eliott/libsignal
1
0
Fork 0
mirror of https://github.com/signalapp/libsignal.git synced 2026-04-26 01:35:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

1:1 decryption takes local address

Browse Source
This commit is contained in:
Rolfe Schmidt
2026-03-27 15:45:07 -07:00
committed by GitHub
parent 955e4c9f1d
commit 98794de745
34 changed files with 611 additions and 161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

280
rust/protocol/tests/session.rs
View File

@@ -91,6 +91,7 @@ fn test_basic_prekey() -> TestResult {
let ptext = decrypt(
&mut bob_store_builder.store,
&alice_address,
&bob_address,
&incoming_message,
)
.await?;
@@ -130,7 +131,7 @@ fn test_basic_prekey() -> TestResult {
assert_eq!(bob_outgoing.message_type(), CiphertextMessageType::Whisper);
let alice_decrypts = decrypt(alice_store, &bob_address, &bob_outgoing).await?;
let alice_decrypts = decrypt(alice_store, &bob_address, &alice_address, &bob_outgoing).await?;
assert_eq!(
String::from_utf8(alice_decrypts).expect("valid utf8"),
@@ -172,7 +173,7 @@ fn test_basic_prekey() -> TestResult {
encrypt(&mut alter_alice_store, &bob_address, original_message).await?;
assert!(matches!(
decrypt(&mut bob_store_builder.store, &alice_address, &outgoing_message)
decrypt(&mut bob_store_builder.store, &alice_address, &bob_address, &outgoing_message)
.await
.unwrap_err(),
SignalProtocolError::UntrustedIdentity(a) if a == alice_address
@@ -195,6 +196,7 @@ fn test_basic_prekey() -> TestResult {
let decrypted = decrypt(
&mut bob_store_builder.store,
&alice_address,
&bob_address,
&outgoing_message,
)
.await?;
@@ -285,9 +287,14 @@ fn test_chain_jump_over_limit() -> TestResult {
let too_far = encrypt(alice_store, &bob_address, "Now you have gone too far").await?;
assert!(
decrypt(&mut bob_store_builder.store, &alice_address, &too_far,)
.await
.is_err()
decrypt(
&mut bob_store_builder.store,
&alice_address,
&bob_address,
&too_far,
)
.await
.is_err()
);
Ok(())
}
@@ -345,7 +352,13 @@ fn test_chain_jump_over_limit_with_self() -> TestResult {
let too_far =
encrypt(a1_store, &a2_address, "This is the song that never ends").await?;
let ptext = decrypt(&mut a2_store_builder.store, &a1_address, &too_far).await?;
let ptext = decrypt(
&mut a2_store_builder.store,
&a1_address,
&a2_address,
&too_far,
)
.await?;
assert_eq!(
String::from_utf8(ptext).unwrap(),
"This is the song that never ends"
@@ -490,6 +503,7 @@ fn test_repeat_bundle_message() -> TestResult {
let ptext = decrypt(
&mut bob_store_builder.store,
&alice_address,
&bob_address,
&incoming_message,
)
.await?;
@@ -505,7 +519,8 @@ fn test_repeat_bundle_message() -> TestResult {
)
.await?;
assert_eq!(bob_outgoing.message_type(), CiphertextMessageType::Whisper);
let alice_decrypts = decrypt(alice_store, &bob_address, &bob_outgoing).await?;
let alice_decrypts =
decrypt(alice_store, &bob_address, &alice_address, &bob_outgoing).await?;
assert_eq!(
String::from_utf8(alice_decrypts).expect("valid utf8"),
original_message
@@ -520,6 +535,7 @@ fn test_repeat_bundle_message() -> TestResult {
let ptext = decrypt(
&mut bob_store_builder.store,
&alice_address,
&bob_address,
&incoming_message2,
)
.await?;
@@ -534,7 +550,8 @@ fn test_repeat_bundle_message() -> TestResult {
original_message,
)
.await?;
let alice_decrypts = decrypt(alice_store, &bob_address, &bob_outgoing).await?;
let alice_decrypts =
decrypt(alice_store, &bob_address, &alice_address, &bob_outgoing).await?;
assert_eq!(
String::from_utf8(alice_decrypts).expect("valid utf8"),
original_message
@@ -618,7 +635,7 @@ fn test_bad_message_bundle() -> TestResult {
);
assert!(
decrypt(bob_store, &alice_address, &incoming_message,)
decrypt(bob_store, &alice_address, &bob_address, &incoming_message,)
.await
.is_err()
);
@@ -628,7 +645,7 @@ fn test_bad_message_bundle() -> TestResult {
PreKeySignalMessage::try_from(outgoing_message.as_slice())?,
);
let ptext = decrypt(bob_store, &alice_address, &incoming_message).await?;
let ptext = decrypt(bob_store, &alice_address, &bob_address, &incoming_message).await?;
assert_eq!(
String::from_utf8(ptext).expect("valid utf8"),
@@ -708,6 +725,7 @@ fn test_optional_one_time_prekey() -> TestResult {
let ptext = decrypt(
&mut bob_store_builder.store,
&alice_address,
&bob_address,
&incoming_message,
)
.await?;
@@ -768,8 +786,16 @@ fn test_message_key_limits() -> TestResult {
}
assert_eq!(
String::from_utf8(decrypt(&mut bob_store, &alice_address, &inflight[1000],).await?)
