From 8d09291d1e306669317e9c802d78d1cd7de85d43 Mon Sep 17 00:00:00 2001
From: link2xt <link2xt@testrun.org>
Date: Tue, 13 Feb 2024 01:33:02 +0000
Subject: [PATCH] fix: do not send Secure-Join-Group in vg-request

Secure-Join-Group is only expected by old core in vg-request-with-auth.
There is no reason to leak group ID in unencrypted vg-request.
Besides that, Secure-Join-Group is deprecated
as Alice knows Group ID corresponding to the auth code,
so the header can be removed completely eventually.
---
 src/param.rs               |  2 +-
 src/securejoin.rs          |  8 ++++++++
 src/securejoin/bobstate.rs | 17 ++++++++++++-----
 3 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/src/param.rs b/src/param.rs
index 4519ce598..041215a62 100644
--- a/src/param.rs
+++ b/src/param.rs
@@ -87,7 +87,7 @@ pub enum Param {
     /// `Secure-Join-Fingerprint` header for `{vc,vg}-request-with-auth` messages.
     Arg3 = b'G',
 
-    /// For Messages
+    /// Deprecated `Secure-Join-Group` header for messages.
     Arg4 = b'H',
 
     /// For Messages
diff --git a/src/securejoin.rs b/src/securejoin.rs
index 00945121b..8e247f155 100644
--- a/src/securejoin.rs
+++ b/src/securejoin.rs
@@ -1125,6 +1125,14 @@ mod tests {
         assert_eq!(msg.get_header(HeaderDef::SecureJoin).unwrap(), "vg-request");
         assert!(msg.get_header(HeaderDef::SecureJoinInvitenumber).is_some());
 
+        // Old Delta Chat core sent `Secure-Join-Group` header in `vg-request`,
+        // but it was only used by Alice in `vg-request-with-auth`.
+        // New Delta Chat versions do not use `Secure-Join-Group` header at all
+        // and it is deprecated.
+        // Now `Secure-Join-Group` header
+        // is only sent in `vg-request-with-auth` for compatibility.
+        assert!(msg.get_header(HeaderDef::SecureJoinGroup).is_none());
+
         // Step 3: Alice receives vg-request, sends vg-auth-required
         alice.recv_msg(&sent).await;
 
diff --git a/src/securejoin/bobstate.rs b/src/securejoin/bobstate.rs
index 6f4915dc5..c9bf390a0 100644
--- a/src/securejoin/bobstate.rs
+++ b/src/securejoin/bobstate.rs
@@ -378,14 +378,21 @@ async fn send_handshake_message(
             // Sends our own fingerprint in the Secure-Join-Fingerprint header.
             let bob_fp = load_self_public_key(context).await?.fingerprint();
             msg.param.set(Param::Arg3, bob_fp.hex());
+
+            // Sends the grpid in the Secure-Join-Group header.
+            //
+            // `Secure-Join-Group` header is deprecated,
+            // but old Delta Chat core requires that Alice receives it.
+            //
+            // Previous Delta Chat core also sent `Secure-Join-Group` header
+            // in `vg-request` messages,
+            // but it was not used on the receiver.
+            if let QrInvite::Group { ref grpid, .. } = invite {
+                msg.param.set(Param::Arg4, grpid);
+            }
         }
     };
 
-    // Sends the grpid in the Secure-Join-Group header.
-    if let QrInvite::Group { ref grpid, .. } = invite {
-        msg.param.set(Param::Arg4, grpid);
-    }
-
     chat::send_msg(context, chat_id, &mut msg).await?;
     Ok(())
 }