Clear the random buffers once they've been used. Add methods for clearing the account and session object once they've been used

This commit is contained in:
Mark Haines 2015-07-10 18:29:14 +01:00
parent 5ad929104e
commit 2e49a6f41e
2 changed files with 53 additions and 11 deletions

View file

@ -61,6 +61,16 @@ const char * olm_session_last_error(
OlmSession * session OlmSession * session
); );
/** Clears the memory used to back this account */
size_t olm_clear_account(
OlmSession * account
);
/** Clears the memory used to back this session */
size_t olm_clear_session(
OlmSession * session
);
/** Returns the number of bytes needed to store an account */ /** Returns the number of bytes needed to store an account */
size_t olm_pickle_account_length( size_t olm_pickle_account_length(
OlmAccount * account OlmAccount * account
@ -127,7 +137,7 @@ size_t olm_create_account_random_length(
* "NOT_ENOUGH_RANDOM" */ * "NOT_ENOUGH_RANDOM" */
size_t olm_create_account( size_t olm_create_account(
OlmAccount * account, OlmAccount * account,
void const * random, size_t random_length void * random, size_t random_length
); );
/** The size of the output buffer needed to hold the identity keys */ /** The size of the output buffer needed to hold the identity keys */
@ -197,7 +207,7 @@ size_t olm_account_generate_one_time_keys_random_length(
size_t olm_account_generate_one_time_keys( size_t olm_account_generate_one_time_keys(
OlmAccount * account, OlmAccount * account,
size_t number_of_keys, size_t number_of_keys,
void const * random, size_t random_length void * random, size_t random_length
); );
/** The number of random bytes needed to create an outbound session */ /** The number of random bytes needed to create an outbound session */
@ -215,7 +225,7 @@ size_t olm_create_outbound_session(
OlmAccount * account, OlmAccount * account,
void const * their_identity_key, size_t their_identity_key_length, void const * their_identity_key, size_t their_identity_key_length,
void const * their_one_time_key, size_t their_one_time_key_length, void const * their_one_time_key, size_t their_one_time_key_length,
void const * random, size_t random_length void * random, size_t random_length
); );
/** Create a new in-bound session for sending/receiving messages from an /** Create a new in-bound session for sending/receiving messages from an
@ -282,7 +292,7 @@ size_t olm_encrypt_message_length(
size_t olm_encrypt( size_t olm_encrypt(
OlmSession * session, OlmSession * session,
void const * plaintext, size_t plaintext_length, void const * plaintext, size_t plaintext_length,
void const * random, size_t random_length, void * random, size_t random_length,
void * message, size_t message_length void * message, size_t message_length
); );

View file

@ -17,6 +17,7 @@
#include "olm/account.hh" #include "olm/account.hh"
#include "olm/base64.hh" #include "olm/base64.hh"
#include "olm/cipher.hh" #include "olm/cipher.hh"
#include "olm/memory.hh"
#include <new> #include <new>
#include <cstring> #include <cstring>
@ -213,6 +214,7 @@ size_t olm_session_size() {
OlmAccount * olm_account( OlmAccount * olm_account(
void * memory void * memory
) { ) {
olm::unset(memory, sizeof(olm::Account));
return to_c(new(memory) olm::Account()); return to_c(new(memory) olm::Account());
} }
@ -220,10 +222,33 @@ OlmAccount * olm_account(
OlmSession * olm_session( OlmSession * olm_session(
void * memory void * memory
) { ) {
olm::unset(memory, sizeof(olm::Session));
return to_c(new(memory) olm::Session()); return to_c(new(memory) olm::Session());
} }
size_t olm_clear_account(
OlmSession * account
) {
/* Clear the memory backing the account */
olm::unset(account, sizeof(olm::Account));
/* Initialise a fresh account object in case someone tries to use it */
new(account) olm::Account();
return sizeof(olm::Account);
}
size_t olm_clear_session(
OlmSession * session
) {
/* Clear the memory backing the session */
olm::unset(session, sizeof(olm::Session));
/* Initialise a fresh session object in case someone tries to use it */
new(session) olm::Session();
return sizeof(olm::Session);
}
size_t olm_pickle_account_length( size_t olm_pickle_account_length(
OlmAccount * account OlmAccount * account
) { ) {
@ -336,9 +361,11 @@ size_t olm_create_account_random_length(
size_t olm_create_account( size_t olm_create_account(
OlmAccount * account, OlmAccount * account,
void const * random, size_t random_length void * random, size_t random_length
) { ) {
return from_c(account)->new_account(from_c(random), random_length); size_t result = from_c(account)->new_account(from_c(random), random_length);
olm::unset(random, random_length);
return result;
} }
@ -427,12 +454,14 @@ size_t olm_account_generate_one_time_keys_random_length(
size_t olm_account_generate_one_time_keys( size_t olm_account_generate_one_time_keys(
OlmAccount * account, OlmAccount * account,
size_t number_of_keys, size_t number_of_keys,
void const * random, size_t random_length void * random, size_t random_length
) { ) {
return from_c(account)->generate_one_time_keys( size_t result = from_c(account)->generate_one_time_keys(
number_of_keys, number_of_keys,
from_c(random), random_length from_c(random), random_length
); );
olm::unset(random, random_length);
return result;
} }
@ -448,7 +477,7 @@ size_t olm_create_outbound_session(
OlmAccount * account, OlmAccount * account,
void const * their_identity_key, size_t their_identity_key_length, void const * their_identity_key, size_t their_identity_key_length,
void const * their_one_time_key, size_t their_one_time_key_length, void const * their_one_time_key, size_t their_one_time_key_length,
void const * random, size_t random_length void * random, size_t random_length
) { ) {
if (olm::decode_base64_length(their_identity_key_length) != 32 if (olm::decode_base64_length(their_identity_key_length) != 32
|| olm::decode_base64_length(their_one_time_key_length) != 32 || olm::decode_base64_length(their_one_time_key_length) != 32
@ -468,10 +497,12 @@ size_t olm_create_outbound_session(
one_time_key.public_key one_time_key.public_key
); );
return from_c(session)->new_outbound_session( size_t result = from_c(session)->new_outbound_session(
*from_c(account), identity_key, one_time_key, *from_c(account), identity_key, one_time_key,
from_c(random), random_length from_c(random), random_length
); );
olm::unset(random, random_length);
return result;
} }
@ -550,7 +581,7 @@ size_t olm_encrypt_message_length(
size_t olm_encrypt( size_t olm_encrypt(
OlmSession * session, OlmSession * session,
void const * plaintext, size_t plaintext_length, void const * plaintext, size_t plaintext_length,
void const * random, size_t random_length, void * random, size_t random_length,
void * message, size_t message_length void * message, size_t message_length
) { ) {
std::size_t raw_length = from_c(session)->encrypt_message_length( std::size_t raw_length = from_c(session)->encrypt_message_length(
@ -566,6 +597,7 @@ size_t olm_encrypt(
from_c(random), random_length, from_c(random), random_length,
b64_output_pos(from_c(message), raw_length), raw_length b64_output_pos(from_c(message), raw_length), raw_length
); );
olm::unset(random, random_length);
return b64_output(from_c(message), raw_length); return b64_output(from_c(message), raw_length);
} }