Discard self-sent messages during the decryption process.
This commit is contained in:
parent
e47b69e0aa
commit
75e59bbc6f
2
Podfile
2
Podfile
|
@ -19,7 +19,7 @@ def shared_pods
|
|||
pod 'Curve25519Kit', git: 'https://github.com/signalapp/Curve25519Kit', testspecs: ["Tests"]
|
||||
# pod 'Curve25519Kit', path: '../Curve25519Kit', testspecs: ["Tests"]
|
||||
# TODO: Use public repo.
|
||||
pod 'SignalMetadataKit', git: 'https://github.com/signalapp/SignalMetadataKit', testspecs: ["Tests"]
|
||||
pod 'SignalMetadataKit', git: 'https://github.com/signalapp/SignalMetadataKit', testspecs: ["Tests"], branch: 'charlesmchen/discardSelfSentMessages'
|
||||
# pod 'SignalMetadataKit', path: '../SignalMetadataKit', testspecs: ["Tests"]
|
||||
pod 'SignalServiceKit', path: '.', testspecs: ["Tests"]
|
||||
pod 'GRKOpenSSLFramework', git: 'https://github.com/signalapp/GRKOpenSSLFramework'
|
||||
|
|
|
@ -196,8 +196,8 @@ DEPENDENCIES:
|
|||
- Reachability
|
||||
- SignalCoreKit (from `https://github.com/signalapp/SignalCoreKit.git`)
|
||||
- SignalCoreKit/Tests (from `https://github.com/signalapp/SignalCoreKit.git`)
|
||||
- SignalMetadataKit (from `https://github.com/signalapp/SignalMetadataKit`)
|
||||
- SignalMetadataKit/Tests (from `https://github.com/signalapp/SignalMetadataKit`)
|
||||
- SignalMetadataKit (from `https://github.com/signalapp/SignalMetadataKit`, branch `charlesmchen/discardSelfSentMessages`)
|
||||
- SignalMetadataKit/Tests (from `https://github.com/signalapp/SignalMetadataKit`, branch `charlesmchen/discardSelfSentMessages`)
|
||||
- SignalServiceKit (from `.`)
|
||||
- SignalServiceKit/Tests (from `.`)
|
||||
- SocketRocket (from `https://github.com/signalapp/SocketRocket.git`, branch `mkirk/handle-sec-err`)
|
||||
|
@ -233,6 +233,7 @@ EXTERNAL SOURCES:
|
|||
SignalCoreKit:
|
||||
:git: https://github.com/signalapp/SignalCoreKit.git
|
||||
SignalMetadataKit:
|
||||
:branch: charlesmchen/discardSelfSentMessages
|
||||
:git: https://github.com/signalapp/SignalMetadataKit
|
||||
SignalServiceKit:
|
||||
:path: "."
|
||||
|
@ -263,7 +264,7 @@ CHECKOUT OPTIONS:
|
|||
:commit: ff0b95770520133b83a4bd7b26bc2c90b51abc4d
|
||||
:git: https://github.com/signalapp/SignalCoreKit.git
|
||||
SignalMetadataKit:
|
||||
:commit: b0e664410dd3d709355bfdb9d464ae02644aeb74
|
||||
:commit: 0ff4673181315f5bd7b883a87b783b5772f7b412
|
||||
:git: https://github.com/signalapp/SignalMetadataKit
|
||||
SocketRocket:
|
||||
:commit: 9f9563a83cd8960503074aa8de72206f83fb7a69
|
||||
|
@ -298,6 +299,6 @@ SPEC CHECKSUMS:
|
|||
YapDatabase: b418a4baa6906e8028748938f9159807fd039af4
|
||||
YYImage: 1e1b62a9997399593e4b9c4ecfbbabbf1d3f3b54
|
||||
|
||||
PODFILE CHECKSUM: 820287bc7925d7c20e02a02923976c60b1f5386b
|
||||
PODFILE CHECKSUM: b4815f8e6306c08266b24710736a8c956b666aa1
|
||||
|
||||
COCOAPODS: 1.5.3
|
||||
|
|
|
@ -138,6 +138,11 @@ NSError *EnsureDecryptError(NSError *_Nullable error, NSString *fallbackErrorDes
|
|||
return [self.blockingManager.blockedPhoneNumbers containsObject:envelope.source];
|
||||
}
|
||||
|
||||
- (TSAccountManager *)tsAccountManager
|
||||
{
|
||||
return TSAccountManager.sharedInstance;
|
||||
}
|
||||
|
||||
#pragma mark - Decryption
|
||||
|
||||
- (void)decryptEnvelope:(SSKProtoEnvelope *)envelope
|
||||
|
@ -161,6 +166,8 @@ NSError *EnsureDecryptError(NSError *_Nullable error, NSString *fallbackErrorDes
|
|||
});
|
||||
};
|
||||
|
||||
NSString *localRecipientId = self.tsAccountManager.localNumber;
|
||||
uint32_t localDeviceId = OWSDevicePrimaryDeviceId;
|
||||
DecryptSuccessBlock successBlock = ^(
|
||||
OWSMessageDecryptResult *result, YapDatabaseReadWriteTransaction *transaction) {
|
||||
// Ensure all blocked messages are discarded.
