Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-05-08 01:16:31 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix: AEAP: Remove old peerstate verified_key instead of removing the whole peerstate (#5535)

Browse Source 
When doing an AEAP transition, we mustn't just delete the old peerstate as this would break
encryption to it. This is critical for non-verified groups -- if we can't encrypt to the old
address, we can't securely remove it from the group (to add the new one instead).
This commit is contained in:
iequidoo
2024-05-27 17:34:20 -03:00
committed by iequidoo
parent 27bf4c37a7
commit 70ad323c9a
2 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/peerstate.rs
View File

@@ -538,10 +538,18 @@ impl Peerstate {
if let Some(old_addr) = old_addr { if let Some(old_addr) = old_addr {
// We are doing an AEAP transition to the new address and the SQL INSERT below will // We are doing an AEAP transition to the new address and the SQL INSERT below will
// save the existing peerstate as belonging to this new address. We now need to // save the existing peerstate as belonging to this new address. We now need to
// delete the peerstate that belongs to the current address in case if the contact // "unverify" the peerstate that belongs to the current address in case if the
// later wants to move back to the current address. Otherwise the old entry will be // contact later wants to move back to the current address. Otherwise the old entry
// just found and updated instead of doing AEAP. // will be just found and updated instead of doing AEAP. We can't just delete the
t.execute("DELETE FROM acpeerstates WHERE addr=?", (old_addr,))?; // existing peerstate as this would break encryption to it. This is critical for
// non-verified groups -- if we can't encrypt to the old address, we can't securely
// remove it from the group (to add the new one instead).
t.execute(
"UPDATE acpeerstates \
SET verified_key=NULL, verified_key_fingerprint='', verifier='' \
WHERE addr=?",
(old_addr,),
)?;
} }
t.execute( t.execute(
"INSERT INTO acpeerstates ( "INSERT INTO acpeerstates (

6
src/tests/aeap.rs
View File

@@ -327,6 +327,12 @@ async fn check_no_transition_done(groups: &[ChatId], old_alice_addr: &str, bob:
last_info_msg.is_none(), last_info_msg.is_none(),
"{last_info_msg:?} shouldn't be there (or it's an unrelated info msg)" "{last_info_msg:?} shouldn't be there (or it's an unrelated info msg)"
); );
let sent = bob.send_text(*group, "hi").await;
let msg = Message::load_from_db(bob, sent.sender_msg_id)
.await
.unwrap();
assert_eq!(msg.get_showpadlock(), true);
} }
} }