[SES-3314] - Prevent replay attacks (#945)

gradle.properties

@@ -41,7 +41,7 @@ mockitoKotlinVersion=4.1.0
 okhttpVersion=4.12.0
 pagingVersion=3.0.0
 preferenceVersion=1.2.0
-protobufVersion=4.27.2
+protobufVersion=4.29.3
 testCoreVersion=1.5.0
 zxingVersion=3.5.3
 android.defaults.buildfeatures.buildconfig=true

libsession-util/libsession-util

@@ -1 +1 @@
-Subproject commit b1bd153a4ef7214f60e3a5f4ce7d939e6ac22024
+Subproject commit 730c5b9a919263e569451e3d908a0c414404e0dc

libsession/src/main/java/org/session/libsession/messaging/sending_receiving/MessageReceiver.kt

@@ -22,6 +22,8 @@ import org.session.libsignal.protos.SignalServiceProtos.Envelope
 import org.session.libsignal.utilities.AccountId
 import org.session.libsignal.utilities.IdPrefix
 import org.session.libsignal.utilities.Log
+import java.util.concurrent.TimeUnit
+import kotlin.math.abs
 
 object MessageReceiver {
 
@@ -141,6 +143,20 @@ object MessageReceiver {
         }
         // Parse the proto
         val proto = SignalServiceProtos.Content.parseFrom(PushTransportDetails.getStrippedPaddingMessageBody(plaintext))
+
+        // Verify the signature timestamp inside the content is the same as in envelope.
+        // If the message is from an open group, 6 hours of difference is allowed.
+        if (proto.hasSigTimestamp()) {
+            val isCommunityOrCommunityInbox = openGroupServerID != null || otherBlindedPublicKey != null
+
+            if (
+                (isCommunityOrCommunityInbox && abs(proto.sigTimestamp - envelope.timestamp) > TimeUnit.HOURS.toMillis(6)) ||
+                (!isCommunityOrCommunityInbox && proto.sigTimestamp != envelope.timestamp)
+            ) {
+                throw Error.InvalidSignature
+            }
+        }
+
         // Parse the message
         val message: Message = ReadReceipt.fromProto(proto) ?:
             TypingIndicator.fromProto(proto) ?:

libsession/src/main/java/org/session/libsession/messaging/sending_receiving/MessageSender.kt

@@ -154,6 +154,10 @@ object MessageSender {
                 proto.mergeDataMessage(message.profile.toProto())
             }
         }
+
+        // Set the timestamp on the content so it can be verified against envelope timestamp
+        proto.setSigTimestamp(message.sentTimestamp!!)
+
         // Serialize the protobuf
         val plaintext = PushTransportDetails.getPaddedMessageBody(proto.build().toByteArray())
 
@@ -366,6 +370,10 @@ object MessageSender {
             if (message is VisibleMessage) {
                 message.profile = storage.getUserProfile()
             }
+            val content = message.toProto()!!.toBuilder()
+                .setSigTimestamp(message.sentTimestamp!!)
+                .build()
+
             when (destination) {
                 is Destination.OpenGroup -> {
                     val whisperMods = if (destination.whisperTo.isNullOrEmpty() && destination.whisperMods) "mods" else null
@@ -374,7 +382,7 @@ object MessageSender {
                     if (message !is VisibleMessage || !message.isValid()) {
                         throw Error.InvalidMessage
                     }
-                    val messageBody = message.toProto()?.toByteArray()!!
+                    val messageBody = content.toByteArray()
                     val plaintext = PushTransportDetails.getPaddedMessageBody(messageBody)
                     val openGroupMessage = OpenGroupMessage(
                         sender = message.sender,
@@ -395,7 +403,7 @@ object MessageSender {
                     if (message !is VisibleMessage || !message.isValid()) {
                         throw Error.InvalidMessage
                     }
-                    val messageBody = message.toProto()?.toByteArray()!!
+                    val messageBody = content.toByteArray()
                     val plaintext = PushTransportDetails.getPaddedMessageBody(messageBody)
                     val ciphertext = MessageEncrypter.encryptBlinded(
                         plaintext,

libsignal/protobuf/SignalService.proto

@@ -60,7 +60,9 @@ message Content {
   optional SharedConfigMessage        sharedConfigMessage        = 11;
   optional ExpirationType             expirationType             = 12;
   optional uint32                     expirationTimer            = 13;
-  optional uint64         lastDisappearingMessageChangeTimestamp = 14;
+  optional uint64                     sigTimestamp               = 15;
+
+  reserved 14;
 }
 
 message KeyPair {

libsignal/src/main/java/org/session/libsignal/protos/UtilProtos.java

@@ -1,7 +1,7 @@
 // Generated by the protocol buffer compiler.  DO NOT EDIT!
 // NO CHECKED-IN PROTOBUF GENCODE
 // source: Utils.proto
-// Protobuf Java Version: 4.27.1
+// Protobuf Java Version: 4.29.3
 
 package org.session.libsignal.protos;
 
