Replace OpenSSL native cipher with static mbed TLS for maximum compat

This commit is contained in:
md_5 2017-06-29 08:52:13 +10:00
parent 93819212b8
commit a5ffeae757
4 changed files with 37 additions and 17 deletions

View File

@ -1,25 +1,45 @@
#include <openssl/evp.h>
#include <stdlib.h>
#include <string.h>
#include <mbedtls/aes.h>
#include "net_md_5_bungee_jni_cipher_NativeCipherImpl.h"
typedef unsigned char byte;
struct crypto_context {
int mode;
mbedtls_aes_context cipher;
byte *key;
};
jlong JNICALL Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_init(JNIEnv* env, jobject obj, jboolean forEncryption, jbyteArray key) {
jsize keyLen = env->GetArrayLength(key);
jbyte *keyBytes = env->GetByteArrayElements(key, NULL);
// TODO: Perhaps we need to throw some exceptions in the unlikely event this fails?
EVP_CIPHER_CTX *cipherCtx = EVP_CIPHER_CTX_new();
EVP_CipherInit(cipherCtx, EVP_aes_128_cfb8(), (byte*) keyBytes, (byte*) keyBytes, forEncryption);
crypto_context *crypto = (crypto_context*) malloc(sizeof (crypto_context));
mbedtls_aes_init(&crypto->cipher);
mbedtls_aes_setkey_enc(&crypto->cipher, (byte*) keyBytes, keyLen * 8);
crypto->key = (byte*) malloc(keyLen);
memcpy(crypto->key, keyBytes, keyLen);
crypto->mode = (forEncryption) ? MBEDTLS_AES_ENCRYPT : MBEDTLS_AES_DECRYPT;
env->ReleaseByteArrayElements(key, keyBytes, JNI_ABORT);
return (jlong) cipherCtx;
return (jlong) crypto;
}
void Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_free(JNIEnv* env, jobject obj, jlong ctx) {
// TODO: Perhaps we need to throw some exceptions in the unlikely event this fails?
EVP_CIPHER_CTX_free((EVP_CIPHER_CTX*) ctx);
crypto_context *crypto = (crypto_context*) ctx;
mbedtls_aes_free(&crypto->cipher);
free(crypto->key);
free(crypto);
}
void Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_cipher(JNIEnv* env, jobject obj, jlong ctx, jlong in, jlong out, jint length) {
// TODO: Perhaps we need to throw some exceptions in the unlikely event this fails?
EVP_CipherUpdate((EVP_CIPHER_CTX*) ctx, (byte*) out, &length, (byte*) in, length);
crypto_context *crypto = (crypto_context*) ctx;
mbedtls_aes_crypt_cfb8(&crypto->cipher, crypto->mode, length, crypto->key, (byte*) in, (byte*) out);
}

View File

@ -29,7 +29,7 @@ public class NativeCipherTest
private static final NativeCode<BungeeCipher> factory = new NativeCode( "native-cipher", JavaCipher.class, NativeCipher.class );
@Test
public void testOpenSSL() throws Exception
public void testNative() throws Exception
{
if ( NativeCode.isSupported() )
{
@ -37,13 +37,13 @@ public class NativeCipherTest
Assert.assertTrue( "Native cipher failed to load!", loaded );
NativeCipher cipher = new NativeCipher();
System.out.println( "Testing OpenSSL cipher..." );
System.out.println( "Testing native cipher..." );
testACipher( cipher );
}
}
@Test
public void testOpenSSLBenchmark() throws Exception
public void testNativeBenchmark() throws Exception
{
if ( NativeCode.isSupported() )
{
@ -52,7 +52,7 @@ public class NativeCipherTest
NativeCipher cipher = new NativeCipher();
System.out.println( "Benchmarking OpenSSL cipher..." );
System.out.println( "Benchmarking native cipher..." );
testBenchmark( cipher );
}
}

View File

@ -220,17 +220,17 @@ public class BungeeCord extends ProxyServer
{
if ( EncryptionUtil.nativeFactory.load() )
{
logger.info( "Using OpenSSL based native cipher." );
logger.info( "Using mbed TLS based native cipher." );
} else
{
logger.info( "Using standard Java JCE cipher. To enable the OpenSSL based native cipher, please make sure you are using 64 bit Ubuntu or Debian with libssl installed." );
logger.info( "Using standard Java JCE cipher." );
}
if ( CompressFactory.zlib.load() )
{
logger.info( "Using native code compressor" );
logger.info( "Using zlib based native compressor." );
} else
{
logger.info( "Using standard Java compressor. To enable zero copy compression, run on 64 bit Linux" );
logger.info( "Using standard Java compressor." );
}
}
}