mirror of
https://github.com/zulip/zulip.git
synced 2025-11-11 01:16:19 +00:00
7ebdca52e8
Earlier we were using asymmetric cryptography. We were using libsodium "sealed box" which is unauthenticated by design. The sender could have been anyone, as long as they had the receiver's public key. We had authenticity but only because the device's public key is effectively kept secret. We were relying on the public key being kept secret - which was a security risk. It's easy to end up with code somewhere that treats the public key as public, and can leak it. This commit makes changes to use symmetric cryptography - libsodium's `crypto_secretbox_easy` which provides authenticated encryption using XSalsa20 and Poly1305. `push_public_key` is replaced with `push_key` and it represents a base64 encoded 33-byte value: one-byte prefix followed by 32-byte secret key generated by the client. The prefix `0x31` indicates the current cryptosystem in use. It allows for future extensibility - for example, `0x32` could denote a different cryptosystem. Involves API changes to replace the `push_public_key` parameter with `push_key` in `/api/v1/mobile_push/register` endpoint. Signed-off-by: Prakhar Pratyush <prakhar@zulip.com>