fix: strengthen TransactionList validation in fromBytes (#589)

Signed-off-by: Rob Walworth <robert.walworth@swirldslabs.com>

Author: rwalworth

Sources/Hiero/Topic/TopicMessageSubmitTransaction.swift

@@ -28,7 +28,7 @@ public final class TopicMessageSubmitTransaction: ChunkedTransaction {
         var message: Data = first.message
         var largestChunkSize = max(first.message.count, 1)
 
-        // note: no other SDK checks for correctness here... so let's not do it here either?
+        // Chunk structure (count, sequential numbers) is validated in Transaction.fromBytes.
         for item in iter {
             largestChunkSize = max(largestChunkSize, item.message.count)
             message.append(item.message)

Sources/Hiero/Transaction.swift

@@ -478,6 +478,43 @@ public class Transaction: ValidateChecksums {
 
         }
 
+        // SECURITY: Only chunked transaction types (consensusSubmitMessage, fileAppend) legitimately
+        // have multiple TransactionId groups. Reject all other types unconditionally to prevent
+        // cross-group body forgery attacks where a hidden group carries a different operation.
+        if sources.chunksCount > 1 {
+            switch transactionBodies[0].data {
+            case .consensusSubmitMessage, .fileAppend:
+                break
+            default:
+                throw HError.fromProtobuf("non-chunked transaction must not have multiple transaction ID groups")
+            }
+        }
+
+        // For consensusSubmitMessage with chunkInfo, validate that the actual group count matches
+        // chunkInfo.total and that chunk numbers are sequential. This bounds the attack surface for
+        // chunked types: post-signing the body bytes (including chunkInfo.total) are locked by the
+        // signature, so an attacker must set chunkInfo.total == actual group count upfront, making
+        // any injected groups visible in the victim's reconstructed message via SDK getters.
+        if case .consensusSubmitMessage(let msg) = transactionBodies[0].data, msg.hasChunkInfo {
+            let declaredTotal = Int(msg.chunkInfo.total)
+            guard sources.chunksCount == declaredTotal else {
+                throw HError.fromProtobuf(
+                    "chunked transaction has \(sources.chunksCount) groups but chunkInfo.total declares \(declaredTotal)"
+                )
+            }
+            for (chunkIndex, chunk) in sources.chunks.enumerated() {
+                let chunkBody = transactionBodies[chunk.range.lowerBound]
+                if case .consensusSubmitMessage(let chunkMsg) = chunkBody.data, chunkMsg.hasChunkInfo {
+                    guard chunkMsg.chunkInfo.number == Int32(chunkIndex + 1) else {
+                        throw HError.fromProtobuf(
+                            "chunk number out of order at group \(chunkIndex): "
+                                + "expected \(chunkIndex + 1), got \(chunkMsg.chunkInfo.number)"
+                        )
+                    }
+                }
+            }
+        }
+
         let transactionData =
             try sources
             .chunks

Tests/HieroUnitTests/ChunkedTransactionUnitTests.swift

@@ -32,4 +32,176 @@ internal final class ChunkedTransactionUnitTests: HieroUnitTestCase {
         XCTAssertEqual(transaction.message, "Hello, world!".data(using: .utf8)!)
         XCTAssertEqual(transaction.transactionId, transactionId)
     }
+
+    // MARK: - Cross-group forgery rejection tests
+
+    /// Non-chunked types (e.g. CryptoTransfer) with multiple TransactionId groups must be rejected,
+    /// even when the bodies are identical across groups.
+    internal func test_fromBytes_rejectMultiGroupNonChunked() throws {
+        let txId1 = TransactionId.withValidStart(
+            AccountId(num: 100), Timestamp(seconds: 1_554_158_542, subSecondNanos: 0))
+        let txId2 = TransactionId.withValidStart(
+            AccountId(num: 100), Timestamp(seconds: 1_554_158_543, subSecondNanos: 0))
+
+        let transfer = Proto_CryptoTransferTransactionBody.with { proto in
+            proto.transfers = Proto_TransferList.with { list in
+                list.accountAmounts = [
+                    Proto_AccountAmount.with { amt in
+                        amt.accountID = AccountId(num: 100).toProtobuf()
+                        amt.amount = -100
+                    },
+                    Proto_AccountAmount.with { amt in
+                        amt.accountID = AccountId(num: 200).toProtobuf()
+                        amt.amount = 100
+                    },
+                ]
+            }
+        }
+
+        let tx1 = try makeSignedTx(txId: txId1) { $0.cryptoTransfer = transfer }
+        let tx2 = try makeSignedTx(txId: txId2) { $0.cryptoTransfer = transfer }
+
+        var list = Proto_TransactionList()
+        list.transactionList = [tx1, tx2]
+        let bytes = try list.serializedData()
+
+        XCTAssertThrowsError(try Transaction.fromBytes(bytes))
+    }
+
+    /// A consensusSubmitMessage list with 2 actual groups but chunkInfo.total = 1 must be rejected.
+    internal func test_fromBytes_rejectChunkCountMismatch_totalTooLow() throws {
+        let txId1 = TransactionId.withValidStart(
+            AccountId(num: 100), Timestamp(seconds: 1_554_158_542, subSecondNanos: 0))
+        let txId2 = TransactionId.withValidStart(
+            AccountId(num: 100), Timestamp(seconds: 1_554_158_543, subSecondNanos: 0))
+        let topicId = TopicId(num: 1)
+
+        // Both groups declare total=1, but there are 2 actual groups.
+        let tx1 = try makeSignedTx(txId: txId1) { body in
+            body.consensusSubmitMessage = Proto_ConsensusSubmitMessageTransactionBody.with { proto in
+                proto.topicID = topicId.toProtobuf()
+                proto.message = Data("chunk1".utf8)
+                proto.chunkInfo = Proto_ConsensusMessageChunkInfo.with { info in
+                    info.initialTransactionID = txId1.toProtobuf()
+                    info.total = 1
+                    info.number = 1
+                }
+            }
+        }
+        let tx2 = try makeSignedTx(txId: txId2) { body in
+            body.consensusSubmitMessage = Proto_ConsensusSubmitMessageTransactionBody.with { proto in
+                proto.topicID = topicId.toProtobuf()
+                proto.message = Data("chunk2".utf8)
+                proto.chunkInfo = Proto_ConsensusMessageChunkInfo.with { info in
+                    info.initialTransactionID = txId1.toProtobuf()
+                    info.total = 1
+                    info.number = 1
+                }
+            }
+        }
+
+        var list = Proto_TransactionList()
+        list.transactionList = [tx1, tx2]
+        let bytes = try list.serializedData()
+
+        XCTAssertThrowsError(try Transaction.fromBytes(bytes))
+    }
+
+    /// A consensusSubmitMessage list with 2 actual groups but chunkInfo.total = 3 must be rejected.
+    internal func test_fromBytes_rejectChunkCountMismatch_totalTooHigh() throws {
+        let txId1 = TransactionId.withValidStart(
+            AccountId(num: 100), Timestamp(seconds: 1_554_158_542, subSecondNanos: 0))
+        let txId2 = TransactionId.withValidStart(
+            AccountId(num: 100), Timestamp(seconds: 1_554_158_543, subSecondNanos: 0))
+        let topicId = TopicId(num: 1)
+
+        // Both groups declare total=3, but there are only 2 actual groups.
+        let tx1 = try makeSignedTx(txId: txId1) { body in
+            body.consensusSubmitMessage = Proto_ConsensusSubmitMessageTransactionBody.with { proto in
+                proto.topicID = topicId.toProtobuf()
+                proto.message = Data("chunk1".utf8)
+                proto.chunkInfo = Proto_ConsensusMessageChunkInfo.with { info in
+                    info.initialTransactionID = txId1.toProtobuf()
+                    info.total = 3
+                    info.number = 1
+                }
+            }
+        }
+        let tx2 = try makeSignedTx(txId: txId2) { body in
+            body.consensusSubmitMessage = Proto_ConsensusSubmitMessageTransactionBody.with { proto in
+                proto.topicID = topicId.toProtobuf()
+                proto.message = Data("chunk2".utf8)
+                proto.chunkInfo = Proto_ConsensusMessageChunkInfo.with { info in
+                    info.initialTransactionID = txId1.toProtobuf()
+                    info.total = 3
+                    info.number = 2
+                }
+            }
+        }
+
+        var list = Proto_TransactionList()
+        list.transactionList = [tx1, tx2]
+        let bytes = try list.serializedData()
+
+        XCTAssertThrowsError(try Transaction.fromBytes(bytes))
+    }
+
+    /// A consensusSubmitMessage list with swapped chunk numbers must be rejected.
+    internal func test_fromBytes_rejectOutOfOrderChunkNumbers() throws {
+        let txId1 = TransactionId.withValidStart(
+            AccountId(num: 100), Timestamp(seconds: 1_554_158_542, subSecondNanos: 0))
+        let txId2 = TransactionId.withValidStart(
+            AccountId(num: 100), Timestamp(seconds: 1_554_158_543, subSecondNanos: 0))
+        let topicId = TopicId(num: 1)
+
+        // Group appearing first declares number=2; group appearing second declares number=1.
+        let tx1 = try makeSignedTx(txId: txId1) { body in
+            body.consensusSubmitMessage = Proto_ConsensusSubmitMessageTransactionBody.with { proto in
+                proto.topicID = topicId.toProtobuf()
+                proto.message = Data("chunk2".utf8)
+                proto.chunkInfo = Proto_ConsensusMessageChunkInfo.with { info in
+                    info.initialTransactionID = txId1.toProtobuf()
+                    info.total = 2
+                    info.number = 2
+                }
+            }
+        }
+        let tx2 = try makeSignedTx(txId: txId2) { body in
+            body.consensusSubmitMessage = Proto_ConsensusSubmitMessageTransactionBody.with { proto in
+                proto.topicID = topicId.toProtobuf()
+                proto.message = Data("chunk1".utf8)
+                proto.chunkInfo = Proto_ConsensusMessageChunkInfo.with { info in
+                    info.initialTransactionID = txId1.toProtobuf()
+                    info.total = 2
+                    info.number = 1
+                }
+            }
+        }
+
+        var list = Proto_TransactionList()
+        list.transactionList = [tx1, tx2]
+        let bytes = try list.serializedData()
+
+        XCTAssertThrowsError(try Transaction.fromBytes(bytes))
+    }
+
+    // MARK: - Helpers
+
+    private func makeSignedTx(
+        txId: TransactionId,
+        nodeId: AccountId = AccountId(num: 3),
+        configure: (inout Proto_TransactionBody) -> Void
+    ) throws -> Proto_Transaction {
+        var body = Proto_TransactionBody()
+        body.transactionID = txId.toProtobuf()
+        body.nodeAccountID = nodeId.toProtobuf()
+        configure(&body)
+
+        var signedTx = Proto_SignedTransaction()
+        signedTx.bodyBytes = try body.serializedData()
+
+        var tx = Proto_Transaction()
+        tx.signedTransactionBytes = try signedTx.serializedData()
+        return tx
+    }
 }