Updating documentation

2024-02-23 17:42:15 +00:00 · 2024-02-23 17:42:15 +00:00 · 6911de3e7a
parent 673c3bff0e
commit 6911de3e7a
1 changed files with 91 additions and 1 deletions
--- a/signal-server-openapi.yaml
+++ b/signal-server-openapi.yaml
@ -1618,7 +1618,7 @@ paths:
      - Keys
      summary: Upload new prekeys
      description: Upload new pre-keys for this device.
-      operationId: setKeys
+      operationId: setKeys_1
      parameters:
      - name: identity
        in: query
@ -1648,6 +1648,47 @@ paths:
          description: Invalid request format.
      security:
      - authenticatedAccount: []
+  /v2/keys/check:
+    post:
+      tags:
+      - Keys
+      summary: Check keys
+      description: |
+        Checks that client and server have consistent views of repeated-use keys. For a given identity type, clients
+        submit a digest of their repeated-use key material. The digest is calculated as:
+
+        SHA256(identityKeyBytes || signedEcPreKeyId || signedEcPreKeyIdBytes || lastResortKeyId || lastResortKeyBytes)
+
+        …where the elements of the hash are:
+
+        - identityKeyBytes: the serialized form of the client's public identity key as produced by libsignal (i.e. one
+          version byte followed by 32 bytes of key material for a total of 33 bytes)
+        - signedEcPreKeyId: an 8-byte, big-endian representation of the ID of the client's signed EC pre-key
+        - signedEcPreKeyBytes: the serialized form of the client's signed EC pre-key as produced by libsignal (i.e. one
+          version byte followed by 32 bytes of key material for a total of 33 bytes)
+        - lastResortKeyId: an 8-byte, big-endian representation of the ID of the client's last-resort Kyber key
+        - lastResortKeyBytes: the serialized form of the client's last-resort Kyber key as produced by libsignal (i.e. one
+          version byte followed by 1568 bytes of key material for a total of 1569 bytes)
+      operationId: setKeys
+      parameters:
+      - name: User-Agent
+        in: header
+        schema:
+          type: string
+      responses:
+        "200":
+          description: Indicates that client and server have consistent views of repeated-use
+            keys
+        "401":
+          description: Account authentication check failed
+        "409":
+          description: |2
+              Indicates that client and server have inconsistent views of repeated-use keys or one or more repeated-use keys could
+              not be found
+        "422":
+          description: Invalid request format
+      security:
+      - authenticatedAccount: []
  /v2/keys/signed:
    put:
      tags:
@ -1677,6 +1718,7 @@ paths:
          description: Account authentication check failed.
        "422":
          description: Invalid request format.
+      deprecated: true
      security:
      - authenticatedAccount: []
  /v1/messages:
@ -3969,6 +4011,54 @@ components:
          items:
            type: string
            format: byte
+    CheckKeysRequest:
+      required:
+      - digest
+      - identityType
+      type: object
+      properties:
+        identityType:
+          type: string
+          description: |
+            The identity type for which to check for a shared view of repeated-use keys
+          enum:
+          - ACI
+          - PNI
+        digest:
+          type: array
+          description: |
+            A 32-byte digest of the client's repeated-use keys for the given identity type. The digest is calculated as:
+
+            SHA256(identityKeyBytes || signedEcPreKeyId || signedEcPreKeyIdBytes || lastResortKeyId || lastResortKeyBytes)
+
+            …where the elements of the hash are:
+
+            - identityKeyBytes: the serialized form of the client's public identity key as produced by libsignal (i.e. one
+              version byte followed by 32 bytes of key material for a total of 33 bytes)
+            - signedEcPreKeyId: an 8-byte, big-endian representation of the ID of the client's signed EC pre-key
+            - signedEcPreKeyBytes: the serialized form of the client's signed EC pre-key as produced by libsignal (i.e. one
+              version byte followed by 32 bytes of key material for a total of 33 bytes)
+            - lastResortKeyId: an 8-byte, big-endian representation of the ID of the client's last-resort Kyber key
+            - lastResortKeyBytes: the serialized form of the client's last-resort Kyber key as produced by libsignal (i.e.
+              one version byte followed by 1568 bytes of key material for a total of 1569 bytes)
+          items:
+            type: string
+            description: |
+              A 32-byte digest of the client's repeated-use keys for the given identity type. The digest is calculated as:
+
+              SHA256(identityKeyBytes || signedEcPreKeyId || signedEcPreKeyIdBytes || lastResortKeyId || lastResortKeyBytes)
+
+              …where the elements of the hash are:
+
+              - identityKeyBytes: the serialized form of the client's public identity key as produced by libsignal (i.e. one
+                version byte followed by 32 bytes of key material for a total of 33 bytes)
+              - signedEcPreKeyId: an 8-byte, big-endian representation of the ID of the client's signed EC pre-key
+              - signedEcPreKeyBytes: the serialized form of the client's signed EC pre-key as produced by libsignal (i.e. one
+                version byte followed by 32 bytes of key material for a total of 33 bytes)
+              - lastResortKeyId: an 8-byte, big-endian representation of the ID of the client's last-resort Kyber key
+              - lastResortKeyBytes: the serialized form of the client's last-resort Kyber key as produced by libsignal (i.e.
+                one version byte followed by 1568 bytes of key material for a total of 1569 bytes)
+            format: byte
    SetKeysRequest:
      type: object
      properties: