
+            let Some(new_frame) = new_frame else { continue };
+            let new_unknown_fields = new_frame.collect_unknown_fields();
+            emit_proto(&new_frame);
+            let new_result = new_backup.add_frame(new_frame);
+
+            match (original_result, new_result) {
+                (Ok(original_unknown_fields), Ok(())) => {
+                    if original_unknown_fields.len() != new_unknown_fields.len() {
+                        log::warn!("scrambling may have removed some unknown fields in frame {frame_index}; here are the post-scrambling fields:");
+                        for (path, value) in new_unknown_fields {
+                            log::info!(
+                                "{}",
+                                FoundUnknownField {
+                                    frame_index,
+                                    path: path.clone(),
+                                    value,
+                                }
+                            );
+                        }
+                    }
+                }
+                (Ok(_), Err(e)) => {
+                    log::error!("scrambling of frame {frame_index} introduced a new error: {e} (continuing anyway!)");
+                    exit_code = ExitCode::FAILURE;
+                }
+                (Err(old_error), Err(new_error)) => {
+                    if old_error.to_string() != new_error.to_string() {
+                        log::warn!("validation error for frame {frame_index} changed post-scrambling: {new_error}");
+                    }
+                }
+                (Err(_), Ok(_)) => {
+                    log::error!("scrambling of frame {frame_index} removed an error; this may no longer be a suitable test case!");
+                    exit_code = ExitCode::FAILURE;
+                }
+            }
+        }
+
+        log::info!("processed {frame_index} frames");
+
+        match (
+            CompletedBackup::try_from(original_backup),
+            CompletedBackup::try_from(new_backup),
+        ) {
+            (Ok(_), Ok(_)) => {}
+            (Ok(_), Err(e)) => {
+                log::error!("scrambling introduced a new error: {e}");
+                exit_code = ExitCode::FAILURE;
+            }
+            (Err(old_error), Err(new_error)) => {
+                log::warn!("full backup failed to validate: {old_error}");
+                if old_error.to_string() != new_error.to_string() {
+                    log::warn!("validation error changed post-scrambling: {new_error}");
+                }
+            }
+            (Err(old_error), Ok(_)) => {
+                log::warn!("full backup failed to validate: {old_error}");
+                log::error!(
+                    "scrambling removed an error; this may no longer be a suitable test case!"
+                );
+                exit_code = ExitCode::FAILURE;
+            }
+        }
+
+        exit_code
+    })
+}
+
+fn emit_proto(message: &impl protobuf::Message) {
+    message
+        .write_length_delimited_to_writer(&mut std::io::stdout())
+        .expect("can write to stdout");
+}
diff --git a/rust/message-backup/src/backup.rs b/rust/message-backup/src/backup.rs
index 11767d18b..53ce929a1 100644
--- a/rust/message-backup/src/backup.rs
+++ b/rust/message-backup/src/backup.rs
@@ -46,6 +46,9 @@ mod time;
 #[cfg(test)]
 mod testutil;
 
+#[cfg(feature = "scramble")]
+pub(crate) use crate::backup::recipient::MY_STORY_UUID;
+
 pub trait ReferencedTypes {
     /// Recorded information from a [`proto::Recipient`].
     type RecipientData: Debug + AsRef<DestinationKind>;
diff --git a/rust/message-backup/src/backup/recipient.rs b/rust/message-backup/src/backup/recipient.rs
index 54f912fb1..ad4c0d025 100644
--- a/rust/message-backup/src/backup/recipient.rs
+++ b/rust/message-backup/src/backup/recipient.rs
@@ -26,6 +26,8 @@ use crate::proto::backup::recipient::Destination as RecipientDestination;
 pub(crate) mod group;
 use group::*;
 
+pub(crate) const MY_STORY_UUID: Uuid = Uuid::nil();
+
 #[derive(Debug, thiserror::Error, displaydoc::Display)]
 #[cfg_attr(test, derive(PartialEq))]
 pub enum RecipientError {
@@ -454,8 +456,6 @@ impl<R: Clone, C: LookupPair<RecipientId, DestinationKind, R> + ReportUnusualTim
             special_fields: _,
         } = value;
 
-        const MY_STORY_UUID: Uuid = Uuid::nil();
-
         let distribution_id = Uuid::from_bytes(
             distributionId
                 .try_into()
diff --git a/rust/message-backup/src/lib.rs b/rust/message-backup/src/lib.rs
index 39cbeb8e2..0ee476c67 100644
--- a/rust/message-backup/src/lib.rs
+++ b/rust/message-backup/src/lib.rs
@@ -38,6 +38,9 @@ pub(crate) mod proto;
 #[cfg(feature = "test-util")]
 pub mod export;
 
+#[cfg(feature = "scramble")]
+pub mod scramble;
+
 pub struct BackupReader<R> {
     purpose: Purpose,
     reader: VarintDelimitedReader<R>,
diff --git a/rust/message-backup/src/parse.rs b/rust/message-backup/src/parse.rs
index 0d0044ffa..f2131031a 100644
--- a/rust/message-backup/src/parse.rs
+++ b/rust/message-backup/src/parse.rs
@@ -18,8 +18,7 @@ pub enum ParseError {
 
 const VARINT_MAX_LENGTH: usize = 10;
 
-#[cfg_attr(feature = "test-util", visibility::make(pub))]
-pub(crate) struct VarintDelimitedReader<R> {
+pub struct VarintDelimitedReader<R> {
     reader: R,
     buffer: ArrayVec<u8, VARINT_MAX_LENGTH>,
 }
diff --git a/rust/message-backup/src/scramble.rs b/rust/message-backup/src/scramble.rs
new file mode 100644
index 000000000..66b19c62a
--- /dev/null
+++ b/rust/message-backup/src/scramble.rs
@@ -0,0 +1,1952 @@
+//
+// Copyright (C) 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+
+//! Provides the functionality used by the `scramble` tool.
+//!
+//! The main entry point is the [`Scrambler`] struct.
+//!
+//! Located in the library proper so that matches over `oneof`s can be exhaustive.
+
+use std::collections::HashMap;
+
+use rand::SeedableRng as _;
+use zkgroup::receipts::ReceiptCredentialPresentation;
+
+use crate::backup::MY_STORY_UUID;
+use crate::proto::backup as proto;
+
+mod randomize;
+use randomize::*;
+
+pub struct Scrambler {
+    rng: rand::rngs::StdRng,
+    e164s: intmap::IntMap<u64>,
+    uuids: HashMap<Box<[u8]>, Box<[u8]>>,
+}
+
+impl Scrambler {
+    pub fn new() -> Self {
+        Self {
+            // Use a constant seed for consistent results given the same input.
+            rng: rand::rngs::StdRng::seed_from_u64(0),
+            e164s: Default::default(),
+            uuids: Default::default(),
+        }
+    }
+
+    pub fn scramble<T>(&mut self, input: &T) -> T
+    where
+        T: Visit<Self> + Clone,
+    {
+        let mut result = input.clone();
+        result.accept(self);
+        result
+    }
+
+    fn replace_e164(&mut self, field: &mut u64) {
+        // Start with numbers in the range +1-555-555-01xx, generate further plausible numbers after that.
+        #[allow(clippy::inconsistent_digit_grouping)]
+        const E164_START: u64 = 1_555_555_0100;
+
+        let original = *field;
+        let count_of_e164s_so_far: u64 = self.e164s.len().try_into().expect("u64 can hold usize");
+        *field = match self.e164s.entry(original) {
+            intmap::Entry::Occupied(replacement) => *replacement.get(),
+            intmap::Entry::Vacant(entry) => *entry.insert(count_of_e164s_so_far + E164_START),
+        };
+    }
+
+    /// Consistently replaces a serialized ServiceId (or other UUID) across a backup.
+    ///
+    /// Despite the name, it is permitted to put arbitrary UUIDs in here, not just ServiceIds.
+    ///
+    /// Empty fields and nil UUIDs will be left unchanged.
+    fn replace_service_id(&mut self, field: &mut Vec<u8>) {
+        if field.is_empty() || field[..] == uuid::Uuid::nil().as_bytes()[..] {
+            return;
+        }
+
+        let original = std::mem::take(field);
+        *field = self
+            .uuids
+            .entry(original.into_boxed_slice())
+            .or_insert_with_key(|original| {
+                let mut replacement = random_uuid(&mut self.rng);
+                if original.len() == replacement.len() + 1 {
+                    // Assume original is a non-ACI ServiceId; preserve the type.
+                    replacement.insert(0, original[0]);
+                } else {
+                    // Otherwise, original is either an ACI / plain UUID, or not a valid ServiceId
+                    // shape at all. In the latter case, truncate or pad to try to preserve the
+                    // mistake.
+                    replacement.resize(original.len(), 0xff);
+                }
+                replacement.into_boxed_slice()
+            })
+            .to_vec()
+    }
+}
+
+impl Default for Scrambler {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+// Note that this contains REPLACEMENT_URL.
+const REPLACEMENT_BODY_TEXT: &str = "https://signal.org: Why use Signal?
+Explore below to see why Signal is a simple, powerful, and secure messenger
+
+## Share Without Insecurity
+State-of-the-art end-to-end encryption (powered by the open source Signal Protocol) keeps your conversations secure. We can't read your messages or listen to your calls, and no one else can either. Privacy isn't an optional mode - it's just the way that Signal works. Every message, every call, every time.
+
+## Say Anything
+Share text, voice messages, photos, videos, GIFs and files for free. Signal uses your phone's data connection so you can avoid SMS and MMS fees.
+
+## Speak Freely
+Make crystal-clear voice and video calls to people who live across town, or across the ocean, with no long-distance charges.
+
+## Make Privacy Stick
+Add a new layer of expression to your conversations with encrypted stickers. You can also create and share your own sticker packs.
+
+## Get Together with Groups
+Group chats make it easy to stay connected to your family, friends, and coworkers.
+
+## No ads. No trackers. No kidding.
+There are no ads, no affiliate marketers, and no creepy tracking in Signal. So focus on sharing the moments that matter with the people who matter to you.
+
+## Free for Everyone
+Signal is an independent nonprofit. We're not tied to any major tech companies, and we can never be acquired by one either. Development is supported by grants and donations from people like you.";
+
+const REPLACEMENT_EMOJI: &str = "❌";
+const REPLACEMENT_URL: &str = "https://signal.org";
+const REPLACEMENT_USERNAME: &str = "signal.01";
+
+fn scramble_content_type(content_type: &mut String) {
+    if let Some(split_point) = content_type.find('/') {
+        content_type.replace_range(split_point + 1.., "unknown");
+    } else {
+        *content_type = "unknown".to_owned();
+    }
+}
+
+/// A generic trait for visiting with state.
+///
+/// The backup protobuf message types implement this with [`Scrambler`] as the visitor. In general
+/// any `string` or `bytes` fields are scrambled in *some* way (usually by randomization), most
+/// integers and enums are left intact (explicitly ignored), and sub-messages are recursed into.
+///
+/// Note that `oneof`s are handled in the parent type rather than as a distinct impl of `Visit`.
+/// This is purely a stylistic choice for slightly more compact code; both ways would work.
+///
+/// There's no built-in traversal here, for a few reasons:
+/// - It makes it clearer that a scrambler is supposed to act on or ignore every field explicitly.
+/// - If there's ever a reason for scrambling to *not* recurse into a field, it's easier to do so.
+///
+/// But if we ever want another kind of stateful visitor, we may decide to revisit that decision.
+pub trait Visit<T> {
+    fn accept(&mut self, visitor: &mut T);
+}
+
+/// Recurse into a possibly-absent sub-message.
+impl<T: Visit<Scrambler>> Visit<Scrambler> for protobuf::MessageField<T> {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        if let Some(x) = self.as_mut() {
+            x.accept(visitor);
+        }
+    }
+}
+
+/// Recurse into a `repeated` sub-message.
+impl<T: Visit<Scrambler>> Visit<Scrambler> for Vec<T> {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        self.iter_mut().for_each(|x| x.accept(visitor));
+    }
+}
+
+impl Visit<Scrambler> for proto::BackupInfo {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            version: _,
+            backupTimeMs: _,
+            mediaRootBackupKey,
+            special_fields: _,
+        } = self;
+
+        mediaRootBackupKey.randomize(&mut visitor.rng);
+    }
+}
+
+impl Visit<Scrambler> for proto::Frame {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            item,
+            special_fields: _,
+        } = self;
+
+        if let Some(item) = item {
+            use proto::frame::Item;
+            match item {
+                Item::Account(item) => item.accept(visitor),
+                Item::Recipient(item) => item.accept(visitor),
+                Item::Chat(item) => item.accept(visitor),
+                Item::ChatItem(item) => item.accept(visitor),
+                Item::StickerPack(item) => item.accept(visitor),
+                Item::AdHocCall(item) => item.accept(visitor),
+            }
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::AccountData {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            profileKey,
+            username,
+            usernameLink,
+            givenName,
+            familyName,
+            avatarUrlPath,
+            donationSubscriberData,
+            accountSettings,
+            backupsSubscriberData,
+            special_fields: _,
+        } = self;
+
+        profileKey.randomize(&mut visitor.rng);
+        if let Some(username) = username {
+            *username = REPLACEMENT_USERNAME.into()
+        }
+        usernameLink.accept(visitor);
+        givenName.randomize(&mut visitor.rng);
+        familyName.randomize(&mut visitor.rng);
+        if !avatarUrlPath.is_empty() {
+            *avatarUrlPath = "https://cdn.signal.org/avatarUrlPath".into();
+        }
+        donationSubscriberData.accept(visitor);
+        accountSettings.accept(visitor);
+        backupsSubscriberData.accept(visitor);
+    }
+}
+
+impl Visit<Scrambler> for proto::account_data::UsernameLink {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            entropy,
+            serverId,
+            color: _,
+            special_fields: _,
+        } = self;
+        entropy.randomize(&mut visitor.rng);
+        visitor.replace_service_id(serverId);
+    }
+}
+
+impl Visit<Scrambler> for proto::account_data::SubscriberData {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            subscriberId,
+            currencyCode: _,
+            manuallyCancelled: _,
+            special_fields: _,
+        } = self;
+        subscriberId.randomize(&mut visitor.rng);
+    }
+}
+
+impl Visit<Scrambler> for proto::account_data::AccountSettings {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            readReceipts: _,
+            sealedSenderIndicators: _,
+            typingIndicators: _,
+            linkPreviews: _,
+            notDiscoverableByPhoneNumber: _,
+            preferContactAvatars: _,
+            universalExpireTimerSeconds: _,
+            // Not replacing this, it doesn't reveal *that* much information and it might be the cause of problems.
+            preferredReactionEmoji: _,
+            displayBadgesOnProfile: _,
+            keepMutedChatsArchived: _,
+            hasSetMyStoriesPrivacy: _,
+            hasViewedOnboardingStory: _,
+            storiesDisabled: _,
+            storyViewReceiptsEnabled: _,
+            hasSeenGroupStoryEducationSheet: _,
+            hasCompletedUsernameOnboarding: _,
+            phoneNumberSharingMode: _,
+            defaultChatStyle,
+            customChatColors,
+            special_fields: _,
+        } = self;
+
+        defaultChatStyle.accept(visitor);
+        customChatColors.accept(visitor);
+    }
+}
+
+impl Visit<Scrambler> for proto::ChatStyle {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            dimWallpaperInDarkMode: _,
+            wallpaper,
+            bubbleColor,
+            special_fields: _,
+        } = self;
+
+        if let Some(wallpaper) = wallpaper {
+            use proto::chat_style::Wallpaper;
+            match wallpaper {
+                Wallpaper::WallpaperPreset(_) => {}
+                Wallpaper::WallpaperPhoto(file) => file.accept(visitor),
+            }
+        }
+
+        if let Some(color) = bubbleColor {
+            use proto::chat_style::BubbleColor;
+            match color {
+                BubbleColor::AutoBubbleColor(_) => {}
+                BubbleColor::BubbleColorPreset(_) => {}
+                BubbleColor::CustomColorId(_) => {}
+            }
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::FilePointer {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            contentType,
+            incrementalMac,
+            incrementalMacChunkSize: _,
+            fileName,
+            width: _,
+            height: _,
+            caption,
+            blurHash,
+            locator,
+            special_fields: _,
+        } = self;
+
+        contentType.as_mut().map(scramble_content_type);
+        incrementalMac.randomize(&mut visitor.rng);
+        fileName.randomize(&mut visitor.rng);
+        caption.randomize(&mut visitor.rng);
+        blurHash.randomize(&mut visitor.rng);
+
+        if let Some(loc) = locator {
+            use proto::file_pointer::Locator;
+            match loc {
+                Locator::BackupLocator(loc) => loc.accept(visitor),
+                Locator::AttachmentLocator(loc) => loc.accept(visitor),
+                Locator::InvalidAttachmentLocator(loc) => loc.accept(visitor),
+            }
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::file_pointer::BackupLocator {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            mediaName,
+            cdnNumber: _,
+            key,
+            digest,
+            size: _,
+            transitCdnKey,
+            transitCdnNumber: _,
+            special_fields: _,
+        } = self;
+
+        key.randomize(&mut visitor.rng);
+        digest.randomize(&mut visitor.rng);
+        let is_thumbnail = mediaName.ends_with("_thumbnail");
+        *mediaName = hex::encode(digest);
+        if is_thumbnail {
+            mediaName.push_str("_thumbnail");
+        }
+        transitCdnKey.randomize(&mut visitor.rng);
+    }
+}
+
+impl Visit<Scrambler> for proto::file_pointer::AttachmentLocator {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            cdnKey,
+            cdnNumber: _,
+            uploadTimestamp: _,
+            key,
+            digest,
+            size: _,
+            special_fields: _,
+        } = self;
+        cdnKey.randomize(&mut visitor.rng);
+        key.randomize(&mut visitor.rng);
+        digest.randomize(&mut visitor.rng);
+    }
+}
+
+impl Visit<Scrambler> for proto::file_pointer::InvalidAttachmentLocator {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self { special_fields: _ } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::chat_style::CustomChatColor {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self {
+            id: _,
+            color,
+            special_fields: _,
+        } = self;
+
+        if let Some(color) = color {
+            use proto::chat_style::custom_chat_color::Color;
+            match color {
+                Color::Solid(_) => {}
+                Color::Gradient(_) => {
+                    // formally we should recurse into Gradient as well, but seriously now
+                }
+            }
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::account_data::IAPSubscriberData {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            subscriberId,
+            iapSubscriptionId,
+            special_fields: _,
+        } = self;
+
+        subscriberId.randomize(&mut visitor.rng);
+
+        if let Some(iap) = iapSubscriptionId {
+            use proto::account_data::iapsubscriber_data::IapSubscriptionId;
+            match iap {
+                IapSubscriptionId::PurchaseToken(token) => token.randomize(&mut visitor.rng),
+                IapSubscriptionId::OriginalTransactionId(id) => id.randomize(&mut visitor.rng),
+            }
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::Recipient {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            id: _,
+            destination,
+            special_fields: _,
+        } = self;
+
+        if let Some(dest) = destination {
+            use proto::recipient::Destination;
+            match dest {
+                Destination::Contact(dest) => dest.accept(visitor),
+                Destination::Group(dest) => dest.accept(visitor),
+                Destination::DistributionList(dest) => dest.accept(visitor),
+                Destination::Self_(dest) => dest.accept(visitor),
+                Destination::ReleaseNotes(dest) => dest.accept(visitor),
+                Destination::CallLink(dest) => dest.accept(visitor),
+            }
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::Contact {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            aci,
+            pni,
+            username,
+            e164,
+            blocked: _,
+            visibility: _,
+            profileKey,
+            profileSharing: _,
+            profileGivenName,
+            profileFamilyName,
+            hideStory: _,
+            identityKey,
+            identityState: _,
+            registration,
+            special_fields: _,
+        } = self;
+
+        if let Some(aci) = aci {
+            visitor.replace_service_id(aci);
+        }
+        if let Some(pni) = pni {
+            visitor.replace_service_id(pni);
+        }
+        if let Some(username) = username {
+            *username = REPLACEMENT_USERNAME.into();
+        };
+        if let Some(e164) = e164 {
+            visitor.replace_e164(e164);
+        }
+        profileKey.randomize(&mut visitor.rng);
+        profileGivenName.randomize(&mut visitor.rng);
+        profileFamilyName.randomize(&mut visitor.rng);
+        identityKey.randomize(&mut visitor.rng);
+
+        if let Some(reg) = registration {
+            use proto::contact::Registration;
+            match reg {
+                Registration::Registered(reg) => reg.accept(visitor),
+                Registration::NotRegistered(reg) => reg.accept(visitor),
+            }
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::contact::Registered {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self { special_fields: _ } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::contact::NotRegistered {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self {
+            unregisteredTimestamp: _,
+            special_fields: _,
+        } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::Group {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            masterKey,
+            whitelisted: _,
+            hideStory: _,
+            storySendMode: _,
+            snapshot,
+            special_fields: _,
+        } = self;
+        masterKey.randomize(&mut visitor.rng);
+        if let Some(snapshot) = snapshot.as_mut() {
+            snapshot.accept(visitor);
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::group::GroupSnapshot {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            title,
+            description,
+            avatarUrl,
+            disappearingMessagesTimer,
+            accessControl,
+            version: _,
+            members,
+            membersPendingProfileKey,
+            membersPendingAdminApproval,
+            inviteLinkPassword,
+            announcements_only: _,
+            members_banned,
+            special_fields: _,
+        } = self;
+        title.accept(visitor);
+        description.accept(visitor);
+        if !avatarUrl.is_empty() {
+            *avatarUrl = "https://cdn.signal.org/groupAvatarUrl".into();
+        }
+        disappearingMessagesTimer.accept(visitor);
+        accessControl.accept(visitor);
+        members.accept(visitor);
+        membersPendingProfileKey.accept(visitor);
+        membersPendingAdminApproval.accept(visitor);
+        inviteLinkPassword.randomize(&mut visitor.rng);
+        members_banned.accept(visitor);
+    }
+}
+
+impl Visit<Scrambler> for proto::group::GroupAttributeBlob {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            content,
+            special_fields: _,
+        } = self;
+
+        if let Some(content) = content {
+            use proto::group::group_attribute_blob::Content;
+            match content {
+                Content::Title(title) => title.randomize(&mut visitor.rng),
+                Content::Avatar(avatar) => avatar.randomize(&mut visitor.rng),
+                Content::DisappearingMessagesDuration(_) => {}
+                Content::DescriptionText(text) => text.randomize(&mut visitor.rng),
+            }
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::group::AccessControl {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self {
+            attributes: _,
+            members: _,
+            addFromInviteLink: _,
+            special_fields: _,
+        } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::group::Member {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            userId,
+            role: _,
+            joinedAtVersion: _,
+            special_fields: _,
+        } = self;
+        visitor.replace_service_id(userId);
+    }
+}
+
+impl Visit<Scrambler> for proto::group::MemberPendingProfileKey {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            member,
+            addedByUserId,
+            timestamp: _,
+            special_fields: _,
+        } = self;
+        member.accept(visitor);
+        visitor.replace_service_id(addedByUserId);
+    }
+}
+
+impl Visit<Scrambler> for proto::group::MemberPendingAdminApproval {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            userId,
+            timestamp: _,
+            special_fields: _,
+        } = self;
+        visitor.replace_service_id(userId);
+    }
+}
+
+impl Visit<Scrambler> for proto::group::MemberBanned {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            userId,
+            timestamp: _,
+            special_fields: _,
+        } = self;
+        visitor.replace_service_id(userId);
+    }
+}
+
+impl Visit<Scrambler> for proto::DistributionListItem {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            distributionId,
+            item,
+            special_fields: _,
+        } = self;
+
+        let is_my_story = distributionId[..] == MY_STORY_UUID.as_bytes()[..];
+        if !is_my_story {
+            visitor.replace_service_id(distributionId);
+        }
+
+        if let Some(item) = item {
+            use proto::distribution_list_item::Item;
+            match item {
+                Item::DeletionTimestamp(_) => {}
+                Item::DistributionList(proto::DistributionList {
+                    name,
+                    allowReplies: _,
+                    privacyMode: _,
+                    memberRecipientIds: _,
+                    special_fields: _,
+                }) => {
+                    // We handle the sub-message directly so that we can choose whether to scramble the name or not.
+                    if !is_my_story {
+                        name.randomize(&mut visitor.rng);
+                    }
+                }
+            }
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::Self_ {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self { special_fields: _ } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::ReleaseNotes {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self { special_fields: _ } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::CallLink {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            rootKey,
+            adminKey,
+            name,
+            restrictions: _,
+            expirationMs: _,
+            special_fields: _,
+        } = self;
+        rootKey.randomize(&mut visitor.rng);
+        adminKey.randomize(&mut visitor.rng);
+        name.randomize(&mut visitor.rng);
+    }
+}
+
+impl Visit<Scrambler> for proto::Chat {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            id: _,
+            recipientId: _,
+            archived: _,
+            pinnedOrder: _,
+            expirationTimerMs: _,
+            muteUntilMs: _,
+            markedUnread: _,
+            dontNotifyForMentionsIfMuted: _,
+            style,
+            expireTimerVersion: _,
+            special_fields: _,
+        } = self;
+
+        style.accept(visitor);
+    }
+}
+
+impl Visit<Scrambler> for proto::ChatItem {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            chatId: _,
+            authorId: _,
+            dateSent: _,
+            expireStartDate: _,
+            expiresInMs: _,
+            revisions,
+            sms: _,
+            directionalDetails,
+            item,
+            special_fields: _,
+        } = self;
+
+        revisions.accept(visitor);
+
+        if let Some(details) = directionalDetails {
+            use proto::chat_item::DirectionalDetails;
+            match details {
+                DirectionalDetails::Incoming(details) => details.accept(visitor),
+                DirectionalDetails::Outgoing(details) => details.accept(visitor),
+                DirectionalDetails::Directionless(details) => details.accept(visitor),
+            }
+        }
+
+        if let Some(item) = item {
+            use proto::chat_item::Item;
+            match item {
+                Item::StandardMessage(item) => item.accept(visitor),
+                Item::ContactMessage(item) => item.accept(visitor),
+                Item::StickerMessage(item) => item.accept(visitor),
+                Item::RemoteDeletedMessage(item) => item.accept(visitor),
+                Item::UpdateMessage(item) => item.accept(visitor),
+                Item::PaymentNotification(item) => item.accept(visitor),
+                Item::GiftBadge(item) => item.accept(visitor),
+                Item::ViewOnceMessage(item) => item.accept(visitor),
+            }
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::chat_item::IncomingMessageDetails {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self {
+            dateReceived: _,
+            dateServerSent: _,
+            read: _,
+            sealedSender: _,
+            special_fields: _,
+        } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::chat_item::OutgoingMessageDetails {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            sendStatus,
+            special_fields: _,
+        } = self;
+        sendStatus.accept(visitor);
+    }
+}
+
+impl Visit<Scrambler> for proto::SendStatus {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            recipientId: _,
+            timestamp: _,
+            deliveryStatus,
+            special_fields: _,
+        } = self;
+
+        if let Some(status) = deliveryStatus {
+            use proto::send_status::DeliveryStatus;
+            match status {
+                DeliveryStatus::Pending(status) => status.accept(visitor),
+                DeliveryStatus::Sent(status) => status.accept(visitor),
+                DeliveryStatus::Delivered(status) => status.accept(visitor),
+                DeliveryStatus::Read(status) => status.accept(visitor),
+                DeliveryStatus::Viewed(status) => status.accept(visitor),
+                DeliveryStatus::Skipped(status) => status.accept(visitor),
+                DeliveryStatus::Failed(status) => status.accept(visitor),
+            }
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::send_status::Pending {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self { special_fields: _ } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::send_status::Sent {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self {
+            sealedSender: _,
+            special_fields: _,
+        } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::send_status::Delivered {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self {
+            sealedSender: _,
+            special_fields: _,
+        } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::send_status::Read {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self {
+            sealedSender: _,
+            special_fields: _,
+        } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::send_status::Viewed {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self {
+            sealedSender: _,
+            special_fields: _,
+        } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::send_status::Skipped {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self { special_fields: _ } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::send_status::Failed {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self {
+            reason: _,
+            special_fields: _,
+        } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::chat_item::DirectionlessMessageDetails {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self { special_fields: _ } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::StandardMessage {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            quote,
+            text,
+            attachments,
+            linkPreview,
+            longText,
+            reactions,
+            special_fields: _,
+        } = self;
+
+        quote.accept(visitor);
+        text.accept(visitor);
+        attachments.accept(visitor);
+        linkPreview.accept(visitor);
+        longText.accept(visitor);
+        reactions.accept(visitor);
+    }
+}
+
+impl Visit<Scrambler> for proto::Quote {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            targetSentTimestamp: _,
+            authorId: _,
+            text,
+            attachments,
+            type_: _,
+            special_fields: _,
+        } = self;
+
+        text.accept(visitor);
+        attachments.accept(visitor);
+    }
+}
+
+impl Visit<Scrambler> for proto::Text {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            body,
+            bodyRanges,
+            special_fields: _,
+        } = self;
+
+        // Use constant text input for better compression later.
+        // But make sure we're at least as long as the original body.
+        let mut new_body = if body.len() < REPLACEMENT_BODY_TEXT.len() {
+            REPLACEMENT_BODY_TEXT[..body.len()].to_owned()
+        } else {
+            REPLACEMENT_BODY_TEXT.repeat(body.len().div_ceil(REPLACEMENT_BODY_TEXT.len()))
+        };
+
+        // Put the U+FFFCs used for mentions back into the body for more plausible ranges.
+        // (Although if a message has mentions *and* a link preview, this might stomp on the
+        // replacement URL in the body text. Oh well.)
+        const MENTION_CHAR: char = '\u{FFFC}';
+        const MENTION_CHAR_STR: &str = "\u{FFFC}";
+        if !bodyRanges.is_empty() {
+            for (index, c) in body.char_indices() {
+                if c == MENTION_CHAR {
+                    new_body
+                        .replace_range(index..(index + MENTION_CHAR_STR.len()), MENTION_CHAR_STR);
+                }
+            }
+        }
+
+        *body = new_body;
+
+        bodyRanges.accept(visitor);
+    }
+}
+
+impl Visit<Scrambler> for proto::BodyRange {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            start: _,
+            length: _,
+            associatedValue,
+            special_fields: _,
+        } = self;
+
+        if let Some(value) = associatedValue {
+            use proto::body_range::AssociatedValue;
+            match value {
+                AssociatedValue::MentionAci(aci) => visitor.replace_service_id(aci),
+                AssociatedValue::Style(_) => {}
+            }
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::quote::QuotedAttachment {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            contentType,
+            fileName,
+            thumbnail,
+            special_fields: _,
+        } = self;
+
+        contentType.as_mut().map(scramble_content_type);
+        fileName.randomize(&mut visitor.rng);
+        thumbnail.accept(visitor);
+    }
+}
+
+impl Visit<Scrambler> for proto::MessageAttachment {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            pointer,
+            flag: _,
+            wasDownloaded: _,
+            clientUuid,
+            special_fields: _,
+        } = self;
+        pointer.accept(visitor);
+        if let Some(uuid) = clientUuid {
+            visitor.replace_service_id(uuid);
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::LinkPreview {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            url,
+            title,
+            image,
+            description,
+            date: _,
+            special_fields: _,
+        } = self;
+
+        *url = REPLACEMENT_URL.into();
+        title.randomize(&mut visitor.rng);
+        image.accept(visitor);
+        description.randomize(&mut visitor.rng);
+    }
+}
+
+impl Visit<Scrambler> for proto::Reaction {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self {
+            emoji,
+            authorId: _,
+            sentTimestamp: _,
+            sortOrder: _,
+            special_fields: _,
+        } = self;
+
+        *emoji = REPLACEMENT_EMOJI.into();
+    }
+}
+
+impl Visit<Scrambler> for proto::ContactMessage {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            contact,
+            reactions,
+            special_fields: _,
+        } = self;
+        contact.accept(visitor);
+        reactions.accept(visitor);
+    }
+}
+
+impl Visit<Scrambler> for proto::ContactAttachment {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            name,
+            number,
+            email,
+            address,
+            avatar,
+            organization,
+            special_fields: _,
+        } = self;
+        name.accept(visitor);
+        number.accept(visitor);
+        email.accept(visitor);
+        address.accept(visitor);
+        avatar.accept(visitor);
+        organization.randomize(&mut visitor.rng);
+    }
+}
+
+impl Visit<Scrambler> for proto::contact_attachment::Name {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            givenName,
+            familyName,
+            prefix,
+            suffix,
+            middleName,
+            nickname,
+            special_fields: _,
+        } = self;
+        givenName.randomize(&mut visitor.rng);
+        familyName.randomize(&mut visitor.rng);
+        prefix.randomize(&mut visitor.rng);
+        suffix.randomize(&mut visitor.rng);
+        middleName.randomize(&mut visitor.rng);
+        nickname.randomize(&mut visitor.rng);
+    }
+}
+
+impl Visit<Scrambler> for proto::contact_attachment::Phone {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            value,
+            type_: _,
+            label,
+            special_fields: _,
+        } = self;
+
+        // We could try harder to make this a valid number, but clients can't trust it anyway.
+        value.randomize(&mut visitor.rng);
+        label.randomize(&mut visitor.rng);
+    }
+}
+
+impl Visit<Scrambler> for proto::contact_attachment::Email {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            value,
+            type_: _,
+            label,
+            special_fields: _,
+        } = self;
+
+        // Similarly, we could try to make this a valid email, but clients can't trust this either.
+        value.randomize(&mut visitor.rng);
+        label.randomize(&mut visitor.rng);
+    }
+}
+
+impl Visit<Scrambler> for proto::contact_attachment::PostalAddress {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            type_: _,
+            label,
+            street,
+            pobox,
+            neighborhood,
+            city,
+            region,
+            postcode,
+            country,
+            special_fields: _,
+        } = self;
+
+        label.randomize(&mut visitor.rng);
+        street.randomize(&mut visitor.rng);
+        pobox.randomize(&mut visitor.rng);
+        neighborhood.randomize(&mut visitor.rng);
+        city.randomize(&mut visitor.rng);
+        region.randomize(&mut visitor.rng);
+        postcode.randomize(&mut visitor.rng);
+        country.randomize(&mut visitor.rng);
+    }
+}
+
+impl Visit<Scrambler> for proto::StickerMessage {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            sticker,
+            reactions,
+            special_fields: _,
+        } = self;
+
+        sticker.accept(visitor);
+        reactions.accept(visitor);
+    }
+}
+
+impl Visit<Scrambler> for proto::Sticker {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            packId,
+            packKey,
+            stickerId: _,
+            emoji,
+            data,
+            special_fields: _,
+        } = self;
+        packId.randomize(&mut visitor.rng);
+        packKey.randomize(&mut visitor.rng);
+        if let Some(emoji) = emoji {
+            *emoji = REPLACEMENT_EMOJI.into();
+        }
+        data.accept(visitor);
+    }
+}
+
+impl Visit<Scrambler> for proto::RemoteDeletedMessage {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self { special_fields: _ } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::ChatUpdateMessage {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            update,
+            special_fields: _,
+        } = self;
+
+        if let Some(update) = update {
+            use proto::chat_update_message::Update;
+            match update {
+                Update::SimpleUpdate(update) => update.accept(visitor),
+                Update::GroupChange(update) => update.accept(visitor),
+                Update::ExpirationTimerChange(update) => update.accept(visitor),
+                Update::ProfileChange(update) => update.accept(visitor),
+                Update::ThreadMerge(update) => update.accept(visitor),
+                Update::SessionSwitchover(update) => update.accept(visitor),
+                Update::IndividualCall(update) => update.accept(visitor),
+                Update::GroupCall(update) => update.accept(visitor),
+                Update::LearnedProfileChange(update) => update.accept(visitor),
+            }
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::SimpleChatUpdate {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self {
+            type_: _,
+            special_fields: _,
+        } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupChangeChatUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            updates,
+            special_fields: _,
+        } = self;
+        updates.accept(visitor);
+    }
+}
+
+impl Visit<Scrambler> for proto::group_change_chat_update::Update {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            update,
+            special_fields: _,
+        } = self;
+
+        use proto::group_change_chat_update::update::Update;
+        if let Some(update) = update.as_mut() {
+            match update {
+                Update::GenericGroupUpdate(update) => update.accept(visitor),
+                Update::GroupCreationUpdate(update) => update.accept(visitor),
+                Update::GroupNameUpdate(update) => update.accept(visitor),
+                Update::GroupAvatarUpdate(update) => update.accept(visitor),
+                Update::GroupDescriptionUpdate(update) => update.accept(visitor),
+                Update::GroupMembershipAccessLevelChangeUpdate(update) => update.accept(visitor),
+                Update::GroupAttributesAccessLevelChangeUpdate(update) => update.accept(visitor),
+                Update::GroupAnnouncementOnlyChangeUpdate(update) => update.accept(visitor),
+                Update::GroupAdminStatusUpdate(update) => update.accept(visitor),
+                Update::GroupMemberLeftUpdate(update) => update.accept(visitor),
+                Update::GroupMemberRemovedUpdate(update) => update.accept(visitor),
+                Update::SelfInvitedToGroupUpdate(update) => update.accept(visitor),
+                Update::SelfInvitedOtherUserToGroupUpdate(update) => update.accept(visitor),
+                Update::GroupUnknownInviteeUpdate(update) => update.accept(visitor),
+                Update::GroupInvitationAcceptedUpdate(update) => update.accept(visitor),
+                Update::GroupInvitationDeclinedUpdate(update) => update.accept(visitor),
+                Update::GroupMemberJoinedUpdate(update) => update.accept(visitor),
+                Update::GroupMemberAddedUpdate(update) => update.accept(visitor),
+                Update::GroupSelfInvitationRevokedUpdate(update) => update.accept(visitor),
+                Update::GroupInvitationRevokedUpdate(update) => update.accept(visitor),
+                Update::GroupJoinRequestUpdate(update) => update.accept(visitor),
+                Update::GroupJoinRequestApprovalUpdate(update) => update.accept(visitor),
+                Update::GroupJoinRequestCanceledUpdate(update) => update.accept(visitor),
+                Update::GroupInviteLinkResetUpdate(update) => update.accept(visitor),
+                Update::GroupInviteLinkEnabledUpdate(update) => update.accept(visitor),
+                Update::GroupInviteLinkAdminApprovalUpdate(update) => update.accept(visitor),
+                Update::GroupInviteLinkDisabledUpdate(update) => update.accept(visitor),
+                Update::GroupMemberJoinedByLinkUpdate(update) => update.accept(visitor),
+                Update::GroupV2MigrationUpdate(update) => update.accept(visitor),
+                Update::GroupV2MigrationSelfInvitedUpdate(update) => update.accept(visitor),
+                Update::GroupV2MigrationInvitedMembersUpdate(update) => update.accept(visitor),
+                Update::GroupV2MigrationDroppedMembersUpdate(update) => update.accept(visitor),
+                Update::GroupSequenceOfRequestsAndCancelsUpdate(update) => update.accept(visitor),
+                Update::GroupExpirationTimerUpdate(update) => update.accept(visitor),
+            }
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::GenericGroupUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            updaterAci,
+            special_fields: _,
+        } = self;
+        if let Some(updater) = updaterAci {
+            visitor.replace_service_id(updater);
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupCreationUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            updaterAci,
+            special_fields: _,
+        } = self;
+        if let Some(updater) = updaterAci {
+            visitor.replace_service_id(updater);
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupNameUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            updaterAci,
+            newGroupName,
+            special_fields: _,
+        } = self;
+        if let Some(updater) = updaterAci {
+            visitor.replace_service_id(updater);
+        }
+        newGroupName.randomize(&mut visitor.rng);
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupAvatarUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            updaterAci,
+            wasRemoved: _,
+            special_fields: _,
+        } = self;
+        if let Some(updater) = updaterAci {
+            visitor.replace_service_id(updater);
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupDescriptionUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            updaterAci,
+            newDescription,
+            special_fields: _,
+        } = self;
+        if let Some(updater) = updaterAci {
+            visitor.replace_service_id(updater);
+        }
+        newDescription.randomize(&mut visitor.rng);
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupMembershipAccessLevelChangeUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            updaterAci,
+            accessLevel: _,
+            special_fields: _,
+        } = self;
+        if let Some(updater) = updaterAci {
+            visitor.replace_service_id(updater);
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupAttributesAccessLevelChangeUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            updaterAci,
+            accessLevel: _,
+            special_fields: _,
+        } = self;
+        if let Some(updater) = updaterAci {
+            visitor.replace_service_id(updater);
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupAnnouncementOnlyChangeUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            updaterAci,
+            isAnnouncementOnly: _,
+            special_fields: _,
+        } = self;
+        if let Some(updater) = updaterAci {
+            visitor.replace_service_id(updater);
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupAdminStatusUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            updaterAci,
+            memberAci,
+            wasAdminStatusGranted: _,
+            special_fields: _,
+        } = self;
+        if let Some(updater) = updaterAci {
+            visitor.replace_service_id(updater);
+        }
+        visitor.replace_service_id(memberAci);
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupMemberLeftUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            aci,
+            special_fields: _,
+        } = self;
+        visitor.replace_service_id(aci);
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupMemberRemovedUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            removerAci,
+            removedAci,
+            special_fields: _,
+        } = self;
+        if let Some(remover) = removerAci {
+            visitor.replace_service_id(remover);
+        }
+        visitor.replace_service_id(removedAci);
+    }
+}
+
+impl Visit<Scrambler> for proto::SelfInvitedToGroupUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            inviterAci,
+            special_fields: _,
+        } = self;
+        if let Some(inviter) = inviterAci {
+            visitor.replace_service_id(inviter);
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::SelfInvitedOtherUserToGroupUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            inviteeServiceId,
+            special_fields: _,
+        } = self;
+        visitor.replace_service_id(inviteeServiceId);
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupUnknownInviteeUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            inviterAci,
+            inviteeCount: _,
+            special_fields: _,
+        } = self;
+        if let Some(inviter) = inviterAci {
+            visitor.replace_service_id(inviter);
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupInvitationAcceptedUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            inviterAci,
+            newMemberAci,
+            special_fields: _,
+        } = self;
+        if let Some(inviter) = inviterAci {
+            visitor.replace_service_id(inviter);
+        }
+        visitor.replace_service_id(newMemberAci);
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupInvitationDeclinedUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            inviterAci,
+            inviteeAci,
+            special_fields: _,
+        } = self;
+        if let Some(inviter) = inviterAci {
+            visitor.replace_service_id(inviter);
+        }
+        if let Some(invitee) = inviteeAci {
+            visitor.replace_service_id(invitee);
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupMemberJoinedUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            newMemberAci,
+            special_fields: _,
+        } = self;
+        visitor.replace_service_id(newMemberAci);
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupMemberAddedUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            updaterAci,
+            newMemberAci,
+            hadOpenInvitation: _,
+            inviterAci,
+            special_fields: _,
+        } = self;
+        if let Some(updater) = updaterAci {
+            visitor.replace_service_id(updater);
+        }
+        visitor.replace_service_id(newMemberAci);
+        if let Some(inviter) = inviterAci {
+            visitor.replace_service_id(inviter);
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupSelfInvitationRevokedUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            revokerAci,
+            special_fields: _,
+        } = self;
+        if let Some(revoker) = revokerAci {
+            visitor.replace_service_id(revoker);
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupInvitationRevokedUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            updaterAci,
+            invitees,
+            special_fields: _,
+        } = self;
+        if let Some(updater) = updaterAci {
+            visitor.replace_service_id(updater);
+        }
+        invitees.accept(visitor);
+    }
+}
+
+impl Visit<Scrambler> for proto::group_invitation_revoked_update::Invitee {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            inviterAci,
+            inviteeAci,
+            inviteePni,
+            special_fields: _,
+        } = self;
+        if let Some(inviter) = inviterAci {
+            visitor.replace_service_id(inviter);
+        }
+        if let Some(invitee) = inviteeAci {
+            visitor.replace_service_id(invitee);
+        }
+        if let Some(invitee) = inviteePni {
+            visitor.replace_service_id(invitee);
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupJoinRequestUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            requestorAci,
+            special_fields: _,
+        } = self;
+        visitor.replace_service_id(requestorAci);
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupJoinRequestApprovalUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            requestorAci,
+            updaterAci,
+            wasApproved: _,
+            special_fields: _,
+        } = self;
+        visitor.replace_service_id(requestorAci);
+        if let Some(updater) = updaterAci {
+            visitor.replace_service_id(updater);
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupJoinRequestCanceledUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            requestorAci,
+            special_fields: _,
+        } = self;
+        visitor.replace_service_id(requestorAci);
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupInviteLinkResetUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            updaterAci,
+            special_fields: _,
+        } = self;
+        if let Some(updater) = updaterAci {
+            visitor.replace_service_id(updater);
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupInviteLinkEnabledUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            updaterAci,
+            linkRequiresAdminApproval: _,
+            special_fields: _,
+        } = self;
+        if let Some(updater) = updaterAci {
+            visitor.replace_service_id(updater);
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupInviteLinkAdminApprovalUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            updaterAci,
+            linkRequiresAdminApproval: _,
+            special_fields: _,
+        } = self;
+        if let Some(updater) = updaterAci {
+            visitor.replace_service_id(updater);
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupInviteLinkDisabledUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            updaterAci,
+            special_fields: _,
+        } = self;
+        if let Some(updater) = updaterAci {
+            visitor.replace_service_id(updater);
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupMemberJoinedByLinkUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            newMemberAci,
+            special_fields: _,
+        } = self;
+        visitor.replace_service_id(newMemberAci);
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupV2MigrationUpdate {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self { special_fields: _ } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupV2MigrationSelfInvitedUpdate {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self { special_fields: _ } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupV2MigrationInvitedMembersUpdate {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self {
+            invitedMembersCount: _,
+            special_fields: _,
+        } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupV2MigrationDroppedMembersUpdate {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self {
+            droppedMembersCount: _,
+            special_fields: _,
+        } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupSequenceOfRequestsAndCancelsUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            requestorAci,
+            count: _,
+            special_fields: _,
+        } = self;
+        visitor.replace_service_id(requestorAci);
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupExpirationTimerUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            expiresInMs: _,
+            updaterAci,
+            special_fields: _,
+        } = self;
+        if let Some(updater) = updaterAci {
+            visitor.replace_service_id(updater);
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::ExpirationTimerChatUpdate {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self {
+            expiresInMs: _,
+            special_fields: _,
+        } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::ProfileChangeChatUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            previousName,
+            newName,
+            special_fields: _,
+        } = self;
+        previousName.randomize(&mut visitor.rng);
+        newName.randomize(&mut visitor.rng);
+    }
+}
+
+impl Visit<Scrambler> for proto::ThreadMergeChatUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            previousE164,
+            special_fields: _,
+        } = self;
+        visitor.replace_e164(previousE164);
+    }
+}
+
+impl Visit<Scrambler> for proto::SessionSwitchoverChatUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            e164,
+            special_fields: _,
+        } = self;
+        visitor.replace_e164(e164);
+    }
+}
+
+impl Visit<Scrambler> for proto::IndividualCall {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self {
+            callId: _,
+            type_: _,
+            direction: _,
+            state: _,
+            startedCallTimestamp: _,
+            read: _,
+            special_fields: _,
+        } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::GroupCall {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self {
+            callId: _,
+            state: _,
+            ringerRecipientId: _,
+            startedCallRecipientId: _,
+            startedCallTimestamp: _,
+            endedCallTimestamp: _,
+            read: _,
+            special_fields: _,
+        } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::LearnedProfileChatUpdate {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            previousName,
+            special_fields: _,
+        } = self;
+
+        if let Some(name) = previousName {
+            use proto::learned_profile_chat_update::PreviousName;
+            match name {
+                PreviousName::E164(e164) => visitor.replace_e164(e164),
+                PreviousName::Username(username) => *username = REPLACEMENT_USERNAME.into(),
+            }
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::PaymentNotification {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            amountMob,
+            feeMob,
+            note,
+            transactionDetails,
+            special_fields: _,
+        } = self;
+
+        if let Some(mob) = amountMob {
+            *mob = "1.0".into();
+        }
+        if let Some(mob) = feeMob {
+            *mob = "0.1".into();
+        }
+        note.randomize(&mut visitor.rng);
+        transactionDetails.accept(visitor);
+    }
+}
+
+impl Visit<Scrambler> for proto::payment_notification::TransactionDetails {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            payment,
+            special_fields: _,
+        } = self;
+
+        if let Some(payment) = payment {
+            use proto::payment_notification::transaction_details::Payment;
+            match payment {
+                Payment::Transaction(transaction) => transaction.accept(visitor),
+                Payment::FailedTransaction(transaction) => transaction.accept(visitor),
+            }
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::payment_notification::transaction_details::Transaction {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            status: _,
+            mobileCoinIdentification,
+            timestamp: _,
+            blockIndex,
+            blockTimestamp: _,
+            transaction,
+            receipt,
+            special_fields: _,
+        } = self;
+
+        mobileCoinIdentification.accept(visitor);
+        blockIndex.randomize(&mut visitor.rng);
+        transaction.randomize(&mut visitor.rng);
+        receipt.randomize(&mut visitor.rng);
+    }
+}
+
+impl Visit<Scrambler>
+    for proto::payment_notification::transaction_details::MobileCoinTxoIdentification
+{
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            publicKey,
+            keyImages,
+            special_fields: _,
+        } = self;
+        publicKey.randomize(&mut visitor.rng);
+        keyImages.randomize(&mut visitor.rng);
+    }
+}
+
+impl Visit<Scrambler> for proto::payment_notification::transaction_details::FailedTransaction {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self {
+            reason: _,
+            special_fields: _,
+        } = self;
+    }
+}
+
+impl Visit<Scrambler> for proto::GiftBadge {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            receiptCredentialPresentation,
+            state: _,
+            special_fields: _,
+        } = self;
+
+        if let Ok(presentation) =
+            zkgroup::deserialize::<ReceiptCredentialPresentation>(receiptCredentialPresentation)
+        {
+            // Create a new presentation for the same level and timestamp, but removing the serial
+            // bytes. The timestamp means it's not *that* much more anonymous, but at least it's not
+            // redeemable (it's also the wrong server params, of course). The other downside is that
+            // it may not be the same credential version, since we're making a new one from scratch,
+            // but that can't be helped unless we want to hardcode a parser for the serialized form.
+            let mut entropy: [u8; zkgroup::RANDOMNESS_LEN] = [0; 32];
+            entropy.randomize(&mut visitor.rng);
+
+            let server_params = zkgroup::ServerSecretParams::generate(entropy);
+            let server_public_params = server_params.get_public_params();
+            let request_context = &server_public_params
+                .create_receipt_credential_request_context(entropy, [b'r'; 16]);
+            let request = request_context.get_request();
+            let response = server_params.issue_receipt_credential(
+                entropy,
+                &request,
+                presentation.get_receipt_expiration_time(),
+                presentation.get_receipt_level(),
+            );
+            let credential = server_public_params
+                .receive_receipt_credential(request_context, &response)
+                .expect("valid request");
+            *receiptCredentialPresentation = zkgroup::serialize(
+                &server_public_params.create_receipt_credential_presentation(entropy, &credential),
+            );
+        } else if !receiptCredentialPresentation.is_empty() {
+            // It's not valid anyway, just preserve the version and nothing else.
+            let version_byte = receiptCredentialPresentation[0];
+            receiptCredentialPresentation.randomize(&mut visitor.rng);
+            receiptCredentialPresentation[0] = version_byte;
+        }
+    }
+}
+
+impl Visit<Scrambler> for proto::ViewOnceMessage {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            attachment,
+            reactions,
+            special_fields: _,
+        } = self;
+        attachment.accept(visitor);
+        reactions.accept(visitor);
+    }
+}
+
+impl Visit<Scrambler> for proto::StickerPack {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            packId,
+            packKey,
+            special_fields: _,
+        } = self;
+        packId.randomize(&mut visitor.rng);
+        packKey.randomize(&mut visitor.rng);
+    }
+}
+
+impl Visit<Scrambler> for proto::AdHocCall {
+    fn accept(&mut self, _visitor: &mut Scrambler) {
+        let Self {
+            callId: _,
+            recipientId: _,
+            state: _,
+            callTimestamp: _,
+            special_fields: _,
+        } = self;
+    }
+}
diff --git a/rust/message-backup/src/scramble/randomize.rs b/rust/message-backup/src/scramble/randomize.rs
new file mode 100644
index 000000000..8ee75b0c9
--- /dev/null
+++ b/rust/message-backup/src/scramble/randomize.rs
@@ -0,0 +1,64 @@
+//
+// Copyright (C) 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+
+use rand::distributions::{Alphanumeric, DistString as _};
+use rand::Rng;
+
+/// Replaces the contents with something random that is the same length.
+///
+/// More specific than "scramble" or "accept(scrambler)", so it's clearer that this is the right
+/// choice for how to scramble a particular field.
+pub trait Randomize {
+    fn randomize(&mut self, rng: &mut impl Rng);
+}
+
+impl<T> Randomize for Option<T>
+where
+    T: Randomize,
+{
+    fn randomize(&mut self, rng: &mut impl Rng) {
+        if let Some(x) = self.as_mut() {
+            x.randomize(rng)
+        }
+    }
+}
+
+impl Randomize for String {
+    fn randomize(&mut self, rng: &mut impl Rng) {
+        *self = Alphanumeric.sample_string(rng, self.len());
+    }
+}
+
+impl Randomize for [u8] {
+    fn randomize(&mut self, rng: &mut impl Rng) {
+        rng.fill_bytes(self);
+    }
+}
+
+impl Randomize for Vec<u8> {
+    fn randomize(&mut self, rng: &mut impl Rng) {
+        self.as_mut_slice().randomize(rng);
+    }
+}
+
+impl<T: Randomize> Randomize for Vec<T> {
+    fn randomize(&mut self, rng: &mut impl Rng) {
+        self.iter_mut().for_each(|x| x.randomize(rng));
+    }
+}
+
+impl Randomize for u64 {
+    fn randomize(&mut self, rng: &mut impl Rng) {
+        *self = rng.gen();
+    }
+}
+
+/// Generates a random but valid v4 UUID.
+pub fn random_uuid(rng: &mut impl Rng) -> Vec<u8> {
+    uuid::Builder::from_random_bytes(rng.gen())
+        .into_uuid()
+        .into_bytes()
+        .to_vec()
+}
diff --git a/rust/message-backup/src/unknown.rs b/rust/message-backup/src/unknown.rs
index 131d7f606..f18e3908e 100644
--- a/rust/message-backup/src/unknown.rs
+++ b/rust/message-backup/src/unknown.rs
@@ -143,8 +143,7 @@ impl PathPart {
 }
 
 /// Visitor for unknown fields on a [`protobuf::Message`].
-#[cfg_attr(feature = "test-util", visibility::make(pub))]
-pub(crate) trait VisitUnknownFields {
+pub trait VisitUnknownFields {
     /// Calls the visitor for each unknown field in the message.
     fn visit_unknown_fields<F: UnknownFieldVisitor>(&self, visitor: F);
 }
@@ -160,8 +159,7 @@ impl<M: visit_static::VisitUnknownFields> VisitUnknownFields for M {
 }
 
 /// Extension trait for [`VisitUnknownFields`] with convenience methods.
-#[cfg_attr(feature = "test-util", visibility::make(pub))]
-pub(crate) trait VisitUnknownFieldsExt {
+pub trait VisitUnknownFieldsExt {
     #[allow(dead_code)]
     fn has_unknown_fields(&self) -> bool;
     fn collect_unknown_fields(&self) -> Vec<(Vec<PathPart>, UnknownValue)>;
diff --git a/rust/message-backup/tests/res/canonical-backup.scrambled.expected.json b/rust/message-backup/tests/res/canonical-backup.scrambled.expected.json
new file mode 100644
index 000000000..14435d47e
--- /dev/null
+++ b/rust/message-backup/tests/res/canonical-backup.scrambled.expected.json
@@ -0,0 +1,77 @@
+{
+  "meta": {
+    "version": 1,
+    "media_root_backup_key": "7f6f2ccdb23f2abb7b69278e947c01c6160a31cf02c19d06d0f6e5ab1d768b95",
+    "purpose": "RemoteBackup"
+  },
+  "account_data": {
+    "profile_key": "117be1de549d1d4322c4711f11efa0c5137903124f85fc37c761ffc91ace30cb",
+    "username": {
+      "username": "signal.1",
+      "link": {
+        "color": "OLIVE",
+        "entropy": "ac7f0d9eaea4d4bf5438b887e34d0cf87e7f98d97da70eff001850487b2cae23",
+        "server_id": "bb7b55ef-f062-4284-9a63-283cbaf0fdbc"
+      }
+    },
+    "given_name": "rJu1",
+    "family_name": "dNEg",
+    "account_settings": {
+      "phone_number_sharing": "WithNobody",
+      "read_receipts": true,
+      "sealed_sender_indicators": true,
+      "typing_indicators": true,
+      "link_previews": false,
+      "not_discoverable_by_phone_number": true,
+      "prefer_contact_avatars": true,
+      "display_badges_on_profile": true,
+      "keep_muted_chats_archived": true,
+      "has_set_my_stories_privacy": true,
+      "has_viewed_onboarding_story": true,
+      "stories_disabled": true,
+      "story_view_receipts_enabled": true,
+      "has_seen_group_story_education_sheet": true,
+      "has_completed_username_onboarding": true,
+      "universal_expire_timer": 3600000,
+      "preferred_reaction_emoji": [
+        "🏎️"
+      ],
+      "default_chat_style": null,
+      "custom_chat_colors": {}
+    },
+    "avatar_url_path": "",
+    "donation_subscription": {
+      "subscriber_id": "8d4e5ee1d08b43a3d80457bf09e0957a2f922b58e79646e02a2529cb7c99e3de",
+      "currency_code": "USD",
+      "manually_canceled": true
+    },
+    "backup_subscription": null
+  },
+  "recipients": [
+    "Self_",
+    "ReleaseNotes",
+    {
+      "DistributionList": {
+        "List": {
+          "distribution_id": "00000000-0000-0000-0000-000000000000",
+          "name": "My Story",
+          "allow_replies": true,
+          "privacy_mode": "All"
+        }
+      }
+    },
+    {
+      "CallLink": {
+        "restrictions": "ADMIN_APPROVAL",
+        "root_key": "560162bb28f02f1015a3dcec38dca4fc",
+        "admin_key": "73535b298b0b8037077edc6fe22b20fa72cc0b4cee98ddeaa5a0626311355dad",
+        "expiration": 1725926400000,
+        "name": "YA0E2nsnqyUq"
+      }
+    }
+  ],
+  "chats": [],
+  "ad_hoc_calls": [],
+  "pinned_chats": [],
+  "sticker_packs": []
+}
\ No newline at end of file
diff --git a/rust/message-backup/tests/test_cases.rs b/rust/message-backup/tests/test_cases.rs
index e7a1315d8..e0ba4d006 100644
--- a/rust/message-backup/tests/test_cases.rs
+++ b/rust/message-backup/tests/test_cases.rs
@@ -3,7 +3,7 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 
-use std::path::PathBuf;
+use std::path::{Path, PathBuf};
 
 use assert_cmd::Command;
 use assert_matches::assert_matches;
@@ -74,7 +74,39 @@ fn serialized_account_settings_is_valid() {
         .expect("valid backup");
     let canonical_repr =
         libsignal_message_backup::backup::serialize::Backup::from(result).to_string_pretty();
-    pretty_assertions::assert_str_eq!(canonical_repr, expected_canonical_str)
+    pretty_assertions::assert_str_eq!(expected_canonical_str, canonical_repr)
+}
+
+#[test]
+fn scrambler_smoke_test() {
+    // Scrambling is deterministic, so we can check against expected output.
+    let binproto = include_bytes!("res/canonical-backup.binproto");
+    let scrambled_binproto = Command::cargo_bin("examples/scramble")
+        .expect("bin exists")
+        .arg("-")
+        .write_stdin(binproto)
+        .ok()
+        .expect("valid binproto")
+        .stdout;
+
+    let input = Cursor::new(scrambled_binproto);
+    let reader = BackupReader::new_unencrypted(input, BACKUP_PURPOSE);
+    let result = futures::executor::block_on(reader.read_all())
+        .result
+        .expect("valid backup");
+    let canonical_repr =
+        libsignal_message_backup::backup::serialize::Backup::from(result).to_string_pretty();
+
+    if write_expected_output() {
+        let path = Path::new(env!("CARGO_MANIFEST_DIR"))
+            .join("tests/res/canonical-backup.scrambled.expected.json");
+        eprintln!("writing expected contents to {:?}", path);
+        std::fs::write(path, canonical_repr).expect("failed to overwrite expected contents");
+        return;
+    }
+
+    let expected_canonical_str = include_str!("res/canonical-backup.scrambled.expected.json");
+    pretty_assertions::assert_str_eq!(expected_canonical_str, canonical_repr)
 }
 
 const ENCRYPTED_SOURCE_SUFFIX: &str = ".source.jsonproto";

From 107479ec4f8f472d1e2291b86125c6d27455e54a Mon Sep 17 00:00:00 2001
From: moiseev-signal <122060238+moiseev-signal@users.noreply.github.com>
Date: Tue, 3 Dec 2024 17:10:35 -0800
Subject: [PATCH 44/57] keytrans: Rework the Store abstraction

---
 java/client/proguard-usage.txt.expected       |   2 -
 .../libsignal/keytrans/SearchContext.java     |  84 -----
 .../libsignal/keytrans/SearchResult.java      |  31 +-
 .../org/signal/libsignal/keytrans/Store.java  |  21 +-
 .../signal/libsignal/net/KeyTransparency.java |  23 --
 .../libsignal/net/KeyTransparencyClient.java  |  45 +--
 .../signal/libsignal/keytrans/TestStore.java  |  23 +-
 .../net/KeyTransparencyClientTest.java        |   7 +-
 .../libsignal/net/KeyTransparencyTest.java    |  43 +--
 .../org/signal/libsignal/internal/Native.java |   9 +-
 rust/bridge/shared/src/net/keytrans.rs        |  36 +--
 rust/bridge/shared/testing/src/keytrans.rs    |  46 +--
 rust/bridge/shared/types/src/keytrans.rs      |   6 -
 rust/keytrans/src/lib.rs                      |  89 ++++--
 rust/keytrans/src/log.rs                      |  16 +-
 rust/keytrans/src/proto/store.proto           |   7 +
 rust/keytrans/src/verify.rs                   |  77 +++--
 rust/net/src/auth.rs                          |   2 +-
 rust/net/src/chat.rs                          |   2 +-
 rust/net/src/keytrans.rs                      | 292 ++++++++++--------
 20 files changed, 385 insertions(+), 476 deletions(-)
 delete mode 100644 java/client/src/main/java/org/signal/libsignal/keytrans/SearchContext.java
 delete mode 100644 java/client/src/main/java/org/signal/libsignal/net/KeyTransparency.java

diff --git a/java/client/proguard-usage.txt.expected b/java/client/proguard-usage.txt.expected
index a9d03be62..70d4e9342 100644
--- a/java/client/proguard-usage.txt.expected
+++ b/java/client/proguard-usage.txt.expected
@@ -5,8 +5,6 @@ org.signal.libsignal.metadata.SealedSessionCipher:
     188:188:private static synthetic byte[] lambda$multiRecipientMessageForSingleRecipient$3(byte[])
 org.signal.libsignal.metadata.certificate.CertificateValidator:
     41:48:void validate(org.signal.libsignal.metadata.certificate.ServerCertificate)
-org.signal.libsignal.net.KeyTransparency:
-    11:11:KeyTransparency()
 org.signal.libsignal.protocol.ServiceId:
     private static final byte FIXED_WIDTH_BINARY_LENGTH
     private static final byte ACI_MARKER
diff --git a/java/client/src/main/java/org/signal/libsignal/keytrans/SearchContext.java b/java/client/src/main/java/org/signal/libsignal/keytrans/SearchContext.java
deleted file mode 100644
index b6a22baf5..000000000
--- a/java/client/src/main/java/org/signal/libsignal/keytrans/SearchContext.java
+++ /dev/null
@@ -1,84 +0,0 @@
-//
-// Copyright 2024 Signal Messenger, LLC.
-// SPDX-License-Identifier: AGPL-3.0-only
-//
-
-package org.signal.libsignal.keytrans;
-
-import org.signal.libsignal.internal.FilterExceptions;
-import org.signal.libsignal.internal.Native;
-import org.signal.libsignal.internal.NativeHandleGuard;
-
-/**
- * Extra data accompanying the key transparency search request.
- *
- * <p>This is an implementation detail of the {@link org.signal.libsignal.net.KeyTransparencyClient}
- * and is not supposed to be used directly. The context will be populated from the {@link Store}.
- */
-public final class SearchContext extends NativeHandleGuard.SimpleOwner {
-  SearchContext(
-      byte[] aciMonitor,
-      byte[] e164Monitor,
-      byte[] usernameHashMonitor,
-      byte[] lastTreeHead,
-      byte[] lastDistinguishedTreeHead) {
-    super(
-        FilterExceptions.filterExceptions(
-            () ->
-                // The only exception it can throw is an IllegalArgumentException, even though it is
-                // bridged as throwing Exception.
-                Native.KeyTransparency_NewSearchContext(
-                    aciMonitor,
-                    e164Monitor,
-                    usernameHashMonitor,
-                    lastTreeHead,
-                    lastDistinguishedTreeHead)));
-  }
-
-  @Override
-  protected void release(long nativeHandle) {
-    Native.ChatSearchContext_Destroy(nativeHandle);
-  }
-
-  public static Builder builder() {
-    return new Builder();
-  }
-
-  public static final class Builder {
-    byte[] aciMonitor;
-    byte[] e164Monitor;
-    byte[] usernameHashMonitor;
-    byte[] lastTreeHead;
-    byte[] lastDistinguishedTreeHead;
-
-    public SearchContext build() {
-      return new SearchContext(
-          aciMonitor, e164Monitor, usernameHashMonitor, lastTreeHead, lastDistinguishedTreeHead);
-    }
-
-    public Builder withAciMonitor(byte[] aciMonitor) {
-      this.aciMonitor = aciMonitor;
-      return this;
-    }
-
-    public Builder withE164Monitor(byte[] e164Monitor) {
-      this.e164Monitor = e164Monitor;
-      return this;
-    }
-
-    public Builder withUsernameHashMonitor(byte[] usernameHashMonitor) {
-      this.usernameHashMonitor = usernameHashMonitor;
-      return this;
-    }
-
-    public Builder withLastTreeHead(byte[] lastTreeHead) {
-      this.lastTreeHead = lastTreeHead;
-      return this;
-    }
-
-    public Builder withLastDistinguishedTreeHead(byte[] lastDistinguishedTreeHead) {
-      this.lastDistinguishedTreeHead = lastDistinguishedTreeHead;
-      return this;
-    }
-  }
-}
diff --git a/java/client/src/main/java/org/signal/libsignal/keytrans/SearchResult.java b/java/client/src/main/java/org/signal/libsignal/keytrans/SearchResult.java
index 6fc9af449..3eb0df87f 100644
--- a/java/client/src/main/java/org/signal/libsignal/keytrans/SearchResult.java
+++ b/java/client/src/main/java/org/signal/libsignal/keytrans/SearchResult.java
@@ -48,33 +48,10 @@ public Optional<Aci> getAciForUsernameHash() {
 
   // This is effectively an implementation of Store.applyUpdates method.
   // Intentionally package private. Defined here to have SearchResult native APIs in one place.
-  void updateStore(Store store) {
-    byte[] lastTreeHead = this.guardedMap(Native::SearchResult_GetTreeHead);
-    if (lastTreeHead != null) {
-      store.setLastTreeHead(lastTreeHead);
-    }
-
-    MonitoringDataUpdates monitoringUpdates =
-        new MonitoringDataUpdates(this.guardedMap(Native::SearchResult_GetMonitors));
-    byte[][] kvp = monitoringUpdates.nextKeyValuePair();
-    while (kvp != null) {
-      store.setMonitorData(kvp[0], kvp[1]);
-      kvp = monitoringUpdates.nextKeyValuePair();
-    }
-  }
-
-  static class MonitoringDataUpdates extends NativeHandleGuard.SimpleOwner {
-    protected MonitoringDataUpdates(long nativeHandle) {
-      super(nativeHandle);
-    }
-
-    @Override
-    protected void release(long nativeHandle) {
-      Native.MonitorDataUpdates_Destroy(nativeHandle);
-    }
-
-    public byte[][] nextKeyValuePair() {
-      return (byte[][]) this.guardedMap(Native::MonitorDataUpdates_GetNext);
+  void updateStore(Aci aci, Store store) {
+    byte[] accountData = this.guardedMap(Native::SearchResult_GetAccountData);
+    if (accountData != null) {
+      store.setAccountData(aci, accountData);
     }
   }
 }
diff --git a/java/client/src/main/java/org/signal/libsignal/keytrans/Store.java b/java/client/src/main/java/org/signal/libsignal/keytrans/Store.java
index b693a270a..79f63b84d 100644
--- a/java/client/src/main/java/org/signal/libsignal/keytrans/Store.java
+++ b/java/client/src/main/java/org/signal/libsignal/keytrans/Store.java
@@ -7,6 +7,7 @@
 
 import java.nio.ByteBuffer;
 import java.util.Optional;
+import org.signal.libsignal.protocol.ServiceId;
 
 /**
  * Interface of a local persistent key transparency data store.
@@ -20,27 +21,15 @@
  * <p>It is safe to assume that {@code null} will never be passed to any of the parameters.
  */
 public interface Store {
-  Optional<byte[]> getLastTreeHead();
-
-  void setLastTreeHead(byte[] lastTreeHead);
-
   Optional<byte[]> getLastDistinguishedTreeHead();
 
   void setLastDistinguishedTreeHead(byte[] lastDistinguishedTreeHead);
 
-  Optional<byte[]> getMonitorData(ByteBuffer searchKey);
-
-  void setMonitorData(ByteBuffer searchKey, byte[] monitorData);
+  Optional<byte[]> getAccountData(ServiceId.Aci aci);
 
-  default Optional<byte[]> getMonitorData(byte[] searchKey) {
-    return getMonitorData(searchKey == null ? null : ByteBuffer.wrap(searchKey));
-  }
-
-  default void setMonitorData(byte[] searchKey, byte[] monitorData) {
-    setMonitorData(ByteBuffer.wrap(searchKey), monitorData);
-  }
+  void setAccountData(ServiceId.Aci aci, byte[] data);
 
-  default void applyUpdates(SearchResult searchResult) {
-    searchResult.updateStore(this);
+  default void applyUpdates(ServiceId.Aci aci, SearchResult searchResult) {
+    searchResult.updateStore(aci, this);
   }
 }
diff --git a/java/client/src/main/java/org/signal/libsignal/net/KeyTransparency.java b/java/client/src/main/java/org/signal/libsignal/net/KeyTransparency.java
deleted file mode 100644
index 7d7d5d5c7..000000000
--- a/java/client/src/main/java/org/signal/libsignal/net/KeyTransparency.java
+++ /dev/null
@@ -1,23 +0,0 @@
-//
-// Copyright 2024 Signal Messenger, LLC.
-// SPDX-License-Identifier: AGPL-3.0-only
-//
-
-package org.signal.libsignal.net;
-
-import org.signal.libsignal.internal.Native;
-import org.signal.libsignal.protocol.ServiceId.Aci;
-
-abstract class KeyTransparency {
-  static byte[] searchKeyForAci(Aci aci) {
-    return Native.KeyTransparency_AciSearchKey(aci.toServiceIdFixedWidthBinary());
-  }
-
-  static byte[] searchKeyForE164(String e164) {
-    return Native.KeyTransparency_E164SearchKey(e164);
-  }
-
-  static byte[] searchKeyForUsernameHash(byte[] usernameHash) {
-    return Native.KeyTransparency_UsernameHashSearchKey(usernameHash);
-  }
-}
diff --git a/java/client/src/main/java/org/signal/libsignal/net/KeyTransparencyClient.java b/java/client/src/main/java/org/signal/libsignal/net/KeyTransparencyClient.java
index f2a8bbda3..4e06fd69e 100644
--- a/java/client/src/main/java/org/signal/libsignal/net/KeyTransparencyClient.java
+++ b/java/client/src/main/java/org/signal/libsignal/net/KeyTransparencyClient.java
@@ -5,14 +5,11 @@
 
 package org.signal.libsignal.net;
 
