fix: Drop messages encrypted with the wrong symmetric secret (#7963)

The tests were originally generated with AI and then reworked. Follow-up to https://github.com/chatmail/core/pull/7754 (c724e29) This prevents the following attack: /// Eve is subscribed to a channel and wants to know whether Alice is also subscribed to it. /// To achieve this, Eve sends a message to Alice /// encrypted with the symmetric secret of this broadcast channel. /// /// If Alice sends an answer (or read receipt), /// then Eve knows that Alice is in the broadcast channel. /// /// A similar attack would be possible with auth tokens /// that are also used to symmetrically encrypt messages. /// /// To prevent this, a message that was unexpectedly /// encrypted with a symmetric secret must be dropped.
2026-04-27 10:26:29 +03:00 · 2026-03-12 19:59:19 +01:00
parent 80acc9d467
commit 5404e683eb
9 changed files with 614 additions and 210 deletions
--- a/src/token.rs
+++ b/src/token.rs
@@ -66,22 +66,6 @@ pub async fn lookup(
        .await
 }

-/// Looks up all tokens from the given namespace,
-/// so that they can be used for decrypting a symmetrically-encrypted message.
-///
-/// The most-recently saved tokens are returned first.
-/// This improves performance when Bob scans a QR code that was just created.
-pub async fn lookup_all(context: &Context, namespace: Namespace) -> Result<Vec<String>> {
-    context
-        .sql
-        .query_map_vec(
-            "SELECT token FROM tokens WHERE namespc=? ORDER BY id DESC",
-            (namespace,),
-            |row| Ok(row.get(0)?),
-        )
-        .await
-}
-
 pub async fn lookup_or_new(
    context: &Context,
    namespace: Namespace,