aboutsummaryrefslogtreecommitdiff
path: root/src/outbound_group_session.c
diff options
context:
space:
mode:
authorMark Haines <mjark@negativecurvature.net>2016-09-13 17:02:12 +0100
committerGitHub <noreply@github.com>2016-09-13 17:02:12 +0100
commite0b51971b7bc4cf3bb56b080f5f54296b58b3f0c (patch)
treea4ffeddf2779e5aa1b60a0ddd418eff2a2c6ee3d /src/outbound_group_session.c
parent976495e0ac379256ee9acacf1d45999769dd6212 (diff)
parenta89a169c8991c0b22655722b20cb4602dd7ba911 (diff)
Merge pull request #21 from matrix-org/markjh/fix_session_ids
Use the ed25519 public key as the group session id.
Diffstat (limited to 'src/outbound_group_session.c')
-rw-r--r--src/outbound_group_session.c41
1 files changed, 20 insertions, 21 deletions
diff --git a/src/outbound_group_session.c b/src/outbound_group_session.c
index a605fa6..4e4561a 100644
--- a/src/outbound_group_session.c
+++ b/src/outbound_group_session.c
@@ -29,10 +29,9 @@
#include "olm/pickle_encoding.h"
#define OLM_PROTOCOL_VERSION 3
-#define SESSION_ID_RANDOM_BYTES 4
-#define GROUP_SESSION_ID_LENGTH (sizeof(struct timeval) + SESSION_ID_RANDOM_BYTES)
+#define GROUP_SESSION_ID_LENGTH ED25519_PUBLIC_KEY_LENGTH
#define PICKLE_VERSION 1
-#define SESSION_KEY_VERSION 1
+#define SESSION_KEY_VERSION 2
struct OlmOutboundGroupSession {
/** the Megolm ratchet providing the encryption keys */
@@ -41,9 +40,6 @@ struct OlmOutboundGroupSession {
/** The ed25519 keypair used for signing the messages */
struct _olm_ed25519_key_pair signing_key;
- /** unique identifier for this session */
- uint8_t session_id[GROUP_SESSION_ID_LENGTH];
-
enum OlmErrorCode last_error;
};
@@ -80,8 +76,6 @@ static size_t raw_pickle_length(
length += _olm_pickle_uint32_length(PICKLE_VERSION);
length += megolm_pickle_length(&(session->ratchet));
length += _olm_pickle_ed25519_key_pair_length(&(session->signing_key));
- length += _olm_pickle_bytes_length(session->session_id,
- GROUP_SESSION_ID_LENGTH);
return length;
}
@@ -108,7 +102,6 @@ size_t olm_pickle_outbound_group_session(
pos = _olm_pickle_uint32(pos, PICKLE_VERSION);
pos = megolm_pickle(&(session->ratchet), pos);
pos = _olm_pickle_ed25519_key_pair(pos, &(session->signing_key));
- pos = _olm_pickle_bytes(pos, session->session_id, GROUP_SESSION_ID_LENGTH);
return _olm_enc_output(key, key_length, pickled, raw_length);
}
@@ -138,7 +131,6 @@ size_t olm_unpickle_outbound_group_session(
}
pos = megolm_unpickle(&(session->ratchet), pos, end);
pos = _olm_unpickle_ed25519_key_pair(pos, end, &(session->signing_key));
- pos = _olm_unpickle_bytes(pos, end, session->session_id, GROUP_SESSION_ID_LENGTH);
if (end != pos) {
/* We had the wrong number of bytes in the input. */
@@ -157,8 +149,7 @@ size_t olm_init_outbound_group_session_random_length(
* session id.
*/
return MEGOLM_RATCHET_LENGTH +
- ED25519_RANDOM_LENGTH +
- SESSION_ID_RANDOM_BYTES;
+ ED25519_RANDOM_LENGTH;
}
size_t olm_init_outbound_group_session(
@@ -177,13 +168,6 @@ size_t olm_init_outbound_group_session(
_olm_crypto_ed25519_generate_key(random, &(session->signing_key));
random += ED25519_RANDOM_LENGTH;
- /* initialise the session id. This just has to be unique. We use the
- * current time plus some random data.
- */
- gettimeofday((struct timeval *)(session->session_id), NULL);
- memcpy((session->session_id) + sizeof(struct timeval),
- random, SESSION_ID_RANDOM_BYTES);
-
return 0;
}
@@ -314,7 +298,9 @@ size_t olm_outbound_group_session_id(
return (size_t)-1;
}
- return _olm_encode_base64(session->session_id, GROUP_SESSION_ID_LENGTH, id);
+ return _olm_encode_base64(
+ session->signing_key.public_key.public_key, GROUP_SESSION_ID_LENGTH, id
+ );
}
uint32_t olm_outbound_group_session_message_index(
@@ -324,7 +310,8 @@ uint32_t olm_outbound_group_session_message_index(
}
#define SESSION_KEY_RAW_LENGTH \
- (1 + MEGOLM_RATCHET_LENGTH + ED25519_PUBLIC_KEY_LENGTH)
+ (1 + 4 + MEGOLM_RATCHET_LENGTH + ED25519_PUBLIC_KEY_LENGTH\
+ + ED25519_SIGNATURE_LENGTH)
size_t olm_outbound_group_session_key_length(
const OlmOutboundGroupSession *session
@@ -349,6 +336,12 @@ size_t olm_outbound_group_session_key(
raw = ptr = key + encoded_length - SESSION_KEY_RAW_LENGTH;
*ptr++ = SESSION_KEY_VERSION;
+ uint32_t counter = session->ratchet.counter;
+ // Encode counter as a big endian 32-bit number.
+ for (unsigned i = 0; i < 4; i++) {
+ *ptr++ = 0xFF & (counter >> 24); counter <<= 8;
+ }
+
memcpy(ptr, megolm_get_data(&session->ratchet), MEGOLM_RATCHET_LENGTH);
ptr += MEGOLM_RATCHET_LENGTH;
@@ -358,5 +351,11 @@ size_t olm_outbound_group_session_key(
);
ptr += ED25519_PUBLIC_KEY_LENGTH;
+ /* sign the whole thing with the ed25519 key. */
+ _olm_crypto_ed25519_sign(
+ &(session->signing_key),
+ raw, ptr - raw, ptr
+ );
+
return _olm_encode_base64(raw, SESSION_KEY_RAW_LENGTH, key);
}