-import static org.signal.libsignal.net.KeyTransparency.searchKeyForAci;
-
 import java.util.Optional;
-import java.util.function.Function;
 import org.signal.libsignal.internal.CompletableFuture;
+import org.signal.libsignal.internal.FilterExceptions;
 import org.signal.libsignal.internal.Native;
 import org.signal.libsignal.internal.NativeHandleGuard;
-import org.signal.libsignal.keytrans.SearchContext;
 import org.signal.libsignal.keytrans.SearchResult;
 import org.signal.libsignal.keytrans.Store;
 import org.signal.libsignal.protocol.IdentityKey;
@@ -88,20 +85,10 @@ public CompletableFuture<SearchResult> search(
                   this.search(
                       aci, aciIdentityKey, e164, unidentifiedAccessKey, usernameHash, store));
     }
-    byte[] e164SearchKey = mapNullable(e164, KeyTransparency::searchKeyForE164);
-    byte[] usernameHashSearchKey =
-        mapNullable(usernameHash, KeyTransparency::searchKeyForUsernameHash);
-    SearchContext searchContext;
     // Decoding of the last distinguished tree head happens "eagerly" while constructing the
     // SearchContext. It may result in an IllegalArgumentError.
-    searchContext =
-        SearchContext.builder()
-            .withLastTreeHead(store.getLastTreeHead().orElse(null))
-            .withAciMonitor(store.getMonitorData(searchKeyForAci(aci)).orElse(null))
-            .withE164Monitor(store.getMonitorData(e164SearchKey).orElse(null))
-            .withUsernameHashMonitor(store.getMonitorData(usernameHashSearchKey).orElse(null))
-            .withLastDistinguishedTreeHead(lastDistinguishedTreeHead.get())
-            .build();
+    SearchContext searchContext =
+        new SearchContext(store.getAccountData(aci).orElse(null), lastDistinguishedTreeHead.get());
     try (NativeHandleGuard tokioContextGuard = this.tokioAsyncContext.guard();
         NativeHandleGuard chatGuard = chat.guard();
         NativeHandleGuard identityKeyGuard = aciIdentityKey.getPublicKey().guard();
@@ -119,7 +106,7 @@ public CompletableFuture<SearchResult> search(
           .thenApply(
               (handle) -> {
                 SearchResult result = new SearchResult(handle);
-                store.applyUpdates(result);
+                store.applyUpdates(aci, result);
                 return result;
               });
     }
@@ -168,10 +155,26 @@ public CompletableFuture<Void> updateDistinguished(final Store store) {
     }
   }
 
-  private static <T, U> U mapNullable(T what, Function<? super T, ? extends U> mapper) {
-    if (what == null) {
-      return null;
+  /**
+   * Extra data accompanying the key transparency search request.
+   *
+   * <p>This is an implementation detail of the {@link
+   * org.signal.libsignal.net.KeyTransparencyClient} and is not supposed to be used directly. The
+   * context will be populated from the {@link Store}.
+   */
+  static final class SearchContext extends NativeHandleGuard.SimpleOwner {
+    SearchContext(byte[] accountData, byte[] lastDistinguishedTreeHead) {
+      super(
+          FilterExceptions.filterExceptions(
+              () ->
+                  // The only exception it can throw is an IllegalArgumentException, even though it
+                  // is bridged as throwing Exception.
+                  Native.KeyTransparency_NewSearchContext(accountData, lastDistinguishedTreeHead)));
+    }
+
+    @Override
+    protected void release(long nativeHandle) {
+      Native.ChatSearchContext_Destroy(nativeHandle);
     }
-    return mapper.apply(what);
   }
 }
diff --git a/java/client/src/test/java/org/signal/libsignal/keytrans/TestStore.java b/java/client/src/test/java/org/signal/libsignal/keytrans/TestStore.java
index cef1bba32..0fab5ad66 100644
--- a/java/client/src/test/java/org/signal/libsignal/keytrans/TestStore.java
+++ b/java/client/src/test/java/org/signal/libsignal/keytrans/TestStore.java
@@ -5,26 +5,15 @@
 
 package org.signal.libsignal.keytrans;
 
-import java.nio.ByteBuffer;
 import java.util.HashMap;
 import java.util.Optional;
+import org.signal.libsignal.protocol.ServiceId;
 
 public class TestStore implements Store {
 
-  public HashMap<ByteBuffer, byte[]> storage = new HashMap<>();
-  public byte[] lastTreeHead;
+  public HashMap<ServiceId.Aci, byte[]> storage = new HashMap<>();
   public byte[] lastDistinguishedTreeHead;
 
-  @Override
-  public Optional<byte[]> getLastTreeHead() {
-    return Optional.ofNullable(lastTreeHead);
-  }
-
-  @Override
-  public void setLastTreeHead(byte[] lastTreeHead) {
-    this.lastTreeHead = lastTreeHead;
-  }
-
   @Override
   public Optional<byte[]> getLastDistinguishedTreeHead() {
     return Optional.ofNullable(lastDistinguishedTreeHead);
@@ -36,12 +25,12 @@ public void setLastDistinguishedTreeHead(byte[] lastDistinguishedTreeHead) {
   }
 
   @Override
-  public Optional<byte[]> getMonitorData(ByteBuffer searchKey) {
-    return Optional.ofNullable(this.storage.get(searchKey));
+  public Optional<byte[]> getAccountData(ServiceId.Aci aci) {
+    return Optional.ofNullable(this.storage.get(aci));
   }
 
   @Override
-  public void setMonitorData(ByteBuffer searchKey, byte[] monitorData) {
-    this.storage.put(searchKey, monitorData);
+  public void setAccountData(ServiceId.Aci aci, byte[] data) {
+    this.storage.put(aci, data);
   }
 }
diff --git a/java/client/src/test/java/org/signal/libsignal/net/KeyTransparencyClientTest.java b/java/client/src/test/java/org/signal/libsignal/net/KeyTransparencyClientTest.java
index 00c5d001f..5459f3fd7 100644
--- a/java/client/src/test/java/org/signal/libsignal/net/KeyTransparencyClientTest.java
+++ b/java/client/src/test/java/org/signal/libsignal/net/KeyTransparencyClientTest.java
@@ -38,17 +38,20 @@ public void searchInStagingIntegration() throws Exception {
                 TEST_ACI_IDENTITY_KEY,
                 "+18005550100",
                 Hex.fromStringCondensedAssert("fdc7951d1507268daf1834b74d23b76c"),
-                null,
+                Hex.fromStringCondensedAssert(
+                    "d237a4b83b463ca7da58d4a16bf6a3ba104506eb412b235eb603ea10f467c655"),
                 store)
             .get();
 
     assertTrue(store.getLastDistinguishedTreeHead().isPresent());
-    assertTrue(store.getLastTreeHead().isPresent());
+    assertTrue(store.getAccountData(TEST_ACI).isPresent());
     assertEquals(
         "05d0e797ec91a4bce0e88959c419e96eb4fdabbb3dc688965584c966dc24195609",
         Hex.toStringCondensed(result.getAciIdentityKey().serialize()));
     assertTrue(result.getAciForE164().isPresent());
     assertEquals(TEST_ACI, result.getAciForE164().get());
+    assertTrue(result.getAciForUsernameHash().isPresent());
+    assertEquals(TEST_ACI, result.getAciForUsernameHash().get());
   }
 
   @Test
diff --git a/java/client/src/test/java/org/signal/libsignal/net/KeyTransparencyTest.java b/java/client/src/test/java/org/signal/libsignal/net/KeyTransparencyTest.java
index 641080eb8..b178f73d3 100644
--- a/java/client/src/test/java/org/signal/libsignal/net/KeyTransparencyTest.java
+++ b/java/client/src/test/java/org/signal/libsignal/net/KeyTransparencyTest.java
@@ -6,14 +6,10 @@
 package org.signal.libsignal.net;
 
 import static org.junit.Assert.*;
-import static org.signal.libsignal.net.KeyTransparency.*;
 
-import java.nio.charset.StandardCharsets;
-import java.util.Arrays;
 import java.util.Optional;
 import java.util.UUID;
 import org.junit.Test;
-import org.signal.libsignal.internal.Native;
 import org.signal.libsignal.internal.NativeTesting;
 import org.signal.libsignal.keytrans.SearchResult;
 import org.signal.libsignal.keytrans.TestStore;
@@ -38,40 +34,6 @@ public class KeyTransparencyTest {
     }
   }
 
-  @Test
-  public void validAciSearchKey() throws Exception {
-    byte[] actual = searchKeyForAci(TEST_ACI);
-
-    assertEquals(17, actual.length);
-    assertEquals((byte) 'a', actual[0]);
-    assertEquals(
-        Hex.toStringCondensed(TEST_ACI.toServiceIdBinary()),
-        Hex.toStringCondensed(Arrays.copyOfRange(actual, 1, actual.length)));
-  }
-
-  @Test
-  public void invalidAciSearchKey() throws Exception {
-    assertThrows(
-        IllegalArgumentException.class, () -> Native.KeyTransparency_AciSearchKey(new byte[42]));
-  }
-
-  @Test
-  public void nullAciSearchKey() throws Exception {
-    assertThrows(IllegalArgumentException.class, () -> Native.KeyTransparency_AciSearchKey(null));
-  }
-
-  @Test
-  public void validE164SearchKey() throws Exception {
-    assertArrayEquals(
-        "n+18005550100".getBytes(StandardCharsets.UTF_8), searchKeyForE164("+18005550100"));
-  }
-
-  @Test
-  public void validUsernameHashSearchKey() throws Exception {
-    assertArrayEquals(
-        new byte[] {(byte) 'u', 1, 2, 3}, searchKeyForUsernameHash(new byte[] {1, 2, 3}));
-  }
-
   @Test
   public void canBridgeSearchResult() throws Exception {
     SearchResult result = new SearchResult(NativeTesting.TESTING_ChatSearchResult());
@@ -79,9 +41,8 @@ public void canBridgeSearchResult() throws Exception {
     assertEquals(Optional.of(TEST_ACI), result.getAciForE164());
     assertEquals(Optional.of(TEST_ACI), result.getAciForUsernameHash());
     TestStore store = new TestStore();
-    store.applyUpdates(result);
+    store.applyUpdates(TEST_ACI, result);
 
-    assertNotNull(store.lastTreeHead);
-    assertTrue(store.getMonitorData(searchKeyForAci(TEST_ACI)).isPresent());
+    assertTrue(store.getAccountData(TEST_ACI).isPresent());
   }
 }
diff --git a/java/shared/java/org/signal/libsignal/internal/Native.java b/java/shared/java/org/signal/libsignal/internal/Native.java
index f0b808327..75531dfeb 100644
--- a/java/shared/java/org/signal/libsignal/internal/Native.java
+++ b/java/shared/java/org/signal/libsignal/internal/Native.java
@@ -373,7 +373,7 @@ private Native() {}
   public static native byte[] KeyTransparency_AciSearchKey(byte[] aci);
   public static native CompletableFuture<byte[]> KeyTransparency_Distinguished(long asyncRuntime, int environment, long chat, byte[] lastDistinguishedTreeHead);
   public static native byte[] KeyTransparency_E164SearchKey(String e164);
-  public static native long KeyTransparency_NewSearchContext(byte[] aciMonitor, byte[] e164Monitor, byte[] usernameHashMonitor, byte[] lastTreeHead, byte[] lastDistinguishedTreeHead) throws Exception;
+  public static native long KeyTransparency_NewSearchContext(byte[] accountData, byte[] lastDistinguishedTreeHead) throws Exception;
   public static native CompletableFuture<Long> KeyTransparency_Search(long asyncRuntime, int environment, long chat, byte[] aci, long aciIdentityKey, String e164, byte[] unidentifiedAccessKey, byte[] usernameHash, long context);
   public static native byte[] KeyTransparency_UsernameHashSearchKey(byte[] hash);
 
@@ -422,9 +422,6 @@ private Native() {}
 
   public static native Object MessageBackupValidator_Validate(long key, InputStream firstStream, InputStream secondStream, long len, int purpose) throws Exception;
 
-  public static native void MonitorDataUpdates_Destroy(long handle);
-  public static native Object[] MonitorDataUpdates_GetNext(long val);
-
   public static native long Mp4Sanitizer_Sanitize(InputStream input, long len) throws Exception;
 
   public static native void NumericFingerprintGenerator_Destroy(long handle);
@@ -542,11 +539,11 @@ private Native() {}
   public static native byte[] SealedSessionCipher_MultiRecipientMessageForSingleRecipient(byte[] encodedMultiRecipientMessage) throws Exception;
 
   public static native void SearchResult_Destroy(long handle);
+  public static native byte[] SearchResult_GetAccountData(long res);
   public static native byte[] SearchResult_GetAciForE164(long res);
   public static native byte[] SearchResult_GetAciForUsernameHash(long res);
   public static native long SearchResult_GetAciIdentityKey(long res);
-  public static native long SearchResult_GetMonitors(long res);
-  public static native byte[] SearchResult_GetTreeHead(long res);
+  public static native long SearchResult_GetTimestamp(long res);
 
   public static native long SenderCertificate_Deserialize(byte[] data) throws Exception;
   public static native void SenderCertificate_Destroy(long handle);
diff --git a/rust/bridge/shared/src/net/keytrans.rs b/rust/bridge/shared/src/net/keytrans.rs
index ce1b6c5ec..700278a5c 100644
--- a/rust/bridge/shared/src/net/keytrans.rs
+++ b/rust/bridge/shared/src/net/keytrans.rs
@@ -3,8 +3,9 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 
+use std::time::SystemTime;
+
 use libsignal_bridge_macros::{bridge_fn, bridge_io};
-use libsignal_bridge_types::keytrans::MonitorDataUpdates;
 use libsignal_bridge_types::net::chat::UnauthChat;
 pub use libsignal_bridge_types::net::{Environment, TokioAsyncContext};
 use libsignal_bridge_types::support::AsType;
@@ -53,20 +54,18 @@ fn SearchResult_GetAciForUsernameHash(res: &SearchResult) -> Option<Aci> {
 }
 
 #[bridge_fn(node = false, ffi = false)]
-fn SearchResult_GetTreeHead(res: &SearchResult) -> Option<Vec<u8>> {
-    res.serialized_tree_head()
-}
-
-bridge_handle_fns!(MonitorDataUpdates, clone = false, ffi = false, node = false);
-
-#[bridge_fn(node = false, ffi = false)]
-fn SearchResult_GetMonitors(res: &SearchResult) -> MonitorDataUpdates {
-    MonitorDataUpdates(res.serialized_monitoring_data())
+fn SearchResult_GetTimestamp(res: &SearchResult) -> u64 {
+    res.timestamp
+        .duration_since(SystemTime::UNIX_EPOCH)
+        .expect("valid timestamp")
+        .as_millis()
+        .try_into()
+        .expect("in u64 range")
 }
 
 #[bridge_fn(node = false, ffi = false)]
-fn MonitorDataUpdates_GetNext(val: &mut MonitorDataUpdates) -> Option<(Vec<u8>, Vec<u8>)> {
-    val.0.pop()
+fn SearchResult_GetAccountData(res: &SearchResult) -> Vec<u8> {
+    res.account_data.encode_to_vec()
 }
 
 #[cfg(feature = "jni")]
@@ -80,22 +79,17 @@ where
 
 #[bridge_fn(node = false, ffi = false)]
 fn KeyTransparency_NewSearchContext(
-    aci_monitor: Option<&[u8]>,
-    e164_monitor: Option<&[u8]>,
-    username_hash_monitor: Option<&[u8]>,
-    last_tree_head: Option<&[u8]>,
+    account_data: Option<&[u8]>,
     last_distinguished_tree_head: &[u8],
 ) -> Result<ChatSearchContext, Error> {
+    let account_data = account_data.map(try_decode).transpose()?;
     let last_distinguished_tree_head =
         try_decode(last_distinguished_tree_head).map(|stored: StoredTreeHead| stored.tree_head)?;
     let distinguished_tree_head_size = last_distinguished_tree_head
         .map(|head| head.tree_size)
         .ok_or(Error::InvalidRequest("distinguished tree head is missing"))?;
     Ok(ChatSearchContext {
-        aci_monitor: aci_monitor.map(try_decode).transpose()?,
-        e164_monitor: e164_monitor.map(try_decode).transpose()?,
-        username_hash_monitor: username_hash_monitor.map(try_decode).transpose()?,
-        last_tree_head: last_tree_head.map(try_decode).transpose()?,
+        account_data,
         distinguished_tree_head_size,
     })
 }
@@ -179,7 +173,7 @@ async fn KeyTransparency_Distinguished(
     let LocalStateUpdate {
         tree_head,
         tree_root,
-        monitors: _,
+        monitoring_data: _,
     } = kt.distinguished(known_distinguished).await?;
     let updated_distinguished = StoredTreeHead::from((tree_head, tree_root));
     let serialized = updated_distinguished.encode_to_vec();
diff --git a/rust/bridge/shared/testing/src/keytrans.rs b/rust/bridge/shared/testing/src/keytrans.rs
index adc3a8d2f..9b3c6f984 100644
--- a/rust/bridge/shared/testing/src/keytrans.rs
+++ b/rust/bridge/shared/testing/src/keytrans.rs
@@ -3,11 +3,13 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 
+use std::time::SystemTime;
+
 use hex_literal::hex;
 use libsignal_bridge_macros::*;
 use libsignal_core::Aci;
-use libsignal_keytrans::{LocalStateUpdate, MonitoringData, TreeHead};
-use libsignal_net::keytrans::{SearchKey, SearchResult};
+use libsignal_keytrans::{StoredAccountData, StoredMonitoringData, StoredTreeHead, TreeHead};
+use libsignal_net::keytrans::SearchResult;
 use libsignal_protocol::IdentityKey;
 use uuid::Uuid;
 
@@ -22,27 +24,33 @@ const TEST_ACI_IDENTITY_KEY_BYTES: &[u8] =
 #[bridge_fn(node = false, ffi = false)]
 fn TESTING_ChatSearchResult() -> SearchResult {
     let aci = Aci::from(TEST_ACI);
+    let last_tree_head = Some(StoredTreeHead {
+        tree_head: Some(TreeHead {
+            tree_size: 42,
+            timestamp: 42424242,
+            signature: vec![1, 2, 3],
+        }),
+        root: vec![42; 32],
+    });
+    fn make_monitoring_data(byte: u8) -> StoredMonitoringData {
+        StoredMonitoringData {
+            index: std::iter::repeat(byte).take(32).collect(),
+            pos: byte.into(),
+            ptrs: Default::default(),
+            owned: false,
+        }
+    }
     SearchResult {
         aci_identity_key: IdentityKey::decode(TEST_ACI_IDENTITY_KEY_BYTES)
             .expect("valid serialized key"),
         aci_for_e164: Some(aci),
         aci_for_username_hash: Some(aci),
-        state_update: Some(LocalStateUpdate {
-            tree_head: TreeHead {
-                tree_size: 42,
-                timestamp: 42424242,
-                signature: vec![1, 2, 3],
-            },
-            tree_root: [42; 32],
-            monitors: vec![(
-                aci.as_search_key(),
-                MonitoringData {
-                    index: [42; 32],
-                    pos: 0,
-                    ptrs: Default::default(),
-                    owned: false,
-                },
-            )],
-        }),
+        timestamp: SystemTime::UNIX_EPOCH,
+        account_data: StoredAccountData {
+            aci: Some(make_monitoring_data(0)),
+            e164: Some(make_monitoring_data(1)),
+            username_hash: Some(make_monitoring_data(2)),
+            last_tree_head,
+        },
     }
 }
diff --git a/rust/bridge/shared/types/src/keytrans.rs b/rust/bridge/shared/types/src/keytrans.rs
index 79e910918..c96c57868 100644
--- a/rust/bridge/shared/types/src/keytrans.rs
+++ b/rust/bridge/shared/types/src/keytrans.rs
@@ -8,9 +8,3 @@ use crate::*;
 
 bridge_as_handle!(ChatSearchContext, ffi = false, node = false);
 bridge_as_handle!(SearchResult, ffi = false, node = false);
-
-type SearchKey = Vec<u8>;
-type SerializedMonitorData = Vec<u8>;
-pub struct MonitorDataUpdates(pub Vec<(SearchKey, SerializedMonitorData)>);
-
-bridge_as_handle!(MonitorDataUpdates, ffi = false, node = false);
diff --git a/rust/keytrans/src/lib.rs b/rust/keytrans/src/lib.rs
index 511354a27..b39c45db6 100644
--- a/rust/keytrans/src/lib.rs
+++ b/rust/keytrans/src/lib.rs
@@ -21,8 +21,8 @@ use std::time::SystemTime;
 pub use ed25519_dalek::VerifyingKey;
 pub use proto::{
     CondensedTreeSearchResponse, DistinguishedResponse as ChatDistinguishedResponse, FullTreeHead,
-    MonitorRequest, MonitorResponse, SearchResponse as ChatSearchResponse, StoredMonitoringData,
-    StoredTreeHead, TreeHead, UpdateRequest, UpdateResponse,
+    MonitorRequest, MonitorResponse, SearchResponse as ChatSearchResponse, StoredAccountData,
+    StoredMonitoringData, StoredTreeHead, TreeHead, UpdateRequest, UpdateResponse,
 };
 pub use verify::Error;
 use verify::{
@@ -76,8 +76,8 @@ impl From<LastTreeHead> for StoredTreeHead {
 }
 
 #[derive(Default, Debug, Clone)]
-pub struct SearchContext {
-    pub last_tree_head: Option<LastTreeHead>,
+pub struct SearchContext<'a> {
+    pub last_tree_head: Option<&'a LastTreeHead>,
     pub data: Option<MonitoringData>,
 }
 
@@ -89,8 +89,25 @@ pub struct MonitorContext {
 
 #[derive(Clone, Debug)]
 pub struct VerifiedSearchResult {
-    pub value: Option<Vec<u8>>,
-    pub state_update: LocalStateUpdate,
+    pub value: Vec<u8>,
+    pub state_update: SearchStateUpdate,
+}
+
+impl VerifiedSearchResult {
+    pub fn tree_root(&self) -> &TreeRoot {
+        &self.state_update.tree_root
+    }
+
+    pub fn are_all_roots_equal<'b>(
+        &self,
+        tail: impl IntoIterator<Item = Option<&'b Self>>,
+    ) -> bool {
+        let mut all_roots_are_equal = true;
+        for other in tail.into_iter().flatten() {
+            all_roots_are_equal &= self.tree_root() == other.tree_root();
+        }
+        all_roots_are_equal
+    }
 }
 
 /// A collection of updates needed to be performed on a local state following
@@ -98,27 +115,14 @@ pub struct VerifiedSearchResult {
 ///
 /// The data field may be empty if no local data needs updating.
 #[derive(Clone, Debug)]
-pub struct LocalStateUpdate {
+pub struct LocalStateUpdate<T> {
     pub tree_head: TreeHead,
     pub tree_root: TreeRoot,
-    pub monitors: Vec<(Vec<u8>, MonitoringData)>,
+    pub monitoring_data: T,
 }
 
-impl LocalStateUpdate {
-    /// Merges two updates by accumulating monitors and picking the most recent tree head.
-    pub fn merge(&mut self, other: &LocalStateUpdate) {
-        let LocalStateUpdate {
-            tree_head,
-            tree_root,
-            monitors,
-        } = other;
-
-        // Only updates with the same tree head and root are merge-able
-        assert_eq!(self.tree_head.timestamp, tree_head.timestamp);
-        assert_eq!(tree_root, &other.tree_root);
-        self.monitors.extend_from_slice(monitors);
-    }
-}
+pub type SearchStateUpdate = LocalStateUpdate<Option<MonitoringData>>;
+pub type MonitorStateUpdate = LocalStateUpdate<Vec<(Vec<u8>, MonitoringData)>>;
 
 /// PublicConfig wraps the cryptographic keys needed to interact with a
 /// transparency tree.
@@ -188,7 +192,7 @@ impl KeyTransparency {
             verify_search(&self.config, request, response, context, force_monitor, now)?;
         Ok(VerifiedSearchResult {
             // the value has now been verified
-            value: unverified_value,
+            value: unverified_value.ok_or(Error::RequiredFieldMissing)?,
             state_update,
         })
     }
@@ -230,7 +234,7 @@ impl KeyTransparency {
         response: &'a MonitorResponse,
         context: MonitorContext,
         now: SystemTime,
-    ) -> Result<LocalStateUpdate, verify::Error> {
+    ) -> Result<MonitorStateUpdate, verify::Error> {
         verify_monitor(&self.config, request, response, context, now)
     }
 
@@ -242,7 +246,7 @@ impl KeyTransparency {
         response: &UpdateResponse,
         context: SearchContext,
         now: SystemTime,
-    ) -> Result<LocalStateUpdate, verify::Error> {
+    ) -> Result<SearchStateUpdate, verify::Error> {
         verify_update(&self.config, request, response, context, now)
     }
 }
@@ -296,3 +300,36 @@ impl From<StoredMonitoringData> for MonitoringData {
         }
     }
 }
+
+// An in-memory representation of the StoredAccountData with correct optionality of the fields
+#[derive(Debug, Clone)]
+pub struct AccountData {
+    pub aci: MonitoringData,
+    pub e164: Option<MonitoringData>,
+    pub username_hash: Option<MonitoringData>,
+    pub last_tree_head: LastTreeHead,
+}
+
+impl TryFrom<StoredAccountData> for AccountData {
+    type Error = Error;
+
+    fn try_from(stored: StoredAccountData) -> Result<Self, Self::Error> {
+        let StoredAccountData {
+            aci,
+            e164,
+            username_hash,
+            last_tree_head,
+        } = stored;
+        let last_tree_head = last_tree_head.ok_or(Error::RequiredFieldMissing)?;
+        Ok(Self {
+            aci: aci
+                .map(MonitoringData::from)
+                .ok_or(Error::RequiredFieldMissing)?,
+            e164: e164.map(MonitoringData::from),
+            username_hash: username_hash.map(MonitoringData::from),
+            last_tree_head: last_tree_head
+                .into_last_tree_head()
+                .expect("valid tree head"),
+        })
+    }
+}
diff --git a/rust/keytrans/src/log.rs b/rust/keytrans/src/log.rs
index 946e58343..696ee7ba0 100644
--- a/rust/keytrans/src/log.rs
+++ b/rust/keytrans/src/log.rs
@@ -379,8 +379,8 @@ pub fn verify_consistency_proof(
     m: u64,
     n: u64,
     proof: &[Hash],
-    m_root: Hash,
-    n_root: Hash,
+    m_root: &Hash,
+    n_root: &Hash,
 ) -> Result<()> {
     if m == 0 || m >= n {
         return Err(Error::InvalidInput("m must be within [0, n)"));
@@ -395,7 +395,7 @@ pub fn verify_consistency_proof(
     let path = math::full_subtrees(math::root(m), m);
     if path.len() == 1 {
         // m is a power of two so we don't need to verify anything.
-        calc.insert(math::level(math::root(m)), m_root);
+        calc.insert(math::level(math::root(m)), *m_root);
     } else {
         for (i, &elem) in path.iter().enumerate() {
             if ids[i] != elem {
@@ -406,7 +406,7 @@ pub fn verify_consistency_proof(
         }
         match calc.root() {
             Ok(root) => {
-                if m_root != root {
+                if m_root != &root {
                     return Err(Error::ProofMismatch("first root does not match proof"));
                 }
             }
@@ -423,7 +423,7 @@ pub fn verify_consistency_proof(
         calc.insert(math::level(ids[j]), proof[j]);
     }
     match calc.root() {
-        Ok(root) if n_root == root => Ok(()),
+        Ok(root) if n_root == &root => Ok(()),
         Ok(_root) => Err(Error::ProofMismatch("second root does not match proof")),
         Err(err) => Err(err),
     }
@@ -494,8 +494,8 @@ mod test {
             hex!("6263b4af228c862edcc8b63ca33d4e67d1d278000e1f7c3eb8cd56039b9613b3"),
         ];
 
-        assert!(verify_consistency_proof(1078, 2000, proof, m_root, n_root).is_ok());
-        assert!(verify_consistency_proof(1078, 2000, proof, m_root, m_root).is_err());
-        assert!(verify_consistency_proof(1078, 2000, proof, n_root, n_root).is_err());
+        assert!(verify_consistency_proof(1078, 2000, proof, &m_root, &n_root).is_ok());
+        assert!(verify_consistency_proof(1078, 2000, proof, &m_root, &m_root).is_err());
+        assert!(verify_consistency_proof(1078, 2000, proof, &n_root, &n_root).is_err());
     }
 }
diff --git a/rust/keytrans/src/proto/store.proto b/rust/keytrans/src/proto/store.proto
index 6ae3b1802..e38702b23 100644
--- a/rust/keytrans/src/proto/store.proto
+++ b/rust/keytrans/src/proto/store.proto
@@ -20,3 +20,10 @@ message StoredMonitoringData {
   map<uint64, uint32> ptrs = 3;
   bool owned = 4;
 }
+
+message StoredAccountData {
+  StoredMonitoringData aci = 1;
+  StoredMonitoringData e164 = 2;
+  StoredMonitoringData username_hash = 3;
+  StoredTreeHead last_tree_head = 4;
+}
diff --git a/rust/keytrans/src/verify.rs b/rust/keytrans/src/verify.rs
index b3efc4f9e..078d4979f 100644
--- a/rust/keytrans/src/verify.rs
+++ b/rust/keytrans/src/verify.rs
@@ -15,8 +15,9 @@ use crate::log::{evaluate_batch_proof, truncate_batch_proof, verify_consistency_
 use crate::prefix::{evaluate as evaluate_prefix, MalformedProof};
 use crate::proto::*;
 use crate::{
-    guide, log, vrf, DeploymentMode, FullSearchResponse, LastTreeHead, LocalStateUpdate,
-    MonitorContext, MonitoringData, PublicConfig, SearchContext, SlimSearchRequest,
+    guide, log, vrf, DeploymentMode, FullSearchResponse, LastTreeHead, MonitorContext,
+    MonitorStateUpdate, MonitoringData, PublicConfig, SearchContext, SearchStateUpdate,
+    SlimSearchRequest,
 };
 
 /// The range of allowed timestamp values relative to "now".
@@ -158,7 +159,7 @@ fn verify_full_tree_head(
     config: &PublicConfig,
     fth: &FullTreeHead,
     root: [u8; 32],
-    last_tree_head: Option<LastTreeHead>,
+    last_tree_head: Option<&LastTreeHead>,
     now: SystemTime,
 ) -> Result<LastTreeHead> {
     let tree_head = get_proto_field(&fth.tree_head)?;
@@ -175,7 +176,7 @@ fn verify_full_tree_head(
             }
         }
         Some((last, last_root)) if last.tree_size == tree_head.tree_size => {
-            if root != last_root {
+            if &root != last_root {
                 return Err(Error::VerificationFailed(
                     "root is different but tree size is same".to_string(),
                 ));
@@ -203,7 +204,13 @@ fn verify_full_tree_head(
                 ));
             }
             let proof = get_hash_proof(&fth.last)?;
-            verify_consistency_proof(last.tree_size, tree_head.tree_size, &proof, last_root, root)?
+            verify_consistency_proof(
+                last.tree_size,
+                tree_head.tree_size,
+                &proof,
+                last_root,
+                &root,
+            )?
         }
     };
 
@@ -254,8 +261,8 @@ fn verify_full_tree_head(
                 auditor_head.tree_size,
                 tree_head.tree_size,
                 &proof,
-                *auditor_root,
-                root,
+                auditor_root,
+                &root,
             )?;
             verify_tree_head_signature(config, auditor_head, auditor_root, &auditor_key)?;
         } else {
@@ -348,8 +355,8 @@ pub fn verify_distinguished(
         distinguished_size,
         tree_size,
         &get_hash_proof(&fth.distinguished)?,
-        distinguished_root,
-        root,
+        &distinguished_root,
+        &root,
     )?)
 }
 
@@ -370,7 +377,7 @@ fn verify_search_internal(
     context: SearchContext,
     monitor: bool,
     now: SystemTime,
-) -> Result<LocalStateUpdate> {
+) -> Result<SearchStateUpdate> {
     // NOTE: Update this function in tandem with truncate_search_response.
     let SlimSearchRequest {
         search_key,
@@ -482,16 +489,10 @@ fn verify_search_internal(
     mdw.check_search_consistency(size, &index, search_proof.pos, result_id, ver, monitor)?;
     mdw.update(size, &steps)?;
 
-    let monitoring_data_updates = mdw
-        .into_data_update()
-        .into_iter()
-        .map(|update| (search_key.clone(), update))
-        .collect();
-
-    Ok(LocalStateUpdate {
+    Ok(SearchStateUpdate {
         tree_head: updated_tree_head.0,
         tree_root: updated_tree_head.1,
-        monitors: monitoring_data_updates,
+        monitoring_data: mdw.into_data_update(),
     })
 }
 
@@ -505,7 +506,7 @@ pub fn verify_search(
     context: SearchContext,
     force_monitor: bool,
     now: SystemTime,
-) -> Result<LocalStateUpdate> {
+) -> Result<SearchStateUpdate> {
     verify_search_internal(config, req, res, context, force_monitor, now)
 }
 
@@ -517,7 +518,7 @@ pub fn verify_update(
     res: &UpdateResponse,
     context: SearchContext,
     now: SystemTime,
-) -> Result<LocalStateUpdate> {
+) -> Result<SearchStateUpdate> {
     let UpdateResponse {
         tree_head,
         vrf_proof,
@@ -556,7 +557,7 @@ pub fn verify_monitor<'a>(
     res: &'a MonitorResponse,
     context: MonitorContext,
     now: SystemTime,
-) -> Result<LocalStateUpdate> {
+) -> Result<MonitorStateUpdate> {
     // Verify proof responses are the expected lengths.
     if req.keys.len() != res.proofs.len() {
         return Err(Error::VerificationFailed(
@@ -598,7 +599,7 @@ pub fn verify_monitor<'a>(
 
     // Verify the tree head with the candidate root.
     let updated_tree_head =
-        verify_full_tree_head(config, full_tree_head, root, last_tree_head, now)?;
+        verify_full_tree_head(config, full_tree_head, root, last_tree_head.as_ref(), now)?;
 
     let MonitorRequest { keys, consistency } = req;
 
@@ -630,10 +631,10 @@ pub fn verify_monitor<'a>(
         }
     }
 
-    Ok(LocalStateUpdate {
+    Ok(MonitorStateUpdate {
         tree_head: updated_tree_head.0,
         tree_root: updated_tree_head.1,
-        monitors: data_updates,
+        monitoring_data: data_updates,
     })
 }
 
@@ -711,14 +712,12 @@ impl MonitorProofAcc {
 
 struct MonitoringDataWrapper {
     inner: Option<MonitoringData>,
-    changed: bool,
 }
 
 impl MonitoringDataWrapper {
     fn new(monitoring_data: Option<MonitoringData>) -> Self {
         Self {
             inner: monitoring_data,
-            changed: false,
         }
     }
 
@@ -739,7 +738,6 @@ impl MonitoringDataWrapper {
                 ptrs: HashMap::from([(ver_pos, version)]),
                 owned,
             });
-            self.changed = true;
         }
     }
 
@@ -787,7 +785,6 @@ impl MonitoringDataWrapper {
                     }
                     None => {
                         data.ptrs.insert(ver_pos, version);
-                        self.changed = true;
                     }
                 };
             }
@@ -795,7 +792,6 @@ impl MonitoringDataWrapper {
 
         if !data.owned && owned {
             data.owned = true;
-            self.changed = true;
         }
 
         Ok(())
@@ -850,14 +846,13 @@ impl MonitoringDataWrapper {
 
         if changed {
             data.ptrs = ptrs;
-            self.changed = true;
         }
 
         Ok(())
     }
 
     fn into_data_update(self) -> Option<MonitoringData> {
-        self.inner.filter(|_| self.changed)
+        self.inner
     }
 }
 
@@ -1051,13 +1046,27 @@ mod test {
             ptrs: HashMap::from([(6143, 0)]),
             owned: true,
         };
+
         assert_matches!(
             verify_search_internal(&config, request.clone(), response.clone(), SearchContext::default(), true, valid_at),
             Ok(update) => {
                 assert_eq!(update.tree_head, last_tree_head);
                 assert_eq!(update.tree_root, last_root);
-                assert_eq!(update.monitors.len(), 1);
-                assert_eq!(update.monitors[0].1, expected_data_update);
+                assert_eq!(update.monitoring_data, Some(expected_data_update.clone()));
+            }
+        );
+        let last_tree = (last_tree_head.clone(), last_root);
+        let context = SearchContext {
+            last_tree_head: Some(&last_tree),
+            data: Some(expected_data_update.clone()),
+        };
+        // Verification result should always include the monitoring data field, even if it has not changed.
+        assert_matches!(
+            verify_search_internal(&config, request.clone(), response.clone(), context, true, valid_at),
+            Ok(update) => {
+                assert_eq!(&update.tree_head, &last_tree_head);
+                assert_eq!(update.tree_root, last_root);
+                assert_eq!(update.monitoring_data, Some(expected_data_update));
             }
         );
         assert_matches!(
@@ -1066,7 +1075,7 @@ mod test {
                 assert_eq!(update.tree_head, last_tree_head);
                 assert_eq!(update.tree_root, last_root);
                 // When monitor == false there should be no data update
-                assert!(update.monitors.is_empty());
+                assert!(update.monitoring_data.is_none());
             }
         );
     }
diff --git a/rust/net/src/auth.rs b/rust/net/src/auth.rs
index cd28efa1d..0028b3dcb 100644
--- a/rust/net/src/auth.rs
+++ b/rust/net/src/auth.rs
@@ -13,7 +13,7 @@ use sha2::Sha256;
 /// - username is a "hex(uid)"
 /// - password is a "timestamp:hex(otp(uid, timestamp, secret))"
 #[derive(Clone)]
-#[cfg_attr(feature = "test-util", derive(Default))]
+#[cfg_attr(any(test, feature = "test-util"), derive(Default))]
 pub struct Auth {
     pub username: String,
     pub password: String,
diff --git a/rust/net/src/chat.rs b/rust/net/src/chat.rs
index 01bca081c..7b536e7a5 100644
--- a/rust/net/src/chat.rs
+++ b/rust/net/src/chat.rs
@@ -678,7 +678,7 @@ impl ChatConnection {
     }
 }
 
-#[cfg(feature = "test-util")]
+#[cfg(any(test, feature = "test-util"))]
 pub mod test_support {
     use std::sync::Arc;
     use std::time::Duration;
diff --git a/rust/net/src/keytrans.rs b/rust/net/src/keytrans.rs
index 8cf265c4a..a7927dbb9 100644
--- a/rust/net/src/keytrans.rs
+++ b/rust/net/src/keytrans.rs
@@ -15,9 +15,10 @@ use http::header::{ACCEPT, CONTENT_TYPE};
 use http::uri::PathAndQuery;
 use libsignal_core::{Aci, E164};
 use libsignal_keytrans::{
-    ChatDistinguishedResponse, ChatSearchResponse, CondensedTreeSearchResponse, FullSearchResponse,
-    FullTreeHead, KeyTransparency, LastTreeHead, LocalStateUpdate, MonitoringData, SearchContext,
-    SlimSearchRequest, StoredMonitoringData, StoredTreeHead, VerifiedSearchResult,
+    AccountData, ChatDistinguishedResponse, ChatSearchResponse, CondensedTreeSearchResponse,
+    FullSearchResponse, FullTreeHead, KeyTransparency, LastTreeHead, LocalStateUpdate,
+    MonitoringData, SearchContext, SearchStateUpdate, SlimSearchRequest, StoredAccountData,
+    StoredMonitoringData, StoredTreeHead, VerifiedSearchResult,
 };
 use libsignal_protocol::{IdentityKey, PublicKey};
 use prost::{DecodeError, Message};
@@ -160,24 +161,37 @@ where
 // 0x00 is the current version prefix
 const SEARCH_VALUE_PREFIX: u8 = 0x00;
 
-struct SearchValue {
-    raw: Vec<u8>,
+/// A safe-to-use wrapper around the values returned by KT server.
+///
+/// The KT server stores values prefixed with an extra "version" byte, that needs
+/// to be stripped.
+///
+/// SearchValue validates the prefix upon construction from raw bytes, and
+/// provides acces to the actual underlying value via its payload method.
+struct SearchValue<'a> {
+    raw: &'a [u8],
 }
 
-impl SearchValue {
-    fn new(raw: Vec<u8>) -> Result<Self> {
-        match raw.as_slice() {
-            [SEARCH_VALUE_PREFIX, ..] => Ok(Self { raw }),
-            _ => Err(Error::InvalidResponse("bad value format")),
+impl<'a> TryFrom<&'a VerifiedSearchResult> for SearchValue<'a> {
+    type Error = Error;
+
+    fn try_from(result: &'a VerifiedSearchResult) -> Result<Self> {
+        let raw = result.value.as_slice();
+        if raw.first() == Some(&SEARCH_VALUE_PREFIX) {
+            Ok(Self { raw })
+        } else {
+            Err(Error::InvalidResponse("bad value format"))
         }
     }
+}
 
+impl SearchValue<'_> {
     fn payload(&self) -> &[u8] {
         &self.raw[1..]
     }
 }
 
-impl TryFrom<SearchValue> for Aci {
+impl TryFrom<SearchValue<'_>> for Aci {
     type Error = Error;
 
     fn try_from(value: SearchValue) -> std::result::Result<Self, Self::Error> {
@@ -185,7 +199,7 @@ impl TryFrom<SearchValue> for Aci {
     }
 }
 
-impl TryFrom<SearchValue> for IdentityKey {
+impl TryFrom<SearchValue<'_>> for IdentityKey {
     type Error = Error;
 
     fn try_from(value: SearchValue) -> std::result::Result<Self, Self::Error> {
@@ -246,10 +260,7 @@ pub struct Kt<'a> {
 
 #[derive(Debug, Clone, Default)]
 pub struct ChatSearchContext {
-    pub aci_monitor: Option<StoredMonitoringData>,
-    pub e164_monitor: Option<StoredMonitoringData>,
-    pub username_hash_monitor: Option<StoredMonitoringData>,
-    pub last_tree_head: Option<StoredTreeHead>,
+    pub account_data: Option<StoredAccountData>,
     pub distinguished_tree_head_size: u64,
 }
 
@@ -261,16 +272,18 @@ impl ChatSearchContext {
         e164: Option<&(E164, Vec<u8>)>,
         username_hash: Option<&UsernameHash>,
     ) -> RawChatSearchRequest {
+        fn get_tree_size(account_data: &StoredAccountData) -> Option<u64> {
+            let stored = account_data.last_tree_head.as_ref()?;
+            let head = stored.tree_head.as_ref()?;
+            Some(head.tree_size)
+        }
         RawChatSearchRequest {
             aci: aci.service_id_string(),
             aci_identity_key: BASE64_STANDARD.encode(aci_identity_key.serialize()),
             e164: e164.map(|x| x.0.to_string()),
             username_hash: username_hash.map(|x| BASE64_URL_SAFE_NO_PAD.encode(x.as_ref())),
             unidentified_access_key: e164.map(|x| BASE64_STANDARD.encode(&x.1)),
-            last_tree_head_size: self
-                .last_tree_head
-                .as_ref()
-                .and_then(|stored| stored.tree_head.as_ref().map(|h| h.tree_size)),
+            last_tree_head_size: self.account_data.as_ref().and_then(get_tree_size),
             distinguished_tree_head_size: self.distinguished_tree_head_size,
         }
     }
@@ -281,29 +294,8 @@ pub struct SearchResult {
     pub aci_identity_key: IdentityKey,
     pub aci_for_e164: Option<Aci>,
     pub aci_for_username_hash: Option<Aci>,
-    pub state_update: Option<LocalStateUpdate>,
-}
-
-impl SearchResult {
-    pub fn serialized_tree_head(&self) -> Option<Vec<u8>> {
-        self.state_update
-            .as_ref()
-            .map(|x| StoredTreeHead::from((x.tree_head.clone(), x.tree_root)).encode_to_vec())
-    }
-
-    pub fn serialized_monitoring_data(&self) -> Vec<(Vec<u8>, Vec<u8>)> {
-        fn serialize_all(xs: Vec<(Vec<u8>, MonitoringData)>) -> Vec<(Vec<u8>, Vec<u8>)> {
-            xs.into_iter()
-                .map(|(key, data)| (key, StoredMonitoringData::from(data).encode_to_vec()))
-                .collect()
-        }
-        let typed_updates = self
-            .state_update
-            .as_ref()
-            .map(|update| update.monitors.clone())
-            .unwrap_or_default();
-        serialize_all(typed_updates)
-    }
+    pub timestamp: SystemTime,
+    pub account_data: StoredAccountData,
 }
 
 impl<'a> Kt<'a> {
@@ -336,102 +328,132 @@ impl<'a> Kt<'a> {
             context.make_raw_request(aci, aci_identity_key, e164.as_ref(), username_hash.as_ref());
         let response = self.send(raw_request.into()).await?;
 
-        let search_response = RawChatSerializedResponse::try_from(response)
+        let chat_search_response = RawChatSerializedResponse::try_from(response)
             .and_then(TypedChatSearchResponse::try_from)?;
 
         let ChatSearchContext {
-            aci_monitor,
-            e164_monitor,
-            username_hash_monitor,
-            last_tree_head,
-            ..
+            account_data: stored_account_data,
+            distinguished_tree_head_size: _,
         } = context;
-        let last_tree_head = last_tree_head.and_then(|stored| stored.into_last_tree_head());
-
-        let make_single_context = |data| SearchContext {
-            last_tree_head: last_tree_head.clone(),
-            data,
-        };
 
+        let account_data = stored_account_data.map(AccountData::try_from).transpose()?;
         let now = SystemTime::now();
 
-        let mut all_updates = Vec::with_capacity(3);
-        let mut aci_data = None;
-        let mut e164_data = None;
-        let mut username_hash_data = None;
-
-        for (key, response, value_destination, monitor) in [
-            (
-                Some(aci.as_search_key()),
-                Some(search_response.aci_search_response),
-                &mut aci_data,
-                aci_monitor,
-            ),
-            (
-                e164.map(|x| x.0.as_search_key()),
-                search_response.e164_search_response,
-                &mut e164_data,
-                e164_monitor,
-            ),
-            (
-                username_hash.map(|x| x.as_search_key()),
-                search_response.username_hash_search_response,
-                &mut username_hash_data,
-                username_hash_monitor,
-            ),
-        ] {
-            let request = key.map(SlimSearchRequest::new);
-            let VerifiedSearchResult {
-                value,
-                state_update,
-            } = match (request, response) {
-                (Some(request), Some(response)) => {
-                    let data = monitor.map(MonitoringData::from);
-                    let context = make_single_context(data);
-                    let response =
-                        FullSearchResponse::new(response, &search_response.full_tree_head);
-                    self.inner
-                        .verify_search(request, response, context, true, now)?
-                }
-                (None, None) => continue,
-                _ => {
-                    return Err(Error::InvalidResponse(
-                        "request/response optionality mismatch",
-                    ))
-                }
-            };
-            // We do not strip the prefix, merely validating that it is correct.
-            *value_destination = value.map(SearchValue::new).transpose()?;
-            all_updates.push(state_update);
-        }
-
-        let Some(aci_result) = aci_data else {
+        // TODO: this could be a `validate` on the TypedSearchResponse, but then what to accept as the "expected" arguments?
+        if e164.is_some() != chat_search_response.e164_search_response.is_some()
+            || username_hash.is_some()
+                != chat_search_response.username_hash_search_response.is_some()
+        {
             return Err(Error::InvalidResponse(
-                "response must contain ACI Identity Key",
+                "request/response optionality mismatch",
             ));
+        }
+
+        let (
+            aci_monitoring_data,
+            e164_monitoring_data,
+            username_hash_monitoring_data,
+            stored_last_tree_head,
+        ) = match account_data {
+            None => (None, None, None, None),
+            Some(acc) => {
+                let AccountData {
+                    aci,
+                    e164,
+                    username_hash,
+                    last_tree_head,
+                } = acc;
+                (Some(aci), e164, username_hash, Some(last_tree_head))
+            }
         };
 
-        let identity_key = IdentityKey::try_from(aci_result)?;
-        let aci_for_e164 = e164_data.map(Aci::try_from).transpose()?;
-        let aci_for_username_hash = username_hash_data.map(Aci::try_from).transpose()?;
+        let aci_result = self.do_verify_search(
+            aci.as_search_key(),
+            chat_search_response.aci_search_response,
+            aci_monitoring_data,
+            &chat_search_response.full_tree_head,
+            stored_last_tree_head.as_ref(),
+            now,
+        )?;
+        let e164_result = e164
+            .map(|(e164, _)| {
+                self.do_verify_search(
+                    e164.as_search_key(),
+                    chat_search_response
+                        .e164_search_response
+                        .expect("e164 response must be present"),
+                    e164_monitoring_data,
+                    &chat_search_response.full_tree_head,
+                    stored_last_tree_head.as_ref(),
+                    now,
+                )
+            })
+            .transpose()?;
+        let username_hash_result = username_hash
+            .map(|username_hash| {
+                self.do_verify_search(
+                    username_hash.as_search_key(),
+                    chat_search_response
+                        .username_hash_search_response
+                        .expect("username hash response must be present"),
+                    username_hash_monitoring_data,
+                    &chat_search_response.full_tree_head,
+                    stored_last_tree_head.as_ref(),
+                    now,
+                )
+            })
+            .transpose()?;
+
+        if !aci_result.are_all_roots_equal([e164_result.as_ref(), username_hash_result.as_ref()]) {
+            return Err(Error::InvalidResponse("mismatching tree roots"));
+        }
+
+        let identity_key = extract_value_as::<IdentityKey>(&aci_result)?;
+        let aci_for_e164 = e164_result
+            .as_ref()
+            .map(extract_value_as::<Aci>)
+            .transpose()?;
+        let aci_for_username_hash = username_hash_result
+            .as_ref()
+            .map(extract_value_as::<Aci>)
+            .transpose()?;
+
+        // ACI response is guaranteed to be present, taking the last tree head from it.
+        let LocalStateUpdate {
+            tree_head,
+            tree_root,
+            monitoring_data: updated_aci_monitoring_data,
+        } = aci_result.state_update;
 
-        let state_update = all_updates.into_iter().reduce(|mut acc, next| {
-            acc.merge(&next);
-            acc
-        });
+        let last_tree_head = StoredTreeHead {
+            tree_head: Some(tree_head),
+            root: tree_root.into(),
+        };
+
+        let updated_account_data = StoredAccountData {
+            aci: updated_aci_monitoring_data.map(StoredMonitoringData::from),
+            e164: e164_result
+                .and_then(|r| r.state_update.monitoring_data)
+                .map(StoredMonitoringData::from),
+            username_hash: username_hash_result
+                .and_then(|r| r.state_update.monitoring_data)
+                .map(StoredMonitoringData::from),
+            last_tree_head: Some(last_tree_head),
+        };
 
         Ok(SearchResult {
             aci_identity_key: identity_key,
             aci_for_e164,
             aci_for_username_hash,
-            state_update,
+            timestamp: now,
+            account_data: updated_account_data,
         })
     }
 
     pub async fn distinguished(
         &self,
         last_distinguished: Option<LastTreeHead>,
-    ) -> Result<LocalStateUpdate> {
+    ) -> Result<SearchStateUpdate> {
         let distinguished_size = last_distinguished
             .as_ref()
             .map(|last_tree_head| last_tree_head.0.tree_size);
@@ -458,7 +480,7 @@ impl<'a> Kt<'a> {
             slim_search_request,
             search_response,
             SearchContext {
-                last_tree_head: last_distinguished,
+                last_tree_head: last_distinguished.as_ref(),
                 ..Default::default()
             },
             false,
@@ -466,6 +488,37 @@ impl<'a> Kt<'a> {
         )?;
         Ok(verified_result.state_update)
     }
+
+    fn do_verify_search(
+        &self,
+        search_key: Vec<u8>,
+        response: CondensedTreeSearchResponse,
+        monitoring_data: Option<MonitoringData>,
+        full_tree_head: &FullTreeHead,
+        last_tree_head: Option<&LastTreeHead>,
+        now: SystemTime,
+    ) -> Result<VerifiedSearchResult> {
+        let result = self.inner.verify_search(
+            SlimSearchRequest::new(search_key),
+            FullSearchResponse::new(response, full_tree_head),
+            SearchContext {
+                last_tree_head,
+                data: monitoring_data.map(MonitoringData::from),
+            },
+            true,
+            now,
+        )?;
+        Ok(result)
+    }
+}
+
+// Cannot be a method on VerifiedSearchResult due to use of SearchValue
+fn extract_value_as<T>(result: &VerifiedSearchResult) -> Result<T>
+where
+    T: for<'a> TryFrom<SearchValue<'a>, Error = Error>,
+{
+    let val = SearchValue::try_from(result)?;
+    val.try_into()
 }
 
 const SEARCH_KEY_PREFIX_ACI: &[u8] = b"a";
@@ -590,7 +643,6 @@ mod test {
         }
     }
 
-    #[cfg(feature = "test-util")]
     async fn make_chat() -> AnyChat {
         use crate::chat::test_support::simple_chat_service;
         let chat = simple_chat_service(
@@ -607,7 +659,6 @@ mod test {
         chat
     }
 
-    #[cfg(feature = "test-util")]
     #[tokio::test]
     #[test_case(false, false; "ACI")]
     #[test_case(false, true; "ACI + E164")]
@@ -644,8 +695,8 @@ mod test {
                 use_e164.then_some(e164),
                 use_username_hash.then_some(username_hash),
                 ChatSearchContext {
+                    account_data: None,
                     distinguished_tree_head_size,
-                    ..Default::default()
                 },
             )
             .await;
@@ -660,7 +711,6 @@ mod test {
     }
 
     #[tokio::test]
-    #[cfg(feature = "test-util")]
     async fn distinguished_integration_test() {
         if std::env::var("LIBSIGNAL_TESTING_RUN_NONHERMETIC_TESTS").is_err() {
             println!("SKIPPED: running integration tests is not enabled");

From 82ea3b97cc8ec65a6fa00a43cc62137f06aadf2e Mon Sep 17 00:00:00 2001
From: Cody Henthorne <cody@signal.org>
Date: Wed, 4 Dec 2024 13:36:38 -0500
Subject: [PATCH 45/57] Add basic notification profile and chat folder backup
 proto support.

---
 rust/message-backup/src/backup.rs          | 17 +++++++
 rust/message-backup/src/proto/backup.proto | 58 +++++++++++++++++++++-
 rust/message-backup/src/scramble.rs        | 39 +++++++++++++++
 3 files changed, 112 insertions(+), 2 deletions(-)

diff --git a/rust/message-backup/src/backup.rs b/rust/message-backup/src/backup.rs
index 53ce929a1..0d20ae44a 100644
--- a/rust/message-backup/src/backup.rs
+++ b/rust/message-backup/src/backup.rs
@@ -419,6 +419,12 @@ impl<M: Method + ReferencedTypes> PartialBackup<M> {
                 self.add_sticker_pack(sticker_pack).map_err(Into::into)
             }
             FrameItem::AdHocCall(call) => self.add_ad_hoc_call(call).map_err(Into::into),
+            FrameItem::NotificationProfile(notification_profile) => self
+                .add_notification_profile(notification_profile)
+                .map_err(Into::into),
+            FrameItem::ChatFolder(chat_folder) => {
+                self.add_chat_folder(chat_folder).map_err(Into::into)
+            }
         }
     }
 
@@ -506,6 +512,17 @@ impl<M: Method + ReferencedTypes> PartialBackup<M> {
             }
         }
     }
+
+    fn add_notification_profile(
+        &mut self,
+        _notification_profile: proto::NotificationProfile,
+    ) -> Result<(), ValidationError> {
+        Ok(())
+    }
+
+    fn add_chat_folder(&mut self, _chat_folder: proto::ChatFolder) -> Result<(), ValidationError> {
+        Ok(())
+    }
 }
 
 impl<M: Method + ReferencedTypes> ChatsData<M> {
diff --git a/rust/message-backup/src/proto/backup.proto b/rust/message-backup/src/proto/backup.proto
index 1e44f961c..eafdcddf9 100644
--- a/rust/message-backup/src/proto/backup.proto
+++ b/rust/message-backup/src/proto/backup.proto
@@ -19,8 +19,9 @@ message BackupInfo {
 // 3. All ChatItems must appear in global Chat rendering order.
 //    (The order in which they were received by the client.)
 //
-// Recipients, Chats, StickerPacks, and AdHocCalls can be in any order.
-// (But must respect rule 2.)
+// Recipients, Chats, StickerPacks, AdHocCalls, NotificationProfiles,
+// and ChatFolders can be in any order. (But must respect rule 2.)
+//
 // For example, Chats may all be together at the beginning,
 // or may each immediately precede its first ChatItem.
 message Frame {
@@ -31,6 +32,8 @@ message Frame {
     ChatItem chatItem = 4;
     StickerPack stickerPack = 5;
     AdHocCall adHocCall = 6;
+    NotificationProfile notificationProfile = 7;
+    ChatFolder chatFolder = 8;
   }
 }
 
@@ -1183,3 +1186,54 @@ message ChatStyle {
 
   bool dimWallpaperInDarkMode = 7;
 }
+
+message NotificationProfile {
+  message Schedule {
+    enum DayOfWeek {
+      UNKNOWN = 0;
+      MONDAY = 1;
+      TUESDAY = 2;
+      WEDNESDAY = 3;
+      THURSDAY = 4;
+      FRIDAY = 5;
+      SATURDAY = 6;
+      SUNDAY = 7;
+    }
+
+    bool enabled = 1;
+    uint32 startTime = 2; // 24-hour clock int (e.g., 900, 1130, 2345)
+    uint32 endTime = 3; // 24-hour clock int (e.g., 900, 1130, 2345)
+    repeated DayOfWeek daysEnabled = 4;
+  }
+
+  string name = 1;
+  optional string emoji = 2;
+  fixed32 color = 3; // 0xAARRGGBB
+  uint64 createdAtMs = 4;
+  bool allowAllCalls = 5;
+  bool allowAllMentions = 6;
+  Schedule schedule = 7;
+  repeated uint64 allowedMembers = 8; // generated recipient id for allowed groups and contacts
+}
+
+message ChatFolder {
+  // Represents the default "All chats" folder record vs all other custom folders
+  enum FolderType {
+    UNKNOWN = 0;
+    ALL = 1;
+    CUSTOM = 2;
+  }
+
+  string name = 1;
+  // Position order of folder, low-to-high from start-to-end
+  uint32 position = 2;
+  bool showUnread = 3;
+  bool showMutedChats = 4;
+  // Folder includes all 1:1 chats, unless excluded
+  bool includeAllIndividualChats = 5;
+  // Folder includes all group chats, unless excluded
+  bool includeAllGroupChats = 6;
+  FolderType folderType = 7;
+  repeated uint64 includedRecipientIds = 8; // generated recipient id of groups, contacts, and/or note to self
+  repeated uint64 excludedRecipientIds = 9; // generated recipient id of groups, contacts, and/or note to self
+}
diff --git a/rust/message-backup/src/scramble.rs b/rust/message-backup/src/scramble.rs
index 66b19c62a..56839bded 100644
--- a/rust/message-backup/src/scramble.rs
+++ b/rust/message-backup/src/scramble.rs
@@ -195,6 +195,8 @@ impl Visit<Scrambler> for proto::Frame {
                 Item::ChatItem(item) => item.accept(visitor),
                 Item::StickerPack(item) => item.accept(visitor),
                 Item::AdHocCall(item) => item.accept(visitor),
+                Item::NotificationProfile(item) => item.accept(visitor),
+                Item::ChatFolder(item) => item.accept(visitor),
             }
         }
     }
@@ -1950,3 +1952,40 @@ impl Visit<Scrambler> for proto::AdHocCall {
         } = self;
     }
 }
+
+impl Visit<Scrambler> for proto::NotificationProfile {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            name,
+            emoji: _,
+            color: _,
+            createdAtMs: _,
+            allowAllCalls: _,
+            allowAllMentions: _,
+            schedule: _,
+            allowedMembers: _,
+            special_fields: _,
+        } = self;
+
+        name.randomize(&mut visitor.rng)
+    }
+}
+
+impl Visit<Scrambler> for proto::ChatFolder {
+    fn accept(&mut self, visitor: &mut Scrambler) {
+        let Self {
+            name,
+            position: _,
+            showUnread: _,
+            showMutedChats: _,
+            includeAllIndividualChats: _,
+            includeAllGroupChats: _,
+            folderType: _,
+            includedRecipientIds: _,
+            excludedRecipientIds: _,
+            special_fields: _,
+        } = self;
+
+        name.randomize(&mut visitor.rng)
+    }
+}

From 8eb73001d0a6dd418bce33c7b4bef0e5a8deaabc Mon Sep 17 00:00:00 2001
From: Cody Henthorne <cody@signal.org>
Date: Wed, 4 Dec 2024 15:26:20 -0500
Subject: [PATCH 46/57] Tweak notification profile and chat folder backup
 support.

---
 rust/message-backup/src/proto/backup.proto | 69 +++++++++++-----------
 rust/message-backup/src/scramble.rs        |  8 ++-
 2 files changed, 38 insertions(+), 39 deletions(-)

diff --git a/rust/message-backup/src/proto/backup.proto b/rust/message-backup/src/proto/backup.proto
index eafdcddf9..57138af71 100644
--- a/rust/message-backup/src/proto/backup.proto
+++ b/rust/message-backup/src/proto/backup.proto
@@ -18,9 +18,12 @@ message BackupInfo {
 //    e.g. a Recipient must come before any Chat referencing it.
 // 3. All ChatItems must appear in global Chat rendering order.
 //    (The order in which they were received by the client.)
+// 4. ChatFolders must appear in render order (e.g., left to right for
+//    LTR locales), but can appear anywhere relative to other frames respecting
+//    rule 2.
 //
-// Recipients, Chats, StickerPacks, AdHocCalls, NotificationProfiles,
-// and ChatFolders can be in any order. (But must respect rule 2.)
+// Recipients, Chats, StickerPacks, AdHocCalls, and NotificationProfiles
+// can be in any order. (But must respect rule 2.)
 //
 // For example, Chats may all be together at the beginning,
 // or may each immediately precede its first ChatItem.
@@ -461,14 +464,14 @@ message PaymentNotification {
       Status status = 1;
 
       // This identification is used to map the payment table to the ledger
-      // and is likely required otherwise we may have issues reconciling with 
+      // and is likely required otherwise we may have issues reconciling with
       // the ledger
       MobileCoinTxoIdentification mobileCoinIdentification = 2;
       optional uint64 timestamp = 3;
       optional uint64 blockIndex = 4;
       optional uint64 blockTimestamp = 5;
-      optional bytes transaction = 6; // mobile coin blobs 
-      optional bytes receipt = 7; // mobile coin blobs 
+      optional bytes transaction = 6; // mobile coin blobs
+      optional bytes receipt = 7; // mobile coin blobs
     }
 
     oneof payment {
@@ -476,12 +479,12 @@ message PaymentNotification {
       FailedTransaction failedTransaction = 2;
     }
   }
-  
+
   optional string amountMob = 1; // stored as a decimal string, e.g. 1.00001
   optional string feeMob = 2; // stored as a decimal string, e.g. 1.00001
   optional string note = 3;
   TransactionDetails transactionDetails = 4;
-  
+
 }
 
 message GiftBadge {
@@ -646,7 +649,7 @@ message FilePointer {
   }
 
   // References attachments that are invalid in such a way where download
-  // cannot be attempted. Could range from missing digests to missing 
+  // cannot be attempted. Could range from missing digests to missing
   // CDN keys or anything else that makes download attempts impossible.
   // This serves as a 'tombstone' so that the UX can show that an attachment
   // did exist, but for whatever reason it's not retrievable.
@@ -792,7 +795,7 @@ message GroupCall {
   optional uint64 ringerRecipientId = 3;
   optional uint64 startedCallRecipientId = 4;
   uint64 startedCallTimestamp = 5;
-  optional uint64 endedCallTimestamp = 6; // The time the call ended. 
+  optional uint64 endedCallTimestamp = 6; // The time the call ended.
   bool read = 7;
 }
 
@@ -1188,22 +1191,15 @@ message ChatStyle {
 }
 
 message NotificationProfile {
-  message Schedule {
-    enum DayOfWeek {
-      UNKNOWN = 0;
-      MONDAY = 1;
-      TUESDAY = 2;
-      WEDNESDAY = 3;
-      THURSDAY = 4;
-      FRIDAY = 5;
-      SATURDAY = 6;
-      SUNDAY = 7;
-    }
-
-    bool enabled = 1;
-    uint32 startTime = 2; // 24-hour clock int (e.g., 900, 1130, 2345)
-    uint32 endTime = 3; // 24-hour clock int (e.g., 900, 1130, 2345)
-    repeated DayOfWeek daysEnabled = 4;
+  enum DayOfWeek {
+    UNKNOWN = 0;
+    MONDAY = 1;
+    TUESDAY = 2;
+    WEDNESDAY = 3;
+    THURSDAY = 4;
+    FRIDAY = 5;
+    SATURDAY = 6;
+    SUNDAY = 7;
   }
 
   string name = 1;
@@ -1212,8 +1208,11 @@ message NotificationProfile {
   uint64 createdAtMs = 4;
   bool allowAllCalls = 5;
   bool allowAllMentions = 6;
-  Schedule schedule = 7;
-  repeated uint64 allowedMembers = 8; // generated recipient id for allowed groups and contacts
+  repeated uint64 allowedMembers = 7; // generated recipient id for allowed groups and contacts
+  bool scheduleEnabled = 8;
+  uint32 scheduleStartTime = 9; // 24-hour clock int, 0000-2359 (e.g., 15, 900, 1130, 2345)
+  uint32 scheduleEndTime = 10; // 24-hour clock int, 0000-2359 (e.g., 15, 900, 1130, 2345)
+  repeated DayOfWeek scheduleDaysEnabled = 11;
 }
 
 message ChatFolder {
@@ -1225,15 +1224,13 @@ message ChatFolder {
   }
 
   string name = 1;
-  // Position order of folder, low-to-high from start-to-end
-  uint32 position = 2;
-  bool showUnread = 3;
-  bool showMutedChats = 4;
+  bool showOnlyUnread = 2;
+  bool showMutedChats = 3;
   // Folder includes all 1:1 chats, unless excluded
-  bool includeAllIndividualChats = 5;
+  bool includeAllIndividualChats = 4;
   // Folder includes all group chats, unless excluded
-  bool includeAllGroupChats = 6;
-  FolderType folderType = 7;
-  repeated uint64 includedRecipientIds = 8; // generated recipient id of groups, contacts, and/or note to self
-  repeated uint64 excludedRecipientIds = 9; // generated recipient id of groups, contacts, and/or note to self
+  bool includeAllGroupChats = 5;
+  FolderType folderType = 6;
+  repeated uint64 includedRecipientIds = 7; // generated recipient id of groups, contacts, and/or note to self
+  repeated uint64 excludedRecipientIds = 8; // generated recipient id of groups, contacts, and/or note to self
 }
diff --git a/rust/message-backup/src/scramble.rs b/rust/message-backup/src/scramble.rs
index 56839bded..7badc36d6 100644
--- a/rust/message-backup/src/scramble.rs
+++ b/rust/message-backup/src/scramble.rs
@@ -1962,8 +1962,11 @@ impl Visit<Scrambler> for proto::NotificationProfile {
             createdAtMs: _,
             allowAllCalls: _,
             allowAllMentions: _,
-            schedule: _,
             allowedMembers: _,
+            scheduleEnabled: _,
+            scheduleStartTime: _,
+            scheduleEndTime: _,
+            scheduleDaysEnabled: _,
             special_fields: _,
         } = self;
 
@@ -1975,8 +1978,7 @@ impl Visit<Scrambler> for proto::ChatFolder {
     fn accept(&mut self, visitor: &mut Scrambler) {
         let Self {
             name,
-            position: _,
-            showUnread: _,
+            showOnlyUnread: _,
             showMutedChats: _,
             includeAllIndividualChats: _,
             includeAllGroupChats: _,

From 375ce75f676e25a1531c964b567d2e782be89160 Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Wed, 4 Dec 2024 13:08:46 -0800
Subject: [PATCH 47/57] backup: Disallow duplicate recipients in a distribution
 list

---
 rust/message-backup/src/backup/recipient.rs | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/rust/message-backup/src/backup/recipient.rs b/rust/message-backup/src/backup/recipient.rs
index ad4c0d025..734e5001d 100644
--- a/rust/message-backup/src/backup/recipient.rs
+++ b/rust/message-backup/src/backup/recipient.rs
@@ -16,6 +16,7 @@ use zkgroup::ProfileKeyBytes;
 
 use crate::backup::call::{CallLink, CallLinkError};
 use crate::backup::frame::RecipientId;
+use crate::backup::map::IntMap;
 use crate::backup::method::{LookupPair, Method, Store, ValidateOnly};
 use crate::backup::serialize::{self, SerializeOrder, UnorderedList};
 use crate::backup::time::{ReportUnusualTimestamp, Timestamp};
@@ -71,6 +72,8 @@ pub enum RecipientError {
     DistributionListItemMissing,
     /// distribution list member {0:?} is unknown
     DistributionListMemberUnknown(RecipientId),
+    /// distribution list member {0:?} appears multiple times
+    DistributionListMemberDuplicate(RecipientId),
     /// distribution list member {0:?} is a {1:?} not a contact
     DistributionListMemberWrongKind(RecipientId, DestinationKind),
 }
@@ -488,10 +491,14 @@ impl<R: Clone, C: LookupPair<RecipientId, DestinationKind, R> + ReportUnusualTim
                         special_fields: _,
                     },
                 ) => {
+                    let mut members_seen = IntMap::default();
                     let members: UnorderedList<R> = memberRecipientIds
                         .into_iter()
                         .map(|id| {
                             let id = RecipientId(id);
+                            if members_seen.insert(id, ()).is_some() {
+                                return Err(RecipientError::DistributionListMemberDuplicate(id));
+                            }
                             let (&kind, recipient_reference) = context
                                 .lookup_pair(&id)
                                 .ok_or(RecipientError::DistributionListMemberUnknown(id))?;
@@ -791,6 +798,11 @@ mod test {
         Err(RecipientError::DistributionListMemberUnknown(UNKNOWN_RECIPIENT_ID));
         "unknown_member"
     )]
+    #[test_case(
+        |x| x.mut_distributionList().memberRecipientIds.push(TestContext::CONTACT_ID.0) =>
+        Err(RecipientError::DistributionListMemberDuplicate(TestContext::CONTACT_ID));
+        "duplicate_member"
+    )]
     #[test_case(
         |x| x.mut_distributionList().memberRecipientIds.push(TestContext::SELF_ID.0) =>
         Err(RecipientError::DistributionListMemberWrongKind(TestContext::SELF_ID, DestinationKind::Self_));

From b5cf5e6b4ac40d9ca6cf34b76d3a8cc9a42b66e1 Mon Sep 17 00:00:00 2001
From: andrew-signal <andrew@signal.org>
Date: Wed, 4 Dec 2024 19:45:14 -0500
Subject: [PATCH 48/57] Chore: update boring fork to v4.13.0

---
 Cargo.lock                            | 24 ++++++++++++----
 Cargo.toml                            |  6 ++--
 acknowledgments/acknowledgments.html  | 41 ++++++++++++++++++++++-----
 acknowledgments/acknowledgments.md    | 37 ++++++++++++++++++++----
 acknowledgments/acknowledgments.plist | 41 +++++++++++++++++++++++----
 rust/attest/src/cert_chain.rs         | 13 ++++-----
 rust/attest/src/dcap.rs               | 13 ++++-----
 7 files changed, 131 insertions(+), 44 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index d5737c2c6..1bebc16d1 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -421,20 +421,21 @@ dependencies = [
 
 [[package]]
 name = "boring"
-version = "4.9.0"
-source = "git+https://github.com/signalapp/boring?tag=signal-v4.9.0b#3d4180b232d332a86ee3b41d1a622b0f1c1c6037"
+version = "4.13.0"
+source = "git+https://github.com/signalapp/boring?tag=signal-v4.13.0#1af143f50937bce6a9a9c7405ec824a9153c8ba0"
 dependencies = [
  "bitflags",
  "boring-sys",
  "foreign-types",
  "libc",
  "once_cell",
+ "openssl-macros",
 ]
 
 [[package]]
 name = "boring-sys"
-version = "4.9.0"
-source = "git+https://github.com/signalapp/boring?tag=signal-v4.9.0b#3d4180b232d332a86ee3b41d1a622b0f1c1c6037"
+version = "4.13.0"
+source = "git+https://github.com/signalapp/boring?tag=signal-v4.13.0#1af143f50937bce6a9a9c7405ec824a9153c8ba0"
 dependencies = [
  "autocfg",
  "bindgen",
@@ -2972,6 +2973,17 @@ version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381"
 
+[[package]]
+name = "openssl-macros"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.77",
+]
+
 [[package]]
 name = "openssl-probe"
 version = "0.1.5"
@@ -4487,8 +4499,8 @@ dependencies = [
 
 [[package]]
 name = "tokio-boring"
-version = "4.9.0"
-source = "git+https://github.com/signalapp/boring?tag=signal-v4.9.0b#3d4180b232d332a86ee3b41d1a622b0f1c1c6037"
+version = "4.13.0"
+source = "git+https://github.com/signalapp/boring?tag=signal-v4.13.0#1af143f50937bce6a9a9c7405ec824a9153c8ba0"
 dependencies = [
  "boring",
  "boring-sys",
diff --git a/Cargo.toml b/Cargo.toml
index 6645b8e4b..3f24cc7e0 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -69,9 +69,9 @@ signal-neon-futures = { path = "rust/bridge/node/futures" }
 # Our forks of some dependencies, accessible as xxx_signal so that usages of them are obvious in source code. Crates
 # that want to use the real things can depend on those directly.
 
