protocol: Throw SessionNotFound for an expired unacknowledged session

For the most part this should happen transparently without any explicit adoption, like the previous change, but for Java code the NoSessionException is now properly declared on SessionCipher.encrypt. (This was always technically possible, but clients were expected to have previously checked for session validity before using SessionCipher; now that there's an expiration involved, that's not strictly possible.)
2026-05-12 01:46:41 +02:00 · 2023-08-21 17:41:08 -07:00
parent a04c4f27a6
commit 024c618f20
21 changed files with 351 additions and 24 deletions
--- a/java/shared/java/org/signal/libsignal/internal/Native.java
+++ b/java/shared/java/org/signal/libsignal/internal/Native.java
@@ -470,7 +470,7 @@ public final class Native {

  public static native byte[] SessionCipher_DecryptPreKeySignalMessage(long message, long protocolAddress, SessionStore sessionStore, IdentityKeyStore identityKeyStore, PreKeyStore prekeyStore, SignedPreKeyStore signedPrekeyStore, KyberPreKeyStore kyberPrekeyStore);
  public static native byte[] SessionCipher_DecryptSignalMessage(long message, long protocolAddress, SessionStore sessionStore, IdentityKeyStore identityKeyStore);
-  public static native CiphertextMessage SessionCipher_EncryptMessage(byte[] ptext, long protocolAddress, SessionStore sessionStore, IdentityKeyStore identityKeyStore);
+  public static native CiphertextMessage SessionCipher_EncryptMessage(byte[] ptext, long protocolAddress, SessionStore sessionStore, IdentityKeyStore identityKeyStore, long now);

  public static native void SessionRecord_ArchiveCurrentState(long sessionRecord);
  public static native boolean SessionRecord_CurrentRatchetKeyMatches(long s, long key);
--- a/java/shared/java/org/signal/libsignal/protocol/SessionBuilder.java
+++ b/java/shared/java/org/signal/libsignal/protocol/SessionBuilder.java
@@ -97,6 +97,8 @@ public class SessionBuilder {
   * Build a new session from a {@link org.signal.libsignal.protocol.state.PreKeyBundle} retrieved
   * from a server.
   *
+   * <p>You should only use this overload if you need to test session expiration explicitly.
+   *
   * @param preKey A PreKey for the destination recipient, retrieved from a server.
   * @param now The current time, used later to check if the session is stale.
   * @throws InvalidKeyException when the {@link org.signal.libsignal.protocol.state.PreKeyBundle}
--- a/java/shared/java/org/signal/libsignal/protocol/SessionCipher.java
+++ b/java/shared/java/org/signal/libsignal/protocol/SessionCipher.java
@@ -5,6 +5,7 @@

 package org.signal.libsignal.protocol;

+import java.time.Instant;
 import org.signal.libsignal.internal.Native;
 import org.signal.libsignal.internal.NativeHandleGuard;
 import org.signal.libsignal.protocol.message.CiphertextMessage;
@@ -70,11 +71,35 @@ public class SessionCipher {
   *
   * @param paddedMessage The plaintext message bytes, optionally padded to a constant multiple.
   * @return A ciphertext message encrypted to the recipient+device tuple.
+   * @throws NoSessionException if there is no established session for this contact, or if an
+   *     unacknowledged session has expired
+   * @throws UntrustedIdentityException when the {@link IdentityKey} of the sender is out of date.
   */
-  public CiphertextMessage encrypt(byte[] paddedMessage) throws UntrustedIdentityException {
+  public CiphertextMessage encrypt(byte[] paddedMessage)
+      throws NoSessionException, UntrustedIdentityException {
+    return encrypt(paddedMessage, Instant.now());
+  }
+
+  /**
+   * Encrypt a message.
+   *
+   * <p>You should only use this overload if you need to test session expiration explicitly.
+   *
+   * @param paddedMessage The plaintext message bytes, optionally padded to a constant multiple.
+   * @return A ciphertext message encrypted to the recipient+device tuple.
+   * @throws NoSessionException if there is no established session for this contact, or if an
+   *     unacknowledged session has expired
+   * @throws UntrustedIdentityException when the {@link IdentityKey} of the sender is out of date.
+   */
+  public CiphertextMessage encrypt(byte[] paddedMessage, Instant now)
+      throws NoSessionException, UntrustedIdentityException {
    try (NativeHandleGuard remoteAddress = new NativeHandleGuard(this.remoteAddress)) {
      return Native.SessionCipher_EncryptMessage(
-          paddedMessage, remoteAddress.nativeHandle(), sessionStore, identityKeyStore);
+          paddedMessage,
+          remoteAddress.nativeHandle(),
+          sessionStore,
+          identityKeyStore,
+          now.toEpochMilli());
    }
  }

--- a/java/shared/java/org/signal/libsignal/protocol/state/SessionRecord.java
+++ b/java/shared/java/org/signal/libsignal/protocol/state/SessionRecord.java
@@ -5,6 +5,7 @@

 package org.signal.libsignal.protocol.state;

+import java.time.Instant;
 import org.signal.libsignal.internal.Native;
 import org.signal.libsignal.internal.NativeHandleGuard;
 import org.signal.libsignal.protocol.IdentityKey;
@@ -14,9 +15,6 @@ import org.signal.libsignal.protocol.InvalidMessageException;
 import org.signal.libsignal.protocol.ecc.ECKeyPair;
 import org.signal.libsignal.protocol.ecc.ECPublicKey;

-import java.io.IOException;
-import java.time.Instant;
-
 /**
 * A SessionRecord encapsulates the state of an ongoing session.
 *