archive
/
matrix-spec-proposals
mirror of https://github.com/matrix-org/matrix-spec-proposals
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Spell out HKDF parameters in text and change HKDF info.

Browse Source
pull/4129/head
Denis Kasak 2 months ago
parent 998963bd0f
commit 7007bbf361
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File

17
proposals/4108-oidc-qr-login.md
Unescape Escape View File

@ -413,19 +413,23 @@ At this point Device S should check that the received intent matches what the us
4. **Device S sends the initial payload**
Device S computes a shared secret **SH** using ECDH between **Ss** and **Gp**, thereby establishing a secure channel
with Device G which can be layered on top of the insecure rendezvous session transport. It then discards **Ss** and
derives a symmetric encryption **EncKey** from **SH** using HKDF-SHA256, each 32 bytes in length.
Device S computes a shared secret **SH** by performing ECDH between **Ss** and **Gp**. It then discards **Ss** and
derives a 32-byte symmetric encryption **EncKey** from **SH** using HKDF-SHA256 with the following parameters:
Device S derives a confirmation payload that Device G can use to confirm that the channel is secure. It contains:
- `MATRIX_QR_CODE_LOGIN_ENCRYPTION|Gp|Sp` as the info the info, where Gp and Sp stand for the generating device's and
the scanning device's ephemeral public keys, encoded as unpadded base64.
- An all-zero salt.
- The string `MATRIX_QR_CODE_LOGIN_INITIATE`, encrypted and authenticated with ChaCha20-Poly1305.
With this, Device S has established its side of the secure channel. Device S then derives a confirmation payload that
Device G can use to confirm that the channel is secure. It contains:
- The string `MATRIX_QR_CODE_LOGIN_ENCRYPTION`, encrypted and authenticated with ChaCha20-Poly1305.
- Its public ephemeral key **Sp**.
```
Nonce := 0
SH := ECDH(Ss, Gp)
EncKey := HKDF_SHA256(SH, "MATRIX_QR_CODE_LOGIN|" || Gp || "|" || Sp, salt=0, size=32)
EncKey := HKDF_SHA256(SH, "MATRIX_QR_CODE_LOGIN_ENCRYPTION|" || Gp || "|" || Sp, salt=0, size=32)
NonceBytes := ToLowEndianBytes(Nonce)[..12]
TaggedCiphertext := ChaCha20Poly1305_Encrypt(EncKey, NonceBytes, "MATRIX_QR_CODE_LOGIN_INITIATE")
Nonce := Nonce + 2
@ -1514,4 +1518,3 @@ key org.matrix.msc4108 set to true. So, the response could look then as followin
This MSC builds on [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) (and its dependencies) which
proposes the adoption of OIDC for authentication in Matrix.

Write Preview
Loading…
Cancel
Save