Compare commits
No commits in common. 'main' and 'v1.14' have entirely different histories.
@ -1,106 +0,0 @@
|
|||||||
/*
|
|
||||||
Copyright 2025 The Matrix.org Foundation C.I.C.
|
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
you may not use this file except in compliance with the License.
|
|
||||||
You may obtain a copy of the License at
|
|
||||||
|
|
||||||
http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
|
|
||||||
Unless required by applicable law or agreed to in writing, software
|
|
||||||
distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
See the License for the specific language governing permissions and
|
|
||||||
limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
// Determine the current version as defined in hugo.toml. This will either be
|
|
||||||
// "unstable" or "vX.X" and doesn't depend on the current URL.
|
|
||||||
//
|
|
||||||
// The oddity below is an attempt at producing a readable Hugo template while
|
|
||||||
// avoiding JS syntax errors in your IDE.
|
|
||||||
const currentVersion = `{{ if eq .Site.Params.version.status "unstable" }}
|
|
||||||
{{- /**/ -}}
|
|
||||||
unstable
|
|
||||||
{{- /**/ -}}
|
|
||||||
{{ else }}
|
|
||||||
{{- /**/ -}}
|
|
||||||
{{ printf "v%s.%s" .Site.Params.version.major .Site.Params.version.minor }}
|
|
||||||
{{- /**/ -}}
|
|
||||||
{{ end }}`;
|
|
||||||
|
|
||||||
// Determine the current version segment by regex matching the URL. This will either
|
|
||||||
// be "unstable", "latest", "vX.X" (production) or undefined (local & netlify).
|
|
||||||
const href = window.location.href;
|
|
||||||
const segmentMatches = href.match(/(?<=\/)unstable|latest|v\d+.\d+(?=\/)/);
|
|
||||||
const currentSegment = segmentMatches ? segmentMatches[0] : undefined;
|
|
||||||
|
|
||||||
// Determine the selected menu element. If we were able to obtain the version
|
|
||||||
// segment from the URL (production), use that. Otherwise (local & netlify),
|
|
||||||
// fall back to the version as defined in Hugo.
|
|
||||||
const selected = currentSegment ?? currentVersion;
|
|
||||||
|
|
||||||
function appendVersion(parent, name, url) {
|
|
||||||
// The list item
|
|
||||||
const li = document.createElement("li");
|
|
||||||
if (name === selected) {
|
|
||||||
li.classList.add("selected");
|
|
||||||
}
|
|
||||||
if (name === "latest") {
|
|
||||||
li.classList.add("latest");
|
|
||||||
}
|
|
||||||
parent.appendChild(li);
|
|
||||||
|
|
||||||
// The link
|
|
||||||
const a = document.createElement("a");
|
|
||||||
a.classList.add("dropdown-item");
|
|
||||||
a.setAttribute("href", url);
|
|
||||||
li.appendChild(a);
|
|
||||||
|
|
||||||
// Handle clicks manually to preserve the current path / fragment
|
|
||||||
a.addEventListener("click", (ev) => {
|
|
||||||
// If the URL is a relative link (i.e. the historical versions changelog), just
|
|
||||||
// let the browser load it
|
|
||||||
if (url.startsWith("/")) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// If we couldn't determine the current segment, we cannot safely replace
|
|
||||||
// it and have to let the browser load the (root) URL instead
|
|
||||||
if (!currentSegment) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Otherwise, stop further event handling and replace the segment
|
|
||||||
ev.preventDefault();
|
|
||||||
ev.stopPropagation();
|
|
||||||
window.location.href = href.replace(`/${currentSegment}/`, `/${name}/`);
|
|
||||||
});
|
|
||||||
|
|
||||||
// The link text
|
|
||||||
const text = document.createTextNode(name);
|
|
||||||
a.appendChild(text);
|
|
||||||
}
|
|
||||||
|
|
||||||
fetch("/latest/versions.json")
|
|
||||||
.then(r => r.json())
|
|
||||||
.then(versions => {
|
|
||||||
// Find the surrounding list element
|
|
||||||
const ul = document.querySelector("ul#version-selector");
|
|
||||||
if (!ul) {
|
|
||||||
console.error("Cannot populate version selector: ul element not found");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Add a entries for the unstable version and the "latest" shortcut
|
|
||||||
appendVersion(ul, "unstable", "https://spec.matrix.org/unstable");
|
|
||||||
appendVersion(ul, "latest", "https://spec.matrix.org/latest");
|
|
||||||
|
|
||||||
// Add an entry for each proper version
|
|
||||||
for (const version of versions) {
|
|
||||||
appendVersion(ul, version.name, `https://spec.matrix.org/${version.name}`);
|
|
||||||
}
|
|
||||||
|
|
||||||
// For historical versions, simply link to the changelog
|
|
||||||
appendVersion(ul, "historical", '{{ (site.GetPage "changelog/historical").RelPermalink }}');
|
|
||||||
});
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Fix JSON formatting in the "Server admin style permissions" examples.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Allow application services to masquerade as specific devices belonging to users, as per [MSC4326](https://github.com/matrix-org/matrix-spec-proposals/pull/4326).
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Remove legacy mentions, as per [MSC4210](https://github.com/matrix-org/matrix-spec-proposals/issues/4210).
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Push rule IDs are globally unique within their kind.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Don't advertise `creator` field in description of room creation.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
`room_id` is required for peeking via `/_matrix/client/v3/events`.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
The `server-name` segment of MXC URIs is sanitised differently from the `media-id` segment.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Allow application services to masquerade as specific devices belonging to users, as per [MSC4326](https://github.com/matrix-org/matrix-spec-proposals/pull/4326).
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Add note to each endpoint that uses capability negotiation.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Fix various typos throughout the specification.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Additional OpenGraph properties can be present in URL previews.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Fix various typos throughout the specification.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Clarify the special casing of membership events and redactions in power levels.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
`M_RESOURCE_LIMIT_EXCEEDED` is now listed as a common error code.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Add `m.login.terms` to enumeration of authentication types.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Add the `m.oauth` authentication type for User-Interactive Authentication as per [MSC4312](https://github.com/matrix-org/matrix-spec-proposals/pull/4312).
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Clarify how to use `state_after` ahead of declaring full support for its spec version.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
`device_one_time_keys_count` is only optional if no unclaimed one-time keys exist.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Clarify that servers may choose not to use `M_USER_DEACTIVATED` at login time, for example for privacy reasons when they can't authenticate deactivated users.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Minor grammatical fix in the Secrets module description.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Usage of the `event_id_only` format for push notifications is not mandatory.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Swapped icon for X (fka. twitter) to updated logo in footer.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Inline Olm & Megolm specifications.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Silence failing redocly-cli rule.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Use NPM Trusted Publishers for publishing `@matrix-org/spec` to npm.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Inline Olm & Megolm specifications.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Inline Olm & Megolm specifications.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
Add version picker in the navbar.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
In room versions 8 through 12, clarify that "sufficient permission to invite users" on restricted joins also includes being a joined member of the room.
|
|
||||||
@ -1 +0,0 @@
|
|||||||
In room versions 3 through 12, clarify that when you have the power to redact, it is possible to redact events that you don't have the power to send.
|
|
||||||
@ -1,97 +0,0 @@
|
|||||||
---
|
|
||||||
title: v1.15 Changelog
|
|
||||||
linkTitle: v1.15
|
|
||||||
type: docs
|
|
||||||
layout: changelog
|
|
||||||
outputs:
|
|
||||||
- html
|
|
||||||
- checklist
|
|
||||||
date: 2025-06-26
|
|
||||||
---
|
|
||||||
|
|
||||||
## Client-Server API
|
|
||||||
|
|
||||||
**New Endpoints**
|
|
||||||
|
|
||||||
- Add `GET /_matrix/client/v1/room_summary/{roomIdOrAlias}`, as per [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266). ([#2125](https://github.com/matrix-org/matrix-spec/issues/2125))
|
|
||||||
- Add `GET /_matrix/client/v1/auth_metadata`, as per [MSC2965](https://github.com/matrix-org/matrix-spec-proposals/pull/2965). ([#2147](https://github.com/matrix-org/matrix-spec/issues/2147))
|
|
||||||
|
|
||||||
**Backwards Compatible Changes**
|
|
||||||
|
|
||||||
- Add `m.topic` content block to enable rich text in `m.room.topic` events as per [MSC3765](https://github.com/matrix-org/matrix-spec-proposals/pull/3765). ([#2095](https://github.com/matrix-org/matrix-spec/issues/2095))
|
|
||||||
- Include device keys with Olm-encrypted events as per [MSC4147](https://github.com/matrix-org/matrix-spec-proposals/pull/4147). ([#2122](https://github.com/matrix-org/matrix-spec/issues/2122))
|
|
||||||
- Add `/_matrix/client/v1/room_summary/{roomIdOrAlias}` and extend `/_matrix/client/v1/rooms/{roomId}/hierarchy` with the new optional properties `allowed_room_ids`, `encryption` and `room_version` as per [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266). ([#2125](https://github.com/matrix-org/matrix-spec/issues/2125), [#2158](https://github.com/matrix-org/matrix-spec/issues/2158))
|
|
||||||
- Add the OAuth 2.0 based authentication API, as per [MSC3861](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) and its sub-proposals. ([#2141](https://github.com/matrix-org/matrix-spec/issues/2141), [#2148](https://github.com/matrix-org/matrix-spec/issues/2148), [#2149](https://github.com/matrix-org/matrix-spec/issues/2149), [#2150](https://github.com/matrix-org/matrix-spec/issues/2150), [#2151](https://github.com/matrix-org/matrix-spec/issues/2151), [#2159](https://github.com/matrix-org/matrix-spec/issues/2159), [#2164](https://github.com/matrix-org/matrix-spec/issues/2164))
|
|
||||||
|
|
||||||
**Spec Clarifications**
|
|
||||||
|
|
||||||
- Clarify behaviour when the `topic` key of a `m.room.topic` event is absent, null, or empty. ([#2068](https://github.com/matrix-org/matrix-spec/issues/2068))
|
|
||||||
- Fix the example of the `GET /sync` endpoint and the `m.room.member` example used in several places. ([#2077](https://github.com/matrix-org/matrix-spec/issues/2077))
|
|
||||||
- Clarify the format of third-party invites, including the fact that identity server public keys can be encoded using standard or URL-safe base64. ([#2083](https://github.com/matrix-org/matrix-spec/issues/2083))
|
|
||||||
- "Public" rooms in profile look-ups are defined through their join rule and history visibility. ([#2101](https://github.com/matrix-org/matrix-spec/issues/2101))
|
|
||||||
- "Public" rooms in user directory queries are defined through their join rule and history visibility. ([#2102](https://github.com/matrix-org/matrix-spec/issues/2102))
|
|
||||||
- Rooms published in `/publicRooms` don't necessarily have `public` join rules or `world_readable` history visibility. ([#2104](https://github.com/matrix-org/matrix-spec/issues/2104))
|
|
||||||
- "Public" rooms with respect to call invites are defined through their join rule. ([#2106](https://github.com/matrix-org/matrix-spec/issues/2106))
|
|
||||||
- "Public" rooms have no specific meaning with respect to moderation policy lists. ([#2107](https://github.com/matrix-org/matrix-spec/issues/2107))
|
|
||||||
- "Public" rooms with respect to presence are defined through their join rule. ([#2108](https://github.com/matrix-org/matrix-spec/issues/2108))
|
|
||||||
- Spaces are subject to the same access mechanisms as rooms. ([#2109](https://github.com/matrix-org/matrix-spec/issues/2109))
|
|
||||||
- Fix various typos throughout the specification. ([#2121](https://github.com/matrix-org/matrix-spec/issues/2121), [#2144](https://github.com/matrix-org/matrix-spec/issues/2144))
|
|
||||||
- Clarify that Well-Known URIs are available on the server name's hostname. Contributed by @HarHarLinks. ([#2140](https://github.com/matrix-org/matrix-spec/issues/2140))
|
|
||||||
- Add missing fields in example for `ExportedSessionData`. ([#2154](https://github.com/matrix-org/matrix-spec/issues/2154))
|
|
||||||
|
|
||||||
|
|
||||||
## Server-Server API
|
|
||||||
|
|
||||||
**Backwards Compatible Changes**
|
|
||||||
|
|
||||||
- Add `m.topic` content block to enable rich text in `m.room.topic` events as per [MSC3765](https://github.com/matrix-org/matrix-spec-proposals/pull/3765). ([#2095](https://github.com/matrix-org/matrix-spec/issues/2095))
|
|
||||||
- Extend `/_matrix/federation/v1/hierarchy/{roomId}` with the new optional properties `encryption` and `room_version` as per [MSC3266](https://github.com/matrix-org/matrix-spec-proposals/pull/3266). ([#2125](https://github.com/matrix-org/matrix-spec/issues/2125))
|
|
||||||
|
|
||||||
**Spec Clarifications**
|
|
||||||
|
|
||||||
- Add a note to the invite endpoints that invites to local users may be received twice over federation if the homeserver is already in the room. ([#2067](https://github.com/matrix-org/matrix-spec/issues/2067))
|
|
||||||
- Clarify the format of third-party invites, including the fact that identity server public keys can be encoded using standard or URL-safe base64. ([#2083](https://github.com/matrix-org/matrix-spec/issues/2083))
|
|
||||||
- Clarify that auth event of `content.join_authorised_via_users_server` is only necessary for `m.room.member` with a `membership` of `join`. ([#2100](https://github.com/matrix-org/matrix-spec/issues/2100))
|
|
||||||
- Rooms published in `/publicRooms` don't necessarily have `public` join rules or `world_readable` history visibility. ([#2104](https://github.com/matrix-org/matrix-spec/issues/2104))
|
|
||||||
- Fix various typos throughout the specification. ([#2128](https://github.com/matrix-org/matrix-spec/issues/2128))
|
|
||||||
- Clarify that Well-Known URIs are available on the server name's hostname. Contributed by @HarHarLinks. ([#2140](https://github.com/matrix-org/matrix-spec/issues/2140))
|
|
||||||
|
|
||||||
|
|
||||||
## Application Service API
|
|
||||||
|
|
||||||
**Spec Clarifications**
|
|
||||||
|
|
||||||
- Clarify in the application service registration schema the `url: null` behaviour. ([#2130](https://github.com/matrix-org/matrix-spec/issues/2130))
|
|
||||||
|
|
||||||
|
|
||||||
## Identity Service API
|
|
||||||
|
|
||||||
**Spec Clarifications**
|
|
||||||
|
|
||||||
- Clarify that public keys can be encoded using standard or URL-safe base64. ([#2083](https://github.com/matrix-org/matrix-spec/issues/2083))
|
|
||||||
|
|
||||||
|
|
||||||
## Push Gateway API
|
|
||||||
|
|
||||||
No significant changes.
|
|
||||||
|
|
||||||
|
|
||||||
## Room Versions
|
|
||||||
|
|
||||||
No significant changes.
|
|
||||||
|
|
||||||
|
|
||||||
## Appendices
|
|
||||||
|
|
||||||
No significant changes.
|
|
||||||
|
|
||||||
|
|
||||||
## Internal Changes/Tooling
|
|
||||||
|
|
||||||
**Spec Clarifications**
|
|
||||||
|
|
||||||
- Adjust margins in rendered endpoints. ([#2081](https://github.com/matrix-org/matrix-spec/issues/2081))
|
|
||||||
- Replace Hugo shortcodes in OpenAPI output. ([#2088](https://github.com/matrix-org/matrix-spec/issues/2088))
|
|
||||||
- Add [well-known funding manifest urls](https://floss.fund/funding-manifest/) to spec to authorise https://matrix.org/funding.json. Contributed by @HarHarLinks. ([#2115](https://github.com/matrix-org/matrix-spec/issues/2115))
|
|
||||||
- Fix the historical info box when generating the historical spec in CI. ([#2123](https://github.com/matrix-org/matrix-spec/issues/2123))
|
|
||||||
- Update the header navigation menu with links to modern matrix.org. Contributed by @HarHarLinks. ([#2137](https://github.com/matrix-org/matrix-spec/issues/2137))
|
|
||||||
@ -1,103 +0,0 @@
|
|||||||
---
|
|
||||||
title: v1.16 Changelog
|
|
||||||
linkTitle: v1.16
|
|
||||||
type: docs
|
|
||||||
layout: changelog
|
|
||||||
outputs:
|
|
||||||
- html
|
|
||||||
- checklist
|
|
||||||
date: 2025-09-17
|
|
||||||
---
|
|
||||||
|
|
||||||
## Client-Server API
|
|
||||||
|
|
||||||
**Deprecations**
|
|
||||||
|
|
||||||
- Deprecate `m.set_avatar_url` and `m.set_displayname` capabilities, as per [MSC4133](https://github.com/matrix-org/matrix-spec-proposals/pull/4133). ([#2071](https://github.com/matrix-org/matrix-spec/issues/2071))
|
|
||||||
|
|
||||||
**Removed Endpoints**
|
|
||||||
|
|
||||||
- Remove unintentional intentional mentions in replies, as per [MSC4142](https://github.com/matrix-org/matrix-spec-proposals/pull/4142). ([#2210](https://github.com/matrix-org/matrix-spec/issues/2210))
|
|
||||||
|
|
||||||
**Backwards Compatible Changes**
|
|
||||||
|
|
||||||
- Update user profile endpoints to handle custom fields, and add a new `m.profile_fields` capability, as per [MSC4133](https://github.com/matrix-org/matrix-spec-proposals/pull/4133). ([#2071](https://github.com/matrix-org/matrix-spec/issues/2071))
|
|
||||||
- Add `format` query parameter to `GET /state/{eventType}/{stateKey}` to allow fetching metadata of a specific state event. ([#2175](https://github.com/matrix-org/matrix-spec/issues/2175))
|
|
||||||
- Add the `use_state_after` query parameter and `state_after` response property to `GET /sync`, as per [MSC4222](https://github.com/matrix-org/matrix-spec-proposals/issues/4222). ([#2187](https://github.com/matrix-org/matrix-spec/issues/2187))
|
|
||||||
- When upgrading rooms to [room version 12](/rooms/v12), `additional_creators` may be specified on the [`POST /_matrix/client/v3/rooms/{roomId}/upgrade`](/client-server-api/#post_matrixclientv3roomsroomidupgrade) endpoint, as per [MSC4289](https://github.com/matrix-org/matrix-spec-proposals/pull/4289). ([#2193](https://github.com/matrix-org/matrix-spec/issues/2193))
|
|
||||||
- When creating rooms with [room version 12](/rooms/v12), the `trusted_private_chat` preset should merge the invitees into the supplied `content.additional_creators` in the resulting room, as per [MSC4289](https://github.com/matrix-org/matrix-spec-proposals/pull/4289). ([#2193](https://github.com/matrix-org/matrix-spec/issues/2193))
|
|
||||||
- In [room version 12](/rooms/v12), the power level of room creators is now infinitely high as per [MSC4289](https://github.com/matrix-org/matrix-spec-proposals/pull/4289). ([#2193](https://github.com/matrix-org/matrix-spec/issues/2193))
|
|
||||||
- In [room version 12](/rooms/v12), room IDs no longer have a domain component as per [MSC4291](https://github.com/matrix-org/matrix-spec-proposals/pull/4291). ([#2193](https://github.com/matrix-org/matrix-spec/issues/2193))
|
|
||||||
- When creating rooms with [room version 12](/rooms/v12), the initial power levels will restrict the ability to upgrade rooms by default, as per [MSC4289](https://github.com/matrix-org/matrix-spec-proposals/pull/4289). ([#2193](https://github.com/matrix-org/matrix-spec/issues/2193))
|
|
||||||
- Add a profile field for a user's time zone, as per [MSC4175](https://github.com/matrix-org/matrix-spec-proposals/pull/4175). ([#2206](https://github.com/matrix-org/matrix-spec/issues/2206))
|
|
||||||
- Invites and knocks are now expected to contain the `m.room.create` event in their stripped state entries, as per [MSC4311](https://github.com/matrix-org/matrix-spec-proposals/pull/4311). ([#2207](https://github.com/matrix-org/matrix-spec/issues/2207))
|
|
||||||
|
|
||||||
**Spec Clarifications**
|
|
||||||
|
|
||||||
- Clarify that `format` is required if `formatted_body` is specified. ([#2167](https://github.com/matrix-org/matrix-spec/issues/2167))
|
|
||||||
- The `latest_event` in an aggregated set of thread events uses the same format as the event itself. ([#2169](https://github.com/matrix-org/matrix-spec/issues/2169))
|
|
||||||
- Fix various typos throughout the specification. ([#2171](https://github.com/matrix-org/matrix-spec/issues/2171), [#2177](https://github.com/matrix-org/matrix-spec/issues/2177), [#2179](https://github.com/matrix-org/matrix-spec/issues/2179))
|
|
||||||
- Clarify that clients should replace events with the most recent replacement by `origin_server_ts`. ([#2190](https://github.com/matrix-org/matrix-spec/issues/2190))
|
|
||||||
- Fix `/sync` flow referencing incorrect parameter to use with `/messages`. ([#2195](https://github.com/matrix-org/matrix-spec/issues/2195))
|
|
||||||
- Clarify wording around the `world_readable` history visibility setting. Contributed by @HarHarLinks. ([#2204](https://github.com/matrix-org/matrix-spec/issues/2204))
|
|
||||||
|
|
||||||
|
|
||||||
## Server-Server API
|
|
||||||
|
|
||||||
**Backwards Compatible Changes**
|
|
||||||
|
|
||||||
- `invite_room_state` and `knock_room_state` now have additional requirements and validation depending on the room version, as per [MSC4311](https://github.com/matrix-org/matrix-spec-proposals/pull/4311). ([#2207](https://github.com/matrix-org/matrix-spec/issues/2207))
|
|
||||||
|
|
||||||
|
|
||||||
## Application Service API
|
|
||||||
|
|
||||||
No significant changes.
|
|
||||||
|
|
||||||
|
|
||||||
## Identity Service API
|
|
||||||
|
|
||||||
No significant changes.
|
|
||||||
|
|
||||||
|
|
||||||
## Push Gateway API
|
|
||||||
|
|
||||||
No significant changes.