-boring-signal = { git = "https://github.com/signalapp/boring", tag = "signal-v4.9.0b", package = "boring", default-features = false }
+boring-signal = { git = "https://github.com/signalapp/boring", tag = "signal-v4.13.0", package = "boring", default-features = false }
 curve25519-dalek-signal = { git = 'https://github.com/signalapp/curve25519-dalek', package = "curve25519-dalek", tag = 'signal-curve25519-4.1.3' }
-tokio-boring-signal = { git = "https://github.com/signalapp/boring", package = "tokio-boring", tag = "signal-v4.9.0b" }
+tokio-boring-signal = { git = "https://github.com/signalapp/boring", package = "tokio-boring", tag = "signal-v4.13.0" }
 
 aes = "0.8.3"
 aes-gcm-siv = "0.11.1"
@@ -157,7 +157,7 @@ zerocopy = "0.7.34"
 [patch.crates-io]
 # When building libsignal, just use our forks so we don't end up with two different versions of the libraries.
 
-boring = { git = 'https://github.com/signalapp/boring', tag = 'signal-v4.9.0b' }
+boring = { git = 'https://github.com/signalapp/boring', tag = 'signal-v4.13.0' }
 curve25519-dalek = { git = 'https://github.com/signalapp/curve25519-dalek', tag = 'signal-curve25519-4.1.3' }
 
 [profile.dev.package.argon2]
diff --git a/acknowledgments/acknowledgments.html b/acknowledgments/acknowledgments.html
index 32038ca34..431906138 100644
--- a/acknowledgments/acknowledgments.html
+++ b/acknowledgments/acknowledgments.html
@@ -46,7 +46,7 @@ <h1>Third Party Licenses</h1>
     
         <h2>Overview of licenses:</h2>
         <ul class="licenses-overview">
-            <li><a href="#MIT">MIT License</a> (336)</li>
+            <li><a href="#MIT">MIT License</a> (337)</li>
             <li><a href="#AGPL-3.0">GNU Affero General Public License v3.0</a> (29)</li>
             <li><a href="#Apache-2.0">Apache License 2.0</a> (16)</li>
             <li><a href="#BSD-3-Clause">BSD 3-Clause &quot;New&quot; or &quot;Revised&quot; License</a> (9)</li>
@@ -2230,7 +2230,7 @@ <h4>Used by:</h4>
                 <h3 id="Apache-2.0">Apache License 2.0</h3>
                 <h4>Used by:</h4>
                 <ul class="license-used-by">
-                    <li><a href="https://github.com/cloudflare/boring">boring 4.9.0</a></li>
+                    <li><a href="https://github.com/cloudflare/boring">boring 4.13.0</a></li>
                 </ul>
                 <pre class="license-text">Copyright 2011-2017 Google Inc.
           2013 Jack Lloyd
@@ -2724,7 +2724,7 @@ <h4>Used by:</h4>
                 <h3 id="ISC">ISC License</h3>
                 <h4>Used by:</h4>
                 <ul class="license-used-by">
-                    <li><a href="https://github.com/cloudflare/boring">boring-sys 4.9.0</a></li>
+                    <li><a href="https://github.com/cloudflare/boring">boring-sys 4.13.0</a></li>
                 </ul>
                 <pre class="license-text">/* Copyright (c) 2015, Google Inc.
  *
@@ -3149,7 +3149,7 @@ <h4>Used by:</h4>
                 <h3 id="MIT">MIT License</h3>
                 <h4>Used by:</h4>
                 <ul class="license-used-by">
-                    <li><a href="https://github.com/cloudflare/boring">boring-sys 4.9.0</a></li>
+                    <li><a href="https://github.com/cloudflare/boring">boring-sys 4.13.0</a></li>
                 </ul>
                 <pre class="license-text">Copyright (c) 2014 Alex Crichton
 Copyright (c) 2020 Ivan Nikulin &lt;ifaaan@gmail.com&gt;
@@ -3884,7 +3884,7 @@ <h4>Used by:</h4>
                 <h3 id="MIT">MIT License</h3>
                 <h4>Used by:</h4>
                 <ul class="license-used-by">
-                    <li><a href="https://github.com/cloudflare/boring">boring-sys 4.9.0</a></li>
+                    <li><a href="https://github.com/cloudflare/boring">boring-sys 4.13.0</a></li>
                 </ul>
                 <pre class="license-text">Copyright (c) 2015-2016 the fiat-crypto authors (see
 https://github.com/mit-plv/fiat-crypto/blob/master/AUTHORS).
@@ -4472,7 +4472,7 @@ <h4>Used by:</h4>
                 <h3 id="MIT">MIT License</h3>
                 <h4>Used by:</h4>
                 <ul class="license-used-by">
-                    <li><a href="https://github.com/cloudflare/boring">tokio-boring 4.9.0</a></li>
+                    <li><a href="https://github.com/cloudflare/boring">tokio-boring 4.13.0</a></li>
                 </ul>
                 <pre class="license-text">Copyright (c) 2016 Tokio contributors
 Copyright (c) 2020 Ivan Nikulin &lt;ifaaan@gmail.com&gt;
@@ -6285,6 +6285,33 @@ <h4>Used by:</h4>
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 
+THE SOFTWARE IS PROVIDED &quot;AS IS&quot;, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+</pre>
+            </li>
+            <li class="license">
+                <h3 id="MIT">MIT License</h3>
+                <h4>Used by:</h4>
+                <ul class="license-used-by">
+                    <li><a href="https://crates.io/crates/openssl-macros">openssl-macros 0.1.1</a></li>
+                </ul>
+                <pre class="license-text">Copyright (c) 2022 Steven Fackler
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the &quot;Software&quot;), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
 THE SOFTWARE IS PROVIDED &quot;AS IS&quot;, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
@@ -8405,7 +8432,7 @@ <h4>Used by:</h4>
                 <h3 id="OpenSSL">OpenSSL License</h3>
                 <h4>Used by:</h4>
                 <ul class="license-used-by">
-                    <li><a href="https://github.com/cloudflare/boring">boring-sys 4.9.0</a></li>
+                    <li><a href="https://github.com/cloudflare/boring">boring-sys 4.13.0</a></li>
                     <li><a href="https://github.com/briansmith/ring">ring 0.17.8</a></li>
                 </ul>
                 <pre class="license-text">/* &#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;&#x3D;
diff --git a/acknowledgments/acknowledgments.md b/acknowledgments/acknowledgments.md
index 04632268b..bf35d529d 100644
--- a/acknowledgments/acknowledgments.md
+++ b/acknowledgments/acknowledgments.md
@@ -2117,7 +2117,7 @@ limitations under the License.
 
 ```
 
-## boring 4.9.0
+## boring 4.13.0
 
 ```
 Copyright 2011-2017 Google Inc.
@@ -2586,7 +2586,7 @@ express Statement of Purpose.
    CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 ```
 
-## boring-sys 4.9.0
+## boring-sys 4.13.0
 
 ```
 /* Copyright (c) 2015, Google Inc.
@@ -2957,7 +2957,7 @@ DEALINGS IN THE SOFTWARE.
 
 ```
 
-## boring-sys 4.9.0
+## boring-sys 4.13.0
 
 ```
 Copyright (c) 2014 Alex Crichton
@@ -3626,7 +3626,7 @@ DEALINGS IN THE SOFTWARE.
 
 ```
 
-## boring-sys 4.9.0
+## boring-sys 4.13.0
 
 ```
 Copyright (c) 2015-2016 the fiat-crypto authors (see
@@ -4165,7 +4165,7 @@ SOFTWARE.
 
 ```
 
-## tokio-boring 4.9.0
+## tokio-boring 4.13.0
 
 ```
 Copyright (c) 2016 Tokio contributors
@@ -5862,6 +5862,31 @@ SOFTWARE.
 
 ```
 
+## openssl-macros 0.1.1
+
+```
+Copyright (c) 2022 Steven Fackler
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+```
+
 ## inout 0.1.3
 
 ```
@@ -7743,7 +7768,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 ```
 
-## boring-sys 4.9.0, ring 0.17.8
+## boring-sys 4.13.0, ring 0.17.8
 
 ```
 /* ====================================================================
diff --git a/acknowledgments/acknowledgments.plist b/acknowledgments/acknowledgments.plist
index f09e7e363..50660ca68 100644
--- a/acknowledgments/acknowledgments.plist
+++ b/acknowledgments/acknowledgments.plist
@@ -2181,7 +2181,7 @@ limitations under the License.
 			<key>License</key>
 			<string>Apache License 2.0</string>
 			<key>Title</key>
-			<string>boring 4.9.0</string>
+			<string>boring 4.13.0</string>
 			<key>Type</key>
 			<string>PSGroupSpecifier</string>
 		</dict>
@@ -2694,7 +2694,7 @@ express Statement of Purpose.
 			<key>License</key>
 			<string>ISC License</string>
 			<key>Title</key>
-			<string>boring-sys 4.9.0</string>
+			<string>boring-sys 4.13.0</string>
 			<key>Type</key>
 			<string>PSGroupSpecifier</string>
 		</dict>
@@ -3135,7 +3135,7 @@ DEALINGS IN THE SOFTWARE.
 			<key>License</key>
 			<string>MIT License</string>
 			<key>Title</key>
-			<string>boring-sys 4.9.0</string>
+			<string>boring-sys 4.13.0</string>
 			<key>Type</key>
 			<string>PSGroupSpecifier</string>
 		</dict>
@@ -3893,7 +3893,7 @@ SOFTWARE.</string>
 			<key>License</key>
 			<string>MIT License</string>
 			<key>Title</key>
-			<string>boring-sys 4.9.0</string>
+			<string>boring-sys 4.13.0</string>
 			<key>Type</key>
 			<string>PSGroupSpecifier</string>
 		</dict>
@@ -4515,7 +4515,7 @@ DEALINGS IN THE SOFTWARE.
 			<key>License</key>
 			<string>MIT License</string>
 			<key>Title</key>
-			<string>tokio-boring 4.9.0</string>
+			<string>tokio-boring 4.13.0</string>
 			<key>Type</key>
 			<string>PSGroupSpecifier</string>
 		</dict>
@@ -6400,6 +6400,35 @@ SOFTWARE.
 			<key>Type</key>
 			<string>PSGroupSpecifier</string>
 		</dict>
+		<dict>
+			<key>FooterText</key>
+			<string>Copyright (c) 2022 Steven Fackler
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the &quot;Software&quot;), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED &quot;AS IS&quot;, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+</string>
+			<key>License</key>
+			<string>MIT License</string>
+			<key>Title</key>
+			<string>openssl-macros 0.1.1</string>
+			<key>Type</key>
+			<string>PSGroupSpecifier</string>
+		</dict>
 		<dict>
 			<key>FooterText</key>
 			<string>Copyright (c) 2022 The RustCrypto Project Developers
@@ -8623,7 +8652,7 @@ SOFTWARE.</string>
 			<key>License</key>
 			<string>OpenSSL License</string>
 			<key>Title</key>
-			<string>boring-sys 4.9.0, ring 0.17.8</string>
+			<string>boring-sys 4.13.0, ring 0.17.8</string>
 			<key>Type</key>
 			<string>PSGroupSpecifier</string>
 		</dict>
diff --git a/rust/attest/src/cert_chain.rs b/rust/attest/src/cert_chain.rs
index 4b16ceeb0..470c9dea3 100644
--- a/rust/attest/src/cert_chain.rs
+++ b/rust/attest/src/cert_chain.rs
@@ -385,14 +385,11 @@ mod test {
     fn trust_store(root: &X509Ref, crl: Option<&X509CRLRef>) -> X509Store {
         let mut store_bldr = X509StoreBuilder::new().expect("Could not allocate x509 store");
         if let Some(crl) = crl {
-            store_bldr
-                .param_mut()
-                .set_flags(
-                    X509VerifyFlags::CRL_CHECK
-                        | X509VerifyFlags::CRL_CHECK_ALL
-                        | X509VerifyFlags::X509_STRICT,
-                )
-                .unwrap();
+            store_bldr.param_mut().set_flags(
+                X509VerifyFlags::CRL_CHECK
+                    | X509VerifyFlags::CRL_CHECK_ALL
+                    | X509VerifyFlags::X509_STRICT,
+            );
             store_bldr.add_crl(crl.to_owned()).unwrap();
         }
         store_bldr.add_cert(root.to_owned()).unwrap();
diff --git a/rust/attest/src/dcap.rs b/rust/attest/src/dcap.rs
index 4f420a842..9d74c0821 100644
--- a/rust/attest/src/dcap.rs
+++ b/rust/attest/src/dcap.rs
@@ -361,14 +361,11 @@ pub(crate) fn from_trusted(
 ) -> Result<X509Store> {
     let build = || -> std::result::Result<X509Store, ErrorStack> {
         let mut store_builder = X509StoreBuilder::new().expect("can make a fresh X509StoreBuilder");
-        store_builder
-            .param_mut()
-            .set_flags(
-                X509VerifyFlags::CRL_CHECK
-                    | X509VerifyFlags::CRL_CHECK_ALL
-                    | X509VerifyFlags::X509_STRICT,
-            )
-            .expect("supports CRL checking flags");
+        store_builder.param_mut().set_flags(
+            X509VerifyFlags::CRL_CHECK
+                | X509VerifyFlags::CRL_CHECK_ALL
+                | X509VerifyFlags::X509_STRICT,
+        );
         store_builder.param_mut().set_time(
             current_time
                 .duration_since(SystemTime::UNIX_EPOCH)

From 0d73a3587707bab55addb2defdd4eaa7f56b11b8 Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Thu, 5 Dec 2024 09:39:38 -0800
Subject: [PATCH 49/57] backup: Validate NotificationProfiles

---
 rust/message-backup/src/backup.rs             |  35 +-
 .../src/backup/chat/chat_style.rs             |  26 +-
 .../backup/expected_serialized_backup.json    |   3 +-
 .../src/backup/notification_profile.rs        | 308 ++++++++++++++++++
 rust/message-backup/src/backup/serialize.rs   |   5 +
 .../src/backup/serialize/unordered_list.rs    |   1 -
 .../tests/res/canonical-backup.expected.json  |   3 +-
 .../canonical-backup.scrambled.expected.json  |   3 +-
 8 files changed, 361 insertions(+), 23 deletions(-)
 create mode 100644 rust/message-backup/src/backup/notification_profile.rs

diff --git a/rust/message-backup/src/backup.rs b/rust/message-backup/src/backup.rs
index 0d20ae44a..1c19c57b5 100644
--- a/rust/message-backup/src/backup.rs
+++ b/rust/message-backup/src/backup.rs
@@ -20,10 +20,11 @@ use crate::backup::frame::{ChatId, RecipientId};
 use crate::backup::map::IntMap;
 use crate::backup::method::{Lookup, LookupPair, Method};
 pub use crate::backup::method::{Store, ValidateOnly};
+use crate::backup::notification_profile::{NotificationProfile, NotificationProfileError};
 use crate::backup::recipient::{
     DestinationKind, FullRecipientData, MinimalRecipientData, RecipientError,
 };
-use crate::backup::serialize::{backup_key_as_hex, SerializeOrder};
+use crate::backup::serialize::{backup_key_as_hex, SerializeOrder, UnorderedList};
 use crate::backup::sticker::{PackId as StickerPackId, StickerPack, StickerPackError};
 use crate::backup::time::{
     ReportUnusualTimestamp, Timestamp, TimestampIssue, UnusualTimestampTracker,
@@ -38,6 +39,7 @@ mod file;
 mod frame;
 mod map;
 pub(crate) mod method;
+mod notification_profile;
 mod recipient;
 pub mod serialize;
 mod sticker;
@@ -94,6 +96,7 @@ pub struct PartialBackup<M: Method + ReferencedTypes> {
     chats: ChatsData<M>,
     ad_hoc_calls: M::List<AdHocCall<M::RecipientReference>>,
     sticker_packs: HashMap<StickerPackId, StickerPack<M>>,
+    notification_profiles: UnorderedList<NotificationProfile<M::RecipientReference>>,
     /// Stored here so PartialBackup can be the only context necessary for processing backup frames.
     unusual_timestamp_tracker: RefCell<UnusualTimestampTracker>,
 }
@@ -106,6 +109,7 @@ pub struct CompletedBackup<M: Method + ReferencedTypes> {
     chats: ChatsData<M>,
     ad_hoc_calls: M::List<AdHocCall<M::RecipientReference>>,
     sticker_packs: HashMap<StickerPackId, StickerPack<M>>,
+    notification_profiles: UnorderedList<NotificationProfile<M::RecipientReference>>,
 }
 
 pub type Backup = CompletedBackup<Store>;
@@ -180,6 +184,7 @@ impl<M: Method + ReferencedTypes> TryFrom<PartialBackup<M>> for CompletedBackup<
             chats,
             ad_hoc_calls,
             sticker_packs,
+            notification_profiles,
             unusual_timestamp_tracker: _,
         } = value;
 
@@ -192,6 +197,7 @@ impl<M: Method + ReferencedTypes> TryFrom<PartialBackup<M>> for CompletedBackup<
             chats,
             ad_hoc_calls,
             sticker_packs,
+            notification_profiles,
         })
     }
 }
@@ -214,6 +220,8 @@ pub enum ValidationError {
     CallError(#[from] CallFrameError),
     /// {0}
     StickerError(#[from] StickerError),
+    /// {0}
+    NotificationProfileError(#[from] NotificationProfileError),
 }
 
 #[derive(Debug, displaydoc::Display, thiserror::Error)]
@@ -401,6 +409,7 @@ impl<M: Method + ReferencedTypes> PartialBackup<M> {
             chats: Default::default(),
             ad_hoc_calls: Default::default(),
             sticker_packs: Default::default(),
+            notification_profiles: Default::default(),
             unusual_timestamp_tracker,
         })
     }
@@ -515,8 +524,10 @@ impl<M: Method + ReferencedTypes> PartialBackup<M> {
 
     fn add_notification_profile(
         &mut self,
-        _notification_profile: proto::NotificationProfile,
+        notification_profile: proto::NotificationProfile,
     ) -> Result<(), ValidationError> {
+        let profile = notification_profile.try_into_with(self)?;
+        self.notification_profiles.0.push(profile);
         Ok(())
     }
 
@@ -707,6 +718,26 @@ pub async fn convert_to_json(
     Ok(array)
 }
 
+pub enum ColorError {
+    NotOpaque(u32),
+}
+
+#[derive(Copy, Clone, Debug, serde::Serialize)]
+#[cfg_attr(test, derive(PartialEq))]
+#[serde(transparent)]
+pub struct Color(u32);
+
+impl TryFrom<u32> for Color {
+    type Error = ColorError;
+
+    fn try_from(value: u32) -> Result<Self, Self::Error> {
+        if value >> 24 != 0xFF {
+            return Err(ColorError::NotOpaque(value));
+        }
+        Ok(Self(value))
+    }
+}
+
 struct InvalidAci;
 
 fn uuid_bytes_to_aci(bytes: Vec<u8>) -> Result<Aci, InvalidAci> {
diff --git a/rust/message-backup/src/backup/chat/chat_style.rs b/rust/message-backup/src/backup/chat/chat_style.rs
index 14952593b..837a8d8b6 100644
--- a/rust/message-backup/src/backup/chat/chat_style.rs
+++ b/rust/message-backup/src/backup/chat/chat_style.rs
@@ -12,7 +12,7 @@ use crate::backup::file::{FilePointer, FilePointerError};
 use crate::backup::method::{Lookup, Method};
 use crate::backup::serialize::{SerializeOrder, UnorderedList};
 use crate::backup::time::ReportUnusualTimestamp;
-use crate::backup::{serialize, ReferencedTypes, TryFromWith, TryIntoWith as _};
+use crate::backup::{serialize, Color, ColorError, ReferencedTypes, TryFromWith, TryIntoWith as _};
 use crate::proto::backup as proto;
 
 #[derive(serde::Serialize)]
@@ -33,22 +33,6 @@ pub enum Wallpaper<M: Method> {
     Photo(M::BoxedValue<FilePointer>),
 }
 
-#[derive(Copy, Clone, Debug, serde::Serialize)]
-#[cfg_attr(test, derive(PartialEq))]
-#[serde(transparent)]
-pub struct Color(u32);
-
-impl TryFrom<u32> for Color {
-    type Error = ChatStyleError;
-
-    fn try_from(value: u32) -> Result<Self, Self::Error> {
-        if value >> 24 != 0xFF {
-            return Err(ChatStyleError::ChatColorNotOpaque(value));
-        }
-        Ok(Self(value))
-    }
-}
-
 #[derive(Debug, serde::Serialize)]
 #[cfg_attr(test, derive(PartialEq))]
 pub struct WallpaperPreset {
@@ -336,6 +320,14 @@ impl From<CustomChatColor> for () {
     fn from(_: CustomChatColor) -> Self {}
 }
 
+impl From<ColorError> for ChatStyleError {
+    fn from(value: ColorError) -> Self {
+        match value {
+            ColorError::NotOpaque(color) => ChatStyleError::ChatColorNotOpaque(color),
+        }
+    }
+}
+
 impl WallpaperPreset {
     fn new(preset: proto::chat_style::WallpaperPreset) -> Option<Self> {
         use proto::chat_style::WallpaperPreset;
diff --git a/rust/message-backup/src/backup/expected_serialized_backup.json b/rust/message-backup/src/backup/expected_serialized_backup.json
index 732041e54..c1b8878bf 100644
--- a/rust/message-backup/src/backup/expected_serialized_backup.json
+++ b/rust/message-backup/src/backup/expected_serialized_backup.json
@@ -66,5 +66,6 @@
   "chats": [],
   "ad_hoc_calls": [],
   "pinned_chats": [],
-  "sticker_packs": []
+  "sticker_packs": [],
+  "notification_profiles": []
 }
\ No newline at end of file
diff --git a/rust/message-backup/src/backup/notification_profile.rs b/rust/message-backup/src/backup/notification_profile.rs
new file mode 100644
index 000000000..3ef17c28f
--- /dev/null
+++ b/rust/message-backup/src/backup/notification_profile.rs
@@ -0,0 +1,308 @@
+//
+// Copyright (C) 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+
+// Silence clippy's complains about private fields used to prevent construction
+// and recommends `#[non_exhaustive]`. The annotation only applies outside this
+// crate, but we want intra-crate privacy.
+#![allow(clippy::manual_non_exhaustive)]
+
+use itertools::Itertools;
+
+use crate::backup::frame::RecipientId;
+use crate::backup::map::IntMap;
+use crate::backup::method::LookupPair;
+use crate::backup::recipient::DestinationKind;
+use crate::backup::serialize::{SerializeOrder, UnorderedList};
+use crate::backup::time::{ReportUnusualTimestamp, Timestamp};
+use crate::backup::{Color, ColorError, TryFromWith};
+use crate::proto::backup as proto;
+
+/// Validated version of [`proto::NotificationProfile`].
+#[derive(Debug, serde::Serialize)]
+#[cfg_attr(test, derive(PartialEq))]
+pub struct NotificationProfile<Recipient> {
+    name: String,
+    emoji: Option<String>,
+    color: Color,
+    created_at: Timestamp,
+    allow_all_calls: bool,
+    allow_all_mentions: bool,
+    enabled: bool,
+    start_time: ClockTime,
+    end_time: ClockTime,
+    days_enabled: UnorderedList<DayOfWeek>,
+    #[serde(bound(serialize = "Recipient: serde::Serialize + SerializeOrder"))]
+    allowed_members: UnorderedList<Recipient>,
+}
+
+#[derive(Debug, thiserror::Error, displaydoc::Display)]
+#[cfg_attr(test, derive(PartialEq))]
+pub enum NotificationProfileError {
+    /// missing name
+    MissingName,
+    /// emoji is present but empty
+    EmojiIsPresentButEmpty,
+    /// color was not opaque (ARGB 0x{0:08X})
+    ColorNotOpaque(u32),
+    /// member {0:?} is unknown
+    UnknownMember(RecipientId),
+    /// member {0:?} appears multiple times
+    DuplicateMember(RecipientId),
+    /// member {0:?} is a {1:?} not a contact or group
+    MemberWrongKind(RecipientId, DestinationKind),
+    /// invalid 24-hour clock time {0:04}
+    InvalidClockTime(u32),
+    /// invalid day of week value {0}
+    InvalidWeekday(i32),
+    /// {0:?} appears twice in enabledDays
+    DuplicateDay(DayOfWeek),
+}
+
+impl<R: Clone, C: LookupPair<RecipientId, DestinationKind, R> + ReportUnusualTimestamp>
+    TryFromWith<proto::NotificationProfile, C> for NotificationProfile<R>
+{
+    type Error = NotificationProfileError;
+    fn try_from_with(item: proto::NotificationProfile, context: &C) -> Result<Self, Self::Error> {
+        let proto::NotificationProfile {
+            name,
+            emoji,
+            color,
+            createdAtMs,
+            allowAllCalls,
+            allowAllMentions,
+            scheduleEnabled,
+            scheduleStartTime,
+            scheduleEndTime,
+            scheduleDaysEnabled,
+            allowedMembers,
+            special_fields: _,
+        } = item;
+
+        if name.is_empty() {
+            return Err(NotificationProfileError::MissingName);
+        }
+
+        if emoji.as_ref().is_some_and(|e| e.is_empty()) {
+            return Err(NotificationProfileError::EmojiIsPresentButEmpty);
+        }
+
+        let color = Color::try_from(color)?;
+
+        let created_at =
+            Timestamp::from_millis(createdAtMs, "NotificationProfile.createdAtMs", context);
+
+        let mut seen_members = IntMap::default();
+        let allowed_members = allowedMembers
+            .into_iter()
+            .map(|id| {
+                let id = RecipientId(id);
+                if seen_members.insert(id, ()).is_some() {
+                    return Err(NotificationProfileError::DuplicateMember(id));
+                }
+                let (kind, recipient) = context
+                    .lookup_pair(&id)
+                    .ok_or(NotificationProfileError::UnknownMember(id))?;
+                match kind {
+                    DestinationKind::Contact | DestinationKind::Group => Ok(recipient.clone()),
+                    DestinationKind::DistributionList
+                    | DestinationKind::Self_
+                    | DestinationKind::ReleaseNotes
+                    | DestinationKind::CallLink => {
+                        Err(NotificationProfileError::MemberWrongKind(id, *kind))
+                    }
+                }
+            })
+            .try_collect()?;
+
+        let start_time = ClockTime::try_from(scheduleStartTime)?;
+        let end_time = ClockTime::try_from(scheduleEndTime)?;
+        // There's no range check here; if endTime <= startTime, the profile is active through the following day.
+
+        let mut days_enabled = vec![];
+        for day in scheduleDaysEnabled {
+            let day = DayOfWeek::try_from(day)?;
+            // This is quadratic, but N is at most 7 in a well-formed backup.
+            if days_enabled.contains(&day) {
+                return Err(NotificationProfileError::DuplicateDay(day));
+            }
+            days_enabled.push(day);
+        }
+
+        Ok(Self {
+            name,
+            emoji,
+            color,
+            created_at,
+            allow_all_calls: allowAllCalls,
+            allow_all_mentions: allowAllMentions,
+            enabled: scheduleEnabled,
+            start_time,
+            end_time,
+            days_enabled: days_enabled.into(),
+            allowed_members,
+        })
+    }
+}
+
+impl<R> SerializeOrder for NotificationProfile<R> {
+    fn serialize_cmp(&self, other: &Self) -> std::cmp::Ordering {
+        self.created_at.cmp(&other.created_at)
+    }
+}
+
+impl From<ColorError> for NotificationProfileError {
+    fn from(value: ColorError) -> Self {
+        match value {
+            ColorError::NotOpaque(color) => NotificationProfileError::ColorNotOpaque(color),
+        }
+    }
+}
+
+#[derive(PartialEq, Eq, PartialOrd, Ord, Debug, serde::Serialize)]
+#[serde(transparent)]
+struct ClockTime(u16);
+
+impl TryFrom<u32> for ClockTime {
+    type Error = NotificationProfileError;
+
+    fn try_from(value: u32) -> Result<Self, Self::Error> {
+        if value >= 2400 {
+            return Err(NotificationProfileError::InvalidClockTime(value));
+        }
+        if value % 100 >= 60 {
+            return Err(NotificationProfileError::InvalidClockTime(value));
+        }
+        Ok(Self(value.try_into().expect("checked upper bound")))
+    }
+}
+
+#[derive(PartialEq, Eq, PartialOrd, Ord, Debug, serde::Serialize)]
+pub enum DayOfWeek {
+    Monday,
+    Tuesday,
+    Wednesday,
+    Thursday,
+    Friday,
+    Saturday,
+    Sunday,
+}
+
+impl TryFrom<protobuf::EnumOrUnknown<proto::notification_profile::DayOfWeek>> for DayOfWeek {
+    type Error = NotificationProfileError;
+
+    fn try_from(
+        value: protobuf::EnumOrUnknown<proto::notification_profile::DayOfWeek>,
+    ) -> Result<Self, Self::Error> {
+        match value.enum_value_or_default() {
+            proto::notification_profile::DayOfWeek::UNKNOWN => {
+                Err(NotificationProfileError::InvalidWeekday(value.value()))
+            }
+            proto::notification_profile::DayOfWeek::MONDAY => Ok(Self::Monday),
+            proto::notification_profile::DayOfWeek::TUESDAY => Ok(Self::Tuesday),
+            proto::notification_profile::DayOfWeek::WEDNESDAY => Ok(Self::Wednesday),
+            proto::notification_profile::DayOfWeek::THURSDAY => Ok(Self::Thursday),
+            proto::notification_profile::DayOfWeek::FRIDAY => Ok(Self::Friday),
+            proto::notification_profile::DayOfWeek::SATURDAY => Ok(Self::Saturday),
+            proto::notification_profile::DayOfWeek::SUNDAY => Ok(Self::Sunday),
+        }
+    }
+}
+
+impl SerializeOrder for DayOfWeek {
+    fn serialize_cmp(&self, other: &Self) -> std::cmp::Ordering {
+        self.cmp(other)
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use test_case::test_case;
+
+    use super::*;
+    use crate::backup::recipient::FullRecipientData;
+    use crate::backup::testutil::TestContext;
+    use crate::backup::time::testutil::MillisecondsSinceEpoch;
+    use crate::backup::TryIntoWith as _;
+
+    impl proto::NotificationProfile {
+        fn test_data() -> Self {
+            Self {
+                name: "Test".into(),
+                emoji: None,
+                color: 0xFFFF0000,
+                createdAtMs: MillisecondsSinceEpoch::TEST_VALUE.0,
+                allowAllCalls: true,
+                allowAllMentions: true,
+                scheduleEnabled: true,
+                scheduleStartTime: 1320,
+                scheduleEndTime: 1320,
+                scheduleDaysEnabled: vec![
+                    proto::notification_profile::DayOfWeek::WEDNESDAY.into(),
+                    proto::notification_profile::DayOfWeek::MONDAY.into(),
+                ],
+                allowedMembers: vec![TestContext::CONTACT_ID.0],
+                ..Default::default()
+            }
+        }
+    }
+
+    #[test]
+    fn valid_notification_profile() {
+        assert_eq!(
+            proto::NotificationProfile::test_data().try_into_with(&TestContext::default()),
+            Ok(NotificationProfile::<FullRecipientData> {
+                name: "Test".into(),
+                emoji: None,
+                color: Color(0xFFFF0000),
+                created_at: Timestamp::test_value(),
+                allow_all_calls: true,
+                allow_all_mentions: true,
+                enabled: true,
+                start_time: ClockTime(1320),
+                end_time: ClockTime(1320),
+                days_enabled: vec![DayOfWeek::Wednesday, DayOfWeek::Monday].into(),
+                allowed_members: vec![TestContext::contact_recipient().clone()].into(),
+            })
+        )
+    }
+
+    #[test_case(|x| x.name = "".into() => Err(NotificationProfileError::MissingName); "empty name")]
+    #[test_case(|x| x.emoji = Some("⭕️".into()) => Ok(()); "emoji allowed")]
+    #[test_case(|x| x.emoji = Some("".into()) => Err(NotificationProfileError::EmojiIsPresentButEmpty); "emoji empty")]
+    #[test_case(|x| x.color = 0 => Err(NotificationProfileError::ColorNotOpaque(0)); "transparent color")]
+    #[test_case(|x| x.scheduleStartTime = 0 => Ok(()); "midnight is zero")]
+    #[test_case(|x| x.scheduleStartTime = 2400 => Err(NotificationProfileError::InvalidClockTime(2400)); "midnight is not 2400")]
+    #[test_case(|x| x.scheduleStartTime = 5000 => Err(NotificationProfileError::InvalidClockTime(5000)); "out of range completely")]
+    #[test_case(|x| x.scheduleStartTime = 1170 => Err(NotificationProfileError::InvalidClockTime(1170)); "bad minutes")]
+    #[test_case(|x| x.scheduleEndTime = 1170 => Err(NotificationProfileError::InvalidClockTime(1170)); "endTime is also checked")]
+    #[test_case(|x| x.scheduleDaysEnabled = vec![] => Ok(()); "no days selected")]
+    #[test_case(|x| {
+        x.scheduleDaysEnabled = vec![
+            proto::notification_profile::DayOfWeek::WEDNESDAY.into(),
+            proto::notification_profile::DayOfWeek::UNKNOWN.into(),
+        ];
+    } => Err(NotificationProfileError::InvalidWeekday(0)); "invalid weekday")]
+    #[test_case(|x| {
+        x.scheduleDaysEnabled = vec![
+            proto::notification_profile::DayOfWeek::WEDNESDAY.into(),
+            proto::notification_profile::DayOfWeek::MONDAY.into(),
+            proto::notification_profile::DayOfWeek::MONDAY.into(),
+        ];
+    } => Err(NotificationProfileError::DuplicateDay(DayOfWeek::Monday)); "duplicate weekday")]
+    #[test_case(|x| x.allowedMembers = vec![] => Ok(()); "no member exceptions selected")]
+    #[test_case(|x| x.allowedMembers = vec![TestContext::SELF_ID.0] => Err(NotificationProfileError::MemberWrongKind(TestContext::SELF_ID, DestinationKind::Self_)); "cannot include Self")]
+    #[test_case(|x| x.allowedMembers = vec![TestContext::CONTACT_ID.0, TestContext::CONTACT_ID.0] => Err(NotificationProfileError::DuplicateMember(TestContext::CONTACT_ID)); "cannot include duplicates")]
+    #[test_case(|x| x.allowedMembers = vec![1000] => Err(NotificationProfileError::UnknownMember(RecipientId(1000))); "unknown member")]
+    fn profile(
+        mutator: fn(&mut proto::NotificationProfile),
+    ) -> Result<(), NotificationProfileError> {
+        let mut profile = proto::NotificationProfile::test_data();
+        mutator(&mut profile);
+
+        profile
+            .try_into_with(&TestContext::default())
+            .map(|_: NotificationProfile<FullRecipientData>| ())
+    }
+}
diff --git a/rust/message-backup/src/backup/serialize.rs b/rust/message-backup/src/backup/serialize.rs
index 6f06399fc..95fd6efd2 100644
--- a/rust/message-backup/src/backup/serialize.rs
+++ b/rust/message-backup/src/backup/serialize.rs
@@ -16,6 +16,7 @@ use crate::backup::chat::text::{TextEffect, TextRange};
 use crate::backup::chat::{ChatData, OutgoingSend};
 use crate::backup::frame::RecipientId;
 use crate::backup::method::Store;
+use crate::backup::notification_profile::NotificationProfile;
 use crate::backup::recipient::{DistributionListItem, FullRecipientData};
 use crate::backup::sticker::{PackId as StickerPackId, StickerPack};
 use crate::backup::{BackupMeta, ChatsData, CompletedBackup};
@@ -34,6 +35,7 @@ pub struct Backup {
     ad_hoc_calls: UnorderedList<AdHocCall<FullRecipientData>>,
     pinned_chats: Vec<FullRecipientData>,
     sticker_packs: UnorderedList<(StickerPackId, StickerPack<Store>)>,
+    notification_profiles: UnorderedList<NotificationProfile<FullRecipientData>>,
 }
 
 impl Backup {
@@ -57,6 +59,7 @@ impl From<CompletedBackup<Store>> for Backup {
                 },
             ad_hoc_calls,
             sticker_packs,
+            notification_profiles,
         } = value;
         Self {
             meta,
@@ -66,6 +69,7 @@ impl From<CompletedBackup<Store>> for Backup {
             ad_hoc_calls: ad_hoc_calls.into_iter().collect(),
             pinned_chats: pinned.into_iter().map(|(_, data)| data).collect(),
             sticker_packs: sticker_packs.into_iter().collect(),
+            notification_profiles: notification_profiles.into_iter().collect(),
         }
     }
 }
@@ -435,6 +439,7 @@ mod test {
             ad_hoc_calls: UnorderedList::default(),
             pinned_chats: Vec::default(),
             sticker_packs: UnorderedList::default(),
+            notification_profiles: UnorderedList::default(),
         };
 
         const EXPECTED_JSON: &str = include_str!("expected_serialized_backup.json");
diff --git a/rust/message-backup/src/backup/serialize/unordered_list.rs b/rust/message-backup/src/backup/serialize/unordered_list.rs
index 1ac33f7db..86ef24c33 100644
--- a/rust/message-backup/src/backup/serialize/unordered_list.rs
+++ b/rust/message-backup/src/backup/serialize/unordered_list.rs
@@ -54,7 +54,6 @@ impl<T> UnorderedList<T> {
     }
 }
 
