diff --git a/proxy/pom.xml b/proxy/pom.xml
index 8b7e7dd7..a50f2660 100644
--- a/proxy/pom.xml
+++ b/proxy/pom.xml
@@ -61,12 +61,6 @@
5.1.24
runtime
-
- org.bouncycastle
- bcprov-jdk15on
- 1.49
- compile
-
org.javassist
javassist
diff --git a/proxy/src/main/java/net/md_5/bungee/EncryptionUtil.java b/proxy/src/main/java/net/md_5/bungee/EncryptionUtil.java
index 86c986ca..2331aa87 100644
--- a/proxy/src/main/java/net/md_5/bungee/EncryptionUtil.java
+++ b/proxy/src/main/java/net/md_5/bungee/EncryptionUtil.java
@@ -7,22 +7,16 @@ import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
-import java.security.Security;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
+import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import lombok.Getter;
import net.md_5.bungee.protocol.packet.PacketFCEncryptionResponse;
import net.md_5.bungee.protocol.packet.PacketFDEncryptionRequest;
-import org.bouncycastle.crypto.BufferedBlockCipher;
-import org.bouncycastle.crypto.engines.AESFastEngine;
-import org.bouncycastle.crypto.modes.CFBBlockCipher;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
/**
* Class containing all encryption related methods for the proxy.
@@ -37,7 +31,6 @@ public class EncryptionUtil
static
{
- Security.addProvider( new BouncyCastleProvider() );
try
{
keys = KeyPairGenerator.getInstance( "RSA" ).generateKeyPair();
@@ -71,10 +64,10 @@ public class EncryptionUtil
return new SecretKeySpec( cipher.doFinal( resp.getSharedSecret() ), "AES" );
}
- public static BufferedBlockCipher getCipher(boolean forEncryption, Key shared)
+ public static Cipher getCipher(int opMode, Key shared) throws GeneralSecurityException
{
- BufferedBlockCipher cip = new BufferedBlockCipher( new CFBBlockCipher( new AESFastEngine(), 8 ) );
- cip.init( forEncryption, new ParametersWithIV( new KeyParameter( shared.getEncoded() ), shared.getEncoded(), 0, 16 ) );
+ Cipher cip = Cipher.getInstance( "AES/CFB8/NoPadding" );
+ cip.init( opMode, shared, new IvParameterSpec( shared.getEncoded() ) );
return cip;
}
diff --git a/proxy/src/main/java/net/md_5/bungee/ServerConnector.java b/proxy/src/main/java/net/md_5/bungee/ServerConnector.java
index a06cfbfa..863bbf4d 100644
--- a/proxy/src/main/java/net/md_5/bungee/ServerConnector.java
+++ b/proxy/src/main/java/net/md_5/bungee/ServerConnector.java
@@ -7,6 +7,7 @@ import java.io.DataInput;
import java.security.PublicKey;
import java.util.Objects;
import java.util.Queue;
+import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import lombok.RequiredArgsConstructor;
import net.md_5.bungee.api.ChatColor;
@@ -38,7 +39,6 @@ import net.md_5.bungee.protocol.packet.PacketFCEncryptionResponse;
import net.md_5.bungee.protocol.packet.PacketFDEncryptionRequest;
import net.md_5.bungee.protocol.packet.PacketFFKick;
import net.md_5.bungee.protocol.packet.forge.Forge1Login;
-import org.bouncycastle.crypto.BufferedBlockCipher;
@RequiredArgsConstructor
public class ServerConnector extends PacketHandler
@@ -219,7 +219,7 @@ public class ServerConnector extends PacketHandler
ch.write( new PacketFCEncryptionResponse( shared, token ) );
- BufferedBlockCipher encrypt = EncryptionUtil.getCipher( true, secretkey );
+ Cipher encrypt = EncryptionUtil.getCipher( Cipher.ENCRYPT_MODE, secretkey );
ch.addBefore( PipelineUtils.PACKET_DECODE_HANDLER, PipelineUtils.ENCRYPT_HANDLER, new CipherEncoder( encrypt ) );
thisState = State.ENCRYPT_RESPONSE;
@@ -234,7 +234,7 @@ public class ServerConnector extends PacketHandler
{
Preconditions.checkState( thisState == State.ENCRYPT_RESPONSE, "Not expecting ENCRYPT_RESPONSE" );
- BufferedBlockCipher decrypt = EncryptionUtil.getCipher( false, secretkey );
+ Cipher decrypt = EncryptionUtil.getCipher( Cipher.DECRYPT_MODE, secretkey );
ch.addBefore( PipelineUtils.PACKET_DECODE_HANDLER, PipelineUtils.DECRYPT_HANDLER, new CipherDecoder( decrypt ) );
ch.write( user.getPendingConnection().getForgeLogin() );
diff --git a/proxy/src/main/java/net/md_5/bungee/connection/InitialHandler.java b/proxy/src/main/java/net/md_5/bungee/connection/InitialHandler.java
index 8a193431..09f17c30 100644
--- a/proxy/src/main/java/net/md_5/bungee/connection/InitialHandler.java
+++ b/proxy/src/main/java/net/md_5/bungee/connection/InitialHandler.java
@@ -10,6 +10,7 @@ import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
+import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import lombok.Getter;
import lombok.RequiredArgsConstructor;
@@ -50,7 +51,6 @@ import net.md_5.bungee.protocol.packet.PacketFDEncryptionRequest;
