more and improved buffer sanitising for Android bindings

android/olm-sdk/src/main/java/org/matrix/olm/OlmAccount.java

@@ -26,6 +26,7 @@ import java.io.IOException;
 import java.io.ObjectInputStream;
 import java.io.ObjectOutputStream;
 import java.io.Serializable;
+import java.util.Arrays;
 import java.util.Map;
 
 /**
@@ -290,9 +291,9 @@ public class OlmAccount extends CommonSerializeUtils implements Serializable {
         String result = null;
 
         if (null != aMessage) {
+            byte[] utf8String = null;
             try {
-                byte[] utf8String = aMessage.getBytes("UTF-8");
-
+                utf8String = aMessage.getBytes("UTF-8");
                 if (null != utf8String) {
                     byte[] signedMessage = signMessageJni(utf8String);
 
@@ -302,6 +303,10 @@ public class OlmAccount extends CommonSerializeUtils implements Serializable {
                 }
             } catch (Exception e) {
                 throw new OlmException(OlmException.EXCEPTION_CODE_ACCOUNT_SIGN_MESSAGE, e.getMessage());
+            } finally {
+                if (null != utf8String) {
+                    Arrays.fill(utf8String, (byte) 0);
+                }
             }
         }
 

android/olm-sdk/src/main/java/org/matrix/olm/OlmInboundGroupSession.java

@@ -77,10 +77,16 @@ public class OlmInboundGroupSession extends CommonSerializeUtils implements Seri
             Log.e(LOG_TAG, "## initInboundGroupSession(): invalid session key");
             throw new OlmException(OlmException.EXCEPTION_CODE_INIT_INBOUND_GROUP_SESSION, "invalid session key");
         } else {
+            byte[] sessionBuffer = null;
             try {
+                sessionBuffer = aSessionKey.getBytes("UTF-8");
                 mNativeId = createNewSessionJni(aSessionKey.getBytes("UTF-8"), isImported);
             } catch (Exception e) {
                 throw new OlmException(OlmException.EXCEPTION_CODE_INIT_INBOUND_GROUP_SESSION, e.getMessage());
+            } finally {
+                if (null != sessionBuffer) {
+                    Arrays.fill(sessionBuffer, (byte) 0);
+                }
             }
         }
     }
@@ -216,6 +222,7 @@ public class OlmInboundGroupSession extends CommonSerializeUtils implements Seri
 
             if (null != bytesBuffer) {
                 result = new String(bytesBuffer, "UTF-8");
+                Arrays.fill(bytesBuffer, (byte) 0);
             }
         } catch (Exception e) {
             Log.e(LOG_TAG, "## export() failed " + e.getMessage());

android/olm-sdk/src/main/java/org/matrix/olm/OlmOutboundGroupSession.java

@@ -142,7 +142,10 @@ public class OlmOutboundGroupSession extends CommonSerializeUtils implements Ser
      */
     public String sessionKey() throws OlmException {
         try {
-            return new String(sessionKeyJni(), "UTF-8");
+            byte[] sessionKeyBuffer = sessionKeyJni();
+            String ret = new String(sessionKeyBuffer, "UTF-8");
+            Arrays.fill(sessionKeyBuffer, (byte) 0);
+            return ret;
         } catch (Exception e) {
             Log.e(LOG_TAG, "## sessionKey() failed " + e.getMessage());
             throw new OlmException(OlmException.EXCEPTION_CODE_OUTBOUND_GROUP_SESSION_KEY, e.getMessage());

android/olm-sdk/src/main/java/org/matrix/olm/OlmPkDecryption.java

@@ -68,14 +68,15 @@ public class OlmPkDecryption {
             return null;
         }
 
+        byte[] plaintextBuffer = decryptJni(aMessage);
         try {
-            byte[] plaintextBuffer = decryptJni(aMessage);
             String plaintext = new String(plaintextBuffer, "UTF-8");
-            Arrays.fill(plaintextBuffer, (byte) 0);
             return plaintext;
         } catch (Exception e) {
             Log.e(LOG_TAG, "## pkDecrypt(): failed " + e.getMessage());
             throw new OlmException(OlmException.EXCEPTION_CODE_PK_DECRYPTION_DECRYPT, e.getMessage());
+        } finally {
+            Arrays.fill(plaintextBuffer, (byte) 0);
         }
     }
 

android/olm-sdk/src/main/java/org/matrix/olm/OlmPkEncryption.java

@@ -73,10 +73,10 @@ public class OlmPkEncryption {
 
         OlmPkMessage encryptedMsgRetValue = new OlmPkMessage();
 
+        byte[] plaintextBuffer = null;
         try {
-            byte[] plaintextBuffer = aPlaintext.getBytes("UTF-8");
+            plaintextBuffer = aPlaintext.getBytes("UTF-8");
             byte[] ciphertextBuffer = encryptJni(plaintextBuffer, encryptedMsgRetValue);
-            Arrays.fill(plaintextBuffer, (byte) 0);
 
             if (null != ciphertextBuffer) {
                 encryptedMsgRetValue.mCipherText = new String(ciphertextBuffer, "UTF-8");
@@ -84,6 +84,10 @@ public class OlmPkEncryption {
         } catch (Exception e) {
             Log.e(LOG_TAG, "## pkEncrypt(): failed " + e.getMessage());
             throw new OlmException(OlmException.EXCEPTION_CODE_PK_ENCRYPTION_ENCRYPT, e.getMessage());
+        } finally {
+            if (null != plaintextBuffer) {
+                Arrays.fill(plaintextBuffer, (byte) 0);
+            }
         }
 
         return encryptedMsgRetValue;

android/olm-sdk/src/main/java/org/matrix/olm/OlmUtility.java

@@ -23,6 +23,7 @@ import android.util.Log;
 import org.json.JSONObject;
 
 import java.security.SecureRandom;
+import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.Map;
@@ -81,17 +82,23 @@ public class OlmUtility {
      */
     public void verifyEd25519Signature(String aSignature, String aFingerprintKey, String aMessage) throws OlmException {
         String errorMessage;
+        byte[] messageBuffer = null;
 
         try {
             if (TextUtils.isEmpty(aSignature) || TextUtils.isEmpty(aFingerprintKey) || TextUtils.isEmpty(aMessage)) {
                 Log.e(LOG_TAG, "## verifyEd25519Signature(): invalid input parameters");
                 errorMessage = "JAVA sanity check failure - invalid input parameters";
             } else {
-                errorMessage =  verifyEd25519SignatureJni(aSignature.getBytes("UTF-8"), aFingerprintKey.getBytes("UTF-8"), aMessage.getBytes("UTF-8"));
+                messageBuffer = aMessage.getBytes("UTF-8");
+                errorMessage =  verifyEd25519SignatureJni(aSignature.getBytes("UTF-8"), aFingerprintKey.getBytes("UTF-8"), messageBuffer);
             }
         } catch (Exception e) {
             Log.e(LOG_TAG, "## verifyEd25519Signature(): failed " + e.getMessage());
             errorMessage = e.getMessage();
+        } finally {
+            if (messageBuffer != null) {
+                Arrays.fill(messageBuffer, (byte) 0);
+            }
         }
 
         if (!TextUtils.isEmpty(errorMessage)) {
@@ -119,10 +126,16 @@ public class OlmUtility {
          String hashRetValue = null;
 
          if (null != aMessageToHash) {
+             byte[] messageBuffer = null;
              try {
-                 hashRetValue = new String(sha256Jni(aMessageToHash.getBytes("UTF-8")), "UTF-8");
+                 messageBuffer = aMessageToHash.getBytes("UTF-8");
+                 hashRetValue = new String(sha256Jni(messageBuffer), "UTF-8");
              } catch (Exception e) {
                  Log.e(LOG_TAG, "## sha256(): failed " + e.getMessage());
+             } finally {
+                 if (null != messageBuffer) {
+                     Arrays.fill(messageBuffer, (byte) 0);
+                 }
              }
          }
 

android/olm-sdk/src/main/jni/olm_account.cpp

@@ -528,6 +528,7 @@ JNIEXPORT jbyteArray OLM_ACCOUNT_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi
     const char* errorMessage = NULL;
     jbyteArray pickledDataRetValue = 0;
     jbyte* keyPtr = NULL;
+    jboolean keyIsCopied = JNI_FALSE;
     OlmAccount* accountPtr = NULL;
 
     LOGD("## serializeJni(): IN");
@@ -542,7 +543,7 @@ JNIEXPORT jbyteArray OLM_ACCOUNT_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi
        LOGE(" ## serializeJni(): failure - invalid account ptr");
        errorMessage = "invalid account ptr";
     }
-    else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, NULL)))
+    else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyIsCopied)))
     {
         LOGE(" ## serializeJni(): failure - keyPtr JNI allocation OOM");
         errorMessage = "keyPtr JNI allocation OOM";
@@ -586,6 +587,9 @@ JNIEXPORT jbyteArray OLM_ACCOUNT_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi
     // free alloc
     if (keyPtr)
     {
+        if (keyIsCopied) {
+            memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer));
+        }
         env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT);
     }
 
