clear out plaintext buffers in Android SDK where possible
This commit is contained in:
parent
b1130fb77f
commit
af86a9a8b8
8 changed files with 52 additions and 10 deletions
|
@ -25,6 +25,8 @@ import java.io.ObjectInputStream;
|
||||||
import java.io.ObjectOutputStream;
|
import java.io.ObjectOutputStream;
|
||||||
import java.io.Serializable;
|
import java.io.Serializable;
|
||||||
|
|
||||||
|
import java.util.Arrays;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Class used to create an inbound <a href="http://matrix.org/docs/guides/e2e_implementation.html#handling-an-m-room-key-event">Megolm session</a>.<br>
|
* Class used to create an inbound <a href="http://matrix.org/docs/guides/e2e_implementation.html#handling-an-m-room-key-event">Megolm session</a>.<br>
|
||||||
* Counter part of the outbound group session {@link OlmOutboundGroupSession}, this class decrypts the messages sent by the outbound side.
|
* Counter part of the outbound group session {@link OlmOutboundGroupSession}, this class decrypts the messages sent by the outbound side.
|
||||||
|
@ -236,7 +238,7 @@ public class OlmInboundGroupSession extends CommonSerializeUtils implements Seri
|
||||||
* In case of error, null is returned and an error message description is provided in aErrorMsg.
|
* In case of error, null is returned and an error message description is provided in aErrorMsg.
|
||||||
* @param aEncryptedMsg the message to be decrypted
|
* @param aEncryptedMsg the message to be decrypted
|
||||||
* @return the decrypted message information
|
* @return the decrypted message information
|
||||||
* @exception OlmException teh failure reason
|
* @exception OlmException the failure reason
|
||||||
*/
|
*/
|
||||||
public DecryptMessageResult decryptMessage(String aEncryptedMsg) throws OlmException {
|
public DecryptMessageResult decryptMessage(String aEncryptedMsg) throws OlmException {
|
||||||
DecryptMessageResult result = new DecryptMessageResult();
|
DecryptMessageResult result = new DecryptMessageResult();
|
||||||
|
@ -246,6 +248,7 @@ public class OlmInboundGroupSession extends CommonSerializeUtils implements Seri
|
||||||
|
|
||||||
if (null != decryptedMessageBuffer) {
|
if (null != decryptedMessageBuffer) {
|
||||||
result.mDecryptedMessage = new String(decryptedMessageBuffer, "UTF-8");
|
result.mDecryptedMessage = new String(decryptedMessageBuffer, "UTF-8");
|
||||||
|
Arrays.fill(decryptedMessageBuffer, (byte) 0);
|
||||||
}
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
Log.e(LOG_TAG, "## decryptMessage() failed " + e.getMessage());
|
Log.e(LOG_TAG, "## decryptMessage() failed " + e.getMessage());
|
||||||
|
|
|
@ -26,6 +26,8 @@ import java.io.ObjectInputStream;
|
||||||
import java.io.ObjectOutputStream;
|
import java.io.ObjectOutputStream;
|
||||||
import java.io.Serializable;
|
import java.io.Serializable;
|
||||||
|
|
||||||
|
import java.util.Arrays;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Class used to create an outbound a <a href="http://matrix.org/docs/guides/e2e_implementation.html#starting-a-megolm-session">Megolm session</a>.<br>
|
* Class used to create an outbound a <a href="http://matrix.org/docs/guides/e2e_implementation.html#starting-a-megolm-session">Megolm session</a>.<br>
|
||||||
* To send a first message in an encrypted room, the client should start a new outbound Megolm session.
|
* To send a first message in an encrypted room, the client should start a new outbound Megolm session.
