Discard self-sent messages during the decryption process.

2018-10-09 10:54:54 -04:00 · 2018-10-09 10:54:54 -04:00 · 75e59bbc6f
parent e47b69e0aa
commit 75e59bbc6f
4 changed files with 32 additions and 12 deletions
--- a/2
+++ b/2
@ -19,7 +19,7 @@ def shared_pods
  pod 'Curve25519Kit', git: 'https://github.com/signalapp/Curve25519Kit', testspecs: ["Tests"]
  # pod 'Curve25519Kit', path: '../Curve25519Kit', testspecs: ["Tests"]
  # TODO: Use public repo.
-  pod 'SignalMetadataKit', git: 'https://github.com/signalapp/SignalMetadataKit', testspecs: ["Tests"]
+  pod 'SignalMetadataKit', git: 'https://github.com/signalapp/SignalMetadataKit', testspecs: ["Tests"], branch: 'charlesmchen/discardSelfSentMessages'
  # pod 'SignalMetadataKit', path: '../SignalMetadataKit', testspecs: ["Tests"]
  pod 'SignalServiceKit', path: '.', testspecs: ["Tests"]
  pod 'GRKOpenSSLFramework', git: 'https://github.com/signalapp/GRKOpenSSLFramework'
--- a/Podfile.lock
+++ b/Podfile.lock
@ -196,8 +196,8 @@ DEPENDENCIES:
  - Reachability
  - SignalCoreKit (from `https://github.com/signalapp/SignalCoreKit.git`)
  - SignalCoreKit/Tests (from `https://github.com/signalapp/SignalCoreKit.git`)
-  - SignalMetadataKit (from `https://github.com/signalapp/SignalMetadataKit`)
-  - SignalMetadataKit/Tests (from `https://github.com/signalapp/SignalMetadataKit`)
+  - SignalMetadataKit (from `https://github.com/signalapp/SignalMetadataKit`, branch `charlesmchen/discardSelfSentMessages`)
+  - SignalMetadataKit/Tests (from `https://github.com/signalapp/SignalMetadataKit`, branch `charlesmchen/discardSelfSentMessages`)
  - SignalServiceKit (from `.`)
  - SignalServiceKit/Tests (from `.`)
  - SocketRocket (from `https://github.com/signalapp/SocketRocket.git`, branch `mkirk/handle-sec-err`)
@ -233,6 +233,7 @@ EXTERNAL SOURCES:
  SignalCoreKit:
    :git: https://github.com/signalapp/SignalCoreKit.git
  SignalMetadataKit:
+    :branch: charlesmchen/discardSelfSentMessages
    :git: https://github.com/signalapp/SignalMetadataKit
  SignalServiceKit:
    :path: "."
@ -263,7 +264,7 @@ CHECKOUT OPTIONS:
    :commit: ff0b95770520133b83a4bd7b26bc2c90b51abc4d
    :git: https://github.com/signalapp/SignalCoreKit.git
  SignalMetadataKit:
-    :commit: b0e664410dd3d709355bfdb9d464ae02644aeb74
+    :commit: 0ff4673181315f5bd7b883a87b783b5772f7b412
    :git: https://github.com/signalapp/SignalMetadataKit
  SocketRocket:
    :commit: 9f9563a83cd8960503074aa8de72206f83fb7a69
@ -298,6 +299,6 @@ SPEC CHECKSUMS:
  YapDatabase: b418a4baa6906e8028748938f9159807fd039af4
  YYImage: 1e1b62a9997399593e4b9c4ecfbbabbf1d3f3b54

-PODFILE CHECKSUM: 820287bc7925d7c20e02a02923976c60b1f5386b
+PODFILE CHECKSUM: b4815f8e6306c08266b24710736a8c956b666aa1

 COCOAPODS: 1.5.3
--- a/SignalServiceKit/src/Messages/OWSMessageDecrypter.m
+++ b/SignalServiceKit/src/Messages/OWSMessageDecrypter.m
@ -138,6 +138,11 @@ NSError *EnsureDecryptError(NSError *_Nullable error, NSString *fallbackErrorDes
    return [self.blockingManager.blockedPhoneNumbers containsObject:envelope.source];
 }

