|
|
|
|
@ -4,7 +4,7 @@ weight: 70
|
|
|
|
|
type: docs
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
# Unpadded Base64
|
|
|
|
|
## Unpadded Base64
|
|
|
|
|
|
|
|
|
|
*Unpadded* Base64 refers to 'standard' Base64 encoding as defined in
|
|
|
|
|
[RFC 4648](https://tools.ietf.org/html/rfc4648), without "=" padding.
|
|
|
|
|
@ -47,7 +47,7 @@ When decoding Base64, implementations SHOULD accept input with or
|
|
|
|
|
without padding characters wherever possible, to ensure maximum
|
|
|
|
|
interoperability.
|
|
|
|
|
|
|
|
|
|
# Signing JSON
|
|
|
|
|
## Signing JSON
|
|
|
|
|
|
|
|
|
|
Various points in the Matrix specification require JSON objects to be
|
|
|
|
|
cryptographically signed. This requires us to encode the JSON as a
|
|
|
|
|
@ -60,7 +60,7 @@ bytes using [Canonical JSON](#canonical-json), computing the signature
|
|
|
|
|
for that sequence and then adding the signature to the original JSON
|
|
|
|
|
object.
|
|
|
|
|
|
|
|
|
|
## Canonical JSON
|
|
|
|
|
### Canonical JSON
|
|
|
|
|
|
|
|
|
|
We define the canonical JSON encoding for a value to be the shortest
|
|
|
|
|
UTF-8 JSON encoding with dictionary keys lexicographically sorted by
|
|
|
|
|
@ -101,7 +101,7 @@ Float values are not permitted by this encoding.
|
|
|
|
|
# Encode the resulting Unicode as UTF-8 bytes.
|
|
|
|
|
).encode("UTF-8")
|
|
|
|
|
|
|
|
|
|
### Grammar
|
|
|
|
|
#### Grammar
|
|
|
|
|
|
|
|
|
|
Adapted from the grammar in <http://tools.ietf.org/html/rfc7159>
|
|
|
|
|
removing insignificant whitespace, fractions, exponents and redundant
|
|
|
|
|
@ -130,7 +130,7 @@ character escapes.
|
|
|
|
|
/ %x75.30.30.30 (%x30-37 / %x62 / %x65-66) ; u000X
|
|
|
|
|
/ %x75.30.30.31 (%x30-39 / %x61-66) ; u001X
|
|
|
|
|
|
|
|
|
|
### Examples
|
|
|
|
|
#### Examples
|
|
|
|
|
|
|
|
|
|
To assist in the development of compatible implementations, the
|
|
|
|
|
following test values may be useful for verifying the canonical
|
|
|
|
|
@ -241,7 +241,7 @@ The following canonical JSON should be produced:
|
|
|
|
|
|
|
|
|
|
{"a":null}
|
|
|
|
|
|
|
|
|
|
## Signing Details
|
|
|
|
|
### Signing Details
|
|
|
|
|
|
|
|
|
|
JSON is signed by encoding the JSON object without `signatures` or keys
|
|
|
|
|
grouped as `unsigned`, using the canonical encoding described above. The
|
|
|
|
|
@ -294,7 +294,7 @@ timestamps and additional signatures.
|
|
|
|
|
|
|
|
|
|
return json_object
|
|
|
|
|
|
|
|
|
|
## Checking for a Signature
|
|
|
|
|
### Checking for a Signature
|
|
|
|
|
|
|
|
|
|
To check if an entity has signed a JSON object an implementation does
|
|
|
|
|
the following:
|
|
|
|
|
@ -318,13 +318,13 @@ the following:
|
|
|
|
|
*verification key*. If this fails then the check fails. Otherwise
|
|
|
|
|
the check succeeds.
|
|
|
|
|
|
|
|
|
|
# Identifier Grammar
|
|
|
|
|
## Identifier Grammar
|
|
|
|
|
|
|
|
|
|
Some identifiers are specific to given room versions, please refer to
|
|
|
|
|
the [room versions specification](index.html#room-versions) for more
|
|
|
|
|
information.
|
|
|
|
|
|
|
|
|
|
## Server Name
|
|
|
|
|
### Server Name
|
|
|
|
|
|
|
|
|
|
A homeserver is uniquely identified by its server name. This value is
|
|
|
|
|
used in a number of identifiers, as described below.
|
|
|
|
|
@ -389,7 +389,7 @@ Some recommendations for a choice of server name follow:
|
|
|
|
|
characters.
|
|
|
|
|
- Server names should not use upper-case characters.
