chris/ruwuma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

events: Deprecate MessageAuthenticationCode::HkdfHmacSha256

Browse Source 
According to MSC3783 / Matrix 1.6
This commit is contained in:
Kévin Commaille 2023-02-14 21:15:07 +01:00 committed by Kévin Commaille
parent 798c25e32a
commit 4323fe8b3f
4 changed files with 29 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
crates/ruma-common/CHANGELOG.md
View File

@ -9,6 +9,7 @@ Improvements:
* Add `MatrixVersion::V1_6` * Add `MatrixVersion::V1_6`
* Stabilize support for fixed base64 for SAS verification (MSC3783 / Matrix 1.6) * Stabilize support for fixed base64 for SAS verification (MSC3783 / Matrix 1.6)
* Deprecate `MessageAuthenticationCode::HkdfHmacSha256`
# 0.11.2 # 0.11.2

5
crates/ruma-common/src/events/key/verification.rs
View File

@ -54,10 +54,11 @@ pub enum KeyAgreementProtocol {
#[non_exhaustive] #[non_exhaustive]
pub enum MessageAuthenticationCode { pub enum MessageAuthenticationCode {
/// The HKDF-HMAC-SHA256 MAC. /// The HKDF-HMAC-SHA256 MAC.
#[deprecated = "Since Matrix 1.6. Use HkdfHmacSha256V2 instead."]
HkdfHmacSha256, HkdfHmacSha256,
/// The second version of the HKDF-HMAC-SHA256 MAC. /// The second version of the HKDF-HMAC-SHA256 MAC.
#[ruma_enum(rename = "hkdf-hmac-sha256.v2", alias = "org.matrix.msc3783.hkdf-hmac-sha256")] #[ruma_enum(rename = "hkdf-hmac-sha256.v2")]
HkdfHmacSha256V2, HkdfHmacSha256V2,
/// The HMAC-SHA256 MAC. /// The HMAC-SHA256 MAC.
@ -125,6 +126,7 @@ mod tests {
} }
#[test] #[test]
#[allow(deprecated)]
fn deserialize_mac_method() { fn deserialize_mac_method() {
let json = json!(["hkdf-hmac-sha256", "hmac-sha256"]); let json = json!(["hkdf-hmac-sha256", "hmac-sha256"]);
@ -133,6 +135,7 @@ mod tests {
} }
#[test] #[test]
#[allow(deprecated)]
fn serialize_mac_method() { fn serialize_mac_method() {
let serialized = serde_json::to_string(&MessageAuthenticationCode::HkdfHmacSha256).unwrap(); let serialized = serde_json::to_string(&MessageAuthenticationCode::HkdfHmacSha256).unwrap();
let deserialized: MessageAuthenticationCode = serde_json::from_str(&serialized).unwrap(); let deserialized: MessageAuthenticationCode = serde_json::from_str(&serialized).unwrap();

18
crates/ruma-common/src/events/key/verification/accept.rs
View File

@ -186,7 +186,7 @@ mod tests {
method: AcceptMethod::SasV1(SasV1Content { method: AcceptMethod::SasV1(SasV1Content {
hash: HashAlgorithm::Sha256, hash: HashAlgorithm::Sha256,
key_agreement_protocol: KeyAgreementProtocol::Curve25519, key_agreement_protocol: KeyAgreementProtocol::Curve25519,
message_authentication_code: MessageAuthenticationCode::HkdfHmacSha256, message_authentication_code: MessageAuthenticationCode::HkdfHmacSha256V2,
short_authentication_string: vec![ShortAuthenticationString::Decimal], short_authentication_string: vec![ShortAuthenticationString::Decimal],
commitment: Base64::new(b"hello".to_vec()), commitment: Base64::new(b"hello".to_vec()),
}), }),
@ -198,7 +198,7 @@ mod tests {
"commitment": "aGVsbG8", "commitment": "aGVsbG8",
"key_agreement_protocol": "curve25519", "key_agreement_protocol": "curve25519",
"hash": "sha256", "hash": "sha256",
"message_authentication_code": "hkdf-hmac-sha256", "message_authentication_code": "hkdf-hmac-sha256.v2",
"short_authentication_string": ["decimal"] "short_authentication_string": ["decimal"]
}); });
@ -232,7 +232,7 @@ mod tests {
method: AcceptMethod::SasV1(SasV1Content { method: AcceptMethod::SasV1(SasV1Content {
hash: HashAlgorithm::Sha256, hash: HashAlgorithm::Sha256,
key_agreement_protocol: KeyAgreementProtocol::Curve25519, key_agreement_protocol: KeyAgreementProtocol::Curve25519,
message_authentication_code: MessageAuthenticationCode::HkdfHmacSha256, message_authentication_code: MessageAuthenticationCode::HkdfHmacSha256V2,
short_authentication_string: vec![ShortAuthenticationString::Decimal], short_authentication_string: vec![ShortAuthenticationString::Decimal],
commitment: Base64::new(b"hello".to_vec()), commitment: Base64::new(b"hello".to_vec()),
}), }),
@ -243,7 +243,7 @@ mod tests {
"commitment": "aGVsbG8", "commitment": "aGVsbG8",
"key_agreement_protocol": "curve25519", "key_agreement_protocol": "curve25519",
"hash": "sha256", "hash": "sha256",
"message_authentication_code": "hkdf-hmac-sha256", "message_authentication_code": "hkdf-hmac-sha256.v2",
"short_authentication_string": ["decimal"], "short_authentication_string": ["decimal"],
"m.relates_to": { "m.relates_to": {
"rel_type": "m.reference", "rel_type": "m.reference",
@ -262,7 +262,7 @@ mod tests {
"method": "m.sas.v1", "method": "m.sas.v1",
"hash": "sha256", "hash": "sha256",
"key_agreement_protocol": "curve25519", "key_agreement_protocol": "curve25519",
"message_authentication_code": "hkdf-hmac-sha256", "message_authentication_code": "hkdf-hmac-sha256.v2",
"short_authentication_string": ["decimal"] "short_authentication_string": ["decimal"]
}); });
@ -277,7 +277,7 @@ mod tests {
assert_eq!(sas.commitment.encode(), "aGVsbG8"); assert_eq!(sas.commitment.encode(), "aGVsbG8");
assert_eq!(sas.hash, HashAlgorithm::Sha256); assert_eq!(sas.hash, HashAlgorithm::Sha256);
assert_eq!(sas.key_agreement_protocol, KeyAgreementProtocol::Curve25519); assert_eq!(sas.key_agreement_protocol, KeyAgreementProtocol::Curve25519);
assert_eq!(sas.message_authentication_code, MessageAuthenticationCode::HkdfHmacSha256); assert_eq!(sas.message_authentication_code, MessageAuthenticationCode::HkdfHmacSha256V2);
assert_eq!(sas.short_authentication_string, vec![ShortAuthenticationString::Decimal]); assert_eq!(sas.short_authentication_string, vec![ShortAuthenticationString::Decimal]);
let json = json!({ let json = json!({
@ -306,7 +306,7 @@ mod tests {
assert_eq!(sas.commitment.encode(), "aGVsbG8"); assert_eq!(sas.commitment.encode(), "aGVsbG8");
assert_eq!(sas.hash, HashAlgorithm::Sha256); assert_eq!(sas.hash, HashAlgorithm::Sha256);
assert_eq!(sas.key_agreement_protocol, KeyAgreementProtocol::Curve25519); assert_eq!(sas.key_agreement_protocol, KeyAgreementProtocol::Curve25519);
assert_eq!(sas.message_authentication_code, MessageAuthenticationCode::HkdfHmacSha256); assert_eq!(sas.message_authentication_code, MessageAuthenticationCode::HkdfHmacSha256V2);
assert_eq!(sas.short_authentication_string, vec![ShortAuthenticationString::Decimal]); assert_eq!(sas.short_authentication_string, vec![ShortAuthenticationString::Decimal]);
let json = json!({ let json = json!({
@ -340,7 +340,7 @@ mod tests {
"method": "m.sas.v1", "method": "m.sas.v1",
"hash": "sha256", "hash": "sha256",
"key_agreement_protocol": "curve25519", "key_agreement_protocol": "curve25519",
"message_authentication_code": "hkdf-hmac-sha256", "message_authentication_code": "hkdf-hmac-sha256.v2",
"short_authentication_string": ["decimal"], "short_authentication_string": ["decimal"],
"m.relates_to": { "m.relates_to": {
"rel_type": "m.reference", "rel_type": "m.reference",
@ -359,7 +359,7 @@ mod tests {
assert_eq!(sas.commitment.encode(), "aGVsbG8"); assert_eq!(sas.commitment.encode(), "aGVsbG8");
assert_eq!(sas.hash, HashAlgorithm::Sha256); assert_eq!(sas.hash, HashAlgorithm::Sha256);
assert_eq!(sas.key_agreement_protocol, KeyAgreementProtocol::Curve25519); assert_eq!(sas.key_agreement_protocol, KeyAgreementProtocol::Curve25519);
assert_eq!(sas.message_authentication_code, MessageAuthenticationCode::HkdfHmacSha256); assert_eq!(sas.message_authentication_code, MessageAuthenticationCode::HkdfHmacSha256V2);
assert_eq!(sas.short_authentication_string, vec![ShortAuthenticationString::Decimal]); assert_eq!(sas.short_authentication_string, vec![ShortAuthenticationString::Decimal]);
} }
} }

26
crates/ruma-common/src/events/key/verification/start.rs
View File

@ -151,7 +151,9 @@ pub struct SasV1Content {
/// The message authentication codes that the sending device understands. /// The message authentication codes that the sending device understands.
/// ///
/// Must include at least `hkdf-hmac-sha256`. /// Must include at least `hkdf-hmac-sha256.v2`. Should also include `hkdf-hmac-sha256` for
/// compatibility with older clients, though this identifier is deprecated and will be
/// removed in a future version of the spec.
pub message_authentication_codes: Vec<MessageAuthenticationCode>, pub message_authentication_codes: Vec<MessageAuthenticationCode>,
/// The SAS methods the sending device (and the sending device's user) understands. /// The SAS methods the sending device (and the sending device's user) understands.
@ -179,7 +181,9 @@ pub struct SasV1ContentInit {
/// The message authentication codes that the sending device understands. /// The message authentication codes that the sending device understands.
/// ///
/// Should include at least `hkdf-hmac-sha256`. /// Must include at least `hkdf-hmac-sha256.v2`. Should also include `hkdf-hmac-sha256` for
/// compatibility with older clients, though this identifier is deprecated and will be
/// removed in a future version of the spec.
pub message_authentication_codes: Vec<MessageAuthenticationCode>, pub message_authentication_codes: Vec<MessageAuthenticationCode>,
/// The SAS methods the sending device (and the sending device's user) understands. /// The SAS methods the sending device (and the sending device's user) understands.
@ -230,7 +234,7 @@ mod tests {
SasV1ContentInit { SasV1ContentInit {
hashes: vec![HashAlgorithm::Sha256], hashes: vec![HashAlgorithm::Sha256],
key_agreement_protocols: vec![KeyAgreementProtocol::Curve25519], key_agreement_protocols: vec![KeyAgreementProtocol::Curve25519],
message_authentication_codes: vec![MessageAuthenticationCode::HkdfHmacSha256], message_authentication_codes: vec![MessageAuthenticationCode::HkdfHmacSha256V2],
short_authentication_string: vec![ShortAuthenticationString::Decimal], short_authentication_string: vec![ShortAuthenticationString::Decimal],
} }
.into(), .into(),
@ -243,7 +247,7 @@ mod tests {
"method": "m.sas.v1", "method": "m.sas.v1",
"key_agreement_protocols": ["curve25519"], "key_agreement_protocols": ["curve25519"],
"hashes": ["sha256"], "hashes": ["sha256"],
"message_authentication_codes": ["hkdf-hmac-sha256"], "message_authentication_codes": ["hkdf-hmac-sha256.v2"],
"short_authentication_string": ["decimal"] "short_authentication_string": ["decimal"]
}); });
@ -300,7 +304,7 @@ mod tests {
SasV1ContentInit { SasV1ContentInit {
hashes: vec![HashAlgorithm::Sha256], hashes: vec![HashAlgorithm::Sha256],
key_agreement_protocols: vec![KeyAgreementProtocol::Curve25519], key_agreement_protocols: vec![KeyAgreementProtocol::Curve25519],
message_authentication_codes: vec![MessageAuthenticationCode::HkdfHmacSha256], message_authentication_codes: vec![MessageAuthenticationCode::HkdfHmacSha256V2],
short_authentication_string: vec![ShortAuthenticationString::Decimal], short_authentication_string: vec![ShortAuthenticationString::Decimal],
