aboutsummaryrefslogtreecommitdiff
path: root/src/inbound_group_session.c
diff options
context:
space:
mode:
authorMark Haines <mjark@negativecurvature.net>2016-09-13 17:02:12 +0100
committerGitHub <noreply@github.com>2016-09-13 17:02:12 +0100
commite0b51971b7bc4cf3bb56b080f5f54296b58b3f0c (patch)
treea4ffeddf2779e5aa1b60a0ddd418eff2a2c6ee3d /src/inbound_group_session.c
parent976495e0ac379256ee9acacf1d45999769dd6212 (diff)
parenta89a169c8991c0b22655722b20cb4602dd7ba911 (diff)
Merge pull request #21 from matrix-org/markjh/fix_session_ids
Use the ed25519 public key as the group session id.
Diffstat (limited to 'src/inbound_group_session.c')
-rw-r--r--src/inbound_group_session.c27
1 files changed, 20 insertions, 7 deletions
diff --git a/src/inbound_group_session.c b/src/inbound_group_session.c
index 11e3dbe..82ff66f 100644
--- a/src/inbound_group_session.c
+++ b/src/inbound_group_session.c
@@ -30,7 +30,7 @@
#define OLM_PROTOCOL_VERSION 3
#define PICKLE_VERSION 1
-#define SESSION_KEY_VERSION 1
+#define SESSION_KEY_VERSION 2
struct OlmInboundGroupSession {
/** our earliest known ratchet value */
@@ -71,12 +71,12 @@ size_t olm_clear_inbound_group_session(
}
#define SESSION_KEY_RAW_LENGTH \
- (1 + MEGOLM_RATCHET_LENGTH + ED25519_PUBLIC_KEY_LENGTH)
+ (1 + 4 + MEGOLM_RATCHET_LENGTH + ED25519_PUBLIC_KEY_LENGTH\
+ + ED25519_SIGNATURE_LENGTH)
/** init the session keys from the un-base64-ed session keys */
static size_t _init_group_session_keys(
OlmInboundGroupSession *session,
- uint32_t message_index,
const uint8_t *key_buf
) {
const uint8_t *ptr = key_buf;
@@ -87,13 +87,27 @@ static size_t _init_group_session_keys(
return (size_t)-1;
}
- megolm_init(&session->initial_ratchet, ptr, message_index);
- megolm_init(&session->latest_ratchet, ptr, message_index);
+ uint32_t counter = 0;
+ // Decode counter as a big endian 32-bit number.
+ for (unsigned i = 0; i < 4; i++) {
+ counter <<= 8; counter |= *ptr++;
+ }
+
+ megolm_init(&session->initial_ratchet, ptr, counter);
+ megolm_init(&session->latest_ratchet, ptr, counter);
+
ptr += MEGOLM_RATCHET_LENGTH;
memcpy(
session->signing_key.public_key, ptr, ED25519_PUBLIC_KEY_LENGTH
);
ptr += ED25519_PUBLIC_KEY_LENGTH;
+
+ if (!_olm_crypto_ed25519_verify(
+ &session->signing_key, key_buf, ptr - key_buf, ptr
+ )) {
+ session->last_error = OLM_BAD_SIGNATURE;
+ return (size_t)-1;
+ }
return 0;
}
@@ -117,7 +131,7 @@ size_t olm_init_inbound_group_session(
}
_olm_decode_base64(session_key, session_key_length, key_buf);
- result = _init_group_session_keys(session, message_index, key_buf);
+ result = _init_group_session_keys(session, key_buf);
_olm_unset(key_buf, SESSION_KEY_RAW_LENGTH);
return result;
}
@@ -288,7 +302,6 @@ static size_t _decrypt(
return (size_t)-1;
}
-
max_length = megolm_cipher->ops->decrypt_max_plaintext_length(
megolm_cipher,
decoded_results.ciphertext_length