From 8641ef299e74f7535fe31add91efe7bb56c21f2b Mon Sep 17 00:00:00 2001 From: Mark Haines Date: Fri, 21 Oct 2016 15:25:33 +0100 Subject: [PATCH 1/3] Document the requirement that clients track the message_index --- supporting-docs/guides/2016-10-18-e2e_implementation.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/supporting-docs/guides/2016-10-18-e2e_implementation.rst b/supporting-docs/guides/2016-10-18-e2e_implementation.rst index 30876df9..164888ab 100644 --- a/supporting-docs/guides/2016-10-18-e2e_implementation.rst +++ b/supporting-docs/guides/2016-10-18-e2e_implementation.rst @@ -326,6 +326,11 @@ Encrypted events using this algorithm should have ``sender_key``, Megolm session (see `below`__), the ciphertext can be decrypted by passing the ciphertext into ``olm_group_decrypt``. +In order to avoid replay attacks a client should remember the megolm +``message_index`` of each event they decrypt for each session. If the client +decrypts an event with the same ``message_index`` as one that it has already +decrypted using that session then it should fail decryption. + __ `m.room_key`_ The client should check that the sender's fingerprint key matches the From 6a5b66d2d8d802a770b6b7b4e44abd63d2d3d842 Mon Sep 17 00:00:00 2001 From: Mark Haines Date: Fri, 21 Oct 2016 15:48:44 +0100 Subject: [PATCH 2/3] Document the where the client gets the message index from --- supporting-docs/guides/2016-10-18-e2e_implementation.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/supporting-docs/guides/2016-10-18-e2e_implementation.rst b/supporting-docs/guides/2016-10-18-e2e_implementation.rst index 164888ab..a215e6d2 100644 --- a/supporting-docs/guides/2016-10-18-e2e_implementation.rst +++ b/supporting-docs/guides/2016-10-18-e2e_implementation.rst @@ -327,9 +327,10 @@ Megolm session (see `below`__), the ciphertext can be decrypted by passing the ciphertext into ``olm_group_decrypt``. In order to avoid replay attacks a client should remember the megolm -``message_index`` of each event they decrypt for each session. If the client -decrypts an event with the same ``message_index`` as one that it has already -decrypted using that session then it should fail decryption. +``message_index`` returned by ``olm_group_decrypt`` of each event they decrypt +for each session. If the client decrypts an event with the same +``message_index`` as one that it has already decrypted using that session then +it should fail decryption. __ `m.room_key`_ From cbf94c88c2f823bbfbe385045ec92fa001e6e588 Mon Sep 17 00:00:00 2001 From: Mark Haines Date: Fri, 21 Oct 2016 15:50:54 +0100 Subject: [PATCH 3/3] Move the __ to where it should be --- supporting-docs/guides/2016-10-18-e2e_implementation.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/supporting-docs/guides/2016-10-18-e2e_implementation.rst b/supporting-docs/guides/2016-10-18-e2e_implementation.rst index a215e6d2..02174c2f 100644 --- a/supporting-docs/guides/2016-10-18-e2e_implementation.rst +++ b/supporting-docs/guides/2016-10-18-e2e_implementation.rst @@ -326,13 +326,13 @@ Encrypted events using this algorithm should have ``sender_key``, Megolm session (see `below`__), the ciphertext can be decrypted by passing the ciphertext into ``olm_group_decrypt``. +__ `m.room_key`_ + In order to avoid replay attacks a client should remember the megolm ``message_index`` returned by ``olm_group_decrypt`` of each event they decrypt for each session. If the client decrypts an event with the same -``message_index`` as one that it has already decrypted using that session then -it should fail decryption. - -__ `m.room_key`_ +``message_index`` as one that it has already received using that session then +it should treat the message as invalid. The client should check that the sender's fingerprint key matches the ``keys.ed25519`` property of the event which established the Megolm session