diff options
author | Hubert Chathi <hubert@uhoreg.ca> | 2018-10-12 17:02:51 -0400 |
---|---|---|
committer | Hubert Chathi <hubert@uhoreg.ca> | 2018-10-12 17:02:51 -0400 |
commit | 5cf074d3372f1e189fe410a075013adefabb1aa5 (patch) | |
tree | a72a96fafab69e62b5083cbe1933b4e34e9a72d5 /android/olm-sdk | |
parent | ac071d9c0d69e4330a06f171e3bddc713ecd97d6 (diff) | |
parent | af86a9a8b899eeb3c1c464cb0c54218acd788fa6 (diff) |
Merge branch 'master' into poljar
Diffstat (limited to 'android/olm-sdk')
8 files changed, 91 insertions, 26 deletions
diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmInboundGroupSession.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmInboundGroupSession.java index 8c2d7b0..b41c67a 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmInboundGroupSession.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmInboundGroupSession.java @@ -25,6 +25,8 @@ import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.io.Serializable; +import java.util.Arrays; + /** * Class used to create an inbound <a href="http://matrix.org/docs/guides/e2e_implementation.html#handling-an-m-room-key-event">Megolm session</a>.<br> * Counter part of the outbound group session {@link OlmOutboundGroupSession}, this class decrypts the messages sent by the outbound side. @@ -236,7 +238,7 @@ public class OlmInboundGroupSession extends CommonSerializeUtils implements Seri * In case of error, null is returned and an error message description is provided in aErrorMsg. * @param aEncryptedMsg the message to be decrypted * @return the decrypted message information - * @exception OlmException teh failure reason + * @exception OlmException the failure reason */ public DecryptMessageResult decryptMessage(String aEncryptedMsg) throws OlmException { DecryptMessageResult result = new DecryptMessageResult(); @@ -246,6 +248,7 @@ public class OlmInboundGroupSession extends CommonSerializeUtils implements Seri if (null != decryptedMessageBuffer) { result.mDecryptedMessage = new String(decryptedMessageBuffer, "UTF-8"); + Arrays.fill(decryptedMessageBuffer, (byte) 0); } } catch (Exception e) { Log.e(LOG_TAG, "## decryptMessage() failed " + e.getMessage()); diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java index 0481824..e4d4a44 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java @@ -26,6 +26,8 @@ import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.io.Serializable; +import java.util.Arrays; + /** * Class used to create an outbound a <a href="http://matrix.org/docs/guides/e2e_implementation.html#starting-a-megolm-session">Megolm session</a>.<br> * To send a first message in an encrypted room, the client should start a new outbound Megolm session. @@ -166,7 +168,9 @@ public class OlmOutboundGroupSession extends CommonSerializeUtils implements Ser if (!TextUtils.isEmpty(aClearMsg)) { try { - byte[] encryptedBuffer = encryptMessageJni(aClearMsg.getBytes("UTF-8")); + byte[] clearMsgBuffer = aClearMsg.getBytes("UTF-8"); + byte[] encryptedBuffer = encryptMessageJni(clearMsgBuffer); + Arrays.fill(clearMsgBuffer, (byte) 0); if (null != encryptedBuffer) { retValue = new String(encryptedBuffer , "UTF-8"); diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java index 03d055a..ea838f1 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java @@ -18,6 +18,8 @@ package org.matrix.olm; import android.util.Log; +import java.util.Arrays; + public class OlmPkDecryption { private static final String LOG_TAG = "OlmPkDecryption"; @@ -67,7 +69,10 @@ public class OlmPkDecryption { } try { - return new String(decryptJni(aMessage), "UTF-8"); + byte[] plaintextBuffer = decryptJni(aMessage); + String plaintext = new String(plaintextBuffer, "UTF-8"); + Arrays.fill(plaintextBuffer, (byte) 0); + return plaintext; } catch (Exception e) { Log.e(LOG_TAG, "## pkDecrypt(): failed " + e.getMessage()); throw new OlmException(OlmException.EXCEPTION_CODE_PK_DECRYPTION_DECRYPT, e.getMessage()); diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkEncryption.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkEncryption.java index 9bd429d..a2ccf2e 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkEncryption.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkEncryption.java @@ -18,6 +18,8 @@ package org.matrix.olm; import android.util.Log; +import java.util.Arrays; + public class OlmPkEncryption { private static final String LOG_TAG = "OlmPkEncryption"; @@ -72,7 +74,9 @@ public class OlmPkEncryption { OlmPkMessage encryptedMsgRetValue = new OlmPkMessage(); try { - byte[] ciphertextBuffer = encryptJni(aPlaintext.getBytes("UTF-8"), encryptedMsgRetValue); + byte[] plaintextBuffer = aPlaintext.getBytes("UTF-8"); + byte[] ciphertextBuffer = encryptJni(plaintextBuffer, encryptedMsgRetValue); + Arrays.fill(plaintextBuffer, (byte) 0); if (null != ciphertextBuffer) { encryptedMsgRetValue.mCipherText = new String(ciphertextBuffer, "UTF-8"); diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmSession.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmSession.java index da2e963..3c5ce49 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmSession.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmSession.java @@ -25,6 +25,8 @@ import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.io.Serializable; +import java.util.Arrays; + /** * Session class used to create Olm sessions in conjunction with {@link OlmAccount} class.<br> * Olm session is used to encrypt data between devices, especially to create Olm group sessions (see {@link OlmOutboundGroupSession} and {@link OlmInboundGroupSession}).<br> @@ -295,7 +297,9 @@ public class OlmSession extends CommonSerializeUtils implements Serializable { OlmMessage encryptedMsgRetValue = new OlmMessage(); try { - byte[] encryptedMessageBuffer = encryptMessageJni(aClearMsg.getBytes("UTF-8"), encryptedMsgRetValue); + byte[] clearMsgBuffer = aClearMsg.getBytes("UTF-8"); + byte[] encryptedMessageBuffer = encryptMessageJni(clearMsgBuffer, encryptedMsgRetValue); + Arrays.fill(clearMsgBuffer, (byte) 0); if (null != encryptedMessageBuffer) { encryptedMsgRetValue.mCipherText = new String(encryptedMessageBuffer, "UTF-8"); @@ -330,7 +334,10 @@ public class OlmSession extends CommonSerializeUtils implements Serializable { } try { - return new String(decryptMessageJni(aEncryptedMsg), "UTF-8"); + byte[] plaintextBuffer = decryptMessageJni(aEncryptedMsg); + String plaintext = new String(plaintextBuffer, "UTF-8"); + Arrays.fill(plaintextBuffer, (byte) 0); + return plaintext; } catch (Exception e) { Log.e(LOG_TAG, "## decryptMessage(): failed " + e.getMessage()); throw new