|
||||||
|
@ -166,7 +168,9 @@ public class OlmOutboundGroupSession extends CommonSerializeUtils implements Ser
|
||||||
|
|
||||||
if (!TextUtils.isEmpty(aClearMsg)) {
|
if (!TextUtils.isEmpty(aClearMsg)) {
|
||||||
try {
|
try {
|
||||||
byte[] encryptedBuffer = encryptMessageJni(aClearMsg.getBytes("UTF-8"));
|
byte[] clearMsgBuffer = aClearMsg.getBytes("UTF-8");
|
||||||
|
byte[] encryptedBuffer = encryptMessageJni(clearMsgBuffer);
|
||||||
|
Arrays.fill(clearMsgBuffer, (byte) 0);
|
||||||
|
|
||||||
if (null != encryptedBuffer) {
|
if (null != encryptedBuffer) {
|
||||||
retValue = new String(encryptedBuffer , "UTF-8");
|
retValue = new String(encryptedBuffer , "UTF-8");
|
||||||
|
|
|
@ -18,6 +18,8 @@ package org.matrix.olm;
|
||||||
|
|
||||||
import android.util.Log;
|
import android.util.Log;
|
||||||
|
|
||||||
|
import java.util.Arrays;
|
||||||
|
|
||||||
public class OlmPkDecryption {
|
public class OlmPkDecryption {
|
||||||
private static final String LOG_TAG = "OlmPkDecryption";
|
private static final String LOG_TAG = "OlmPkDecryption";
|
||||||
|
|
||||||
|
@ -67,7 +69,10 @@ public class OlmPkDecryption {
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
return new String(decryptJni(aMessage), "UTF-8");
|
byte[] plaintextBuffer = decryptJni(aMessage);
|
||||||
|
String plaintext = new String(plaintextBuffer, "UTF-8");
|
||||||
|
Arrays.fill(plaintextBuffer, (byte) 0);
|
||||||
|
return plaintext;
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
Log.e(LOG_TAG, "## pkDecrypt(): failed " + e.getMessage());
|
Log.e(LOG_TAG, "## pkDecrypt(): failed " + e.getMessage());
|
||||||
throw new OlmException(OlmException.EXCEPTION_CODE_PK_DECRYPTION_DECRYPT, e.getMessage());
|
throw new OlmException(OlmException.EXCEPTION_CODE_PK_DECRYPTION_DECRYPT, e.getMessage());
|
||||||
|
|
|
@ -18,6 +18,8 @@ package org.matrix.olm;
|
||||||
|
|
||||||
import android.util.Log;
|
import android.util.Log;
|
||||||
|
|
||||||
|
import java.util.Arrays;
|
||||||
|
|
||||||
public class OlmPkEncryption {
|
public class OlmPkEncryption {
|
||||||
private static final String LOG_TAG = "OlmPkEncryption";
|
private static final String LOG_TAG = "OlmPkEncryption";
|
||||||
|
|
||||||
|
@ -72,7 +74,9 @@ public class OlmPkEncryption {
|
||||||
OlmPkMessage encryptedMsgRetValue = new OlmPkMessage();
|
OlmPkMessage encryptedMsgRetValue = new OlmPkMessage();
|
||||||
|
|
||||||
try {
|
try {
|
||||||
byte[] ciphertextBuffer = encryptJni(aPlaintext.getBytes("UTF-8"), encryptedMsgRetValue);
|
byte[] plaintextBuffer = aPlaintext.getBytes("UTF-8");
|
||||||
|
byte[] ciphertextBuffer = encryptJni(plaintextBuffer, encryptedMsgRetValue);
|
||||||
|
Arrays.fill(plaintextBuffer, (byte) 0);
|
||||||
|
|
||||||
if (null != ciphertextBuffer) {
|
if (null != ciphertextBuffer) {
|
||||||
encryptedMsgRetValue.mCipherText = new String(ciphertextBuffer, "UTF-8");
|
encryptedMsgRetValue.mCipherText = new String(ciphertextBuffer, "UTF-8");
|
||||||
|
|
|
@ -25,6 +25,8 @@ import java.io.ObjectInputStream;
|
||||||
import java.io.ObjectOutputStream;
|
import java.io.ObjectOutputStream;
|
||||||
import java.io.Serializable;
|
import java.io.Serializable;
|
||||||
|
|
||||||
|
import java.util.Arrays;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Session class used to create Olm sessions in conjunction with {@link OlmAccount} class.<br>
|
* Session class used to create Olm sessions in conjunction with {@link OlmAccount} class.<br>
|
||||||
* Olm session is used to encrypt data between devices, especially to create Olm group sessions (see {@link OlmOutboundGroupSession} and {@link OlmInboundGroupSession}).<br>
|
* Olm session is used to encrypt data between devices, especially to create Olm group sessions (see {@link OlmOutboundGroupSession} and {@link OlmInboundGroupSession}).<br>
|
||||||
|
@ -295,7 +297,9 @@ public class OlmSession extends CommonSerializeUtils implements Serializable {
|
||||||
OlmMessage encryptedMsgRetValue = new OlmMessage();
|
OlmMessage encryptedMsgRetValue = new OlmMessage();
|
||||||
|
|
||||||
try {
|
try {
|
||||||
byte[] encryptedMessageBuffer = encryptMessageJni(aClearMsg.getBytes("UTF-8"), encryptedMsgRetValue);
|
byte[] clearMsgBuffer = aClearMsg.getBytes("UTF-8");
|
||||||
|
byte[] encryptedMessageBuffer = encryptMessageJni(clearMsgBuffer, encryptedMsgRetValue);
|
||||||
|
Arrays.fill(clearMsgBuffer, (byte) 0);
|
||||||
|
|
||||||
if (null != encryptedMessageBuffer) {
|
if (null != encryptedMessageBuffer) {
|
||||||
encryptedMsgRetValue.mCipherText = new String(encryptedMessageBuffer, "UTF-8");
|
encryptedMsgRetValue.mCipherText = new String(encryptedMessageBuffer, "UTF-8");
|
||||||
|
@ -330,7 +334,10 @@ public class OlmSession extends CommonSerializeUtils implements Serializable {
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
return new String(decryptMessageJni(aEncryptedMsg), "UTF-8");
|
byte[] plaintextBuffer = decryptMessageJni(aEncryptedMsg);
|
||||||
|
String plaintext = new String(plaintextBuffer, "UTF-8");
|
||||||
|
Arrays.fill(plaintextBuffer, (byte) 0);
|
||||||
|
return plaintext;
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
Log.e(LOG_TAG, "## decryptMessage(): failed " + e.getMessage());
|
Log.e(LOG_TAG, "## decryptMessage(): failed " + e.getMessage());
|
||||||
throw new OlmException(OlmException.EXCEPTION_CODE_SESSION_DECRYPT_MESSAGE, e.getMessage());
|
throw new OlmException(OlmException.EXCEPTION_CODE_SESSION_DECRYPT_MESSAGE, e.getMessage());
|
||||||
|
|
|
@ -297,6 +297,7 @@ JNIEXPORT jbyteArray OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(encryptMessageJni)(JNIE
|
||||||
|
|
||||||
OlmOutboundGroupSession *sessionPtr = NULL;
|
OlmOutboundGroupSession *sessionPtr = NULL;
|
||||||
jbyte* clearMsgPtr = NULL;
|
jbyte* clearMsgPtr = NULL;
|
||||||
|
jboolean clearMsgIsCopied = JNI_FALSE;
|
||||||
|
|
||||||
if (!(sessionPtr = (OlmOutboundGroupSession*)getOutboundGroupSessionInstanceId(env,thiz)))
|
if (!(sessionPtr = (OlmOutboundGroupSession*)getOutboundGroupSessionInstanceId(env,thiz)))
|
||||||
{
|
{
|
||||||
