Define hkdf-hmac-sha256.v2 MAC method for SAS verification #1412
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Merged
3 tasks
richvdh
requested changes
Feb 7, 2023
data/event-schemas/schema/m.key.verification.start$m.sas.v1.yaml
Outdated
Show resolved
Hide resolved
richvdh
requested changes
Feb 7, 2023
Comment on lines
673
to
675
| * the keys that they wish to verify (usually their device ed25519 key and | ||
| their master cross-signing key) | ||
| * the list of key IDs that they wish the other user to verify. |
There was a problem hiding this comment.
So as I understand it, Alice and Bob will each calculate 3 MACs:
- their device Ed25519 key
- their master cross-signing key
- the string consisting of
<ed25519 key id>,<MSK key id>.
Is that correct? Is the key list just to stop people doing a switcheroo on which keys are being verified?
There was a problem hiding this comment.
Yes, the key list is to prevent people from adding or removing keys
Comment on lines
+794
to
+799
| If the key list is being MACed, the list is sorted lexicographically and | ||
| comma-separated with no extra whitespace added, with each key written in the | ||
| form `{algorithm}:{keyId}`. For example, the key list could look like: | ||
| `ed25519:Cross+Signing+Key,ed25519:DEVICEID`. In this way, the recipient can | ||
| reconstruct the list from the names in the `mac` property of the | ||
| `m.key.verification.mac` message and ensure that no keys were added or removed. |
There was a problem hiding this comment.
we still don't seem to say how to feed a key into the MAC.
Do we use the 43(?) bytes of Base64-encoded public key? Or the 32 bytes of binary public key? Or other?
Co-authored-by: Richard van der Hoff <[email protected]>
34 tasks
clokep
pushed a commit
to clokep/matrix-spec
that referenced
this pull request
May 3, 2023
…g#1412) Co-authored-by: Richard van der Hoff <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Spec PR for matrix-org/matrix-spec-proposals#3783
Changes are in https://pr1412--matrix-spec-previews.netlify.app/client-server-api/#short-authentication-string-sas-verification
Preview: https://pr1412--matrix-spec-previews.netlify.app