New Passphrase class for safer passphrase handling in memory

2015-03-19 03:03:46 +01:00
parent dbcb7a9e10
commit 9c9f95c7ac
34 changed files with 307 additions and 140 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/BaseOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/BaseOperation.java
@@ -24,6 +24,7 @@ import org.sufficientlysecure.keychain.pgp.Progressable;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.provider.ProviderHelper.NotFoundException;
 import org.sufficientlysecure.keychain.service.PassphraseCacheService;
+import org.sufficientlysecure.keychain.util.Passphrase;

 import java.util.concurrent.atomic.AtomicBoolean;

@@ -101,7 +102,7 @@ public abstract class BaseOperation implements PassphraseCacheInterface {
    }

    @Override
-    public String getCachedPassphrase(long subKeyId) throws NoSecretKeyException {
+    public Passphrase getCachedPassphrase(long subKeyId) throws NoSecretKeyException {
        try {
            long masterKeyId = mProviderHelper.getMasterKeyId(subKeyId);
            return getCachedPassphrase(masterKeyId, subKeyId);
@@ -111,7 +112,7 @@ public abstract class BaseOperation implements PassphraseCacheInterface {
    }

    @Override
-    public String getCachedPassphrase(long masterKeyId, long subKeyId) throws NoSecretKeyException {
+    public Passphrase getCachedPassphrase(long masterKeyId, long subKeyId) throws NoSecretKeyException {
        try {
            return PassphraseCacheService.getCachedPassphrase(
                    mContext, masterKeyId, subKeyId);
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
@@ -40,6 +40,7 @@ import org.sufficientlysecure.keychain.service.CertifyActionsParcel.CertifyActio
 import org.sufficientlysecure.keychain.service.ContactSyncAdapterService;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.util.Log;
+import org.sufficientlysecure.keychain.util.Passphrase;

 import java.util.ArrayList;
 import java.util.concurrent.atomic.AtomicBoolean;
@@ -79,7 +80,7 @@ public class CertifyOperation extends BaseOperation {
            }

            // certification is always with the master key id, so use that one
-            String passphrase = getCachedPassphrase(parcel.mMasterKeyId, parcel.mMasterKeyId);
+            Passphrase passphrase = getCachedPassphrase(parcel.mMasterKeyId, parcel.mMasterKeyId);

            if (!certificationKey.unlock(passphrase)) {
                log.add(LogType.MSG_CRT_ERROR_UNLOCK, 2);
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/EditKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/EditKeyOperation.java
@@ -35,6 +35,7 @@ import org.sufficientlysecure.keychain.service.ContactSyncAdapterService;
 import org.sufficientlysecure.keychain.service.PassphraseCacheService;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
+import org.sufficientlysecure.keychain.util.Passphrase;
 import org.sufficientlysecure.keychain.util.ProgressScaler;

 import java.util.concurrent.atomic.AtomicBoolean;
@@ -55,7 +56,7 @@ public class EditKeyOperation extends BaseOperation {
        super(context, providerHelper, progressable, cancelled);
    }

-    public EditKeyResult execute(SaveKeyringParcel saveParcel, String passphrase) {
+    public EditKeyResult execute(SaveKeyringParcel saveParcel, Passphrase passphrase) {

        OperationLog log = new OperationLog();
        log.add(LogType.MSG_ED, 0);
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/DecryptVerifyResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/DecryptVerifyResult.java
@@ -22,6 +22,7 @@ import android.os.Parcel;

 import org.openintents.openpgp.OpenPgpMetadata;
 import org.openintents.openpgp.OpenPgpSignatureResult;
+import org.sufficientlysecure.keychain.util.Passphrase;

 public class DecryptVerifyResult extends OperationResult {

@@ -37,7 +38,7 @@ public class DecryptVerifyResult extends OperationResult {

    long mNfcSubKeyId;
    byte[] mNfcSessionKey;
-    String mNfcPassphrase;
+    Passphrase mNfcPassphrase;

    OpenPgpSignatureResult mSignatureResult;
    OpenPgpMetadata mDecryptMetadata;
@@ -53,7 +54,7 @@ public class DecryptVerifyResult extends OperationResult {
        mKeyIdPassphraseNeeded = keyIdPassphraseNeeded;
    }

-    public void setNfcState(long subKeyId, byte[] sessionKey, String passphrase) {
+    public void setNfcState(long subKeyId, byte[] sessionKey, Passphrase passphrase) {
        mNfcSubKeyId = subKeyId;
        mNfcSessionKey = sessionKey;
        mNfcPassphrase = passphrase;
@@ -67,7 +68,7 @@ public class DecryptVerifyResult extends OperationResult {
        return mNfcSessionKey;
    }

-    public String getNfcPassphrase() {
+    public Passphrase getNfcPassphrase() {
        return mNfcPassphrase;
    }

@@ -109,7 +110,7 @@ public class DecryptVerifyResult extends OperationResult {
        mSignatureResult = source.readParcelable(OpenPgpSignatureResult.class.getClassLoader());
        mDecryptMetadata = source.readParcelable(OpenPgpMetadata.class.getClassLoader());
        mNfcSessionKey = source.readInt() != 0 ? source.createByteArray() : null;
-        mNfcPassphrase = source.readString();
+        mNfcPassphrase = source.readParcelable(Passphrase.class.getClassLoader());
    }

    public int describeContents() {
@@ -127,7 +128,7 @@ public class DecryptVerifyResult extends OperationResult {
        } else {
            dest.writeInt(0);
        }
-        dest.writeString(mNfcPassphrase);
+        dest.writeParcelable(mNfcPassphrase, flags);
    }

    public static final Creator<DecryptVerifyResult> CREATOR = new Creator<DecryptVerifyResult>() {
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PgpSignEncryptResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PgpSignEncryptResult.java
@@ -19,6 +19,8 @@ package org.sufficientlysecure.keychain.operations.results;

 import android.os.Parcel;

+import org.sufficientlysecure.keychain.util.Passphrase;
+
 import java.util.Date;

 public class PgpSignEncryptResult extends OperationResult {
@@ -36,7 +38,7 @@ public class PgpSignEncryptResult extends OperationResult {
    byte[] mNfcHash;
    int mNfcAlgo;
    Date mNfcTimestamp;
-    String mNfcPassphrase;
+    Passphrase mNfcPassphrase;
    byte[] mDetachedSignature;

    public long getKeyIdPassphraseNeeded() {
@@ -47,7 +49,7 @@ public class PgpSignEncryptResult extends OperationResult {
        mKeyIdPassphraseNeeded = keyIdPassphraseNeeded;
    }

-    public void setNfcData(long nfcKeyId, byte[] nfcHash, int nfcAlgo, Date nfcTimestamp, String passphrase) {
+    public void setNfcData(long nfcKeyId, byte[] nfcHash, int nfcAlgo, Date nfcTimestamp, Passphrase passphrase) {
        mNfcKeyId = nfcKeyId;
        mNfcHash = nfcHash;
        mNfcAlgo = nfcAlgo;
@@ -75,7 +77,7 @@ public class PgpSignEncryptResult extends OperationResult {
        return mNfcTimestamp;
    }

-    public String getNfcPassphrase() {
+    public Passphrase getNfcPassphrase() {
        return mNfcPassphrase;
    }