-#[cfg(test)]
 impl<T> From<Vec<T>> for UnorderedList<T> {
     fn from(value: Vec<T>) -> Self {
         Self(value)
diff --git a/rust/message-backup/tests/res/canonical-backup.expected.json b/rust/message-backup/tests/res/canonical-backup.expected.json
index 886b4462d..f379ad281 100644
--- a/rust/message-backup/tests/res/canonical-backup.expected.json
+++ b/rust/message-backup/tests/res/canonical-backup.expected.json
@@ -73,5 +73,6 @@
   "chats": [],
   "ad_hoc_calls": [],
   "pinned_chats": [],
-  "sticker_packs": []
+  "sticker_packs": [],
+  "notification_profiles": []
 }
\ No newline at end of file
diff --git a/rust/message-backup/tests/res/canonical-backup.scrambled.expected.json b/rust/message-backup/tests/res/canonical-backup.scrambled.expected.json
index 14435d47e..932467111 100644
--- a/rust/message-backup/tests/res/canonical-backup.scrambled.expected.json
+++ b/rust/message-backup/tests/res/canonical-backup.scrambled.expected.json
@@ -73,5 +73,6 @@
   "chats": [],
   "ad_hoc_calls": [],
   "pinned_chats": [],
-  "sticker_packs": []
+  "sticker_packs": [],
+  "notification_profiles": []
 }
\ No newline at end of file

From 706f7ea91a147713b62cde93b5bec77ff9ceab69 Mon Sep 17 00:00:00 2001
From: moiseev-signal <122060238+moiseev-signal@users.noreply.github.com>
Date: Thu, 5 Dec 2024 10:20:33 -0800
Subject: [PATCH 50/57] keytrans: Implement monitor API

---
 rust/keytrans/src/lib.rs           |  28 +-
 rust/keytrans/src/proto/chat.proto |  27 ++
 rust/keytrans/src/verify.rs        |   4 +-
 rust/net/src/keytrans.rs           | 425 ++++++++++++++++++++++++++---
 4 files changed, 444 insertions(+), 40 deletions(-)

diff --git a/rust/keytrans/src/lib.rs b/rust/keytrans/src/lib.rs
index b39c45db6..c3c360871 100644
--- a/rust/keytrans/src/lib.rs
+++ b/rust/keytrans/src/lib.rs
@@ -20,7 +20,8 @@ use std::time::SystemTime;
 
 pub use ed25519_dalek::VerifyingKey;
 pub use proto::{
-    CondensedTreeSearchResponse, DistinguishedResponse as ChatDistinguishedResponse, FullTreeHead,
+    ChatMonitorResponse, CondensedTreeSearchResponse,
+    DistinguishedResponse as ChatDistinguishedResponse, FullTreeHead, MonitorKey, MonitorProof,
     MonitorRequest, MonitorResponse, SearchResponse as ChatSearchResponse, StoredAccountData,
     StoredMonitoringData, StoredTreeHead, TreeHead, UpdateRequest, UpdateResponse,
 };
@@ -83,8 +84,8 @@ pub struct SearchContext<'a> {
 
 #[derive(Default, Debug)]
 pub struct MonitorContext {
-    last_tree_head: Option<LastTreeHead>,
-    data: HashMap<Vec<u8>, MonitoringData>,
+    pub last_tree_head: Option<LastTreeHead>,
+    pub data: HashMap<Vec<u8>, MonitoringData>,
 }
 
 #[derive(Clone, Debug)]
@@ -122,7 +123,7 @@ pub struct LocalStateUpdate<T> {
 }
 
 pub type SearchStateUpdate = LocalStateUpdate<Option<MonitoringData>>;
-pub type MonitorStateUpdate = LocalStateUpdate<Vec<(Vec<u8>, MonitoringData)>>;
+pub type MonitorStateUpdate = LocalStateUpdate<HashMap<Vec<u8>, MonitoringData>>;
 
 /// PublicConfig wraps the cryptographic keys needed to interact with a
 /// transparency tree.
@@ -302,7 +303,7 @@ impl From<StoredMonitoringData> for MonitoringData {
 }
 
 // An in-memory representation of the StoredAccountData with correct optionality of the fields
-#[derive(Debug, Clone)]
+#[derive(Debug, Clone, PartialEq)]
 pub struct AccountData {
     pub aci: MonitoringData,
     pub e164: Option<MonitoringData>,
@@ -333,3 +334,20 @@ impl TryFrom<StoredAccountData> for AccountData {
         })
     }
 }
+
+impl From<AccountData> for StoredAccountData {
+    fn from(acc: AccountData) -> Self {
+        let AccountData {
+            aci,
+            e164,
+            username_hash,
+            last_tree_head,
+        } = acc;
+        Self {
+            aci: Some(aci.into()),
+            e164: e164.map(StoredMonitoringData::from),
+            username_hash: username_hash.map(StoredMonitoringData::from),
+            last_tree_head: Some(last_tree_head.into()),
+        }
+    }
+}
diff --git a/rust/keytrans/src/proto/chat.proto b/rust/keytrans/src/proto/chat.proto
index d50336054..f834f9b12 100644
--- a/rust/keytrans/src/proto/chat.proto
+++ b/rust/keytrans/src/proto/chat.proto
@@ -53,3 +53,30 @@ message DistinguishedResponse {
    */
   CondensedTreeSearchResponse distinguished = 2;
 }
+
+message ChatMonitorResponse {
+  /**
+   * A signed representation of the log tree's current state along with some
+   * additional information necessary for validation such as a consistency proof and an auditor-signed tree head.
+   */
+  FullTreeHead tree_head = 1;
+  /**
+   * A proof that the MonitorRequest's ACI continues to be constructed correctly in later entries of the log tree.
+   */
+  MonitorProof aci = 2;
+  /**
+   * A proof that the username hash continues to be constructed correctly in later entries of the log tree.
+   * Will be absent if the request did not include a UsernameHashMonitorRequest.
+   */
+  optional MonitorProof username_hash = 3;
+  /**
+   * A proof that the e164 continues to be constructed correctly in later entries of the log tree.
+   * Will be absent if the request did not include a E164MonitorRequest.
+   */
+  optional MonitorProof e164 = 4;
+  /**
+   * A batch inclusion proof that the log entries involved in the binary search for each of the entries
+   * being monitored in the request are included in the current log tree.
+   */
+  repeated bytes inclusion = 5;
+}
diff --git a/rust/keytrans/src/verify.rs b/rust/keytrans/src/verify.rs
index 078d4979f..f2cbdc30f 100644
--- a/rust/keytrans/src/verify.rs
+++ b/rust/keytrans/src/verify.rs
@@ -603,7 +603,7 @@ pub fn verify_monitor<'a>(
 
     let MonitorRequest { keys, consistency } = req;
 
-    let mut data_updates = Vec::with_capacity(keys.len());
+    let mut data_updates = HashMap::with_capacity(keys.len());
     // Update monitoring data.
     for (key, entry) in keys.iter().zip(mpa.entries.iter()) {
         let size = if key.search_key == b"distinguished" {
@@ -627,7 +627,7 @@ pub fn verify_monitor<'a>(
         mdw.update(size, entry)?;
 
         if let Some(data_update) = mdw.into_data_update() {
-            data_updates.push((key.search_key.clone(), data_update));
+            data_updates.insert(key.search_key.clone(), data_update);
         }
     }
 
diff --git a/rust/net/src/keytrans.rs b/rust/net/src/keytrans.rs
index a7927dbb9..712c46b4b 100644
--- a/rust/net/src/keytrans.rs
+++ b/rust/net/src/keytrans.rs
@@ -4,6 +4,7 @@
 //
 
 use std::borrow::Cow;
+use std::collections::HashMap;
 use std::fmt::{Debug, Formatter};
 use std::sync::Arc;
 use std::time::{Duration, SystemTime};
@@ -15,8 +16,9 @@ use http::header::{ACCEPT, CONTENT_TYPE};
 use http::uri::PathAndQuery;
 use libsignal_core::{Aci, E164};
 use libsignal_keytrans::{
-    AccountData, ChatDistinguishedResponse, ChatSearchResponse, CondensedTreeSearchResponse,
-    FullSearchResponse, FullTreeHead, KeyTransparency, LastTreeHead, LocalStateUpdate,
+    AccountData, ChatDistinguishedResponse, ChatMonitorResponse, ChatSearchResponse,
+    CondensedTreeSearchResponse, FullSearchResponse, FullTreeHead, KeyTransparency, LastTreeHead,
+    LocalStateUpdate, MonitorContext, MonitorKey, MonitorProof, MonitorRequest, MonitorResponse,
     MonitoringData, SearchContext, SearchStateUpdate, SlimSearchRequest, StoredAccountData,
     StoredMonitoringData, StoredTreeHead, VerifiedSearchResult,
 };
@@ -29,7 +31,7 @@ use crate::chat::{self, Chat, ChatServiceWithDebugInfo};
 
 const SEARCH_PATH: &str = "/v1/key-transparency/search";
 const DISTINGUISHED_PATH: &str = "/v1/key-transparency/distinguished";
-// const MONITOR_PATH: &str = "/v1/key-transparency/monitor";
+const MONITOR_PATH: &str = "/v1/key-transparency/monitor";
 
 const MIME_TYPE: &str = "application/json";
 
@@ -94,7 +96,7 @@ impl From<RawChatSearchRequest> for chat::Request {
 #[derive(Deserialize, Debug)]
 #[serde(rename_all = "camelCase")]
 struct RawChatSerializedResponse {
-    serialized_response: Option<String>,
+    serialized_response: String,
 }
 
 impl TryFrom<chat::Response> for RawChatSerializedResponse {
@@ -109,36 +111,36 @@ impl TryFrom<chat::Response> for RawChatSerializedResponse {
 }
 
 // Differs from [`ChatSearchResponse`] by establishing proper optionality of fields.
-struct TypedChatSearchResponse {
+struct TypedSearchResponse {
     full_tree_head: FullTreeHead,
     aci_search_response: CondensedTreeSearchResponse,
     e164_search_response: Option<CondensedTreeSearchResponse>,
     username_hash_search_response: Option<CondensedTreeSearchResponse>,
 }
 
-impl TryFrom<RawChatSerializedResponse> for TypedChatSearchResponse {
-    type Error = Error;
-
-    fn try_from(raw: RawChatSerializedResponse) -> Result<Self> {
+impl TypedSearchResponse {
+    fn from_untyped(
+        require_e164: bool,
+        require_username_hash: bool,
+        response: ChatSearchResponse,
+    ) -> Result<Self> {
+        if require_e164 != response.e164.is_some()
+            || require_username_hash != response.username_hash.is_some()
+        {
+            return Err(Error::InvalidResponse(
+                "request/response optionality mismatch",
+            ));
+        }
         let ChatSearchResponse {
             tree_head,
             aci,
             e164,
             username_hash,
-        } = raw
-            .serialized_response
-            .ok_or(Error::InvalidResponse("serializedResponse is missing"))
-            .and_then(decode_response)?;
-
-        let tree_head = tree_head.ok_or(Error::InvalidResponse("must contain the tree head"))?;
-
-        let aci_search_response = aci.ok_or(Error::InvalidResponse(
-            "must contain the ACI search response",
-        ))?;
-
+        } = response;
         Ok(Self {
-            full_tree_head: tree_head,
-            aci_search_response,
+            full_tree_head: tree_head.ok_or(Error::InvalidResponse("missing tree head"))?,
+            aci_search_response: aci
+                .ok_or(Error::InvalidResponse("missing ACI search response"))?,
             e164_search_response: e164,
             username_hash_search_response: username_hash,
         })
@@ -225,13 +227,140 @@ impl From<RawChatDistinguishedRequest> for chat::Request {
     }
 }
 
-impl TryFrom<RawChatSerializedResponse> for ChatDistinguishedResponse {
-    type Error = Error;
+#[derive(Serialize)]
+#[serde(rename_all = "camelCase")]
+struct ValueMonitor {
+    value: String,
+    positions: Vec<u64>,
+    commitment_index: String,
+}
+
+impl ValueMonitor {
+    fn new(value: String, positions: Vec<u64>, commitment_index: &[u8]) -> Self {
+        Self {
+            value,
+            positions,
+            commitment_index: BASE64_STANDARD_NO_PAD.encode(commitment_index),
+        }
+    }
+
+    fn for_aci(aci: &Aci, positions: Vec<u64>, commitment_index: &[u8]) -> Self {
+        Self::new(aci.as_chat_value(), positions, commitment_index)
+    }
+
+    fn for_e164(e164: E164, positions: Vec<u64>, commitment_index: &[u8]) -> Self {
+        Self::new(e164.as_chat_value(), positions, commitment_index)
+    }
+
+    fn for_username_hash(
+        username_hash: &UsernameHash,
+        positions: Vec<u64>,
+        commitment_index: &[u8],
+    ) -> Self {
+        Self::new(username_hash.as_chat_value(), positions, commitment_index)
+    }
+}
+
+#[derive(Serialize)]
+#[serde(rename_all = "camelCase")]
+struct RawChatMonitorRequest {
+    aci: ValueMonitor,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    e164: Option<ValueMonitor>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    username_hash: Option<ValueMonitor>,
+    last_non_distinguished_tree_head_size: u64,
+    last_distinguished_tree_head_size: u64,
+}
 
-    fn try_from(raw: RawChatSerializedResponse) -> Result<Self> {
-        raw.serialized_response
-            .ok_or(Error::InvalidResponse("required field is missing"))
-            .and_then(decode_response)
+impl From<RawChatMonitorRequest> for chat::Request {
+    fn from(request: RawChatMonitorRequest) -> Self {
+        Self {
+            method: http::Method::POST,
+            body: Some(serde_json::to_vec(&request).unwrap().into_boxed_slice()),
+            headers: common_headers(),
+            path: PathAndQuery::from_static(MONITOR_PATH),
+        }
+    }
+}
+
+impl RawChatMonitorRequest {
+    fn new(
+        aci: &Aci,
+        e164: Option<E164>,
+        username_hash: &Option<UsernameHash<'_>>,
+        account_data: &AccountData,
+        distinguished_tree_head_size: u64,
+    ) -> Result<Self> {
+        let last_non_distinguished_tree_head_size = account_data.last_tree_head.0.tree_size;
+
+        if e164.is_some() != account_data.e164.is_some()
+            || username_hash.is_some() != account_data.username_hash.is_some()
+        {
+            return Err(Error::InvalidRequest(
+                "account data does not match the monitor request",
+            ));
+        }
+
+        Ok(Self {
+            aci: ValueMonitor::for_aci(aci, account_data.aci.entries(), &account_data.aci.index),
+            e164: e164.map(|e164| {
+                ValueMonitor::for_e164(
+                    e164,
+                    account_data.e164.as_ref().unwrap().entries(),
+                    &account_data.e164.as_ref().unwrap().index,
+                )
+            }),
+            username_hash: username_hash.as_ref().map(|unh| {
+                ValueMonitor::for_username_hash(
+                    unh,
+                    account_data.username_hash.as_ref().unwrap().entries(),
+                    &account_data.username_hash.as_ref().unwrap().index,
+                )
+            }),
+            last_non_distinguished_tree_head_size,
+            last_distinguished_tree_head_size: distinguished_tree_head_size,
+        })
+    }
+}
+
+// Same as ChatMonitorResponse, only with the right optionality of fields
+#[derive(Clone, Debug)]
+struct TypedMonitorResponse {
+    tree_head: FullTreeHead,
+    aci: MonitorProof,
+    e164: Option<MonitorProof>,
+    username_hash: Option<MonitorProof>,
+    inclusion: Vec<Vec<u8>>,
+}
+
+impl TypedMonitorResponse {
+    fn from_untyped(
+        require_e164: bool,
+        require_username_hash: bool,
+        response: ChatMonitorResponse,
+    ) -> Result<Self> {
+        if require_e164 != response.e164.is_some()
+            || require_username_hash != response.username_hash.is_some()
+        {
+            return Err(Error::InvalidResponse(
+                "request/response optionality mismatch",
+            ));
+        }
+        let ChatMonitorResponse {
+            tree_head,
+            aci,
+            username_hash,
+            e164,
+            inclusion,
+        } = response;
+        Ok(Self {
+            tree_head: tree_head.ok_or(Error::InvalidResponse("missing tree head"))?,
+            aci: aci.ok_or(Error::InvalidResponse("missing ACI monitor proof"))?,
+            e164,
+            username_hash,
+            inclusion,
+        })
     }
 }
 
@@ -278,10 +407,10 @@ impl ChatSearchContext {
             Some(head.tree_size)
         }
         RawChatSearchRequest {
-            aci: aci.service_id_string(),
+            aci: aci.as_chat_value(),
             aci_identity_key: BASE64_STANDARD.encode(aci_identity_key.serialize()),
-            e164: e164.map(|x| x.0.to_string()),
-            username_hash: username_hash.map(|x| BASE64_URL_SAFE_NO_PAD.encode(x.as_ref())),
+            e164: e164.map(|x| x.0.as_chat_value()),
+            username_hash: username_hash.map(|x| x.as_chat_value()),
             unidentified_access_key: e164.map(|x| BASE64_STANDARD.encode(&x.1)),
             last_tree_head_size: self.account_data.as_ref().and_then(get_tree_size),
             distinguished_tree_head_size: self.distinguished_tree_head_size,
@@ -329,7 +458,10 @@ impl<'a> Kt<'a> {
         let response = self.send(raw_request.into()).await?;
 
         let chat_search_response = RawChatSerializedResponse::try_from(response)
-            .and_then(TypedChatSearchResponse::try_from)?;
+            .and_then(|r| decode_response(r.serialized_response))
+            .and_then(|r| {
+                TypedSearchResponse::from_untyped(e164.is_some(), username_hash.is_some(), r)
+            })?;
 
         let ChatSearchContext {
             account_data: stored_account_data,
@@ -467,7 +599,7 @@ impl<'a> Kt<'a> {
             tree_head,
             distinguished,
         } = RawChatSerializedResponse::try_from(response)
-            .and_then(ChatDistinguishedResponse::try_from)?;
+            .and_then(|r| decode_response(r.serialized_response))?;
 
         let tree_head = tree_head.ok_or(Error::InvalidResponse("tree head must be present"))?;
         let condensed_response =
@@ -489,6 +621,141 @@ impl<'a> Kt<'a> {
         Ok(verified_result.state_update)
     }
 
+    pub async fn monitor(
+        &self,
+        aci: Aci,
+        e164: Option<E164>,
+        username_hash: Option<UsernameHash<'a>>,
+        account_data: AccountData,
+        distinguished_tree_head_size: u64,
+    ) -> Result<AccountData> {
+        let raw_request = RawChatMonitorRequest::new(
+            &aci,
+            e164,
+            &username_hash,
+            &account_data,
+            distinguished_tree_head_size,
+        )?;
+        let response = self.send(raw_request.into()).await?;
+
+        let chat_monitor_response = RawChatSerializedResponse::try_from(response)
+            .and_then(|r| decode_response(r.serialized_response))
+            .and_then(|r| {
+                TypedMonitorResponse::from_untyped(e164.is_some(), username_hash.is_some(), r)
+            })?;
+
+        let now = SystemTime::now();
+
+        let updated_account_data = {
+            let AccountData {
+                aci: aci_monitoring_data,
+                e164: e164_monitoring_data,
+                username_hash: username_hash_monitoring_data,
+                last_tree_head,
+            } = account_data;
+
+            let mut monitor_keys = Vec::with_capacity(3);
+            let mut proofs = Vec::with_capacity(3);
+            let mut monitoring_data_map = HashMap::with_capacity(3);
+
+            let aci_monitor_key = MonitorKey {
+                search_key: aci.as_search_key(),
+                entries: aci_monitoring_data.entries(),
+                commitment_index: aci_monitoring_data.index.to_vec(),
+            };
+            monitor_keys.push(aci_monitor_key);
+            proofs.push(chat_monitor_response.aci);
+            monitoring_data_map.insert(aci.as_search_key(), aci_monitoring_data.clone());
+
+            if let Some(e164) = e164 {
+                let monitoring_data = e164_monitoring_data
+                    .ok_or(Error::InvalidRequest("missing E.164 monitoring data"))?;
+                let key = MonitorKey {
+                    search_key: e164.as_search_key(),
+                    entries: monitoring_data.entries(),
+                    commitment_index: monitoring_data.index.to_vec(),
+                };
+                monitor_keys.push(key);
+
+                // The proof must be present. Checked in TypedMonitorResponse::from_untyped
+                proofs.push(chat_monitor_response.e164.unwrap());
+                monitoring_data_map.insert(e164.as_search_key(), monitoring_data);
+            }
+
+            if let Some(username_hash) = username_hash.clone() {
+                let monitoring_data = username_hash_monitoring_data.ok_or(
+                    Error::InvalidRequest("missing username hash monitoring data"),
+                )?;
+                let key = MonitorKey {
+                    search_key: username_hash.as_search_key().to_vec(),
+                    entries: monitoring_data.entries(),
+                    commitment_index: monitoring_data.index.to_vec(),
+                };
+                monitor_keys.push(key);
+                // The proof must be present. Checked in TypedMonitorResponse::from_untyped
+                proofs.push(chat_monitor_response.username_hash.unwrap());
+                monitoring_data_map.insert(username_hash.as_search_key(), monitoring_data);
+            }
+
+            // We are using a single monitor request/response pair for all the possible keys
+            let monitor_request = MonitorRequest {
+                keys: monitor_keys,
+                // Consistency is only used to verify "distinguished" search key
+                consistency: None,
+            };
+
+            let monitor_response = MonitorResponse {
+                tree_head: Some(chat_monitor_response.tree_head.clone()),
+                proofs,
+                inclusion: chat_monitor_response.inclusion,
+            };
+
+            let monitor_context = MonitorContext {
+                last_tree_head: Some(last_tree_head),
+                data: monitoring_data_map,
+            };
+
+            let verified = self.inner.verify_monitor(
+                &monitor_request,
+                &monitor_response,
+                monitor_context,
+                now,
+            )?;
+
+            let LocalStateUpdate {
+                tree_head,
+                tree_root,
+                mut monitoring_data,
+            } = verified;
+
+            let mut take_data = move |search_key: &[u8], err_message: &'static str| {
+                monitoring_data
+                    .remove(search_key)
+                    .ok_or(Error::InvalidResponse(err_message))
+            };
+
+            AccountData {
+                aci: take_data(&aci.as_search_key(), "ACI monitoring data is missing")?,
+                e164: e164
+                    .map(|e164| {
+                        take_data(&e164.as_search_key(), "E.164 monitoring data is missing")
+                    })
+                    .transpose()?,
+                username_hash: username_hash
+                    .map(|username_hash| {
+                        take_data(
+                            &username_hash.as_search_key(),
+                            "username hash monitoring data is missing",
+                        )
+                    })
+                    .transpose()?,
+                last_tree_head: (tree_head, tree_root),
+            }
+        };
+
+        Ok(updated_account_data)
+    }
+
     fn do_verify_search(
         &self,
         search_key: Vec<u8>,
@@ -525,6 +792,13 @@ const SEARCH_KEY_PREFIX_ACI: &[u8] = b"a";
 const SEARCH_KEY_PREFIX_E164: &[u8] = b"n";
 const SEARCH_KEY_PREFIX_USERNAME_HASH: &[u8] = b"u";
 
+/// Representation of an object as "search key" aligned with conversion
+/// performed by the chat server.
+///
+/// Search keys from the Key Transparency server perspective are just arrays of
+/// bytes, therefore in order to distinguish them and avoid (highly unlikely)
+/// clashes Chat server adds unique prefixes to keys representing ACIs, E.164's,
+/// and username hashes.
 pub trait SearchKey {
     fn as_search_key(&self) -> Vec<u8>;
 }
@@ -541,6 +815,7 @@ impl SearchKey for E164 {
     }
 }
 
+/// Type-safe wrapper for a byte slice representing username hash.
 #[derive(Clone)]
 pub struct UsernameHash<'a>(Cow<'a, [u8]>);
 
@@ -590,6 +865,29 @@ impl SearchKey for UsernameHash<'_> {
     }
 }
 
+/// String representation of a value to be sent in chat server JSON requests.
+trait AsChatValue {
+    fn as_chat_value(&self) -> String;
+}
+
+impl AsChatValue for Aci {
+    fn as_chat_value(&self) -> String {
+        self.service_id_string()
+    }
+}
+
+impl AsChatValue for E164 {
+    fn as_chat_value(&self) -> String {
+        self.to_string()
+    }
+}
+
+impl AsChatValue for UsernameHash<'_> {
+    fn as_chat_value(&self) -> String {
+        BASE64_URL_SAFE_NO_PAD.encode(self.as_ref())
+    }
+}
+
 #[cfg(test)]
 mod test {
     use assert_matches::assert_matches;
@@ -662,6 +960,7 @@ mod test {
     #[tokio::test]
     #[test_case(false, false; "ACI")]
     #[test_case(false, true; "ACI + E164")]
+    #[test_case(true, false; "ACI + Username Hash")]
     #[test_case(true, true; "ACI + E164 + Username Hash")]
     async fn search_permutations_integration_test(use_e164: bool, use_username_hash: bool) {
         if std::env::var("LIBSIGNAL_TESTING_RUN_NONHERMETIC_TESTS").is_err() {
@@ -722,4 +1021,64 @@ mod test {
         let result = kt.distinguished(None).await;
         assert_matches!(result, Ok( LocalStateUpdate {tree_head, ..}) => assert_ne!(tree_head.tree_size, 0));
     }
+
+    #[tokio::test]
+    #[test_case(false, false; "ACI")]
+    #[test_case(false, true; "ACI + E164")]
+    #[test_case(true, false; "ACI + Username Hash")]
+    #[test_case(true, true; "ACI + E164 + Username Hash")]
+    async fn monitor_permutations_integration_test(use_e164: bool, use_username_hash: bool) {
+        if std::env::var("LIBSIGNAL_TESTING_RUN_NONHERMETIC_TESTS").is_err() {
+            println!("SKIPPED: running integration tests is not enabled");
+            return;
+        }
+        let chat = make_chat().await;
+        let kt = make_kt(&chat);
+
+        let aci = Aci::from(test_account::ACI);
+        let e164 = test_account::PHONE_NUMBER;
+        let username_hash = UsernameHash(Cow::Borrowed(test_account::USERNAME_HASH));
+
+        let (account_data, distinguished_tree_size) = {
+            let aci_identity_key = PublicKey::deserialize(test_account::ACI_IDENTITY_KEY_BYTES)
+                .expect("valid key bytes");
+
+            let e164 = (e164, test_account::UNIDENTIFIED_ACCESS_KEY.to_vec());
+
+            let distinguished_tree_head_size = kt
+                .distinguished(None)
+                .await
+                .expect("can get distinguished tree")
+                .tree_head
+                .tree_size;
+
+            let result = kt
+                .search(
+                    &aci,
+                    &aci_identity_key,
+                    use_e164.then_some(e164),
+                    use_username_hash.then_some(username_hash.clone()),
+                    ChatSearchContext {
+                        account_data: None,
+                        distinguished_tree_head_size,
+                    },
+                )
+                .await
+                .expect("can search");
+            let account_data =
+                AccountData::try_from(result.account_data).expect("valid account data");
+            (account_data, distinguished_tree_head_size)
+        };
+
+        let result = kt
+            .monitor(
+                aci,
+                use_e164.then_some(e164),
+                use_username_hash.then_some(username_hash),
+                account_data.clone(),
+                distinguished_tree_size,
+            )
+            .await;
+        assert_matches!(result, Ok(updated) => assert_eq!(&updated, &account_data));
+    }
 }

From fc5b786fb72e4f774b8f0e2beee57973bbbd72a3 Mon Sep 17 00:00:00 2001
From: moiseev-signal <122060238+moiseev-signal@users.noreply.github.com>
Date: Thu, 5 Dec 2024 15:51:00 -0800
Subject: [PATCH 51/57] keytrans: Remove ChatSearchContext type

---
 .../libsignal/net/KeyTransparencyClient.java  | 37 ++------
 .../org/signal/libsignal/internal/Native.java |  5 +-
 rust/bridge/shared/src/net/keytrans.rs        | 44 +++++-----
 rust/bridge/shared/types/src/keytrans.rs      |  3 +-
 rust/net/src/keytrans.rs                      | 85 ++++++++-----------
 5 files changed, 65 insertions(+), 109 deletions(-)

diff --git a/java/client/src/main/java/org/signal/libsignal/net/KeyTransparencyClient.java b/java/client/src/main/java/org/signal/libsignal/net/KeyTransparencyClient.java
index 4e06fd69e..b23b79584 100644
--- a/java/client/src/main/java/org/signal/libsignal/net/KeyTransparencyClient.java
+++ b/java/client/src/main/java/org/signal/libsignal/net/KeyTransparencyClient.java
@@ -7,7 +7,6 @@
 
 import java.util.Optional;
 import org.signal.libsignal.internal.CompletableFuture;
-import org.signal.libsignal.internal.FilterExceptions;
 import org.signal.libsignal.internal.Native;
 import org.signal.libsignal.internal.NativeHandleGuard;
 import org.signal.libsignal.keytrans.SearchResult;
@@ -85,14 +84,12 @@ public CompletableFuture<SearchResult> search(
                   this.search(
                       aci, aciIdentityKey, e164, unidentifiedAccessKey, usernameHash, store));
     }
-    // Decoding of the last distinguished tree head happens "eagerly" while constructing the
-    // SearchContext. It may result in an IllegalArgumentError.
-    SearchContext searchContext =
-        new SearchContext(store.getAccountData(aci).orElse(null), lastDistinguishedTreeHead.get());
+    // Decoding of the last distinguished tree head happens "eagerly" before making any network
+    // requests.
+    // It may result in an IllegalArgumentException.
     try (NativeHandleGuard tokioContextGuard = this.tokioAsyncContext.guard();
         NativeHandleGuard chatGuard = chat.guard();
-        NativeHandleGuard identityKeyGuard = aciIdentityKey.getPublicKey().guard();
-        NativeHandleGuard searchContextGuard = searchContext.guard()) {
+        NativeHandleGuard identityKeyGuard = aciIdentityKey.getPublicKey().guard()) {
       return Native.KeyTransparency_Search(
               tokioContextGuard.nativeHandle(),
               chat.environment.value,
@@ -102,7 +99,8 @@ public CompletableFuture<SearchResult> search(
               e164,
               unidentifiedAccessKey,
               usernameHash,
-              searchContextGuard.nativeHandle())
+              store.getAccountData(aci).orElse(null),
+              lastDistinguishedTreeHead.get())
           .thenApply(
               (handle) -> {
                 SearchResult result = new SearchResult(handle);
@@ -154,27 +152,4 @@ public CompletableFuture<Void> updateDistinguished(final Store store) {
               });
     }
   }
-
-  /**
-   * Extra data accompanying the key transparency search request.
-   *
-   * <p>This is an implementation detail of the {@link
-   * org.signal.libsignal.net.KeyTransparencyClient} and is not supposed to be used directly. The
-   * context will be populated from the {@link Store}.
-   */
-  static final class SearchContext extends NativeHandleGuard.SimpleOwner {
-    SearchContext(byte[] accountData, byte[] lastDistinguishedTreeHead) {
-      super(
-          FilterExceptions.filterExceptions(
-              () ->
-                  // The only exception it can throw is an IllegalArgumentException, even though it
-                  // is bridged as throwing Exception.
-                  Native.KeyTransparency_NewSearchContext(accountData, lastDistinguishedTreeHead)));
-    }
-
-    @Override
-    protected void release(long nativeHandle) {
-      Native.ChatSearchContext_Destroy(nativeHandle);
-    }
-  }
 }
diff --git a/java/shared/java/org/signal/libsignal/internal/Native.java b/java/shared/java/org/signal/libsignal/internal/Native.java
index 75531dfeb..8f1697f58 100644
--- a/java/shared/java/org/signal/libsignal/internal/Native.java
+++ b/java/shared/java/org/signal/libsignal/internal/Native.java
@@ -208,8 +208,6 @@ private Native() {}
   public static native CompletableFuture<Long> CdsiLookup_new(long asyncRuntime, long connectionManager, String username, String password, long request);
   public static native byte[] CdsiLookup_token(long lookup);
 
-  public static native void ChatSearchContext_Destroy(long handle);
-
   public static native void ChatService_SetListenerAuth(long runtime, long chat, BridgeChatListener listener);
   public static native void ChatService_SetListenerUnauth(long runtime, long chat, BridgeChatListener listener);
   public static native CompletableFuture<Object> ChatService_auth_send(long asyncRuntime, long chat, long httpRequest, int timeoutMillis);
@@ -373,8 +371,7 @@ private Native() {}
   public static native byte[] KeyTransparency_AciSearchKey(byte[] aci);
   public static native CompletableFuture<byte[]> KeyTransparency_Distinguished(long asyncRuntime, int environment, long chat, byte[] lastDistinguishedTreeHead);
   public static native byte[] KeyTransparency_E164SearchKey(String e164);
-  public static native long KeyTransparency_NewSearchContext(byte[] accountData, byte[] lastDistinguishedTreeHead) throws Exception;
-  public static native CompletableFuture<Long> KeyTransparency_Search(long asyncRuntime, int environment, long chat, byte[] aci, long aciIdentityKey, String e164, byte[] unidentifiedAccessKey, byte[] usernameHash, long context);
+  public static native CompletableFuture<Long> KeyTransparency_Search(long asyncRuntime, int environment, long chat, byte[] aci, long aciIdentityKey, String e164, byte[] unidentifiedAccessKey, byte[] usernameHash, byte[] accountData, byte[] lastDistinguishedTreeHead);
   public static native byte[] KeyTransparency_UsernameHashSearchKey(byte[] hash);
 
   public static native void KyberKeyPair_Destroy(long handle);
diff --git a/rust/bridge/shared/src/net/keytrans.rs b/rust/bridge/shared/src/net/keytrans.rs
index 700278a5c..4310dc5c5 100644
--- a/rust/bridge/shared/src/net/keytrans.rs
+++ b/rust/bridge/shared/src/net/keytrans.rs
@@ -10,10 +10,10 @@ use libsignal_bridge_types::net::chat::UnauthChat;
 pub use libsignal_bridge_types::net::{Environment, TokioAsyncContext};
 use libsignal_bridge_types::support::AsType;
 use libsignal_core::{Aci, E164};
-use libsignal_keytrans::{KeyTransparency, LocalStateUpdate, StoredTreeHead};
-use libsignal_net::keytrans::{
-    ChatSearchContext, Error, Kt, SearchKey, SearchResult, UsernameHash,
+use libsignal_keytrans::{
+    AccountData, KeyTransparency, LocalStateUpdate, StoredAccountData, StoredTreeHead,
 };
+use libsignal_net::keytrans::{Error, Kt, SearchKey, SearchResult, UsernameHash};
 use libsignal_protocol::PublicKey;
 use prost::{DecodeError, Message};
 
