archive
/
matrix-spec-proposals
mirror of https://github.com/matrix-org/matrix-spec-proposals
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

apply suggestions from review

Browse Source
pull/2536/head
Hubert Chathi 4 years ago
parent c8e816d854
commit a5ebedc131
4 changed files with 48 additions and 39 deletions
Show Stats Download Patch File Download Diff File

19
api/client-server/cross_signing.yaml
Unescape Escape View File

@ -107,19 +107,28 @@ paths:
example: {}
400:
description: |-
The input was invalid in some way. This can include one of the
The input was invalid in some way. This can include one of the
following error codes:
* ``M_INVALID_SIGNATURE``: The self-signing or user-signing key
had an incorrect signature
* ``M_FORBIDDEN``: The public key of one of the keys is the same as
one of the user\'s device IDs.
* ``M_INVALID_SIGNATURE``: For example, the self-signing or
user-signing key had an incorrect signature.
* ``M_MISSING_PARAM``: No master key is available.
schema:
type: object
example: {
"errcode": "M_INVALID_SIGNATURE",
"error": "Invalid signature"
}
403:
description: |-
The public key of one of the keys is the same as one of the user\'s
device IDs or the request is unauthorized.
schema:
type: object
example: {
"errcode": "M_FORBIDDEN",
"error": "Key ID in use"
}
"/keys/signatures/upload":
post:
summary: Upload cross-signing signatures.

10
api/client-server/login.yaml
Unescape Escape View File

@ -123,8 +123,10 @@ paths:
type: string
description: |-
ID of the client device. If this does not correspond to a
known client device, a new device will be created. The server
will auto-generate a device_id if this is not specified.
known client device, a new device will be created. The given
device ID must not be the same as a `cross-signing key ID
<#cross-signing>`_. The server will auto-generate a device_id
if this is not specified.
initial_device_display_name:
type: string
description: |-
@ -195,7 +197,9 @@ paths:
403:
description: |-
The login attempt failed. This can include one of the following error codes:
* ``M_FORBIDDEN``: The provided authentication data was incorrect.
* ``M_FORBIDDEN``: The provided authentication data was incorrect
or the requested device ID is the same as a cross-signing key
ID.
* ``M_USER_DEACTIVATED``: The user has been deactivated.
examples:
application/json: {

44
api/server-server/definitions/event-schemas/m.signing_key_update.yaml
Unescape Escape View File

@ -37,32 +37,28 @@ allOf:
example: "@alice:example.com"
master_key:
type: object
allOf:
- $ref: ../../../client-server/definitions/cross_signing_key.yaml
# FIXME: why isn't the doc generator picking up this example?
- example: {
"user_id": "@alice:example.com",
"usage": ["self_signing"],
"keys": {
"ed25519:base64+self+signing+public+key": "base64+self+signing+master+public+key",
},
"signatures": {
"@alice:example.com": {
"ed25519:base64+master+public+key": "signature+of+self+signing+key"
}
}
}
$ref: ../../../client-server/definitions/cross_signing_key.yaml
example: {
"user_id": "@alice:example.com",
"usage": ["master"],
"keys": {
"ed25519:base64+master+public+key": "base64+master+public+key",
}
}
self_signing_key:
type: object
allOf:
- $ref: ../../../client-server/definitions/cross_signing_key.yaml
# FIXME: why isn't the doc generator picking up this example?
- example: {
"user_id": "@alice:example.com",
"usage": ["master"],
"keys": {
"ed25519:base64+master+public+key": "base64+master+public+key",
}
$ref: ../../../client-server/definitions/cross_signing_key.yaml
example: {
"user_id": "@alice:example.com",
"usage": ["self_signing"],
"keys": {
"ed25519:base64+self+signing+public+key": "base64+self+signing+master+public+key",
},
"signatures": {
"@alice:example.com": {
"ed25519:base64+master+public+key": "signature+of+self+signing+key"
}
}
}
required:
- user_id

14
specification/modules/end_to_end_encryption.rst
Unescape Escape View File

@ -848,13 +848,13 @@ that she cannot see:
| +------+ | | +----+ |
+----------------+ +--------------+
Verification methods can be used to verify a user's master key by using the
master public key, encoded using unpadded base64, as the device ID, and
treating it as a normal device. For example, if Alice and Bob verify each other
using SAS, Alice's ``m.key.verification.mac`` message to Bob may include
``"ed25519:alices+master+public+key": "alices+master+public+key"`` in the ``mac``
property. Servers therefore must ensure that device IDs will not collide with
cross-signing public keys.
`Verification methods <#device-verification>`_ can be used to verify a user's
master key by using the master public key, encoded using unpadded base64, as
the device ID, and treating it as a normal device. For example, if Alice and
Bob verify each other using SAS, Alice's ``m.key.verification.mac`` message to
Bob may include ``"ed25519:alices+master+public+key":
"alices+master+public+key"`` in the ``mac`` property. Servers therefore must
ensure that device IDs will not collide with cross-signing public keys.
Key and signature security
<<<<<<<<<<<<<<<<<<<<<<<<<<

Write Preview
Loading…
Cancel
Save