.expect("valid utf8"),
String::from_utf8(
decrypt(
&mut bob_store,
&alice_address,
&bob_address,
&inflight[1000],
)
.await?
)
.expect("valid utf8"),
"It's over 1000"
);
assert_eq!(
@@ -777,6 +803,7 @@ fn test_message_key_limits() -> TestResult {
decrypt(
&mut bob_store,
&alice_address,
&bob_address,
&inflight[TOO_MANY_MESSAGES - 1],
)
.await?
@@ -785,7 +812,7 @@ fn test_message_key_limits() -> TestResult {
format!("It's over {}", TOO_MANY_MESSAGES - 1)
);
let err = decrypt(&mut bob_store, &alice_address, &inflight[5])
let err = decrypt(&mut bob_store, &alice_address, &bob_address, &inflight[5])
.await
.unwrap_err();
assert!(matches!(
@@ -877,6 +904,7 @@ fn test_basic_simultaneous_initiate() -> TestResult {
let alice_plaintext = decrypt(
alice_store,
&bob_address,
&alice_address,
&CiphertextMessage::PreKeySignalMessage(PreKeySignalMessage::try_from(
message_for_alice.serialize(),
)?),
@@ -890,6 +918,7 @@ fn test_basic_simultaneous_initiate() -> TestResult {
let bob_plaintext = decrypt(
bob_store,
&alice_address,
&bob_address,
&CiphertextMessage::PreKeySignalMessage(PreKeySignalMessage::try_from(
message_for_bob.serialize(),
)?),
@@ -923,6 +952,7 @@ fn test_basic_simultaneous_initiate() -> TestResult {
let response_plaintext = decrypt(
bob_store,
&alice_address,
&bob_address,
&CiphertextMessage::SignalMessage(SignalMessage::try_from(
alice_response.serialize(),
)?),
@@ -944,6 +974,7 @@ fn test_basic_simultaneous_initiate() -> TestResult {
let response_plaintext = decrypt(
alice_store,
&bob_address,
&alice_address,
&CiphertextMessage::SignalMessage(SignalMessage::try_from(
bob_response.serialize(),
)?),
@@ -1043,6 +1074,7 @@ fn test_simultaneous_initiate_with_lossage() -> TestResult {
let bob_plaintext = decrypt(
bob_store,
&alice_address,
&bob_address,
&CiphertextMessage::PreKeySignalMessage(PreKeySignalMessage::try_from(
message_for_bob.serialize(),
)?),
@@ -1069,6 +1101,7 @@ fn test_simultaneous_initiate_with_lossage() -> TestResult {
let response_plaintext = decrypt(
bob_store,
&alice_address,
&bob_address,
&CiphertextMessage::PreKeySignalMessage(PreKeySignalMessage::try_from(
alice_response.serialize(),
)?),
@@ -1090,6 +1123,7 @@ fn test_simultaneous_initiate_with_lossage() -> TestResult {
let response_plaintext = decrypt(
alice_store,
&bob_address,
&alice_address,
&CiphertextMessage::SignalMessage(SignalMessage::try_from(
bob_response.serialize(),
)?),
@@ -1189,6 +1223,7 @@ fn test_simultaneous_initiate_lost_message() -> TestResult {
let alice_plaintext = decrypt(
alice_store,
&bob_address,
&alice_address,
&CiphertextMessage::PreKeySignalMessage(PreKeySignalMessage::try_from(
message_for_alice.serialize(),
)?),
@@ -1202,6 +1237,7 @@ fn test_simultaneous_initiate_lost_message() -> TestResult {
let bob_plaintext = decrypt(
bob_store,
&alice_address,
&bob_address,
&CiphertextMessage::PreKeySignalMessage(PreKeySignalMessage::try_from(
message_for_bob.serialize(),
)?),
@@ -1243,6 +1279,7 @@ fn test_simultaneous_initiate_lost_message() -> TestResult {
let response_plaintext = decrypt(
alice_store,
&bob_address,
&alice_address,
&CiphertextMessage::SignalMessage(SignalMessage::try_from(
bob_response.serialize(),
)?),
@@ -1348,6 +1385,7 @@ fn test_simultaneous_initiate_repeated_messages() -> TestResult {
let alice_plaintext = decrypt(
&mut alice_store_builder.store,
&bob_address,
&alice_address,
&CiphertextMessage::PreKeySignalMessage(PreKeySignalMessage::try_from(
message_for_alice.serialize(),
)?),
@@ -1361,6 +1399,7 @@ fn test_simultaneous_initiate_repeated_messages() -> TestResult {
let bob_plaintext = decrypt(
&mut bob_store_builder.store,
&alice_address,
&bob_address,
&CiphertextMessage::PreKeySignalMessage(PreKeySignalMessage::try_from(
message_for_bob.serialize(),
)?),
@@ -1419,6 +1458,7 @@ fn test_simultaneous_initiate_repeated_messages() -> TestResult {
let alice_plaintext = decrypt(
&mut alice_store_builder.store,
&bob_address,
&alice_address,
&CiphertextMessage::SignalMessage(SignalMessage::try_from(
message_for_alice.serialize(),
)?),
@@ -1432,6 +1472,7 @@ fn test_simultaneous_initiate_repeated_messages() -> TestResult {
let bob_plaintext = decrypt(
&mut bob_store_builder.store,
&alice_address,
&bob_address,
&CiphertextMessage::SignalMessage(SignalMessage::try_from(
message_for_bob.serialize(),
)?),
@@ -1492,6 +1533,7 @@ fn test_simultaneous_initiate_repeated_messages() -> TestResult {
let response_plaintext = decrypt(
&mut alice_store_builder.store,
&bob_address,
&alice_address,
&CiphertextMessage::SignalMessage(SignalMessage::try_from(
bob_response.serialize(),
)?),
@@ -1624,6 +1666,7 @@ fn test_simultaneous_initiate_lost_message_repeated_messages() -> TestResult {
let alice_plaintext = decrypt(
&mut alice_store_builder.store,
&bob_address,
&alice_address,
&CiphertextMessage::PreKeySignalMessage(PreKeySignalMessage::try_from(
message_for_alice.serialize(),
)?),
@@ -1637,6 +1680,7 @@ fn test_simultaneous_initiate_lost_message_repeated_messages() -> TestResult {
let bob_plaintext = decrypt(
&mut bob_store_builder.store,
&alice_address,
&bob_address,
&CiphertextMessage::PreKeySignalMessage(PreKeySignalMessage::try_from(
message_for_bob.serialize(),
)?),
@@ -1695,6 +1739,7 @@ fn test_simultaneous_initiate_lost_message_repeated_messages() -> TestResult {
let alice_plaintext = decrypt(
&mut alice_store_builder.store,
&bob_address,
&alice_address,
&CiphertextMessage::SignalMessage(SignalMessage::try_from(
message_for_alice.serialize(),
)?),
@@ -1708,6 +1753,7 @@ fn test_simultaneous_initiate_lost_message_repeated_messages() -> TestResult {
let bob_plaintext = decrypt(
&mut bob_store_builder.store,
&alice_address,
&bob_address,
&CiphertextMessage::SignalMessage(SignalMessage::try_from(
message_for_bob.serialize(),
)?),
@@ -1768,6 +1814,7 @@ fn test_simultaneous_initiate_lost_message_repeated_messages() -> TestResult {
let response_plaintext = decrypt(
