mirror of
https://github.com/matrix-org/matrix-spec
synced 2026-04-25 20:14:09 +02:00
Compare commits
6 commits
0e5122b116
...
c6a78be791
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
c6a78be791 | ||
|
|
65b1db721d | ||
|
|
c39c7d0680 | ||
|
|
6656f00bee | ||
|
|
00fdf603a9 | ||
|
|
6b7268ab47 |
|
|
@ -0,0 +1 @@
|
|||
Clarify behaviour when the `topic` key of a `m.room.topic` event is absent, null, or empty.
|
||||
|
|
@ -0,0 +1 @@
|
|||
Fix the example of the `GET /sync` endpoint and the `m.room.member` example used in several places.
|
||||
1
changelogs/client_server/newsfragments/2122.feature
Normal file
1
changelogs/client_server/newsfragments/2122.feature
Normal file
|
|
@ -0,0 +1 @@
|
|||
Include device keys with Olm-encrypted events as per [MSC4147](https://github.com/matrix-org/matrix-spec-proposals/pull/4147).
|
||||
|
|
@ -1512,20 +1512,7 @@ message.
|
|||
|
||||
The plaintext payload is of the form:
|
||||
|
||||
```json
|
||||
{
|
||||
"type": "<type of the plaintext event>",
|
||||
"content": "<content for the plaintext event>",
|
||||
"sender": "<sender_user_id>",
|
||||
"recipient": "<recipient_user_id>",
|
||||
"recipient_keys": {
|
||||
"ed25519": "<our_ed25519_key>"
|
||||
},
|
||||
"keys": {
|
||||
"ed25519": "<sender_ed25519_key>"
|
||||
}
|
||||
}
|
||||
```
|
||||
{{% definition path="api/client-server/definitions/olm_payload" %}}
|
||||
|
||||
The type and content of the plaintext message event are given in the
|
||||
payload.
|
||||
|
|
@ -1536,15 +1523,19 @@ claiming to have sent messages which they didn't. `sender` must
|
|||
correspond to the user who sent the event, `recipient` to the local
|
||||
user, and `recipient_keys` to the local ed25519 key.
|
||||
|
||||
Clients must confirm that the `sender_key` property in the cleartext
|
||||
`m.room.encrypted` event body, and the `keys.ed25519` property in the
|
||||
decrypted plaintext, match the keys returned by
|
||||
[`/keys/query`](#post_matrixclientv3keysquery) for
|
||||
the given user. Clients must also verify the signature of the keys from the
|
||||
`/keys/query` response. Without this check, a client cannot be sure that
|
||||
the sender device owns the private part of the ed25519 key it claims to
|
||||
have in the Olm payload. This is crucial when the ed25519 key corresponds
|
||||
to a verified device.
|
||||
Clients must ensure that the sending device owns the private part of
|
||||
the ed25519 key it claims to have in the Olm payload. This is crucial
|
||||
when the ed25519 key corresponds to a verified device. To perform
|
||||
this check, clients MUST confirm that the `sender_key` property in the
|
||||
cleartext `m.room.encrypted` event body, and the `keys.ed25519` property
|
||||
in the decrypted plaintext, match the keys under the `sender_device_keys`
|
||||
property. Additionally, clients MUST also verify the signature of the keys.
|
||||
If `sender_device_keys` is absent, clients MUST retrieve the sender's
|
||||
keys from [`/keys/query`](#post_matrixclientv3keysquery) instead. This
|
||||
will not allow them to verify key ownership if the sending device was
|
||||
logged out or had its keys reset since sending the event. Therefore,
|
||||
clients MUST populate the `sender_device_keys` property when sending
|
||||
events themselves.
|
||||
|
||||
If a client has multiple sessions established with another device, it
|
||||
should use the session from which it last received and successfully
|
||||
|
|
|
|||
88
data/api/client-server/definitions/olm_payload.yaml
Normal file
88
data/api/client-server/definitions/olm_payload.yaml
Normal file
|
|
@ -0,0 +1,88 @@
|
|||
# Copyright 2025 The Matrix.org Foundation C.I.C
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
type: object
|
||||
title: OlmPayload
|
||||
description: |-
|
||||
The plaintext payload of Olm message events.
|
||||
properties:
|
||||
type:
|
||||
type: string
|
||||
description: The type of the event.
|
||||
content:
|
||||
type: object
|
||||
description: The event content.
|
||||
sender:
|
||||
type: string
|
||||
description: The user ID of the event sender.
|
||||
recipient:
|
||||
type: string
|
||||
description: The user ID of the intended event recipient.
|
||||
recipient_keys:
|
||||
description: The recipient's signing keys of the encrypted event.
|
||||
$ref: "#/components/schemas/SigningKeys"
|
||||
keys:
|
||||
$ref: "#/components/schemas/SigningKeys"
|
||||
description: The sender's signing keys of the encrypted event.
|
||||
sender_device_keys:
|
||||
$ref: device_keys.yaml
|
||||
description: The sender's device keys.