|
|
||||||
|
|
||||||
|
|
||||||
## Room Versions
|
|
||||||
|
|
||||||
**Backwards Compatible Changes**
|
|
||||||
|
|
||||||
- Room IDs in room version 12 are now the event ID of the create event with the normal room ID sigil (`!`), as per [MSC4291](https://github.com/matrix-org/matrix-spec-proposals/pull/4291). ([#2193](https://github.com/matrix-org/matrix-spec/issues/2193))
|
|
||||||
- Room creators are formalized in room version 12 and have infinitely high power level, as per [MSC4289](https://github.com/matrix-org/matrix-spec-proposals/pull/4289). ([#2193](https://github.com/matrix-org/matrix-spec/issues/2193))
|
|
||||||
- State Resolution is updated in room version 12 to reduce the opportunity for "state resets", as per [MSC4297](https://github.com/matrix-org/matrix-spec-proposals/pull/4297). ([#2193](https://github.com/matrix-org/matrix-spec/issues/2193))
|
|
||||||
- The default room version is now room version 12, though servers SHOULD keep using room version 11 for a little while, as per [MSC4304](https://github.com/matrix-org/matrix-spec-proposals/pull/4304). ([#2193](https://github.com/matrix-org/matrix-spec/issues/2193))
|
|
||||||
- Add [room version 12](/rooms/v12) as per [MSC4304](https://github.com/matrix-org/matrix-spec-proposals/pull/4304). ([#2193](https://github.com/matrix-org/matrix-spec/issues/2193), [#2199](https://github.com/matrix-org/matrix-spec/issues/2199))
|
|
||||||
|
|
||||||
**Spec Clarifications**
|
|
||||||
|
|
||||||
- In room versions 1 through 12, an event's `auth_events` have always needed to belong to the same room as per [MSC4307](https://github.com/matrix-org/matrix-spec-proposals/pull/4307). ([#2193](https://github.com/matrix-org/matrix-spec/issues/2193))
|
|
||||||
|
|
||||||
|
|
||||||
## Appendices
|
|
||||||
|
|
||||||
**Backwards Compatible Changes**
|
|
||||||
|
|
||||||
- Room IDs can now appear without a domain component in [room version 12](/rooms/v12), as per [MSC4291](https://github.com/matrix-org/matrix-spec-proposals/pull/4291). ([#2193](https://github.com/matrix-org/matrix-spec/issues/2193))
|
|
||||||
|
|
||||||
|
|
||||||
## Internal Changes/Tooling
|
|
||||||
|
|
||||||
**Backwards Compatible Changes**
|
|
||||||
|
|
||||||
- Add "placeholder MSC" process definition. ([#2157](https://github.com/matrix-org/matrix-spec/issues/2157))
|
|
||||||
|
|
||||||
**Spec Clarifications**
|
|
||||||
|
|
||||||
- Declare the Application Service Registration schema to follow JSON Schema spec 2020-12. ([#2132](https://github.com/matrix-org/matrix-spec/issues/2132))
|
|
||||||
- Declare the event schemas to follow JSON Schema spec 2020-12. ([#2132](https://github.com/matrix-org/matrix-spec/issues/2132))
|
|
||||||
- Upgrade the docsy theme to version 0.12.0. ([#2160](https://github.com/matrix-org/matrix-spec/issues/2160))
|
|
||||||
- GitHub actions are now building the OpenAPI `spec/identity-service-api/api.json` file. ([#2172](https://github.com/matrix-org/matrix-spec/issues/2172))
|
|
||||||
- Minor fixes to JSON schemas. ([#2182](https://github.com/matrix-org/matrix-spec/issues/2182))
|
|
||||||
- Specify a correct spelling for "display name". ([#2189](https://github.com/matrix-org/matrix-spec/issues/2189))
|
|
||||||
- Fix a grammatical typo on the Matrix Spec Process documentation page. ([#2205](https://github.com/matrix-org/matrix-spec/issues/2205))
|
|
||||||
File diff suppressed because it is too large
Load Diff
@ -1,10 +0,0 @@
|
|||||||
---
|
|
||||||
title: "Olm & Megolm"
|
|
||||||
weight: 61
|
|
||||||
type: docs
|
|
||||||
---
|
|
||||||
|
|
||||||
Matrix uses the Olm and Megolm cryptographic ratchets for [end-to-end encryption](../client-server-api/#end-to-end-encryption).
|
|
||||||
|
|
||||||
- [Olm: A Cryptographic Ratchet](/olm-megolm/olm/)
|
|
||||||
- [Megolm group ratchet](/olm-megolm/megolm/)
|
|
||||||
@ -1,378 +0,0 @@
|
|||||||
---
|
|
||||||
title: "Megolm group ratchet"
|
|
||||||
weight: 20
|
|
||||||
type: docs
|
|
||||||
---
|
|
||||||
|
|
||||||
An AES-based cryptographic ratchet intended for group communications.
|
|
||||||
|
|
||||||
## Background
|
|
||||||
|
|
||||||
The Megolm ratchet is intended for encrypted messaging applications where there
|
|
||||||
may be a large number of recipients of each message, thus precluding the use of
|
|
||||||
peer-to-peer encryption systems such as [Olm][].
|
|
||||||
|
|
||||||
It also allows a recipient to decrypt received messages multiple times. For
|
|
||||||
instance, in client/server applications, a copy of the ciphertext can be stored
|
|
||||||
on the (untrusted) server, while the client need only store the session keys.
|
|
||||||
|
|
||||||
## Overview
|
|
||||||
|
|
||||||
Each participant in a conversation uses their own outbound session for
|
|
||||||
encrypting messages. A session consists of a ratchet and an [Ed25519][] keypair.
|
|
||||||
|
|
||||||
Secrecy is provided by the ratchet, which can be wound forwards but not
|
|
||||||
backwards, and is used to derive a distinct message key for each message.
|
|
||||||
|
|
||||||
Authenticity is provided via Ed25519 signatures.
|
|
||||||
|
|
||||||
The value of the ratchet, and the public part of the Ed25519 key, are shared
|
|
||||||
with other participants in the conversation via secure peer-to-peer
|
|
||||||
channels. Provided that peer-to-peer channel provides authenticity of the
|
|
||||||
messages to the participants and deniability of the messages to third parties,
|
|
||||||
the Megolm session will inherit those properties.
|
|
||||||
|
|
||||||
## The Megolm ratchet algorithm
|
|
||||||
|
|
||||||
The Megolm ratchet \(R_i\) consists of four parts, \(R_{i,j}\) for
|
|
||||||
\(j \in {0,1,2,3}\). The length of each part depends on the hash function
|
|
||||||
in use (256 bits for this version of Megolm).
|
|
||||||
|
|
||||||
The ratchet is initialised with cryptographically-secure random data, and
|
|
||||||
advanced as follows:
|
|
||||||
|
|
||||||
\[
|
|
||||||
\begin{aligned}
|
|
||||||
R_{i,0} &=
|
|
||||||
\begin{cases}
|
|
||||||
H_0\left(R_{2^{24}(n-1),0}\right) &\text{if }\exists n | i = 2^{24}n\\
|
|
||||||
R_{i-1,0} &\text{otherwise}
|
|
||||||
\end{cases}\\
|
|
||||||
R_{i,1} &=
|
|
||||||
\begin{cases}
|
|
||||||
H_1\left(R_{2^{24}(n-1),0}\right) &\text{if }\exists n | i = 2^{24}n\\
|
|
||||||
H_1\left(R_{2^{16}(m-1),1}\right) &\text{if }\exists m | i = 2^{16}m\\
|
|
||||||
R_{i-1,1} &\text{otherwise}
|
|
||||||
\end{cases}\\
|
|
||||||
R_{i,2} &=
|
|
||||||
\begin{cases}
|
|
||||||
H_2\left(R_{2^{24}(n-1),0}\right) &\text{if }\exists n | i = 2^{24}n\\
|
|
||||||
H_2\left(R_{2^{16}(m-1),1}\right) &\text{if }\exists m | i = 2^{16}m\\
|
|
||||||
H_2\left(R_{2^8(p-1),2}\right) &\text{if }\exists p | i = 2^8p\\
|
|
||||||
R_{i-1,2} &\text{otherwise}
|
|
||||||
\end{cases}\\
|
|
||||||
R_{i,3} &=
|
|
||||||
\begin{cases}
|
|
||||||
H_3\left(R_{2^{24}(n-1),0}\right) &\text{if }\exists n | i = 2^{24}n\\
|
|
||||||
H_3\left(R_{2^{16}(m-1),1}\right) &\text{if }\exists m | i = 2^{16}m\\
|
|
||||||
H_3\left(R_{2^8(p-1),2}\right) &\text{if }\exists p | i = 2^8p\\
|
|
||||||
H_3\left(R_{i-1,3}\right) &\text{otherwise}
|
|
||||||
\end{cases}
|
|
||||||
\end{aligned}
|
|
||||||
\]
|
|
||||||
|
|
||||||
where \(H_0\), \(H_1\), \(H_2\), and \(H_3\) are different hash
|
|
||||||
functions. In summary: every \(2^8\) iterations, \(R_{i,3}\) is
|
|
||||||
reseeded from \(R_{i,2}\). Every \(2^{16}\) iterations, \(R_{i,2}\)
|
|
||||||
and \(R_{i,3}\) are reseeded from \(R_{i,1}\). Every \(2^{24}\)
|
|
||||||
iterations, \(R_{i,1}\), \(R_{i,2}\) and \(R_{i,3}\) are reseeded
|
|
||||||
from \(R_{i,0}\).
