diff options
author | Yannick LE COLLEN <yannick@matrix.org> | 2017-01-10 16:09:18 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-01-10 16:09:18 +0100 |
commit | 14c30da0e2bdff675c8af97e3c6ee49fba82af8d (patch) | |
tree | d1cc8cbe276b36bd80e9933f2c9c5532ae3a448f /android/olm-sdk/src/main/java/org/matrix/olm/OlmSession.java | |
parent | bd6ab72ca40e0484be2a39734ba135437e820d63 (diff) | |
parent | ccbb9606b725b8f1d7eeccf14c358b146aeee491 (diff) |
Merge pull request #43 from matrix-org/pedroc/android_e2e_dev
Android wrappers for olm library
Diffstat (limited to 'android/olm-sdk/src/main/java/org/matrix/olm/OlmSession.java')
-rw-r--r-- | android/olm-sdk/src/main/java/org/matrix/olm/OlmSession.java | 445 |
1 files changed, 445 insertions, 0 deletions
diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmSession.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmSession.java new file mode 100644 index 0000000..da2e963 --- /dev/null +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmSession.java @@ -0,0 +1,445 @@ +/* + * Copyright 2016 OpenMarket Ltd + * Copyright 2016 Vector Creations Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.olm; + +import android.text.TextUtils; +import android.util.Log; + +import java.io.IOException; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.io.Serializable; + +/** + * Session class used to create Olm sessions in conjunction with {@link OlmAccount} class.<br> + * Olm session is used to encrypt data between devices, especially to create Olm group sessions (see {@link OlmOutboundGroupSession} and {@link OlmInboundGroupSession}).<br> + * To establish an Olm session with Bob, Alice calls {@link #initOutboundSession(OlmAccount, String, String)} with Bob's identity and onetime keys. Then Alice generates an encrypted PRE_KEY message ({@link #encryptMessage(String)}) + * used by Bob to open the Olm session in his side with {@link #initOutboundSession(OlmAccount, String, String)}. + * From this step on, messages can be exchanged by using {@link #encryptMessage(String)} and {@link #decryptMessage(OlmMessage)}. + * <br><br>Detailed implementation guide is available at <a href="http://matrix.org/docs/guides/e2e_implementation.html">Implementing End-to-End Encryption in Matrix clients</a>. + */ +public class OlmSession extends CommonSerializeUtils implements Serializable { + private static final long serialVersionUID = -8975488639186976419L; + private static final String LOG_TAG = "OlmSession"; + + /** Session Id returned by JNI. + * This value uniquely identifies the native session instance. + **/ + private transient long mNativeId; + + public OlmSession() throws OlmException { + try { + mNativeId = createNewSessionJni(); + } catch (Exception e) { + throw new OlmException(OlmException.EXCEPTION_CODE_INIT_SESSION_CREATION, e.getMessage()); + } + } + + /** + * Create an OLM session in native side.<br> + * Do not forget to call {@link #releaseSession()} when JAVA side is done. + * @return native account instance identifier or throw an exception. + */ + private native long createNewSessionJni(); + + /** + * Getter on the session ID. + * @return native session ID + */ + long getOlmSessionId(){ + return mNativeId; + } + + /** + * Destroy the corresponding OLM session native object.<br> + * This method must ALWAYS be called when this JAVA instance + * is destroyed (ie. garbage collected) to prevent memory leak in native side. + * See {@link #createNewSessionJni()}. + */ + private native void releaseSessionJni(); + + /** + * Release native session and invalid its JAVA reference counter part.<br> + * Public API for {@link #releaseSessionJni()}. + */ + public void releaseSession() { + if (0 != mNativeId) { + releaseSessionJni(); + } + mNativeId = 0; + } + + /** + * Return true the object resources have been released.<br> + * @return true the object resources have been released + */ + public boolean isReleased() { + return (0 == mNativeId); + } + + /** + * Creates a new out-bound session for sending messages to a recipient + * identified by an identity key and a one time key.