OlmException(OlmException.EXCEPTION_CODE_SESSION_DECRYPT_MESSAGE, e.getMessage()); diff --git a/android/olm-sdk/src/main/jni/olm_outbound_group_session.cpp b/android/olm-sdk/src/main/jni/olm_outbound_group_session.cpp index a821709..b11c474 100644 --- a/android/olm-sdk/src/main/jni/olm_outbound_group_session.cpp +++ b/android/olm-sdk/src/main/jni/olm_outbound_group_session.cpp @@ -297,6 +297,7 @@ JNIEXPORT jbyteArray OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(encryptMessageJni)(JNIE OlmOutboundGroupSession *sessionPtr = NULL; jbyte* clearMsgPtr = NULL; + jboolean clearMsgIsCopied = JNI_FALSE; if (!(sessionPtr = (OlmOutboundGroupSession*)getOutboundGroupSessionInstanceId(env,thiz))) { @@ -308,7 +309,7 @@ JNIEXPORT jbyteArray OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(encryptMessageJni)(JNIE LOGE(" ## encryptMessageJni(): failure - invalid clear message"); errorMessage = "invalid clear message"; } - else if (!(clearMsgPtr = env->GetByteArrayElements(aClearMsgBuffer, NULL))) + else if (!(clearMsgPtr = env->GetByteArrayElements(aClearMsgBuffer, &clearMsgIsCopied))) { LOGE(" ## encryptMessageJni(): failure - clear message JNI allocation OOM"); errorMessage = "clear message JNI allocation OOM"; @@ -359,6 +360,10 @@ JNIEXPORT jbyteArray OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(encryptMessageJni)(JNIE // free alloc if (clearMsgPtr) { + if (clearMsgIsCopied) + { + memset(clearMsgPtr, 0, (size_t)env->GetArrayLength(aClearMsgBuffer)); + } env->ReleaseByteArrayElements(aClearMsgBuffer, clearMsgPtr, JNI_ABORT); } diff --git a/android/olm-sdk/src/main/jni/olm_pk.cpp b/android/olm-sdk/src/main/jni/olm_pk.cpp index 2e936c6..12528de 100644 --- a/android/olm-sdk/src/main/jni/olm_pk.cpp +++ b/android/olm-sdk/src/main/jni/olm_pk.cpp @@ -29,7 +29,10 @@ OlmPkEncryption * initializePkEncryptionMemory() { // init encryption object encryptionPtr = olm_pk_encryption(encryptionPtr); - LOGD("## initializePkEncryptionMemory(): success - OLM encryption size=%lu",static_cast<long unsigned int>(encryptionSize)); + LOGD( + "## initializePkEncryptionMemory(): success - OLM encryption size=%lu", + static_cast<long unsigned int>(encryptionSize) + ); } else { @@ -53,7 +56,10 @@ JNIEXPORT jlong OLM_PK_ENCRYPTION_FUNC_DEF(createNewPkEncryptionJni)(JNIEnv *env else { LOGD("## createNewPkEncryptionJni(): success - OLM encryption created"); - LOGD("## createNewPkEncryptionJni(): encryptionPtr=%p (jlong)(intptr_t)encryptionPtr=%lld", encryptionPtr, (jlong)(intptr_t)encryptionPtr); + LOGD( + "## createNewPkEncryptionJni(): encryptionPtr=%p (jlong)(intptr_t)encryptionPtr=%lld", + encryptionPtr, (jlong)(intptr_t)encryptionPtr + ); } if (errorMessage) @@ -93,8 +99,9 @@ JNIEXPORT void OLM_PK_ENCRYPTION_FUNC_DEF(releasePkEncryptionJni)(JNIEnv *env, j } } -JNIEXPORT void OLM_PK_ENCRYPTION_FUNC_DEF(setRecipientKeyJni)(JNIEnv *env, jobject thiz, jbyteArray aKeyBuffer) -{ +JNIEXPORT void OLM_PK_ENCRYPTION_FUNC_DEF(setRecipientKeyJni)( + JNIEnv *env, jobject thiz, jbyteArray aKeyBuffer +) { const char *errorMessage = NULL; jbyte *keyPtr = NULL; @@ -116,10 +123,13 @@ JNIEXPORT void OLM_PK_ENCRYPTION_FUNC_DEF(setRecipientKeyJni)(JNIEnv *env, jobje } else { - if(olm_pk_encryption_set_recipient_key(encryptionPtr, keyPtr, (size_t)env->GetArrayLength(aKeyBuffer)) == olm_error()) + if (olm_pk_encryption_set_recipient_key(encryptionPtr, keyPtr, (size_t)env->GetArrayLength(aKeyBuffer)) == olm_error()) { errorMessage = olm_pk_encryption_last_error(encryptionPtr); - LOGE(" ## pkSetRecipientKeyJni(): failure - olm_pk_encryption_set_recipient_key Msg=%s", errorMessage); + LOGE( + " ## pkSetRecipientKeyJni(): failure - olm_pk_encryption_set_recipient_key Msg=%s", + errorMessage + ); } } @@ -134,11 +144,13 @@ JNIEXPORT void OLM_PK_ENCRYPTION_FUNC_DEF(setRecipientKeyJni)(JNIEnv *env, jobje } } -JNIEXPORT jbyteArray OLM_PK_ENCRYPTION_FUNC_DEF(encryptJni)(JNIEnv *env, jobject thiz, jbyteArray aPlaintextBuffer, jobject aEncryptedMsg) -{ +JNIEXPORT jbyteArray OLM_PK_ENCRYPTION_FUNC_DEF(encryptJni)( + JNIEnv *env, jobject thiz, jbyteArray aPlaintextBuffer, jobject aEncryptedMsg +) { jbyteArray encryptedMsgRet = 0; const char* errorMessage = NULL; jbyte *plaintextPtr = NULL; + jboolean plaintextIsCopied = JNI_FALSE; OlmPkEncryption *encryptionPtr = getPkEncryptionInstanceId(env, thiz); jclass encryptedMsgJClass = 0; @@ -154,15 +166,15 @@ JNIEXPORT jbyteArray OLM_PK_ENCRYPTION_FUNC_DEF(encryptJni)(JNIEnv *env, jobject LOGE(" ## pkEncryptJni(): failure - invalid clear message"); errorMessage = "invalid clear message"; } - else if (!(plaintextPtr = env->GetByteArrayElements(aPlaintextBuffer, 0))) + else if (!(plaintextPtr = env->GetByteArrayElements(aPlaintextBuffer, &plaintextIsCopied))) { LOGE(" ## pkEncryptJni(): failure - plaintext JNI allocation OOM"); errorMessage = "plaintext JNI allocation OOM"; } else if (!(encryptedMsgJClass = env->GetObjectClass(aEncryptedMsg))) { - LOGE(" ## pkEncryptJni(): failure - unable to get crypted message class"); - errorMessage = "unable to get crypted message class"; + LOGE(" ## pkEncryptJni(): failure - unable to get encrypted message class"); + errorMessage = "unable to get encrypted message class"; } else if (!(macFieldId = env->GetFieldID(encryptedMsgJClass, "mMac", "Ljava/lang/String;"))) { @@ -226,7 +238,9 @@ JNIEXPORT jbyteArray OLM_PK_ENCRYPTION_FUNC_DEF(encryptJni)(JNIEnv *env, jobject else { encryptedMsgRet = env->NewByteArray(ciphertextLength); - env->SetByteArrayRegion(encryptedMsgRet, 0, ciphertextLength, (jbyte*)ciphertextPtr); + env->SetByteArrayRegion( + encryptedMsgRet, 0, ciphertextLength, (jbyte*)ciphertextPtr + ); jstring macStr = env->NewStringUTF((char*)macPtr); env->SetObjectField(aEncryptedMsg, macFieldId, macStr); @@ -256,6 +270,10 @@ JNIEXPORT jbyteArray OLM_PK_ENCRYPTION_FUNC_DEF(encryptJni)(JNIEnv *env, jobject if (plaintextPtr) { + if (plaintextIsCopied) + { + memset(plaintextPtr, 0, (size_t)env->GetArrayLength(aPlaintextBuffer)); + } env->ReleaseByteArrayElements(aPlaintextBuffer, plaintextPtr, JNI_ABORT); } @@ -276,7 +294,10 @@ OlmPkDecryption * initializePkDecryptionMemory() { // init decryption object decryptionPtr = olm_pk_decryption(decryptionPtr); - LOGD("## initializePkDecryptionMemory(): success - OLM decryption size=%lu",static_cast<long unsigned int>(decryptionSize)); + LOGD( + "## initializePkDecryptionMemory(): success - OLM decryption size=%lu", + static_cast<long unsigned int>(decryptionSize) + ); } else { @@ -300,7 +321,10 @@ JNIEXPORT jlong OLM_PK_DECRYPTION_FUNC_DEF(createNewPkDecryptionJni)(JNIEnv *env else { LOGD("## createNewPkDecryptionJni(): success - OLM decryption created"); - LOGD("## createNewPkDecryptionJni(): decryptionPtr=%p (jlong)(intptr_t)decryptionPtr=%lld", decryptionPtr, (jlong)(intptr_t)decryptionPtr); + LOGD( + "## createNewPkDecryptionJni(): decryptionPtr=%p (jlong)(intptr_t)decryptionPtr=%lld", + decryptionPtr, (jlong)(intptr_t)decryptionPtr + ); } if (errorMessage) @@ -402,8 +426,9 @@ JNIEXPORT jbyteArray OLM_PK_DECRYPTION_FUNC_DEF(generateKeyJni)(JNIEnv *env, job return publicKeyRet; } -JNIEXPORT jbyteArray OLM_PK_DECRYPTION_FUNC_DEF(decryptJni)(JNIEnv *env, jobject thiz, jobject aEncryptedMsg) -{ +JNIEXPORT jbyteArray OLM_PK_DECRYPTION_FUNC_DEF(decryptJni)( + JNIEnv *env, jobject thiz, jobject aEncryptedMsg +) { const char* errorMessage = NULL; OlmPkDecryption *decryptionPtr = getPkDecryptionInstanceId(env, thiz); @@ -528,7 +553,10 @@ JNIEXPORT jbyteArray OLM_PK_DECRYPTION_FUNC_DEF(decryptJni)(JNIEnv *env, jobject { decryptedMsgRet = env->NewByteArray(plaintextLength); env->SetByteArrayRegion(decryptedMsgRet, 0, plaintextLength, (jbyte*)plaintextPtr); - LOGD("## pkDecryptJni(): success returnedLg=%lu OK", static_cast<long unsigned int>(plaintextLength)); + LOGD( + "## pkDecryptJni(): success returnedLg=%lu OK", + static_cast<long unsigned int>(plaintextLength) + ); } } @@ -538,6 +566,7 @@ JNIEXPORT jbyteArray OLM_PK_DECRYPTION_FUNC_DEF(decryptJni)(JNIEnv *env, jobject } if (plaintextPtr) { + memset(plaintextPtr, 0, maxPlaintextLength); free(plaintextPtr); } } diff --git a/android/olm-sdk/src/main/jni/olm_session.cpp b/android/olm-sdk/src/main/jni/olm_session.cpp index 5ca49db..b9db286 100644 --- a/android/olm-sdk/src/main/jni/olm_session.cpp +++ b/android/olm-sdk/src/main/jni/olm_session.cpp @@ -472,6 +472,7 @@ JNIEXPORT jbyteArray OLM_SESSION_FUNC_DEF(encryptMessageJni)(JNIEnv *env, jobjec OlmSession *sessionPtr = getSessionInstanceId(env, thiz); jbyte *clearMsgPtr = NULL; + jboolean clearMsgIsCopied = JNI_FALSE; jclass encryptedMsgJClass = 0; jfieldID typeMsgFieldId; @@ -490,8 +491,9 @@ JNIEXPORT jbyteArray OLM_SESSION_FUNC_DEF(encryptMessageJni)(JNIEnv *env, jobjec else if (!aEncryptedMsg) { LOGE("## encryptMessageJni(): failure - invalid encrypted message"); + errorMessage = "invalid encrypted message"; } - else if (!(clearMsgPtr = env->GetByteArrayElements(aClearMsgBuffer, 0))) + else if (!(clearMsgPtr = env->GetByteArrayElements(aClearMsgBuffer, &clearMsgIsCopied))) { LOGE("## encryptMessageJni(): failure - clear message JNI allocation OOM"); errorMessage = "clear message JNI allocation OOM"; @@ -580,6 +582,10 @@ JNIEXPORT jbyteArray OLM_SESSION_FUNC_DEF(encryptMessageJni)(JNIEnv *env, jobjec // free alloc if (clearMsgPtr) { + if (clearMsgIsCopied) + { + memset(clearMsgPtr, 0, (size_t)env->GetArrayLength(aClearMsgBuffer)); + } env->ReleaseByteArrayElements(aClearMsgBuffer, clearMsgPtr, JNI_ABORT); } @@ -702,6 +708,8 @@ JNIEXPORT jbyteArray OLM_SESSION_FUNC_DEF(decryptMessageJni)(JNIEnv *env, jobjec LOGD(" ## decryptMessageJni(): UTF-8 Conversion - decrypted returnedLg=%lu OK",static_cast<long unsigned int>(plaintextLength)); } + + memset(plainTextMsgPtr, 0, maxPlainTextLength); } } @@ -958,4 +966,4 @@ JNIEXPORT jlong OLM_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz, } return (jlong)(intptr_t)sessionPtr; -}
\ No newline at end of file +} |