From a8d2f51a54475dc70f2ceb83fe077d1cab9fcfa8 Mon Sep 17 00:00:00 2001 From: "B. Petersen" Date: Wed, 20 Nov 2024 18:15:19 +0100 Subject: [PATCH 01/11] add self_addr to webxdc-info --- deltachat-ffi/deltachat.h | 1 + src/summary.rs | 4 ++-- src/webxdc.rs | 10 ++++++++++ 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/deltachat-ffi/deltachat.h b/deltachat-ffi/deltachat.h index 36bf24607e..55235216b4 100644 --- a/deltachat-ffi/deltachat.h +++ b/deltachat-ffi/deltachat.h @@ -4197,6 +4197,7 @@ char* dc_msg_get_webxdc_blob (const dc_msg_t* msg, const char* * true if the Webxdc should get full internet access, including Webrtc. * currently, this is only true for encrypted Webxdc's in the self chat * that have requested internet access in the manifest. + * - self_addr: address to be used for `window.webxdc.selfAddr` in JS land. * * @memberof dc_msg_t * @param msg The webxdc instance. diff --git a/src/summary.rs b/src/summary.rs index 4881b0a671..72bf3395d0 100644 --- a/src/summary.rs +++ b/src/summary.rs @@ -289,7 +289,7 @@ mod tests { use super::*; use crate::chat::ChatId; use crate::param::Param; - use crate::test_utils as test; + use crate::test_utils::TestContext; async fn assert_summary_texts(msg: &Message, ctx: &Context, expected: &str) { assert_eq!(msg.get_summary_text(ctx).await, expected); @@ -298,7 +298,7 @@ mod tests { #[tokio::test(flavor = "multi_thread", worker_threads = 2)] async fn test_get_summary_text() { - let d = test::TestContext::new().await; + let d = TestContext::new_alice().await; let ctx = &d.ctx; let chat_id = ChatId::create_for_contact(ctx, ContactId::SELF) .await diff --git a/src/webxdc.rs b/src/webxdc.rs index 8dacd778cc..3d6818efdf 100644 --- a/src/webxdc.rs +++ b/src/webxdc.rs @@ -97,6 +97,9 @@ pub struct WebxdcInfo { /// It should request access, be encrypted /// and sent to self for this. pub internet_access: bool, + + /// address to be used for `window.webxdc.selfAddr` in JS land. + pub self_addr: String, } /// Status Update ID. @@ -872,6 +875,8 @@ impl Message { && self.chat_id.is_self_talk(context).await.unwrap_or_default() && self.get_showpadlock(); + let self_addr = self.get_webxdc_self_addr(context).await?; + Ok(WebxdcInfo { name: if let Some(name) = manifest.name { name @@ -904,8 +909,13 @@ impl Message { "".to_string() }, internet_access, + self_addr, }) } + + async fn get_webxdc_self_addr(&self, context: &Context) -> Result { + context.get_primary_self_addr().await + } } #[cfg(test)] From 08fdc1e1717bd23da7862e4927e98cb0f2aec5ea Mon Sep 17 00:00:00 2001 From: "B. Petersen" Date: Wed, 20 Nov 2024 18:26:16 +0100 Subject: [PATCH 02/11] add jsonprc definitions --- deltachat-jsonrpc/src/api/types/webxdc.rs | 4 ++++ src/webxdc.rs | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/deltachat-jsonrpc/src/api/types/webxdc.rs b/deltachat-jsonrpc/src/api/types/webxdc.rs index 71db9ed931..28f0f384b3 100644 --- a/deltachat-jsonrpc/src/api/types/webxdc.rs +++ b/deltachat-jsonrpc/src/api/types/webxdc.rs @@ -35,6 +35,8 @@ pub struct WebxdcMessageInfo { source_code_url: Option, /// True if full internet access should be granted to the app. internet_access: bool, + /// Address to be used for `window.webxdc.selfAddr` in JS land. + self_addr: String, } impl WebxdcMessageInfo { @@ -50,6 +52,7 @@ impl WebxdcMessageInfo { summary, source_code_url, internet_access, + self_addr, } = message.get_webxdc_info(context).await?; Ok(Self { @@ -59,6 +62,7 @@ impl WebxdcMessageInfo { summary: maybe_empty_string_to_option(summary), source_code_url: maybe_empty_string_to_option(source_code_url), internet_access, + self_addr, }) } } diff --git a/src/webxdc.rs b/src/webxdc.rs index 3d6818efdf..6eaeb7cbb5 100644 --- a/src/webxdc.rs +++ b/src/webxdc.rs @@ -98,7 +98,7 @@ pub struct WebxdcInfo { /// and sent to self for this. pub internet_access: bool, - /// address to be used for `window.webxdc.selfAddr` in JS land. + /// Address to be used for `window.webxdc.selfAddr` in JS land. pub self_addr: String, } From e7804dce02865f46cbbcdb8c4647efaaa6a5c630 Mon Sep 17 00:00:00 2001 From: "B. Petersen" Date: Wed, 20 Nov 2024 19:01:56 +0100 Subject: [PATCH 03/11] do not add real address to self_addrt --- src/webxdc.rs | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/webxdc.rs b/src/webxdc.rs index 6eaeb7cbb5..55094aa5b5 100644 --- a/src/webxdc.rs +++ b/src/webxdc.rs @@ -30,6 +30,7 @@ use lettre_email::PartBuilder; use rusqlite::OptionalExtension; use serde::{Deserialize, Serialize}; use serde_json::Value; +use sha1::{Digest, Sha1}; use crate::chat::{self, Chat}; use crate::constants::Chattype; @@ -914,7 +915,15 @@ impl Message { } async fn get_webxdc_self_addr(&self, context: &Context) -> Result { - context.get_primary_self_addr().await + let addr = context.get_primary_self_addr().await?; + let data = format!("{}-{}", addr, self.rfc724_mid); + + let mut hasher = Sha1::new(); + hasher.update(data.as_bytes()); + let hash = hasher.finalize(); + let hash_str = format!("{:x}", hash); + + Ok(hash_str) } } From 08ff99e21e8db013d5cf8e8c7e097bfbd92db102 Mon Sep 17 00:00:00 2001 From: "B. Petersen" Date: Wed, 20 Nov 2024 19:15:33 +0100 Subject: [PATCH 04/11] test self_addr --- src/webxdc.rs | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/webxdc.rs b/src/webxdc.rs index 55094aa5b5..2d47be92d4 100644 --- a/src/webxdc.rs +++ b/src/webxdc.rs @@ -2307,6 +2307,20 @@ sth_for_the = "future""# Ok(()) } + #[tokio::test(flavor = "multi_thread", worker_threads = 2)] + async fn test_get_webxdc_self_addr() -> Result<()> { + let t = TestContext::new_alice().await; + let chat_id = create_group_chat(&t, ProtectionStatus::Unprotected, "foo").await?; + + let instance = send_webxdc_instance(&t, chat_id).await?; + let info = instance.get_webxdc_info(&t).await?; + + let real_addr = t.get_primary_self_addr().await?; + assert!(!info.self_addr.contains(&real_addr)); + + Ok(()) + } + #[tokio::test(flavor = "multi_thread", worker_threads = 2)] async fn test_webxdc_info_summary() -> Result<()> { let alice = TestContext::new_alice().await; From 0eabea793157d37c2d5378d891f763370d37d62d Mon Sep 17 00:00:00 2001 From: "B. Petersen" Date: Wed, 20 Nov 2024 19:36:40 +0100 Subject: [PATCH 05/11] use SHA-256 to create self_addr --- Cargo.lock | 1 + Cargo.toml | 1 + src/webxdc.rs | 6 ++---- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 88c7c02f28..b0a9c67e81 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1372,6 +1372,7 @@ dependencies = [ "serde_json", "serde_urlencoded", "sha-1", + "sha2", "shadowsocks", "smallvec", "strum", diff --git a/Cargo.toml b/Cargo.toml index 5579a0e1a7..309bdcd1d8 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -92,6 +92,7 @@ serde_json = { workspace = true } serde_urlencoded = "0.7.1" serde = { workspace = true, features = ["derive"] } sha-1 = "0.10" +sha2 = "0.10" shadowsocks = { version = "1.21.0", default-features = false, features = ["aead-cipher-2022"] } smallvec = "1.13.2" strum = "0.26" diff --git a/src/webxdc.rs b/src/webxdc.rs index 2d47be92d4..2101399b63 100644 --- a/src/webxdc.rs +++ b/src/webxdc.rs @@ -30,7 +30,7 @@ use lettre_email::PartBuilder; use rusqlite::OptionalExtension; use serde::{Deserialize, Serialize}; use serde_json::Value; -use sha1::{Digest, Sha1}; +use sha2::{Digest, Sha256}; use crate::chat::{self, Chat}; use crate::constants::Chattype; @@ -918,9 +918,7 @@ impl Message { let addr = context.get_primary_self_addr().await?; let data = format!("{}-{}", addr, self.rfc724_mid); - let mut hasher = Sha1::new(); - hasher.update(data.as_bytes()); - let hash = hasher.finalize(); + let hash = Sha256::digest(data.as_bytes()); let hash_str = format!("{:x}", hash); Ok(hash_str) From e3d1210ff9e54ee896f8d20ae463d0ebe7e667f6 Mon Sep 17 00:00:00 2001 From: "B. Petersen" Date: Wed, 20 Nov 2024 20:29:35 +0100 Subject: [PATCH 06/11] hash private key; that is not known in contrast to primary-address and one cannot guess hash from the set of known addresses (which may be small) --- src/webxdc.rs | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/webxdc.rs b/src/webxdc.rs index 2101399b63..7c9e545542 100644 --- a/src/webxdc.rs +++ b/src/webxdc.rs @@ -37,6 +37,7 @@ use crate::constants::Chattype; use crate::contact::ContactId; use crate::context::Context; use crate::events::EventType; +use crate::key::{load_self_secret_key, DcKey}; use crate::message::{Message, MessageState, MsgId, Viewtype}; use crate::mimefactory::wrapped_base64_encode; use crate::mimeparser::SystemMessage; @@ -915,10 +916,14 @@ impl Message { } async fn get_webxdc_self_addr(&self, context: &Context) -> Result { - let addr = context.get_primary_self_addr().await?; - let data = format!("{}-{}", addr, self.rfc724_mid); + let secret_key_bytes = &load_self_secret_key(context).await?.to_bytes(); + let rfc724_mid_bytes = self.rfc724_mid.as_bytes(); + + let mut hasher = Sha256::new(); + hasher.update(secret_key_bytes); + hasher.update(rfc724_mid_bytes); + let hash = hasher.finalize(); - let hash = Sha256::digest(data.as_bytes()); let hash_str = format!("{:x}", hash); Ok(hash_str) From 6d327ac033cbc8239655202661779689de09803f Mon Sep 17 00:00:00 2001 From: "B. Petersen" Date: Wed, 20 Nov 2024 20:30:03 +0100 Subject: [PATCH 07/11] test that different webxdc get different selfAddr --- src/webxdc.rs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/webxdc.rs b/src/webxdc.rs index 7c9e545542..4fcacf7b18 100644 --- a/src/webxdc.rs +++ b/src/webxdc.rs @@ -2316,10 +2316,13 @@ sth_for_the = "future""# let chat_id = create_group_chat(&t, ProtectionStatus::Unprotected, "foo").await?; let instance = send_webxdc_instance(&t, chat_id).await?; - let info = instance.get_webxdc_info(&t).await?; + let info1 = instance.get_webxdc_info(&t).await?; + let instance = send_webxdc_instance(&t, chat_id).await?; + let info2 = instance.get_webxdc_info(&t).await?; let real_addr = t.get_primary_self_addr().await?; - assert!(!info.self_addr.contains(&real_addr)); + assert!(!info1.self_addr.contains(&real_addr)); + assert_ne!(info1.self_addr, info2.self_addr); Ok(()) } From 1859ab2473243e43220bc3a9d40b75c1420bebd0 Mon Sep 17 00:00:00 2001 From: "B. Petersen" Date: Wed, 20 Nov 2024 20:58:45 +0100 Subject: [PATCH 08/11] fix python test --- deltachat-rpc-client/tests/test_webxdc.py | 1 + 1 file changed, 1 insertion(+) diff --git a/deltachat-rpc-client/tests/test_webxdc.py b/deltachat-rpc-client/tests/test_webxdc.py index 3c57157311..26b093605c 100644 --- a/deltachat-rpc-client/tests/test_webxdc.py +++ b/deltachat-rpc-client/tests/test_webxdc.py @@ -24,6 +24,7 @@ def test_webxdc(acfactory) -> None: "name": "Chess Board", "sourceCodeUrl": None, "summary": None, + "selfAddr": webxdc_info.selfAddr } status_updates = message.get_webxdc_status_updates() From 245b5e78cf884973a49357751b771708fe20b237 Mon Sep 17 00:00:00 2001 From: "B. Petersen" Date: Wed, 20 Nov 2024 21:01:38 +0100 Subject: [PATCH 09/11] make python linter happy --- deltachat-rpc-client/tests/test_webxdc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deltachat-rpc-client/tests/test_webxdc.py b/deltachat-rpc-client/tests/test_webxdc.py index 26b093605c..2581ed405e 100644 --- a/deltachat-rpc-client/tests/test_webxdc.py +++ b/deltachat-rpc-client/tests/test_webxdc.py @@ -24,7 +24,7 @@ def test_webxdc(acfactory) -> None: "name": "Chess Board", "sourceCodeUrl": None, "summary": None, - "selfAddr": webxdc_info.selfAddr + "selfAddr": webxdc_info.selfAddr, } status_updates = message.get_webxdc_status_updates() From 78d9a7cb24c0481e2fcd65385542be13ad076842 Mon Sep 17 00:00:00 2001 From: "B. Petersen" Date: Wed, 20 Nov 2024 22:02:53 +0100 Subject: [PATCH 10/11] another attempt to fix the pyhton test, thanks @adbenitez --- deltachat-rpc-client/tests/test_webxdc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deltachat-rpc-client/tests/test_webxdc.py b/deltachat-rpc-client/tests/test_webxdc.py index 2581ed405e..e189251df8 100644 --- a/deltachat-rpc-client/tests/test_webxdc.py +++ b/deltachat-rpc-client/tests/test_webxdc.py @@ -24,7 +24,7 @@ def test_webxdc(acfactory) -> None: "name": "Chess Board", "sourceCodeUrl": None, "summary": None, - "selfAddr": webxdc_info.selfAddr, + "selfAddr": webxdc_info["selfAddr"], } status_updates = message.get_webxdc_status_updates() From 4d2e81975a4e01c606219cdf77508500a4ff94a1 Mon Sep 17 00:00:00 2001 From: "B. Petersen" Date: Thu, 21 Nov 2024 18:21:10 +0100 Subject: [PATCH 11/11] use fingerprint for calcualting selfAddr --- src/webxdc.rs | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/src/webxdc.rs b/src/webxdc.rs index 4fcacf7b18..c19bbebd34 100644 --- a/src/webxdc.rs +++ b/src/webxdc.rs @@ -37,7 +37,7 @@ use crate::constants::Chattype; use crate::contact::ContactId; use crate::context::Context; use crate::events::EventType; -use crate::key::{load_self_secret_key, DcKey}; +use crate::key::{load_self_public_key, DcKey}; use crate::message::{Message, MessageState, MsgId, Viewtype}; use crate::mimefactory::wrapped_base64_encode; use crate::mimeparser::SystemMessage; @@ -916,17 +916,10 @@ impl Message { } async fn get_webxdc_self_addr(&self, context: &Context) -> Result { - let secret_key_bytes = &load_self_secret_key(context).await?.to_bytes(); - let rfc724_mid_bytes = self.rfc724_mid.as_bytes(); - - let mut hasher = Sha256::new(); - hasher.update(secret_key_bytes); - hasher.update(rfc724_mid_bytes); - let hash = hasher.finalize(); - - let hash_str = format!("{:x}", hash); - - Ok(hash_str) + let fingerprint = load_self_public_key(context).await?.dc_fingerprint().hex(); + let data = format!("{}-{}", fingerprint, self.rfc724_mid); + let hash = Sha256::digest(data.as_bytes()); + Ok(format!("{:x}", hash)) } }