Replace OpenSSL native cipher with static mbed TLS for maximum compat

2017-06-29 08:52:13 +10:00 · 2017-06-29 08:52:13 +10:00 · a5ffeae757
commit a5ffeae757
parent 93819212b8
4 changed files with 37 additions and 17 deletions
--- a/native/src/main/c/NativeCipherImpl.cpp
+++ b/native/src/main/c/NativeCipherImpl.cpp
@ -1,25 +1,45 @@
-#include <openssl/evp.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <mbedtls/aes.h>
 #include "net_md_5_bungee_jni_cipher_NativeCipherImpl.h"

 typedef unsigned char byte;

+struct crypto_context {
+    int mode;
+    mbedtls_aes_context cipher;
+    byte *key;
+};
+
 jlong JNICALL Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_init(JNIEnv* env, jobject obj, jboolean forEncryption, jbyteArray key) {
+    jsize keyLen = env->GetArrayLength(key);
    jbyte *keyBytes = env->GetByteArrayElements(key, NULL);

-    // TODO: Perhaps we need to throw some exceptions in the unlikely event this fails?
-    EVP_CIPHER_CTX *cipherCtx = EVP_CIPHER_CTX_new();
-    EVP_CipherInit(cipherCtx, EVP_aes_128_cfb8(), (byte*) keyBytes, (byte*) keyBytes, forEncryption);
+    crypto_context *crypto = (crypto_context*) malloc(sizeof (crypto_context));
+    mbedtls_aes_init(&crypto->cipher);
+
+    mbedtls_aes_setkey_enc(&crypto->cipher, (byte*) keyBytes, keyLen * 8);
+
+    crypto->key = (byte*) malloc(keyLen);
+    memcpy(crypto->key, keyBytes, keyLen);
+
+    crypto->mode = (forEncryption) ? MBEDTLS_AES_ENCRYPT : MBEDTLS_AES_DECRYPT;

    env->ReleaseByteArrayElements(key, keyBytes, JNI_ABORT);
-    return (jlong) cipherCtx;
+    return (jlong) crypto;
 }

 void Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_free(JNIEnv* env, jobject obj, jlong ctx) {
-    // TODO: Perhaps we need to throw some exceptions in the unlikely event this fails?
-    EVP_CIPHER_CTX_free((EVP_CIPHER_CTX*) ctx);
+    crypto_context *crypto = (crypto_context*) ctx;
+
+    mbedtls_aes_free(&crypto->cipher);
+    free(crypto->key);
+    free(crypto);
 }

 void Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_cipher(JNIEnv* env, jobject obj, jlong ctx, jlong in, jlong out, jint length) {
-    // TODO: Perhaps we need to throw some exceptions in the unlikely event this fails?
-    EVP_CipherUpdate((EVP_CIPHER_CTX*) ctx, (byte*) out, &length, (byte*) in, length);
+    crypto_context *crypto = (crypto_context*) ctx;
+
+    mbedtls_aes_crypt_cfb8(&crypto->cipher, crypto->mode, length, crypto->key, (byte*) in, (byte*) out);
 }
--- a/native/src/main/resources/native-cipher.so
+++ b/native/src/main/resources/native-cipher.so
--- a/native/src/test/java/net/md_5/bungee/NativeCipherTest.java
+++ b/native/src/test/java/net/md_5/bungee/NativeCipherTest.java
@ -29,7 +29,7 @@ public class NativeCipherTest
    private static final NativeCode<BungeeCipher> factory = new NativeCode( "native-cipher", JavaCipher.class, NativeCipher.class );

    @Test
-    public void testOpenSSL() throws Exception
+    public void testNative() throws Exception
    {
        if ( NativeCode.isSupported() )
        {
@ -37,13 +37,13 @@ public class NativeCipherTest
            Assert.assertTrue( "Native cipher failed to load!", loaded );

            NativeCipher cipher = new NativeCipher();
-            System.out.println( "Testing OpenSSL cipher..." );
+            System.out.println( "Testing native cipher..." );
            testACipher( cipher );
        }
    }

    @Test
-    public void testOpenSSLBenchmark() throws Exception
+    public void testNativeBenchmark() throws Exception
    {
        if ( NativeCode.isSupported() )
        {
@ -52,7 +52,7 @@ public class NativeCipherTest

            NativeCipher cipher = new NativeCipher();

-            System.out.println( "Benchmarking OpenSSL cipher..." );
+            System.out.println( "Benchmarking native cipher..." );
            testBenchmark( cipher );
        }
    }
--- a/proxy/src/main/java/net/md_5/bungee/BungeeCord.java
+++ b/proxy/src/main/java/net/md_5/bungee/BungeeCord.java
@ -220,17 +220,17 @@ public class BungeeCord extends ProxyServer
        {
            if ( EncryptionUtil.nativeFactory.load() )
            {
-                logger.info( "Using OpenSSL based native cipher." );
+                logger.info( "Using mbed TLS based native cipher." );
            } else
            {
-                logger.info( "Using standard Java JCE cipher. To enable the OpenSSL based native cipher, please make sure you are using 64 bit Ubuntu or Debian with libssl installed." );
+                logger.info( "Using standard Java JCE cipher." );
            }
            if ( CompressFactory.zlib.load() )
            {
-                logger.info( "Using native code compressor" );
+                logger.info( "Using zlib based native compressor." );
            } else
            {
-                logger.info( "Using standard Java compressor. To enable zero copy compression, run on 64 bit Linux" );
+                logger.info( "Using standard Java compressor." );
            }
        }
    }