@@ -610,6 +614,7 @@ JNIEXPORT jlong OLM_ACCOUNT_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz,
     OlmAccount* accountPtr = NULL;
 
     jbyte* keyPtr = NULL;
+    jboolean keyIsCopied = JNI_FALSE;
     jbyte* pickledPtr = NULL;
 
     LOGD("## deserializeJni(): IN");
@@ -629,7 +634,7 @@ JNIEXPORT jlong OLM_ACCOUNT_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz,
         LOGE(" ## deserializeJni(): failure - account failure OOM");
         errorMessage = "account failure OOM";
     }
-    else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, 0)))
+    else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyIsCopied)))
     {
         LOGE(" ## deserializeJni(): failure - keyPtr JNI allocation OOM");
         errorMessage = "keyPtr JNI allocation OOM";
@@ -665,6 +670,9 @@ JNIEXPORT jlong OLM_ACCOUNT_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz,
     // free alloc
     if (keyPtr)
     {
+        if (keyIsCopied) {
+            memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer));
+        }
         env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT);
     }
 
@@ -684,4 +692,4 @@ JNIEXPORT jlong OLM_ACCOUNT_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz,
     }
 
     return (jlong)(intptr_t)accountPtr;
-}
+}
\ No newline at end of file

android/olm-sdk/src/main/jni/olm_inbound_group_session.cpp

@@ -62,6 +62,7 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(createNewSessionJni)(JNIEnv *
     const char* errorMessage = NULL;
     OlmInboundGroupSession* sessionPtr = NULL;
     jbyte* sessionKeyPtr = NULL;
+    jboolean sessionWasCopied = JNI_FALSE;
     size_t sessionSize = olm_inbound_group_session_size();
 
     LOGD("## createNewSessionJni(): inbound group session IN");
@@ -81,7 +82,7 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(createNewSessionJni)(JNIEnv *
         LOGE(" ## createNewSessionJni(): failure - invalid aSessionKey");
         errorMessage = "invalid aSessionKey";
     }
-    else if (!(sessionKeyPtr = env->GetByteArrayElements(aSessionKeyBuffer, 0)))
+    else if (!(sessionKeyPtr = env->GetByteArrayElements(aSessionKeyBuffer, &sessionWasCopied)))
     {
         LOGE(" ## createNewSessionJni(): failure - session key JNI allocation OOM");
         errorMessage = "Session key JNI allocation OOM";
@@ -119,6 +120,9 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(createNewSessionJni)(JNIEnv *
 
     if (sessionKeyPtr)
     {
+        if (sessionWasCopied) {
+            memset(sessionKeyPtr, 0, (size_t)env->GetArrayLength(aSessionKeyBuffer));
+        }
         env->ReleaseByteArrayElements(aSessionKeyBuffer, sessionKeyPtr, JNI_ABORT);
     }
 
@@ -474,6 +478,7 @@ JNIEXPORT jbyteArray OLM_INBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *en
 
     jbyteArray pickledDataRet = 0;
     jbyte* keyPtr = NULL;
+    jboolean keyWasCopied = JNI_FALSE;
     OlmInboundGroupSession* sessionPtr = getInboundGroupSessionInstanceId(env, thiz);
 
     LOGD("## inbound group session serializeJni(): IN");
@@ -488,7 +493,7 @@ JNIEXPORT jbyteArray OLM_INBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *en
         LOGE(" ## serializeJni(): failure - invalid key");
         errorMessage = "invalid key";
     }
-    else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, 0)))
+    else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyWasCopied)))
     {
         LOGE(" ## serializeJni(): failure - keyPtr JNI allocation OOM");
         errorMessage = "keyPtr JNI allocation OOM";
@@ -533,6 +538,9 @@ JNIEXPORT jbyteArray OLM_INBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *en
     // free alloc
     if (keyPtr)
     {
+        if (keyWasCopied) {
+            memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer));
+        }
         env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT);
     }
 
@@ -558,6 +566,7 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env,
     OlmInboundGroupSession* sessionPtr = NULL;
     size_t sessionSize = olm_inbound_group_session_size();
     jbyte* keyPtr = NULL;
+    jboolean keyWasCopied = JNI_FALSE;
     jbyte* pickledPtr = NULL;
 
