|
|
@ -69,24 +69,24 @@ Messaging Algorithm Names
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
|
|
Messaging algorithm names use the extensible naming scheme used throughout this
|
|
|
|
Messaging algorithm names use the extensible naming scheme used throughout this
|
|
|
|
specification. Algorithm names that start with `m.` are reserved for algorithms
|
|
|
|
specification. Algorithm names that start with ``m.`` are reserved for
|
|
|
|
defined by this specification. Implementations wanting to experiment with new
|
|
|
|
algorithms defined by this specification. Implementations wanting to experiment
|
|
|
|
algorithms are encouraged to pick algorithm names that start with their
|
|
|
|
with new algorithms are encouraged to pick algorithm names that start with
|
|
|
|
domain to reduce the risk of collisions.
|
|
|
|
their domain to reduce the risk of collisions.
|
|
|
|
|
|
|
|
|
|
|
|
Algorithm names should be short and meaningful, and should list the primitives
|
|
|
|
Algorithm names should be short and meaningful, and should list the primitives
|
|
|
|
used by the algorithm so that it is easier to see if the algorithm is using a
|
|
|
|
used by the algorithm so that it is easier to see if the algorithm is using a
|
|
|
|
broken primitive.
|
|
|
|
broken primitive.
|
|
|
|
|
|
|
|
|
|
|
|
The name `m.olm.v1.curve25519-aes-sha2` corresponds to version 1 of the Olm
|
|
|
|
The name ``m.olm.v1.curve25519-aes-sha2`` corresponds to version 1 of the Olm
|
|
|
|
ratchet using Curve25519 for the initial key agreement, HKDF-SHA-256 for
|
|
|
|
ratchet using Curve25519 for the initial key agreement, HKDF-SHA-256 for
|
|
|
|
ratchet key derivation, Curve25519 for the DH ratchet, HMAC-SHA-256 for the
|
|
|
|
ratchet key derivation, Curve25519 for the DH ratchet, HMAC-SHA-256 for the
|
|
|
|
hash ratchet, and HKDF-SHA-256, AES-256 in CBC mode, and 8 byte truncated
|
|
|
|
hash ratchet, and HKDF-SHA-256, AES-256 in CBC mode, and 8 byte truncated
|
|
|
|
HMAC-SHA-256 for authenticated encryption.
|
|
|
|
HMAC-SHA-256 for authenticated encryption.
|
|
|
|
|
|
|
|
|
|
|
|
A name of `m.olm.v1` is too short: it gives no information about the primitives
|
|
|
|
A name of ``m.olm.v1`` is too short: it gives no information about the primitives
|
|
|
|
in use, and is difficult to extend for different primitives. However a name of
|
|
|
|
in use, and is difficult to extend for different primitives. However a name of
|
|
|
|
`m.olm.v1.ecdh-curve25519-hdkfsha256.hmacsha256.hkdfsha256-aes256-cbc-hmac64sha256`
|
|
|
|
``m.olm.v1.ecdh-curve25519-hdkfsha256.hmacsha256.hkdfsha256-aes256-cbc-hmac64sha256``
|
|
|
|
is too long despite giving a more precise description of the algorithm: it adds
|
|
|
|
is too long despite giving a more precise description of the algorithm: it adds
|
|
|
|
to the data transfer overhead and sacrifices clarity for human readers without
|
|
|
|
to the data transfer overhead and sacrifices clarity for human readers without
|
|
|
|
adding any useful extra information.
|
|
|
|
adding any useful extra information.
|
|
|
@ -94,10 +94,10 @@ adding any useful extra information.
|
|
|
|
Key Algorithms
|
|
|
|
Key Algorithms
|
|
|
|
~~~~~~~~~~~~~~
|
|
|
|
~~~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
|
|
The name `ed25519` corresponds to the Ed25519 signature algorithm. The key is
|
|
|
|
The name ``ed25519`` corresponds to the Ed25519 signature algorithm. The key is
|
|
|
|
a Base64 encoded 32-byte Ed25519 public key.
|
|
|
|
a Base64 encoded 32-byte Ed25519 public key.
|
|
|
|
|
|
|
|
|
|
|
|
The name `curve25519` corresponds to the Curve25519 ECDH algorithm. The key is
|
|
|
|
The name ``curve25519`` corresponds to the Curve25519 ECDH algorithm. The key is
|
|
|
|
a Base64 encoded 32-byte Curve25519 public key.
|
|
|
|
a Base64 encoded 32-byte Curve25519 public key.
|
|
|
|
|
|
|
|
|
|
|
|
Client Behaviour
|
|
|
|
Client Behaviour
|
|
|
|