mirror of
https://github.com/matrix-org/matrix-spec
synced 2026-07-02 12:17:47 +02:00
Merge 37f1536532 into 6c64f583e4
This commit is contained in:
commit
85cb566a9b
|
|
@ -0,0 +1 @@
|
|||
Correct some errors in the description of the validation process for incoming Olm-encrypted messages.
|
||||
|
|
@ -1644,6 +1644,7 @@ of olm sessions maintained per device should be at least 4.
|
|||
###### Validation of incoming decrypted events
|
||||
|
||||
{{% changed-in v="1.15" %}} Existing checks made more explicit, and checks for `sender_device_keys` added.
|
||||
{{% changed-in v="1.19" %}} Corrections to some errors in the description of the verification checks.
|
||||
|
||||
After decrypting an incoming encrypted event, clients MUST apply the
|
||||
following checks:
|
||||
|
|
@ -1651,8 +1652,9 @@ following checks:
|
|||
1. The `sender` property in the decrypted content must match the
|
||||
`sender` of the event.
|
||||
2. The `keys.ed25519` property in the decrypted content must match
|
||||
the `sender_key` property in the cleartext `m.room.encrypted`
|
||||
event body.
|
||||
the Ed25519 identity key of the sending device. This key can be
|
||||
obtained from either [`/keys/query`](#post_matrixclientv3keysquery)
|
||||
or the `sender_device_keys` object (see below).
|
||||
3. The `recipient` property in the decrypted content must match
|
||||
the user ID of the local user.
|
||||
4. The `recipient_keys.ed25519` property in the decrypted content
|
||||
|
|
@ -1660,11 +1662,11 @@ following checks:
|
|||
5. Where `sender_device_keys` is present in the decrypted content:
|
||||
1. `sender_device_keys.user_id` must also match the `sender`
|
||||
of the event.
|
||||
2. `sender_device_keys.keys.ed25519:<device_id>` must also match
|
||||
2. `sender_device_keys.keys.curve25519:<device_id>` must match
|
||||
the `sender_key` property in the cleartext `m.room.encrypted`
|
||||
event body.
|
||||
3. `sender_device_keys.keys.curve25519:<device_id>` must match
|
||||
the Curve25519 key used to establish the Olm session.
|
||||
3. `sender_device_keys.keys.ed25519:<device_id>` must be the same
|
||||
as the `keys.ed25519` property in the decrypted content.
|
||||
4. The `sender_device_keys` structure must have a valid signature
|
||||
from the key with ID `ed25519:<device_id>` (i.e., the sending
|
||||
device's Ed25519 key).
|
||||
|
|
|
|||
Loading…
Reference in a new issue