&mut alice_store_builder.store,
&bob_address,
&alice_address,
&CiphertextMessage::SignalMessage(SignalMessage::try_from(
bob_response.serialize(),
)?),
@@ -1791,6 +1838,7 @@ fn test_simultaneous_initiate_lost_message_repeated_messages() -> TestResult {
let blast_from_the_past = decrypt(
&mut bob_store_builder.store,
&alice_address,
&bob_address,
&CiphertextMessage::PreKeySignalMessage(PreKeySignalMessage::try_from(
lost_message_for_bob.serialize(),
)?),
@@ -1819,6 +1867,7 @@ fn test_simultaneous_initiate_lost_message_repeated_messages() -> TestResult {
let response_plaintext = decrypt(
&mut alice_store_builder.store,
&bob_address,
&alice_address,
&CiphertextMessage::SignalMessage(SignalMessage::try_from(
bob_response.serialize(),
)?),
@@ -1901,6 +1950,7 @@ fn test_zero_is_a_valid_prekey_id() -> TestResult {
let ptext = decrypt(
&mut bob_store_builder.store,
&alice_address,
&bob_address,
&incoming_message,
)
.await?;
@@ -2106,6 +2156,7 @@ fn prekey_message_failed_decryption_does_not_update_stores() -> TestResult {
decrypt(
&mut alice_store,
&bob_address,
&alice_address,
&CiphertextMessage::PreKeySignalMessage(pre_key_message),
)
.await,
@@ -2176,9 +2227,14 @@ fn prekey_message_failed_decryption_does_not_update_stores_even_when_previously_
let bob_ciphertext = encrypt(&mut bob_store, &alice_address, "from Bob")
.await
.expect("valid");
_ = decrypt(&mut alice_store, &bob_address, &bob_ciphertext)
.await
.expect("valid");
_ = decrypt(
&mut alice_store,
&bob_address,
&alice_address,
&bob_ciphertext,
)
.await
.expect("valid");
// Alice archives the session because she feels like it.
let mut alice_session_with_bob = alice_store
@@ -2245,6 +2301,7 @@ fn prekey_message_failed_decryption_does_not_update_stores_even_when_previously_
decrypt(
&mut alice_store,
&bob_address,
&alice_address,
&CiphertextMessage::PreKeySignalMessage(pre_key_message),
)
.await,
@@ -2323,9 +2380,14 @@ fn prekey_message_to_archived_session() -> TestResult {
assert_eq!(bob_ciphertext.message_type(), CiphertextMessageType::PreKey);
// Alice receives the message.
let received_message = decrypt(&mut alice_store, &bob_address, &bob_ciphertext)
.await
.expect("valid");
let received_message = decrypt(
&mut alice_store,
&bob_address,
&alice_address,
&bob_ciphertext,
)
.await
.expect("valid");
assert_eq!(received_message, b"from Bob");
// Alice decides to archive the session and then send a message to Bob on a new session.
@@ -2357,9 +2419,14 @@ fn prekey_message_to_archived_session() -> TestResult {
bob_ciphertext_2.message_type(),
CiphertextMessageType::PreKey
);
let received_message_2 = decrypt(&mut alice_store, &bob_address, &bob_ciphertext_2)
.await
.expect("valid");
let received_message_2 = decrypt(
&mut alice_store,
&bob_address,
&alice_address,
&bob_ciphertext_2,
)
.await
.expect("valid");
assert_eq!(received_message_2, b"from Bob 2");
// This should promote Bob's session back to the front of Alice's session state.
@@ -2410,7 +2477,13 @@ fn run_session_interaction(alice_session: SessionRecord, bob_session: SessionRec
let alice_plaintext = "This is Alice's message";
let alice_ciphertext = encrypt(&mut alice_store, &bob_address, alice_plaintext).await?;
let bob_decrypted = decrypt(&mut bob_store, &alice_address, &alice_ciphertext).await?;
let bob_decrypted = decrypt(
&mut bob_store,
&alice_address,
&bob_address,
&alice_ciphertext,
)
.await?;
assert_eq!(
String::from_utf8(bob_decrypted).expect("valid utf8"),
alice_plaintext
@@ -2419,7 +2492,13 @@ fn run_session_interaction(alice_session: SessionRecord, bob_session: SessionRec
let bob_plaintext = "This is Bob's reply";
let bob_ciphertext = encrypt(&mut bob_store, &alice_address, bob_plaintext).await?;
let alice_decrypted = decrypt(&mut alice_store, &bob_address, &bob_ciphertext).await?;
let alice_decrypted = decrypt(
&mut alice_store,
&bob_address,
&alice_address,
&bob_ciphertext,
)
.await?;
assert_eq!(
String::from_utf8(alice_decrypted).expect("valid utf8"),
bob_plaintext
@@ -2441,7 +2520,13 @@ fn run_session_interaction(alice_session: SessionRecord, bob_session: SessionRec
alice_messages.shuffle(&mut rng);
for i in 0..ALICE_MESSAGE_COUNT / 2 {
let ptext = decrypt(&mut bob_store, &alice_address, &alice_messages[i].1).await?;
let ptext = decrypt(
&mut bob_store,
&alice_address,
&bob_address,
&alice_messages[i].1,
)
.await?;
assert_eq!(
String::from_utf8(ptext).expect("valid utf8"),
alice_messages[i].0
@@ -2459,7 +2544,13 @@ fn run_session_interaction(alice_session: SessionRecord, bob_session: SessionRec
bob_messages.shuffle(&mut rng);
for i in 0..BOB_MESSAGE_COUNT / 2 {
let ptext = decrypt(&mut alice_store, &bob_address, &bob_messages[i].1).await?;
let ptext = decrypt(
&mut alice_store,
&bob_address,
&alice_address,
&bob_messages[i].1,
)
.await?;
assert_eq!(
String::from_utf8(ptext).expect("valid utf8"),
bob_messages[i].0
@@ -2467,7 +2558,13 @@ fn run_session_interaction(alice_session: SessionRecord, bob_session: SessionRec
}
for i in ALICE_MESSAGE_COUNT / 2..ALICE_MESSAGE_COUNT {
let ptext = decrypt(&mut bob_store, &alice_address, &alice_messages[i].1).await?;
let ptext = decrypt(
&mut bob_store,
&alice_address,
&bob_address,
&alice_messages[i].1,
)
.await?;
assert_eq!(
String::from_utf8(ptext).expect("valid utf8"),
alice_messages[i].0
@@ -2475,7 +2572,13 @@ fn run_session_interaction(alice_session: SessionRecord, bob_session: SessionRec
}
for i in BOB_MESSAGE_COUNT / 2..BOB_MESSAGE_COUNT {
let ptext = decrypt(&mut alice_store, &bob_address, &bob_messages[i].1).await?;
let ptext = decrypt(
&mut alice_store,
&bob_address,
&alice_address,
&bob_messages[i].1,
)
.await?;
assert_eq!(
String::from_utf8(ptext).expect("valid utf8"),
bob_messages[i].0
@@ -2499,7 +2602,7 @@ async fn run_interaction(
let alice_message = encrypt(alice_store, bob_address, alice_ptext).await?;
assert_eq!(alice_message.message_type(), CiphertextMessageType::Whisper);
assert_eq!(
String::from_utf8(decrypt(bob_store, alice_address, &alice_message).await?)
String::from_utf8(decrypt(bob_store, alice_address, bob_address, &alice_message).await?)
.expect("valid utf8"),
alice_ptext
);
@@ -2509,7 +2612,7 @@ async fn run_interaction(
let bob_message = encrypt(bob_store, alice_address, bob_ptext).await?;
assert_eq!(bob_message.message_type(), CiphertextMessageType::Whisper);
assert_eq!(
String::from_utf8(decrypt(alice_store, bob_address, &bob_message).await?)
String::from_utf8(decrypt(alice_store, bob_address, alice_address, &bob_message).await?)
.expect("valid utf8"),
bob_ptext
);
@@ -2519,8 +2622,10 @@ async fn run_interaction(
let alice_message = encrypt(alice_store, bob_address, &alice_ptext).await?;
assert_eq!(alice_message.message_type(), CiphertextMessageType::Whisper);
assert_eq!(
String::from_utf8(decrypt(bob_store, alice_address, &alice_message).await?)
.expect("valid utf8"),
String::from_utf8(
decrypt(bob_store, alice_address, bob_address, &alice_message).await?
)
.expect("valid utf8"),
alice_ptext
);
}
@@ -2530,8 +2635,10 @@ async fn run_interaction(
let bob_message = encrypt(bob_store, alice_address, &bob_ptext).await?;
assert_eq!(bob_message.message_type(), CiphertextMessageType::Whisper);
assert_eq!(
String::from_utf8(decrypt(alice_store, bob_address, &bob_message).await?)
.expect("valid utf8"),
String::from_utf8(
decrypt(alice_store, bob_address, alice_address, &bob_message).await?
)
.expect("valid utf8"),
bob_ptext
);
}
@@ -2549,8 +2656,10 @@ async fn run_interaction(
let alice_message = encrypt(alice_store, bob_address, &alice_ptext).await?;
assert_eq!(alice_message.message_type(), CiphertextMessageType::Whisper);
assert_eq!(
String::from_utf8(decrypt(bob_store, alice_address, &alice_message).await?)
.expect("valid utf8"),
String::from_utf8(
decrypt(bob_store, alice_address, bob_address, &alice_message).await?
)
.expect("valid utf8"),
alice_ptext
);
}
@@ -2560,15 +2669,17 @@ async fn run_interaction(
let bob_message = encrypt(bob_store, alice_address, &bob_ptext).await?;
assert_eq!(bob_message.message_type(), CiphertextMessageType::Whisper);
assert_eq!(
String::from_utf8(decrypt(alice_store, bob_address, &bob_message).await?)
.expect("valid utf8"),
String::from_utf8(
decrypt(alice_store, bob_address, alice_address, &bob_message).await?
)
.expect("valid utf8"),
bob_ptext
);
}
for (ptext, ctext) in alice_ooo_messages {
assert_eq!(
String::from_utf8(decrypt(bob_store, alice_address, &ctext).await?)
String::from_utf8(decrypt(bob_store, alice_address, bob_address, &ctext).await?)
.expect("valid utf8"),
ptext
);
@@ -2647,6 +2758,7 @@ fn test_signedprekey_not_saved() -> TestResult {
let ptext = decrypt(
&mut bob_store_builder.store,
&alice_address,
&bob_address,
&incoming_message,
)
.await?;
@@ -2695,6 +2807,7 @@ fn test_signedprekey_not_saved() -> TestResult {
decrypt(
&mut bob_store_builder.store,
&alice_address,
&bob_address,
&incoming_message,
)
.await
@@ -2896,14 +3009,14 @@ fn test_longer_sessions() -> TestResult {
None => {}
Some((_reordered, msg)) => {
log::debug!("Process message to Alice");
decrypt(alice_store, &bob_address, &msg).await?;
decrypt(alice_store, &bob_address, &alice_address, &msg).await?;
}
},
LongerSessionActions::BobRecv => match to_bob.pop_front() {
None => {}
Some((_reordered, msg)) => {
log::debug!("Process message to Bob");
decrypt(bob_store, &alice_address, &msg).await?;
decrypt(bob_store, &alice_address, &bob_address, &msg).await?;
}
},
LongerSessionActions::AliceDrop => {
@@ -2987,8 +3100,8 @@ fn test_duplicate_message_error_returned() -> TestResult {
.await?;
let msg = encrypt(alice_store, &bob_address, "this_will_be_a_dup").await?;
decrypt(bob_store, &alice_address, &msg).await?;
let err = decrypt(bob_store, &alice_address, &msg)
decrypt(bob_store, &alice_address, &bob_address, &msg).await?;
let err = decrypt(bob_store, &alice_address, &bob_address, &msg)
.await
.expect_err("should be a duplicate");
assert!(matches!(err, SignalProtocolError::DuplicatedMessage(_, _)));
@@ -3035,11 +3148,11 @@ fn test_pqr_state_and_message_contents_nonempty() -> TestResult {
let msg = encrypt(alice_store, &bob_address, "msg1").await?;
assert_matches!(&msg, CiphertextMessage::PreKeySignalMessage(m) if !m.message().pq_ratchet().is_empty());
decrypt(bob_store, &alice_address, &msg).await?;
decrypt(bob_store, &alice_address, &bob_address, &msg).await?;
let msg = encrypt(bob_store, &alice_address, "msg2").await?;
assert_matches!(&msg, CiphertextMessage::SignalMessage(m) if !m.pq_ratchet().is_empty());
decrypt(alice_store, &bob_address, &msg).await?;
decrypt(alice_store, &bob_address, &alice_address, &msg).await?;
let msg = encrypt(alice_store, &bob_address, "msg3").await?;
assert_matches!(&msg, CiphertextMessage::SignalMessage(m) if !m.pq_ratchet().is_empty());
