wholetrans/docs-matrix-spec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

apply suggestions from review

Browse source
This commit is contained in:
Hubert Chathi 2020-10-16 18:36:02 -04:00
parent c8e816d854
commit a5ebedc131
4 changed files with 48 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

19
api/client-server/cross_signing.yaml
View file

@ -107,19 +107,28 @@ paths:
example: {} example: {}
400: 400:
description: |- description: |-
The input was invalid in some way. This can include one of the The input was invalid in some way. This can include one of the
following error codes: following error codes:
* ``M_INVALID_SIGNATURE``: The self-signing or user-signing key * ``M_INVALID_SIGNATURE``: For example, the self-signing or
had an incorrect signature user-signing key had an incorrect signature.
* ``M_FORBIDDEN``: The public key of one of the keys is the same as * ``M_MISSING_PARAM``: No master key is available.
one of the user\'s device IDs.
schema: schema:
type: object type: object
example: { example: {
"errcode": "M_INVALID_SIGNATURE", "errcode": "M_INVALID_SIGNATURE",
"error": "Invalid signature" "error": "Invalid signature"
} }
403:
description: |-
The public key of one of the keys is the same as one of the user\'s
device IDs or the request is unauthorized.
schema:
type: object
example: {
"errcode": "M_FORBIDDEN",
"error": "Key ID in use"
}
"/keys/signatures/upload": "/keys/signatures/upload":
post: post:
summary: Upload cross-signing signatures. summary: Upload cross-signing signatures.

10
api/client-server/login.yaml
View file

@ -123,8 +123,10 @@ paths:
type: string type: string
description: |- description: |-
ID of the client device. If this does not correspond to a ID of the client device. If this does not correspond to a
known client device, a new device will be created. The server known client device, a new device will be created. The given
will auto-generate a device_id if this is not specified. device ID must not be the same as a `cross-signing key ID
<#cross-signing>`_. The server will auto-generate a device_id
if this is not specified.
initial_device_display_name: initial_device_display_name:
type: string type: string
description: |- description: |-
@ -195,7 +197,9 @@ paths:
403: 403:
description: |- description: |-
The login attempt failed. This can include one of the following error codes: The login attempt failed. This can include one of the following error codes:
* ``M_FORBIDDEN``: The provided authentication data was incorrect. * ``M_FORBIDDEN``: The provided authentication data was incorrect
or the requested device ID is the same as a cross-signing key
ID.
* ``M_USER_DEACTIVATED``: The user has been deactivated. * ``M_USER_DEACTIVATED``: The user has been deactivated.
examples: examples:
application/json: { application/json: {

44
api/server-server/definitions/event-schemas/m.signing_key_update.yaml
View file

@ -37,32 +37,28 @@ allOf:
example: "@alice:example.com" example: "@alice:example.com"
master_key: master_key:
type: object type: object
allOf: $ref: ../../../client-server/definitions/cross_signing_key.yaml
- $ref: ../../../client-server/definitions/cross_signing_key.yaml example: {
# FIXME: why isn't the doc generator picking up this example? "user_id": "@alice:example.com",
- example: { "usage": ["master"],
"user_id": "@alice:example.com", "keys": {
"usage": ["self_signing"], "ed25519:base64+master+public+key": "base64+master+public+key",
"keys": { }
"ed25519:base64+self+signing+public+key": "base64+self+signing+master+public+key", }
},
"signatures": {
"@alice:example.com": {
"ed25519:base64+master+public+key": "signature+of+self+signing+key"
}
}
}
self_signing_key: self_signing_key:
type: object type: object
allOf: $ref: ../../../client-server/definitions/cross_signing_key.yaml
- $ref: ../../../client-server/definitions/cross_signing_key.yaml example: {
# FIXME: why isn't the doc generator picking up this example? "user_id": "@alice:example.com",
- example: { "usage": ["self_signing"],
"user_id": "@alice:example.com", "keys": {
"usage": ["master"], "ed25519:base64+self+signing+public+key": "base64+self+signing+master+public+key",
"keys": { },
"ed25519:base64+master+public+key": "base64+master+public+key", "signatures": {
} "@alice:example.com": {
"ed25519:base64+master+public+key": "signature+of+self+signing+key"
} }
}
}
required: required:
- user_id - user_id

14
specification/modules/end_to_end_encryption.rst
View file

@ -848,13 +848,13 @@ that she cannot see:
| +------+ | | +----+ | | +------+ | | +----+ |
+----------------+ +--------------+ +----------------+ +--------------+
Verification methods can be used to verify a user's master key by using the `Verification methods <#device-verification>`_ can be used to verify a user's
master public key, encoded using unpadded base64, as the device ID, and master key by using the master public key, encoded using unpadded base64, as
treating it as a normal device. For example, if Alice and Bob verify each other the device ID, and treating it as a normal device. For example, if Alice and
using SAS, Alice's ``m.key.verification.mac`` message to Bob may include Bob verify each other using SAS, Alice's ``m.key.verification.mac`` message to
``"ed25519:alices+master+public+key": "alices+master+public+key"`` in the ``mac`` Bob may include ``"ed25519:alices+master+public+key":
property. Servers therefore must ensure that device IDs will not collide with "alices+master+public+key"`` in the ``mac`` property. Servers therefore must
cross-signing public keys. ensure that device IDs will not collide with cross-signing public keys.
Key and signature security Key and signature security
<<<<<<<<<<<<<<<<<<<<<<<<<< <<<<<<<<<<<<<<<<<<<<<<<<<<