This commit is contained in:
No. 2026-06-24 00:28:56 -04:00 committed by GitHub
commit 85cb566a9b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 8 additions and 5 deletions

View file

@ -0,0 +1 @@
Correct some errors in the description of the validation process for incoming Olm-encrypted messages.

View file

@ -1644,6 +1644,7 @@ of olm sessions maintained per device should be at least 4.
###### Validation of incoming decrypted events ###### Validation of incoming decrypted events
{{% changed-in v="1.15" %}} Existing checks made more explicit, and checks for `sender_device_keys` added. {{% changed-in v="1.15" %}} Existing checks made more explicit, and checks for `sender_device_keys` added.
{{% changed-in v="1.19" %}} Corrections to some errors in the description of the verification checks.
After decrypting an incoming encrypted event, clients MUST apply the After decrypting an incoming encrypted event, clients MUST apply the
following checks: following checks:
@ -1651,8 +1652,9 @@ following checks:
1. The `sender` property in the decrypted content must match the 1. The `sender` property in the decrypted content must match the
`sender` of the event. `sender` of the event.
2. The `keys.ed25519` property in the decrypted content must match 2. The `keys.ed25519` property in the decrypted content must match
the `sender_key` property in the cleartext `m.room.encrypted` the Ed25519 identity key of the sending device. This key can be
event body. obtained from either [`/keys/query`](#post_matrixclientv3keysquery)
or the `sender_device_keys` object (see below).
3. The `recipient` property in the decrypted content must match 3. The `recipient` property in the decrypted content must match
the user ID of the local user. the user ID of the local user.
4. The `recipient_keys.ed25519` property in the decrypted content 4. The `recipient_keys.ed25519` property in the decrypted content
@ -1660,11 +1662,11 @@ following checks:
5. Where `sender_device_keys` is present in the decrypted content: 5. Where `sender_device_keys` is present in the decrypted content:
1. `sender_device_keys.user_id` must also match the `sender` 1. `sender_device_keys.user_id` must also match the `sender`
of the event. of the event.
2. `sender_device_keys.keys.ed25519:<device_id>` must also match 2. `sender_device_keys.keys.curve25519:<device_id>` must match
the `sender_key` property in the cleartext `m.room.encrypted` the `sender_key` property in the cleartext `m.room.encrypted`
event body. event body.
3. `sender_device_keys.keys.curve25519:<device_id>` must match 3. `sender_device_keys.keys.ed25519:<device_id>` must be the same
the Curve25519 key used to establish the Olm session. as the `keys.ed25519` property in the decrypted content.
4. The `sender_device_keys` structure must have a valid signature 4. The `sender_device_keys` structure must have a valid signature
from the key with ID `ed25519:<device_id>` (i.e., the sending from the key with ID `ed25519:<device_id>` (i.e., the sending
device's Ed25519 key). device's Ed25519 key).