From af86a9a8b899eeb3c1c464cb0c54218acd788fa6 Mon Sep 17 00:00:00 2001 From: Hubert Chathi Date: Wed, 10 Oct 2018 15:06:58 -0400 Subject: clear out plaintext buffers in Android SDK where possible --- .../src/main/java/org/matrix/olm/OlmInboundGroupSession.java | 5 ++++- .../src/main/java/org/matrix/olm/OlmOutboundGroupSession.java | 6 +++++- .../olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java | 7 ++++++- .../olm-sdk/src/main/java/org/matrix/olm/OlmPkEncryption.java | 6 +++++- android/olm-sdk/src/main/java/org/matrix/olm/OlmSession.java | 11 +++++++++-- 5 files changed, 29 insertions(+), 6 deletions(-) (limited to 'android/olm-sdk/src/main/java/org') diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmInboundGroupSession.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmInboundGroupSession.java index 8c2d7b0..b41c67a 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmInboundGroupSession.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmInboundGroupSession.java @@ -25,6 +25,8 @@ import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.io.Serializable; +import java.util.Arrays; + /** * Class used to create an inbound Megolm session.
* Counter part of the outbound group session {@link OlmOutboundGroupSession}, this class decrypts the messages sent by the outbound side. @@ -236,7 +238,7 @@ public class OlmInboundGroupSession extends CommonSerializeUtils implements Seri * In case of error, null is returned and an error message description is provided in aErrorMsg. * @param aEncryptedMsg the message to be decrypted * @return the decrypted message information - * @exception OlmException teh failure reason + * @exception OlmException the failure reason */ public DecryptMessageResult decryptMessage(String aEncryptedMsg) throws OlmException { DecryptMessageResult result = new DecryptMessageResult(); @@ -246,6 +248,7 @@ public class OlmInboundGroupSession extends CommonSerializeUtils implements Seri if (null != decryptedMessageBuffer) { result.mDecryptedMessage = new String(decryptedMessageBuffer, "UTF-8"); + Arrays.fill(decryptedMessageBuffer, (byte) 0); } } catch (Exception e) { Log.e(LOG_TAG, "## decryptMessage() failed " + e.getMessage()); diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java index 0481824..e4d4a44 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java @@ -26,6 +26,8 @@ import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.io.Serializable; +import java.util.Arrays; + /** * Class used to create an outbound a Megolm session.
* To send a first message in an encrypted room, the client should start a new outbound Megolm session. @@ -166,7 +168,9 @@ public class OlmOutboundGroupSession extends CommonSerializeUtils implements Ser if (!TextUtils.isEmpty(aClearMsg)) { try { - byte[] encryptedBuffer = encryptMessageJni(aClearMsg.getBytes("UTF-8")); + byte[] clearMsgBuffer = aClearMsg.getBytes("UTF-8"); + byte[] encryptedBuffer = encryptMessageJni(clearMsgBuffer); + Arrays.fill(clearMsgBuffer, (byte) 0); if (null != encryptedBuffer) { retValue = new String(encryptedBuffer , "UTF-8"); diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java index 03d055a..ea838f1 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java @@ -18,6 +18,8 @@ package org.matrix.olm; import android.util.Log; +import java.util.Arrays; + public class OlmPkDecryption { private static final String LOG_TAG = "OlmPkDecryption"; @@ -67,7 +69,10 @@ public class OlmPkDecryption { } try { - return new String(decryptJni(aMessage), "UTF-8"); + byte[] plaintextBuffer = decryptJni(aMessage); + String plaintext = new String(plaintextBuffer, "UTF-8"); + Arrays.fill(plaintextBuffer, (byte) 0); + return plaintext; } catch (Exception e) { Log.e(LOG_TAG, "## pkDecrypt(): failed " + e.getMessage()); throw new OlmException(OlmException.EXCEPTION_CODE_PK_DECRYPTION_DECRYPT, e.getMessage()); diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkEncryption.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkEncryption.java index 9bd429d..a2ccf2e 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkEncryption.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmPkEncryption.java @@ -18,6 +18,8 @@ package org.matrix.olm; import android.util.Log; +import java.util.Arrays; + public class OlmPkEncryption { private static final String LOG_TAG = "OlmPkEncryption"; @@ -72,7 +74,9 @@ public class OlmPkEncryption { OlmPkMessage encryptedMsgRetValue = new OlmPkMessage(); try { - byte[] ciphertextBuffer = encryptJni(aPlaintext.getBytes("UTF-8"), encryptedMsgRetValue); + byte[] plaintextBuffer = aPlaintext.getBytes("UTF-8"); + byte[] ciphertextBuffer = encryptJni(plaintextBuffer, encryptedMsgRetValue); + Arrays.fill(plaintextBuffer, (byte) 0); if (null != ciphertextBuffer) { encryptedMsgRetValue.mCipherText = new String(ciphertextBuffer, "UTF-8"); diff --git a/android/olm-sdk/src/main/java/org/matrix/olm/OlmSession.java b/android/olm-sdk/src/main/java/org/matrix/olm/OlmSession.java index da2e963..3c5ce49 100644 --- a/android/olm-sdk/src/main/java/org/matrix/olm/OlmSession.java +++ b/android/olm-sdk/src/main/java/org/matrix/olm/OlmSession.java @@ -25,6 +25,8 @@ import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.io.Serializable; +import java.util.Arrays; + /** * Session class used to create Olm sessions in conjunction with {@link OlmAccount} class.
* Olm session is used to encrypt data between devices, especially to create Olm group sessions (see {@link OlmOutboundGroupSession} and {@link OlmInboundGroupSession}).
@@ -295,7 +297,9 @@ public class OlmSession extends CommonSerializeUtils implements Serializable { OlmMessage encryptedMsgRetValue = new OlmMessage(); try { - byte[] encryptedMessageBuffer = encryptMessageJni(aClearMsg.getBytes("UTF-8"), encryptedMsgRetValue); + byte[] clearMsgBuffer = aClearMsg.getBytes("UTF-8"); + byte[] encryptedMessageBuffer = encryptMessageJni(clearMsgBuffer, encryptedMsgRetValue); + Arrays.fill(clearMsgBuffer, (byte) 0); if (null != encryptedMessageBuffer) { encryptedMsgRetValue.mCipherText = new String(encryptedMessageBuffer, "UTF-8"); @@ -330,7 +334,10 @@ public class OlmSession extends CommonSerializeUtils implements Serializable { } try { - return new String(decryptMessageJni(aEncryptedMsg), "UTF-8"); + byte[] plaintextBuffer = decryptMessageJni(aEncryptedMsg); + String plaintext = new String(plaintextBuffer, "UTF-8"); + Arrays.fill(plaintextBuffer, (byte) 0); + return plaintext; } catch (Exception e) { Log.e(LOG_TAG, "## decryptMessage(): failed " + e.getMessage()); throw new OlmException(OlmException.EXCEPTION_CODE_SESSION_DECRYPT_MESSAGE, e.getMessage()); -- cgit v1.2.3