+- (TSAccountManager *)tsAccountManager
+{
+    return TSAccountManager.sharedInstance;
+}
+
 #pragma mark - Decryption

 - (void)decryptEnvelope:(SSKProtoEnvelope *)envelope
@ -161,6 +166,8 @@ NSError *EnsureDecryptError(NSError *_Nullable error, NSString *fallbackErrorDes
        });
    };

+    NSString *localRecipientId = self.tsAccountManager.localNumber;
+    uint32_t localDeviceId = OWSDevicePrimaryDeviceId;
    DecryptSuccessBlock successBlock = ^(
        OWSMessageDecryptResult *result, YapDatabaseReadWriteTransaction *transaction) {
        // Ensure all blocked messages are discarded.
@ -169,11 +176,9 @@ NSError *EnsureDecryptError(NSError *_Nullable error, NSString *fallbackErrorDes
            return failureBlock();
        }

-        if ([result.source isEqualToString:TSAccountManager.sharedInstance.localNumber]
-            && result.sourceDevice == OWSDevicePrimaryDeviceId) {
-            OWSAssertDebug(result.isUDMessage);
-
-            OWSLogInfo(@"Ignoring self-sent sync message.");
+        if ([result.source isEqualToString:localRecipientId] && result.sourceDevice == localDeviceId) {
+            // Self-sent messages should be discarded during the decryption process.
+            OWSFailDebug(@"Unexpected self-sent sync message.");
            return failureBlock();
        }

@ -427,6 +432,9 @@ NSError *EnsureDecryptError(NSError *_Nullable error, NSString *fallbackErrorDes
    id<SMKCertificateValidator> certificateValidator =
        [[SMKCertificateDefaultValidator alloc] initWithTrustRoot:self.udManager.trustRoot];

+    NSString *localRecipientId = self.tsAccountManager.localNumber;
+    uint32_t localDeviceId = OWSDevicePrimaryDeviceId;
+
    [self.dbConnection asyncReadWriteWithBlock:^(YapDatabaseReadWriteTransaction *transaction) {
        @try {
            NSError *error;
@ -446,9 +454,16 @@ NSError *EnsureDecryptError(NSError *_Nullable error, NSString *fallbackErrorDes
                [cipher decryptMessageWithCertificateValidator:certificateValidator
                                                cipherTextData:encryptedData
                                                     timestamp:serverTimestamp
+                                              localRecipientId:localRecipientId
+                                                 localDeviceId:localDeviceId
                                               protocolContext:transaction
                                                         error:&error];
            if (error || !decryptResult) {
+                if ([error.domain isEqualToString:@"SignalMetadataKit.SMKSelfSentMessageError"]) {
+                    // Self-sent messages can be safely discarded.
+                    return failureBlock(error);
+                }
+
                OWSFailDebug(@"Could not decrypt UD message: %@", error);
                error = EnsureDecryptError(error, @"Could not decrypt UD message");
                return failureBlock(error);
@ -531,7 +546,12 @@ NSError *EnsureDecryptError(NSError *_Nullable error, NSString *fallbackErrorDes
            return;
        } else {
            OWSProdErrorWEnvelope([OWSAnalyticsEvents messageManagerErrorCorruptMessage], envelope);
-            errorMessage = [TSErrorMessage corruptedMessageWithEnvelope:envelope withTransaction:transaction];
+            if (envelope.source.length > 0) {
+                errorMessage = [TSErrorMessage corruptedMessageWithEnvelope:envelope withTransaction:transaction];
+            } else {
+                // TODO: Find another way to surface undecryptable UD messages to the user.
+                return;
+            }
        }

        OWSAssertDebug(errorMessage);
--- a/SignalServiceKit/src/Messages/OWSMessageSender.m
+++ b/SignalServiceKit/src/Messages/OWSMessageSender.m
@ -1331,7 +1331,6 @@ NSString *const OWSMessageSenderRateLimitedException = @"RateLimitedException";
    OWSAssertDebug(deviceIds);

    if (messageSend.isUDSend && messageSend.isLocalNumber) {
-        const NSUInteger kLocalDeviceId = 1;
        OWSAssertDebug(![deviceIds containsObject:@(OWSDevicePrimaryDeviceId)]);

        [deviceIds addObject:@(OWSDevicePrimaryDeviceId)];