Replace OpenSSL native cipher with static mbed TLS for maximum compat
This commit is contained in:
parent
93819212b8
commit
a5ffeae757
@ -1,25 +1,45 @@
|
|||||||
#include <openssl/evp.h>
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
#include <mbedtls/aes.h>
|
||||||
#include "net_md_5_bungee_jni_cipher_NativeCipherImpl.h"
|
#include "net_md_5_bungee_jni_cipher_NativeCipherImpl.h"
|
||||||
|
|
||||||
typedef unsigned char byte;
|
typedef unsigned char byte;
|
||||||
|
|
||||||
|
struct crypto_context {
|
||||||
|
int mode;
|
||||||
|
mbedtls_aes_context cipher;
|
||||||
|
byte *key;
|
||||||
|
};
|
||||||
|
|
||||||
jlong JNICALL Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_init(JNIEnv* env, jobject obj, jboolean forEncryption, jbyteArray key) {
|
jlong JNICALL Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_init(JNIEnv* env, jobject obj, jboolean forEncryption, jbyteArray key) {
|
||||||
|
jsize keyLen = env->GetArrayLength(key);
|
||||||
jbyte *keyBytes = env->GetByteArrayElements(key, NULL);
|
jbyte *keyBytes = env->GetByteArrayElements(key, NULL);
|
||||||
|
|
||||||
// TODO: Perhaps we need to throw some exceptions in the unlikely event this fails?
|
crypto_context *crypto = (crypto_context*) malloc(sizeof (crypto_context));
|
||||||
EVP_CIPHER_CTX *cipherCtx = EVP_CIPHER_CTX_new();
|
mbedtls_aes_init(&crypto->cipher);
|
||||||
EVP_CipherInit(cipherCtx, EVP_aes_128_cfb8(), (byte*) keyBytes, (byte*) keyBytes, forEncryption);
|
|
||||||
|
mbedtls_aes_setkey_enc(&crypto->cipher, (byte*) keyBytes, keyLen * 8);
|
||||||
|
|
||||||
|
crypto->key = (byte*) malloc(keyLen);
|
||||||
|
memcpy(crypto->key, keyBytes, keyLen);
|
||||||
|
|
||||||
|
crypto->mode = (forEncryption) ? MBEDTLS_AES_ENCRYPT : MBEDTLS_AES_DECRYPT;
|
||||||
|
|
||||||
env->ReleaseByteArrayElements(key, keyBytes, JNI_ABORT);
|
env->ReleaseByteArrayElements(key, keyBytes, JNI_ABORT);
|
||||||
return (jlong) cipherCtx;
|
return (jlong) crypto;
|
||||||
}
|
}
|
||||||
|
|
||||||
void Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_free(JNIEnv* env, jobject obj, jlong ctx) {
|
void Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_free(JNIEnv* env, jobject obj, jlong ctx) {
|
||||||
// TODO: Perhaps we need to throw some exceptions in the unlikely event this fails?
|
crypto_context *crypto = (crypto_context*) ctx;
|
||||||
EVP_CIPHER_CTX_free((EVP_CIPHER_CTX*) ctx);
|
|
||||||
|
mbedtls_aes_free(&crypto->cipher);
|
||||||
|
free(crypto->key);
|
||||||
|
free(crypto);
|
||||||
}
|
}
|
||||||
|
|
||||||
void Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_cipher(JNIEnv* env, jobject obj, jlong ctx, jlong in, jlong out, jint length) {
|
void Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_cipher(JNIEnv* env, jobject obj, jlong ctx, jlong in, jlong out, jint length) {
|
||||||
// TODO: Perhaps we need to throw some exceptions in the unlikely event this fails?
|
crypto_context *crypto = (crypto_context*) ctx;
|
||||||
EVP_CipherUpdate((EVP_CIPHER_CTX*) ctx, (byte*) out, &length, (byte*) in, length);
|
|
||||||
|
mbedtls_aes_crypt_cfb8(&crypto->cipher, crypto->mode, length, crypto->key, (byte*) in, (byte*) out);
|
||||||
}
|
}
|
||||||
|
Binary file not shown.
@ -29,7 +29,7 @@ public class NativeCipherTest
|
|||||||
private static final NativeCode<BungeeCipher> factory = new NativeCode( "native-cipher", JavaCipher.class, NativeCipher.class );
|
private static final NativeCode<BungeeCipher> factory = new NativeCode( "native-cipher", JavaCipher.class, NativeCipher.class );
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testOpenSSL() throws Exception
|
public void testNative() throws Exception
|
||||||
{
|
{
|
||||||
if ( NativeCode.isSupported() )
|
if ( NativeCode.isSupported() )
|
||||||
{
|
{
|
||||||
@ -37,13 +37,13 @@ public class NativeCipherTest
|
|||||||
Assert.assertTrue( "Native cipher failed to load!", loaded );
|
Assert.assertTrue( "Native cipher failed to load!", loaded );
|
||||||
|
|
||||||
NativeCipher cipher = new NativeCipher();
|
NativeCipher cipher = new NativeCipher();
|
||||||
System.out.println( "Testing OpenSSL cipher..." );
|
System.out.println( "Testing native cipher..." );
|
||||||
testACipher( cipher );
|
testACipher( cipher );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testOpenSSLBenchmark() throws Exception
|
public void testNativeBenchmark() throws Exception
|
||||||
{
|
{
|
||||||
if ( NativeCode.isSupported() )
|
if ( NativeCode.isSupported() )
|
||||||
{
|
{
|
||||||
@ -52,7 +52,7 @@ public class NativeCipherTest
|
|||||||
|
|
||||||
NativeCipher cipher = new NativeCipher();
|
NativeCipher cipher = new NativeCipher();
|
||||||
|
|
||||||
System.out.println( "Benchmarking OpenSSL cipher..." );
|
System.out.println( "Benchmarking native cipher..." );
|
||||||
testBenchmark( cipher );
|
testBenchmark( cipher );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -220,17 +220,17 @@ public class BungeeCord extends ProxyServer
|
|||||||
{
|
{
|
||||||
if ( EncryptionUtil.nativeFactory.load() )
|
if ( EncryptionUtil.nativeFactory.load() )
|
||||||
{
|
{
|
||||||
logger.info( "Using OpenSSL based native cipher." );
|
logger.info( "Using mbed TLS based native cipher." );
|
||||||
} else
|
} else
|
||||||
{
|
{
|
||||||
logger.info( "Using standard Java JCE cipher. To enable the OpenSSL based native cipher, please make sure you are using 64 bit Ubuntu or Debian with libssl installed." );
|
logger.info( "Using standard Java JCE cipher." );
|
||||||
}
|
}
|
||||||
if ( CompressFactory.zlib.load() )
|
if ( CompressFactory.zlib.load() )
|
||||||
{
|
{
|
||||||
logger.info( "Using native code compressor" );
|
logger.info( "Using zlib based native compressor." );
|
||||||
} else
|
} else
|
||||||
{
|
{
|
||||||
logger.info( "Using standard Java compressor. To enable zero copy compression, run on 64 bit Linux" );
|
logger.info( "Using standard Java compressor." );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user