@@ -35,7 +35,6 @@ fn KeyTransparency_UsernameHashSearchKey(hash: &[u8]) -> Vec<u8> {
     UsernameHash::from_slice(hash).as_search_key()
 }
 
-bridge_handle_fns!(ChatSearchContext, clone = false, ffi = false, node = false);
 bridge_handle_fns!(SearchResult, clone = false, ffi = false, node = false);
 
 #[bridge_fn(node = false, ffi = false)]
@@ -77,24 +76,8 @@ where
     T::decode(bytes.as_ref())
 }
 
-#[bridge_fn(node = false, ffi = false)]
-fn KeyTransparency_NewSearchContext(
-    account_data: Option<&[u8]>,
-    last_distinguished_tree_head: &[u8],
-) -> Result<ChatSearchContext, Error> {
-    let account_data = account_data.map(try_decode).transpose()?;
-    let last_distinguished_tree_head =
-        try_decode(last_distinguished_tree_head).map(|stored: StoredTreeHead| stored.tree_head)?;
-    let distinguished_tree_head_size = last_distinguished_tree_head
-        .map(|head| head.tree_size)
-        .ok_or(Error::InvalidRequest("distinguished tree head is missing"))?;
-    Ok(ChatSearchContext {
-        account_data,
-        distinguished_tree_head_size,
-    })
-}
-
 #[bridge_io(TokioAsyncContext, node = false, ffi = false)]
+#[allow(clippy::too_many_arguments)]
 async fn KeyTransparency_Search(
     // TODO: it is currently possible to pass an env that does not match chat
     environment: AsType<Environment, u8>,
@@ -104,7 +87,8 @@ async fn KeyTransparency_Search(
     e164: Option<E164>,
     unidentified_access_key: Option<Box<[u8]>>,
     username_hash: Option<Box<[u8]>>,
-    context: &ChatSearchContext,
+    account_data: Option<Box<[u8]>>,
+    last_distinguished_tree_head: Box<[u8]>,
 ) -> Result<SearchResult, Error> {
     let username_hash = username_hash.map(UsernameHash::from);
     let config = environment
@@ -135,13 +119,27 @@ async fn KeyTransparency_Search(
         }
     };
 
+    let account_data = account_data
+        .map(|bytes| {
+            let stored: StoredAccountData = try_decode(bytes)?;
+            AccountData::try_from(stored).map_err(Error::from)
+        })
+        .transpose()?;
+
+    let last_distinguished_tree_head =
+        try_decode(last_distinguished_tree_head).map(|stored: StoredTreeHead| stored.tree_head)?;
+    let distinguished_tree_head_size = last_distinguished_tree_head
+        .map(|head| head.tree_size)
+        .ok_or(Error::InvalidRequest("distinguished tree head is missing"))?;
+
     let result = kt
         .search(
             &aci,
             aci_identity_key,
             e164_pair,
             username_hash,
-            context.clone(),
+            account_data,
+            distinguished_tree_head_size,
         )
         .await?;
     Ok(result)
diff --git a/rust/bridge/shared/types/src/keytrans.rs b/rust/bridge/shared/types/src/keytrans.rs
index c96c57868..16c85a2a6 100644
--- a/rust/bridge/shared/types/src/keytrans.rs
+++ b/rust/bridge/shared/types/src/keytrans.rs
@@ -2,9 +2,8 @@
 // Copyright 2024 Signal Messenger, LLC.
 // SPDX-License-Identifier: AGPL-3.0-only
 //
-use libsignal_net::keytrans::{ChatSearchContext, SearchResult};
+use libsignal_net::keytrans::SearchResult;
 
 use crate::*;
 
-bridge_as_handle!(ChatSearchContext, ffi = false, node = false);
 bridge_as_handle!(SearchResult, ffi = false, node = false);
diff --git a/rust/net/src/keytrans.rs b/rust/net/src/keytrans.rs
index 712c46b4b..ebb64b427 100644
--- a/rust/net/src/keytrans.rs
+++ b/rust/net/src/keytrans.rs
@@ -82,6 +82,27 @@ struct RawChatSearchRequest {
     distinguished_tree_head_size: u64,
 }
 
+impl RawChatSearchRequest {
+    fn new(
+        aci: &Aci,
+        aci_identity_key: &PublicKey,
+        e164: Option<&(E164, Vec<u8>)>,
+        username_hash: Option<&UsernameHash>,
+        account_data: Option<&AccountData>,
+        distinguished_tree_head_size: u64,
+    ) -> Self {
+        Self {
+            aci: aci.as_chat_value(),
+            aci_identity_key: BASE64_STANDARD.encode(aci_identity_key.serialize()),
+            e164: e164.map(|x| x.0.as_chat_value()),
+            username_hash: username_hash.map(|x| x.as_chat_value()),
+            unidentified_access_key: e164.map(|x| BASE64_STANDARD.encode(&x.1)),
+            last_tree_head_size: account_data.map(|acc| acc.last_tree_head.0.tree_size),
+            distinguished_tree_head_size,
+        }
+    }
+}
+
 impl From<RawChatSearchRequest> for chat::Request {
     fn from(request: RawChatSearchRequest) -> Self {
         Self {
@@ -387,37 +408,6 @@ pub struct Kt<'a> {
     pub config: Config,
 }
 
-#[derive(Debug, Clone, Default)]
-pub struct ChatSearchContext {
-    pub account_data: Option<StoredAccountData>,
-    pub distinguished_tree_head_size: u64,
-}
-
-impl ChatSearchContext {
-    fn make_raw_request(
-        &self,
-        aci: &Aci,
-        aci_identity_key: &PublicKey,
-        e164: Option<&(E164, Vec<u8>)>,
-        username_hash: Option<&UsernameHash>,
-    ) -> RawChatSearchRequest {
-        fn get_tree_size(account_data: &StoredAccountData) -> Option<u64> {
-            let stored = account_data.last_tree_head.as_ref()?;
-            let head = stored.tree_head.as_ref()?;
-            Some(head.tree_size)
-        }
-        RawChatSearchRequest {
-            aci: aci.as_chat_value(),
-            aci_identity_key: BASE64_STANDARD.encode(aci_identity_key.serialize()),
-            e164: e164.map(|x| x.0.as_chat_value()),
-            username_hash: username_hash.map(|x| x.as_chat_value()),
-            unidentified_access_key: e164.map(|x| BASE64_STANDARD.encode(&x.1)),
-            last_tree_head_size: self.account_data.as_ref().and_then(get_tree_size),
-            distinguished_tree_head_size: self.distinguished_tree_head_size,
-        }
-    }
-}
-
 #[derive(Debug, Clone)]
 pub struct SearchResult {
     pub aci_identity_key: IdentityKey,
@@ -451,10 +441,17 @@ impl<'a> Kt<'a> {
         aci_identity_key: &PublicKey,
         e164: Option<(E164, Vec<u8>)>,
         username_hash: Option<UsernameHash<'a>>,
-        context: ChatSearchContext,
+        stored_account_data: Option<AccountData>,
+        distinguished_tree_head_size: u64,
     ) -> Result<SearchResult> {
-        let raw_request =
-            context.make_raw_request(aci, aci_identity_key, e164.as_ref(), username_hash.as_ref());
+        let raw_request = RawChatSearchRequest::new(
+            aci,
+            aci_identity_key,
+            e164.as_ref(),
+            username_hash.as_ref(),
+            stored_account_data.as_ref(),
+            distinguished_tree_head_size,
+        );
         let response = self.send(raw_request.into()).await?;
 
         let chat_search_response = RawChatSerializedResponse::try_from(response)
@@ -463,12 +460,6 @@ impl<'a> Kt<'a> {
                 TypedSearchResponse::from_untyped(e164.is_some(), username_hash.is_some(), r)
             })?;
 
-        let ChatSearchContext {
-            account_data: stored_account_data,
-            distinguished_tree_head_size: _,
-        } = context;
-
-        let account_data = stored_account_data.map(AccountData::try_from).transpose()?;
         let now = SystemTime::now();
 
         // TODO: this could be a `validate` on the TypedSearchResponse, but then what to accept as the "expected" arguments?
@@ -486,7 +477,7 @@ impl<'a> Kt<'a> {
             e164_monitoring_data,
             username_hash_monitoring_data,
             stored_last_tree_head,
-        ) = match account_data {
+        ) = match stored_account_data {
             None => (None, None, None, None),
             Some(acc) => {
                 let AccountData {
@@ -993,10 +984,8 @@ mod test {
                 &aci_identity_key,
                 use_e164.then_some(e164),
                 use_username_hash.then_some(username_hash),
-                ChatSearchContext {
-                    account_data: None,
-                    distinguished_tree_head_size,
-                },
+                None,
+                distinguished_tree_head_size,
             )
             .await;
 
@@ -1058,10 +1047,8 @@ mod test {
                     &aci_identity_key,
                     use_e164.then_some(e164),
                     use_username_hash.then_some(username_hash.clone()),
-                    ChatSearchContext {
-                        account_data: None,
-                        distinguished_tree_head_size,
-                    },
+                    None,
+                    distinguished_tree_head_size,
                 )
                 .await
                 .expect("can search");

From d789b5d1601b5db8caa99675948afa2a920f9ea5 Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Thu, 5 Dec 2024 17:26:39 -0800
Subject: [PATCH 52/57] backup: Validate ChatFolders

---
 rust/message-backup/src/backup.rs             |  89 ++++-
 rust/message-backup/src/backup/chat_folder.rs | 328 ++++++++++++++++++
 .../backup/expected_serialized_backup.json    |   3 +-
 rust/message-backup/src/backup/serialize.rs   |   7 +-
 .../tests/res/canonical-backup.expected.json  |   3 +-
 .../canonical-backup.scrambled.expected.json  |   3 +-
 6 files changed, 428 insertions(+), 5 deletions(-)
 create mode 100644 rust/message-backup/src/backup/chat_folder.rs

diff --git a/rust/message-backup/src/backup.rs b/rust/message-backup/src/backup.rs
index 1c19c57b5..92516f04a 100644
--- a/rust/message-backup/src/backup.rs
+++ b/rust/message-backup/src/backup.rs
@@ -16,6 +16,7 @@ pub(crate) use crate::backup::account_data::{AccountData, AccountDataError};
 use crate::backup::call::{AdHocCall, CallError};
 use crate::backup::chat::chat_style::{CustomChatColor, CustomColorId};
 use crate::backup::chat::{ChatData, ChatError, ChatItemData, ChatItemError, PinOrder};
+use crate::backup::chat_folder::{ChatFolder, ChatFolderError};
 use crate::backup::frame::{ChatId, RecipientId};
 use crate::backup::map::IntMap;
 use crate::backup::method::{Lookup, LookupPair, Method};
@@ -35,6 +36,7 @@ use crate::proto::backup::frame::Item as FrameItem;
 mod account_data;
 mod call;
 mod chat;
+mod chat_folder;
 mod file;
 mod frame;
 mod map;
@@ -97,6 +99,7 @@ pub struct PartialBackup<M: Method + ReferencedTypes> {
     ad_hoc_calls: M::List<AdHocCall<M::RecipientReference>>,
     sticker_packs: HashMap<StickerPackId, StickerPack<M>>,
     notification_profiles: UnorderedList<NotificationProfile<M::RecipientReference>>,
+    chat_folders: Vec<ChatFolder<M::RecipientReference>>,
     /// Stored here so PartialBackup can be the only context necessary for processing backup frames.
     unusual_timestamp_tracker: RefCell<UnusualTimestampTracker>,
 }
@@ -110,6 +113,7 @@ pub struct CompletedBackup<M: Method + ReferencedTypes> {
     ad_hoc_calls: M::List<AdHocCall<M::RecipientReference>>,
     sticker_packs: HashMap<StickerPackId, StickerPack<M>>,
     notification_profiles: UnorderedList<NotificationProfile<M::RecipientReference>>,
+    chat_folders: Vec<ChatFolder<M::RecipientReference>>,
 }
 
 pub type Backup = CompletedBackup<Store>;
@@ -171,6 +175,10 @@ pub enum Purpose {
 pub enum CompletionError {
     /// no AccountData frames found
     MissingAccountData,
+    /// no ALL ChatFolder found
+    MissingAllChatFolder,
+    /// multiple ALL ChatFolders found
+    DuplicateAllChatFolder,
 }
 
 impl<M: Method + ReferencedTypes> TryFrom<PartialBackup<M>> for CompletedBackup<M> {
@@ -185,11 +193,24 @@ impl<M: Method + ReferencedTypes> TryFrom<PartialBackup<M>> for CompletedBackup<
             ad_hoc_calls,
             sticker_packs,
             notification_profiles,
+            chat_folders,
             unusual_timestamp_tracker: _,
         } = value;
 
         let account_data = account_data.ok_or(CompletionError::MissingAccountData)?;
 
+        if !chat_folders.is_empty() {
+            match chat_folders
+                .iter()
+                .filter(|folder| matches!(folder, ChatFolder::All))
+                .count()
+            {
+                0 => Err(CompletionError::MissingAllChatFolder),
+                1 => Ok(()),
+                _ => Err(CompletionError::DuplicateAllChatFolder),
+            }?;
+        }
+
         Ok(CompletedBackup {
             meta,
             account_data,
@@ -198,6 +219,7 @@ impl<M: Method + ReferencedTypes> TryFrom<PartialBackup<M>> for CompletedBackup<
             ad_hoc_calls,
             sticker_packs,
             notification_profiles,
+            chat_folders,
         })
     }
 }
@@ -222,6 +244,8 @@ pub enum ValidationError {
     StickerError(#[from] StickerError),
     /// {0}
     NotificationProfileError(#[from] NotificationProfileError),
+    /// {0}
+    ChatFolderError(#[from] ChatFolderError),
 }
 
 #[derive(Debug, displaydoc::Display, thiserror::Error)]
@@ -410,6 +434,7 @@ impl<M: Method + ReferencedTypes> PartialBackup<M> {
             ad_hoc_calls: Default::default(),
             sticker_packs: Default::default(),
             notification_profiles: Default::default(),
+            chat_folders: Default::default(),
             unusual_timestamp_tracker,
         })
     }
@@ -531,7 +556,9 @@ impl<M: Method + ReferencedTypes> PartialBackup<M> {
         Ok(())
     }
 
-    fn add_chat_folder(&mut self, _chat_folder: proto::ChatFolder) -> Result<(), ValidationError> {
+    fn add_chat_folder(&mut self, chat_folder: proto::ChatFolder) -> Result<(), ValidationError> {
+        let folder = chat_folder.try_into_with(self)?;
+        self.chat_folders.push(folder);
         Ok(())
     }
 }
@@ -872,6 +899,66 @@ mod test {
         );
     }
 
+    #[test_case(ValidateOnly::empty())]
+    #[test_case(Store::empty())]
+    fn rejects_missing_account_data<M: Method + ReferencedTypes>(partial: PartialBackup<M>) {
+        assert_matches!(
+            CompletedBackup::try_from(partial),
+            Err(CompletionError::MissingAccountData)
+        );
+    }
+
+    #[test_case(ValidateOnly::empty())]
+    #[test_case(Store::empty())]
+    fn rejects_missing_all_folder<M: Method + ReferencedTypes>(mut partial: PartialBackup<M>) {
+        partial
+            .add_frame_item(proto::AccountData::test_data().into())
+            .expect("accepts AccountData");
+        partial
+            .add_frame_item(proto::Recipient::test_data_contact().into())
+            .expect("accepts Contact");
+        partial
+            .add_frame_item(FrameItem::ChatFolder(proto::ChatFolder::test_data()))
+            .expect("accepts ChatFolder");
+
+        assert_matches!(
+            CompletedBackup::try_from(partial),
+            Err(CompletionError::MissingAllChatFolder)
+        );
+    }
+
+    #[test_case(ValidateOnly::empty())]
+    #[test_case(Store::empty())]
+    fn allows_lone_all_folder<M: Method + ReferencedTypes>(mut partial: PartialBackup<M>) {
+        partial
+            .add_frame_item(proto::AccountData::test_data().into())
+            .expect("accepts AccountData");
+        partial
+            .add_frame_item(FrameItem::ChatFolder(proto::ChatFolder::all_folder_data()))
+            .expect("accepts ChatFolder");
+
+        assert_matches!(CompletedBackup::try_from(partial), Ok(_));
+    }
+
+    #[test_case(ValidateOnly::empty())]
+    #[test_case(Store::empty())]
+    fn rejects_duplicate_all_folder<M: Method + ReferencedTypes>(mut partial: PartialBackup<M>) {
+        partial
+            .add_frame_item(proto::AccountData::test_data().into())
+            .expect("accepts AccountData");
+        partial
+            .add_frame_item(FrameItem::ChatFolder(proto::ChatFolder::all_folder_data()))
+            .expect("accepts ChatFolder");
+        partial
+            .add_frame_item(FrameItem::ChatFolder(proto::ChatFolder::all_folder_data()))
+            .expect("accepts ChatFolder");
+
+        assert_matches!(
+            CompletedBackup::try_from(partial),
+            Err(CompletionError::DuplicateAllChatFolder)
+        );
+    }
+
     #[test]
     fn chat_item_order() {
         let mut partial = Store::empty();
diff --git a/rust/message-backup/src/backup/chat_folder.rs b/rust/message-backup/src/backup/chat_folder.rs
new file mode 100644
index 000000000..297113754
--- /dev/null
+++ b/rust/message-backup/src/backup/chat_folder.rs
@@ -0,0 +1,328 @@
+//
+// Copyright (C) 2024 Signal Messenger, LLC.
+// SPDX-License-Identifier: AGPL-3.0-only
+//
+
+// Silence clippy's complains about private fields used to prevent construction
+// and recommends `#[non_exhaustive]`. The annotation only applies outside this
+// crate, but we want intra-crate privacy.
+#![allow(clippy::manual_non_exhaustive)]
+
+use itertools::Itertools;
+
+use crate::backup::frame::RecipientId;
+use crate::backup::map::IntMap;
+use crate::backup::method::LookupPair;
+use crate::backup::recipient::DestinationKind;
+use crate::backup::serialize::{SerializeOrder, UnorderedList};
+use crate::backup::TryFromWith;
+use crate::proto::backup as proto;
+
+/// Validated version of [`proto::ChatFolder`].
+#[derive(Debug, serde::Serialize)]
+#[cfg_attr(test, derive(PartialEq))]
+pub enum ChatFolder<Recipient> {
+    All,
+    Custom {
+        name: String,
+        show_only_unread: bool,
+        show_muted_chats: bool,
+        include_all_individual_chats: bool,
+        include_all_group_chats: bool,
+        #[serde(bound(serialize = "Recipient: serde::Serialize + SerializeOrder"))]
+        included_recipients: UnorderedList<Recipient>,
+        #[serde(bound(serialize = "Recipient: serde::Serialize + SerializeOrder"))]
+        excluded_recipients: UnorderedList<Recipient>,
+        // While this isn't *enforced* for an enum variant, hopefully it's still a good hint.
+        _limit_construction_to_module: (),
+    },
+}
+
+#[derive(Debug, thiserror::Error, displaydoc::Display)]
+#[cfg_attr(test, derive(PartialEq))]
+pub enum ChatFolderError {
+    /// unknown type {0}
+    UnknownType(i32),
+    /// ALL folder name must be empty
+    AllFolderInvalidName,
+    /// ALL folder must not only show unread
+    AllFolderMustNotShowOnlyUnread,
+    /// ALL folder must show muted chats
+    AllFolderMustShowMuted,
+    /// ALL folder must include individual chats by default
+    AllFolderMustIncludeIndividualChats,
+    /// ALL folder must include group chats by default
+    AllFolderMustIncludeGroupChats,
+    /// ALL folder must not have specific includes
+    AllFolderMustNotHaveSpecificIncludes,
+    /// ALL folder must not exclude chats
+    AllFolderMustNotExcludeChats,
+    /// missing name for non-ALL folder
+    MissingName,
+    /// included member {0:?} is unknown
+    IncludedMemberUnknown(RecipientId),
+    /// included member {0:?} appears multiple times
+    IncludedMemberDuplicate(RecipientId),
+    /// included member {0:?} is a {1:?}
+    IncludedMemberWrongKind(RecipientId, DestinationKind),
+    /// excluded member {0:?} is unknown
+    ExcludedMemberUnknown(RecipientId),
+    /// excluded member {0:?} appears multiple times
+    ExcludedMemberDuplicate(RecipientId),
+    /// excluded member {0:?} is a {1:?}
+    ExcludedMemberWrongKind(RecipientId, DestinationKind),
+    /// recipient {0:?} is in both the included and excluded lists
+    MemberIsBothIncludedAndExcluded(RecipientId),
+}
+
+impl<R> ChatFolder<R> {
+    fn validate_all_chat_folder(item: proto::ChatFolder) -> Result<Self, ChatFolderError> {
+        let proto::ChatFolder {
+            name,
+            showOnlyUnread,
+            showMutedChats,
+            includeAllIndividualChats,
+            includeAllGroupChats,
+            folderType,
+            includedRecipientIds,
+            excludedRecipientIds,
+            special_fields: _,
+        } = item;
+
+        assert_eq!(
+            folderType.enum_value(),
+            Ok(proto::chat_folder::FolderType::ALL),
+            "should not call this method on arbitrary chat folders"
+        );
+
+        if !name.is_empty() {
+            return Err(ChatFolderError::AllFolderInvalidName);
+        }
+        if showOnlyUnread {
+            return Err(ChatFolderError::AllFolderMustNotShowOnlyUnread);
+        }
+        if !showMutedChats {
+            return Err(ChatFolderError::AllFolderMustShowMuted);
+        }
+        if !includeAllIndividualChats {
+            return Err(ChatFolderError::AllFolderMustIncludeIndividualChats);
+        }
+        if !includeAllGroupChats {
+            return Err(ChatFolderError::AllFolderMustIncludeGroupChats);
+        }
+        if !includedRecipientIds.is_empty() {
+            return Err(ChatFolderError::AllFolderMustNotHaveSpecificIncludes);
+        }
+        if !excludedRecipientIds.is_empty() {
+            return Err(ChatFolderError::AllFolderMustNotExcludeChats);
+        }
+
+        Ok(Self::All)
+    }
+}
+
+impl<R: Clone, C: LookupPair<RecipientId, DestinationKind, R>> TryFromWith<proto::ChatFolder, C>
+    for ChatFolder<R>
+{
+    type Error = ChatFolderError;
+    fn try_from_with(item: proto::ChatFolder, context: &C) -> Result<Self, Self::Error> {
+        match item.folderType.enum_value_or_default() {
+            proto::chat_folder::FolderType::UNKNOWN => {
+                return Err(ChatFolderError::UnknownType(item.folderType.value()));
+            }
+            proto::chat_folder::FolderType::ALL => {
+                return Self::validate_all_chat_folder(item);
+            }
+            proto::chat_folder::FolderType::CUSTOM => {}
+        }
+
+        let proto::ChatFolder {
+            name,
+            showOnlyUnread,
+            showMutedChats,
+            includeAllIndividualChats,
+            includeAllGroupChats,
+            folderType: _,
+            includedRecipientIds,
+            excludedRecipientIds,
+            special_fields: _,
+        } = item;
+
+        if name.is_empty() {
+            return Err(ChatFolderError::MissingName);
+        }
+
+        let mut seen_included_members = IntMap::default();
+        let included_recipients = includedRecipientIds
+            .into_iter()
+            .map(|id| {
+                let id = RecipientId(id);
+                if seen_included_members.insert(id, ()).is_some() {
+                    return Err(ChatFolderError::IncludedMemberDuplicate(id));
+                }
+                let (kind, recipient) = context
+                    .lookup_pair(&id)
+                    .ok_or(ChatFolderError::IncludedMemberUnknown(id))?;
+                match kind {
+                    DestinationKind::Contact | DestinationKind::Self_ | DestinationKind::Group => {
+                        Ok(recipient.clone())
+                    }
+                    DestinationKind::ReleaseNotes
+                    | DestinationKind::DistributionList
+                    | DestinationKind::CallLink => {
+                        Err(ChatFolderError::IncludedMemberWrongKind(id, *kind))
+                    }
+                }
+            })
+            .try_collect()?;
+
+        let mut seen_excluded_members = IntMap::default();
+        let excluded_recipients = excludedRecipientIds
+            .into_iter()
+            .map(|id| {
+                let id = RecipientId(id);
+                if seen_excluded_members.insert(id, ()).is_some() {
+                    return Err(ChatFolderError::ExcludedMemberDuplicate(id));
+                }
+                if seen_included_members.get(&id).is_some() {
+                    return Err(ChatFolderError::MemberIsBothIncludedAndExcluded(id));
+                }
+                let (kind, recipient) = context
+                    .lookup_pair(&id)
+                    .ok_or(ChatFolderError::ExcludedMemberUnknown(id))?;
+                match kind {
+                    DestinationKind::Contact | DestinationKind::Self_ | DestinationKind::Group => {
+                        Ok(recipient.clone())
+                    }
+                    DestinationKind::ReleaseNotes
+                    | DestinationKind::DistributionList
+                    | DestinationKind::CallLink => {
+                        Err(ChatFolderError::ExcludedMemberWrongKind(id, *kind))
+                    }
+                }
+            })
+            .try_collect()?;
+
+        Ok(Self::Custom {
+            name,
+            show_only_unread: showOnlyUnread,
+            show_muted_chats: showMutedChats,
+            include_all_individual_chats: includeAllIndividualChats,
+            include_all_group_chats: includeAllGroupChats,
+            included_recipients,
+            excluded_recipients,
+            _limit_construction_to_module: (),
+        })
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use assert_matches::assert_matches;
+    use test_case::test_case;
+
+    use super::*;
+    use crate::backup::recipient::FullRecipientData;
+    use crate::backup::testutil::TestContext;
+    use crate::backup::TryIntoWith as _;
+
+    impl proto::ChatFolder {
+        pub(crate) fn test_data() -> Self {
+            Self {
+                name: "Test".into(),
+                showOnlyUnread: false,
+                showMutedChats: true,
+                includeAllIndividualChats: true,
+                includeAllGroupChats: true,
+                folderType: proto::chat_folder::FolderType::CUSTOM.into(),
+                includedRecipientIds: vec![],
+                excludedRecipientIds: vec![TestContext::CONTACT_ID.0],
+                ..Default::default()
+            }
+        }
+
+        pub(crate) fn all_folder_data() -> Self {
+            Self {
+                name: "".into(),
+                showOnlyUnread: false,
+                showMutedChats: true,
+                includeAllIndividualChats: true,
+                includeAllGroupChats: true,
+                folderType: proto::chat_folder::FolderType::ALL.into(),
+                includedRecipientIds: vec![],
+                excludedRecipientIds: vec![],
+                ..Default::default()
+            }
+        }
+    }
+
+    #[test]
+    fn valid_chat_folder() {
+        assert_eq!(
+            proto::ChatFolder::test_data().try_into_with(&TestContext::default()),
+            Ok(ChatFolder::<FullRecipientData>::Custom {
+                name: "Test".into(),
+                show_only_unread: false,
+                show_muted_chats: true,
+                include_all_individual_chats: true,
+                include_all_group_chats: true,
+                included_recipients: vec![].into(),
+                excluded_recipients: vec![TestContext::contact_recipient().clone()].into(),
+                _limit_construction_to_module: (),
+            })
+        )
+    }
+
+    #[test_case(|x| x.name = "".into() => Err(ChatFolderError::MissingName); "empty name")]
+    #[test_case(|x| x.excludedRecipientIds.clear() => Ok(()); "no exclusions is okay")]
+    #[test_case(|x| x.excludedRecipientIds.push(TestContext::GROUP_ID.0) => Ok(()); "excluding groups is okay")]
+    #[test_case(|x| x.excludedRecipientIds.push(TestContext::SELF_ID.0) => Ok(()); "excluding Self is okay")]
+    #[test_case(|x| x.excludedRecipientIds.push(TestContext::CALL_LINK_ID.0) => Err(ChatFolderError::ExcludedMemberWrongKind(TestContext::CALL_LINK_ID, DestinationKind::CallLink)); "excluding call links is not okay")]
+    #[test_case(|x| x.excludedRecipientIds.push(TestContext::CONTACT_ID.0) => Err(ChatFolderError::ExcludedMemberDuplicate(TestContext::CONTACT_ID)); "duplicate exclusion")]
+    #[test_case(|x| x.excludedRecipientIds.push(9999) => Err(ChatFolderError::ExcludedMemberUnknown(RecipientId(9999))); "unknown exclusion")]
+    #[test_case(|x| {
+        x.includeAllGroupChats = false;
+        x.includedRecipientIds.push(TestContext::GROUP_ID.0);
+    } => Ok(()); "explicit inclusion")]
+    #[test_case(|x| {
+        x.includeAllGroupChats = false;
+        x.includedRecipientIds.push(TestContext::GROUP_ID.0);
+        x.includedRecipientIds.push(TestContext::GROUP_ID.0);
+    } => Err(ChatFolderError::IncludedMemberDuplicate(TestContext::GROUP_ID)); "duplicate inclusion")]
+    #[test_case(|x| x.includedRecipientIds.push(9999) => Err(ChatFolderError::IncludedMemberUnknown(RecipientId(9999))); "unknown inclusion")]
+    #[test_case(|x| x.includedRecipientIds.push(TestContext::CALL_LINK_ID.0) => Err(ChatFolderError::IncludedMemberWrongKind(TestContext::CALL_LINK_ID, DestinationKind::CallLink)); "including call links is not okay")]
+    #[test_case(|x| x.includedRecipientIds.push(TestContext::CONTACT_ID.0) => Err(ChatFolderError::MemberIsBothIncludedAndExcluded(TestContext::CONTACT_ID)); "member in both lists")]
+    #[test_case(|x| x.includedRecipientIds.push(TestContext::GROUP_ID.0) => Ok(()); "include a group even though all groups are included by default")]
+    fn folder(mutator: fn(&mut proto::ChatFolder)) -> Result<(), ChatFolderError> {
+        let mut folder = proto::ChatFolder::test_data();
+        mutator(&mut folder);
+
+        folder
+            .try_into_with(&TestContext::default())
+            .map(|_: ChatFolder<FullRecipientData>| ())
+    }
+
+    #[test]
+    fn valid_all_folder() {
+        assert_eq!(
+            proto::ChatFolder::all_folder_data().try_into_with(&TestContext::default()),
+            Ok(ChatFolder::<FullRecipientData>::All)
+        )
+    }
+
+    #[test_case(|x| x.name = "Test".into() => Err(ChatFolderError::AllFolderInvalidName); "must be unnamed")]
+    #[test_case(|x| x.showOnlyUnread = true => Err(ChatFolderError::AllFolderMustNotShowOnlyUnread); "must not show only unread")]
+    #[test_case(|x| x.showMutedChats = false => Err(ChatFolderError::AllFolderMustShowMuted); "must show muted chats")]
+    #[test_case(|x| x.includeAllIndividualChats = false => Err(ChatFolderError::AllFolderMustIncludeIndividualChats); "must show 1:1 chats")]
+    #[test_case(|x| x.includeAllGroupChats = false => Err(ChatFolderError::AllFolderMustIncludeGroupChats); "must show group chats")]
+    #[test_case(|x| x.includedRecipientIds = vec![9999] => Err(ChatFolderError::AllFolderMustNotHaveSpecificIncludes); "must not have includes")]
+    #[test_case(|x| x.excludedRecipientIds = vec![9999] => Err(ChatFolderError::AllFolderMustNotExcludeChats); "must not have excludes")]
+    fn all_folder(mutator: fn(&mut proto::ChatFolder)) -> Result<(), ChatFolderError> {
+        let mut folder = proto::ChatFolder::all_folder_data();
+        mutator(&mut folder);
+
+        folder
+            .try_into_with(&TestContext::default())
+            .map(|folder: ChatFolder<FullRecipientData>| assert_matches!(folder, ChatFolder::All))
+    }
+}
diff --git a/rust/message-backup/src/backup/expected_serialized_backup.json b/rust/message-backup/src/backup/expected_serialized_backup.json
index c1b8878bf..969ba5380 100644
--- a/rust/message-backup/src/backup/expected_serialized_backup.json
+++ b/rust/message-backup/src/backup/expected_serialized_backup.json
@@ -67,5 +67,6 @@
   "ad_hoc_calls": [],
   "pinned_chats": [],
   "sticker_packs": [],
-  "notification_profiles": []
+  "notification_profiles": [],
+  "chat_folders": []
 }
\ No newline at end of file
diff --git a/rust/message-backup/src/backup/serialize.rs b/rust/message-backup/src/backup/serialize.rs
index 95fd6efd2..2aea1eb37 100644
--- a/rust/message-backup/src/backup/serialize.rs
+++ b/rust/message-backup/src/backup/serialize.rs
@@ -14,6 +14,7 @@ use crate::backup::call::AdHocCall;
 use crate::backup::chat::group::Invitee;
 use crate::backup::chat::text::{TextEffect, TextRange};
 use crate::backup::chat::{ChatData, OutgoingSend};
+use crate::backup::chat_folder::ChatFolder;
 use crate::backup::frame::RecipientId;
 use crate::backup::method::Store;
 use crate::backup::notification_profile::NotificationProfile;
@@ -36,6 +37,7 @@ pub struct Backup {
     pinned_chats: Vec<FullRecipientData>,
     sticker_packs: UnorderedList<(StickerPackId, StickerPack<Store>)>,
     notification_profiles: UnorderedList<NotificationProfile<FullRecipientData>>,
+    chat_folders: Vec<ChatFolder<FullRecipientData>>,
 }
 
 impl Backup {
@@ -60,6 +62,7 @@ impl From<CompletedBackup<Store>> for Backup {
             ad_hoc_calls,
             sticker_packs,
             notification_profiles,
+            chat_folders,
         } = value;
         Self {
             meta,
@@ -69,7 +72,8 @@ impl From<CompletedBackup<Store>> for Backup {
             ad_hoc_calls: ad_hoc_calls.into_iter().collect(),
             pinned_chats: pinned.into_iter().map(|(_, data)| data).collect(),
             sticker_packs: sticker_packs.into_iter().collect(),
-            notification_profiles: notification_profiles.into_iter().collect(),
+            notification_profiles,
+            chat_folders,
         }
     }
 }
@@ -440,6 +444,7 @@ mod test {
             pinned_chats: Vec::default(),
             sticker_packs: UnorderedList::default(),
             notification_profiles: UnorderedList::default(),
+            chat_folders: Vec::default(),
         };
 
         const EXPECTED_JSON: &str = include_str!("expected_serialized_backup.json");
diff --git a/rust/message-backup/tests/res/canonical-backup.expected.json b/rust/message-backup/tests/res/canonical-backup.expected.json
index f379ad281..95538e43c 100644
--- a/rust/message-backup/tests/res/canonical-backup.expected.json
+++ b/rust/message-backup/tests/res/canonical-backup.expected.json
@@ -74,5 +74,6 @@
   "ad_hoc_calls": [],
   "pinned_chats": [],
   "sticker_packs": [],
-  "notification_profiles": []
+  "notification_profiles": [],
+  "chat_folders": []
 }
\ No newline at end of file
diff --git a/rust/message-backup/tests/res/canonical-backup.scrambled.expected.json b/rust/message-backup/tests/res/canonical-backup.scrambled.expected.json
index 932467111..b32913fc5 100644
--- a/rust/message-backup/tests/res/canonical-backup.scrambled.expected.json
+++ b/rust/message-backup/tests/res/canonical-backup.scrambled.expected.json
@@ -74,5 +74,6 @@
   "ad_hoc_calls": [],
   "pinned_chats": [],
   "sticker_packs": [],
-  "notification_profiles": []
+  "notification_profiles": [],
+  "chat_folders": []
 }
\ No newline at end of file

From bad358ebacf08daf74ff7b3f3e081c467ab761b1 Mon Sep 17 00:00:00 2001
From: Alex Konradi <akonradi@signal.org>
Date: Fri, 6 Dec 2024 04:38:05 -0500
Subject: [PATCH 53/57] Run non-hermetic tests in slow tests workflow