|
|
||||||
|
|
||||||
The complete ratchet value, \(R_{i}\), is hashed to generate the keys used
|
|
||||||
to encrypt each message. This scheme allows the ratchet to be advanced an
|
|
||||||
arbitrary amount forwards while needing at most 1020 hash computations. A
|
|
||||||
client can decrypt chat history onwards from the earliest value of the ratchet
|
|
||||||
it is aware of, but cannot decrypt history from before that point without
|
|
||||||
reversing the hash function.
|
|
||||||
|
|
||||||
This allows a participant to share its ability to decrypt chat history with
|
|
||||||
another from a point in the conversation onwards by giving a copy of the
|
|
||||||
ratchet at that point in the conversation.
|
|
||||||
|
|
||||||
|
|
||||||
## The Megolm protocol
|
|
||||||
|
|
||||||
### Session setup
|
|
||||||
|
|
||||||
Each participant in a conversation generates their own Megolm session. A
|
|
||||||
session consists of three parts:
|
|
||||||
|
|
||||||
* a 32 bit counter, \(i\).
|
|
||||||
* an [Ed25519][] keypair, \(K\).
|
|
||||||
* a ratchet, \(R_i\), which consists of four 256-bit values,
|
|
||||||
\(R_{i,j}\) for \(j \in {0,1,2,3}\).
|
|
||||||
|
|
||||||
The counter \(i\) is initialised to \(0\). A new Ed25519 keypair is
|
|
||||||
generated for \(K\). The ratchet is simply initialised with 1024 bits of
|
|
||||||
cryptographically-secure random data.
|
|
||||||
|
|
||||||
A single participant may use multiple sessions over the lifetime of a
|
|
||||||
conversation. The public part of \(K\) is used as an identifier to
|
|
||||||
discriminate between sessions.
|
|
||||||
|
|
||||||
### Sharing session data
|
|
||||||
|
|
||||||
To allow other participants in the conversation to decrypt messages, the
|
|
||||||
session data is formatted as described in [Session-sharing format](#session-sharing-format). It is then
|
|
||||||
shared with other participants in the conversation via a secure peer-to-peer
|
|
||||||
channel (such as that provided by [Olm][]).
|
|
||||||
|
|
||||||
When the session data is received from other participants, the recipient first
|
|
||||||
checks that the signature matches the public key. They then store their own
|
|
||||||
copy of the counter, ratchet, and public key.
|
|
||||||
|
|
||||||
### Message encryption
|
|
||||||
|
|
||||||
This version of Megolm uses [AES-256][] in [CBC][] mode with [PKCS#7][] padding and
|
|
||||||
[HMAC-SHA-256][] (truncated to 64 bits). The 256 bit AES key, 256 bit HMAC key,
|
|
||||||
and 128 bit AES IV are derived from the megolm ratchet \(R_i\):
|
|
||||||
|
|
||||||
\[
|
|
||||||
\begin{aligned}
|
|
||||||
\mathit{AES\_KEY}_{i}\;\parallel\;\mathit{HMAC\_KEY}_{i}\;\parallel\;\mathit{AES\_IV}_{i}
|
|
||||||
&= \operatorname{HKDF}\left(0,\,R_{i},\text{"MEGOLM\_KEYS"},\,80\right) \\
|
|
||||||
\end{aligned}
|
|
||||||
\]
|
|
||||||
|
|
||||||
where \(\parallel\) represents string splitting, and
|
|
||||||
\(\operatorname{HKDF}\left(\mathit{salt},\,\mathit{IKM},\,\mathit{info},\,L\right)\)
|
|
||||||
refers to the [HMAC-based key
|
|
||||||
derivation function][] using using [SHA-256][] as the hash function
|
|
||||||
([HKDF-SHA-256][]) with a salt value of \(\mathit{salt}\), input key material of
|
|
||||||
\(\mathit{IKM}\), context string \(\mathit{info}\), and output keying material length of
|
|
||||||
\(L\) bytes.
|
|
||||||
|
|
||||||
The plain-text is encrypted with AES-256, using the key \(\mathit{AES\_KEY}_{i}\)
|
|
||||||
and the IV \(\mathit{AES\_IV}_{i}\) to give the cipher-text, \(X_{i}\).
|
|
||||||
|
|
||||||
The ratchet index \(i\), and the cipher-text \(X_{i}\), are then packed
|
|
||||||
into a message as described in [Message format](#message-format). Then the entire message
|
|
||||||
(including the version bytes and all payload bytes) are passed through
|
|
||||||
HMAC-SHA-256. The first 8 bytes of the MAC are appended to the message.
|
|
||||||
|
|
||||||
Finally, the authenticated message is signed using the Ed25519 keypair; the 64
|
|
||||||
byte signature is appended to the message.
|
|
||||||
|
|
||||||
The complete signed message, together with the public part of \(K\) (acting
|
|
||||||
as a session identifier), can then be sent over an insecure channel. The
|
|
||||||
message can then be authenticated and decrypted only by recipients who have
|
|
||||||
received the session data.
|
|
||||||
|
|
||||||
### Advancing the ratchet
|
|
||||||
|
|
||||||
After each message is encrypted, the ratchet is advanced. This is done as
|
|
||||||
described in [The Megolm ratchet algorithm](#the-megolm-ratchet-algorithm), using the following definitions:
|
|
||||||
|
|
||||||
\[
|
|
||||||
\begin{aligned}
|
|
||||||
H_0(A) &\equiv \operatorname{HMAC}(A,\text{``\char`\\x00"}) \\
|
|
||||||
H_1(A) &\equiv \operatorname{HMAC}(A,\text{``\char`\\x01"}) \\
|
|
||||||
H_2(A) &\equiv \operatorname{HMAC}(A,\text{``\char`\\x02"}) \\
|
|
||||||
H_3(A) &\equiv \operatorname{HMAC}(A,\text{``\char`\\x03"}) \\
|
|
||||||
\end{aligned}
|
|
||||||
\]
|
|
||||||
|
|
||||||
where \(\operatorname{HMAC}(A, T)\) is the HMAC-SHA-256 of ``T``, using ``A`` as the
|
|
||||||
key.
|
|
||||||
|
|
||||||
For outbound sessions, the updated ratchet and counter are stored in the
|
|
||||||
session.