} }
.into(), .into(),
@ -312,7 +316,7 @@ mod tests {
"method": "m.sas.v1", "method": "m.sas.v1",
"key_agreement_protocols": ["curve25519"], "key_agreement_protocols": ["curve25519"],
"hashes": ["sha256"], "hashes": ["sha256"],
"message_authentication_codes": ["hkdf-hmac-sha256"], "message_authentication_codes": ["hkdf-hmac-sha256.v2"],
"short_authentication_string": ["decimal"], "short_authentication_string": ["decimal"],
"m.relates_to": { "m.relates_to": {
"rel_type": "m.reference", "rel_type": "m.reference",
@ -368,7 +372,7 @@ mod tests {
assert_eq!(sas.key_agreement_protocols, vec![KeyAgreementProtocol::Curve25519]); assert_eq!(sas.key_agreement_protocols, vec![KeyAgreementProtocol::Curve25519]);
assert_eq!( assert_eq!(
sas.message_authentication_codes, sas.message_authentication_codes,
vec![MessageAuthenticationCode::HkdfHmacSha256] vec![MessageAuthenticationCode::HkdfHmacSha256V2]
); );
assert_eq!(sas.short_authentication_string, vec![ShortAuthenticationString::Decimal]); assert_eq!(sas.short_authentication_string, vec![ShortAuthenticationString::Decimal]);
@ -379,7 +383,7 @@ mod tests {
"method": "m.sas.v1", "method": "m.sas.v1",
"key_agreement_protocols": ["curve25519"], "key_agreement_protocols": ["curve25519"],
"hashes": ["sha256"], "hashes": ["sha256"],
"message_authentication_codes": ["hkdf-hmac-sha256"], "message_authentication_codes": ["hkdf-hmac-sha256.v2"],
"short_authentication_string": ["decimal"] "short_authentication_string": ["decimal"]
}, },
"type": "m.key.verification.start", "type": "m.key.verification.start",
@ -400,7 +404,7 @@ mod tests {
assert_eq!(sas.key_agreement_protocols, vec![KeyAgreementProtocol::Curve25519]); assert_eq!(sas.key_agreement_protocols, vec![KeyAgreementProtocol::Curve25519]);
assert_eq!( assert_eq!(
sas.message_authentication_codes, sas.message_authentication_codes,
vec![MessageAuthenticationCode::HkdfHmacSha256] vec![MessageAuthenticationCode::HkdfHmacSha256V2]
); );
assert_eq!(sas.short_authentication_string, vec![ShortAuthenticationString::Decimal]); assert_eq!(sas.short_authentication_string, vec![ShortAuthenticationString::Decimal]);
@ -459,7 +463,7 @@ mod tests {
"method": "m.sas.v1", "method": "m.sas.v1",
"hashes": ["sha256"], "hashes": ["sha256"],
"key_agreement_protocols": ["curve25519"], "key_agreement_protocols": ["curve25519"],
"message_authentication_codes": ["hkdf-hmac-sha256"], "message_authentication_codes": ["hkdf-hmac-sha256.v2"],
"short_authentication_string": ["decimal"], "short_authentication_string": ["decimal"],
"m.relates_to": { "m.relates_to": {
"rel_type": "m.reference", "rel_type": "m.reference",
@ -480,7 +484,7 @@ mod tests {
assert_eq!(sas.key_agreement_protocols, vec![KeyAgreementProtocol::Curve25519]); assert_eq!(sas.key_agreement_protocols, vec![KeyAgreementProtocol::Curve25519]);
assert_eq!( assert_eq!(
sas.message_authentication_codes, sas.message_authentication_codes,
vec![MessageAuthenticationCode::HkdfHmacSha256] vec![MessageAuthenticationCode::HkdfHmacSha256V2]
); );
assert_eq!(sas.short_authentication_string, vec![ShortAuthenticationString::Decimal]); assert_eq!(sas.short_authentication_string, vec![ShortAuthenticationString::Decimal]);