fix: AEAP: Remove old peerstate verified_key instead of removing the whole peerstate (#5535)

When doing an AEAP transition, we mustn't just delete the old peerstate as this would break encryption to it. This is critical for non-verified groups -- if we can't encrypt to the old address, we can't securely remove it from the group (to add the new one instead).
2026-04-28 19:06:35 +03:00 · 2024-05-27 17:34:20 -03:00
parent 27bf4c37a7
commit 70ad323c9a
2 changed files with 18 additions and 4 deletions
--- a/src/peerstate.rs
+++ b/src/peerstate.rs
@@ -538,10 +538,18 @@ impl Peerstate {
            if let Some(old_addr) = old_addr {
                // We are doing an AEAP transition to the new address and the SQL INSERT below will
                // save the existing peerstate as belonging to this new address. We now need to
-                // delete the peerstate that belongs to the current address in case if the contact
-                // later wants to move back to the current address. Otherwise the old entry will be
-                // just found and updated instead of doing AEAP.
-                t.execute("DELETE FROM acpeerstates WHERE addr=?", (old_addr,))?;
+                // "unverify" the peerstate that belongs to the current address in case if the
+                // contact later wants to move back to the current address. Otherwise the old entry
+                // will be just found and updated instead of doing AEAP. We can't just delete the
+                // existing peerstate as this would break encryption to it. This is critical for
+                // non-verified groups -- if we can't encrypt to the old address, we can't securely
+                // remove it from the group (to add the new one instead).
+                t.execute(
+                    "UPDATE acpeerstates \
+                     SET verified_key=NULL, verified_key_fingerprint='', verifier='' \
+                     WHERE addr=?",
+                    (old_addr,),
+                )?;
            }
            t.execute(
                "INSERT INTO acpeerstates (
--- a/src/tests/aeap.rs
+++ b/src/tests/aeap.rs
@@ -327,6 +327,12 @@ async fn check_no_transition_done(groups: &[ChatId], old_alice_addr: &str, bob:
            last_info_msg.is_none(),
            "{last_info_msg:?} shouldn't be there (or it's an unrelated info msg)"
        );
+
+        let sent = bob.send_text(*group, "hi").await;
+        let msg = Message::load_from_db(bob, sent.sender_msg_id)
+            .await
+            .unwrap();
+        assert_eq!(msg.get_showpadlock(), true);
    }
 }