New Passphrase class for safer passphrase handling in memory

author: Dominik Schürmann <dominik@dominikschuermann.de> 2015-03-19 03:03:46 +0100
committer: Dominik Schürmann <dominik@dominikschuermann.de> 2015-03-19 03:03:46 +0100
commit: 9c9f95c7acb92aad1f02e65271610fb3dca6c0dd (patch)
tree: 75660812ee2e08ad0f8761e87168228ca2cadea7 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations
parent: dbcb7a9e10ec4418337e0dce1b4227cbc3b7bd4a (diff)
download: open-keychain-9c9f95c7acb92aad1f02e65271610fb3dca6c0dd.tar.gz
open-keychain-9c9f95c7acb92aad1f02e65271610fb3dca6c0dd.tar.bz2
open-keychain-9c9f95c7acb92aad1f02e65271610fb3dca6c0dd.zip
5 files changed, 18 insertions, 12 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/BaseOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/BaseOperation.java
index 40dcbd78d..a824e73d7 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/BaseOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/BaseOperation.java
@@ -24,6 +24,7 @@ import org.sufficientlysecure.keychain.pgp.Progressable;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.provider.ProviderHelper.NotFoundException;
 import org.sufficientlysecure.keychain.service.PassphraseCacheService;
+import org.sufficientlysecure.keychain.util.Passphrase;
 
 import java.util.concurrent.atomic.AtomicBoolean;
 
@@ -101,7 +102,7 @@ public abstract class BaseOperation implements PassphraseCacheInterface {
     }
 
     @Override
-    public String getCachedPassphrase(long subKeyId) throws NoSecretKeyException {
+    public Passphrase getCachedPassphrase(long subKeyId) throws NoSecretKeyException {
         try {
             long masterKeyId = mProviderHelper.getMasterKeyId(subKeyId);
             return getCachedPassphrase(masterKeyId, subKeyId);
@@ -111,7 +112,7 @@ public abstract class BaseOperation implements PassphraseCacheInterface {
     }
 
     @Override
-    public String getCachedPassphrase(long masterKeyId, long subKeyId) throws NoSecretKeyException {
+    public Passphrase getCachedPassphrase(long masterKeyId, long subKeyId) throws NoSecretKeyException {
         try {
             return PassphraseCacheService.getCachedPassphrase(
                     mContext, masterKeyId, subKeyId);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
index ebf0dc70b..4ceb34722 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
@@ -40,6 +40,7 @@ import org.sufficientlysecure.keychain.service.CertifyActionsParcel.CertifyActio
 import org.sufficientlysecure.keychain.service.ContactSyncAdapterService;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 import org.sufficientlysecure.keychain.util.Log;
+import org.sufficientlysecure.keychain.util.Passphrase;
 
 import java.util.ArrayList;
 import java.util.concurrent.atomic.AtomicBoolean;
@@ -79,7 +80,7 @@ public class CertifyOperation extends BaseOperation {
             }
 
             // certification is always with the master key id, so use that one
-            String passphrase = getCachedPassphrase(parcel.mMasterKeyId, parcel.mMasterKeyId);
+            Passphrase passphrase = getCachedPassphrase(parcel.mMasterKeyId, parcel.mMasterKeyId);
 
             if (!certificationKey.unlock(passphrase)) {
                 log.add(LogType.MSG_CRT_ERROR_UNLOCK, 2);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/EditKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/EditKeyOperation.java
index bcd842dd0..a179b53ee 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/EditKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/EditKeyOperation.java
@@ -35,6 +35,7 @@ import org.sufficientlysecure.keychain.service.ContactSyncAdapterService;
 import org.sufficientlysecure.keychain.service.PassphraseCacheService;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
+import org.sufficientlysecure.keychain.util.Passphrase;
 import org.sufficientlysecure.keychain.util.ProgressScaler;
 
 import java.util.concurrent.atomic.AtomicBoolean;
@@ -55,7 +56,7 @@ public class EditKeyOperation extends BaseOperation {
         super(context, providerHelper, progressable, cancelled);
     }
 
-    public EditKeyResult execute(SaveKeyringParcel saveParcel, String passphrase) {
+    public EditKeyResult execute(SaveKeyringParcel saveParcel, Passphrase passphrase) {
 
         OperationLog log = new OperationLog();
         log.add(LogType.MSG_ED, 0);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/DecryptVerifyResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/DecryptVerifyResult.java
index 86b37fea6..7df37cd9b 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/DecryptVerifyResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/DecryptVerifyResult.java
@@ -22,6 +22,7 @@ import android.os.Parcel;
 
 import org.openintents.openpgp.OpenPgpMetadata;
 import org.openintents.openpgp.OpenPgpSignatureResult;
+import org.sufficientlysecure.keychain.util.Passphrase;
 
 public class DecryptVerifyResult extends OperationResult {
 
@@ -37,7 +38,7 @@ public class DecryptVerifyResult extends OperationResult {
 
     long mNfcSubKeyId;
     byte[] mNfcSessionKey;
-    String mNfcPassphrase;
+    Passphrase mNfcPassphrase;
 
