1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
|
/*
* Copyright 2016 OpenMarket Ltd
* Copyright 2016 Vector Creations Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.matrix.olm;
import android.text.TextUtils;
import android.util.Log;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.util.Arrays;
/**
* Session class used to create Olm sessions in conjunction with {@link OlmAccount} class.<br>
* Olm session is used to encrypt data between devices, especially to create Olm group sessions (see {@link OlmOutboundGroupSession} and {@link OlmInboundGroupSession}).<br>
* To establish an Olm session with Bob, Alice calls {@link #initOutboundSession(OlmAccount, String, String)} with Bob's identity and onetime keys. Then Alice generates an encrypted PRE_KEY message ({@link #encryptMessage(String)})
* used by Bob to open the Olm session in his side with {@link #initOutboundSession(OlmAccount, String, String)}.
* From this step on, messages can be exchanged by using {@link #encryptMessage(String)} and {@link #decryptMessage(OlmMessage)}.
* <br><br>Detailed implementation guide is available at <a href="http://matrix.org/docs/guides/e2e_implementation.html">Implementing End-to-End Encryption in Matrix clients</a>.
*/
public class OlmSession extends CommonSerializeUtils implements Serializable {
private static final long serialVersionUID = -8975488639186976419L;
private static final String LOG_TAG = "OlmSession";
/** Session Id returned by JNI.
* This value uniquely identifies the native session instance.
**/
private transient long mNativeId;
public OlmSession() throws OlmException {
try {
mNativeId = createNewSessionJni();
} catch (Exception e) {
throw new OlmException(OlmException.EXCEPTION_CODE_INIT_SESSION_CREATION, e.getMessage());
}
}
/**
* Create an OLM session in native side.<br>
* Do not forget to call {@link #releaseSession()} when JAVA side is done.
* @return native account instance identifier or throw an exception.
*/
private native long createNewSessionJni();
/**
* Getter on the session ID.
* @return native session ID
*/
long getOlmSessionId(){
return mNativeId;
}
/**
* Destroy the corresponding OLM session native object.<br>
* This method must ALWAYS be called when this JAVA instance
* is destroyed (ie. garbage collected) to prevent memory leak in native side.
* See {@link #createNewSessionJni()}.
*/
private native void releaseSessionJni();
/**
* Release native session and invalid its JAVA reference counter part.<br>
* Public API for {@link #releaseSessionJni()}.
*/
public void releaseSession() {
if (0 != mNativeId) {
releaseSessionJni();
}
mNativeId = 0;
}
/**
* Return true the object resources have been released.<br>
* @return true the object resources have been released
*/
public boolean isReleased() {
return (0 == mNativeId);
}
/**
* Creates a new out-bound session for sending messages to a recipient
* identified by an identity key and a one time key.<br>
* @param aAccount the account to associate with this session
* @param aTheirIdentityKey the identity key of the recipient
* @param aTheirOneTimeKey the one time key of the recipient
* @exception OlmException the failure reason
*/
public void initOutboundSession(OlmAccount aAccount, String aTheirIdentityKey, String aTheirOneTimeKey) throws OlmException {
if ((null == aAccount) || TextUtils.isEmpty(aTheirIdentityKey) || TextUtils.isEmpty(aTheirOneTimeKey)) {
Log.e(LOG_TAG, "## initOutboundSession(): invalid input parameters");
throw new OlmException(OlmException.EXCEPTION_CODE_SESSION_INIT_OUTBOUND_SESSION, "invalid input parameters");
} else {
try {
initOutboundSessionJni(aAccount.getOlmAccountId(), aTheirIdentityKey.getBytes("UTF-8"), aTheirOneTimeKey.getBytes("UTF-8"));
} catch (Exception e) {
Log.e(LOG_TAG, "## initOutboundSession(): " + e.getMessage());
throw new OlmException(OlmException.EXCEPTION_CODE_SESSION_INIT_OUTBOUND_SESSION, e.getMessage());
}
}
}
/**
* Create a new in-bound session for sending/receiving messages from an
* incoming PRE_KEY message.<br> The recipient is defined as the entity
* with whom the session is established.
* An exception is thrown if the operation fails.