<br> + * @param aAccount the account to associate with this session + * @param aTheirIdentityKey the identity key of the recipient + * @param aTheirOneTimeKey the one time key of the recipient + * @exception OlmException the failure reason + */ + public void initOutboundSession(OlmAccount aAccount, String aTheirIdentityKey, String aTheirOneTimeKey) throws OlmException { + if ((null == aAccount) || TextUtils.isEmpty(aTheirIdentityKey) || TextUtils.isEmpty(aTheirOneTimeKey)) { + Log.e(LOG_TAG, "## initOutboundSession(): invalid input parameters"); + throw new OlmException(OlmException.EXCEPTION_CODE_SESSION_INIT_OUTBOUND_SESSION, "invalid input parameters"); + } else { + try { + initOutboundSessionJni(aAccount.getOlmAccountId(), aTheirIdentityKey.getBytes("UTF-8"), aTheirOneTimeKey.getBytes("UTF-8")); + } catch (Exception e) { + Log.e(LOG_TAG, "## initOutboundSession(): " + e.getMessage()); + throw new OlmException(OlmException.EXCEPTION_CODE_SESSION_INIT_OUTBOUND_SESSION, e.getMessage()); + } + } + } + + /** + * Create a new in-bound session for sending/receiving messages from an + * incoming PRE_KEY message.<br> The recipient is defined as the entity + * with whom the session is established. + * An exception is thrown if the operation fails. + * @param aOlmAccountId account instance + * @param aTheirIdentityKey the identity key of the recipient + * @param aTheirOneTimeKey the one time key of the recipient + **/ + private native void initOutboundSessionJni(long aOlmAccountId, byte[] aTheirIdentityKey, byte[] aTheirOneTimeKey); + + /** + * Create a new in-bound session for sending/receiving messages from an + * incoming PRE_KEY message ({@link OlmMessage#MESSAGE_TYPE_PRE_KEY}).<br> + * This API may be used to process a "m.room.encrypted" event when type = 1 (PRE_KEY). + * @param aAccount the account to associate with this session + * @param aPreKeyMsg PRE KEY message + * @exception OlmException the failure reason + */ + public void initInboundSession(OlmAccount aAccount, String aPreKeyMsg) throws OlmException { + if ((null == aAccount) || TextUtils.isEmpty(aPreKeyMsg)){ + Log.e(LOG_TAG, "## initInboundSession(): invalid input parameters"); + throw new OlmException(OlmException.EXCEPTION_CODE_SESSION_INIT_INBOUND_SESSION, "invalid input parameters"); + } else { + try { + initInboundSessionJni(aAccount.getOlmAccountId(), aPreKeyMsg.getBytes("UTF-8")); + } catch (Exception e) { + Log.e(LOG_TAG, "## initInboundSession(): " + e.getMessage()); + throw new OlmException(OlmException.EXCEPTION_CODE_SESSION_INIT_INBOUND_SESSION, e.getMessage()); + } + } + } + + /** + * Create a new in-bound session for sending/receiving messages from an + * incoming PRE_KEY message.<br> + * An exception is thrown if the operation fails. + * @param aOlmAccountId account instance + * @param aOneTimeKeyMsg PRE_KEY message + */ + private native void initInboundSessionJni(long aOlmAccountId, byte[] aOneTimeKeyMsg); + + /** + * Create a new in-bound session for sending/receiving messages from an + * incoming PRE_KEY({@link OlmMessage#MESSAGE_TYPE_PRE_KEY}) message based on the sender identity key.<br> + * Public API for {@link #initInboundSessionFromIdKeyJni(long, byte[], byte[])}. + * This API may be used to process a "m.room.encrypted" event when type = 1 (PRE_KEY). + * This method must only be called the first time a pre-key message is received from an inbound session. + * @param aAccount the account to associate with this session + * @param aTheirIdentityKey the sender identity key + * @param aPreKeyMsg PRE KEY message + * @exception OlmException the failure reason + */ + public void initInboundSessionFrom(OlmAccount aAccount, String aTheirIdentityKey, String aPreKeyMsg) throws OlmException { + if ( (null==aAccount) || TextUtils.isEmpty(aPreKeyMsg)){ + Log.e(LOG_TAG, "## initInboundSessionFrom(): invalid input parameters"); + throw new OlmException(OlmException.EXCEPTION_CODE_SESSION_INIT_INBOUND_SESSION_FROM, "invalid input parameters"); + } else { + try { + initInboundSessionFromIdKeyJni(aAccount.getOlmAccountId(), aTheirIdentityKey.getBytes("UTF-8"), aPreKeyMsg.getBytes("UTF-8")); + } catch (Exception e) { + Log.e(LOG_TAG, "## initInboundSessionFrom(): " + e.getMessage()); + throw new OlmException(OlmException.EXCEPTION_CODE_SESSION_INIT_INBOUND_SESSION_FROM, e.getMessage()); + } + } + } + + /** + * Create a new in-bound session for sending/receiving messages from an + * incoming PRE_KEY message based on the recipient identity key.<br> + * An exception is thrown if the operation fails. + * @param aOlmAccountId account instance + * @param aTheirIdentityKey the identity key of the recipient + * @param aOneTimeKeyMsg encrypted message + */ + private native void initInboundSessionFromIdKeyJni(long aOlmAccountId, byte[] aTheirIdentityKey, byte[] aOneTimeKeyMsg); + + /** + * Get the session identifier.