Clear the random buffers once they've been used. Add methods for clearing the...

Clear the random buffers once they've been used. Add methods for clearing the account and session object once they've been used

Clear the random buffers once they've been used. Add methods for clearing the...
2e49a6f4 · Mark Haines · 5ad92910 · 2e49a6f4 · 2e49a6f4
Commit 2e49a6f4 authored 9 years ago by Mark Haines
--- a/include/olm/olm.hh
+++ b/include/olm/olm.hh
@@ -61,6 +61,16 @@ const char * olm_session_last_error(
    OlmSession * session
 );

+/** Clears the memory used to back this account */
+size_t olm_clear_account(
+    OlmSession * account
+);
+
+/** Clears the memory used to back this session */
+size_t olm_clear_session(
+    OlmSession * session
+);
+
 /** Returns the number of bytes needed to store an account */
 size_t olm_pickle_account_length(
    OlmAccount * account
@@ -127,7 +137,7 @@ size_t olm_create_account_random_length(
 * "NOT_ENOUGH_RANDOM" */
 size_t olm_create_account(
    OlmAccount * account,
-    void const * random, size_t random_length
+    void * random, size_t random_length
 );

 /** The size of the output buffer needed to hold the identity keys */
@@ -197,7 +207,7 @@ size_t olm_account_generate_one_time_keys_random_length(
 size_t olm_account_generate_one_time_keys(
    OlmAccount * account,
    size_t number_of_keys,
-    void const * random, size_t random_length
+    void * random, size_t random_length
 );

 /** The number of random bytes needed to create an outbound session */
@@ -215,7 +225,7 @@ size_t olm_create_outbound_session(
    OlmAccount * account,
    void const * their_identity_key, size_t their_identity_key_length,
    void const * their_one_time_key, size_t their_one_time_key_length,
-    void const * random, size_t random_length
+    void * random, size_t random_length
 );

 /** Create a new in-bound session for sending/receiving messages from an
@@ -282,7 +292,7 @@ size_t olm_encrypt_message_length(
 size_t olm_encrypt(
    OlmSession * session,
    void const * plaintext, size_t plaintext_length,
-    void const * random, size_t random_length,
+    void * random, size_t random_length,
    void * message, size_t message_length
 );


--- a/src/olm.cpp
+++ b/src/olm.cpp
@@ -17,6 +17,7 @@
 #include "olm/account.hh"
 #include "olm/base64.hh"
 #include "olm/cipher.hh"
+#include "olm/memory.hh"

 #include <new>
 #include <cstring>
@@ -213,6 +214,7 @@ size_t olm_session_size() {
 OlmAccount * olm_account(
    void * memory
 ) {
+    olm::unset(memory, sizeof(olm::Account));
    return to_c(new(memory) olm::Account());
 }

@@ -220,10 +222,33 @@ OlmAccount * olm_account(
 OlmSession * olm_session(
    void * memory
 ) {
+    olm::unset(memory, sizeof(olm::Session));
    return to_c(new(memory) olm::Session());
 }


+size_t olm_clear_account(
+    OlmSession * account
+) {
+    /* Clear the memory backing the account  */
+    olm::unset(account, sizeof(olm::Account));
+    /* Initialise a fresh account object in case someone tries to use it */
+    new(account) olm::Account();
+    return sizeof(olm::Account);
+}
+
+
+size_t olm_clear_session(
+    OlmSession * session
+) {
+    /* Clear the memory backing the session */
+    olm::unset(session, sizeof(olm::Session));
+    /* Initialise a fresh session object in case someone tries to use it */
+    new(session) olm::Session();
+    return sizeof(olm::Session);
+}
+
+
 size_t olm_pickle_account_length(
    OlmAccount * account
 ) {
@@ -336,9 +361,11 @@ size_t olm_create_account_random_length(

 size_t olm_create_account(
    OlmAccount * account,
-    void const * random, size_t random_length
+    void * random, size_t random_length
 ) {
-    return from_c(account)->new_account(from_c(random), random_length);
+    size_t result = from_c(account)->new_account(from_c(random), random_length);
+    olm::unset(random, random_length);
+    return result;
 }


@@ -427,12 +454,14 @@ size_t olm_account_generate_one_time_keys_random_length(
 size_t olm_account_generate_one_time_keys(
    OlmAccount * account,
    size_t number_of_keys,
-    void const * random, size_t random_length
+    void * random, size_t random_length
 ) {
-    return from_c(account)->generate_one_time_keys(
+    size_t result = from_c(account)->generate_one_time_keys(
        number_of_keys,
        from_c(random), random_length
    );
+    olm::unset(random, random_length);
+    return result;
 }


@@ -448,7 +477,7 @@ size_t olm_create_outbound_session(
    OlmAccount * account,
    void const * their_identity_key, size_t their_identity_key_length,
    void const * their_one_time_key, size_t their_one_time_key_length,
-    void const * random, size_t random_length
+    void * random, size_t random_length
 ) {
    if (olm::decode_base64_length(their_identity_key_length) != 32
            || olm::decode_base64_length(their_one_time_key_length) != 32
@@ -468,10 +497,12 @@ size_t olm_create_outbound_session(
        one_time_key.public_key
    );

-    return from_c(session)->new_outbound_session(
+    size_t result = from_c(session)->new_outbound_session(
        *from_c(account), identity_key, one_time_key,
        from_c(random), random_length
    );
+    olm::unset(random, random_length);
+    return result;
 }


@@ -550,7 +581,7 @@ size_t olm_encrypt_message_length(
 size_t olm_encrypt(
    OlmSession * session,
    void const * plaintext, size_t plaintext_length,
-    void const * random, size_t random_length,
+    void * random, size_t random_length,
    void * message, size_t message_length
 ) {
    std::size_t raw_length = from_c(session)->encrypt_message_length(
@@ -566,6 +597,7 @@ size_t olm_encrypt(
        from_c(random), random_length,
        b64_output_pos(from_c(message), raw_length), raw_length
    );
+    olm::unset(random, random_length);
    return b64_output(from_c(message), raw_length);
 }