* @param aOlmAccountId account instance
* @param aTheirIdentityKey the identity key of the recipient
* @param aTheirOneTimeKey the one time key of the recipient
**/
private native void initOutboundSessionJni(long aOlmAccountId, byte[] aTheirIdentityKey, byte[] aTheirOneTimeKey);
/**
* Create a new in-bound session for sending/receiving messages from an
* incoming PRE_KEY message ({@link OlmMessage#MESSAGE_TYPE_PRE_KEY}).<br>
* This API may be used to process a "m.room.encrypted" event when type = 1 (PRE_KEY).
* @param aAccount the account to associate with this session
* @param aPreKeyMsg PRE KEY message
* @exception OlmException the failure reason
*/
public void initInboundSession(OlmAccount aAccount, String aPreKeyMsg) throws OlmException {
if ((null == aAccount) || TextUtils.isEmpty(aPreKeyMsg)){
Log.e(LOG_TAG, "## initInboundSession(): invalid input parameters");
throw new OlmException(OlmException.EXCEPTION_CODE_SESSION_INIT_INBOUND_SESSION, "invalid input parameters");
} else {
try {
initInboundSessionJni(aAccount.getOlmAccountId(), aPreKeyMsg.getBytes("UTF-8"));
} catch (Exception e) {
Log.e(LOG_TAG, "## initInboundSession(): " + e.getMessage());
throw new OlmException(OlmException.EXCEPTION_CODE_SESSION_INIT_INBOUND_SESSION, e.getMessage());
}
}
}
/**
* Create a new in-bound session for sending/receiving messages from an
* incoming PRE_KEY message.<br>
* An exception is thrown if the operation fails.
* @param aOlmAccountId account instance
* @param aOneTimeKeyMsg PRE_KEY message
*/
private native void initInboundSessionJni(long aOlmAccountId, byte[] aOneTimeKeyMsg);
/**
* Create a new in-bound session for sending/receiving messages from an
* incoming PRE_KEY({@link OlmMessage#MESSAGE_TYPE_PRE_KEY}) message based on the sender identity key.<br>
* Public API for {@link #initInboundSessionFromIdKeyJni(long, byte[], byte[])}.
* This API may be used to process a "m.room.encrypted" event when type = 1 (PRE_KEY).
* This method must only be called the first time a pre-key message is received from an inbound session.
* @param aAccount the account to associate with this session
* @param aTheirIdentityKey the sender identity key
* @param aPreKeyMsg PRE KEY message
* @exception OlmException the failure reason
*/
public void initInboundSessionFrom(OlmAccount aAccount, String aTheirIdentityKey, String aPreKeyMsg) throws OlmException {
if ( (null==aAccount) || TextUtils.isEmpty(aPreKeyMsg)){
Log.e(LOG_TAG, "## initInboundSessionFrom(): invalid input parameters");
throw new OlmException(OlmException.EXCEPTION_CODE_SESSION_INIT_INBOUND_SESSION_FROM, "invalid input parameters");
} else {
try {
initInboundSessionFromIdKeyJni(aAccount.getOlmAccountId(), aTheirIdentityKey.getBytes("UTF-8"), aPreKeyMsg.getBytes("UTF-8"));
} catch (Exception e) {
Log.e(LOG_TAG, "## initInboundSessionFrom(): " + e.getMessage());
throw new OlmException(OlmException.EXCEPTION_CODE_SESSION_INIT_INBOUND_SESSION_FROM, e.getMessage());
}
}
}
/**
* Create a new in-bound session for sending/receiving messages from an
* incoming PRE_KEY message based on the recipient identity key.<br>
* An exception is thrown if the operation fails.
* @param aOlmAccountId account instance
* @param aTheirIdentityKey the identity key of the recipient
* @param aOneTimeKeyMsg encrypted message
*/
private native void initInboundSessionFromIdKeyJni(long aOlmAccountId, byte[] aTheirIdentityKey, byte[] aOneTimeKeyMsg);
/**
* Get the session identifier.<br> Will be the same for both ends of the
* conversation. The session identifier is returned as a String object.
* Session Id sample: "session_id":"M4fOVwD6AABrkTKl"
* Public API for {@link #getSessionIdentifierJni()}.
* @return the session ID
* @exception OlmException the failure reason
*/
public String sessionIdentifier() throws OlmException {
try {
byte[] buffer = getSessionIdentifierJni();
if (null != buffer) {
return new String(buffer, "UTF-8");
}
} catch (Exception e) {
Log.e(LOG_TAG, "## sessionIdentifier(): " + e.getMessage());
throw new OlmException(OlmException.EXCEPTION_CODE_SESSION_SESSION_IDENTIFIER, e.getMessage());
}
return null;
}
/**
* Get the session identifier for this session.
* An exception is thrown if the operation fails.
* @return the session identifier
*/
private native byte[] getSessionIdentifierJni();
/**
* Checks if the PRE_KEY({@link OlmMessage#MESSAGE_TYPE_PRE_KEY}) message is for this in-bound session.<br>
* This API may be used to process a "m.room.encrypted" event when type = 1 (PRE_KEY).
* Public API for {@link #matchesInboundSessionJni(byte[])}.
* @param aOneTimeKeyMsg PRE KEY message
* @return true if the one time key matches.
*/
public boolean matchesInboundSession(String aOneTimeKeyMsg) {
boolean retCode = false;
try {
retCode = matchesInboundSessionJni(aOneTimeKeyMsg.getBytes("UTF-8"));
} catch (Exception e) {
Log.e(LOG_TAG, "## matchesInboundSession(): failed " + e.getMessage());
}
return retCode;
}
/**
* Checks if the PRE_KEY message is for this in-bound session.<br>
* This API may be used to process a "m.room.encrypted" event when type = 1 (PRE_KEY).
* An exception is thrown if the operation fails.
* @param aOneTimeKeyMsg PRE KEY message
* @return true if the PRE_KEY message matches
*/
private native boolean matchesInboundSessionJni(byte[] aOneTimeKeyMsg);
/**
* Checks if the PRE_KEY({@link OlmMessage#MESSAGE_TYPE_PRE_KEY}) message is for this in-bound session based on the sender identity key.<br>
* This API may be used to process a "m.room.encrypted" event when type = 1 (PRE_KEY).
* Public API for {@link #matchesInboundSessionJni(byte[])}.
* @param aTheirIdentityKey the sender identity key
* @param aOneTimeKeyMsg PRE KEY message
* @return this if operation succeed, null otherwise
*/
public boolean matchesInboundSessionFrom(String aTheirIdentityKey, String aOneTimeKeyMsg) {
boolean retCode = false;
try {
retCode = matchesInboundSessionFromIdKeyJni(aTheirIdentityKey.getBytes("UTF-8"), aOneTimeKeyMsg.getBytes("UTF-8"));
} catch (Exception e) {
Log.e(LOG_TAG, "## matchesInboundSessionFrom(): failed " + e.getMessage());
}
return retCode;
}
/**
* Checks if the PRE_KEY message is for this in-bound session based on the sender identity key.<br>
* This API may be used to process a "m.room.encrypted" event when type = 1 (PRE_KEY).
* An exception is thrown if the operation fails.
* @param aTheirIdentityKey the identity key of the sender
* @param aOneTimeKeyMsg PRE KEY message
* @return true if the PRE_KEY message matches.
*/
private native boolean matchesInboundSessionFromIdKeyJni(byte[] aTheirIdentityKey, byte[] aOneTimeKeyMsg);
/**
* Encrypt a message using the session.<br>
* The encrypted message is returned in a OlmMessage object.
* Public API for {@link #encryptMessageJni(byte[], OlmMessage)}.
* @param aClearMsg message to encrypted
* @return the encrypted message
* @exception OlmException the failure reason
*/
public OlmMessage encryptMessage(String aClearMsg) throws OlmException {
if (null == aClearMsg) {
return null;
}
OlmMessage encryptedMsgRetValue = new OlmMessage();
try {
byte[] clearMsgBuffer = aClearMsg.getBytes("UTF-8");
byte[] encryptedMessageBuffer = encryptMessageJni(clearMsgBuffer, encryptedMsgRetValue);
Arrays.fill(clearMsgBuffer, (byte) 0);
if (null != encryptedMessageBuffer) {
encryptedMsgRetValue.mCipherText = new String(encryptedMessageBuffer, "UTF-8");
}
} catch (Exception e) {
Log.e(LOG_TAG, "## encryptMessage(): failed " + e.getMessage());
throw new OlmException(OlmException.EXCEPTION_CODE_SESSION_ENCRYPT_MESSAGE, e.getMessage());
}
return encryptedMsgRetValue;
}
/**
* Encrypt a message using the session.<br>
* An exception is thrown if the operation fails.
* @param aClearMsg clear text message
* @param aEncryptedMsg ciphered message
* @return the encrypted message
*/
private native byte[] encryptMessageJni(byte[] aClearMsg, OlmMessage aEncryptedMsg);
/**
* Decrypt a message using the session.<br>
* The encrypted message is given as a OlmMessage object.
* @param aEncryptedMsg message to decrypt
* @return the decrypted message
* @exception OlmException the failure reason
*/
public String decryptMessage(OlmMessage aEncryptedMsg) throws OlmException {
if (null == aEncryptedMsg) {
return null;
}
try {
byte[] plaintextBuffer = decryptMessageJni(aEncryptedMsg);
String plaintext = new String(plaintextBuffer, "UTF-8");
Arrays.fill(plaintextBuffer, (byte) 0);
return plaintext;
} catch (Exception e) {
Log.e(LOG_TAG, "## decryptMessage(): failed " + e.getMessage());
throw new OlmException(OlmException.EXCEPTION_CODE_SESSION_DECRYPT_MESSAGE, e.getMessage());
}
}
/**
* Decrypt a message using the session.<br>
* An exception is thrown if the operation fails.
* @param aEncryptedMsg message to decrypt
* @return the decrypted message
*/
private native byte[] decryptMessageJni(OlmMessage aEncryptedMsg);
//==============================================================================================================
// Serialization management
//==============================================================================================================
/**
* Kick off the serialization mechanism.
* @param aOutStream output stream for serializing
* @throws IOException exception
*/
private void writeObject(ObjectOutputStream aOutStream) throws IOException {
serialize(aOutStream);
}
/**
* Kick off the deserialization mechanism.
* @param aInStream input stream
* @throws IOException exception
* @throws ClassNotFoundException exception
*/
private void readObject(ObjectInputStream aInStream) throws Exception {
deserialize(aInStream);
}
/**
* Return a session as a bytes buffer.<br>
* The account is serialized and encrypted with aKey.
* In case of failure, an error human readable
* description is provide in aErrorMsg.
* @param aKey encryption key
* @param aErrorMsg error message description
* @return session as a bytes buffer
*/
@Override
protected byte[] serialize(byte[] aKey, StringBuffer aErrorMsg) {
byte[] pickleRetValue = null;
// sanity check
if(null == aErrorMsg) {
Log.e(LOG_TAG,"## serializeDataWithKey(): invalid parameter - aErrorMsg=null");
} else if (null == aKey) {
aErrorMsg.append("Invalid input parameters in serializeDataWithKey()");
} else {
aErrorMsg.setLength(0);
try {
pickleRetValue = serializeJni(aKey);
} catch (Exception e) {
Log.e(LOG_TAG,"## serializeDataWithKey(): failed " + e.getMessage());
aErrorMsg.append(e.getMessage());
}
}
return pickleRetValue;
}
/**
* Serialize and encrypt session instance.<br>
* An exception is thrown if the operation fails.
* @param aKeyBuffer key used to encrypt the serialized account data
* @return the serialised account as bytes buffer.
**/
private native byte[] serializeJni(byte[] aKeyBuffer);
/**
* Loads an account from a pickled base64 string.<br>
* See {@link #serialize(byte[], StringBuffer)}
* @param aSerializedData pickled account in a base64 string format
* @param aKey key used to encrypted
*/
@Override
protected void deserialize(byte[] aSerializedData, byte[] aKey) throws Exception {
String errorMsg = null;
try {
if ((null == aSerializedData) || (null == aKey)) {
Log.e(LOG_TAG, "## deserialize(): invalid input parameters");
errorMsg = "invalid input parameters";
} else {
mNativeId = deserializeJni(aSerializedData, aKey);
}
} catch (Exception e) {
Log.e(LOG_TAG, "## deserialize() failed " + e.getMessage());
errorMsg = e.getMessage();
}
if (!TextUtils.isEmpty(errorMsg)) {
releaseSession();
throw new OlmException(OlmException.EXCEPTION_CODE_ACCOUNT_DESERIALIZATION, errorMsg);
}
}
/**
* Allocate a new session and initialize it with the serialisation data.<br>
* An exception is thrown if the operation fails.
* @param aSerializedData the session serialisation buffer
* @param aKey the key used to encrypt the serialized account data
* @return the deserialized session
**/
private native long deserializeJni(byte[] aSerializedData, byte[] aKey);
}
|