|
|
|
|
|
|
|
|
|
|
## Common Identifier Format
|
|
|
|
|
### Common Identifier Format
|
|
|
|
|
|
|
|
|
|
The Matrix protocol uses a common format to assign unique identifiers to
|
|
|
|
|
a number of entities, including users, events and rooms. Each identifier
|
|
|
|
|
@ -422,7 +422,7 @@ depends on the type of identifier. For example, event IDs can sometimes
|
|
|
|
|
be represented with a `domain` component under some conditions - see the
|
|
|
|
|
[Event IDs](#room-ids-and-event-ids) section below for more information.
|
|
|
|
|
|
|
|
|
|
### User Identifiers
|
|
|
|
|
#### User Identifiers
|
|
|
|
|
|
|
|
|
|
Users within Matrix are uniquely identified by their Matrix user ID. The
|
|
|
|
|
user ID is namespaced to the homeserver which allocated the account and
|
|
|
|
|
@ -486,7 +486,7 @@ over the actual content of the events.
|
|
|
|
|
|
|
|
|
|
Matrix user IDs are sometimes informally referred to as MXIDs.
|
|
|
|
|
|
|
|
|
|
#### Historical User IDs
|
|
|
|
|
##### Historical User IDs
|
|
|
|
|
|
|
|
|
|
Older versions of this specification were more tolerant of the
|
|
|
|
|
characters permitted in user ID localparts. There are currently active
|
|
|
|
|
@ -498,7 +498,7 @@ character set:
|
|
|
|
|
|
|
|
|
|
extended_user_id_char = %x21-39 / %x3B-7E ; all ASCII printing chars except :
|
|
|
|
|
|
|
|
|
|
#### Mapping from other character sets
|
|
|
|
|
##### Mapping from other character sets
|
|
|
|
|
|
|
|
|
|
In certain circumstances it will be desirable to map from a wider
|
|
|
|
|
character set onto the limited character set allowed in a user ID
|
|
|
|
|
@ -529,7 +529,7 @@ simple ASCII identifiers (unlike, for example, base-32), whilst still
|
|
|
|
|
allowing representation of *any* character (unlike punycode, which
|
|
|
|
|
provides no way to encode ASCII punctuation).
|
|
|
|
|
|
|
|
|
|
### Room IDs and Event IDs
|
|
|
|
|
#### Room IDs and Event IDs
|
|
|
|
|
|
|
|
|
|
A room has exactly one room ID. A room ID has the format:
|
|
|
|
|
|
|
|
|
|
@ -548,7 +548,7 @@ Event IDs and Room IDs are case-sensitive. They are not meant to be
|
|
|
|
|
human-readable. They are intended to be treated as fully opaque strings
|
|
|
|
|
by clients.
|
|
|
|
|
|
|
|
|
|
### Group Identifiers
|
|
|
|
|
#### Group Identifiers
|
|
|
|
|
|
|
|
|
|
Groups within Matrix are uniquely identified by their group ID. The
|
|
|
|
|
group ID is namespaced to the group server which hosts this group and
|
|
|
|
|
@ -574,7 +574,7 @@ The complete grammar for a legal group ID is:
|
|
|
|
|
/ %x61-7A ; a-z
|
|
|
|
|
/ "-" / "." / "=" / "_" / "/"
|
|
|
|
|
|
|
|
|
|
### Room Aliases
|
|
|
|
|
#### Room Aliases
|
|
|
|
|
|
|
|
|
|
A room may have zero or more aliases. A room alias has the format:
|
|
|
|
|
|
|
|
|
|
@ -587,7 +587,7 @@ homeserver to look up the alias.
|
|
|
|
|
Room aliases MUST NOT exceed 255 bytes (including the `#` sigil and the
|
|
|
|
|
domain).
|
|
|
|
|
|
|
|
|
|
### matrix.to navigation
|
|
|
|
|
#### matrix.to navigation
|
|
|
|
|
|
|
|
|
|
Note
|
|
|
|
|
|
|
|
|
|
@ -648,7 +648,7 @@ extra slashes appearing due to some [room
|
|
|
|
|
versions](index.html#room-versions). These slashes should normally be
|
|
|
|
|
encoded when producing matrix.to URIs, however.
|
|
|
|
|
|
|
|
|
|
#### Routing
|
|
|
|
|
##### Routing
|
|
|
|
|
|
|
|
|
|
Room IDs are not routable on their own as there is no reliable domain to
|
|
|
|
|
send requests to. This is partially mitigated with the addition of a
|
|
|
|
|
@ -702,7 +702,7 @@ unique servers based on the following criteria:
|
|
|
|
|
specify the servers it can. For example, a room with only 2 users in
|
|
|
|
|
it would result in maximum 2 `via` parameters.
