Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-02-04 13:23:43 +01:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #412 from matrix-org/rav/e2e_impl/check_uks_attacks

Browse source 
E2E impl guide: Document unknown key-share mitigations
This commit is contained in:
Richard van der Hoff 2016-10-19 17:28:03 +01:00 committed by GitHub
parent d93ef05f5e 657525d0f4
commit 41da7a989f
1 changed files with 28 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
supporting-docs/guides/2016-10-18-e2e_implementation.rst
View file

@ -292,15 +292,30 @@ At the end of this, the client will hopefully have successfully
decrypted the payload.
As well as the ``type`` and ``content`` properties, the payload should
contain a ``keys`` property, which should be an object with a property
ed25519. The client should check that the value of this property matches
the sender's fingerprint key when `marking the event as verified`_ [#]_.
contain a number of other properties. Each of these should be checked as
follows [#]_.
.. [#] This prevents an attacker publishing someone else's curve25519 keys as
their own and subsequently claiming to have sent messages which they didn't
(see
https://github.com/vector-im/vector-web/issues/2215#issuecomment-247630155).
``sender``
The user ID of the sender. The client should check that this matches the
``sender`` in the event.
``recipient``
The user ID of the recipient. The client should check that this matches the
local user ID.
``keys``
an object with a property ``ed25519``, The client should check that the
value of this property matches the sender's fingerprint key when `marking
the event as verified`_\ .
``recipient_keys``
an object with a property ``ed25519``. The client should check that the
value of this property matches its own fingerprint key.
.. [#] These tests prevent an attacker publishing someone else's curve25519
keys as their own and subsequently claiming to have sent messages which they
didn't.
``m.megolm.v1.aes-sha2``
~~~~~~~~~~~~~~~~~~~~~~~~
@ -509,10 +524,15 @@ When encrypting an event using Olm, the client should:
{
"type": "<event type>",
"content": "<event content>",
"sender": "<our user ID>",
"sender_device": "<our device ID>",
"keys": {
"ed25519": "<our ed25519 fingerprint key>"
}
},
"recipient": "<recipient user ID>",
"recipient_keys": {
"ed25519": "<recipient's ed25519 fingerprint key>"
},
}
- Check if it has an existing Olm session; if it does not, `start a new