---
 .github/workflows/slow_tests.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/slow_tests.yml b/.github/workflows/slow_tests.yml
index 707d2f8dd..d825ce714 100644
--- a/.github/workflows/slow_tests.yml
+++ b/.github/workflows/slow_tests.yml
@@ -5,6 +5,7 @@ env:
   ANDROID_NDK_VERSION: 27.0.12077973
   LIBSIGNAL_TESTING_ENCLAVE_SECRET: ${{secrets.SVR_ENCLAVE_SECRET}}
   LIBSIGNAL_TESTING_CDSI_ENCLAVE_SECRET: ${{secrets.CDSI_ENCLAVE_SECRET}}
+  LIBSIGNAL_TESTING_RUN_NONHERMETIC_TESTS: true
   RUST_LOG: debug
 
 on:

From 975f9b31c7ba088e3d6544de172a2286a221fcc1 Mon Sep 17 00:00:00 2001
From: Alex Konradi <akonradi@signal.org>
Date: Fri, 6 Dec 2024 06:04:07 -0500
Subject: [PATCH 54/57] Pass tokio runtime handle to ws2::Chat::new

---
 .../signal/libsignal/net/ChatServiceTest.java |  8 +--
 node/ts/test/NetTest.ts                       |  8 ++-
 rust/bridge/shared/types/src/net/chat.rs      | 68 +++++++++++--------
 rust/net/src/chat.rs                          | 31 ++-------
 rust/net/src/chat/ws2.rs                      | 14 +++-
 .../ChatServiceTests.swift                    |  4 +-
 6 files changed, 67 insertions(+), 66 deletions(-)

diff --git a/java/client/src/test/java/org/signal/libsignal/net/ChatServiceTest.java b/java/client/src/test/java/org/signal/libsignal/net/ChatServiceTest.java
index 37d004f46..b801db668 100644
--- a/java/client/src/test/java/org/signal/libsignal/net/ChatServiceTest.java
+++ b/java/client/src/test/java/org/signal/libsignal/net/ChatServiceTest.java
@@ -129,10 +129,10 @@ public void testConstructRequest() throws Exception {
 
   @Test
   public void testConnectUnauth() throws Exception {
-    // Use the presence of the proxy server environment setting to know whether we should make
-    // network requests in our tests.
-    final String PROXY_SERVER = TestEnvironment.get("LIBSIGNAL_TESTING_PROXY_SERVER");
-    Assume.assumeNotNull(PROXY_SERVER);
+    // Use the presence of the environment setting to know whether we should
+    // make network requests in our tests.
+    final String ENABLE_TEST = TestEnvironment.get("LIBSIGNAL_TESTING_RUN_NONHERMETIC_TESTS");
+    Assume.assumeNotNull(ENABLE_TEST);
 
     final Network net = new Network(Network.Environment.STAGING, USER_AGENT);
     final UnauthenticatedChatService chat = net.createUnauthChatService(null);
diff --git a/node/ts/test/NetTest.ts b/node/ts/test/NetTest.ts
index 0fa24270d..cbd652153 100644
--- a/node/ts/test/NetTest.ts
+++ b/node/ts/test/NetTest.ts
@@ -3,7 +3,7 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 //
 
-import { assert, config, expect, use } from 'chai';
+import { config, expect, use } from 'chai';
 import * as chaiAsPromised from 'chai-as-promised';
 import * as sinon from 'sinon';
 import * as sinonChai from 'sinon-chai';
@@ -237,9 +237,11 @@ describe('chat service api', () => {
           await connectChatUnauthenticated(net);
         }).timeout(10000);
 
-        it('can connect through a proxy server', async () => {
+        it('can connect through a proxy server', async function () {
           const PROXY_SERVER = process.env.LIBSIGNAL_TESTING_PROXY_SERVER;
-          assert(PROXY_SERVER, 'checked above');
+          if (!PROXY_SERVER) {
+            this.skip();
+          }
 
           // The default TLS proxy config doesn't support staging, so we connect to production.
           const net = new Net({
diff --git a/rust/bridge/shared/types/src/net/chat.rs b/rust/bridge/shared/types/src/net/chat.rs
index d585f6ff1..85ff7c35b 100644
--- a/rust/bridge/shared/types/src/net/chat.rs
+++ b/rust/bridge/shared/types/src/net/chat.rs
@@ -245,7 +245,7 @@ impl RefUnwindSafe for AuthenticatedChatConnection {}
 
 enum MaybeChatConnection {
     Running(ChatConnection),
-    WaitingForListener(chat::PendingChatConnection),
+    WaitingForListener(tokio::runtime::Handle, chat::PendingChatConnection),
     TemporarilyEvicted,
 }
 
@@ -254,7 +254,11 @@ impl UnauthenticatedChatConnection {
         let inner = establish_chat_connection(connection_manager, None).await?;
         log::info!("connected unauthenticated chat");
         Ok(Self {
-            inner: MaybeChatConnection::WaitingForListener(inner).into(),
+            inner: MaybeChatConnection::WaitingForListener(
+                tokio::runtime::Handle::current(),
+                inner,
+            )
+            .into(),
         })
     }
 }
@@ -274,7 +278,11 @@ impl AuthenticatedChatConnection {
         .await?;
         log::info!("connected authenticated chat");
         Ok(Self {
-            inner: MaybeChatConnection::WaitingForListener(pending).into(),
+            inner: MaybeChatConnection::WaitingForListener(
+                tokio::runtime::Handle::current(),
+                pending,
+            )
+            .into(),
         })
     }
 }
@@ -305,40 +313,36 @@ pub trait BridgeChatConnection {
     fn info(&self) -> ConnectionInfo;
 }
 
-impl<C: AsRef<tokio::sync::RwLock<MaybeChatConnection>>> BridgeChatConnection for C {
+impl<C: AsRef<tokio::sync::RwLock<MaybeChatConnection>> + Sync> BridgeChatConnection for C {
     fn init_listener(&self, listener: Box<dyn ChatListener>) {
         init_listener(&mut self.as_ref().blocking_write(), listener)
     }
 
-    fn send(
+    async fn send(
         &self,
         message: Request,
         timeout: Duration,
-    ) -> impl Future<Output = Result<ChatResponse, ChatServiceError>> + Send {
-        let guard = self.as_ref().blocking_read();
-        async move {
-            let MaybeChatConnection::Running(inner) = &*guard else {
-                panic!("listener was not set")
-            };
-            inner.send(message, timeout).await
-        }
+    ) -> Result<ChatResponse, ChatServiceError> {
+        let guard = self.as_ref().read().await;
+        let MaybeChatConnection::Running(inner) = &*guard else {
+            panic!("listener was not set")
+        };
+        inner.send(message, timeout).await
     }
 
-    fn disconnect(&self) -> impl Future<Output = ()> + Send {
-        let guard = self.as_ref().blocking_read();
-        async move {
-            let MaybeChatConnection::Running(inner) = &*guard else {
-                panic!("listener was not set")
-            };
-            inner.disconect().await
-        }
+    async fn disconnect(&self) {
+        let guard = self.as_ref().read().await;
+        let MaybeChatConnection::Running(inner) = &*guard else {
+            panic!("listener was not set")
+        };
+        inner.disconect().await
     }
 
     fn info(&self) -> ConnectionInfo {
         let guard = self.as_ref().blocking_read();
         match &*guard {
             MaybeChatConnection::Running(chat_connection) => chat_connection.connection_info(),
-            MaybeChatConnection::WaitingForListener(pending_chat_connection) => {
+            MaybeChatConnection::WaitingForListener(_, pending_chat_connection) => {
                 pending_chat_connection.connection_info()
             }
             MaybeChatConnection::TemporarilyEvicted => unreachable!("unobservable state"),
@@ -347,16 +351,20 @@ impl<C: AsRef<tokio::sync::RwLock<MaybeChatConnection>>> BridgeChatConnection fo
 }
 
 fn init_listener(connection: &mut MaybeChatConnection, listener: Box<dyn ChatListener>) {
-    let pending = match std::mem::replace(connection, MaybeChatConnection::TemporarilyEvicted) {
-        MaybeChatConnection::Running(chat_connection) => {
-            *connection = MaybeChatConnection::Running(chat_connection);
-            panic!("listener already set")
-        }
-        MaybeChatConnection::WaitingForListener(pending_chat_connection) => pending_chat_connection,
-        MaybeChatConnection::TemporarilyEvicted => panic!("should be a temporary state"),
-    };
+    let (tokio_runtime, pending) =
+        match std::mem::replace(connection, MaybeChatConnection::TemporarilyEvicted) {
+            MaybeChatConnection::Running(chat_connection) => {
+                *connection = MaybeChatConnection::Running(chat_connection);
+                panic!("listener already set")
+            }
+            MaybeChatConnection::WaitingForListener(tokio_runtime, pending_chat_connection) => {
+                (tokio_runtime, pending_chat_connection)
+            }
+            MaybeChatConnection::TemporarilyEvicted => panic!("should be a temporary state"),
+        };
 
     *connection = MaybeChatConnection::Running(ChatConnection::finish_connect(
+        tokio_runtime,
         pending,
         listener.into_event_listener(),
     ))
diff --git a/rust/net/src/chat.rs b/rust/net/src/chat.rs
index 7b536e7a5..52067fcbe 100644
--- a/rust/net/src/chat.rs
+++ b/rust/net/src/chat.rs
@@ -554,29 +554,6 @@ pub struct AuthenticatedChatHeaders {
 pub type ChatServiceRoute = UnresolvedWebsocketServiceRoute;
 
 impl ChatConnection {
-    pub async fn connect_with(
-        connect: &tokio::sync::RwLock<ConnectState>,
-        resolver: &DnsResolver,
-        http_route_provider: impl RouteProvider<Route = UnresolvedHttpsServiceRoute>,
-        confirmation_header_name: Option<HeaderName>,
-        user_agent: &UserAgent,
-        ws_config: self::ws2::Config,
-        listener: self::ws2::EventListener,
-        auth: Option<AuthenticatedChatHeaders>,
-    ) -> Result<Self, ChatServiceError> {
-        let pending = Self::start_connect_with(
-            connect,
-            resolver,
-            http_route_provider,
-            confirmation_header_name,
-            user_agent,
-            ws_config,
-            auth,
-        )
-        .await?;
-        Ok(Self::finish_connect(pending, listener))
-    }
-
     pub async fn start_connect_with(
         connect: &tokio::sync::RwLock<ConnectState>,
         resolver: &DnsResolver,
@@ -650,14 +627,18 @@ impl ChatConnection {
         }
     }
 
-    pub fn finish_connect(pending: PendingChatConnection, listener: ws2::EventListener) -> Self {
+    pub fn finish_connect(
+        tokio_runtime: tokio::runtime::Handle,
+        pending: PendingChatConnection,
+        listener: ws2::EventListener,
+    ) -> Self {
         let PendingChatConnection {
             connection,
             connection_info,
             ws_config,
         } = pending;
         Self {
-            inner: crate::chat::ws2::Chat::new(connection, ws_config, listener),
+            inner: crate::chat::ws2::Chat::new(tokio_runtime, connection, ws_config, listener),
             connection_info,
         }
     }
diff --git a/rust/net/src/chat/ws2.rs b/rust/net/src/chat/ws2.rs
index c6f884489..08eee3f1a 100644
--- a/rust/net/src/chat/ws2.rs
+++ b/rust/net/src/chat/ws2.rs
@@ -143,7 +143,12 @@ pub struct Responder {
 pub type EventListener = Box<dyn FnMut(ListenerEvent) + Send>;
 
 impl Chat {
-    pub fn new<T>(transport: T, config: Config, listener: EventListener) -> Self
+    pub fn new<T>(
+        tokio_runtime: tokio::runtime::Handle,
+        transport: T,
+        config: Config,
+        listener: EventListener,
+    ) -> Self
     where
         T: Stream<Item = Result<tungstenite::Message, tungstenite::Error>>
             + Sink<tungstenite::Message, Error = tungstenite::Error>
@@ -156,6 +161,8 @@ impl Chat {
             remote_idle_timeout,
         } = config;
 
+        // Enable access to tokio types like Sleep, but only for the duration of this call.
+        let _enable_tokio_types = tokio_runtime.enter();
         Self::new_inner(
             (
                 transport,
@@ -167,6 +174,7 @@ impl Chat {
             ),
             initial_request_id,
             listener,
+            tokio_runtime,
         )
     }
 
@@ -267,6 +275,7 @@ impl Chat {
         into_inner_connection: impl IntoInnerConnection,
         initial_request_id: u64,
         listener: EventListener,
+        tokio_runtime: tokio::runtime::Handle,
     ) -> Self {
         let (request_tx, request_rx) = mpsc::channel(1);
         let (response_tx, response_rx) = mpsc::unbounded_channel();
@@ -300,7 +309,7 @@ impl Chat {
             requests_in_flight,
         };
 
-        let task = tokio::spawn(spawned_task_body(
+        let task = tokio_runtime.spawn(spawned_task_body(
             connection,
             listener,
             response_tx.downgrade(),
@@ -1207,6 +1216,7 @@ mod test {
                 },
                 initial_request_id,
                 listener,
+                tokio::runtime::Handle::current(),
             );
 
             (chat, (outgoing_events_rx, incoming_events_tx))
diff --git a/swift/Tests/LibSignalClientTests/ChatServiceTests.swift b/swift/Tests/LibSignalClientTests/ChatServiceTests.swift
index 7131b51a3..3bb3d4678 100644
--- a/swift/Tests/LibSignalClientTests/ChatServiceTests.swift
+++ b/swift/Tests/LibSignalClientTests/ChatServiceTests.swift
@@ -314,8 +314,8 @@ final class ChatServiceTests: TestCaseBase {
     }
 
     func testConnectUnauth() async throws {
-        // Use the presence of the proxy server environment setting to know whether we should make network requests in our tests.
-        guard ProcessInfo.processInfo.environment["LIBSIGNAL_TESTING_PROXY_SERVER"] != nil else {
+        // Use the presence of the environment setting to know whether we should make network requests in our tests.
+        guard ProcessInfo.processInfo.environment["LIBSIGNAL_TESTING_RUN_NONHERMETIC_TESTS"] != nil else {
             throw XCTSkip()
         }
 

From 1e62c19346339d51fd62802262503f8119b48808 Mon Sep 17 00:00:00 2001
From: Alex Konradi <akonradi@signal.org>
Date: Fri, 6 Dec 2024 10:49:38 -0500
Subject: [PATCH 55/57] Bump to version v0.64.0

---
 Cargo.lock                         | 8 ++++----
 LibSignalClient.podspec            | 2 +-
 java/build.gradle                  | 2 +-
 java/code_size.json                | 3 ++-
 node/package-lock.json             | 4 ++--
 node/package.json                  | 2 +-
 rust/bridge/ffi/Cargo.toml         | 2 +-
 rust/bridge/jni/Cargo.toml         | 2 +-
 rust/bridge/jni/testing/Cargo.toml | 2 +-
 rust/bridge/node/Cargo.toml        | 2 +-
 rust/core/src/version.rs           | 2 +-
 11 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 1bebc16d1..a6e7df8ac 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2192,7 +2192,7 @@ dependencies = [
 
 [[package]]
 name = "libsignal-ffi"
-version = "0.63.0"
+version = "0.64.0"
 dependencies = [
  "cpufeatures",
  "futures-util",
@@ -2207,7 +2207,7 @@ dependencies = [
 
 [[package]]
 name = "libsignal-jni"
-version = "0.63.0"
+version = "0.64.0"
 dependencies = [
  "cfg-if",
  "cpufeatures",
@@ -2224,7 +2224,7 @@ dependencies = [
 
 [[package]]
 name = "libsignal-jni-testing"
-version = "0.63.0"
+version = "0.64.0"
 dependencies = [
  "jni 0.21.1",
  "libsignal-bridge-testing",
@@ -2441,7 +2441,7 @@ dependencies = [
 
 [[package]]
 name = "libsignal-node"
-version = "0.63.0"
+version = "0.64.0"
 dependencies = [
  "cmake",
  "futures",
diff --git a/LibSignalClient.podspec b/LibSignalClient.podspec
index d7d2de345..ec9a2bcb1 100644
--- a/LibSignalClient.podspec
+++ b/LibSignalClient.podspec
@@ -5,7 +5,7 @@
 
 Pod::Spec.new do |s|
   s.name             = 'LibSignalClient'
-  s.version          = '0.63.0'
+  s.version          = '0.64.0'
   s.summary          = 'A Swift wrapper library for communicating with the Signal messaging service.'
 
   s.homepage         = 'https://github.com/signalapp/libsignal'
diff --git a/java/build.gradle b/java/build.gradle
index cda1e5e5d..97b8f9783 100644
--- a/java/build.gradle
+++ b/java/build.gradle
@@ -6,7 +6,7 @@ plugins {
 }
 
 allprojects {
-    version = "0.63.0"
+    version = "0.64.0"
     group   = "org.signal"
 }
 
diff --git a/java/code_size.json b/java/code_size.json
index 27b2b0979..a3452236d 100644
--- a/java/code_size.json
+++ b/java/code_size.json
@@ -117,5 +117,6 @@
     { "version": "v0.60.2", "size": 4765608 },
     { "version": "v0.61.0", "size": 4768848 },
     { "version": "v0.62.0", "size": 4937504 },
-    { "version": "v0.63.0", "size": 4949424 }
+    { "version": "v0.63.0", "size": 4949424 },
+    { "version": "v0.64.0", "size": 4967440 }
 ]
diff --git a/node/package-lock.json b/node/package-lock.json
index aaa495f1f..3e88428c1 100644
--- a/node/package-lock.json
+++ b/node/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@signalapp/libsignal-client",
-  "version": "0.63.0",
+  "version": "0.64.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@signalapp/libsignal-client",
-      "version": "0.63.0",
+      "version": "0.64.0",
       "hasInstallScript": true,
       "license": "AGPL-3.0-only",
       "dependencies": {
diff --git a/node/package.json b/node/package.json
index 0654b7290..0c3021bed 100644
--- a/node/package.json
+++ b/node/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@signalapp/libsignal-client",
-  "version": "0.63.0",
+  "version": "0.64.0",
   "license": "AGPL-3.0-only",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
diff --git a/rust/bridge/ffi/Cargo.toml b/rust/bridge/ffi/Cargo.toml
index 48a73680e..96bec5ecf 100644
--- a/rust/bridge/ffi/Cargo.toml
+++ b/rust/bridge/ffi/Cargo.toml
@@ -5,7 +5,7 @@
 
 [package]
 name = "libsignal-ffi"
-version = "0.63.0"
+version = "0.64.0"
 authors = ["Signal Messenger LLC"]
 edition = "2021"
 license = "AGPL-3.0-only"
diff --git a/rust/bridge/jni/Cargo.toml b/rust/bridge/jni/Cargo.toml
index 9f5f77e34..d1244fdc6 100644
--- a/rust/bridge/jni/Cargo.toml
+++ b/rust/bridge/jni/Cargo.toml
@@ -5,7 +5,7 @@
 
 [package]
 name = "libsignal-jni"
-version = "0.63.0"
+version = "0.64.0"
 authors = ["Signal Messenger LLC"]
 edition = "2021"
 license = "AGPL-3.0-only"
diff --git a/rust/bridge/jni/testing/Cargo.toml b/rust/bridge/jni/testing/Cargo.toml
index 7800bfe9a..49ba94ee9 100644
--- a/rust/bridge/jni/testing/Cargo.toml
+++ b/rust/bridge/jni/testing/Cargo.toml
@@ -5,7 +5,7 @@
 
 [package]
 name = "libsignal-jni-testing"
-version = "0.63.0"
+version = "0.64.0"
 authors = ["Signal Messenger LLC"]
 edition = "2021"
 license = "AGPL-3.0-only"
diff --git a/rust/bridge/node/Cargo.toml b/rust/bridge/node/Cargo.toml
index 469005a62..9c8074d24 100644
--- a/rust/bridge/node/Cargo.toml
+++ b/rust/bridge/node/Cargo.toml
@@ -5,7 +5,7 @@
 
 [package]
 name = "libsignal-node"
-version = "0.63.0"
+version = "0.64.0"
 authors = ["Signal Messenger LLC"]
 license = "AGPL-3.0-only"
 edition = "2021"
diff --git a/rust/core/src/version.rs b/rust/core/src/version.rs
index 197c0ad83..b89493f7b 100644
--- a/rust/core/src/version.rs
+++ b/rust/core/src/version.rs
@@ -5,4 +5,4 @@
 
 // The value of this constant is updated by the script
 // and should not be manually modified
-pub const VERSION: &str = "0.63.0";
+pub const VERSION: &str = "0.64.0";

From 174480eb0e7937545db3332a9c0fc07b685fccdc Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Fri, 6 Dec 2024 10:22:24 -0800
Subject: [PATCH 56/57] backup: Preserve currentAppVersion and firstAppVersion
 fields

---
 rust/message-backup/src/backup.rs              | 11 +++++++++++
 rust/message-backup/src/backup/chat.rs         |  2 ++
 .../src/backup/expected_serialized_backup.json |  1 +
 rust/message-backup/src/backup/serialize.rs    |  4 ++++
 rust/message-backup/src/backup/testutil.rs     |  2 ++
 rust/message-backup/src/proto/backup.proto     | 18 ++++++++++--------
 rust/message-backup/src/scramble.rs            |  2 ++
 .../tests/res/canonical-backup.expected.json   |  1 +
 .../canonical-backup.scrambled.expected.json   |  1 +
 9 files changed, 34 insertions(+), 8 deletions(-)

diff --git a/rust/message-backup/src/backup.rs b/rust/message-backup/src/backup.rs
index 92516f04a..c6be79e73 100644
--- a/rust/message-backup/src/backup.rs
+++ b/rust/message-backup/src/backup.rs
@@ -138,6 +138,13 @@ pub struct BackupMeta {
     /// The key used to encrypt and upload media associated with this backup.
     #[serde(serialize_with = "backup_key_as_hex")]
     pub media_root_backup_key: libsignal_account_keys::BackupKey,
+    /// The app version that made the backup.
+    ///
+    /// Omitted from the canonical backup string, so that subsequent backups can be compared.
+    #[serde(skip)]
+    pub current_app_version: String,
+    /// The app version the user first registered on.
+    pub first_app_version: String,
     /// What purpose the backup was intended for.
     pub purpose: Purpose,
 }
@@ -403,6 +410,8 @@ impl<M: Method + ReferencedTypes> PartialBackup<M> {
             version,
             backupTimeMs,
             mediaRootBackupKey,
+            currentAppVersion,
+            firstAppVersion,
             special_fields: _,
         } = value;
 
@@ -423,6 +432,8 @@ impl<M: Method + ReferencedTypes> PartialBackup<M> {
                 &unusual_timestamp_tracker,
             ),
             media_root_backup_key,
+            current_app_version: currentAppVersion,
+            first_app_version: firstAppVersion,
             purpose,
         };
 
diff --git a/rust/message-backup/src/backup/chat.rs b/rust/message-backup/src/backup/chat.rs
index a2be00d35..cd8df5c7a 100644
--- a/rust/message-backup/src/backup/chat.rs
+++ b/rust/message-backup/src/backup/chat.rs
@@ -1048,6 +1048,8 @@ mod test {
                 [0; libsignal_account_keys::BACKUP_KEY_LEN],
             ),
             version: 0,
+            current_app_version: "".into(),
+            first_app_version: "".into(),
         };
 
         let mut item = proto::ChatItem::test_data();
diff --git a/rust/message-backup/src/backup/expected_serialized_backup.json b/rust/message-backup/src/backup/expected_serialized_backup.json
index 969ba5380..fc4e9bf7a 100644
--- a/rust/message-backup/src/backup/expected_serialized_backup.json
+++ b/rust/message-backup/src/backup/expected_serialized_backup.json
@@ -2,6 +2,7 @@
   "meta": {
     "version": 1,
     "media_root_backup_key": "abababababababababababababababababababababababababababababababab",
+    "first_app_version": "libsignal-testing 0.0.1",
     "purpose": "RemoteBackup"
   },
   "account_data": {
diff --git a/rust/message-backup/src/backup/serialize.rs b/rust/message-backup/src/backup/serialize.rs
index 2aea1eb37..5b5ad325e 100644
--- a/rust/message-backup/src/backup/serialize.rs
+++ b/rust/message-backup/src/backup/serialize.rs
@@ -407,6 +407,8 @@ mod test {
                 version: 1,
                 backupTimeMs: 1715636551000,
                 mediaRootBackupKey: vec![0xab; libsignal_account_keys::BACKUP_KEY_LEN],
+                currentAppVersion: "libsignal-testing 0.0.2".into(),
+                firstAppVersion: "libsignal-testing 0.0.1".into(),
                 special_fields: Default::default(),
             }
         }
@@ -436,6 +438,8 @@ mod test {
                 media_root_backup_key: libsignal_account_keys::BackupKey(
                     [0xab; libsignal_account_keys::BACKUP_KEY_LEN],
                 ),
+                current_app_version: "libsignal-testing 0.0.2".into(),
+                first_app_version: "libsignal-testing 0.0.1".into(),
             },
             account_data: AccountData::from_proto_test_data(),
             recipients: UnorderedList::default(),
diff --git a/rust/message-backup/src/backup/testutil.rs b/rust/message-backup/src/backup/testutil.rs
index 7392ae64a..36a912557 100644
--- a/rust/message-backup/src/backup/testutil.rs
+++ b/rust/message-backup/src/backup/testutil.rs
@@ -35,6 +35,8 @@ impl BackupMeta {
                 [0xab; libsignal_account_keys::BACKUP_KEY_LEN],
             ),
             version: 0,
+            current_app_version: "libsignal-testing 0.0.2".into(),
+            first_app_version: "libsignal-testing 0.0.1".into(),
         }
     }
 }
diff --git a/rust/message-backup/src/proto/backup.proto b/rust/message-backup/src/proto/backup.proto
index 57138af71..068f73120 100644
--- a/rust/message-backup/src/proto/backup.proto
+++ b/rust/message-backup/src/proto/backup.proto
@@ -9,6 +9,8 @@ message BackupInfo {
   uint64 version = 1;
   uint64 backupTimeMs = 2;
   bytes mediaRootBackupKey = 3; // 32-byte random value generated when the backup is uploaded for the first time.
+  string currentAppVersion = 4;
+  string firstAppVersion = 5;
 }
 
 // Frames must follow in the following ordering rules:
@@ -18,7 +20,7 @@ message BackupInfo {
 //    e.g. a Recipient must come before any Chat referencing it.
 // 3. All ChatItems must appear in global Chat rendering order.
 //    (The order in which they were received by the client.)
-// 4. ChatFolders must appear in render order (e.g., left to right for
+// 4. ChatFolders must appear in render order (e.g., left to right for 
 //    LTR locales), but can appear anywhere relative to other frames respecting
 //    rule 2.
 //
@@ -464,14 +466,14 @@ message PaymentNotification {
       Status status = 1;
 
       // This identification is used to map the payment table to the ledger
-      // and is likely required otherwise we may have issues reconciling with
+      // and is likely required otherwise we may have issues reconciling with 
       // the ledger
       MobileCoinTxoIdentification mobileCoinIdentification = 2;
       optional uint64 timestamp = 3;
       optional uint64 blockIndex = 4;
       optional uint64 blockTimestamp = 5;
-      optional bytes transaction = 6; // mobile coin blobs
-      optional bytes receipt = 7; // mobile coin blobs
+      optional bytes transaction = 6; // mobile coin blobs 
+      optional bytes receipt = 7; // mobile coin blobs 
     }
 
     oneof payment {
@@ -479,12 +481,12 @@ message PaymentNotification {
       FailedTransaction failedTransaction = 2;
     }
   }
-
+  
   optional string amountMob = 1; // stored as a decimal string, e.g. 1.00001
   optional string feeMob = 2; // stored as a decimal string, e.g. 1.00001
   optional string note = 3;
   TransactionDetails transactionDetails = 4;
-
+  
 }
 
 message GiftBadge {
@@ -649,7 +651,7 @@ message FilePointer {
   }
 
   // References attachments that are invalid in such a way where download
-  // cannot be attempted. Could range from missing digests to missing
+  // cannot be attempted. Could range from missing digests to missing 
   // CDN keys or anything else that makes download attempts impossible.
   // This serves as a 'tombstone' so that the UX can show that an attachment
   // did exist, but for whatever reason it's not retrievable.
@@ -795,7 +797,7 @@ message GroupCall {
   optional uint64 ringerRecipientId = 3;
   optional uint64 startedCallRecipientId = 4;
   uint64 startedCallTimestamp = 5;
-  optional uint64 endedCallTimestamp = 6; // The time the call ended.
+  optional uint64 endedCallTimestamp = 6; // The time the call ended. 
   bool read = 7;
 }
 
diff --git a/rust/message-backup/src/scramble.rs b/rust/message-backup/src/scramble.rs
index 7badc36d6..85a5b9bc1 100644
--- a/rust/message-backup/src/scramble.rs
+++ b/rust/message-backup/src/scramble.rs
@@ -172,6 +172,8 @@ impl Visit<Scrambler> for proto::BackupInfo {
             version: _,
             backupTimeMs: _,
             mediaRootBackupKey,
+            currentAppVersion: _,
+            firstAppVersion: _,
             special_fields: _,
         } = self;
 
diff --git a/rust/message-backup/tests/res/canonical-backup.expected.json b/rust/message-backup/tests/res/canonical-backup.expected.json
index 95538e43c..7bfa06385 100644
--- a/rust/message-backup/tests/res/canonical-backup.expected.json
+++ b/rust/message-backup/tests/res/canonical-backup.expected.json
@@ -2,6 +2,7 @@
   "meta": {
     "version": 1,
     "media_root_backup_key": "abababababababababababababababababababababababababababababababab",
+    "first_app_version": "",
     "purpose": "RemoteBackup"
   },
   "account_data": {
diff --git a/rust/message-backup/tests/res/canonical-backup.scrambled.expected.json b/rust/message-backup/tests/res/canonical-backup.scrambled.expected.json
index b32913fc5..5ef8b142f 100644
--- a/rust/message-backup/tests/res/canonical-backup.scrambled.expected.json
+++ b/rust/message-backup/tests/res/canonical-backup.scrambled.expected.json
@@ -2,6 +2,7 @@
   "meta": {
     "version": 1,
     "media_root_backup_key": "7f6f2ccdb23f2abb7b69278e947c01c6160a31cf02c19d06d0f6e5ab1d768b95",
+    "first_app_version": "",
     "purpose": "RemoteBackup"
   },
   "account_data": {

From 4b78ebfeeaec42e1f37c87ecb67b0e480b15f03a Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Fri, 6 Dec 2024 13:05:30 -0800
Subject: [PATCH 57/57] Bump to version v0.64.1

---
 Cargo.lock                         | 8 ++++----
 LibSignalClient.podspec            | 2 +-
 java/build.gradle                  | 2 +-
 java/code_size.json                | 3 ++-
 node/package-lock.json             | 4 ++--
 node/package.json                  | 2 +-
 rust/bridge/ffi/Cargo.toml         | 2 +-
 rust/bridge/jni/Cargo.toml         | 2 +-
 rust/bridge/jni/testing/Cargo.toml | 2 +-
 rust/bridge/node/Cargo.toml        | 2 +-
 rust/core/src/version.rs           | 2 +-
 11 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index a6e7df8ac..3635d0abd 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2192,7 +2192,7 @@ dependencies = [
 
 [[package]]
 name = "libsignal-ffi"
-version = "0.64.0"
+version = "0.64.1"
 dependencies = [
  "cpufeatures",
  "futures-util",
@@ -2207,7 +2207,7 @@ dependencies = [
 
 [[package]]
 name = "libsignal-jni"
-version = "0.64.0"
+version = "0.64.1"
 dependencies = [
  "cfg-if",
  "cpufeatures",
@@ -2224,7 +2224,7 @@ dependencies = [
 
 [[package]]
 name = "libsignal-jni-testing"
-version = "0.64.0"
+version = "0.64.1"
 dependencies = [
  "jni 0.21.1",
  "libsignal-bridge-testing",
@@ -2441,7 +2441,7 @@ dependencies = [
 
 [[package]]
 name = "libsignal-node"
-version = "0.64.0"
+version = "0.64.1"
 dependencies = [
  "cmake",
  "futures",
diff --git a/LibSignalClient.podspec b/LibSignalClient.podspec
index ec9a2bcb1..76261a746 100644
--- a/LibSignalClient.podspec
+++ b/LibSignalClient.podspec
@@ -5,7 +5,7 @@
 
 Pod::Spec.new do |s|
   s.name             = 'LibSignalClient'
-  s.version          = '0.64.0'
+  s.version          = '0.64.1'
   s.summary          = 'A Swift wrapper library for communicating with the Signal messaging service.'
 
   s.homepage         = 'https://github.com/signalapp/libsignal'
diff --git a/java/build.gradle b/java/build.gradle
index 97b8f9783..d8579edd0 100644
--- a/java/build.gradle
+++ b/java/build.gradle
@@ -6,7 +6,7 @@ plugins {
 }
 
 allprojects {
-    version = "0.64.0"
+    version = "0.64.1"
     group   = "org.signal"
 }
 
diff --git a/java/code_size.json b/java/code_size.json
index a3452236d..265aec3b4 100644
--- a/java/code_size.json
+++ b/java/code_size.json
@@ -118,5 +118,6 @@
     { "version": "v0.61.0", "size": 4768848 },
     { "version": "v0.62.0", "size": 4937504 },
     { "version": "v0.63.0", "size": 4949424 },
-    { "version": "v0.64.0", "size": 4967440 }
+    { "version": "v0.64.0", "size": 4967440 },
+    { "version": "v0.64.1", "size": 4968240 }
 ]
diff --git a/node/package-lock.json b/node/package-lock.json
index 3e88428c1..a95ebf824 100644
--- a/node/package-lock.json
+++ b/node/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@signalapp/libsignal-client",
-  "version": "0.64.0",
+  "version": "0.64.1",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@signalapp/libsignal-client",
-      "version": "0.64.0",
+      "version": "0.64.1",
       "hasInstallScript": true,
       "license": "AGPL-3.0-only",
       "dependencies": {
diff --git a/node/package.json b/node/package.json
index 0c3021bed..2b0e2a961 100644
--- a/node/package.json
+++ b/node/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@signalapp/libsignal-client",
-  "version": "0.64.0",
+  "version": "0.64.1",
   "license": "AGPL-3.0-only",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
diff --git a/rust/bridge/ffi/Cargo.toml b/rust/bridge/ffi/Cargo.toml
index 96bec5ecf..18407f3b7 100644
--- a/rust/bridge/ffi/Cargo.toml
+++ b/rust/bridge/ffi/Cargo.toml
@@ -5,7 +5,7 @@
 
 [package]
 name = "libsignal-ffi"
-version = "0.64.0"
+version = "0.64.1"
 authors = ["Signal Messenger LLC"]
 edition = "2021"
 license = "AGPL-3.0-only"
diff --git a/rust/bridge/jni/Cargo.toml b/rust/bridge/jni/Cargo.toml
index d1244fdc6..eb1cc4746 100644
--- a/rust/bridge/jni/Cargo.toml
+++ b/rust/bridge/jni/Cargo.toml
@@ -5,7 +5,7 @@
 
 [package]
 name = "libsignal-jni"
-version = "0.64.0"
+version = "0.64.1"
 authors = ["Signal Messenger LLC"]
 edition = "2021"
 license = "AGPL-3.0-only"
diff --git a/rust/bridge/jni/testing/Cargo.toml b/rust/bridge/jni/testing/Cargo.toml
index 49ba94ee9..3514eac9c 100644
--- a/rust/bridge/jni/testing/Cargo.toml
+++ b/rust/bridge/jni/testing/Cargo.toml
@@ -5,7 +5,7 @@
 
 [package]
 name = "libsignal-jni-testing"
-version = "0.64.0"
+version = "0.64.1"
 authors = ["Signal Messenger LLC"]
 edition = "2021"
 license = "AGPL-3.0-only"
diff --git a/rust/bridge/node/Cargo.toml b/rust/bridge/node/Cargo.toml
index 9c8074d24..9ab3805ea 100644
--- a/rust/bridge/node/Cargo.toml
+++ b/rust/bridge/node/Cargo.toml
@@ -5,7 +5,7 @@
 
 [package]
 name = "libsignal-node"
-version = "0.64.0"
+version = "0.64.1"
 authors = ["Signal Messenger LLC"]
 license = "AGPL-3.0-only"
 edition = "2021"
diff --git a/rust/core/src/version.rs b/rust/core/src/version.rs
index b89493f7b..c553f3d91 100644
--- a/rust/core/src/version.rs
+++ b/rust/core/src/version.rs
@@ -5,4 +5,4 @@
 
 // The value of this constant is updated by the script
 // and should not be manually modified
-pub const VERSION: &str = "0.64.0";
+pub const VERSION: &str = "0.64.1";