     LOGD("## deserializeJni(): IN");
@@ -582,7 +591,7 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env,
         LOGE(" ## deserializeJni(): failure - serialized data");
         errorMessage = "serialized data";
     }
-    else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, 0)))
+    else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyWasCopied)))
     {
         LOGE(" ## deserializeJni(): failure - keyPtr JNI allocation OOM");
         errorMessage = "keyPtr JNI allocation OOM";
@@ -620,6 +629,9 @@ JNIEXPORT jlong OLM_INBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env,
     // free alloc
     if (keyPtr)
     {
+        if (keyWasCopied) {
+            memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer));
+        }
         env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT);
     }
 

android/olm-sdk/src/main/jni/olm_outbound_group_session.cpp

@@ -387,6 +387,7 @@ JNIEXPORT jbyteArray OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *e
     jbyteArray returnValue = 0;
 
     jbyte* keyPtr = NULL;
+    jboolean keyWasCopied = JNI_FALSE;
     OlmOutboundGroupSession* sessionPtr = NULL;
 
     LOGD("## outbound group session serializeJni(): IN");
@@ -401,7 +402,7 @@ JNIEXPORT jbyteArray OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *e
         LOGE(" ## serializeJni(): failure - invalid key");
         errorMessage = "invalid key";
     }
-    else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, 0)))
+    else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyWasCopied)))
     {
         LOGE(" ## serializeJni(): failure - keyPtr JNI allocation OOM");
         errorMessage = "keyPtr JNI allocation OOM";
@@ -446,6 +447,9 @@ JNIEXPORT jbyteArray OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(serializeJni)(JNIEnv *e
     // free alloc
     if (keyPtr)
     {
+        if (keyWasCopied) {
+            memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer));
+        }
         env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT);
     }
 
@@ -471,6 +475,7 @@ JNIEXPORT jlong OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env,
     OlmOutboundGroupSession* sessionPtr = NULL;
 
     jbyte* keyPtr = NULL;
+    jboolean keyWasCopied = JNI_FALSE;
     jbyte* pickledPtr = NULL;
 
     LOGD("## deserializeJni(): IN");
@@ -495,7 +500,7 @@ JNIEXPORT jlong OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env,
         LOGE(" ## deserializeJni(): failure - serialized data");
         errorMessage = "invalid serialized data";
     }
-    else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, 0)))
+    else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyWasCopied)))
     {
         LOGE(" ## deserializeJni(): failure - keyPtr JNI allocation OOM");
         errorMessage = "keyPtr JNI allocation OOM";
@@ -532,6 +537,9 @@ JNIEXPORT jlong OLM_OUTBOUND_GROUP_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env,
     // free alloc
     if (keyPtr)
     {
+        if (keyWasCopied) {
+            memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer));
+        }
         env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT);
     }
 

android/olm-sdk/src/main/jni/olm_session.cpp

@@ -810,6 +810,7 @@ JNIEXPORT jbyteArray OLM_SESSION_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi
     jbyteArray returnValue = 0;
 
     jbyte* keyPtr = NULL;
+    jboolean keyWasCopied = JNI_FALSE;
     OlmSession* sessionPtr = getSessionInstanceId(env, thiz);
 
     LOGD("## serializeJni(): IN");
@@ -824,7 +825,7 @@ JNIEXPORT jbyteArray OLM_SESSION_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi
         LOGE(" ## serializeJni(): failure - invalid key");
         errorMessage = "invalid key";
     }
-    else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, 0)))
+    else if (!(keyPtr = env->GetByteArrayElements(aKeyBuffer, &keyWasCopied)))
     {
         LOGE(" ## serializeJni(): failure - keyPtr JNI allocation OOM");
         errorMessage = "ikeyPtr JNI allocation OOM";
@@ -869,6 +870,9 @@ JNIEXPORT jbyteArray OLM_SESSION_FUNC_DEF(serializeJni)(JNIEnv *env, jobject thi
     // free alloc
     if (keyPtr)
     {
+        if (keyWasCopied) {
+            memset(keyPtr, 0, (size_t)env->GetArrayLength(aKeyBuffer));
+        }
         env->ReleaseByteArrayElements(aKeyBuffer, keyPtr, JNI_ABORT);
     }
 
@@ -892,6 +896,7 @@ JNIEXPORT jlong OLM_SESSION_FUNC_DEF(deserializeJni)(JNIEnv *env, jobject thiz,
     const char* errorMessage = NULL;
     OlmSession* sessionPtr = initializeSessionMemory();
     jbyte* keyPtr = NULL;
+    jboolean keyWasCopied = JNI_FALSE;
     jbyte* pickledPtr = NULL;
 
     LOGD("## deserializeJni(): IN");