Clarify that the key backup MAC is implemented incorrectly (#1712)
* Clarify that the key backup MAC is implemented incorrectly Due to a bug in libolm, all implementations of the m.megolm_backup.v1.curve25519-aes-sha2 key backup algorithm incorrectly pass an empty string through HMAC-SHA-256 to generate the `mac` property of the `session_data`. It was intended for the entire raw encrypted data to be passed through HMAC-SHA-256, but the issue was caught too late in the process, and thus we are stuck with this until a new key backup algorithm is introduced. This commit clarifies the real-world behavior of all current implementations. Signed-off-by: Sumner Evans <sumner@beeper.com>pull/1719/head
parent
1d35e7aac6
commit
9a5cacda90
@ -0,0 +1 @@
|
|||||||
|
Clarify that the key backup MAC is implemented incorrectly and does not pass the ciphertext through HMAC-SHA-256.
|
Loading…
Reference in New Issue