Merge pull request #416 from matrix-org/rav/e2e_impl_sign_one_time_keys

E2e impl guide: sign one-time keys
pull/977/head
Richard van der Hoff 8 years ago committed by GitHub
commit 0c3ecad3d4

@ -132,18 +132,18 @@ should construct a JSON object as follows:
{ {
"algorithms": ["m.olm.v1.curve25519-aes-sha2", "m.megolm.v1.aes-sha2"], "algorithms": ["m.olm.v1.curve25519-aes-sha2", "m.megolm.v1.aes-sha2"],
"device_id": "<deviceId>", "device_id": "<device_id>",
"keys": { "keys": {
"curve25519:<deviceId>": "<curve25519_key>", "curve25519:<device_id>": "<curve25519_key>",
"ed25519:<deviceId>": "<ed25519_key>" "ed25519:<device_id>": "<ed25519_key>"
}, },
"user_id: <userId>" "user_id: <user_id>"
} }
The object should be formatted as `Canonical The object should be formatted as `Canonical
JSON <http://matrix.org/docs/spec/server_server/unstable.html#canonical-json>`__, JSON <http://matrix.org/docs/spec/server_server/unstable.html#canonical-json>`__,
then signed with ``olm_account_sign``; the signature should be added to then signed with ``olm_account_sign``; the signature should be added to
the JSON as ``signatures.<userId>.ed25519:<deviceId>``. the JSON as ``signatures.<user_id>.ed25519:<device_id>``.
The signed JSON is then uploaded via The signed JSON is then uploaded via
``POST /_matrix/client/unstable/keys/upload``. ``POST /_matrix/client/unstable/keys/upload``.
@ -168,7 +168,7 @@ maintain about half this number on the homeserver.
To generate new one-time keys: To generate new one-time keys:
* Call ``olm_account_generate_one_time_keys`` to generate new keys * Call ``olm_account_generate_one_time_keys`` to generate new keys.
* Call ``olm_account_one_time_keys`` to retrieve the unpublished keys. This * Call ``olm_account_one_time_keys`` to retrieve the unpublished keys. This
returns a JSON-formatted object with the single property ``curve25519``, returns a JSON-formatted object with the single property ``curve25519``,
@ -184,22 +184,60 @@ To generate new one-time keys:
} }
} }
* Construct a JSON object as follows: * Each key should be signed with the account key. To do this:
* Construct a JSON object as follows:
.. code:: json
{
"key": "<curve25519_key>"
}
* Call ``olm_account_sign`` to calculate the signature.
* Add the signature should be added to the JSON as
``signatures.<user_id>.ed25519:<device_id>``.
* The complete key object should now look like:
.. code:: json
{
"key": "wo76WcYtb0Vk/pBOdmduiGJ0wIEjW4IBMbbQn7aSnTo",
"signatures": {
"@alice:example.com": {
"ed25519:JLAFKJWSCS": "dSO80A01XiigH3uBiDVx/EjzaoycHcjq9lfQX0uWsqxl2giMIiSPR8a4d291W1ihKJL/a+myXS367WT6NAIcBA"
}
}
}
* Aggregate all the signed one-time keys into a single JSON object as follows:
.. code:: json .. code:: json
{ {
"one_time_keys": { "one_time_keys": {
"curve25519:<keyId>": "<curve25519_key>", "signed_curve25519:<key_id>": {
"key": "<curve25519_key>",
"signatures": {
"<user_id>": {
"ed25519:<device_id>": "<signature>"
}
}
},
"signed_curve25519:<key_id>": {
...
},
... ...
} }
} }
* Upload the object via ``POST /_matrix/client/unstable/keys/upload``. (Unlike * Upload the object via ``POST /_matrix/client/unstable/keys/upload``.
the device keys, the one-time keys are **not** signed.
* Call ``olm_account_mark_keys_as_published`` to tell the olm library not to * Call ``olm_account_mark_keys_as_published`` to tell the olm library not to
return the same keys from a future call to ``olm_account_one_time_keys``\. return the same keys from a future call to ``olm_account_one_time_keys``.
Configuring a room to use encryption Configuring a room to use encryption
------------------------------------ ------------------------------------
@ -407,20 +445,20 @@ object containing information on the device, as follows:
{ {
"algorithms": [...], "algorithms": [...],
"device_id": "<deviceId>", "device_id": "<device_id>",
"keys": { "keys": {
"curve25519:<deviceId>": "<curve25519_key>", "curve25519:<device_id>": "<curve25519_key>",
"ed25519:<deviceId>": "<ed25519_key>" "ed25519:<device_id>": "<ed25519_key>"
}, },
"signatures": { "signatures": {
"<userId>": { "<userId>": {
"ed25519:<deviceId>": "<signature>" "ed25519:<device_id>": "<signature>"
}, },
}, },
"unsigned": { "unsigned": {
"device_display_name": "<display name>" "device_display_name": "<display name>"
}, },
"user_id: <userId>" "user_id: <user_id>"
} }
The client should first check the signature on this object. To do this, The client should first check the signature on this object. To do this,
@ -601,7 +639,7 @@ create a query object as follows:
{ {
"<user id>": { "<user id>": {
"<device_id>": "curve25519", "<device_id>": "signed_curve25519",
... ...
}, },
... ...
@ -617,15 +655,29 @@ This will return a result as follows:
{ {
"<user id>": { "<user id>": {
"<device_id>": { "<device_id>": {
"curve25519:<key_id>": "<one-time key>" "signed_curve25519:<key_id>": {
"key": "<curve25519_key>",
"signatures": {
"<user_id>": {
"ed25519:<device_id>": "<signature>"
}
}
},
}, },
... ...
}, },
... ...
} }
The client should then pass this key, along with the Curve25519 Identity The client should first check the signatures on the signed key objects. As with
key for the remote device, into ``olm_create_outbound_session``. checking the signatures on the device keys, it should remove the ``signatures``
and (if present) ``unsigned`` properties, format the remainder as Canonical
JSON, and pass the result into ``olm_ed25519_verify``, using the Ed25519 device
key for the ``key`` parameter.
Provided the key object passes verification, the client should then pass the
key, along with the Curve25519 Identity key for the remote device, into
``olm_create_outbound_session``.
Handling membership changes Handling membership changes
--------------------------- ---------------------------

Loading…
Cancel
Save