@@ -3103,9 +3216,14 @@ fn x3dh_prekey_rejected_as_invalid_message_specifically() {
.expect("valid");
let mut bob_one_off_store = bob_store_builder.store.clone();
_ = support::decrypt(&mut bob_one_off_store, &alice_address, &pre_key_message)
.await
.expect("unmodified message is fine");
_ = support::decrypt(
&mut bob_one_off_store,
&alice_address,
&bob_address,
&pre_key_message,
)
.await
.expect("unmodified message is fine");
let original =
assert_matches!(pre_key_message, CiphertextMessage::PreKeySignalMessage(m) => m);
@@ -3124,6 +3242,7 @@ fn x3dh_prekey_rejected_as_invalid_message_specifically() {
let err = support::decrypt(
&mut bob_store_builder.store,
&alice_address,
&bob_address,
&CiphertextMessage::PreKeySignalMessage(modified_message.clone()),
)
.await
@@ -3175,7 +3294,7 @@ fn x3dh_established_session_is_or_is_not_usable() {
.expect("valid");
let bob_store = &mut bob_store_builder.store;
_ = support::decrypt(bob_store, &alice_address, &pre_key_message)
_ = support::decrypt(bob_store, &alice_address, &bob_address, &pre_key_message)
.await
.expect("unmodified message is fine");
@@ -3277,7 +3396,7 @@ fn prekey_message_sent_from_different_user_is_rejected() {
.expect("valid");
let bob_store = &mut bob_store_builder.store;
_ = support::decrypt(bob_store, &alice_address, &pre_key_message)
_ = support::decrypt(bob_store, &alice_address, &bob_address, &pre_key_message)
.await
.expect("unmodified message is fine");
_ = bob_store
@@ -3286,7 +3405,7 @@ fn prekey_message_sent_from_different_user_is_rejected() {
.expect("can load sessions")
.expect("session successfully created");
let err = support::decrypt(bob_store, &mallory_address, &pre_key_message)
let err = support::decrypt(bob_store, &mallory_address, &bob_address, &pre_key_message)
.await
.expect_err("should be rejected");
assert_matches!(
@@ -3306,6 +3425,65 @@ fn prekey_message_sent_from_different_user_is_rejected() {
.expect("sync")
}
#[test]
fn prekey_message_rejects_wrong_local_recipient_address() {
async {
let mut csprng = OsRng.unwrap_err();
let alice_address = ProtocolAddress::new(
"9d0652a3-dcc3-4d11-975f-74d61598733f".to_owned(),
DeviceId::new(1).unwrap(),
);
let bob_address = ProtocolAddress::new(
"796abedb-ca4e-4f18-8803-1fde5b921f9f".to_owned(),
DeviceId::new(1).unwrap(),
);
let mallory_address = ProtocolAddress::new(
"e80f7bbe-5b94-471e-bd8c-2173654ea3d1".to_owned(),
DeviceId::new(1).unwrap(),
);
let mut bob_store_builder = TestStoreBuilder::new();
bob_store_builder.add_pre_key(IdChoice::Next);
bob_store_builder.add_signed_pre_key(IdChoice::Next);
bob_store_builder.add_kyber_pre_key(IdChoice::Next);
let bob_pre_key_bundle =
bob_store_builder.make_bundle_with_latest_keys(DeviceId::new(1).unwrap());
let mut alice_store = TestStoreBuilder::new().store;
process_prekey_bundle(
&bob_address,
&mut alice_store.session_store,
&mut alice_store.identity_store,
&bob_pre_key_bundle,
SystemTime::now(),
&mut csprng,
)
.await
.expect("valid");
let pre_key_message = support::encrypt(&mut alice_store, &bob_address, "hi bob")
.await
.expect("valid");
let err = support::decrypt(
&mut bob_store_builder.store,
&alice_address,
&mallory_address,
&pre_key_message,
)
.await
.expect_err("recipient binding should reject wrong local address");
assert_matches!(
err,
SignalProtocolError::InvalidMessage(CiphertextMessageType::PreKey, "decryption failed")
);
}
.now_or_never()
.expect("sync")
}
#[test]
fn proptest_session_resets() {
// This is the same test setup as fuzz/fuzz_targets/session_management.rs. If this test fails,