This commit is contained in:
No. 2026-06-24 00:28:56 -04:00 committed by GitHub
commit 85cb566a9b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 8 additions and 5 deletions

View file

@ -0,0 +1 @@
Correct some errors in the description of the validation process for incoming Olm-encrypted messages.

View file

@ -1644,6 +1644,7 @@ of olm sessions maintained per device should be at least 4.
###### Validation of incoming decrypted events
{{% changed-in v="1.15" %}} Existing checks made more explicit, and checks for `sender_device_keys` added.
{{% changed-in v="1.19" %}} Corrections to some errors in the description of the verification checks.
After decrypting an incoming encrypted event, clients MUST apply the
following checks:
@ -1651,8 +1652,9 @@ following checks:
1. The `sender` property in the decrypted content must match the
`sender` of the event.
2. The `keys.ed25519` property in the decrypted content must match
the `sender_key` property in the cleartext `m.room.encrypted`
event body.
the Ed25519 identity key of the sending device. This key can be
obtained from either [`/keys/query`](#post_matrixclientv3keysquery)
or the `sender_device_keys` object (see below).
3. The `recipient` property in the decrypted content must match
the user ID of the local user.
4. The `recipient_keys.ed25519` property in the decrypted content
@ -1660,11 +1662,11 @@ following checks:
5. Where `sender_device_keys` is present in the decrypted content:
1. `sender_device_keys.user_id` must also match the `sender`
of the event.
2. `sender_device_keys.keys.ed25519:<device_id>` must also match
2. `sender_device_keys.keys.curve25519:<device_id>` must match
the `sender_key` property in the cleartext `m.room.encrypted`
event body.
3. `sender_device_keys.keys.curve25519:<device_id>` must match
the Curve25519 key used to establish the Olm session.
3. `sender_device_keys.keys.ed25519:<device_id>` must be the same
as the `keys.ed25519` property in the decrypted content.
4. The `sender_device_keys` structure must have a valid signature
from the key with ID `ed25519:<device_id>` (i.e., the sending
device's Ed25519 key).