From 4323fe8b3f37a93c9913469b15019afb4a225841 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Commaille?= Date: Tue, 14 Feb 2023 21:15:07 +0100 Subject: [PATCH] events: Deprecate MessageAuthenticationCode::HkdfHmacSha256 According to MSC3783 / Matrix 1.6 --- crates/ruma-common/CHANGELOG.md | 1 + .../src/events/key/verification.rs | 5 +++- .../src/events/key/verification/accept.rs | 18 ++++++------- .../src/events/key/verification/start.rs | 26 +++++++++++-------- 4 files changed, 29 insertions(+), 21 deletions(-) diff --git a/crates/ruma-common/CHANGELOG.md b/crates/ruma-common/CHANGELOG.md index 0cbdfad6..3924b702 100644 --- a/crates/ruma-common/CHANGELOG.md +++ b/crates/ruma-common/CHANGELOG.md @@ -9,6 +9,7 @@ Improvements: * Add `MatrixVersion::V1_6` * Stabilize support for fixed base64 for SAS verification (MSC3783 / Matrix 1.6) + * Deprecate `MessageAuthenticationCode::HkdfHmacSha256` # 0.11.2 diff --git a/crates/ruma-common/src/events/key/verification.rs b/crates/ruma-common/src/events/key/verification.rs index 0d34055d..e666127c 100644 --- a/crates/ruma-common/src/events/key/verification.rs +++ b/crates/ruma-common/src/events/key/verification.rs @@ -54,10 +54,11 @@ pub enum KeyAgreementProtocol { #[non_exhaustive] pub enum MessageAuthenticationCode { /// The HKDF-HMAC-SHA256 MAC. + #[deprecated = "Since Matrix 1.6. Use HkdfHmacSha256V2 instead."] HkdfHmacSha256, /// The second version of the HKDF-HMAC-SHA256 MAC. - #[ruma_enum(rename = "hkdf-hmac-sha256.v2", alias = "org.matrix.msc3783.hkdf-hmac-sha256")] + #[ruma_enum(rename = "hkdf-hmac-sha256.v2")] HkdfHmacSha256V2, /// The HMAC-SHA256 MAC. @@ -125,6 +126,7 @@ mod tests { } #[test] + #[allow(deprecated)] fn deserialize_mac_method() { let json = json!(["hkdf-hmac-sha256", "hmac-sha256"]); @@ -133,6 +135,7 @@ mod tests { } #[test] + #[allow(deprecated)] fn serialize_mac_method() { let serialized = serde_json::to_string(&MessageAuthenticationCode::HkdfHmacSha256).unwrap(); let deserialized: MessageAuthenticationCode = serde_json::from_str(&serialized).unwrap(); diff --git a/crates/ruma-common/src/events/key/verification/accept.rs b/crates/ruma-common/src/events/key/verification/accept.rs index 88df1677..0cacc78f 100644 --- a/crates/ruma-common/src/events/key/verification/accept.rs +++ b/crates/ruma-common/src/events/key/verification/accept.rs @@ -186,7 +186,7 @@ mod tests { method: AcceptMethod::SasV1(SasV1Content { hash: HashAlgorithm::Sha256, key_agreement_protocol: KeyAgreementProtocol::Curve25519, - message_authentication_code: MessageAuthenticationCode::HkdfHmacSha256, + message_authentication_code: MessageAuthenticationCode::HkdfHmacSha256V2, short_authentication_string: vec![ShortAuthenticationString::Decimal], commitment: Base64::new(b"hello".to_vec()), }), @@ -198,7 +198,7 @@ mod tests { "commitment": "aGVsbG8", "key_agreement_protocol": "curve25519", "hash": "sha256", - "message_authentication_code": "hkdf-hmac-sha256", + "message_authentication_code": "hkdf-hmac-sha256.v2", "short_authentication_string": ["decimal"] }); @@ -232,7 +232,7 @@ mod tests { method: AcceptMethod::SasV1(SasV1Content { hash: HashAlgorithm::Sha256, key_agreement_protocol: KeyAgreementProtocol::Curve25519, - message_authentication_code: MessageAuthenticationCode::HkdfHmacSha256, + message_authentication_code: MessageAuthenticationCode::HkdfHmacSha256V2, short_authentication_string: vec![ShortAuthenticationString::Decimal], commitment: Base64::new(b"hello".to_vec()), }), @@ -243,7 +243,7 @@ mod tests { "commitment": "aGVsbG8", "key_agreement_protocol": "curve25519", "hash": "sha256", - "message_authentication_code": "hkdf-hmac-sha256", + "message_authentication_code": "hkdf-hmac-sha256.v2", "short_authentication_string": ["decimal"], "m.relates_to": { "rel_type": "m.reference", @@ -262,7 +262,7 @@ mod tests { "method": "m.sas.v1", "hash": "sha256", "key_agreement_protocol": "curve25519", - "message_authentication_code": "hkdf-hmac-sha256", + "message_authentication_code": "hkdf-hmac-sha256.v2", "short_authentication_string": ["decimal"] }); @@ -277,7 +277,7 @@ mod tests { assert_eq!(sas.commitment.encode(), "aGVsbG8"); assert_eq!(sas.hash, HashAlgorithm::Sha256); assert_eq!(sas.key_agreement_protocol, KeyAgreementProtocol::Curve25519); - assert_eq!(sas.message_authentication_code, MessageAuthenticationCode::HkdfHmacSha256); + assert_eq!(sas.message_authentication_code, MessageAuthenticationCode::HkdfHmacSha256V2); assert_eq!(sas.short_authentication_string, vec![ShortAuthenticationString::Decimal]); let json = json!({ @@ -306,7 +306,7 @@ mod tests { assert_eq!(sas.commitment.encode(), "aGVsbG8"); assert_eq!(sas.hash, HashAlgorithm::Sha256); assert_eq!(sas.key_agreement_protocol, KeyAgreementProtocol::Curve25519); - assert_eq!(sas.message_authentication_code, MessageAuthenticationCode::HkdfHmacSha256); + assert_eq!(sas.message_authentication_code, MessageAuthenticationCode::HkdfHmacSha256V2); assert_eq!(sas.short_authentication_string, vec![ShortAuthenticationString::Decimal]); let json = json!({ @@ -340,7 +340,7 @@ mod tests { "method": "m.sas.v1", "hash": "sha256", "key_agreement_protocol": "curve25519", - "message_authentication_code": "hkdf-hmac-sha256", + "message_authentication_code": "hkdf-hmac-sha256.v2", "short_authentication_string": ["decimal"], "m.relates_to": { "rel_type": "m.reference", @@ -359,7 +359,7 @@ mod tests { assert_eq!(sas.commitment.encode(), "aGVsbG8"); assert_eq!(sas.hash, HashAlgorithm::Sha256); assert_eq!(sas.key_agreement_protocol, KeyAgreementProtocol::Curve25519); - assert_eq!(sas.message_authentication_code, MessageAuthenticationCode::HkdfHmacSha256); + assert_eq!(sas.message_authentication_code, MessageAuthenticationCode::HkdfHmacSha256V2); assert_eq!(sas.short_authentication_string, vec![ShortAuthenticationString::Decimal]); } } diff --git a/crates/ruma-common/src/events/key/verification/start.rs b/crates/ruma-common/src/events/key/verification/start.rs index bc7941d3..be7eba9d 100644 --- a/crates/ruma-common/src/events/key/verification/start.rs +++ b/crates/ruma-common/src/events/key/verification/start.rs @@ -151,7 +151,9 @@ pub struct SasV1Content { /// The message authentication codes that the sending device understands. /// - /// Must include at least `hkdf-hmac-sha256`. + /// Must include at least `hkdf-hmac-sha256.v2`. Should also include `hkdf-hmac-sha256` for + /// compatibility with older clients, though this identifier is deprecated and will be + /// removed in a future version of the spec. pub message_authentication_codes: Vec, /// The SAS methods the sending device (and the sending device's user) understands. @@ -179,7 +181,9 @@ pub struct SasV1ContentInit { /// The message authentication codes that the sending device understands. /// - /// Should include at least `hkdf-hmac-sha256`. + /// Must include at least `hkdf-hmac-sha256.v2`. Should also include `hkdf-hmac-sha256` for + /// compatibility with older clients, though this identifier is deprecated and will be + /// removed in a future version of the spec. pub message_authentication_codes: Vec, /// The SAS methods the sending device (and the sending device's user) understands. @@ -230,7 +234,7 @@ mod tests { SasV1ContentInit { hashes: vec![HashAlgorithm::Sha256], key_agreement_protocols: vec![KeyAgreementProtocol::Curve25519], - message_authentication_codes: vec![MessageAuthenticationCode::HkdfHmacSha256], + message_authentication_codes: vec![MessageAuthenticationCode::HkdfHmacSha256V2], short_authentication_string: vec![ShortAuthenticationString::Decimal], } .into(), @@ -243,7 +247,7 @@ mod tests { "method": "m.sas.v1", "key_agreement_protocols": ["curve25519"], "hashes": ["sha256"], - "message_authentication_codes": ["hkdf-hmac-sha256"], + "message_authentication_codes": ["hkdf-hmac-sha256.v2"], "short_authentication_string": ["decimal"] }); @@ -300,7 +304,7 @@ mod tests { SasV1ContentInit { hashes: vec![HashAlgorithm::Sha256], key_agreement_protocols: vec![KeyAgreementProtocol::Curve25519], - message_authentication_codes: vec![MessageAuthenticationCode::HkdfHmacSha256], + message_authentication_codes: vec![MessageAuthenticationCode::HkdfHmacSha256V2], short_authentication_string: vec![ShortAuthenticationString::Decimal], } .into(), @@ -312,7 +316,7 @@ mod tests { "method": "m.sas.v1", "key_agreement_protocols": ["curve25519"], "hashes": ["sha256"], - "message_authentication_codes": ["hkdf-hmac-sha256"], + "message_authentication_codes": ["hkdf-hmac-sha256.v2"], "short_authentication_string": ["decimal"], "m.relates_to": { "rel_type": "m.reference", @@ -368,7 +372,7 @@ mod tests { assert_eq!(sas.key_agreement_protocols, vec![KeyAgreementProtocol::Curve25519]); assert_eq!( sas.message_authentication_codes, - vec![MessageAuthenticationCode::HkdfHmacSha256] + vec![MessageAuthenticationCode::HkdfHmacSha256V2] ); assert_eq!(sas.short_authentication_string, vec![ShortAuthenticationString::Decimal]); @@ -379,7 +383,7 @@ mod tests { "method": "m.sas.v1", "key_agreement_protocols": ["curve25519"], "hashes": ["sha256"], - "message_authentication_codes": ["hkdf-hmac-sha256"], + "message_authentication_codes": ["hkdf-hmac-sha256.v2"], "short_authentication_string": ["decimal"] }, "type": "m.key.verification.start", @@ -400,7 +404,7 @@ mod tests { assert_eq!(sas.key_agreement_protocols, vec![KeyAgreementProtocol::Curve25519]); assert_eq!( sas.message_authentication_codes, - vec![MessageAuthenticationCode::HkdfHmacSha256] + vec![MessageAuthenticationCode::HkdfHmacSha256V2] ); assert_eq!(sas.short_authentication_string, vec![ShortAuthenticationString::Decimal]); @@ -459,7 +463,7 @@ mod tests { "method": "m.sas.v1", "hashes": ["sha256"], "key_agreement_protocols": ["curve25519"], - "message_authentication_codes": ["hkdf-hmac-sha256"], + "message_authentication_codes": ["hkdf-hmac-sha256.v2"], "short_authentication_string": ["decimal"], "m.relates_to": { "rel_type": "m.reference", @@ -480,7 +484,7 @@ mod tests { assert_eq!(sas.key_agreement_protocols, vec![KeyAgreementProtocol::Curve25519]); assert_eq!( sas.message_authentication_codes, - vec![MessageAuthenticationCode::HkdfHmacSha256] + vec![MessageAuthenticationCode::HkdfHmacSha256V2] ); assert_eq!(sas.short_authentication_string, vec![ShortAuthenticationString::Decimal]);