     OpenPgpSignatureResult mSignatureResult;
     OpenPgpMetadata mDecryptMetadata;
@@ -53,7 +54,7 @@ public class DecryptVerifyResult extends OperationResult {
         mKeyIdPassphraseNeeded = keyIdPassphraseNeeded;
     }
 
-    public void setNfcState(long subKeyId, byte[] sessionKey, String passphrase) {
+    public void setNfcState(long subKeyId, byte[] sessionKey, Passphrase passphrase) {
         mNfcSubKeyId = subKeyId;
         mNfcSessionKey = sessionKey;
         mNfcPassphrase = passphrase;
@@ -67,7 +68,7 @@ public class DecryptVerifyResult extends OperationResult {
         return mNfcSessionKey;
     }
 
-    public String getNfcPassphrase() {
+    public Passphrase getNfcPassphrase() {
         return mNfcPassphrase;
     }
 
@@ -109,7 +110,7 @@ public class DecryptVerifyResult extends OperationResult {
         mSignatureResult = source.readParcelable(OpenPgpSignatureResult.class.getClassLoader());
         mDecryptMetadata = source.readParcelable(OpenPgpMetadata.class.getClassLoader());
         mNfcSessionKey = source.readInt() != 0 ? source.createByteArray() : null;
-        mNfcPassphrase = source.readString();
+        mNfcPassphrase = source.readParcelable(Passphrase.class.getClassLoader());
     }
 
     public int describeContents() {
@@ -127,7 +128,7 @@ public class DecryptVerifyResult extends OperationResult {
         } else {
             dest.writeInt(0);
         }
-        dest.writeString(mNfcPassphrase);
+        dest.writeParcelable(mNfcPassphrase, flags);
     }
 
     public static final Creator<DecryptVerifyResult> CREATOR = new Creator<DecryptVerifyResult>() {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PgpSignEncryptResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PgpSignEncryptResult.java
index de2f64404..cf40001b3 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PgpSignEncryptResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/PgpSignEncryptResult.java
@@ -19,6 +19,8 @@ package org.sufficientlysecure.keychain.operations.results;
 
 import android.os.Parcel;
 
+import org.sufficientlysecure.keychain.util.Passphrase;
+
 import java.util.Date;
 
 public class PgpSignEncryptResult extends OperationResult {
@@ -36,7 +38,7 @@ public class PgpSignEncryptResult extends OperationResult {
     byte[] mNfcHash;
     int mNfcAlgo;
     Date mNfcTimestamp;
-    String mNfcPassphrase;
+    Passphrase mNfcPassphrase;
     byte[] mDetachedSignature;
 
     public long getKeyIdPassphraseNeeded() {
@@ -47,7 +49,7 @@ public class PgpSignEncryptResult extends OperationResult {
         mKeyIdPassphraseNeeded = keyIdPassphraseNeeded;
     }
 
-    public void setNfcData(long nfcKeyId, byte[] nfcHash, int nfcAlgo, Date nfcTimestamp, String passphrase) {
+    public void setNfcData(long nfcKeyId, byte[] nfcHash, int nfcAlgo, Date nfcTimestamp, Passphrase passphrase) {
         mNfcKeyId = nfcKeyId;
         mNfcHash = nfcHash;
         mNfcAlgo = nfcAlgo;
@@ -75,7 +77,7 @@ public class PgpSignEncryptResult extends OperationResult {
         return mNfcTimestamp;
     }
 
-    public String getNfcPassphrase() {
+    public Passphrase getNfcPassphrase() {
         return mNfcPassphrase;
     }
author	Dominik Schürmann <dominik@dominikschuermann.de>	2015-03-19 03:03:46 +0100
committer	Dominik Schürmann <dominik@dominikschuermann.de>	2015-03-19 03:03:46 +0100
commit	9c9f95c7acb92aad1f02e65271610fb3dca6c0dd (patch)
tree	75660812ee2e08ad0f8761e87168228ca2cadea7 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations
parent	dbcb7a9e10ec4418337e0dce1b4227cbc3b7bd4a (diff)
download	open-keychain-9c9f95c7acb92aad1f02e65271610fb3dca6c0dd.tar.gz open-keychain-9c9f95c7acb92aad1f02e65271610fb3dca6c0dd.tar.bz2 open-keychain-9c9f95c7acb92aad1f02e65271610fb3dca6c0dd.zip