Replace OpenSSL native cipher with static mbed TLS for maximum compat

This commit is contained in:
md_5 2017-06-29 08:52:13 +10:00
parent 93819212b8
commit a5ffeae757
4 changed files with 37 additions and 17 deletions

View File

@ -1,25 +1,45 @@
#include <openssl/evp.h> #include <stdlib.h>
#include <string.h>
#include <mbedtls/aes.h>
#include "net_md_5_bungee_jni_cipher_NativeCipherImpl.h" #include "net_md_5_bungee_jni_cipher_NativeCipherImpl.h"
typedef unsigned char byte; typedef unsigned char byte;
struct crypto_context {
int mode;
mbedtls_aes_context cipher;
byte *key;
};
jlong JNICALL Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_init(JNIEnv* env, jobject obj, jboolean forEncryption, jbyteArray key) { jlong JNICALL Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_init(JNIEnv* env, jobject obj, jboolean forEncryption, jbyteArray key) {
jsize keyLen = env->GetArrayLength(key);
jbyte *keyBytes = env->GetByteArrayElements(key, NULL); jbyte *keyBytes = env->GetByteArrayElements(key, NULL);
// TODO: Perhaps we need to throw some exceptions in the unlikely event this fails? crypto_context *crypto = (crypto_context*) malloc(sizeof (crypto_context));
EVP_CIPHER_CTX *cipherCtx = EVP_CIPHER_CTX_new(); mbedtls_aes_init(&crypto->cipher);
EVP_CipherInit(cipherCtx, EVP_aes_128_cfb8(), (byte*) keyBytes, (byte*) keyBytes, forEncryption);
mbedtls_aes_setkey_enc(&crypto->cipher, (byte*) keyBytes, keyLen * 8);
crypto->key = (byte*) malloc(keyLen);
memcpy(crypto->key, keyBytes, keyLen);
crypto->mode = (forEncryption) ? MBEDTLS_AES_ENCRYPT : MBEDTLS_AES_DECRYPT;
env->ReleaseByteArrayElements(key, keyBytes, JNI_ABORT); env->ReleaseByteArrayElements(key, keyBytes, JNI_ABORT);
return (jlong) cipherCtx; return (jlong) crypto;
} }
void Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_free(JNIEnv* env, jobject obj, jlong ctx) { void Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_free(JNIEnv* env, jobject obj, jlong ctx) {
// TODO: Perhaps we need to throw some exceptions in the unlikely event this fails? crypto_context *crypto = (crypto_context*) ctx;
EVP_CIPHER_CTX_free((EVP_CIPHER_CTX*) ctx);
mbedtls_aes_free(&crypto->cipher);
free(crypto->key);
free(crypto);
} }
void Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_cipher(JNIEnv* env, jobject obj, jlong ctx, jlong in, jlong out, jint length) { void Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_cipher(JNIEnv* env, jobject obj, jlong ctx, jlong in, jlong out, jint length) {
// TODO: Perhaps we need to throw some exceptions in the unlikely event this fails? crypto_context *crypto = (crypto_context*) ctx;
EVP_CipherUpdate((EVP_CIPHER_CTX*) ctx, (byte*) out, &length, (byte*) in, length);
mbedtls_aes_crypt_cfb8(&crypto->cipher, crypto->mode, length, crypto->key, (byte*) in, (byte*) out);
} }

View File

@ -29,7 +29,7 @@ public class NativeCipherTest
private static final NativeCode<BungeeCipher> factory = new NativeCode( "native-cipher", JavaCipher.class, NativeCipher.class ); private static final NativeCode<BungeeCipher> factory = new NativeCode( "native-cipher", JavaCipher.class, NativeCipher.class );
@Test @Test
public void testOpenSSL() throws Exception public void testNative() throws Exception
{ {
if ( NativeCode.isSupported() ) if ( NativeCode.isSupported() )
{ {
@ -37,13 +37,13 @@ public class NativeCipherTest
Assert.assertTrue( "Native cipher failed to load!", loaded ); Assert.assertTrue( "Native cipher failed to load!", loaded );
NativeCipher cipher = new NativeCipher(); NativeCipher cipher = new NativeCipher();
System.out.println( "Testing OpenSSL cipher..." ); System.out.println( "Testing native cipher..." );
testACipher( cipher ); testACipher( cipher );
} }
} }
@Test @Test
public void testOpenSSLBenchmark() throws Exception public void testNativeBenchmark() throws Exception
{ {
if ( NativeCode.isSupported() ) if ( NativeCode.isSupported() )
{ {
@ -52,7 +52,7 @@ public class NativeCipherTest
NativeCipher cipher = new NativeCipher(); NativeCipher cipher = new NativeCipher();
System.out.println( "Benchmarking OpenSSL cipher..." ); System.out.println( "Benchmarking native cipher..." );
testBenchmark( cipher ); testBenchmark( cipher );
} }
} }

View File

@ -220,17 +220,17 @@ public class BungeeCord extends ProxyServer
{ {
if ( EncryptionUtil.nativeFactory.load() ) if ( EncryptionUtil.nativeFactory.load() )
{ {
logger.info( "Using OpenSSL based native cipher." ); logger.info( "Using mbed TLS based native cipher." );
} else } else
{ {
logger.info( "Using standard Java JCE cipher. To enable the OpenSSL based native cipher, please make sure you are using 64 bit Ubuntu or Debian with libssl installed." ); logger.info( "Using standard Java JCE cipher." );
} }
if ( CompressFactory.zlib.load() ) if ( CompressFactory.zlib.load() )
{ {
logger.info( "Using native code compressor" ); logger.info( "Using zlib based native compressor." );
} else } else
{ {
logger.info( "Using standard Java compressor. To enable zero copy compression, run on 64 bit Linux" ); logger.info( "Using standard Java compressor." );
} }
} }
} }