wholetrans/docs-matrix-spec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Clarify that the key backup MAC is implemented incorrectly (#1712)

Browse source 
* Clarify that the key backup MAC is implemented incorrectly

Due to a bug in libolm, all implementations of the
m.megolm_backup.v1.curve25519-aes-sha2 key backup algorithm incorrectly
pass an empty string through HMAC-SHA-256 to generate the `mac` property
of the `session_data`.

It was intended for the entire raw encrypted data to be passed through
HMAC-SHA-256, but the issue was caught too late in the process, and thus
we are stuck with this until a new key backup algorithm is introduced.

This commit clarifies the real-world behavior of all current
implementations.

Signed-off-by: Sumner Evans <sumner@beeper.com>
This commit is contained in:
Sumner Evans 2024-01-16 12:11:44 -07:00 committed by GitHub
parent 1d35e7aac6
commit 9a5cacda90
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 13 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
changelogs/client_server/newsfragments/1712.clarification Normal file
View file

@ -0,0 +1 @@
Clarify that the key backup MAC is implemented incorrectly and does not pass the ciphertext through HMAC-SHA-256.