From 6161a920b6b3b54b6806c01011acf374ca45f180 Mon Sep 17 00:00:00 2001 From: Daniel Wagner-Hall Date: Fri, 16 Oct 2015 18:29:20 +0100 Subject: [PATCH 1/4] Update 3pid invite section to reflect signed property --- event-schemas/examples/v1/m.room.member | 10 +++++++++- event-schemas/schema/v1/m.room.member | 20 ++++++++++++++++--- specification/modules/third_party_invites.rst | 12 ++++++----- 3 files changed, 33 insertions(+), 9 deletions(-) diff --git a/event-schemas/examples/v1/m.room.member b/event-schemas/examples/v1/m.room.member index a5ab79b5..4d7896f6 100644 --- a/event-schemas/examples/v1/m.room.member +++ b/event-schemas/examples/v1/m.room.member @@ -8,7 +8,15 @@ "token": "pc98", "public_key": "abc123", "key_validity_url": "https://magic.forest/verifykey", - "signature": "q1w2e3", + "signed": { + "mxid": "@alice:localhost", + "token": "pc98", + "signatures": { + "magic.forest": { + "ed25519:0": "poi098" + } + } + }, "sender": "@zun:zun.soft" } }, diff --git a/event-schemas/schema/v1/m.room.member b/event-schemas/schema/v1/m.room.member index 912f6cf3..205c426e 100644 --- a/event-schemas/schema/v1/m.room.member +++ b/event-schemas/schema/v1/m.room.member @@ -38,9 +38,23 @@ "type": "string", "description": "A base64-encoded ed25519 key with which token must be signed." }, - "signature": { - "type": "string", - "description": "A base64-encoded signature of token with public_key." + "signed": { + "type": "object", + "title": "signed_third_party_invite", + "properties": { + "mxid": { + "type": "string", + "description": "The invited matrix user ID. Must be equal to the user_id property of the event." + }, + "token": { + "type": "string", + "description": "The token property of the containing third_party_invite object.", + }, + "signatures": { + "type": "object", + "description": "A single signature from the verifying server, in the format specified by the Signing Events section." + } + } }, "sender": { "type": "string", diff --git a/specification/modules/third_party_invites.rst b/specification/modules/third_party_invites.rst index a9883db5..ebca59cf 100644 --- a/specification/modules/third_party_invites.rst +++ b/specification/modules/third_party_invites.rst @@ -36,7 +36,8 @@ A client asks a server to invite a user by their third party identifier. Server behaviour ---------------- -All homeservers MUST verify that sig(``token``, ``public_key``) = ``signature``. +All homeservers MUST verify the signature in the ``signed`` property of the +``third_party_invite`` property in the ``content`` the event. If a client of the current homeserver is joining by an ``m.room.third_party_invite``, that homesever MUST validate that the public @@ -93,11 +94,12 @@ For example: When the third party user validates their identity, they are told about the invite, and ask their homeserver, H3, to join the room. - H3 validates that sign(``token``, ``public_key``) = ``signature``, and may check - ``key_validity_url``. + H3 validates that signature in the ``signed`` property of the + ``third_party_invite`` property of the ``content`` property of the event, + and may check ``key_validity_url``. - H3 then asks H1 to join it to the room. H1 *must* validate that - sign(``token``, ``public_key``) = ``signature`` *and* check ``key_validity_url``. + H3 then asks H1 to join it to the room. H1 *must* validate the ``signed`` + property *and* check ``key_validity_url``. Having validated these things, H1 writes the join event to the room, and H3 begins participating in the room. H2 *must* accept this event. From a38e0862cf0b325c7ab57b4624d9c9c90a337388 Mon Sep 17 00:00:00 2001 From: Daniel Wagner-Hall Date: Fri, 16 Oct 2015 18:56:07 +0100 Subject: [PATCH 2/4] Fix required field names --- event-schemas/schema/v1/m.room.member | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/event-schemas/schema/v1/m.room.member b/event-schemas/schema/v1/m.room.member index 205c426e..c52d0d4c 100644 --- a/event-schemas/schema/v1/m.room.member +++ b/event-schemas/schema/v1/m.room.member @@ -54,14 +54,15 @@ "type": "object", "description": "A single signature from the verifying server, in the format specified by the Signing Events section." } - } + }, + "required": ["mxid", "signatures", "token"] }, "sender": { "type": "string", "description": "The matrix user ID of the user who send the invite which is being used." } }, - "required": ["token", "key_validity_url", "public_key", "signature", "sender"] + "required": ["token", "key_validity_url", "public_key", "sender", "signed"] } }, "required": ["membership"] From c70067dd1e7eb26c5f1e17ccab5f3a7fbc786ae0 Mon Sep 17 00:00:00 2001 From: Daniel Wagner-Hall Date: Mon, 19 Oct 2015 10:44:26 +0100 Subject: [PATCH 3/4] Simplify language --- specification/modules/third_party_invites.rst | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/specification/modules/third_party_invites.rst b/specification/modules/third_party_invites.rst index ebca59cf..85538c31 100644 --- a/specification/modules/third_party_invites.rst +++ b/specification/modules/third_party_invites.rst @@ -36,8 +36,8 @@ A client asks a server to invite a user by their third party identifier. Server behaviour ---------------- -All homeservers MUST verify the signature in the ``signed`` property of the -``third_party_invite`` property in the ``content`` the event. +All homeservers MUST verify the signature in the event's +``content.third_party_invite.signed`` object. If a client of the current homeserver is joining by an ``m.room.third_party_invite``, that homesever MUST validate that the public @@ -94,9 +94,8 @@ For example: When the third party user validates their identity, they are told about the invite, and ask their homeserver, H3, to join the room. - H3 validates that signature in the ``signed`` property of the - ``third_party_invite`` property of the ``content`` property of the event, - and may check ``key_validity_url``. + H3 validates the signature in the event's + ``content.third_party_invite.signed`` object. H3 then asks H1 to join it to the room. H1 *must* validate the ``signed`` property *and* check ``key_validity_url``. From f51e0310668b32ec766f1d8a28076e4affe123c0 Mon Sep 17 00:00:00 2001 From: Daniel Wagner-Hall Date: Mon, 19 Oct 2015 12:36:10 +0100 Subject: [PATCH 4/4] Fix JSON --- event-schemas/schema/v1/m.room.member | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/event-schemas/schema/v1/m.room.member b/event-schemas/schema/v1/m.room.member index c52d0d4c..e0ad673c 100644 --- a/event-schemas/schema/v1/m.room.member +++ b/event-schemas/schema/v1/m.room.member @@ -40,7 +40,7 @@ }, "signed": { "type": "object", - "title": "signed_third_party_invite", + "title": "signed", "properties": { "mxid": { "type": "string", @@ -48,11 +48,12 @@ }, "token": { "type": "string", - "description": "The token property of the containing third_party_invite object.", + "description": "The token property of the containing third_party_invite object." }, "signatures": { "type": "object", - "description": "A single signature from the verifying server, in the format specified by the Signing Events section." + "description": "A single signature from the verifying server, in the format specified by the Signing Events section.", + "title": "Signatures" } }, "required": ["mxid", "signatures", "token"]