|
|
||||||
|
|
||||||
In order to maintain the ability to decrypt conversation history, inbound
|
|
||||||
sessions should store a copy of their earliest known ratchet value (unless they
|
|
||||||
explicitly want to drop the ability to decrypt that history - see [Partial
|
|
||||||
Forward Secrecy](#partial-forward-secrecy)). They may also choose to cache calculated ratchet values,
|
|
||||||
but the decision of which ratchet states to cache is left to the application.
|
|
||||||
|
|
||||||
## Data exchange formats
|
|
||||||
|
|
||||||
### Session sharing format
|
|
||||||
|
|
||||||
This format is used for the initial sharing of a Megolm session with other
|
|
||||||
group participants who need to be able to read messages encrypted by this
|
|
||||||
session.
|
|
||||||
|
|
||||||
The session sharing format is as follows:
|
|
||||||
|
|
||||||
```nohighlight
|
|
||||||
+---+----+--------+--------+--------+--------+------+-----------+
|
|
||||||
| V | i | R(i,0) | R(i,1) | R(i,2) | R(i,3) | Kpub | Signature |
|
|
||||||
+---+----+--------+--------+--------+--------+------+-----------+
|
|
||||||
0 1 5 37 69 101 133 165 229 bytes
|
|
||||||
```
|
|
||||||
|
|
||||||
The version byte, ``V``, is ``"\x02"``.
|
|
||||||
|
|
||||||
This is followed by the ratchet index, \(i\), which is encoded as a
|
|
||||||
big-endian 32-bit integer; the ratchet values \(R_{i,j}\); and the public
|
|
||||||
part of the Ed25519 keypair \(K\).
|
|
||||||
|
|
||||||
The data is then signed using the Ed25519 keypair, and the 64-byte signature is
|
|
||||||
appended.
|
|
||||||
|
|
||||||
### Session export format
|
|
||||||
|
|
||||||
Once the session is initially shared with the group participants, each
|
|
||||||
participant needs to retain a copy of the session if they want to maintain
|
|
||||||
their ability to decrypt messages encrypted with that session.
|
|
||||||
|
|
||||||
For forward-secrecy purposes, a participant may choose to store a ratcheted
|
|
||||||
version of the session. But since the ratchet index is covered by the
|
|
||||||
signature, this would invalidate the signature. So we define a similar format,
|
|
||||||
called the *session export format*, which is identical to the [session sharing
|
|
||||||
format](#session-sharing-format) except for dropping the signature.
|
|
||||||
|
|
||||||
The Megolm session export format is thus as follows:
|
|
||||||
|
|
||||||
```nohighlight
|
|
||||||
+---+----+--------+--------+--------+--------+------+
|
|
||||||
| V | i | R(i,0) | R(i,1) | R(i,2) | R(i,3) | Kpub |
|
|
||||||
+---+----+--------+--------+--------+--------+------+
|
|
||||||
0 1 5 37 69 101 133 165 bytes
|
|
||||||
```
|
|
||||||
|
|
||||||
The version byte, ``V``, is ``"\x01"``.
|
|
||||||
|
|
||||||
This is followed by the ratchet index, \(i\), which is encoded as a
|
|
||||||
big-endian 32-bit integer; the ratchet values \(R_{i,j}\); and the public
|
|
||||||
part of the Ed25519 keypair \(K\).
|
|
||||||
|
|
||||||
### Message format
|
|
||||||
|
|
||||||
Megolm messages consist of a one byte version, followed by a variable length
|
|
||||||
payload, a fixed length message authentication code, and a fixed length
|
|
||||||
signature.
|
|
||||||
|
|
||||||
```nohighlight
|
|
||||||
+---+------------------------------------+-----------+------------------+
|
|
||||||
| V | Payload Bytes | MAC Bytes | Signature Bytes |
|
|
||||||
+---+------------------------------------+-----------+------------------+
|
|
||||||
0 1 N N+8 N+72 bytes
|
|
||||||
```
|
|
||||||
|
|
||||||
The version byte, ``V``, is ``"\x03"``.
|
|
||||||
|
|
||||||
The payload uses a format based on the [Protocol Buffers encoding][]. It
|
|
||||||
consists of the following key-value pairs:
|
|
||||||
|
|
||||||
**Name**|**Tag**|**Type**|**Meaning**
|
|
||||||
:-----:|:-----:|:-----:|:-----:
|
|
||||||
Message-Index|0x08|Integer|The index of the ratchet, i
|
|
||||||
Cipher-Text|0x12|String|The cipher-text, Xi, of the message
|
|
||||||
|
|
||||||
Within the payload, integers are encoded using a variable length encoding. Each
|
|
||||||
integer is encoded as a sequence of bytes with the high bit set followed by a
|
|
||||||
byte with the high bit clear. The seven low bits of each byte store the bits of
|
|
||||||
the integer. The least significant bits are stored in the first byte.
|
|
||||||
|
|
||||||
Strings are encoded as a variable-length integer followed by the string itself.
|
|
||||||
|
|
||||||
Each key-value pair is encoded as a variable-length integer giving the tag,
|
|
||||||
followed by a string or variable-length integer giving the value.
|
|
||||||
|
|
||||||
The payload is followed by the MAC. The length of the MAC is determined by the
|
|
||||||
authenticated encryption algorithm being used (8 bytes in this version of the
|
|
||||||
protocol). The MAC protects all of the bytes preceding the MAC.
|
|
||||||
|
|
||||||
The length of the signature is determined by the signing algorithm being used
|
|
||||||
(64 bytes in this version of the protocol). The signature covers all of the
|
|
||||||
bytes preceding the signature.
|
|
||||||
|
|
||||||
## Limitations
|
|
||||||
|
|
||||||
### Message Replays
|
|
||||||
|
|
||||||
A message can be decrypted successfully multiple times. This means that an
|
|
||||||
attacker can re-send a copy of an old message, and the recipient will treat it
|
|
||||||
as a new message.
|
|
||||||
|
|
||||||
To mitigate this it is recommended that applications track the ratchet indices
|
|
||||||
they have received and that they reject messages with a ratchet index that
|
|
||||||
they have already decrypted.
|
|
||||||
|
|
||||||
### Lack of Transcript Consistency
|
|
||||||
|
|
||||||
In a group conversation, there is no guarantee that all recipients have
|
|
||||||
received the same messages. For example, if Alice is in a conversation with Bob
|
|
||||||
and Charlie, she could send different messages to Bob and Charlie, or could
|
|
||||||
send some messages to Bob but not Charlie, or vice versa.
|
|
||||||
|
|
||||||
Solving this is, in general, a hard problem, particularly in a protocol which
|
|
||||||
does not guarantee in-order message delivery. For now it remains the subject of
|
|
||||||
future research.
|
|
||||||
|
|
||||||
### Lack of Backward Secrecy
|
|
||||||
|
|
||||||
[Backward secrecy](https://intensecrypto.org/public/lec_08_hash_functions_part2.html#sec-forward-and-backward-secrecy)
|
|
||||||
(also called 'future secrecy' or 'post-compromise security') is the property
|
|
||||||
that if current private keys are compromised, an attacker cannot decrypt
|
|
||||||
future messages in a given session. In other words, when looking
|
|
||||||
**backwards** in time at a compromise which has already happened, **current**
|
|
||||||
messages are still secret.
|
|
||||||
|
|
||||||
By itself, Megolm does not possess this property: once the key to a Megolm
|
|
||||||
session is compromised, the attacker can decrypt any message that was
|
|
||||||
encrypted using a key derived from the compromised or subsequent ratchet
|
|
||||||
values.
|
|
||||||
|
|
||||||
In order to mitigate this, the application should ensure that Megolm sessions
|
|
||||||
are not used indefinitely. Instead it should periodically start a new session,
|
|
||||||
with new keys shared over a secure channel.
