matrix-spec

Commit Graph

Author	SHA1	Message	Date
Sumner Evans	9a5cacda90	Clarify that the key backup MAC is implemented incorrectly (#1712 ) * Clarify that the key backup MAC is implemented incorrectly Due to a bug in libolm, all implementations of the m.megolm_backup.v1.curve25519-aes-sha2 key backup algorithm incorrectly pass an empty string through HMAC-SHA-256 to generate the `mac` property of the `session_data`. It was intended for the entire raw encrypted data to be passed through HMAC-SHA-256, but the issue was caught too late in the process, and thus we are stuck with this until a new key backup algorithm is introduced. This commit clarifies the real-world behavior of all current implementations. Signed-off-by: Sumner Evans <sumner@beeper.com>	10 months ago

Author

SHA1

Message

Date

Sumner Evans

9a5cacda90

Clarify that the key backup MAC is implemented incorrectly (#1712 )

* Clarify that the key backup MAC is implemented incorrectly

Due to a bug in libolm, all implementations of the
m.megolm_backup.v1.curve25519-aes-sha2 key backup algorithm incorrectly
pass an empty string through HMAC-SHA-256 to generate the `mac` property
of the `session_data`.

It was intended for the entire raw encrypted data to be passed through
HMAC-SHA-256, but the issue was caught too late in the process, and thus
we are stuck with this until a new key backup algorithm is introduced.

This commit clarifies the real-world behavior of all current
implementations.

Signed-off-by: Sumner Evans <sumner@beeper.com>

1 Commits (4d7e33ec26b232501c550d2dc11bf50742a5c4b8)