Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Create new Peerstate for unencrypted message with already known Autocrypt key, but a new address #5269

Merged
merged 2 commits into from
Mar 8, 2024
Merged

fix: Create new Peerstate for unencrypted message with already known Autocrypt key, but a new address #5269

merged 2 commits into from
Mar 8, 2024

Conversation

iequidoo
Copy link
Collaborator

@iequidoo iequidoo commented Feb 16, 2024
edited
Loading

See commit messages.

This is aimed to solve the @adbenitez's problem with sharing the same key by several accounts.

@iequidoo
Copy link
Collaborator Author

One more occurence of #5201:
https://github.com/deltachat/deltachat-core-rust/actions/runs/7926082001/job/21640415854?pr=5269

@link2xt
Copy link
Collaborator

link2xt commented Feb 20, 2024

Could you rebase it and test with #5274 merged?

vc-request cannot do AEAP because it is not encrypted. It was only encrypted due to a bug.

@iequidoo
Copy link
Collaborator Author

Could you rebase it and test with #5274 merged?

vc-request cannot do AEAP because it is not encrypted. It was only encrypted due to a bug.

It still doesn't work. Apparently AEAP doesn't happen, but a Peerstate isn't created for the new address and that should be fixed. So, instead of looking at the SecureJoin message type, we should check if the message is encrypted.

@iequidoo
Copy link
Collaborator Author

iequidoo commented Feb 20, 2024
edited
Loading

Finally i think that relying on encryption here is not right. vc-request can easily be signed (w/o encryption) and that would be a good reason for doing AEAP. Of course we can state in the SecureJoin doc that vc-request should never be encrypted or signed (as now), but i'd better exculde it explicitly for AEAP.

@iequidoo
Copy link
Collaborator Author

#5280 again:
https://github.com/deltachat/deltachat-core-rust/actions/runs/7999217931/job/21846663121?pr=5269

@iequidoo iequidoo marked this pull request as ready for review February 22, 2024 04:11
@iequidoo iequidoo mentioned this pull request Feb 22, 2024
Merged
@link2xt
Copy link
Collaborator

link2xt commented Feb 25, 2024

I still don't understand why vc-request is special. What if it is a vg-request? What if first message coming from a new address uses existing key, will it also fail to create peerstate?

@adbenitez has scanned a QR code and sent vc-request's, but if just a "hello!" text message is sent, will it fail the same way?

@iequidoo
Copy link
Collaborator Author

I still don't understand why vc-request is special.

I thought it's a good heuristic because vc-request means that it's a new contact, not the existing one changed its address. But not only vc-request means that, you're right. We should check if a message is encrypted. And do AEAP only if the message is encrypted + signed with a verified key. Otherwise a new peerstate must be created, but we must make sure that this doesn't break the possibility of a further AEAP because this may be an attack if the message isn't signed.

What if it is a vg-request?

It won't work the same way.

What if first message coming from a new address uses existing key, will it also fail to create peerstate?

Yes.

@adbenitez has scanned a QR code and sent vc-request's, but if just a "hello!" text message is sent, will it fail the same way?

Almost. The difference is that Alice will answer unencrypted because a new peerstate isn't created. But anyway this is wrong. So, the solution is either do AEAP or create a new peerstate, there is no third option.

@iequidoo iequidoo marked this pull request as draft February 26, 2024 03:12
@iequidoo iequidoo marked this pull request as ready for review February 26, 2024 05:45
@iequidoo iequidoo changed the title fix: Don't perform AEAP for "vc-request" messages fix: Create new Peerstate for unencrypted message with already known Autocrypt key, but a new address Feb 26, 2024
@iequidoo iequidoo force-pushed the iequidoo/adb-aeap-issue branch 2 times, most recently from 2767b18 to 007dcd3 Compare February 26, 2024 16:53
iequidoo
iequidoo commented Feb 26, 2024
View reviewed changes
src/tests/verified_chats.rs Outdated Show resolved Hide resolved
@iequidoo iequidoo requested a review from Hocuri February 26, 2024 17:03
@iequidoo iequidoo marked this pull request as draft February 26, 2024 17:21
@iequidoo iequidoo marked this pull request as ready for review February 26, 2024 17:41
Hocuri
Hocuri reviewed Mar 4, 2024
View reviewed changes
Copy link
Collaborator

@Hocuri Hocuri left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Phew, quite a complicated-to-fix bug, thanks for digging in!

Off-topic

FWIW right now both AEAP and DKIM-checking don't really seem to be worth the complexity, maybe we can make it work nicely or maybe we can think about removing it. Nothing for now, though.

For context, AEAP was an NLnet-funded project, but it turned out to be harder to implement securely than thought. DKIM-checking was one of the attempts to implement it securely.

src/peerstate.rs Show resolved Hide resolved
src/peerstate.rs Outdated Show resolved Hide resolved
src/securejoin.rs Show resolved Hide resolved
@link2xt
Copy link
Collaborator

link2xt commented Mar 4, 2024

With AEAP it is unclear what should happen if we have two contacts with the same key in a verified group and then someone writes to this group with the same key from a third address. Do we remove all contacts and replace with a single one? Currently I think Delta Chat will only AEAP-port one of them arbitrarily selected.

@iequidoo
Copy link
Collaborator Author

iequidoo commented Mar 5, 2024

With AEAP it is unclear what should happen if we have two contacts with the same key in a verified group and then someone writes to this group with the same key from a third address. Do we remove all contacts and replace with a single one? Currently I think Delta Chat will only AEAP-port one of them arbitrarily selected.

Yes, but not arbitrarily selected -- the recently appeared one. Anyway this looks strange, yes. But i decided not to change this right now. Probably removing all old contacts should be done, need to think a little of it and fix in a separate PR.

@iequidoo iequidoo requested a review from Hocuri March 5, 2024 17:28
link2xt
link2xt approved these changes Mar 6, 2024
View reviewed changes
src/peerstate.rs Outdated Show resolved Hide resolved
Hocuri
Hocuri approved these changes Mar 7, 2024
View reviewed changes
Copy link
Collaborator

@Hocuri Hocuri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ta-Daaaaa, one bug less!

src/peerstate.rs Outdated Show resolved Hide resolved
@iequidoo
fix: Create new Peerstate for unencrypted message with already known …
a8fc935 
…Autocrypt key, but a new address

An unencrypted message with already known Autocrypt key, but sent from another address, means that
it's rather a new contact sharing the same key than the existing one changed its address, otherwise
it would already have our key to encrypt.
@iequidoo
refactor: Remove deduplicate_peerstates()
106cf59 
There's the `UNIQUE (acpeerstates.addr)` constraint since db v94.
@iequidoo iequidoo merged commit c0832af into main Mar 8, 2024
38 checks passed
@iequidoo iequidoo deleted the iequidoo/adb-aeap-issue branch March 8, 2024 03:42
@iequidoo
Copy link
Collaborator Author

iequidoo commented Mar 8, 2024

With AEAP it is unclear what should happen if we have two contacts with the same key in a verified group and then someone writes to this group with the same key from a third address. Do we remove all contacts and replace with a single one? Currently I think Delta Chat will only AEAP-port one of them arbitrarily selected.

Yes, but not arbitrarily selected -- the recently appeared one.

Finally i think that in such a case it's better not to port any contact at all. We don't know which one to port. If we port both (i.e. replace them with the new one), then it's a question why they both exist before (probably because the key is shared). Sharing a key isn't a common scenario, if we want AEAP to work in this case too, we better add an additional attribute to the Autocrypt header, smth like setup-id.

So, for now i suggest to avoid doing AEAP if the key is shared.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Hocuri Hocuri Hocuri approved these changes

@link2xt link2xt link2xt approved these changes

@adbenitez adbenitez Awaiting requested review from adbenitez

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@iequidoo @link2xt @Hocuri