|
||||
|
@ -169,11 +176,9 @@ NSError *EnsureDecryptError(NSError *_Nullable error, NSString *fallbackErrorDes
|
|||
return failureBlock();
|
||||
}
|
||||
|
||||
if ([result.source isEqualToString:TSAccountManager.sharedInstance.localNumber]
|
||||
&& result.sourceDevice == OWSDevicePrimaryDeviceId) {
|
||||
OWSAssertDebug(result.isUDMessage);
|
||||
|
||||
OWSLogInfo(@"Ignoring self-sent sync message.");
|
||||
if ([result.source isEqualToString:localRecipientId] && result.sourceDevice == localDeviceId) {
|
||||
// Self-sent messages should be discarded during the decryption process.
|
||||
OWSFailDebug(@"Unexpected self-sent sync message.");
|
||||
return failureBlock();
|
||||
}
|
||||
|
||||
|
@ -427,6 +432,9 @@ NSError *EnsureDecryptError(NSError *_Nullable error, NSString *fallbackErrorDes
|
|||
id<SMKCertificateValidator> certificateValidator =
|
||||
[[SMKCertificateDefaultValidator alloc] initWithTrustRoot:self.udManager.trustRoot];
|
||||
|
||||
NSString *localRecipientId = self.tsAccountManager.localNumber;
|
||||
uint32_t localDeviceId = OWSDevicePrimaryDeviceId;
|
||||
|
||||
[self.dbConnection asyncReadWriteWithBlock:^(YapDatabaseReadWriteTransaction *transaction) {
|
||||
@try {
|
||||
NSError *error;
|
||||
|
@ -446,9 +454,16 @@ NSError *EnsureDecryptError(NSError *_Nullable error, NSString *fallbackErrorDes
|
|||
[cipher decryptMessageWithCertificateValidator:certificateValidator
|
||||
cipherTextData:encryptedData
|
||||
timestamp:serverTimestamp
|
||||
localRecipientId:localRecipientId
|
||||
localDeviceId:localDeviceId
|
||||
protocolContext:transaction
|
||||
error:&error];
|
||||
if (error || !decryptResult) {
|
||||
if ([error.domain isEqualToString:@"SignalMetadataKit.SMKSelfSentMessageError"]) {
|
||||
// Self-sent messages can be safely discarded.
|
||||
return failureBlock(error);
|
||||
}
|
||||
|
||||
OWSFailDebug(@"Could not decrypt UD message: %@", error);
|
||||
error = EnsureDecryptError(error, @"Could not decrypt UD message");
|
||||
return failureBlock(error);
|
||||
|
@ -531,7 +546,12 @@ NSError *EnsureDecryptError(NSError *_Nullable error, NSString *fallbackErrorDes
|
|||
return;
|
||||
} else {
|
||||
OWSProdErrorWEnvelope([OWSAnalyticsEvents messageManagerErrorCorruptMessage], envelope);
|
||||
errorMessage = [TSErrorMessage corruptedMessageWithEnvelope:envelope withTransaction:transaction];
|
||||
if (envelope.source.length > 0) {
|
||||
errorMessage = [TSErrorMessage corruptedMessageWithEnvelope:envelope withTransaction:transaction];
|
||||
} else {
|
||||
// TODO: Find another way to surface undecryptable UD messages to the user.
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
OWSAssertDebug(errorMessage);
|
||||
|
|
|
@ -1331,7 +1331,6 @@ NSString *const OWSMessageSenderRateLimitedException = @"RateLimitedException";
|
|||
OWSAssertDebug(deviceIds);
|
||||
|
||||
if (messageSend.isUDSend && messageSend.isLocalNumber) {
|
||||
const NSUInteger kLocalDeviceId = 1;
|
||||
OWSAssertDebug(![deviceIds containsObject:@(OWSDevicePrimaryDeviceId)]);
|
||||
|
||||
[deviceIds addObject:@(OWSDevicePrimaryDeviceId)];
|
||||
|
|
Loading…
Reference in New Issue