@@ -11,8 +11,8 @@ public final class UtilProtos {
     com.google.protobuf.RuntimeVersion.validateProtobufGencodeVersion(
       com.google.protobuf.RuntimeVersion.RuntimeDomain.PUBLIC,
       /* major= */ 4,
-      /* minor= */ 27,
-      /* patch= */ 1,
+      /* minor= */ 29,
+      /* patch= */ 3,
       /* suffix= */ "",
       UtilProtos.class.getName());
   }
@@ -58,8 +58,8 @@ public final class UtilProtos {
       com.google.protobuf.RuntimeVersion.validateProtobufGencodeVersion(
         com.google.protobuf.RuntimeVersion.RuntimeDomain.PUBLIC,
         /* major= */ 4,
-        /* minor= */ 27,
-        /* patch= */ 1,
+        /* minor= */ 29,
+        /* patch= */ 3,
         /* suffix= */ "",
         ByteArrayList.class.getName());
     }

libsignal/src/main/java/org/session/libsignal/protos/WebSocketProtos.java

@@ -1,7 +1,7 @@
 // Generated by the protocol buffer compiler.  DO NOT EDIT!
 // NO CHECKED-IN PROTOBUF GENCODE
 // source: WebSocketResources.proto
-// Protobuf Java Version: 4.27.1
+// Protobuf Java Version: 4.29.3
 
 package org.session.libsignal.protos;
 
@@ -11,8 +11,8 @@ public final class WebSocketProtos {
     com.google.protobuf.RuntimeVersion.validateProtobufGencodeVersion(
       com.google.protobuf.RuntimeVersion.RuntimeDomain.PUBLIC,
       /* major= */ 4,
-      /* minor= */ 27,
-      /* patch= */ 1,
+      /* minor= */ 29,
+      /* patch= */ 3,
       /* suffix= */ "",
       WebSocketProtos.class.getName());
   }
@@ -122,8 +122,8 @@ public final class WebSocketProtos {
       com.google.protobuf.RuntimeVersion.validateProtobufGencodeVersion(
         com.google.protobuf.RuntimeVersion.RuntimeDomain.PUBLIC,
         /* major= */ 4,
-        /* minor= */ 27,
-        /* patch= */ 1,
+        /* minor= */ 29,
+        /* patch= */ 3,
         /* suffix= */ "",
         WebSocketRequestMessage.class.getName());
     }
@@ -1248,8 +1248,8 @@ public final class WebSocketProtos {
       com.google.protobuf.RuntimeVersion.validateProtobufGencodeVersion(
         com.google.protobuf.RuntimeVersion.RuntimeDomain.PUBLIC,
         /* major= */ 4,
-        /* minor= */ 27,
-        /* patch= */ 1,
+        /* minor= */ 29,
+        /* patch= */ 3,
         /* suffix= */ "",
         WebSocketResponseMessage.class.getName());
     }
@@ -2268,8 +2268,8 @@ public final class WebSocketProtos {
       com.google.protobuf.RuntimeVersion.validateProtobufGencodeVersion(
         com.google.protobuf.RuntimeVersion.RuntimeDomain.PUBLIC,
         /* major= */ 4,
-        /* minor= */ 27,
-        /* patch= */ 1,
+        /* minor= */ 29,
+        /* patch= */ 3,
         /* suffix= */ "",
         WebSocketMessage.class.getName());
     }
@@ -2317,8 +2317,8 @@ public final class WebSocketProtos {
         com.google.protobuf.RuntimeVersion.validateProtobufGencodeVersion(
           com.google.protobuf.RuntimeVersion.RuntimeDomain.PUBLIC,
           /* major= */ 4,
-          /* minor= */ 27,
-          /* patch= */ 1,
+          /* minor= */ 29,
+          /* patch= */ 3,
           /* suffix= */ "",
           Type.class.getName());
       }