mirror of
https://github.com/matrix-org/matrix-spec
synced 2026-07-01 03:47:46 +02:00
Fix logic error in validation of incoming olm-encrypted messages
Signed-off-by: tusooa <tusooa@kazv.moe>
This commit is contained in:
parent
dbbc428095
commit
46edc59097
|
|
@ -0,0 +1 @@
|
||||||
|
Fix logic error in validation of incoming olm-encrypted messages
|
||||||
|
|
@ -1669,8 +1669,9 @@ following checks:
|
||||||
1. The `sender` property in the decrypted content must match the
|
1. The `sender` property in the decrypted content must match the
|
||||||
`sender` of the event.
|
`sender` of the event.
|
||||||
2. The `keys.ed25519` property in the decrypted content must match
|
2. The `keys.ed25519` property in the decrypted content must match
|
||||||
the `sender_key` property in the cleartext `m.room.encrypted`
|
the Ed25519 identity key of the sending device. This key can be
|
||||||
event body.
|
obtained from either [`/keys/query`](#post_matrixclientv3keysquery)
|
||||||
|
or the `sender_device_keys` object (see below).
|
||||||
3. The `recipient` property in the decrypted content must match
|
3. The `recipient` property in the decrypted content must match
|
||||||
the user ID of the local user.
|
the user ID of the local user.
|
||||||
4. The `recipient_keys.ed25519` property in the decrypted content
|
4. The `recipient_keys.ed25519` property in the decrypted content
|
||||||
|
|
@ -1678,11 +1679,11 @@ following checks:
|
||||||
5. Where `sender_device_keys` is present in the decrypted content:
|
5. Where `sender_device_keys` is present in the decrypted content:
|
||||||
1. `sender_device_keys.user_id` must also match the `sender`
|
1. `sender_device_keys.user_id` must also match the `sender`
|
||||||
of the event.
|
of the event.
|
||||||
2. `sender_device_keys.keys.ed25519:<device_id>` must also match
|
2. `sender_device_keys.keys.curve25519:<device_id>` must also match
|
||||||
the `sender_key` property in the cleartext `m.room.encrypted`
|
the `sender_key` property in the cleartext `m.room.encrypted`
|
||||||
event body.
|
event body.
|
||||||
3. `sender_device_keys.keys.curve25519:<device_id>` must match
|
3. `sender_device_keys.keys.ed25519:<device_id>` must be the same
|
||||||
the Curve25519 key used to establish the Olm session.
|
as the `keys.ed25519` property in the decrypted content.
|
||||||
4. The `sender_device_keys` structure must have a valid signature
|
4. The `sender_device_keys` structure must have a valid signature
|
||||||
from the key with ID `ed25519:<device_id>` (i.e., the sending
|
from the key with ID `ed25519:<device_id>` (i.e., the sending
|
||||||
device's Ed25519 key).
|
device's Ed25519 key).
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue