From 0fd4fe254207badb98be9eb1fc968db8913bc323 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Wed, 26 Jun 2019 10:55:44 +0100 Subject: [PATCH] Add algo/pepper to err resp --- proposals/2134-identity-hash-lookup.md | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/proposals/2134-identity-hash-lookup.md b/proposals/2134-identity-hash-lookup.md index 34e9b0a6..accadc25 100644 --- a/proposals/2134-identity-hash-lookup.md +++ b/proposals/2134-identity-hash-lookup.md @@ -28,8 +28,10 @@ other endpoints): - `/_matrix/identity/v2/lookup` - `/_matrix/identity/v2/bulk_lookup` -`address` MUST no longer be in a plain-text format, but rather will be a peppered hash -value, and the resulting digest MUST be encoded in unpadded base64. +`address` MUST no longer be in a plain-text format, but rather will be a +peppered hash value, and the resulting digest MUST be encoded in URL-safe +unpadded base64 (similar to [room version 4's event +IDs](https://matrix.org/docs/spec/rooms/v4#event-ids)). Identity servers must specify their own hashing algorithms (from a list of specified values) and pepper, which will be useful if a rainbow table is @@ -119,8 +121,23 @@ following: } ``` -If the pepper does not match the server's, the server should return a `400 -M_INVALID_PARAM`. +If the algorithm does not match the server's, the server should return a `400 +M_INVALID_PARAM`. If the pepper does not match the server's, the server should +return a new error code, 400 `M_INVALID_PEPPER`. A new error code is not +defined for an invalid algorithm as that is considered a client bug. Each of +these error responses should contain the correct `algorithm` and +`lookup_pepper` fields. This is to prevent the client from needing to query +`/hash_details` again, thus saving a round-trip. An example response to an +incorrect pepper would be: + +``` +{ + "error": "Incorrect value for lookup_pepper", + "errcode": "M_INVALID_PEPPER", + "algorithm": "sha256", + "lookup_pepper": "matrixrocks" +} +``` No parameter changes will be made to /bind.