From cc7056851f92ba5b6224b5b82413ec55fd6aaa7f Mon Sep 17 00:00:00 2001
From: Tobias Fella <fella@posteo.de>
Date: Mon, 7 Mar 2022 20:20:10 +0100
Subject: Guard against device reuse attacks

---
 lib/connection.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lib/connection.cpp b/lib/connection.cpp
index 4abb77a5..ae8532c3 100644
--- a/lib/connection.cpp
+++ b/lib/connection.cpp
@@ -1998,6 +1998,7 @@ void Connection::Private::loadOutdatedUserDevices()
         currentQueryKeysJob = nullptr;
         const auto data = queryKeysJob->deviceKeys();
         for(const auto &[user, keys] : asKeyValueRange(data)) {
+            QHash<QString, Quotient::DeviceKeys> oldDevices = deviceKeys[user];
             deviceKeys[user].clear();
             for(const auto &device : keys) {
                 if(device.userId != user) {
@@ -2019,6 +2020,12 @@ void Connection::Private::loadOutdatedUserDevices()
                                        "Skipping this device";
                     continue;
                 }
+                if (oldDevices.contains(device.deviceId)) {
+                    if (oldDevices[device.deviceId].keys["ed25519:" % device.deviceId] != device.keys["ed25519:" % device.deviceId]) {
+                        qCDebug(E2EE) << "Device reuse detected. Skipping this device";
+                        continue;
+                    }
+                }
                 deviceKeys[user][device.deviceId] = device;
             }
             outdatedUsers -= user;
-- 
cgit v1.2.3