sas: clarify ECDH process in step 12 (#1720)

Co-authored-by: Denis Kasak <dkasak@termina.org.uk>
pull/1734/head
Sumner Evans 9 months ago committed by GitHub
parent 6096a28984
commit 9a1f0ad532
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

@ -0,0 +1 @@
Clarify how to perform the ECDH exchange in step 12 of the SAS process.

@ -660,10 +660,12 @@ The process between Alice and Bob verifying each other would be:
11. Alice's device receives Bob's message and verifies the commitment 11. Alice's device receives Bob's message and verifies the commitment
hash from earlier matches the hash of the key Bob's device just sent hash from earlier matches the hash of the key Bob's device just sent
and the content of Alice's `m.key.verification.start` message. and the content of Alice's `m.key.verification.start` message.
12. Both Alice and Bob's devices perform an Elliptic-curve 12. Both Alice's and Bob's devices perform an Elliptic-curve Diffie-Hellman using
Diffie-Hellman their private ephemeral key, and the other device's ephemeral public key
(*ECDH(K<sub>A</sub><sup>private</sup>*,*K<sub>B</sub><sup>public</sup>*)), (*ECDH(K<sub>A</sub><sup>private</sup>*,*K<sub>B</sub><sup>public</sup>*)
using the result as the shared secret. for Alice's device and
*ECDH(K<sub>B</sub><sup>private</sup>*,*K<sub>A</sub><sup>public</sup>*)
for Bob's device), using the result as the shared secret.
13. Both Alice and Bob's devices display a SAS to their users, which is 13. Both Alice and Bob's devices display a SAS to their users, which is
derived from the shared key using one of the methods in this derived from the shared key using one of the methods in this
section. If multiple SAS methods are available, clients should allow section. If multiple SAS methods are available, clients should allow

Loading…
Cancel
Save