<br> Will be the same for both ends of the + * conversation. The session identifier is returned as a String object. + * Session Id sample: "session_id":"M4fOVwD6AABrkTKl" + * Public API for {@link #getSessionIdentifierJni()}. + * @return the session ID + * @exception OlmException the failure reason + */ + public String sessionIdentifier() throws OlmException { + try { + byte[] buffer = getSessionIdentifierJni(); + + if (null != buffer) { + return new String(buffer, "UTF-8"); + } + } catch (Exception e) { + Log.e(LOG_TAG, "## sessionIdentifier(): " + e.getMessage()); + throw new OlmException(OlmException.EXCEPTION_CODE_SESSION_SESSION_IDENTIFIER, e.getMessage()); + } + + return null; + } + + /** + * Get the session identifier for this session. + * An exception is thrown if the operation fails. + * @return the session identifier + */ + private native byte[] getSessionIdentifierJni(); + + /** + * Checks if the PRE_KEY({@link OlmMessage#MESSAGE_TYPE_PRE_KEY}) message is for this in-bound session.<br> + * This API may be used to process a "m.room.encrypted" event when type = 1 (PRE_KEY). + * Public API for {@link #matchesInboundSessionJni(byte[])}. + * @param aOneTimeKeyMsg PRE KEY message + * @return true if the one time key matches. + */ + public boolean matchesInboundSession(String aOneTimeKeyMsg) { + boolean retCode = false; + + try { + retCode = matchesInboundSessionJni(aOneTimeKeyMsg.getBytes("UTF-8")); + } catch (Exception e) { + Log.e(LOG_TAG, "## matchesInboundSession(): failed " + e.getMessage()); + } + + return retCode; + } + + /** + * Checks if the PRE_KEY message is for this in-bound session.<br> + * This API may be used to process a "m.room.encrypted" event when type = 1 (PRE_KEY). + * An exception is thrown if the operation fails. + * @param aOneTimeKeyMsg PRE KEY message + * @return true if the PRE_KEY message matches + */ + private native boolean matchesInboundSessionJni(byte[] aOneTimeKeyMsg); + + /** + * Checks if the PRE_KEY({@link OlmMessage#MESSAGE_TYPE_PRE_KEY}) message is for this in-bound session based on the sender identity key.<br> + * This API may be used to process a "m.room.encrypted" event when type = 1 (PRE_KEY). + * Public API for {@link #matchesInboundSessionJni(byte[])}. + * @param aTheirIdentityKey the sender identity key + * @param aOneTimeKeyMsg PRE KEY message + * @return this if operation succeed, null otherwise + */ + public boolean matchesInboundSessionFrom(String aTheirIdentityKey, String aOneTimeKeyMsg) { + boolean retCode = false; + + try { + retCode = matchesInboundSessionFromIdKeyJni(aTheirIdentityKey.getBytes("UTF-8"), aOneTimeKeyMsg.getBytes("UTF-8")); + } catch (Exception e) { + Log.e(LOG_TAG, "## matchesInboundSessionFrom(): failed " + e.getMessage()); + } + + return retCode; + } + + /** + * Checks if the PRE_KEY message is for this in-bound session based on the sender identity key.<br> + * This API may be used to process a "m.room.encrypted" event when type = 1 (PRE_KEY). + * An exception is thrown if the operation fails. + * @param aTheirIdentityKey the identity key of the sender + * @param aOneTimeKeyMsg PRE KEY message + * @return true if the PRE_KEY message matches. + */ + private native boolean matchesInboundSessionFromIdKeyJni(byte[] aTheirIdentityKey, byte[] aOneTimeKeyMsg); + + /** + * Encrypt a message using the session.<br> + * The encrypted message is returned in a OlmMessage object. + * Public API for {@link #encryptMessageJni(byte[], OlmMessage)}. + * @param aClearMsg message to encrypted + * @return the encrypted message + * @exception OlmException the failure reason + */ + public OlmMessage encryptMessage(String aClearMsg) throws OlmException { + if (null == aClearMsg) { + return null; + } + + OlmMessage encryptedMsgRetValue = new OlmMessage(); + + try { + byte[] encryptedMessageBuffer = encryptMessageJni(aClearMsg.getBytes("UTF-8"), encryptedMsgRetValue); + + if (null != encryptedMessageBuffer) { + encryptedMsgRetValue.mCipherText = new String(encryptedMessageBuffer, "UTF-8"); + } + } catch (Exception e) { + Log.e(LOG_TAG, "## encryptMessage(): failed " + e.getMessage()); + throw new OlmException(OlmException.EXCEPTION_CODE_SESSION_ENCRYPT_MESSAGE, e.getMessage()); + } + + return encryptedMsgRetValue; + } + + /** + * Encrypt a message using the session.<br> + * An exception is thrown if the operation fails. + * @param aClearMsg clear text message + * @param aEncryptedMsg ciphered message + * @return the encrypted message + */ + private native byte[] encryptMessageJni(byte[] aClearMsg, OlmMessage aEncryptedMsg); + + /** + * Decrypt a message using the session.<br> + * The encrypted message is given as a OlmMessage object. + * @param aEncryptedMsg message to decrypt + * @return the decrypted message + * @exception OlmException the failure reason + */ + public String decryptMessage(OlmMessage aEncryptedMsg) throws OlmException { + if (null == aEncryptedMsg) { + return null; + } + + try { + return new String(decryptMessageJni(aEncryptedMsg), "UTF-8"); + } catch (Exception e) { + Log.e(LOG_TAG, "## decryptMessage(): failed " + e.getMessage()); + throw new OlmException(OlmException.EXCEPTION_CODE_SESSION_DECRYPT_MESSAGE, e.getMessage()); + } + } + /** + * Decrypt a message using the session.<br> + * An exception is thrown if the operation fails. + * @param aEncryptedMsg message to decrypt + * @return the decrypted message + */ + private native byte[] decryptMessageJni(OlmMessage aEncryptedMsg); + + //============================================================================================================== + // Serialization management + //============================================================================================================== + + /** + * Kick off the serialization mechanism. + * @param aOutStream output stream for serializing + * @throws IOException exception + */ + private void writeObject(ObjectOutputStream aOutStream) throws IOException { + serialize(aOutStream); + } + + /** + * Kick off the deserialization mechanism. + * @param aInStream input stream + * @throws IOException exception + * @throws ClassNotFoundException exception + */ + private void readObject(ObjectInputStream aInStream) throws Exception { + deserialize(aInStream); + } + + /** + * Return a session as a bytes buffer.<br> + * The account is serialized and encrypted with aKey. + * In case of failure, an error human readable + * description is provide in aErrorMsg. + * @param aKey encryption key + * @param aErrorMsg error message description + * @return session as a bytes buffer + */ + @Override + protected byte[] serialize(byte[] aKey, StringBuffer aErrorMsg) { + byte[] pickleRetValue = null; + + // sanity check + if(null == aErrorMsg) { + Log.e(LOG_TAG,"## serializeDataWithKey(): invalid parameter - aErrorMsg=null"); + } else if (null == aKey) { + aErrorMsg.append("Invalid input parameters in serializeDataWithKey()"); + } else { + aErrorMsg.setLength(0); + try { + pickleRetValue = serializeJni(aKey); + } catch (Exception e) { + Log.e(LOG_TAG,"## serializeDataWithKey(): failed " + e.getMessage()); + aErrorMsg.append(e.getMessage()); + } + } + + return pickleRetValue; + } + + /** + * Serialize and encrypt session instance.<br> + * An exception is thrown if the operation fails. + * @param aKeyBuffer key used to encrypt the serialized account data + * @return the serialised account as bytes buffer. + **/ + private native byte[] serializeJni(byte[] aKeyBuffer); + + /** + * Loads an account from a pickled base64 string.<br> + * See {@link #serialize(byte[], StringBuffer)} + * @param aSerializedData pickled account in a base64 string format + * @param aKey key used to encrypted + */ + @Override + protected void deserialize(byte[] aSerializedData, byte[] aKey) throws Exception { + String errorMsg = null; + + try { + if ((null == aSerializedData) || (null == aKey)) { + Log.e(LOG_TAG, "## deserialize(): invalid input parameters"); + errorMsg = "invalid input parameters"; + } else { + mNativeId = deserializeJni(aSerializedData, aKey); + } + } catch (Exception e) { + Log.e(LOG_TAG, "## deserialize() failed " + e.getMessage()); + errorMsg = e.getMessage(); + } + + if (!TextUtils.isEmpty(errorMsg)) { + releaseSession(); + throw new OlmException(OlmException.EXCEPTION_CODE_ACCOUNT_DESERIALIZATION, errorMsg); + } + } + /** + * Allocate a new session and initialize it with the serialisation data.<br> + * An exception is thrown if the operation fails. + * @param aSerializedData the session serialisation buffer + * @param aKey the key used to encrypt the serialized account data + * @return the deserialized session + **/ + private native long deserializeJni(byte[] aSerializedData, byte[] aKey); +} + |