fix: Drop messages encrypted with the wrong symmetric secret (#7963)

The tests were originally generated with AI and then reworked. Follow-up to https://github.com/chatmail/core/pull/7754 (c724e29) This prevents the following attack: /// Eve is subscribed to a channel and wants to know whether Alice is also subscribed to it. /// To achieve this, Eve sends a message to Alice /// encrypted with the symmetric secret of this broadcast channel. /// /// If Alice sends an answer (or read receipt), /// then Eve knows that Alice is in the broadcast channel. /// /// A similar attack would be possible with auth tokens /// that are also used to symmetrically encrypt messages. /// /// To prevent this, a message that was unexpectedly /// encrypted with a symmetric secret must be dropped.
2026-04-24 00:46:30 +03:00 · 2026-03-12 19:59:19 +01:00
parent 80acc9d467
commit 5404e683eb
9 changed files with 614 additions and 210 deletions
--- a/src/mimeparser/mimeparser_tests.rs
+++ b/src/mimeparser/mimeparser_tests.rs
@@ -2171,9 +2171,6 @@ async fn test_load_shared_secrets_with_legacy_state() -> Result<()> {
        ()
    ).await?;

-    // This call must not fail:
-    load_shared_secrets(alice).await.unwrap();
-
    let qr: QrInvite = alice
        .sql
        .query_get_value("SELECT invite FROM bobstate", ())