fix: Drop messages encrypted with the wrong symmetric secret (#7963)

The tests were originally generated with AI and then reworked. Follow-up to https://github.com/chatmail/core/pull/7754 (c724e29) This prevents the following attack: /// Eve is subscribed to a channel and wants to know whether Alice is also subscribed to it. /// To achieve this, Eve sends a message to Alice /// encrypted with the symmetric secret of this broadcast channel. /// /// If Alice sends an answer (or read receipt), /// then Eve knows that Alice is in the broadcast channel. /// /// A similar attack would be possible with auth tokens /// that are also used to symmetrically encrypt messages. /// /// To prevent this, a message that was unexpectedly /// encrypted with a symmetric secret must be dropped.
2026-04-18 14:06:29 +03:00 · 2026-03-12 19:59:19 +01:00
parent 80acc9d467
commit 5404e683eb
9 changed files with 614 additions and 210 deletions
--- a/src/sql.rs
+++ b/src/sql.rs
@@ -302,7 +302,7 @@ impl Sql {
    /// otherwise allocates write connection.
    ///
    /// Returns the result of the function.
-    async fn call<'a, F, R>(&'a self, query_only: bool, function: F) -> Result<R>
+    pub async fn call<'a, F, R>(&'a self, query_only: bool, function: F) -> Result<R>
    where
        F: 'a + FnOnce(&mut Connection) -> Result<R> + Send,
        R: Send + 'static,