From 70d6c2fb99bed91167586d8b1f05400f9504e940 Mon Sep 17 00:00:00 2001
From: Richard Barnes <rlb@ipv.sx>
Date: Mon, 27 Nov 2023 11:54:37 -0500
Subject: [PATCH] Add GroupInfo branch; remove redundant checks

---
 src/messages.cpp |  3 ++-
 src/state.cpp    | 24 ++++++++++--------------
 2 files changed, 12 insertions(+), 15 deletions(-)

diff --git a/src/messages.cpp b/src/messages.cpp
index 0119fc5a..8dbcb7f5 100644
--- a/src/messages.cpp
+++ b/src/messages.cpp
@@ -838,7 +838,8 @@ MLSMessage::group_id() const
   return var::visit(
     overloaded{
       [](const PublicMessage& pt) -> bytes { return pt.get_group_id(); },
-      [](const PrivateMessage& pt) -> bytes { return pt.get_group_id(); },
+      [](const PrivateMessage& ct) -> bytes { return ct.get_group_id(); },
+      [](const GroupInfo& gi) -> bytes { return gi.group_context.group_id; },
       [](const auto& /* unused */) -> bytes {
         throw InvalidParameterError("MLSMessage has no group_id");
       },
diff --git a/src/state.cpp b/src/state.cpp
index 99f26769..f780af87 100644
--- a/src/state.cpp
+++ b/src/state.cpp
@@ -454,7 +454,12 @@ State::unwrap(const MLSMessage& msg)
     },
   };
 
-  return var::visit(unprotect, msg.message);
+  const auto content_auth = var::visit(unprotect, msg.message);
+  if (!verify(content_auth)) {
+    throw InvalidParameterError("Message signature failed to verify");
+  }
+
+  return content_auth;
 }
 
 Proposal
@@ -833,21 +838,12 @@ State::handle(const AuthenticatedContent& content_auth,
               std::optional<State> cached_state,
               const std::optional<CommitParams>& expected_params)
 {
-  // Validate the GroupContent
-  const auto& content = content_auth.content;
-  if (content.group_id != _group_id) {
-    throw InvalidParameterError("GroupID mismatch");
-  }
-
-  if (content.epoch != _epoch) {
-    throw InvalidParameterError("Epoch mismatch");
-  }
-
-  if (!verify(content_auth)) {
-    throw InvalidParameterError("Message signature failed to verify");
-  }
+  // XXX(RLB): We assume that the AuthenticatedContent has come to us by way of
+  // `unwrap()`, so that its authenticity has already been checked.  This avoids
+  // duplicate signature verification.
 
   // Dispatch on content type
+  const auto& content = content_auth.content;
   switch (content.content_type()) {
     // Proposals get queued, do not result in a state transition
     case ContentType::proposal: