Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-05-09 01:46:30 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix: do not send Secure-Join-Group in vg-request

Browse Source 
Secure-Join-Group is only expected by old core in vg-request-with-auth.
There is no reason to leak group ID in unencrypted vg-request.
Besides that, Secure-Join-Group is deprecated
as Alice knows Group ID corresponding to the auth code,
so the header can be removed completely eventually.
This commit is contained in:
link2xt
2024-02-13 01:33:02 +00:00
parent 4ccd2b8d02
commit 8d09291d1e
3 changed files with 21 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/param.rs
View File

@@ -87,7 +87,7 @@ pub enum Param {
/// `Secure-Join-Fingerprint` header for `{vc,vg}-request-with-auth` messages. /// `Secure-Join-Fingerprint` header for `{vc,vg}-request-with-auth` messages.
Arg3 = b'G', Arg3 = b'G',
/// For Messages /// Deprecated `Secure-Join-Group` header for messages.
Arg4 = b'H', Arg4 = b'H',
/// For Messages /// For Messages

8
src/securejoin.rs
View File

@@ -1125,6 +1125,14 @@ mod tests {
assert_eq!(msg.get_header(HeaderDef::SecureJoin).unwrap(), "vg-request"); assert_eq!(msg.get_header(HeaderDef::SecureJoin).unwrap(), "vg-request");
assert!(msg.get_header(HeaderDef::SecureJoinInvitenumber).is_some()); assert!(msg.get_header(HeaderDef::SecureJoinInvitenumber).is_some());
// Old Delta Chat core sent `Secure-Join-Group` header in `vg-request`,
// but it was only used by Alice in `vg-request-with-auth`.
// New Delta Chat versions do not use `Secure-Join-Group` header at all
// and it is deprecated.
// Now `Secure-Join-Group` header
// is only sent in `vg-request-with-auth` for compatibility.
assert!(msg.get_header(HeaderDef::SecureJoinGroup).is_none());
// Step 3: Alice receives vg-request, sends vg-auth-required // Step 3: Alice receives vg-request, sends vg-auth-required
alice.recv_msg(&sent).await; alice.recv_msg(&sent).await;

11
src/securejoin/bobstate.rs
View File

@@ -378,13 +378,20 @@ async fn send_handshake_message(
// Sends our own fingerprint in the Secure-Join-Fingerprint header. // Sends our own fingerprint in the Secure-Join-Fingerprint header.
let bob_fp = load_self_public_key(context).await?.fingerprint(); let bob_fp = load_self_public_key(context).await?.fingerprint();
msg.param.set(Param::Arg3, bob_fp.hex()); msg.param.set(Param::Arg3, bob_fp.hex());
}
};
// Sends the grpid in the Secure-Join-Group header. // Sends the grpid in the Secure-Join-Group header.
//
// `Secure-Join-Group` header is deprecated,
// but old Delta Chat core requires that Alice receives it.
//
// Previous Delta Chat core also sent `Secure-Join-Group` header
// in `vg-request` messages,
// but it was not used on the receiver.
if let QrInvite::Group { ref grpid, .. } = invite { if let QrInvite::Group { ref grpid, .. } = invite {
msg.param.set(Param::Arg4, grpid); msg.param.set(Param::Arg4, grpid);
} }
}
};
chat::send_msg(context, chat_id, &mut msg).await?; chat::send_msg(context, chat_id, &mut msg).await?;
Ok(()) Ok(())