|
|
|
|
|
|
|
|
|
|
# 3PID Types
|
|
|
|
|
## 3PID Types
|
|
|
|
|
|
|
|
|
|
Third Party Identifiers (3PIDs) represent identifiers on other
|
|
|
|
|
namespaces that might be associated with a particular person. They
|
|
|
|
|
@ -722,7 +722,7 @@ rather than `bob@Example.com`.
|
|
|
|
|
The namespaces defined by this specification are listed below. More
|
|
|
|
|
namespaces may be defined in future versions of this specification.
|
|
|
|
|
|
|
|
|
|
## E-Mail
|
|
|
|
|
### E-Mail
|
|
|
|
|
|
|
|
|
|
Medium: `email`
|
|
|
|
|
|
|
|
|
|
@ -730,7 +730,7 @@ Represents E-Mail addresses. The `address` is the raw email address in
|
|
|
|
|
`user@domain` form with the domain in lowercase. It must not contain
|
|
|
|
|
other text such as real name, angle brackets or a mailto: prefix.
|
|
|
|
|
|
|
|
|
|
## PSTN Phone numbers
|
|
|
|
|
### PSTN Phone numbers
|
|
|
|
|
|
|
|
|
|
Medium: `msisdn`
|
|
|
|
|
|
|
|
|
|
@ -739,9 +739,9 @@ The `address` is the telephone number represented as a MSISDN (Mobile
|
|
|
|
|
Station International Subscriber Directory Number) as defined by the
|
|
|
|
|
E.164 numbering plan. Note that MSISDNs do not include a leading '+'.
|
|
|
|
|
|
|
|
|
|
# Security Threat Model
|
|
|
|
|
## Security Threat Model
|
|
|
|
|
|
|
|
|
|
## Denial of Service
|
|
|
|
|
### Denial of Service
|
|
|
|
|
|
|
|
|
|
The attacker could attempt to prevent delivery of messages to or from
|
|
|
|
|
the victim in order to:
|
|
|
|
|
@ -750,18 +750,18 @@ the victim in order to:
|
|
|
|
|
- Censor a discussion or censor a participant in a discussion.
|
|
|
|
|
- Perform general vandalism.
|
|
|
|
|
|
|
|
|
|
### Threat: Resource Exhaustion
|
|
|
|
|
#### Threat: Resource Exhaustion
|
|
|
|
|
|
|
|
|
|
An attacker could cause the victim's server to exhaust a particular
|
|
|
|
|
resource (e.g. open TCP connections, CPU, memory, disk storage)
|
|
|
|
|
|
|
|
|
|
### Threat: Unrecoverable Consistency Violations
|
|
|
|
|
#### Threat: Unrecoverable Consistency Violations
|
|
|
|
|
|
|
|
|
|
An attacker could send messages which created an unrecoverable
|
|
|
|
|
"split-brain" state in the cluster such that the victim's servers could
|
|
|
|
|
no longer derive a consistent view of the chatroom state.
|
|
|
|
|
|
|
|
|
|
### Threat: Bad History
|
|
|
|
|
#### Threat: Bad History
|
|
|
|
|
|
|
|
|
|
An attacker could convince the victim to accept invalid messages which
|
|
|
|
|
the victim would then include in their view of the chatroom history.
|
|
|
|
|
@ -769,22 +769,22 @@ Other servers in the chatroom would reject the invalid messages and
|
|
|
|
|
potentially reject the victims messages as well since they depended on
|
|
|
|
|
the invalid messages.
|
|
|
|
|
|
|
|
|
|
### Threat: Block Network Traffic
|
|
|
|
|
#### Threat: Block Network Traffic
|
|
|
|
|
|
|
|
|
|
An attacker could try to firewall traffic between the victim's server
|
|
|
|
|
and some or all of the other servers in the chatroom.
|
|
|
|
|
|
|
|
|
|
### Threat: High Volume of Messages
|
|
|
|
|
#### Threat: High Volume of Messages
|
|
|
|
|
|
|
|
|
|
An attacker could send large volumes of messages to a chatroom with the
|
|
|
|
|
victim making the chatroom unusable.
|
|
|
|
|
|
|
|
|
|
### Threat: Banning users without necessary authorisation
|
|
|
|
|
#### Threat: Banning users without necessary authorisation
|
|
|
|
|
|
|
|
|
|
An attacker could attempt to ban a user from a chatroom without the
|
|
|
|
|
necessary authorisation.
|
|
|
|
|
|
|
|
|
|
## Spoofing
|
|
|
|
|
### Spoofing
|
|
|
|
|
|
|
|
|
|
An attacker could try to send a message claiming to be from the victim
|
|
|
|
|
without the victim having sent the message in order to:
|
|
|
|
|
@ -792,17 +792,17 @@ without the victim having sent the message in order to:
|
|
|
|
|
- Impersonate the victim while performing illicit activity.
