From 46edc59097f8919910ca714949893b49caabd237 Mon Sep 17 00:00:00 2001 From: "No." Date: Tue, 9 Jun 2026 20:23:06 -0400 Subject: [PATCH 1/2] Fix logic error in validation of incoming olm-encrypted messages Signed-off-by: tusooa --- .../client_server/newsfragments/2394.clarification | 1 + .../modules/end_to_end_encryption.md | 11 ++++++----- 2 files changed, 7 insertions(+), 5 deletions(-) create mode 100644 changelogs/client_server/newsfragments/2394.clarification diff --git a/changelogs/client_server/newsfragments/2394.clarification b/changelogs/client_server/newsfragments/2394.clarification new file mode 100644 index 00000000..bb12bb1b --- /dev/null +++ b/changelogs/client_server/newsfragments/2394.clarification @@ -0,0 +1 @@ +Fix logic error in validation of incoming olm-encrypted messages diff --git a/content/client-server-api/modules/end_to_end_encryption.md b/content/client-server-api/modules/end_to_end_encryption.md index ec86203d..15ff3330 100644 --- a/content/client-server-api/modules/end_to_end_encryption.md +++ b/content/client-server-api/modules/end_to_end_encryption.md @@ -1669,8 +1669,9 @@ following checks: 1. The `sender` property in the decrypted content must match the `sender` of the event. 2. The `keys.ed25519` property in the decrypted content must match - the `sender_key` property in the cleartext `m.room.encrypted` - event body. + the Ed25519 identity key of the sending device. This key can be + obtained from either [`/keys/query`](#post_matrixclientv3keysquery) + or the `sender_device_keys` object (see below). 3. The `recipient` property in the decrypted content must match the user ID of the local user. 4. The `recipient_keys.ed25519` property in the decrypted content @@ -1678,11 +1679,11 @@ following checks: 5. Where `sender_device_keys` is present in the decrypted content: 1. `sender_device_keys.user_id` must also match the `sender` of the event. - 2. `sender_device_keys.keys.ed25519:` must also match + 2. `sender_device_keys.keys.curve25519:` must also match the `sender_key` property in the cleartext `m.room.encrypted` event body. - 3. `sender_device_keys.keys.curve25519:` must match - the Curve25519 key used to establish the Olm session. + 3. `sender_device_keys.keys.ed25519:` must be the same + as the `keys.ed25519` property in the decrypted content. 4. The `sender_device_keys` structure must have a valid signature from the key with ID `ed25519:` (i.e., the sending device's Ed25519 key). From 37f1536532fe0f51d495de0e5df77ebdb1651dd7 Mon Sep 17 00:00:00 2001 From: "No." Date: Wed, 24 Jun 2026 00:28:53 -0400 Subject: [PATCH 2/2] Apply suggestions from code review Signed-off-by: tusooa Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> --- changelogs/client_server/newsfragments/2394.clarification | 2 +- content/client-server-api/modules/end_to_end_encryption.md | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/changelogs/client_server/newsfragments/2394.clarification b/changelogs/client_server/newsfragments/2394.clarification index bb12bb1b..b4bbae7f 100644 --- a/changelogs/client_server/newsfragments/2394.clarification +++ b/changelogs/client_server/newsfragments/2394.clarification @@ -1 +1 @@ -Fix logic error in validation of incoming olm-encrypted messages +Correct some errors in the description of the validation process for incoming Olm-encrypted messages. diff --git a/content/client-server-api/modules/end_to_end_encryption.md b/content/client-server-api/modules/end_to_end_encryption.md index 15ff3330..22d313d6 100644 --- a/content/client-server-api/modules/end_to_end_encryption.md +++ b/content/client-server-api/modules/end_to_end_encryption.md @@ -1662,6 +1662,7 @@ of olm sessions maintained per device should be at least 4. ###### Validation of incoming decrypted events {{% changed-in v="1.15" %}} Existing checks made more explicit, and checks for `sender_device_keys` added. +{{% changed-in v="1.19" %}} Corrections to some errors in the description of the verification checks. After decrypting an incoming encrypted event, clients MUST apply the following checks: @@ -1679,7 +1680,7 @@ following checks: 5. Where `sender_device_keys` is present in the decrypted content: 1. `sender_device_keys.user_id` must also match the `sender` of the event. - 2. `sender_device_keys.keys.curve25519:` must also match + 2. `sender_device_keys.keys.curve25519:` must match the `sender_key` property in the cleartext `m.room.encrypted` event body. 3. `sender_device_keys.keys.ed25519:` must be the same