Reject DeviceCheck assertions if they race with a counter update

2026-04-10 14:08:43 -05:00 · 2026-04-10 14:08:43 -05:00 · 5bb7edcade
commit 5bb7edcade
parent 75948dc617
1 changed files with 3 additions and 1 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/storage/devicecheck/AppleDeviceCheckManager.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/storage/devicecheck/AppleDeviceCheckManager.java
@ -206,7 +206,9 @@ public class AppleDeviceCheckManager {
    }

    // Store the updated sign count, so we can check the next assertion (step 6)
-    appleDeviceChecks.updateCounter(account, keyId, appleDevice.getCounter());
+    if (!appleDeviceChecks.updateCounter(account, keyId, appleDevice.getCounter())) {
+      throw new RequestReuseException("Sign count from request less than stored sign count");
+    }
    removeChallenge(redisChallengeKey);
  }