|
|
|
|
|
- Obtain privileges of the victim.
|
|
|
|
|
|
|
|
|
|
### Threat: Altering Message Contents
|
|
|
|
|
#### Threat: Altering Message Contents
|
|
|
|
|
|
|
|
|
|
An attacker could try to alter the contents of an existing message from
|
|
|
|
|
the victim.
|
|
|
|
|
|
|
|
|
|
### Threat: Fake Message "origin" Field
|
|
|
|
|
#### Threat: Fake Message "origin" Field
|
|
|
|
|
|
|
|
|
|
An attacker could try to send a new message purporting to be from the
|
|
|
|
|
victim with a phony "origin" field.
|
|
|
|
|
|
|
|
|
|
## Spamming
|
|
|
|
|
### Spamming
|
|
|
|
|
|
|
|
|
|
The attacker could try to send a high volume of solicited or unsolicited
|
|
|
|
|
messages to the victim in order to:
|
|
|
|
|
@ -810,16 +810,16 @@ messages to the victim in order to:
|
|
|
|
|
- Find victims for scams.
|
|
|
|
|
- Market unwanted products.
|
|
|
|
|
|
|
|
|
|
### Threat: Unsolicited Messages
|
|
|
|
|
#### Threat: Unsolicited Messages
|
|
|
|
|
|
|
|
|
|
An attacker could try to send messages to victims who do not wish to
|
|
|
|
|
receive them.
|
|
|
|
|
|
|
|
|
|
### Threat: Abusive Messages
|
|
|
|
|
#### Threat: Abusive Messages
|
|
|
|
|
|
|
|
|
|
An attacker could send abusive or threatening messages to the victim
|
|
|
|
|
|
|
|
|
|
## Spying
|
|
|
|
|
### Spying
|
|
|
|
|
|
|
|
|
|
The attacker could try to access message contents or metadata for
|
|
|
|
|
messages sent by the victim or to the victim that were not intended to
|
|
|
|
|
@ -830,29 +830,29 @@ reach the attacker in order to:
|
|
|
|
|
(e.g. password reset messages)
|
|
|
|
|
- Discover who the victim was talking to and when.
|
|
|
|
|
|
|
|
|
|
### Threat: Disclosure during Transmission
|
|
|
|
|
#### Threat: Disclosure during Transmission
|
|
|
|
|
|
|
|
|
|
An attacker could try to expose the message contents or metadata during
|
|
|
|
|
transmission between the servers.
|
|
|
|
|
|
|
|
|
|
### Threat: Disclosure to Servers Outside Chatroom
|
|
|
|
|
#### Threat: Disclosure to Servers Outside Chatroom
|
|
|
|
|
|
|
|
|
|
An attacker could try to convince servers within a chatroom to send
|
|
|
|
|
messages to a server it controls that was not authorised to be within
|
|
|
|
|
the chatroom.
|
|
|
|
|
|
|
|
|
|
### Threat: Disclosure to Servers Within Chatroom
|
|
|
|
|
#### Threat: Disclosure to Servers Within Chatroom
|
|
|
|
|
|
|
|
|
|
An attacker could take control of a server within a chatroom to expose
|
|
|
|
|
message contents or metadata for messages in that room.
|
|
|
|
|
|
|
|
|
|
# Cryptographic Test Vectors
|
|
|
|
|
## Cryptographic Test Vectors
|
|
|
|
|
|
|
|
|
|
To assist in the development of compatible implementations, the
|
|
|
|
|
following test values may be useful for verifying the cryptographic
|
|
|
|
|
event signing code.
|
|
|
|
|
|
|
|
|
|
## Signing Key
|
|
|
|
|
### Signing Key
|
|
|
|
|
|
|
|
|
|
The following test vectors all use the 32-byte value given by the
|
|
|
|
|
following Base64-encoded string as the seed for generating the `ed25519`
|
|
|
|
|
@ -868,7 +868,7 @@ In each case, the server name and key ID are as follows:
|
|
|
|
|
|
|
|
|
|
KEY_ID = "ed25519:1"
|
|
|
|
|
|
|
|
|
|
## JSON Signing
|
|
|
|
|
### JSON Signing
|
|
|
|
|
|
|
|
|
|
Given an empty JSON object:
|
|
|
|
|
|
|
|
|
|
@ -903,7 +903,7 @@ The JSON signing algorithm should emit the following signed JSON:
|
|
|
|
|
"two": "Two"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
## Event Signing
|
|
|
|
|
### Event Signing
|
|
|
|
|
|
|
|
|
|
Given the following minimally-sized event:
|
|
|
|
|
|
|
|
|
|
|
Will
3 years ago