|
|
||||||
|
|
||||||
<!-- TODO: Can we recommend sensible lifetimes for Megolm sessions? Probably
|
|
||||||
depends how paranoid we're feeling, but some guidelines might be useful. -->
|
|
||||||
|
|
||||||
### Partial Forward Secrecy
|
|
||||||
|
|
||||||
[Forward secrecy](https://intensecrypto.org/public/lec_08_hash_functions_part2.html#sec-forward-and-backward-secrecy)
|
|
||||||
(also called 'perfect forward secrecy') is the property that if the current
|
|
||||||
private keys are compromised, an attacker cannot decrypt *past* messages in
|
|
||||||
a given session. In other words, when looking **forwards** in time towards a
|
|
||||||
potential future compromise, **current** messages will be secret.
|
|
||||||
|
|
||||||
In Megolm, each recipient maintains a record of the ratchet value which allows
|
|
||||||
them to decrypt any messages sent in the session after the corresponding point
|
|
||||||
in the conversation. If this value is compromised, an attacker can similarly
|
|
||||||
decrypt past messages which were encrypted by a key derived from the
|
|
||||||
compromised or subsequent ratchet values. This gives 'partial' forward
|
|
||||||
secrecy.
|
|
||||||
|
|
||||||
To mitigate this issue, the application should offer the user the option to
|
|
||||||
discard historical conversations, by winding forward any stored ratchet values,
|
|
||||||
or discarding sessions altogether.
|
|
||||||
|
|
||||||
### Dependency on secure channel for key exchange
|
|
||||||
|
|
||||||
The design of the Megolm ratchet relies on the availability of a secure
|
|
||||||
peer-to-peer channel for the exchange of session keys. Any vulnerabilities in
|
|
||||||
the underlying channel are likely to be amplified when applied to Megolm
|
|
||||||
session setup.
|
|
||||||
|
|
||||||
For example, if the peer-to-peer channel is vulnerable to an unknown key-share
|
|
||||||
attack, the entire Megolm session become similarly vulnerable. For example:
|
|
||||||
Alice starts a group chat with Eve, and shares the session keys with Eve. Eve
|
|
||||||
uses the unknown key-share attack to forward the session keys to Bob, who
|
|
||||||
believes Alice is starting the session with him. Eve then forwards messages
|
|
||||||
from the Megolm session to Bob, who again believes they are coming from
|
|
||||||
Alice. Provided the peer-to-peer channel is not vulnerable to this attack, Bob
|
|
||||||
will realise that the key-sharing message was forwarded by Eve, and can treat
|
|
||||||
the Megolm session as a forgery.
|
|
||||||
|
|
||||||
A second example: if the peer-to-peer channel is vulnerable to a replay
|
|
||||||
attack, this can be extended to entire Megolm sessions.
|
|
||||||
|
|
||||||
## License
|
|
||||||
|
|
||||||
The Megolm specification (this document) is licensed under the Apache License,
|
|
||||||
Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.
|
|
||||||
|
|
||||||
[Ed25519]: http://ed25519.cr.yp.to/
|
|
||||||
[HMAC-based key derivation function]: https://tools.ietf.org/html/rfc5869
|
|
||||||
[HKDF-SHA-256]: https://tools.ietf.org/html/rfc5869
|
|
||||||
[HMAC-SHA-256]: https://tools.ietf.org/html/rfc2104
|
|
||||||
[SHA-256]: https://tools.ietf.org/html/rfc6234
|
|
||||||
[AES-256]: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
|
|
||||||
[CBC]: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
|
|
||||||
[PKCS#7]: https://tools.ietf.org/html/rfc2315
|
|
||||||
[Olm]: https://gitlab.matrix.org/matrix-org/olm/blob/master/docs/olm.md
|
|
||||||
[Protocol Buffers encoding]: https://developers.google.com/protocol-buffers/docs/encoding
|
|
||||||
@ -1,4 +0,0 @@
|
|||||||
|
|
||||||
Events in rooms of this version have the following structure:
|
|
||||||
|
|
||||||
{{% definition path="api/server-server/definitions/pdu_v12" %}}
|
|
||||||
@ -1,141 +0,0 @@
|
|||||||
# Copyright 2016 OpenMarket Ltd
|
|
||||||
# Copyright 2022 The Matrix.org Foundation C.I.C.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
openapi: 3.1.0
|
|
||||||
info:
|
|
||||||
title: Matrix Client-Server Account Deactivation API
|
|
||||||
version: 1.0.0
|
|
||||||
paths:
|
|
||||||
/account/deactivate:
|
|
||||||
post:
|
|
||||||
summary: Deactivate a user's account.
|
|
||||||
description: |-
|
|
||||||
Deactivate the user's account, removing all ability for the user to
|
|
||||||
login again.
|
|
||||||
|
|
||||||
This API endpoint uses the [User-Interactive Authentication API](/client-server-api/#user-interactive-authentication-api).
|
|
||||||
|
|
||||||
An access token should be submitted to this endpoint if the client has
|
|
||||||
an active session.
|
|
||||||
|
|
||||||
The homeserver may change the flows available depending on whether a
|
|
||||||
valid access token is provided.
|
|
||||||
|
|
||||||
Unlike other endpoints, this endpoint does not take an `id_access_token`
|
|
||||||
parameter because the homeserver is expected to sign the request to the
|
|
||||||
identity server instead.
|
|
||||||
security:
|
|
||||||
- {}
|
|
||||||
- accessTokenQuery: []
|
|
||||||
- accessTokenBearer: []
|
|
||||||
operationId: deactivateAccount
|
|
||||||
requestBody:
|
|
||||||
content:
|
|
||||||
application/json:
|
|
||||||
schema:
|
|
||||||
type: object
|
|
||||||
properties:
|
|
||||||
auth:
|
|
||||||
description: Additional authentication information for the user-interactive
|
|
||||||
authentication API.
|
|
||||||
allOf:
|
|
||||||
- $ref: definitions/auth_data.yaml
|
|
||||||
id_server:
|
|
||||||
type: string
|
|
||||||
description: |-
|
|
||||||
The identity server to unbind all of the user's 3PIDs from.
|
|
||||||
If not provided, the homeserver MUST use the `id_server`
|
|
||||||
that was originally use to bind each identifier. If the
|
|
||||||
homeserver does not know which `id_server` that was,
|
|
||||||
it must return an `id_server_unbind_result` of
|
|
||||||
`no-support`.
|
|
||||||
example: example.org
|
|
||||||
erase:
|
|
||||||
x-addedInMatrixVersion: "1.10"
|
|
||||||
type: boolean
|
|
||||||
description: |-
|
|
||||||
Whether the user would like their content to be erased as
|
|
||||||
much as possible from the server.
|
|
||||||
|
|
||||||
Erasure means that any users (or servers) which join the
|
|
||||||
room after the erasure request are served redacted copies of
|
|
||||||
the events sent by this account. Users which had visibility
|
|
||||||
on those events prior to the erasure are still able to see
|
|
||||||
unredacted copies. No redactions are sent and the erasure
|
|
||||||
request is not shared over federation, so other servers
|
|
||||||
might still serve unredacted copies.
|
|
||||||
|
|
||||||
The server should additionally erase any non-event data
|
|
||||||
associated with the user, such as [account data](/client-server-api/#client-config)
|
|
||||||
and [contact 3PIDs](/client-server-api/#adding-account-administrative-contact-information).
|
|
||||||
|
|
||||||
Defaults to `false` if not present.
|
|
||||||
required: true
|
|
||||||
responses:
|
|
||||||
"200":
|
|
||||||
description: The account has been deactivated.
