feat(mtproto): improve replay attack mitigation

Use message id buffer.

mtproto/conn.go

@@ -50,11 +50,12 @@ type Conn struct {
 
 	// Wrappers for external world, like current time, logs or PRNG.
 	// Should be immutable.
-	clock     clock.Clock
-	rand      io.Reader
-	cipher    Cipher
-	log       *zap.Logger
-	messageID MessageIDSource
+	clock        clock.Clock
+	rand         io.Reader
+	cipher       Cipher
+	log          *zap.Logger
+	messageID    MessageIDSource
+	messageIDBuf *proto.MessageIDBuf // replay attack protection
 
 	// use session() to access authKey, salt or sessionID.
 	sessionMux sync.RWMutex
@@ -92,14 +93,15 @@ func New(addr string, opt Options) *Conn {
 	opt.setDefaults()
 
 	conn := &Conn{
-		addr:      addr,
-		transport: opt.Transport,
-		clock:     opt.Clock,
-		rand:      opt.Random,
-		cipher:    opt.Cipher,
-		log:       opt.Logger,
-		ping:      map[int64]func(){},
-		messageID: opt.MessageID,
+		addr:         addr,
+		transport:    opt.Transport,
+		clock:        opt.Clock,
+		rand:         opt.Random,
+		cipher:       opt.Cipher,
+		log:          opt.Logger,
+		ping:         map[int64]func(){},
+		messageID:    opt.MessageID,
+		messageIDBuf: proto.NewMessageIDBuf(100),
 
 		ackSendChan:  make(chan int64),
 		ackInterval:  opt.AckInterval,

mtproto/read.go

@@ -66,6 +66,9 @@ func (c *Conn) read(ctx context.Context, b *bin.Buffer) (*crypto.EncryptedMessag
 	if err := checkMessageID(c.clock.Now(), msg.MessageID); err != nil {
 		return nil, xerrors.Errorf("bad message id: %w", err)
 	}
+	if !c.messageIDBuf.Consume(msg.MessageID) {
+		return nil, xerrors.Errorf("duplicate or too low message id: %w", errRejected)
+	}
 
 	return msg, nil
 }