apply suggestions from review
This commit is contained in:
Hubert Chathi
parent
c8e816d854
commit
a5ebedc131
4 changed files with 48 additions and 39 deletions
|
|
@ -110,16 +110,25 @@ paths:
|
||||||
The input was invalid in some way. This can include one of the
|
The input was invalid in some way. This can include one of the
|
||||||
following error codes:
|
following error codes:
|
||||||
|
|
||||||
* ``M_INVALID_SIGNATURE``: The self-signing or user-signing key
|
* ``M_INVALID_SIGNATURE``: For example, the self-signing or
|
||||||
had an incorrect signature
|
user-signing key had an incorrect signature.
|
||||||
* ``M_FORBIDDEN``: The public key of one of the keys is the same as
|
* ``M_MISSING_PARAM``: No master key is available.
|
||||||
one of the user\'s device IDs.
|
|
||||||
schema:
|
schema:
|
||||||
type: object
|
type: object
|
||||||
example: {
|
example: {
|
||||||
"errcode": "M_INVALID_SIGNATURE",
|
"errcode": "M_INVALID_SIGNATURE",
|
||||||
"error": "Invalid signature"
|
"error": "Invalid signature"
|
||||||
}
|
}
|
||||||
|
403:
|
||||||
|
description: |-
|
||||||
|
The public key of one of the keys is the same as one of the user\'s
|
||||||
|
device IDs or the request is unauthorized.
|
||||||
|
schema:
|
||||||
|
type: object
|
||||||
|
example: {
|
||||||
|
"errcode": "M_FORBIDDEN",
|
||||||
|
"error": "Key ID in use"
|
||||||
|
}
|
||||||
"/keys/signatures/upload":
|
"/keys/signatures/upload":
|
||||||
post:
|
post:
|
||||||
summary: Upload cross-signing signatures.
|
summary: Upload cross-signing signatures.
|
||||||
|
|
|
||||||
|
|
@ -123,8 +123,10 @@ paths:
|
||||||
type: string
|
type: string
|
||||||
description: |-
|
description: |-
|
||||||
ID of the client device. If this does not correspond to a
|
ID of the client device. If this does not correspond to a
|
||||||
known client device, a new device will be created. The server
|
known client device, a new device will be created. The given
|
||||||
will auto-generate a device_id if this is not specified.
|
device ID must not be the same as a `cross-signing key ID
|
||||||
|
<#cross-signing>`_. The server will auto-generate a device_id
|
||||||
|
if this is not specified.
|
||||||
initial_device_display_name:
|
initial_device_display_name:
|
||||||
type: string
|
type: string
|
||||||
description: |-
|
description: |-
|
||||||
|
|
@ -195,7 +197,9 @@ paths:
|
||||||
403:
|
403:
|
||||||
description: |-
|
description: |-
|
||||||
The login attempt failed. This can include one of the following error codes:
|
The login attempt failed. This can include one of the following error codes:
|
||||||
* ``M_FORBIDDEN``: The provided authentication data was incorrect.
|
* ``M_FORBIDDEN``: The provided authentication data was incorrect
|
||||||
|
or the requested device ID is the same as a cross-signing key
|
||||||
|
ID.
|
||||||
* ``M_USER_DEACTIVATED``: The user has been deactivated.
|
* ``M_USER_DEACTIVATED``: The user has been deactivated.
|
||||||
examples:
|
examples:
|
||||||
application/json: {
|
application/json: {
|
||||||
|
|
|
||||||
|
|
@ -37,10 +37,18 @@ allOf:
|
||||||
example: "@alice:example.com"
|
example: "@alice:example.com"
|
||||||
master_key:
|
master_key:
|
||||||
type: object
|
type: object
|
||||||
allOf:
|
$ref: ../../../client-server/definitions/cross_signing_key.yaml
|
||||||
- $ref: ../../../client-server/definitions/cross_signing_key.yaml
|
example: {
|
||||||
# FIXME: why isn't the doc generator picking up this example?
|
"user_id": "@alice:example.com",
|
||||||
- example: {
|
"usage": ["master"],
|
||||||
|
"keys": {
|
||||||
|
"ed25519:base64+master+public+key": "base64+master+public+key",
|
||||||
|
}
|
||||||
|
}
|
||||||
|
self_signing_key:
|
||||||
|
type: object
|
||||||
|
$ref: ../../../client-server/definitions/cross_signing_key.yaml
|
||||||
|
example: {
|
||||||
"user_id": "@alice:example.com",
|
"user_id": "@alice:example.com",
|
||||||
"usage": ["self_signing"],
|
"usage": ["self_signing"],
|
||||||
"keys": {
|
"keys": {
|
||||||
|
|
@ -52,17 +60,5 @@ allOf:
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
self_signing_key:
|
|
||||||
type: object
|
|
||||||
allOf:
|
|
||||||
- $ref: ../../../client-server/definitions/cross_signing_key.yaml
|
|
||||||
# FIXME: why isn't the doc generator picking up this example?
|
|
||||||
- example: {
|
|
||||||
"user_id": "@alice:example.com",
|
|
||||||
"usage": ["master"],
|
|
||||||
"keys": {
|
|
||||||
"ed25519:base64+master+public+key": "base64+master+public+key",
|
|
||||||
}
|
|
||||||
}
|
|
||||||
required:
|
required:
|
||||||
- user_id
|
- user_id
|
||||||
|
|
|
||||||
|
|
@ -848,13 +848,13 @@ that she cannot see:
|
||||||
| +------+ | | +----+ |
|
| +------+ | | +----+ |
|
||||||
+----------------+ +--------------+
|
+----------------+ +--------------+
|
||||||
|
|
||||||
Verification methods can be used to verify a user's master key by using the
|
`Verification methods <#device-verification>`_ can be used to verify a user's
|
||||||
master public key, encoded using unpadded base64, as the device ID, and
|
master key by using the master public key, encoded using unpadded base64, as
|
||||||
treating it as a normal device. For example, if Alice and Bob verify each other
|
the device ID, and treating it as a normal device. For example, if Alice and
|
||||||
using SAS, Alice's ``m.key.verification.mac`` message to Bob may include
|
Bob verify each other using SAS, Alice's ``m.key.verification.mac`` message to
|
||||||
``"ed25519:alices+master+public+key": "alices+master+public+key"`` in the ``mac``
|
Bob may include ``"ed25519:alices+master+public+key":
|
||||||
property. Servers therefore must ensure that device IDs will not collide with
|
"alices+master+public+key"`` in the ``mac`` property. Servers therefore must
|
||||||
cross-signing public keys.
|
ensure that device IDs will not collide with cross-signing public keys.
|
||||||
|
|
||||||
Key and signature security
|
Key and signature security
|
||||||
<<<<<<<<<<<<<<<<<<<<<<<<<<
|
<<<<<<<<<<<<<<<<<<<<<<<<<<
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue