1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
|
/*
* Copyright 2016 OpenMarket Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.matrix.olm;
import android.text.TextUtils;
import android.util.Log;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
/**
* Session class used to create Olm sessions in conjunction with {@link OlmAccount} class.<br>
* Olm session is used to encrypt data between devices, especially to create Olm group sessions (see {@link OlmOutboundGroupSession} and {@link OlmInboundGroupSession}).<br>
* To establish an Olm session with Bob, Alice calls {@link #initOutboundSessionWithAccount(OlmAccount, String, String)} with Bob's identity and onetime keys. Then Alice generates an encrypted PRE_KEY message ({@link #encryptMessage(String)})
* used by Bob to open the Olm session in his side with {@link #initOutboundSessionWithAccount(OlmAccount, String, String)}.
* From this step on, messages can be exchanged by using {@link #encryptMessage(String)} and {@link #decryptMessage(OlmMessage)}.
* <br><br>Detailed implementation guide is available at <a href="http://matrix.org/docs/guides/e2e_implementation.html">Implementing End-to-End Encryption in Matrix clients</a>.
*/
public class OlmSession extends CommonSerializeUtils implements Serializable {
private static final long serialVersionUID = -8975488639186976419L;
private static final String LOG_TAG = "OlmSession";
private transient int mUnreleasedCount;
/** Session Id returned by JNI.
* This value uniquely identifies the native session instance.
**/
private transient long mNativeId;
public OlmSession() throws OlmException {
if(!initNewSession()) {
throw new OlmException(OlmException.EXCEPTION_CODE_INIT_SESSION_CREATION, OlmException.EXCEPTION_MSG_INIT_SESSION_CREATION);
}
}
/**
* Kick off the serialization mechanism.
* @param aOutStream output stream for serializing
* @throws IOException exception
*/
private void writeObject(ObjectOutputStream aOutStream) throws IOException {
serializeObject(aOutStream);
}
/**
* Kick off the deserialization mechanism.
* @param aInStream input stream
* @throws IOException exception
* @throws ClassNotFoundException exception
*/
private void readObject(ObjectInputStream aInStream) throws IOException, ClassNotFoundException {
deserializeObject(aInStream);
}
@Override
protected boolean createNewObjectFromSerialization() {
return createNewSession();
}
@Override
protected void releaseObjectFromSerialization() {
releaseSession();
}
/**
* Return a session as a base64 string.<br>
* The account is serialized and encrypted with aKey.
* In case of failure, an error human readable
* description is provide in aErrorMsg.
* @param aKey encryption key
* @param aErrorMsg error message description
* @return pickled base64 string if operation succeed, null otherwise
*/
@Override
protected String serializeDataWithKey(String aKey, StringBuffer aErrorMsg) {
String pickleRetValue = null;
// sanity check
if(null == aErrorMsg) {
Log.e(LOG_TAG,"## serializeDataWithKey(): invalid parameter - aErrorMsg=null");
} else if(TextUtils.isEmpty(aKey)) {
aErrorMsg.append("Invalid input parameters in serializeDataWithKey()");
} else {
aErrorMsg.setLength(0);
pickleRetValue = serializeDataWithKeyJni(aKey, aErrorMsg);
}
return pickleRetValue;
}
private native String serializeDataWithKeyJni(String aKey, StringBuffer aErrorMsg);
/**
* Loads a session from a pickled base64 string.<br>
* See {@link #serializeDataWithKey(String, StringBuffer)}
* @param aSerializedData pickled account in a base64 string format
* @param aKey key used to encrypted
* @param aErrorMsg error message description
* @return true if operation succeed, false otherwise
*/
@Override
protected boolean initWithSerializedData(String aSerializedData, String aKey, StringBuffer aErrorMsg) {
boolean retCode = false;
String jniError;
if(null == aErrorMsg) {
Log.e(LOG_TAG, "## initWithSerializedData(): invalid input error parameter");
} else {
aErrorMsg.setLength(0);
if (TextUtils.isEmpty(aSerializedData) || TextUtils.isEmpty(aKey)) {
Log.e(LOG_TAG, "## initWithSerializedData(): invalid input parameters");
} else if (null == (jniError = initWithSerializedDataJni(aSerializedData, aKey))) {
retCode = true;
} else {
aErrorMsg.append(jniError);
}
}
return retCode;
}
private native String initWithSerializedDataJni(String aSerializedData, String aKey);
/**
* Getter on the session ID.
* @return native session ID
*/
public long getOlmSessionId(){
return mNativeId;
}
/**
* Destroy the corresponding OLM session native object.<br>
* This method must ALWAYS be called when this JAVA instance
* is destroyed (ie. garbage collected) to prevent memory leak in native side.
* See {@link #initNewSessionJni()}.
*/
private native void releaseSessionJni();
/**
* Release native session and invalid its JAVA reference counter part.<br>
* Public API for {@link #releaseSessionJni()}.
*/
public void releaseSession(){
releaseSessionJni();
mUnreleasedCount--;
mNativeId = 0;
}
/**
* Create and save the session native instance ID.
* Wrapper for {@link #initNewSessionJni()}.<br>
* To be called before any other API call.
* @return true if init succeed, false otherwise.
*/
private boolean initNewSession() {
boolean retCode = false;
if(0 != (mNativeId = initNewSessionJni())){
mUnreleasedCount++;
retCode = true;
}
return retCode;
}
/**
* Create the corresponding OLM session in native side.<br>
* Do not forget to call {@link #releaseSession()} when JAVA side is done.
* @return native session instance identifier (see {@link #mNativeId})
*/
private native long initNewSessionJni();
/**
* Create a native account instance without any initialization.<br>
* Since the account is left uninitialized, this
* method is intended to be used in the serialization mechanism (see {@link #readObject(ObjectInputStream)}).<br>
* Public wrapper for {@link #createNewSessionJni()}.
* @return true if init succeed, false otherwise.
*/
private boolean createNewSession() {
boolean retCode = false;
if(0 != (mNativeId = createNewSessionJni())){
mUnreleasedCount++;
retCode = true;
}
return retCode;
}
/**
* Create an OLM account in native side.<br>
* Do not forget to call {@link #releaseSession()} when JAVA side is done.
* @return native account instance identifier (see {@link #mNativeId})
*/
private native long createNewSessionJni();
/**
* Creates a new out-bound session for sending messages to a recipient
* identified by an identity key and a one time key.<br>
* Public API for {@link #initOutboundSessionWithAccount(OlmAccount, String, String)}.
* @param aAccount the account to associate with this session
* @param aTheirIdentityKey the identity key of the recipient
* @param aTheirOneTimeKey the one time key of the recipient
* @return 0 if operation succeed, -1 otherwise
*/
public int initOutboundSessionWithAccount(OlmAccount aAccount, String aTheirIdentityKey, String aTheirOneTimeKey) {
int retCode=-1;
if((null==aAccount) || TextUtils.isEmpty(aTheirIdentityKey) || TextUtils.isEmpty(aTheirOneTimeKey)){
Log.e(LOG_TAG, "## initOutboundSession(): invalid input parameters");
} else {
retCode = initOutboundSessionJni(aAccount.getOlmAccountId(), aTheirIdentityKey, aTheirOneTimeKey);
}
return retCode;
}
private native int initOutboundSessionJni(long aOlmAccountId, String aTheirIdentityKey, String aTheirOneTimeKey);
/**
* Create a new in-bound session for sending/receiving messages from an
* incoming PRE_KEY message ({@link OlmMessage#MESSAGE_TYPE_PRE_KEY}).<br>
* Public API for {@link #initInboundSessionJni(long, String)}.
* This API may be used to process a "m.room.encrypted" event when type = 1 (PRE_KEY).
* @param aAccount the account to associate with this session
* @param aPreKeyMsg PRE KEY message
* @return 0 if operation succeed, -1 otherwise
*/
public int initInboundSessionWithAccount(OlmAccount aAccount, String aPreKeyMsg) {
int retCode=-1;
if((null==aAccount) || TextUtils.isEmpty(aPreKeyMsg)){
Log.e(LOG_TAG, "## initInboundSessionWithAccount(): invalid input parameters");
} else {
retCode = initInboundSessionJni(aAccount.getOlmAccountId(), aPreKeyMsg);
}
return retCode;
}
private native int initInboundSessionJni(long aOlmAccountId, String aOneTimeKeyMsg);
/**
* Create a new in-bound session for sending/receiving messages from an
* incoming PRE_KEY({@link OlmMessage#MESSAGE_TYPE_PRE_KEY}) message based on the sender identity key.<br>
* Public API for {@link #initInboundSessionFromIdKeyJni(long, String, String)}.
* This API may be used to process a "m.room.encrypted" event when type = 1 (PRE_KEY).
* This method must only be called the first time a pre-key message is received from an inbound session.
* @param aAccount the account to associate with this session
* @param aTheirIdentityKey the sender identity key
* @param aPreKeyMsg PRE KEY message
* @return 0 if operation succeed, -1 otherwise
*/
public int initInboundSessionWithAccountFrom(OlmAccount aAccount, String aTheirIdentityKey, String aPreKeyMsg) {
int retCode=-1;
if((null==aAccount) || TextUtils.isEmpty(aPreKeyMsg)){
Log.e(LOG_TAG, "## initInboundSessionWithAccount(): invalid input parameters");
} else {
retCode = initInboundSessionFromIdKeyJni(aAccount.getOlmAccountId(), aTheirIdentityKey, aPreKeyMsg);
}
return retCode;
}
private native int initInboundSessionFromIdKeyJni(long aOlmAccountId, String aTheirIdentityKey, String aOneTimeKeyMsg);
/**
* Get the session identifier.<br> Will be the same for both ends of the
* conversation. The session identifier is returned as a String object.
* Session Id sample: "session_id":"M4fOVwD6AABrkTKl"
* Public API for {@link #getSessionIdentifierJni()}.
* @return the session ID as a String if operation succeed, null otherwise
*/
public String sessionIdentifier() {
return getSessionIdentifierJni();
}
private native String getSessionIdentifierJni();
/**
* Checks if the PRE_KEY({@link OlmMessage#MESSAGE_TYPE_PRE_KEY}) message is for this in-bound session.<br>
* This API may be used to process a "m.room.encrypted" event when type = 1 (PRE_KEY).
* Public API for {@link #matchesInboundSessionJni(String)}.
* @param aOneTimeKeyMsg PRE KEY message
* @return this if operation succeed, null otherwise
*/
public boolean matchesInboundSession(String aOneTimeKeyMsg) {
boolean retCode = false;
if(0 == matchesInboundSessionJni(aOneTimeKeyMsg)){
retCode = true;
}
return retCode;
}
private native int matchesInboundSessionJni(String aOneTimeKeyMsg);
/**
* Checks if the PRE_KEY({@link OlmMessage#MESSAGE_TYPE_PRE_KEY}) message is for this in-bound session based on the sender identity key.<br>
* This API may be used to process a "m.room.encrypted" event when type = 1 (PRE_KEY).
* Public API for {@link #matchesInboundSessionJni(String)}.
* @param aTheirIdentityKey the sender identity key
* @param aOneTimeKeyMsg PRE KEY message
* @return this if operation succeed, null otherwise
*/
public boolean matchesInboundSessionFrom(String aTheirIdentityKey, String aOneTimeKeyMsg) {
boolean retCode = false;
if(0 == matchesInboundSessionFromIdKeyJni(aTheirIdentityKey, aOneTimeKeyMsg)){
retCode = true;
}
return retCode;
}
private native int matchesInboundSessionFromIdKeyJni(String aTheirIdentityKey, String aOneTimeKeyMsg);
/**
* Encrypt a message using the session.<br>
* The encrypted message is returned in a OlmMessage object.
* Public API for {@link #encryptMessageJni(String, OlmMessage)}.
* @param aClearMsg message to encrypted
* @return the encrypted message if operation succeed, null otherwise
*/
public OlmMessage encryptMessage(String aClearMsg) {
OlmMessage encryptedMsgRetValue = new OlmMessage();
if(0 != encryptMessageJni(aClearMsg, encryptedMsgRetValue)){
encryptedMsgRetValue = null;
}
return encryptedMsgRetValue;
}
private native int encryptMessageJni(String aClearMsg, OlmMessage aEncryptedMsg);
/**
* Decrypt a message using the session.<br>
* The encrypted message is given as a OlmMessage object.
* @param aEncryptedMsg message to decrypt
* @return the decrypted message if operation succeed, null otherwise
*/
public String decryptMessage(OlmMessage aEncryptedMsg) {
return decryptMessageJni(aEncryptedMsg);
}
private native String decryptMessageJni(OlmMessage aEncryptedMsg);
/**
* Return the number of unreleased OlmSession instances.<br>
* @return number of unreleased instances
*/
public int getUnreleasedCount() {
return mUnreleasedCount;
}
}
|
