diff options
Diffstat (limited to 'android/olm-sdk/src/main/java')
7 files changed, 67 insertions, 9 deletions
diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmAccount.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmAccount.java index 26c3e60..98a3c5b 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmAccount.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmAccount.java @@ -26,6 +26,7 @@ import java.io.IOException; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.io.Serializable; +import java.util.Arrays; import java.util.Map; /** @@ -290,9 +291,9 @@ public class OlmAccount extends CommonSerializeUtils implements Serializable { String result = null; if (null != aMessage) { + byte[] utf8String = null; try { - byte[] utf8String = aMessage.getBytes("UTF-8"); - + utf8String = aMessage.getBytes("UTF-8"); if (null != utf8String) { byte[] signedMessage = signMessageJni(utf8String); @@ -302,6 +303,10 @@ public class OlmAccount extends CommonSerializeUtils implements Serializable { } } catch (Exception e) { throw new OlmException(OlmException.EXCEPTION_CODE_ACCOUNT_SIGN_MESSAGE, e.getMessage()); + } finally { + if (null != utf8String) { + Arrays.fill(utf8String, (byte) 0); + } } } diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmException.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmException.java index 31b5729..5b534d5 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmException.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmException.java @@ -68,6 +68,8 @@ public class OlmException extends IOException { public static final int EXCEPTION_CODE_PK_DECRYPTION_CREATION = 700; public static final int EXCEPTION_CODE_PK_DECRYPTION_GENERATE_KEY = 701; public static final int EXCEPTION_CODE_PK_DECRYPTION_DECRYPT = 702; + public static final int EXCEPTION_CODE_PK_DECRYPTION_SET_PRIVATE_KEY = 703; + public static final int EXCEPTION_CODE_PK_DECRYPTION_PRIVATE_KEY = 704; // exception human readable messages public static final String EXCEPTION_MSG_INVALID_PARAMS_DESERIALIZATION = "invalid de-serialized parameters"; diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmInboundGroupSession.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmInboundGroupSession.java index b41c67a..2fc81ef 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmInboundGroupSession.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmInboundGroupSession.java @@ -77,10 +77,16 @@ public class OlmInboundGroupSession extends CommonSerializeUtils implements Seri Log.e(LOG_TAG, "## initInboundGroupSession(): invalid session key"); throw new OlmException(OlmException.EXCEPTION_CODE_INIT_INBOUND_GROUP_SESSION, "invalid session key"); } else { + byte[] sessionBuffer = null; try { + sessionBuffer = aSessionKey.getBytes("UTF-8"); mNativeId = createNewSessionJni(aSessionKey.getBytes("UTF-8"), isImported); } catch (Exception e) { throw new OlmException(OlmException.EXCEPTION_CODE_INIT_INBOUND_GROUP_SESSION, e.getMessage()); + } finally { + if (null != sessionBuffer) { + Arrays.fill(sessionBuffer, (byte) 0); + } } } } @@ -216,6 +222,7 @@ public class OlmInboundGroupSession extends CommonSerializeUtils implements Seri if (null != bytesBuffer) { result = new String(bytesBuffer, "UTF-8"); + Arrays.fill(bytesBuffer, (byte) 0); } } catch (Exception e) { Log.e(LOG_TAG, "## export() failed " + e.getMessage()); diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java index e4d4a44..55732fe 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java @@ -142,7 +142,10 @@ public class OlmOutboundGroupSession extends CommonSerializeUtils implements Ser */ public String sessionKey() throws OlmException { try { - return new String(sessionKeyJni(), "UTF-8"); + byte[] sessionKeyBuffer = sessionKeyJni(); + String ret = new String(sessionKeyBuffer, "UTF-8"); + Arrays.fill(sessionKeyBuffer, (byte) 0); + return ret; } catch (Exception e) { Log.e(LOG_TAG, "## sessionKey() failed " + e.getMessage()); throw new OlmException(OlmException.EXCEPTION_CODE_OUTBOUND_GROUP_SESSION_KEY, e.getMessage()); diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java index ea838f1..6522f70 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java @@ -51,6 +51,18 @@ public class OlmPkDecryption { return (0 == mNativeId); } + public String setPrivateKey(byte[] privateKey) throws OlmException { + try { + byte[] key = setPrivateKeyJni(privateKey); + return new String(key, "UTF-8"); + } catch (Exception