TheArchive/session-android
1
0
Fork 0
mirror of https://github.com/oxen-io/session-android.git synced 2025-04-29 09:01:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix missing signature validation

Browse Source
This commit is contained in:
nielsandriesse 2021-05-12 15:28:14 +10:00
parent c8cf5ebfa0
commit 174bccb0b7
2 changed files with 50 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libsession/src/main/java/org/session/libsession/messaging/MessagingModuleConfiguration.kt
View File

@ -8,8 +8,8 @@ class MessagingModuleConfiguration(
val context: Context, val context: Context,
val storage: StorageProtocol, val storage: StorageProtocol,
val messageDataProvider: MessageDataProvider, val messageDataProvider: MessageDataProvider,
val sessionProtocol: SessionProtocol) val sessionProtocol: SessionProtocol
{ ) {
companion object { companion object {
lateinit var shared: MessagingModuleConfiguration lateinit var shared: MessagingModuleConfiguration

29
libsession/src/main/java/org/session/libsession/messaging/open_groups/OpenGroupAPIV2.kt
View File

@ -241,12 +241,19 @@ object OpenGroupAPIV2 {
queryParameters += "from_server_id" to lastId.toString() queryParameters += "from_server_id" to lastId.toString()
} }
val request = Request(verb = GET, room = room, server = server, endpoint = "messages", queryParameters = queryParameters) val request = Request(verb = GET, room = room, server = server, endpoint = "messages", queryParameters = queryParameters)
return send(request).map { jsonList -> return send(request).map { json ->
@Suppress("UNCHECKED_CAST") val rawMessages = jsonList["messages"] as? List<Map<String, Any>> @Suppress("UNCHECKED_CAST") val rawMessages = json["messages"] as? List<Map<String, Any>>
?: throw Error.ParsingFailed ?: throw Error.ParsingFailed
parseMessages(room, server, rawMessages)
}
}
private fun parseMessages(room: String, server: String, rawMessages: List<Map<*, *>>): List<OpenGroupMessageV2> {
val storage = MessagingModuleConfiguration.shared.storage
val lastMessageServerID = storage.getLastMessageServerId(room, server) ?: 0 val lastMessageServerID = storage.getLastMessageServerId(room, server) ?: 0
var currentLastMessageServerID = lastMessageServerID var currentLastMessageServerID = lastMessageServerID
val messages = rawMessages.mapNotNull { json -> val messages = rawMessages.mapNotNull { json ->
json as Map<String, Any>
try { try {
val message = OpenGroupMessageV2.fromJSON(json) ?: return@mapNotNull null val message = OpenGroupMessageV2.fromJSON(json) ?: return@mapNotNull null
if (message.serverID == null || message.sender.isNullOrEmpty()) return@mapNotNull null if (message.serverID == null || message.sender.isNullOrEmpty()) return@mapNotNull null
@ -256,7 +263,7 @@ object OpenGroupAPIV2 {
val publicKey = Hex.fromStringCondensed(sender.removing05PrefixIfNeeded()) val publicKey = Hex.fromStringCondensed(sender.removing05PrefixIfNeeded())
val isValid = curve.verifySignature(publicKey, data, signature) val isValid = curve.verifySignature(publicKey, data, signature)
if (!isValid) { if (!isValid) {
Log.d("Loki", "Ignoring message with invalid signature") Log.d("Loki", "Ignoring message with invalid signature.")
return@mapNotNull null return@mapNotNull null
} }
if (message.serverID > lastMessageServerID) { if (message.serverID > lastMessageServerID) {
@ -268,8 +275,7 @@ object OpenGroupAPIV2 {
} }
} }
storage.setLastMessageServerId(room, server, currentLastMessageServerID) storage.setLastMessageServerId(room, server, currentLastMessageServerID)
messages return messages
}
} }
// endregion // endregion
@ -381,22 +387,13 @@ object OpenGroupAPIV2 {
val idsAsString = JsonUtil.toJson(json["deletions"]) val idsAsString = JsonUtil.toJson(json["deletions"])
val deletedServerIDs = JsonUtil.fromJson<List<MessageDeletion>>(idsAsString, type) ?: throw Error.ParsingFailed val deletedServerIDs = JsonUtil.fromJson<List<MessageDeletion>>(idsAsString, type) ?: throw Error.ParsingFailed
val lastDeletionServerID = storage.getLastDeletionServerId(roomID, server) ?: 0 val lastDeletionServerID = storage.getLastDeletionServerId(roomID, server) ?: 0
val serverID = deletedServerIDs.maxByOrNull {it.id } ?: MessageDeletion.EMPTY val serverID = deletedServerIDs.maxByOrNull { it.id } ?: MessageDeletion.EMPTY
if (serverID.id > lastDeletionServerID) { if (serverID.id > lastDeletionServerID) {
storage.setLastDeletionServerId(roomID, server, serverID.id) storage.setLastDeletionServerId(roomID, server, serverID.id)
} }
// Messages // Messages
val rawMessages = json["messages"] as? List<Map<String, Any>> ?: return@mapNotNull null val rawMessages = json["messages"] as? List<Map<String, Any>> ?: return@mapNotNull null
val lastMessageServerID = storage.getLastMessageServerId(roomID, server) ?: 0 val messages = parseMessages(roomID, server, rawMessages)
var currentLastMessageServerID = lastMessageServerID
val messages = rawMessages.mapNotNull { rawMessage ->
val message = OpenGroupMessageV2.fromJSON(rawMessage)?.apply {
currentLastMessageServerID = maxOf(currentLastMessageServerID,this.serverID ?: 0)
}
// TODO: We need to check the signature here...
message
}
storage.setLastMessageServerId(roomID, server, currentLastMessageServerID)
roomID to CompactPollResult( roomID to CompactPollResult(
messages = messages, messages = messages,
deletions = deletedServerIDs.map { it.deletedMessageId }, deletions = deletedServerIDs.map { it.deletedMessageId },