7565588be7
`verify_event` has been changed recently to be more aligned with the spec. In the previous algorithm, it returned an error if the event was not signed by at least one of the required entities. The new algortihm is iterating over all the signtures for the required entities *and* skipping unknown algorithms. If an event is signed only by unkonwn algorithms, the event would be accepted and not verifications will happen. In order to prevent that, we check that, at least, a single key is checked. This covers the 2nd point in: https://spec.matrix.org/v1.6/appendices/#checking-for-a-signature A few more test cases were added: - The event is properly signed, but key map contains a key with an unknown algorithm. Under this circumstances, the event should be allowed. - An event signed by multiple keys for an entity, should verify all those signatures - An event signed by a single key with an unkown algorithm by the required entity, should fail
Ruma – Your home in Matrix.
A set of Rust crates (libraries) for interacting with the Matrix chat network.
website • chat • documentation (unstable)
Getting started
If you want to build a Matrix client or bot, have a look at matrix-rust-sdk. It builds on Ruma and includes handling of state storage, end-to-end encryption and many other useful things.
For homeservers, bridges and harder-to-categorize software that works with
Matrix, you're at the right place. To get started, add ruma to your
dependencies:
# crates.io release
ruma = { version = "0.8.2", features = ["..."] }
# git dependency
ruma = { git = "https://github.com/ruma/ruma", branch = "main", features = ["..."] }
ruma re-exports all of the other crates, so you don't have to worry about
them as a user. Check out the documentation on docs.rs (or on
docs.ruma.io if you use use the git dependency).
Status
Ruma 0.8.2 supports all events and REST endpoints of Matrix 1.6.
Various changes from in-progress or finished MSCs are also implemented, gated
behind the unstable-mscXXXX (where XXXX is the MSC number) Cargo features.
A few less formalized things are gated behind the unstable-unspecified Cargo
feature.
Contributing
See CONTRIBUTING.md.
Minimum Rust version
Ruma currently requires Rust 1.64. In general, we will never require beta or nightly for crates.io releases of our crates, and we will try to avoid releasing crates that depend on features that were only just stabilized.
ruma-signatures is an exception: It uses cryptographic libraries that often
use relatively new features and that we don't want to use outdated versions of.
It is guaranteed to work with whatever is the latest stable version though.