e) { + Log.e(LOG_TAG, "## setPrivateKey(): failed " + e.getMessage()); + throw new OlmException(OlmException.EXCEPTION_CODE_PK_DECRYPTION_SET_PRIVATE_KEY, e.getMessage()); + } + } + + private native byte[] setPrivateKeyJni(byte[] privateKey); + public String generateKey() throws OlmException { try { byte[] key = generateKeyJni(); @@ -63,19 +75,31 @@ public class OlmPkDecryption { private native byte[] generateKeyJni(); + public byte[] privateKey() throws OlmException { + try { + return privateKeyJni(); + } catch (Exception e) { + Log.e(LOG_TAG, "## privateKey(): failed " + e.getMessage()); + throw new OlmException(OlmException.EXCEPTION_CODE_PK_DECRYPTION_PRIVATE_KEY, e.getMessage()); + } + } + + private native byte[] privateKeyJni(); + public String decrypt(OlmPkMessage aMessage) throws OlmException { if (null == aMessage) { return null; } + byte[] plaintextBuffer = decryptJni(aMessage); try { - byte[] plaintextBuffer = decryptJni(aMessage); String plaintext = new String(plaintextBuffer, "UTF-8"); - Arrays.fill(plaintextBuffer, (byte) 0); return plaintext; } catch (Exception e) { Log.e(LOG_TAG, "## pkDecrypt(): failed " + e.getMessage()); throw new OlmException(OlmException.EXCEPTION_CODE_PK_DECRYPTION_DECRYPT, e.getMessage()); + } finally { + Arrays.fill(plaintextBuffer, (byte) 0); } } diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkEncryption.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkEncryption.java index a2ccf2e..01666fd 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkEncryption.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkEncryption.java @@ -73,10 +73,10 @@ public class OlmPkEncryption { OlmPkMessage encryptedMsgRetValue = new OlmPkMessage(); + byte[] plaintextBuffer = null; try { - byte[] plaintextBuffer = aPlaintext.getBytes("UTF-8"); + plaintextBuffer = aPlaintext.getBytes("UTF-8"); byte[] ciphertextBuffer = encryptJni(plaintextBuffer, encryptedMsgRetValue); - Arrays.fill(plaintextBuffer, (byte) 0); if (null != ciphertextBuffer) { encryptedMsgRetValue.mCipherText = new String(ciphertextBuffer, "UTF-8"); @@ -84,6 +84,10 @@ public class OlmPkEncryption { } catch (Exception e) { Log.e(LOG_TAG, "## pkEncrypt(): failed " + e.getMessage()); throw new OlmException(OlmException.EXCEPTION_CODE_PK_ENCRYPTION_ENCRYPT, e.getMessage()); + } finally { + if (null != plaintextBuffer) { + Arrays.fill(plaintextBuffer, (byte) 0); + } } return encryptedMsgRetValue; diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmUtility.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmUtility.java index bf9ef90..250cfb1 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmUtility.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmUtility.java @@ -23,6 +23,7 @@ import android.util.Log; import org.json.JSONObject; import java.security.SecureRandom; +import java.util.Arrays; import java.util.HashMap; import java.util.Iterator; import java.util.Map; @@ -81,17 +82,23 @@ public class OlmUtility { */ public void verifyEd25519Signature(String aSignature, String aFingerprintKey, String aMessage) throws OlmException { String errorMessage; + byte[] messageBuffer = null; try { if (TextUtils.isEmpty(aSignature) || TextUtils.isEmpty(aFingerprintKey) || TextUtils.isEmpty(aMessage)) { Log.e(LOG_TAG, "## verifyEd25519Signature(): invalid input parameters"); errorMessage = "JAVA sanity check failure - invalid input parameters"; } else { - errorMessage = verifyEd25519SignatureJni(aSignature.getBytes("UTF-8"), aFingerprintKey.getBytes("UTF-8"), aMessage.getBytes("UTF-8")); + messageBuffer = aMessage.getBytes("UTF-8"); + errorMessage = verifyEd25519SignatureJni(aSignature.getBytes("UTF-8"), aFingerprintKey.getBytes("UTF-8"), messageBuffer); } } catch (Exception e) { Log.e(LOG_TAG, "## verifyEd25519Signature(): failed " + e.getMessage()); errorMessage = e.getMessage(); + } finally { + if (messageBuffer != null) { + Arrays.fill(messageBuffer, (byte) 0); + } } if (!TextUtils.isEmpty(errorMessage)) { @@ -119,10 +126,16 @@ public class OlmUtility { String hashRetValue = null; if (null != aMessageToHash) { + byte[] messageBuffer = null; try { - hashRetValue = new String(sha256Jni(aMessageToHash.getBytes("UTF-8")), "UTF-8"); + messageBuffer = aMessageToHash.getBytes("UTF-8"); + hashRetValue = new String(sha256Jni(messageBuffer), "UTF-8"); } catch (Exception e) { Log.e(LOG_TAG, "## sha256(): failed " + e.getMessage()); + } finally { + if (null != messageBuffer) { + Arrays.fill(messageBuffer, (byte) 0); + } } } |