Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-04-19 14:36:29 +03:00
Code Issues Packages Projects Releases Wiki Activity
9,402 Commits 526 Branches 384 Tags
738f6c1799a5c8f5d7abcd83b9fc400276ed2b42
Commit Graph

9402 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Hocuri
738f6c1799 feat: Transfer the broadcast secret in an encrypted message rather than directly in the QR code 2025-09-03 17:56:11 +02:00
Hocuri
e1abaebeb5 WIP, untested: Receiving side of passing broadcast secret in a message 2025-09-03 17:56:11 +02:00
Hocuri
0978a46ab6 WIP, untested: Sending side of transferring the secret in member-added message 2025-09-03 17:56:11 +02:00
Hocuri
410048a9e1 Improve TODOs 2025-09-03 17:56:11 +02:00
Hocuri
72336ebb8a Add benchmark for message decryption 2025-09-03 17:56:11 +02:00
Hocuri
fca8948e4c Speed up message decryption by not iterating in the s2k algorithm 
The passphrase has as much entropy as the session key, so, there is no
point in making the computation slow by iterating.
 2025-09-03 17:56:11 +02:00
Hocuri
d431f2ebd3 Add benchmark for message decryption 2025-09-03 17:56:10 +02:00
Hocuri
ad0e3179dd Remove unused and problematic ensure! 
`secret_keys.is_empty()` only checked whether any secret keys were
passed. This is not helpful, and made decrypting fail in the benchmark.
 2025-09-03 17:56:10 +02:00
Hocuri
494ad63a73 feat: Increase secret size to 256 bits of entropy 
This is for quantumn computers. When trying to break AES, quantumn
computers give a square-root speedup, i.e. the 144 bits of entropy would
take as many queries as breaking 72 bits of entropy on a normal computer. This neglects
e.g. the costs of quantumn circuits and quantumn error correction [1], so,
144 bits entropy would actually have been fine, but in order to be on
the very safe side and so that noone can complain, let's increase it to
256 bits.

[1]: https://csrc.nist.gov/csrc/media/Events/2024/fifth-pqc-standardization-conference/documents/papers/on-practical-cost-of-grover.pdf
 2025-09-03 17:56:10 +02:00
Hocuri
13bbcbeb0e Add some print statements for debugging 2025-09-03 17:56:10 +02:00
Hocuri
a14b53e3ca fix: Don't show a weird 'vb-request-with-auth' message when a subscriber joins 2025-09-03 17:56:10 +02:00
Hocuri
9474fbff56 fix: Correct member-added info messages 2025-09-03 17:56:10 +02:00
Hocuri
c4001cc3ff fix: Let Alice send vb-member-added so that the chat is immediately shown on Bob's device 2025-09-03 17:56:08 +02:00
Hocuri
548f5a454c Add TODO 2025-09-03 17:55:40 +02:00
Hocuri
91110147c3 fix: Actually send broadcast message to recipients, ALL TESTS PASS NOW - fix test_broadcasts_name_and_avatar(). 2025-09-03 17:55:40 +02:00
Hocuri
6012595f1a test: fix test_encrypt_decrypt_broadcast() 2025-09-03 17:55:40 +02:00
Hocuri
504b2d691d test: fix test_leave_broadcast 2025-09-03 17:55:40 +02:00
Hocuri
7e191f6cf9 fix: Make joining a channel work with multi-device, fix test_leave_broadcast_multidevice 2025-09-03 17:55:40 +02:00
Hocuri
37f6da1cc9 test: Fix one panic in test_broadcasts_name_and_avatar, but there is another one where I couldn't find the problem 2025-09-03 17:55:39 +02:00
Hocuri
df2693f307 test: Fix test_broadcast_multidev 2025-09-03 17:55:39 +02:00
Hocuri
cdd280a2d3 make test_block_broadcast pass 2025-09-03 17:55:39 +02:00
Hocuri
6bb714a6e5 fix: Make syncing of QR tokens work, make test_sync_broadcast pass 2025-09-03 17:55:39 +02:00
Hocuri
b276eda1a2 Make basic multi-device work on joiner side, fix test_only_minimal_data_are_forwarded 2025-09-03 17:55:39 +02:00
Hocuri
9c747b4cb0 fix: make test_broadcast work, return an error when trying to add manually add a contact to a broadcast list, don't have unpromoted broadcast lists, make basic multi-device, inviter side, work 2025-09-03 17:55:39 +02:00
Hocuri
326deab025 Broadcast-securejoin is working!! 2025-09-03 17:55:39 +02:00
Hocuri
24561cd256 test: Add test_send_avatar_in_securejoin 2025-09-03 17:55:39 +02:00
Hocuri
5da7e45b2b Adapt the rest of the code to the new QR code type 2025-09-03 17:55:39 +02:00
Hocuri
3389e93820 feat: Add broadcast QR type (todo: documentation) 2025-09-03 17:55:39 +02:00
Hocuri
789b923bb8 feat: Store symmetric key non-redundantly in the database 2025-09-03 17:55:39 +02:00
Hocuri
547f750073 Make it compile 2025-09-03 17:55:39 +02:00
Hocuri
382023de11 sync broadcast secret for multidevice 2025-09-03 17:55:39 +02:00
Hocuri
3781a35989 feat: Add create_broadcast_shared_secret() 2025-09-03 17:55:39 +02:00
Hocuri
8653fdbd8e feat: Save the secret to encrypt and decrypt messages. Next: Send it in a 'member added' message. 2025-09-03 17:55:38 +02:00
Hocuri
47bf4da1fe WIP: Start with decryption, and a test for it. Next TODO: SQL table migartion. 2025-09-03 17:55:38 +02:00
Hocuri
ec2056f5e2 feat: Symmetric encryption. No decryption, no sharing of the secret, not tested. 2025-09-03 17:55:35 +02:00
dependabot[bot]
1991e01641 Merge pull request #7157 from chatmail/dependabot/cargo/tempfile-3.21.0 2025-09-02 23:29:24 +00:00
dependabot[bot]
d7e87b6336 Merge pull request #7152 from chatmail/dependabot/cargo/syn-2.0.106 2025-09-02 23:18:00 +00:00
dependabot[bot]
fde490ba15 chore(cargo): bump tempfile from 3.20.0 to 3.21.0 
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.20.0 to 3.21.0.
- [Changelog](https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Stebalien/tempfile/compare/v3.20.0...v3.21.0)

---
updated-dependencies:
- dependency-name: tempfile
  dependency-version: 3.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-02 22:01:42 +00:00
dependabot[bot]
cf5a16d967 chore(cargo): bump syn from 2.0.104 to 2.0.106 
Bumps [syn](https://github.com/dtolnay/syn) from 2.0.104 to 2.0.106.
- [Release notes](https://github.com/dtolnay/syn/releases)
- [Commits](https://github.com/dtolnay/syn/compare/2.0.104...2.0.106)

---
updated-dependencies:
- dependency-name: syn
  dependency-version: 2.0.106
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-02 22:01:28 +00:00
dependabot[bot]
e8dde9c63d chore(cargo): bump thiserror from 2.0.12 to 2.0.16 
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 2.0.12 to 2.0.16.
- [Release notes](https://github.com/dtolnay/thiserror/releases)
- [Commits](https://github.com/dtolnay/thiserror/compare/2.0.12...2.0.16)

---
updated-dependencies:
- dependency-name: thiserror
  dependency-version: 2.0.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-02 22:00:03 +00:00
dependabot[bot]
667a935665 chore(cargo): bump serde_json from 1.0.142 to 1.0.143 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.142 to 1.0.143.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.142...v1.0.143)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-version: 1.0.143
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-02 21:34:37 +00:00
dependabot[bot]
28cea706fa chore(cargo): bump anyhow from 1.0.98 to 1.0.99 
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.98 to 1.0.99.
- [Release notes](https://github.com/dtolnay/anyhow/releases)
- [Commits](https://github.com/dtolnay/anyhow/compare/1.0.98...1.0.99)

---
updated-dependencies:
- dependency-name: anyhow
  dependency-version: 1.0.99
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-02 21:20:26 +00:00
dependabot[bot]
209a990444 chore(cargo): bump libc from 0.2.174 to 0.2.175 
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.174 to 0.2.175.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Changelog](https://github.com/rust-lang/libc/blob/0.2.175/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.174...0.2.175)

---
updated-dependencies:
- dependency-name: libc
  dependency-version: 0.2.175
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-02 21:19:06 +00:00
dependabot[bot]
6365a46fac chore(cargo): bump percent-encoding from 2.3.1 to 2.3.2 
Bumps [percent-encoding](https://github.com/servo/rust-url) from 2.3.1 to 2.3.2.
- [Release notes](https://github.com/servo/rust-url/releases)
- [Commits](https://github.com/servo/rust-url/commits)

---
updated-dependencies:
- dependency-name: percent-encoding
  dependency-version: 2.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-02 21:18:44 +00:00
dependabot[bot]
a81496e9ab Merge pull request #7150 from chatmail/dependabot/cargo/quick-xml-0.38.3 2025-09-02 18:56:21 +00:00
dependabot[bot]
ca05733b9d Merge pull request #7151 from chatmail/dependabot/cargo/toml-0.9.5 2025-09-02 18:55:42 +00:00
dependabot[bot]
dfb5348a78 Merge pull request #7156 from chatmail/dependabot/cargo/brotli-8.0.2 2025-09-02 18:55:16 +00:00
dependabot[bot]
602e52490c Merge pull request #7158 from chatmail/dependabot/cargo/async_zip-0.0.18 2025-09-02 18:54:53 +00:00
dependabot[bot]
740b24e8a4 Merge pull request #7160 from chatmail/dependabot/cargo/futures-lite-2.6.1 2025-09-02 18:53:52 +00:00
dependabot[bot]
44a09ffd12 Merge pull request #7164 from chatmail/dependabot/cargo/hyper-1.7.0 2025-09-02 18:49:24 +00:00