Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ElementR: Key Storage | When adding a new key to 4S the key encryption check is not added to the key info #26721

Closed
BillCarsonFr opened this issue Dec 11, 2023 · 1 comment · Fixed by matrix-org/matrix-js-sdk#3950
Closed

ElementR: Key Storage | When adding a new key to 4S the key encryption check is not added to the key info #26721

BillCarsonFr opened this issue Dec 11, 2023 · 1 comment · Fixed by matrix-org/matrix-js-sdk#3950
Assignees
@BillCarsonFr
Labels
A-Element-R Issues affecting the port of Element's crypto layer to Rust S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Enhancement Z-Labs

Comments

@BillCarsonFr
Copy link
Member

BillCarsonFr commented Dec 11, 2023
edited
Loading

As per spec, when adding a new key to the secret storage the client must encrypt a "zero"/dummy secret to allow for key checks.
WebR is not doing it

Actual:

{
  "type": "m.secret_storage.key.abcdef",
  "content": {
    "algorithm": "m.secret_storage.v1.aes-hmac-sha2",
    "passphrase": { ... },
  }
}

Expected:

{
  "type": "m.secret_storage.key.abcdef",
  "content": {
    "algorithm": "m.secret_storage.v1.aes-hmac-sha2",
    "passphrase": { ... },
    "iv": "2ZB0AAR+nsEoaX4owqA7ag==",
    "mac": "Wf6C9nDzIESogoikSW7uLJjDSU+BKtqpe/7tRMi/Y7E="
  }
}

As a consequence if you try to use the key on EX (that is more strict) it will fail with (UnsupportedAlgorithm("m.secret_storage.v1.aes-hmac-sha2")) if you try to verifiy with a key generated from webR
@BillCarsonFr BillCarsonFr added A-Element-R Issues affecting the port of Element's crypto layer to Rust S-Major Severely degrades major functionality or product features, with no satisfactory workaround labels Dec 11, 2023
@BillCarsonFr BillCarsonFr self-assigned this Dec 11, 2023
@BillCarsonFr BillCarsonFr mentioned this issue Dec 11, 2023
Merged
3 tasks
@richvdh richvdh mentioned this issue Dec 11, 2023
Merged
@richvdh
Copy link
Member

richvdh commented Dec 11, 2023

As per spec, when adding a new key to the secret storage the client must encrypt a "zero"/dummy secret to allow for key checks.

It is incorrect that it must do that. It is optional.

@richvdh richvdh mentioned this issue Dec 11, 2023
Closed
@BillCarsonFr BillCarsonFr mentioned this issue May 10, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BillCarsonFr BillCarsonFr

Labels
A-Element-R Issues affecting the port of Element's crypto layer to Rust S-Major Severely degrades major functionality or product features, with no satisfactory workaround T-Enhancement Z-Labs
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ElementR: Fix missing key check values in 4S key storage matrix-org/matrix-js-sdk
3 participants
@richvdh @MidhunSureshR @BillCarsonFr