fix: SMP failure and re-smp verification errors

chadsec1 · chadsec1 · commit d21874308b31 · 2025-09-04T12:36:19.000+03:00
diff --git a/core/trad_crypto.py b/core/trad_crypto.py
@@ -67,7 +67,7 @@ def derive_key_argon2id(password: bytes, salt: bytes = None, output_length: int
     ), salt
 
 
-def encrypt_xchacha20poly1305(key: bytes, plaintext: bytes, nonce: bytes = None, counter: int = None, counter_safety: int = 2 ** 32) -> tuple[bytes, bytes]:
+def encrypt_xchacha20poly1305(key: bytes, plaintext: bytes, nonce: bytes = None, counter: int = None, counter_safety: int = 255) -> tuple[bytes, bytes]:
     """
     Encrypt plaintext using ChaCha20Poly1305.
 
@@ -90,7 +90,7 @@ def encrypt_xchacha20poly1305(key: bytes, plaintext: bytes, nonce: bytes = None,
         if counter > counter_safety:
             raise ValueError("ChaCha counter has overflowen")
 
-        nonce = nonce[:XCHACHA20POLY1305_NONCE_LEN - 4] + counter.to_bytes(4, "big")
+        nonce = nonce[:XCHACHA20POLY1305_NONCE_LEN - 1] + counter.to_bytes(1, "big")
 
     ciphertext = bindings.crypto_aead_xchacha20poly1305_ietf_encrypt(plaintext, None, nonce, key) 
 
diff --git a/logic/background_worker.py b/logic/background_worker.py
@@ -137,11 +137,10 @@ def background_worker(user_data, user_data_lock, ui_queue, stop_flag):
                             blob_plaintext = decrypt_xchacha20poly1305(chacha_key, contact_next_strand_nonce, blob)
                         except Exception as e:
                             logger.error(
-                                    "Impossible error: Failed to decrypt blob from contact (%s)"
-                                    "We dont know what caused this, maybe the contact is trying to denial-of-service you"
-                                    ". Skipping data because of error: %s", sender, str(e)
+                                    "Failed to decrypt blob from contact (%s)"
+                                    "We dont know what caused this except maybe a re-SMP verification. error: %s", sender, str(e)
                                 )
-                            continue
+                            blob_plaintext = blob
             else:
                 logger.debug("Contact (%s) not saved.. we just gonna assume blob_plaintext = blob", sender)
                 blob_plaintext = blob
diff --git a/logic/pfs.py b/logic/pfs.py
@@ -203,7 +203,7 @@ def pfs_data_handler(user_data: dict, user_data_lock: threading.Lock, user_data_
         user_data_lock (threading.Lock): Lock protecting shared state.
         user_data_copied (dict): A read-only copy of user_data for consistency.
         ui_queue (queue.Queue): UI queue for notifications/errors.
-        message (dict): Incoming PFS message from the server.
+        pfs_plaintext (bytes): Decrypted Incoming PFS plaintext from the server.
     
     Returns:
         None
diff --git a/logic/smp.py b/logic/smp.py
@@ -483,12 +483,25 @@ def smp_failure_notify_contact(user_data, user_data_lock, contact_id, ui_queue)
         server_url = user_data["server_url"]
         auth_token = user_data["token"]
 
+        tmp_key = b64decode(user_data["contacts"][contact_id]["lt_sign_key_smp"]["tmp_key"])
+
     smp_failure(user_data, user_data_lock, contact_id, ui_queue)
 
+    # it can be any number other than 2, we chose 7 because failure is *technically* the 7th smp step.
+    ciphertext_nonce, ciphertext_blob = encrypt_xchacha20poly1305(
+            tmp_key, 
+            SMP_TYPE + b"failure", 
+            counter = 7
+        )
     try:
-        http_request(f"{server_url}/smp/failure", "POST", payload = {"recipient": contact_id}, auth_token=auth_token)
-    except Exception:
-        logger.error("Failed to send SMP failure to server, either you are offline or the server is down")
+        http_request(f"{server_url}/data/send", "POST", metadata = {
+                "recipient": contact_id
+            }, 
+            blob = ciphertext_nonce + ciphertext_blob, 
+            auth_token = auth_token
+        )
+    except Exception as e:
+        logger.error("Failed to send SMP failure to contact (%s), either you are offline or the server is down. Error: %s", contact_id, str(e))
         pass
   
 
@@ -516,12 +529,12 @@ def smp_data_handler(user_data, user_data_lock, user_data_copied, ui_queue, cont
 
 
 
-    """
-    if "failure" in message:
+    
+    if message == b"failure":
         # Delete SMP state for contact
         smp_failure(user_data, user_data_lock, contact_id, ui_queue)
         return
-    """
+    
 
     # Check if we don't have this contact saved
     if contact_id not in user_data_copied["contacts"]:
