From 708fddd747789a101123b09b67c064b119db8873 Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <richard@matrix.org>
Date: Wed, 25 May 2016 15:16:14 +0100
Subject: [PATCH] Remove session_id from group messages

Putting the session_id inside the packed message body makes it hard to extract
so that we can decide which session to use. We don't think there is any
advantage to having thes sesion_id protected by the HMACs, so we're going to
move it to the JSON framing.
---
 include/olm/message.h        |  7 -------
 src/inbound_group_session.c  |  4 +---
 src/message.cpp              | 18 ++----------------
 src/outbound_group_session.c |  3 +--
 tests/test_message.cpp       | 23 ++++++-----------------
 5 files changed, 10 insertions(+), 45 deletions(-)

diff --git a/include/olm/message.h b/include/olm/message.h
index e80d54c..5eb504d 100644
--- a/include/olm/message.h
+++ b/include/olm/message.h
@@ -35,7 +35,6 @@ extern "C" {
  * The length of the buffer needed to hold a group message.
  */
 size_t _olm_encode_group_message_length(
-    size_t group_session_id_length,
     uint32_t chain_index,
     size_t ciphertext_length,
     size_t mac_length
@@ -45,8 +44,6 @@ size_t _olm_encode_group_message_length(
  * Writes the message headers into the output buffer.
  *
  * version:            version number of the olm protocol
- * session_id:         group session identifier
- * session_id_length:  length of session_id
  * message_index:      message index
  * ciphertext_length:  length of the ciphertext
  * output:             where to write the output. Should be at least
@@ -58,8 +55,6 @@ size_t _olm_encode_group_message_length(
  */
 size_t _olm_encode_group_message(
     uint8_t version,
-    const uint8_t *session_id,
-    size_t session_id_length,
     uint32_t message_index,
     size_t ciphertext_length,
     uint8_t *output,
@@ -69,8 +64,6 @@ size_t _olm_encode_group_message(
 
 struct _OlmDecodeGroupMessageResults {
     uint8_t version;
-    const uint8_t *session_id;
-    size_t session_id_length;
     uint32_t message_index;
     int has_message_index;
     const uint8_t *ciphertext;
diff --git a/src/inbound_group_session.c b/src/inbound_group_session.c
index e171205..ce26033 100644
--- a/src/inbound_group_session.c
+++ b/src/inbound_group_session.c
@@ -231,9 +231,7 @@ static size_t _decrypt(
         return (size_t)-1;
     }
 
-    if (!decoded_results.has_message_index || !decoded_results.session_id
-        || !decoded_results.ciphertext
-    ) {
+    if (!decoded_results.has_message_index || !decoded_results.ciphertext ) {
         session->last_error = OLM_BAD_MESSAGE_FORMAT;
         return (size_t)-1;
     }
diff --git a/src/message.cpp b/src/message.cpp
index 2e841e5..ad26cb9 100644
--- a/src/message.cpp
+++ b/src/message.cpp
@@ -328,18 +328,15 @@ void olm::decode_one_time_key_message(
 
 
 
-static const std::uint8_t GROUP_SESSION_ID_TAG = 012;
-static const std::uint8_t GROUP_MESSAGE_INDEX_TAG = 020;
-static const std::uint8_t GROUP_CIPHERTEXT_TAG = 032;
+static const std::uint8_t GROUP_MESSAGE_INDEX_TAG = 010;
+static const std::uint8_t GROUP_CIPHERTEXT_TAG = 022;
 
 size_t _olm_encode_group_message_length(
-    size_t group_session_id_length,
     uint32_t message_index,
     size_t ciphertext_length,
     size_t mac_length
 ) {
     size_t length = VERSION_LENGTH;
-    length += 1 + varstring_length(group_session_id_length);
     length += 1 + varint_length(message_index);
     length += 1 + varstring_length(ciphertext_length);
     length += mac_length;
@@ -349,19 +346,14 @@ size_t _olm_encode_group_message_length(
 
 size_t _olm_encode_group_message(
     uint8_t version,
-    const uint8_t *session_id,
-    size_t session_id_length,
     uint32_t message_index,
     size_t ciphertext_length,
     uint8_t *output,
     uint8_t **ciphertext_ptr
 ) {
     std::uint8_t * pos = output;
-    std::uint8_t * session_id_pos;
 
     *(pos++) = version;
-    pos = encode(pos, GROUP_SESSION_ID_TAG, session_id_pos, session_id_length);
-    std::memcpy(session_id_pos, session_id, session_id_length);
     pos = encode(pos, GROUP_MESSAGE_INDEX_TAG, message_index);
     pos = encode(pos, GROUP_CIPHERTEXT_TAG, *ciphertext_ptr, ciphertext_length);
     return pos-output;
@@ -376,8 +368,6 @@ void _olm_decode_group_message(
     std::uint8_t const * end = input + input_length - mac_length;
     std::uint8_t const * unknown = nullptr;
 
-    results->session_id = nullptr;
-    results->session_id_length = 0;
     bool has_message_index = false;
     results->message_index = 0;
     results->ciphertext = nullptr;
@@ -388,10 +378,6 @@ void _olm_decode_group_message(
     results->version = *(pos++);
 
     while (pos != end) {
-        pos = decode(
-            pos, end, GROUP_SESSION_ID_TAG,
-            results->session_id, results->session_id_length
-        );
         pos = decode(
             pos, end, GROUP_MESSAGE_INDEX_TAG,
             results->message_index, has_message_index
diff --git a/src/outbound_group_session.c b/src/outbound_group_session.c
index 9b2298a..2a6c220 100644
--- a/src/outbound_group_session.c
+++ b/src/outbound_group_session.c
@@ -187,7 +187,7 @@ static size_t raw_message_length(
     mac_length = megolm_cipher->ops->mac_length(megolm_cipher);
 
     return _olm_encode_group_message_length(
-        GROUP_SESSION_ID_LENGTH, session->ratchet.counter,
+        session->ratchet.counter,
         ciphertext_length, mac_length);
 }
 
@@ -220,7 +220,6 @@ static size_t _encrypt(
      */
     message_length = _olm_encode_group_message(
         OLM_PROTOCOL_VERSION,
-        session->session_id, GROUP_SESSION_ID_LENGTH,
         session->ratchet.counter,
         ciphertext_length,
         buffer,
diff --git a/tests/test_message.cpp b/tests/test_message.cpp
index 30c10a0..06b36dc 100644
--- a/tests/test_message.cpp
+++ b/tests/test_message.cpp
@@ -67,12 +67,8 @@ assert_equals(message2, output, 35);
 
     TestCase test_case("Group message encode test");
 
-    const uint8_t session_id[] = "sessionid";
-    size_t session_id_len = 9;
-
-    size_t length = _olm_encode_group_message_length(
-        session_id_len, 200, 10, 8);
-    size_t expected_length = 1 + (2+session_id_len) + (1+2) + (2+10) + 8;
+    size_t length = _olm_encode_group_message_length(200, 10, 8);
+    size_t expected_length = 1 + (1+2) + (2+10) + 8;
     assert_equals(expected_length, length);
 
     uint8_t output[50];
@@ -80,7 +76,6 @@ assert_equals(message2, output, 35);
 
     _olm_encode_group_message(
         3,
-        session_id, session_id_len,
         200, // counter
         10,  // ciphertext length
         output,
@@ -89,9 +84,8 @@ assert_equals(message2, output, 35);
 
     uint8_t expected[] =
         "\x03"
-        "\x0A\x09sessionid"
-        "\x10\xC8\x01"
-        "\x1A\x0A";
+        "\x08\xC8\x01"
+        "\x12\x0A";
 
     assert_equals(expected, output, sizeof(expected)-1);
     assert_equals(output+sizeof(expected)-1, ciphertext_ptr);
@@ -103,17 +97,12 @@ assert_equals(message2, output, 35);
     struct _OlmDecodeGroupMessageResults results;
     std::uint8_t message[] =
         "\x03"
-        "\x0A\x09sessionid"
-        "\x10\xC8\x01"
-        "\x1A\x0A" "ciphertext"
+        "\x08\xC8\x01"
+        "\x12\x0A" "ciphertext"
         "hmacsha2";
 
-    const uint8_t expected_session_id[] = "sessionid";
-
     _olm_decode_group_message(message, sizeof(message)-1, 8, &results);
     assert_equals(std::uint8_t(3), results.version);
-    assert_equals(std::size_t(9), results.session_id_length);
-    assert_equals(expected_session_id, results.session_id, 9);
     assert_equals(1, results.has_message_index);
     assert_equals(std::uint32_t(200), results.message_index);
     assert_equals(std::size_t(10), results.ciphertext_length);