From 4da9e392ca2924f8bb7076d7e0426b8e03bfb571 Mon Sep 17 00:00:00 2001 From: iequidoo Date: Fri, 28 Apr 2023 13:12:22 -0400 Subject: [PATCH] BREAKING: Remove Secure-Join-Fingerprint header from "vc-contact-confirm", "vg-member-added" messages (#3836) It's a compatibility crutch for old clients (< 1.107.0), they require it in the subject messages. Currently DC sends Autocrypt key gossips instead, they're better because knowing a key allows not to only trust the peer, but also encrypt to it. Before it was a problem for other devices on a joining side going online after a successful Securejoin setup -- they didn't have a joiner's key to encrypt to it. So, we decided not to complicate the Securejoin with sending keys instead, but rely on the Autocrypt. Also there's a PR to the Countermitm doc documenting when gossips in 'vc-request-with-auth' are needed: Bob's own key fingerprint ``Bob_FP``, the second challenge ``AUTH`` from step 1 and optionally an Autocrypt-Gossip header for Alice's Autocrypt key in order for a second device of Bob to learn Alice's verified key. --- CHANGELOG.md | 1 + src/mimefactory.rs | 11 ----------- src/securejoin.rs | 37 +++---------------------------------- 3 files changed, 4 insertions(+), 45 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 359ab0d20..95e8a6b13 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ - BREAKING: jsonrpc: - `get_chatlist_items_by_entries` now takes only chatids instead of `ChatListEntries` - `get_chatlist_entries` now returns `Vec` of chatids instead of `ChatListEntries` +- BREAKING: Remove Secure-Join-Fingerprint header from "vc-contact-confirm", "vg-member-added" messages. ## [1.114.0] - 2023-04-24 diff --git a/src/mimefactory.rs b/src/mimefactory.rs index 24a22de0e..d8a48e6ca 100644 --- a/src/mimefactory.rs +++ b/src/mimefactory.rs @@ -945,17 +945,6 @@ impl<'a> MimeFactory<'a> { "Secure-Join".to_string(), "vg-member-added".to_string(), )); - // FIXME: Old clients require Secure-Join-Fingerprint header. Remove this - // eventually. - let fingerprint = Peerstate::from_addr(context, email_to_add) - .await? - .context("No peerstate found in db")? - .public_key_fingerprint - .context("No public key fingerprint in db for the member to add")?; - headers.protected.push(Header::new( - "Secure-Join-Fingerprint".into(), - fingerprint.hex(), - )); } } SystemMessage::GroupNameChanged => { diff --git a/src/securejoin.rs b/src/securejoin.rs index f854b7d98..af46968af 100644 --- a/src/securejoin.rs +++ b/src/securejoin.rs @@ -465,14 +465,9 @@ pub(crate) async fn handle_securejoin_handshake( info_chat_id(context, contact_id).await?, ) .await?; - send_alice_handshake_msg( - context, - contact_id, - "vc-contact-confirm", - Some(fingerprint), - ) - .await - .context("failed sending vc-contact-confirm message")?; + send_alice_handshake_msg(context, contact_id, "vc-contact-confirm", None) + .await + .context("failed sending vc-contact-confirm message")?; inviter_progress!(context, contact_id, 1000); } @@ -631,32 +626,6 @@ pub(crate) async fn observe_securejoin_on_other_device( } peerstate.prefer_encrypt = EncryptPreference::Mutual; peerstate.save_to_db(&context.sql).await.unwrap_or_default(); - } else if let Some(fingerprint) = - mime_message.get_header(HeaderDef::SecureJoinFingerprint) - { - // FIXME: Old versions of DC send this header instead of gossips. Remove this - // eventually. - let fingerprint = fingerprint.parse()?; - if mark_peer_as_verified( - context, - fingerprint, - Contact::load_from_db(context, contact_id) - .await? - .get_addr() - .to_owned(), - ) - .await - .is_err() - { - could_not_establish_secure_connection( - context, - contact_id, - info_chat_id(context, contact_id).await?, - format!("Fingerprint mismatch on observing {step}.").as_ref(), - ) - .await?; - return Ok(HandshakeMessage::Ignore); - } } else { could_not_establish_secure_connection( context,