|
@ -308,7 +309,7 @@ JNIEXPORT jbyteArray OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(encryptMessageJni)(JNIE
|
||||||
LOGE(" ## encryptMessageJni(): failure - invalid clear message");
|
LOGE(" ## encryptMessageJni(): failure - invalid clear message");
|
||||||
errorMessage = "invalid clear message";
|
errorMessage = "invalid clear message";
|
||||||
}
|
}
|
||||||
else if (!(clearMsgPtr = env->GetByteArrayElements(aClearMsgBuffer, NULL)))
|
else if (!(clearMsgPtr = env->GetByteArrayElements(aClearMsgBuffer, &clearMsgIsCopied)))
|
||||||
{
|
{
|
||||||
LOGE(" ## encryptMessageJni(): failure - clear message JNI allocation OOM");
|
LOGE(" ## encryptMessageJni(): failure - clear message JNI allocation OOM");
|
||||||
errorMessage = "clear message JNI allocation OOM";
|
errorMessage = "clear message JNI allocation OOM";
|
||||||
|
@ -359,6 +360,10 @@ JNIEXPORT jbyteArray OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(encryptMessageJni)(JNIE
|
||||||
// free alloc
|
// free alloc
|
||||||
if (clearMsgPtr)
|
if (clearMsgPtr)
|
||||||
{
|
{
|
||||||
|
if (clearMsgIsCopied)
|
||||||
|
{
|
||||||
|
memset(clearMsgPtr, 0, (size_t)env->GetArrayLength(aClearMsgBuffer));
|
||||||
|
}
|
||||||
env->ReleaseByteArrayElements(aClearMsgBuffer, clearMsgPtr, JNI_ABORT);
|
env->ReleaseByteArrayElements(aClearMsgBuffer, clearMsgPtr, JNI_ABORT);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -150,6 +150,7 @@ JNIEXPORT jbyteArray OLM_PK_ENCRYPTION_FUNC_DEF(encryptJni)(
|
||||||
jbyteArray encryptedMsgRet = 0;
|
jbyteArray encryptedMsgRet = 0;
|
||||||
const char* errorMessage = NULL;
|
const char* errorMessage = NULL;
|
||||||
jbyte *plaintextPtr = NULL;
|
jbyte *plaintextPtr = NULL;
|
||||||
|
jboolean plaintextIsCopied = JNI_FALSE;
|
||||||
|
|
||||||
OlmPkEncryption *encryptionPtr = getPkEncryptionInstanceId(env, thiz);
|
OlmPkEncryption *encryptionPtr = getPkEncryptionInstanceId(env, thiz);
|
||||||
jclass encryptedMsgJClass = 0;
|
jclass encryptedMsgJClass = 0;
|
||||||
|
@ -165,7 +166,7 @@ JNIEXPORT jbyteArray OLM_PK_ENCRYPTION_FUNC_DEF(encryptJni)(
|
||||||
LOGE(" ## pkEncryptJni(): failure - invalid clear message");
|
LOGE(" ## pkEncryptJni(): failure - invalid clear message");
|
||||||
errorMessage = "invalid clear message";
|
errorMessage = "invalid clear message";
|
||||||
}
|
}
|
||||||
else if (!(plaintextPtr = env->GetByteArrayElements(aPlaintextBuffer, 0)))
|
else if (!(plaintextPtr = env->GetByteArrayElements(aPlaintextBuffer, &plaintextIsCopied)))
|
||||||
{
|
{
|
||||||
LOGE(" ## pkEncryptJni(): failure - plaintext JNI allocation OOM");
|
LOGE(" ## pkEncryptJni(): failure - plaintext JNI allocation OOM");
|
||||||
errorMessage = "plaintext JNI allocation OOM";
|
errorMessage = "plaintext JNI allocation OOM";
|
||||||
|
@ -269,6 +270,10 @@ JNIEXPORT jbyteArray OLM_PK_ENCRYPTION_FUNC_DEF(encryptJni)(
|
||||||
|
|
||||||
if (plaintextPtr)
|
if (plaintextPtr)
|
||||||
{
|
{
|
||||||
|
if (plaintextIsCopied)
|
||||||
|
{
|
||||||
|