|
||||
x-addedInMatrixVersion: "1.15"
|
||||
required:
|
||||
- type
|
||||
- content
|
||||
- sender
|
||||
- recipient
|
||||
- recipient_keys
|
||||
- keys
|
||||
components:
|
||||
schemas:
|
||||
SigningKeys:
|
||||
type: object
|
||||
title: SigningKeys
|
||||
description: Public keys used for an `m.olm.v1.curve25519-aes-sha2` event.
|
||||
properties:
|
||||
ed25519:
|
||||
type: string
|
||||
description: The Ed25519 public key encoded using unpadded base64.
|
||||
required:
|
||||
- ed25519
|
||||
example: {
|
||||
"type": "<type of the plaintext event>",
|
||||
"content": "<content for the plaintext event>",
|
||||
"sender": "<sender_user_id>",
|
||||
"recipient": "<recipient_user_id>",
|
||||
"recipient_keys": {
|
||||
"ed25519": "<our_ed25519_key>"
|
||||
},
|
||||
"keys": {
|
||||
"ed25519": "<sender_ed25519_key>"
|
||||
},
|
||||
"sender_device_keys": {
|
||||
"algorithms": ["<supported>", "<algorithms>"],
|
||||
"user_id": "<user_id>",
|
||||
"device_id": "<device_id>",
|
||||
"keys": {
|
||||
"ed25519:<device_id>": "<sender_ed25519_key>",
|
||||
"curve25519:<device_id>": "<sender_curve25519_key>"
|
||||
},
|
||||
"signatures": {
|
||||
"<user_id>": {
|
||||
"ed25519:<device_id>": "<device_signature>",
|
||||
"ed25519:<ssk_id>": "<ssk_signature>",
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -441,17 +441,57 @@ paths:
|
|||
"state": {
|
||||
"events": [
|
||||
{
|
||||
"$ref": "../../event-schemas/examples/m.room.member.yaml"
|
||||
"content": {
|
||||
"avatar_url": "mxc://example.org/SFHyPlCeYUSFFxlgbQYZmoEoe",
|
||||
"displayname": "Example user",
|
||||
"membership": "join"
|
||||
},
|
||||
"event_id": "$143273976499sgjks:example.org",
|
||||
"origin_server_ts": 1432735824653,
|
||||
"sender": "@example:example.org",
|
||||
"state_key": "@example:example.org",
|
||||
"type": "m.room.member",
|
||||
"unsigned": {
|
||||
"age": 45603,
|
||||
"membership": "join"
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"timeline": {
|
||||
"events": [
|
||||
{
|
||||
"$ref": "../../event-schemas/examples/m.room.member.yaml"
|
||||
"content": {
|
||||
"avatar_url": "mxc://example.org/SEsfnsuifSDFSSEF",
|
||||
"displayname": "Alice Margatroid",
|
||||
"membership": "join",
|
||||
"reason": "Looking for support"
|
||||
},
|
||||
"event_id": "$143273582443PhrSn:example.org",
|
||||
"origin_server_ts": 1432735824653,
|
||||
"sender": "@alice:example.org",
|
||||
"state_key": "@alice:example.org",
|
||||
"type": "m.room.member",
|
||||
"unsigned": {
|
||||
"age": 1234,
|
||||
"membership": "join"
|
||||
}
|
||||
},
|
||||
{
|
||||
"$ref": "../../event-schemas/examples/m.room.message$m.text.yaml"
|
||||
"content": {
|
||||
"body": "This is an example text message",
|
||||
"format": "org.matrix.custom.html",
|
||||
"formatted_body": "<b>This is an example text message</b>",
|
||||
"msgtype": "m.text"
|
||||
},
|
||||
"event_id": "$143273582443PhrSn:example.org",
|
||||
"origin_server_ts": 1432735824653,
|
||||
"sender": "@example:example.org",
|
||||
"type": "m.room.message",
|
||||
"unsigned": {
|
||||
"age": 1234,
|
||||
"membership": "join"
|
||||
}
|
||||
}
|
||||
],
|
||||
"limited": true,
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
{
|
||||
"$ref": "core/state_event.json",
|
||||
"state_key": "@alice:example.org",
|
||||
"sender": "@alice:example.org",
|
||||
"type": "m.room.member",
|
||||
"content": {
|
||||
"membership": "join",
|
||||
|
|
|
|||
|
|
@ -1,7 +1,14 @@
|
|||
---
|
||||
allOf:
|
||||
- $ref: core-event-schema/state_event.yaml
|
||||
description: 'A topic is a short message detailing what is currently being discussed in the room. It can also be used as a way to display extra information about the room, which may not be suitable for the room name. The room topic can also be set when creating a room using `/createRoom` with the `topic` key.'
|
||||
description: |-
|
||||
A topic is a short message detailing what is currently being discussed in the room.
|
||||
It can also be used as a way to display extra information about the room, which may not
|
||||
be suitable for the room name.
|
||||
The room topic can also be set when creating a room using `/createRoom` with the `topic` key.'
|
||||
|
||||
If the `topic` property is absent, null, or empty then the topic is unset. In other words,
|
||||
an empty `topic` property effectively resets the room to having no topic.
|
||||
properties:
|
||||
content:
|
||||
properties:
|
||||
|
|
|
|||
Loading…
Reference in a new issue