Accept an arbitrarily large counter jump when talking to self

rust/protocol/tests/session.rs

@@ -242,6 +242,166 @@ fn test_basic_prekey_v3() -> Result<(), SignalProtocolError> {
     })
 }
 
+#[test]
+#[allow(clippy::eval_order_dependence)]
+fn chain_jump_over_limit() -> Result<(), SignalProtocolError> {
+    block_on(async {
+        let mut csprng = OsRng;
+
+        let alice_address = ProtocolAddress::new("+14151111111".to_owned(), 1);
+        let bob_address = ProtocolAddress::new("+14151111112".to_owned(), 1);
+
+        let mut alice_store = support::test_in_memory_protocol_store();
+        let mut bob_store = support::test_in_memory_protocol_store();
+
+        let bob_pre_key_pair = KeyPair::generate(&mut csprng);
+        let bob_signed_pre_key_pair = KeyPair::generate(&mut csprng);
+
+        let bob_signed_pre_key_public = bob_signed_pre_key_pair.public_key.serialize();
+        let bob_signed_pre_key_signature = bob_store
+            .get_identity_key_pair(None)
+            .await?
+            .private_key()
+            .calculate_signature(&bob_signed_pre_key_public, &mut csprng)?;
+
+        let pre_key_id = 31337;
+        let signed_pre_key_id = 22;
+
+        let bob_pre_key_bundle = PreKeyBundle::new(
+            bob_store.get_local_registration_id(None).await?,
+            1,                                               // device id
+            Some((pre_key_id, bob_pre_key_pair.public_key)), // pre key
+            signed_pre_key_id,                               // signed pre key id
+            bob_signed_pre_key_pair.public_key,
+            bob_signed_pre_key_signature.to_vec(),
+            *bob_store.get_identity_key_pair(None).await?.identity_key(),
+        )?;
+
+        process_prekey_bundle(
+            &bob_address,
+            &mut alice_store.session_store,
+            &mut alice_store.identity_store,
+            &bob_pre_key_bundle,
+            &mut csprng,
+            None,
+        )
+        .await?;
+
+        bob_store
+            .save_pre_key(
+                pre_key_id,
+                &PreKeyRecord::new(pre_key_id, &bob_pre_key_pair),
+                None,
+            )
+            .await?;
+        bob_store
+            .save_signed_pre_key(
+                signed_pre_key_id,
+                &SignedPreKeyRecord::new(
+                    signed_pre_key_id,
+                    /*timestamp*/ 42,
+                    &bob_signed_pre_key_pair,
+                    &bob_signed_pre_key_signature,
+                ),
+                None,
+            )
+            .await?;
+
+        // Same as library consts.rs
+        pub const MAX_FORWARD_JUMPS: usize = 25_000;
+
+        for _i in 0..(MAX_FORWARD_JUMPS + 1) {
+            let _msg = encrypt(&mut alice_store, &bob_address, "Yet another message for you").await?;
+        }
+
+        let too_far = encrypt(&mut alice_store, &bob_address, "Now you have gone too far").await?;
+
+        assert!(decrypt(&mut bob_store, &alice_address, &too_far).await.is_err());
+        Ok(())
+    })
+}
+
+#[test]
+#[allow(clippy::eval_order_dependence)]
+fn chain_jump_over_limit_with_self() -> Result<(), SignalProtocolError> {
+    block_on(async {
+        let mut csprng = OsRng;
+
+        let a1_address = ProtocolAddress::new("+14151111111".to_owned(), 1);
+        let a2_address = ProtocolAddress::new("+14151111111".to_owned(), 2);
+
+        let mut a1_store = support::test_in_memory_protocol_store();
+        let mut a2_store = a1_store.clone(); // same key!
+
+        let a2_pre_key_pair = KeyPair::generate(&mut csprng);
+        let a2_signed_pre_key_pair = KeyPair::generate(&mut csprng);
+
+        let a2_signed_pre_key_public = a2_signed_pre_key_pair.public_key.serialize();
+        let a2_signed_pre_key_signature = a2_store
+            .get_identity_key_pair(None)
+            .await?
+            .private_key()
+            .calculate_signature(&a2_signed_pre_key_public, &mut csprng)?;
+
+        let pre_key_id = 31337;
+        let signed_pre_key_id = 22;
+
+        let a2_pre_key_bundle = PreKeyBundle::new(
+            a2_store.get_local_registration_id(None).await?,
+            1,                                               // device id
+            Some((pre_key_id, a2_pre_key_pair.public_key)), // pre key
+            signed_pre_key_id,                               // signed pre key id
+            a2_signed_pre_key_pair.public_key,
+            a2_signed_pre_key_signature.to_vec(),
+            *a2_store.get_identity_key_pair(None).await?.identity_key(),
+        )?;
+
+        process_prekey_bundle(
+            &a2_address,
+            &mut a1_store.session_store,
+            &mut a1_store.identity_store,
+            &a2_pre_key_bundle,
+            &mut csprng,
+            None,
+        )
+        .await?;
+
+        a2_store
+            .save_pre_key(
+                pre_key_id,
+                &PreKeyRecord::new(pre_key_id, &a2_pre_key_pair),
+                None,
+            )
+            .await?;
+        a2_store
+            .save_signed_pre_key(
+                signed_pre_key_id,
+                &SignedPreKeyRecord::new(
+                    signed_pre_key_id,
+                    /*timestamp*/ 42,
+                    &a2_signed_pre_key_pair,
+                    &a2_signed_pre_key_signature,
+                ),
+                None,
+            )
+            .await?;
+
+        // Same as library consts.rs
+        pub const MAX_FORWARD_JUMPS: usize = 25_000;
+
+        for _i in 0..(MAX_FORWARD_JUMPS + 1) {
+            let _msg = encrypt(&mut a1_store, &a2_address, "Yet another message for youself").await?;
+        }
+
+        let too_far = encrypt(&mut a1_store, &a2_address, "This is the song that never ends").await?;
+
+        let ptext = decrypt(&mut a2_store, &a1_address, &too_far).await?;
+        assert_eq!(String::from_utf8(ptext).unwrap(), "This is the song that never ends");
+
+        Ok(())
+    })
+}
+
 #[test]
 #[allow(clippy::eval_order_dependence)]
 fn test_bad_signed_pre_key_signature() -> Result<(), SignalProtocolError> {