memset(plaintextPtr, 0, (size_t)env->GetArrayLength(aPlaintextBuffer));
|
||||||
|
}
|
||||||
env->ReleaseByteArrayElements(aPlaintextBuffer, plaintextPtr, JNI_ABORT);
|
env->ReleaseByteArrayElements(aPlaintextBuffer, plaintextPtr, JNI_ABORT);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -561,6 +566,7 @@ JNIEXPORT jbyteArray OLM_PK_DECRYPTION_FUNC_DEF(decryptJni)(
|
||||||
}
|
}
|
||||||
if (plaintextPtr)
|
if (plaintextPtr)
|
||||||
{
|
{
|
||||||
|
memset(plaintextPtr, 0, maxPlaintextLength);
|
||||||
free(plaintextPtr);
|
free(plaintextPtr);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -472,6 +472,7 @@ JNIEXPORT jbyteArray OLM_SESSION_FUNC_DEF(encryptMessageJni)(JNIEnv *env, jobjec
|
||||||
|
|
||||||
OlmSession *sessionPtr = getSessionInstanceId(env, thiz);
|
OlmSession *sessionPtr = getSessionInstanceId(env, thiz);
|
||||||
jbyte *clearMsgPtr = NULL;
|
jbyte *clearMsgPtr = NULL;
|
||||||
|
jboolean clearMsgIsCopied = JNI_FALSE;
|
||||||
jclass encryptedMsgJClass = 0;
|
jclass encryptedMsgJClass = 0;
|
||||||
jfieldID typeMsgFieldId;
|
jfieldID typeMsgFieldId;
|
||||||
|
|
||||||
|
@ -490,8 +491,9 @@ JNIEXPORT jbyteArray OLM_SESSION_FUNC_DEF(encryptMessageJni)(JNIEnv *env, jobjec
|
||||||
else if (!aEncryptedMsg)
|
else if (!aEncryptedMsg)
|
||||||
{
|
{
|
||||||
LOGE("## encryptMessageJni(): failure - invalid encrypted message");
|
LOGE("## encryptMessageJni(): failure - invalid encrypted message");
|
||||||
|
errorMessage = "invalid encrypted message";
|
||||||
}
|
}
|
||||||
else if (!(clearMsgPtr = env->GetByteArrayElements(aClearMsgBuffer, 0)))
|
else if (!(clearMsgPtr = env->GetByteArrayElements(aClearMsgBuffer, &clearMsgIsCopied)))
|
||||||
{
|
{
|
||||||
LOGE("## encryptMessageJni(): failure - clear message JNI allocation OOM");
|
LOGE("## encryptMessageJni(): failure - clear message JNI allocation OOM");
|
||||||
errorMessage = "clear message JNI allocation OOM";
|
errorMessage = "clear message JNI allocation OOM";
|
||||||
|
@ -580,6 +582,10 @@ JNIEXPORT jbyteArray OLM_SESSION_FUNC_DEF(encryptMessageJni)(JNIEnv *env, jobjec
|
||||||
// free alloc
|
// free alloc
|
||||||
if (clearMsgPtr)
|
if (clearMsgPtr)
|
||||||
{
|
{
|
||||||
|
if (clearMsgIsCopied)
|
||||||
|
{
|
||||||
|
memset(clearMsgPtr, 0, (size_t)env->GetArrayLength(aClearMsgBuffer));
|
||||||
|
}
|
||||||
env->ReleaseByteArrayElements(aClearMsgBuffer, clearMsgPtr, JNI_ABORT);
|
env->ReleaseByteArrayElements(aClearMsgBuffer, clearMsgPtr, JNI_ABORT);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -702,6 +708,8 @@ JNIEXPORT jbyteArray OLM_SESSION_FUNC_DEF(decryptMessageJni)(JNIEnv *env, jobjec
|
||||||
|
|
||||||
LOGD(" ## decryptMessageJni(): UTF-8 Conversion - decrypted returnedLg=%lu OK",static_cast<long unsigned int>(plaintextLength));
|
LOGD(" ## decryptMessageJni(): UTF-8 Conversion - decrypted returnedLg=%lu OK",static_cast<long unsigned int>(plaintextLength));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
memset(plainTextMsgPtr, 0, maxPlainTextLength);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue