1 files changed, 41 insertions, 8 deletions

diff --git a/src/inbound_group_session.c b/src/inbound_group_session.c
index 11e3dbe..bf00008 100644
--- a/src/inbound_group_session.c
+++ b/src/inbound_group_session.c
@@ -29,8 +29,9 @@
 
 
 #define OLM_PROTOCOL_VERSION     3
+#define GROUP_SESSION_ID_LENGTH  ED25519_PUBLIC_KEY_LENGTH
 #define PICKLE_VERSION           1
-#define SESSION_KEY_VERSION      1
+#define SESSION_KEY_VERSION      2
 
 struct OlmInboundGroupSession {
     /** our earliest known ratchet value */
@@ -71,12 +72,12 @@ size_t olm_clear_inbound_group_session(
 }
 
 #define SESSION_KEY_RAW_LENGTH \
-    (1 + MEGOLM_RATCHET_LENGTH + ED25519_PUBLIC_KEY_LENGTH)
+    (1 + 4 + MEGOLM_RATCHET_LENGTH + ED25519_PUBLIC_KEY_LENGTH\
+        + ED25519_SIGNATURE_LENGTH)
 
 /** init the session keys from the un-base64-ed session keys */
 static size_t _init_group_session_keys(
     OlmInboundGroupSession *session,
-    uint32_t message_index,
     const uint8_t *key_buf
 ) {
     const uint8_t *ptr = key_buf;
@@ -87,19 +88,32 @@ static size_t _init_group_session_keys(
         return (size_t)-1;
     }
 
-    megolm_init(&session->initial_ratchet, ptr, message_index);
-    megolm_init(&session->latest_ratchet, ptr, message_index);
+    uint32_t counter = 0;
+    // Decode counter as a big endian 32-bit number.
+    for (unsigned i = 0; i < 4; i++) {
+        counter <<= 8; counter |= *ptr++;
+    }
+
+    megolm_init(&session->initial_ratchet, ptr, counter);
+    megolm_init(&session->latest_ratchet, ptr, counter);
+
     ptr += MEGOLM_RATCHET_LENGTH;
     memcpy(
         session->signing_key.public_key, ptr, ED25519_PUBLIC_KEY_LENGTH
     );
     ptr += ED25519_PUBLIC_KEY_LENGTH;
+
+    if (!_olm_crypto_ed25519_verify(
+        &session->signing_key, key_buf, ptr - key_buf, ptr
+    )) {
+        session->last_error = OLM_BAD_SIGNATURE;
+        return (size_t)-1;
+    }
     return 0;
 }
 
 size_t olm_init_inbound_group_session(
     OlmInboundGroupSession *session,
-    uint32_t message_index,
     const uint8_t * session_key, size_t session_key_length
 ) {
     uint8_t key_buf[SESSION_KEY_RAW_LENGTH];
@@ -117,7 +131,7 @@ size_t olm_init_inbound_group_session(
     }
 
     _olm_decode_base64(session_key, session_key_length, key_buf);
-    result = _init_group_session_keys(session, message_index, key_buf);
+    result = _init_group_session_keys(session, key_buf);
     _olm_unset(key_buf, SESSION_KEY_RAW_LENGTH);
     return result;
 }
@@ -288,7 +302,6 @@ static size_t _decrypt(
         return (size_t)-1;
     }
 
-
     max_length = megolm_cipher->ops->decrypt_max_plaintext_length(
         megolm_cipher,
         decoded_results.ciphertext_length
@@ -351,3 +364,23 @@ size_t olm_group_decrypt(
         plaintext, max_plaintext_length
     );
 }
+
+size_t olm_inbound_group_session_id_length(
+    const OlmInboundGroupSession *session
+) {
+    return _olm_encode_base64_length(GROUP_SESSION_ID_LENGTH);
+}
+
+size_t olm_inbound_group_session_id(
+    OlmInboundGroupSession *session,
+    uint8_t * id, size_t id_length
+) {
+    if (id_length < olm_inbound_group_session_id_length(session)) {
+        session->last_error = OLM_OUTPUT_BUFFER_TOO_SMALL;
+        return (size_t)-1;
+    }
+
+    return _olm_encode_base64(
+        session->signing_key.public_key, GROUP_SESSION_ID_LENGTH, id
+    );
+}