switch medium and address around, space between address and pepper

hs/hash-identity
Andrew Morgan 5 years ago
parent 87a54e8d8d
commit a17c74f592

@ -71,21 +71,21 @@ denny@example.com
``` ```
The client will hash each 3PID as a concatenation of the medium and address, The client will hash each 3PID as a concatenation of the medium and address,
separated by a space and a pepper appended to the end. Note that phone separated by a space and a pepper, also separated by a space, appended to the
numbers should be formatted as defined by end. Note that phone numbers should be formatted as defined by
https://matrix.org/docs/spec/appendices#pstn-phone-numbers, before being https://matrix.org/docs/spec/appendices#pstn-phone-numbers, before being
hashed). Note that "pepper" in this proposal simply refers to a public, hashed). Note that "pepper" in this proposal simply refers to a public,
opaque string that is used to produce different hash results between identity opaque string that is used to produce different hash results between identity
servers. Its value is not secret. servers. Its value is not secret.
First the client must append the medium to the address: First the client must prepend the medium (plus a space) to the address:
``` ```
"alice@example.com" -> "alice@example.com email" "alice@example.com" -> "email alice@example.com"
"bob@example.com" -> "bob@example.com email" "bob@example.com" -> "email bob@example.com"
"carl@example.com" -> "carl@example.com email" "carl@example.com" -> "email carl@example.com"
"+1 234 567 8910" -> "12345678910 msisdn" "+1 234 567 8910" -> "msisdn 12345678910"
"denny@example.com" -> "denny@example.com email" "denny@example.com" -> "email denny@example.com"
``` ```
Hashes must be peppered in order to reduce both the information an identity Hashes must be peppered in order to reduce both the information an identity
@ -110,14 +110,15 @@ being returned for other endpoints in the future. The contents of
hashing is being performed or not. When no hashing is occuring, a pepper hashing is being performed or not. When no hashing is occuring, a pepper
value of at least length 1 is still required. value of at least length 1 is still required.
If hashing, the client appends the pepper to the end of the 3PID string. If hashing, the client appends the pepper to the end of the 3PID string,
after a space.
``` ```
"alice@example.com email" -> "alice@example.com emailmatrixrocks" "alice@example.com email" -> "email alice@example.com matrixrocks"
"bob@example.com email" -> "bob@example.com emailmatrixrocks" "bob@example.com email" -> "email bob@example.com matrixrocks"
"carl@example.com email" -> "carl@example.com emailmatrixrocks" "carl@example.com email" -> "email carl@example.com matrixrocks"
"12345678910 msdisn" -> "12345678910 msisdnmatrixrocks" "12345678910 msdisn" -> "msisdn 12345678910 matrixrocks"
"denny@example.com email" -> "denny@example.com emailmatrixrocks" "denny@example.com email" -> "email denny@example.com matrixrocks"
``` ```
Clients can cache the result of this endpoint, but should re-request it Clients can cache the result of this endpoint, but should re-request it
@ -184,11 +185,11 @@ performed, the client sends each hash in an array.
``` ```
NOTE: Hashes are not real values NOTE: Hashes are not real values
"alice@example.com emailmatrixrocks" -> "y_TvXLKxFT9CURPXI1wvfjvfvsXe8FPgYj-mkQrnszs" "email alice@example.com matrixrocks" -> "y_TvXLKxFT9CURPXI1wvfjvfvsXe8FPgYj-mkQrnszs"
"bob@example.com emailmatrixrocks" -> "r0-6x3rp9zIWS2suIque-wXTnlv9sc41fatbRMEOwQE" "email bob@example.com matrixrocks" -> "r0-6x3rp9zIWS2suIque-wXTnlv9sc41fatbRMEOwQE"
"carl@example.com emailmatrixrocks" -> "ryr10d1K8fcFVxALb3egiSquqvFAxQEwegXtlHoQFBw" "email carl@example.com matrixrocks" -> "ryr10d1K8fcFVxALb3egiSquqvFAxQEwegXtlHoQFBw"
"12345678910 msisdnmatrixrocks" -> "c_30UaSZhl5tyanIjFoE1IXTmuU3vmptEwVOc3P2Ens" "msisdn 12345678910 matrixrocks" -> "c_30UaSZhl5tyanIjFoE1IXTmuU3vmptEwVOc3P2Ens"
"denny@example.com emailmatrixrocks" -> "bxt8rtRaOzMkSk49zIKE_NfqTndHvGbWHchZskW3xmY" "email denny@example.com matrixrocks" -> "bxt8rtRaOzMkSk49zIKE_NfqTndHvGbWHchZskW3xmY"
POST /_matrix/identity/v2/lookup POST /_matrix/identity/v2/lookup
@ -238,11 +239,11 @@ lookup pepper, as no hashing will occur. Appending a space and the 3PID
medium to each address is still necessary: medium to each address is still necessary:
``` ```
"alice@example.com" -> "alice@example.com email" "alice@example.com" -> "email alice@example.com"
"bob@example.com" -> "bob@example.com email" "bob@example.com" -> "email bob@example.com"
"carl@example.com" -> "carl@example.com email" "carl@example.com" -> "email carl@example.com"
"12345678910" -> "12345678910 msisdn" "+1 234 567 8910" -> "msisdn 12345678910"
"denny@example.com" -> "denny@example.com email" "denny@example.com" -> "email denny@example.com"
``` ```
The client then sends these off to the identity server in a `POST` request to The client then sends these off to the identity server in a `POST` request to
@ -253,11 +254,11 @@ POST /_matrix/identity/v2/lookup
{ {
"addresses": [ "addresses": [
"alice@example.com email", "email alice@example.com",
"bob@example.com email", "email bob@example.com",
"carl@example.com email", "email carl@example.com",
"12345678910 msisdn", "msisdn 12345678910",
"denny@example.com email" "email denny@example.com"
], ],
"algorithm": "none", "algorithm": "none",
"pepper": "matrixrocks" "pepper": "matrixrocks"
@ -276,8 +277,8 @@ it has that correspond to these 3PID addresses, and returns them:
``` ```
{ {
"mappings": { "mappings": {
"alice@example.com email": "@alice:example.com", "email alice@example.com": "@alice:example.com",
"12345678910 msisdn": "@fred:example.com" "msisdn 12345678910": "@fred:example.com"
} }
} }
``` ```

Loading…
Cancel
Save