import net.md_5.bungee.protocol.packet.PacketFEPing;
import net.md_5.bungee.protocol.packet.PacketFFKick;
import net.md_5.bungee.reconnect.AbstractReconnectManager;
-import org.bouncycastle.crypto.BufferedBlockCipher;
@RequiredArgsConstructor
public class InitialHandler extends PacketHandler implements PendingConnection
@@ -230,7 +230,7 @@ public class InitialHandler extends PacketHandler implements PendingConnection
Preconditions.checkState( thisState == State.ENCRYPT, "Not expecting ENCRYPT" );
sharedKey = EncryptionUtil.getSecret( encryptResponse, request );
- BufferedBlockCipher decrypt = EncryptionUtil.getCipher( false, sharedKey );
+ Cipher decrypt = EncryptionUtil.getCipher( Cipher.DECRYPT_MODE, sharedKey );
ch.addBefore( PipelineUtils.PACKET_DECODE_HANDLER, PipelineUtils.DECRYPT_HANDLER, new CipherDecoder( decrypt ) );
if ( BungeeCord.getInstance().config.isOnlineMode() )
@@ -303,7 +303,7 @@ public class InitialHandler extends PacketHandler implements PendingConnection
thisState = InitialHandler.State.LOGIN;
unsafe().sendPacket( new PacketFCEncryptionResponse( new byte[ 0 ], new byte[ 0 ] ) );
- BufferedBlockCipher encrypt = EncryptionUtil.getCipher( true, sharedKey );
+ Cipher encrypt = EncryptionUtil.getCipher( Cipher.ENCRYPT_MODE, sharedKey );
ch.addBefore( PipelineUtils.DECRYPT_HANDLER, PipelineUtils.ENCRYPT_HANDLER, new CipherEncoder( encrypt ) );
}
};
diff --git a/proxy/src/main/java/net/md_5/bungee/netty/CipherBase.java b/proxy/src/main/java/net/md_5/bungee/netty/CipherBase.java
index 02bdaedd..5679afea 100644
--- a/proxy/src/main/java/net/md_5/bungee/netty/CipherBase.java
+++ b/proxy/src/main/java/net/md_5/bungee/netty/CipherBase.java
@@ -2,11 +2,11 @@ package net.md_5.bungee.netty;
import io.netty.buffer.ByteBuf;
import io.netty.channel.ChannelHandlerContext;
+import javax.crypto.Cipher;
import javax.crypto.ShortBufferException;
import lombok.AccessLevel;
import lombok.NonNull;
import lombok.RequiredArgsConstructor;
-import org.bouncycastle.crypto.BufferedBlockCipher;
/**
* Class to expose an
@@ -18,7 +18,7 @@ public class CipherBase
{
@NonNull
- private final BufferedBlockCipher cipher;
+ private final Cipher cipher;
private ThreadLocal heapInLocal = new EmptyByteThreadLocal();
private ThreadLocal heapOutLocal = new EmptyByteThreadLocal();
@@ -51,7 +51,7 @@ public class CipherBase
byte[] heapIn = bufToByte( in );
ByteBuf heapOut = ctx.alloc().heapBuffer( cipher.getOutputSize( readableBytes ) );
- heapOut.writerIndex( cipher.processBytes( heapIn, 0, readableBytes, heapOut.array(), heapOut.arrayOffset() ) );
+ heapOut.writerIndex( cipher.update( heapIn, 0, readableBytes, heapOut.array(), heapOut.arrayOffset() ) );
return heapOut;
}
@@ -68,6 +68,6 @@ public class CipherBase
heapOut = new byte[ outputSize ];
heapOutLocal.set( heapOut );
}
- out.writeBytes( heapOut, 0, cipher.processBytes( heapIn, 0, readableBytes, heapOut, 0 ) );
+ out.writeBytes( heapOut, 0, cipher.update( heapIn, 0, readableBytes, heapOut ) );
}
}
diff --git a/proxy/src/main/java/net/md_5/bungee/netty/CipherDecoder.java b/proxy/src/main/java/net/md_5/bungee/netty/CipherDecoder.java
index 855c69ad..91fba349 100644
--- a/proxy/src/main/java/net/md_5/bungee/netty/CipherDecoder.java
+++ b/proxy/src/main/java/net/md_5/bungee/netty/CipherDecoder.java
@@ -4,14 +4,14 @@ import io.netty.buffer.ByteBuf;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.MessageList;
import io.netty.handler.codec.MessageToMessageDecoder;
-import org.bouncycastle.crypto.BufferedBlockCipher;
+import javax.crypto.Cipher;
public class CipherDecoder extends MessageToMessageDecoder
{
private final CipherBase cipher;
- public CipherDecoder(BufferedBlockCipher cipher)
+ public CipherDecoder(Cipher cipher)
{
this.cipher = new CipherBase( cipher );
}
diff --git a/proxy/src/main/java/net/md_5/bungee/netty/CipherEncoder.java b/proxy/src/main/java/net/md_5/bungee/netty/CipherEncoder.java
index c300a181..7e5c0ec6 100644
--- a/proxy/src/main/java/net/md_5/bungee/netty/CipherEncoder.java
+++ b/proxy/src/main/java/net/md_5/bungee/netty/CipherEncoder.java
@@ -3,14 +3,14 @@ package net.md_5.bungee.netty;
import io.netty.buffer.ByteBuf;
import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.codec.MessageToByteEncoder;
-import org.bouncycastle.crypto.BufferedBlockCipher;
+import javax.crypto.Cipher;
public class CipherEncoder extends MessageToByteEncoder
{
private final CipherBase cipher;
- public CipherEncoder(BufferedBlockCipher cipher)
+ public CipherEncoder(Cipher cipher)
{
this.cipher = new CipherBase( cipher );
}