fix: Domain separation between securejoin auth tokens and broadcast channel secrets (#7981)

Can be reviewed commit-by-commit. This fixes another silly thing you can do with securejoinv3: show Bob a QR code with auth token that is a broadcast channel secret of a known channel, then never respond. Bob will decrypt messages from the channel and drop them because they are sent by the "wrong" sender. This can be avoided with domain separation, instead of encrypting/decrypting securejoinv3 messages directly with auth token, encrypt/decrypt them with `securejoin/<auth token>` as the secret or even `securejoinv3/<alice's fingerprint>/<auth token>`. For existing broadcast channels we cannot do this, but for securejoinv3 that is not released yet this looks like an improvement that avoids at least this problem. Credits to link2xt for noticing the problem. This also adds Alice's fingerprint to the auth tokens, which was pretty easy to do. I find it hard to develop an intuition for whether this is important, or whether we will be annoyed by it in the future. **Note:** This means that QR code scans will not work if one of the chat partners uses a self-compiled core between c724e2981 and merging this PR here. This is fine; we will just have to tell the other developers to update their self-compiled cores.
2026-04-19 14:36:29 +03:00 · 2026-03-13 22:01:19 +01:00
parent 0150d38ddd
commit d8d7f12af0
6 changed files with 51 additions and 50 deletions
--- a/src/securejoin/bob.rs
+++ b/src/securejoin/bob.rs
@@ -312,13 +312,17 @@ pub(crate) async fn send_handshake_message(
        let rfc724_mid = create_outgoing_rfc724_mid();
        let contact = Contact::get_by_id(context, invite.contact_id()).await?;
        let recipient = contact.get_addr();
+        let alice_fp = invite.fingerprint().hex();
+        let auth = invite.authcode();
+        let shared_secret = format!("securejoin/{alice_fp}/{auth}");
        let attach_self_pubkey = false;
        let rendered_message = mimefactory::render_symm_encrypted_securejoin_message(
            context,
            "vc-request-pubkey",
            &rfc724_mid,
            attach_self_pubkey,
-            invite.authcode(),
+            auth,
+            &shared_secret,
        )
        .await?;