|
|
||||||
content:
|
|
||||||
application/json:
|
|
||||||
schema:
|
|
||||||
type: object
|
|
||||||
properties:
|
|
||||||
id_server_unbind_result:
|
|
||||||
type: string
|
|
||||||
enum:
|
|
||||||
- success
|
|
||||||
- no-support
|
|
||||||
description: |-
|
|
||||||
An indicator as to whether or not the homeserver was able to unbind
|
|
||||||
the user's 3PIDs from the identity server(s). `success` indicates
|
|
||||||
that all identifiers have been unbound from the identity server while
|
|
||||||
`no-support` indicates that one or more identifiers failed to unbind
|
|
||||||
due to the identity server refusing the request or the homeserver
|
|
||||||
being unable to determine an identity server to unbind from. This
|
|
||||||
must be `success` if the homeserver has no identifiers to unbind
|
|
||||||
for the user.
|
|
||||||
example: success
|
|
||||||
required:
|
|
||||||
- id_server_unbind_result
|
|
||||||
"401":
|
|
||||||
description: The homeserver requires additional authentication information.
|
|
||||||
content:
|
|
||||||
application/json:
|
|
||||||
schema:
|
|
||||||
$ref: definitions/auth_response.yaml
|
|
||||||
"429":
|
|
||||||
description: This request was rate-limited.
|
|
||||||
content:
|
|
||||||
application/json:
|
|
||||||
schema:
|
|
||||||
$ref: definitions/errors/rate_limited.yaml
|
|
||||||
tags:
|
|
||||||
- Account management
|
|
||||||
servers:
|
|
||||||
- url: "{protocol}://{hostname}{basePath}"
|
|
||||||
variables:
|
|
||||||
protocol:
|
|
||||||
enum:
|
|
||||||
- http
|
|
||||||
- https
|
|
||||||
default: https
|
|
||||||
hostname:
|
|
||||||
default: localhost:8008
|
|
||||||
basePath:
|
|
||||||
default: /_matrix/client/v3
|
|
||||||
components:
|
|
||||||
securitySchemes:
|
|
||||||
accessTokenQuery:
|
|
||||||
$ref: definitions/security.yaml#/accessTokenQuery
|
|
||||||
accessTokenBearer:
|
|
||||||
$ref: definitions/security.yaml#/accessTokenBearer
|
|
||||||
@ -1,30 +0,0 @@
|
|||||||
# Copyright 2025 The Matrix.org Foundation C.I.C.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
type: object
|
|
||||||
title: m.oauth params
|
|
||||||
description: Schema for `m.oauth` entry in the `params` object in a User-Interactive Authentication response.
|
|
||||||
required: ['url']
|
|
||||||
properties:
|
|
||||||
url:
|
|
||||||
type: string
|
|
||||||
format: uri
|
|
||||||
description: |
|
|
||||||
A URL pointing to the homeserver's OAuth account management web UI
|
|
||||||
where the user can approve the action. MUST be a valid URI with scheme
|
|
||||||
`http://` or `https://`, the latter being RECOMMENDED.
|
|
||||||
pattern: "^https?://"
|
|
||||||
example: {
|
|
||||||
"url": "https://example.org/account/reset-cross-signing"
|
|
||||||
}
|
|
||||||
@ -1,88 +0,0 @@
|
|||||||
# Copyright 2025 The Matrix.org Foundation C.I.C
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
|
|
||||||
type: object
|
|
||||||
title: OlmPayload
|
|
||||||
description: |-
|
|
||||||
The plaintext payload of Olm message events.
|
|
||||||
properties:
|
|
||||||
type:
|
|
||||||
type: string
|
|
||||||
description: The type of the event.
|
|
||||||
content:
|
|
||||||
type: object
|
|
||||||
description: The event content.
|
|
||||||
sender:
|
|
||||||
type: string
|
|
||||||
description: The user ID of the event sender.
|
|
||||||
recipient:
|
|
||||||
type: string
|
|
||||||
description: The user ID of the intended event recipient.
|
|
||||||
recipient_keys:
|
|
||||||
description: The recipient's signing keys of the encrypted event.
|
|
||||||
$ref: "#/components/schemas/SigningKeys"
|
|
||||||
keys:
|
|
||||||
$ref: "#/components/schemas/SigningKeys"
|
|
||||||
description: The sender's signing keys of the encrypted event.
|
|
||||||
sender_device_keys:
|
|
||||||
$ref: device_keys.yaml
|
|
||||||
description: The sender's device keys.
|
|
||||||
x-addedInMatrixVersion: "1.15"
|
|
||||||
required:
|
|
||||||
- type
|
|
||||||
- content
|
|
||||||
- sender
|
|
||||||
- recipient
|
|
||||||
- recipient_keys
|
|
||||||
- keys
|
|
||||||
components:
|
|
||||||
schemas:
|
|
||||||
SigningKeys:
|
|
||||||
type: object
|
|
||||||
title: SigningKeys
|
|
||||||
description: Public keys used for an `m.olm.v1.curve25519-aes-sha2` event.
|
|
||||||
properties:
|
|
||||||
ed25519:
|
|
||||||
type: string
|
|
||||||
description: The Ed25519 public key encoded using unpadded base64.
|
|
||||||
required:
|
|
||||||
- ed25519
|
|
||||||
example: {
|
|
||||||
"type": "<type of the plaintext event>",
|
|
||||||
"content": "<content for the plaintext event>",
|
|
||||||
"sender": "<sender_user_id>",
|
|
||||||
"recipient": "<recipient_user_id>",
|
|
||||||
"recipient_keys": {
|
|
||||||
"ed25519": "<our_ed25519_key>"
|
|
||||||
},
|
|
||||||
"keys": {
|
|
||||||
"ed25519": "<sender_ed25519_key>"
|
|
||||||
},
|
|
||||||
"sender_device_keys": {
|
|
||||||
"algorithms": ["<supported>", "<algorithms>"],
|
|
||||||
"user_id": "<user_id>",
|
|
||||||
"device_id": "<device_id>",
|
|
||||||
"keys": {
|
|
||||||
"ed25519:<device_id>": "<sender_ed25519_key>",
|
|
||||||
"curve25519:<device_id>": "<sender_curve25519_key>"
|
|
||||||
},
|
|
||||||
"signatures": {
|
|
||||||
"<user_id>": {
|
|
||||||
"ed25519:<device_id>": "<device_signature>",
|
|
||||||
"ed25519:<ssk_id>": "<ssk_signature>",
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@ -1,44 +0,0 @@
|
|||||||
# Copyright 2025 The Matrix.org Foundation C.I.C.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
type: object
|
|
||||||
title: RoomSummary
|
|
||||||
allOf:
|
|
||||||
- $ref: public_rooms_chunk.yaml
|
|
||||||
- type: object
|
|
||||||
properties:
|
|
||||||
room_type:
|
|
||||||
type: string
|
|
||||||
description: The `type` of room (from
|
|
||||||
[`m.room.create`](/client-server-api/#mroomcreate)),
|
|
||||||
if any.
|
|
||||||
allowed_room_ids:
|
|
||||||
type: array
|
|
||||||
items:
|
|
||||||
type: string
|
|
||||||
format: mx-room-id
|
|
||||||
pattern: "^!"
|
|
||||||
description: |-
|
|
||||||
If the room is a [restricted room](/server-server-api/#restricted-rooms), these are the room IDs which
|
|
||||||
are specified by the join rules. Empty or omitted otherwise.
|
|
||||||
encryption:
|
|
||||||
type: string
|
|
||||||
enum:
|
|
||||||
- "m.megolm.v1.aes-sha2"
|
|
||||||
description: |-
|
|
||||||
The encryption algorithm to be used to encrypt messages sent in the
|
|
||||||
room.
|
|
||||||
room_version:
|
|
||||||
description: The version of the room.
|
|
||||||
type: string
|
|
||||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue