Replace OpenSSL native cipher with static mbed TLS for maximum compat
This commit is contained in:
parent
93819212b8
commit
a5ffeae757
@ -1,25 +1,45 @@
|
||||
#include <openssl/evp.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <mbedtls/aes.h>
|
||||
#include "net_md_5_bungee_jni_cipher_NativeCipherImpl.h"
|
||||
|
||||
typedef unsigned char byte;
|
||||
|
||||
struct crypto_context {
|
||||
int mode;
|
||||
mbedtls_aes_context cipher;
|
||||
byte *key;
|
||||
};
|
||||
|
||||
jlong JNICALL Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_init(JNIEnv* env, jobject obj, jboolean forEncryption, jbyteArray key) {
|
||||
jsize keyLen = env->GetArrayLength(key);
|
||||
jbyte *keyBytes = env->GetByteArrayElements(key, NULL);
|
||||
|
||||
// TODO: Perhaps we need to throw some exceptions in the unlikely event this fails?
|
||||
EVP_CIPHER_CTX *cipherCtx = EVP_CIPHER_CTX_new();
|
||||
EVP_CipherInit(cipherCtx, EVP_aes_128_cfb8(), (byte*) keyBytes, (byte*) keyBytes, forEncryption);
|
||||
crypto_context *crypto = (crypto_context*) malloc(sizeof (crypto_context));
|
||||
mbedtls_aes_init(&crypto->cipher);
|
||||
|
||||
mbedtls_aes_setkey_enc(&crypto->cipher, (byte*) keyBytes, keyLen * 8);
|
||||
|
||||
crypto->key = (byte*) malloc(keyLen);
|
||||
memcpy(crypto->key, keyBytes, keyLen);
|
||||
|
||||
crypto->mode = (forEncryption) ? MBEDTLS_AES_ENCRYPT : MBEDTLS_AES_DECRYPT;
|
||||
|
||||
env->ReleaseByteArrayElements(key, keyBytes, JNI_ABORT);
|
||||
return (jlong) cipherCtx;
|
||||
return (jlong) crypto;
|
||||
}
|
||||
|
||||
void Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_free(JNIEnv* env, jobject obj, jlong ctx) {
|
||||
// TODO: Perhaps we need to throw some exceptions in the unlikely event this fails?
|
||||
EVP_CIPHER_CTX_free((EVP_CIPHER_CTX*) ctx);
|
||||
crypto_context *crypto = (crypto_context*) ctx;
|
||||
|
||||
mbedtls_aes_free(&crypto->cipher);
|
||||
free(crypto->key);
|
||||
free(crypto);
|
||||
}
|
||||
|
||||
void Java_net_md_15_bungee_jni_cipher_NativeCipherImpl_cipher(JNIEnv* env, jobject obj, jlong ctx, jlong in, jlong out, jint length) {
|
||||
// TODO: Perhaps we need to throw some exceptions in the unlikely event this fails?
|
||||
EVP_CipherUpdate((EVP_CIPHER_CTX*) ctx, (byte*) out, &length, (byte*) in, length);
|
||||
crypto_context *crypto = (crypto_context*) ctx;
|
||||
|
||||
mbedtls_aes_crypt_cfb8(&crypto->cipher, crypto->mode, length, crypto->key, (byte*) in, (byte*) out);
|
||||
}
|
||||
|
Binary file not shown.
@ -29,7 +29,7 @@ public class NativeCipherTest
|
||||
private static final NativeCode<BungeeCipher> factory = new NativeCode( "native-cipher", JavaCipher.class, NativeCipher.class );
|
||||
|
||||
@Test
|
||||
public void testOpenSSL() throws Exception
|
||||
public void testNative() throws Exception
|
||||
{
|
||||
if ( NativeCode.isSupported() )
|
||||
{
|
||||
@ -37,13 +37,13 @@ public class NativeCipherTest
|
||||
Assert.assertTrue( "Native cipher failed to load!", loaded );
|
||||
|
||||
NativeCipher cipher = new NativeCipher();
|
||||
System.out.println( "Testing OpenSSL cipher..." );
|
||||
System.out.println( "Testing native cipher..." );
|
||||
testACipher( cipher );
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testOpenSSLBenchmark() throws Exception
|
||||
public void testNativeBenchmark() throws Exception
|
||||
{
|
||||
if ( NativeCode.isSupported() )
|
||||
{
|
||||
@ -52,7 +52,7 @@ public class NativeCipherTest
|
||||
|
||||
NativeCipher cipher = new NativeCipher();
|
||||
|
||||
System.out.println( "Benchmarking OpenSSL cipher..." );
|
||||
System.out.println( "Benchmarking native cipher..." );
|
||||
testBenchmark( cipher );
|
||||
}
|
||||
}
|
||||
|
@ -220,17 +220,17 @@ public class BungeeCord extends ProxyServer
|
||||
{
|
||||
if ( EncryptionUtil.nativeFactory.load() )
|
||||
{
|
||||
logger.info( "Using OpenSSL based native cipher." );
|
||||
logger.info( "Using mbed TLS based native cipher." );
|
||||
} else
|
||||
{
|
||||
logger.info( "Using standard Java JCE cipher. To enable the OpenSSL based native cipher, please make sure you are using 64 bit Ubuntu or Debian with libssl installed." );
|
||||
logger.info( "Using standard Java JCE cipher." );
|
||||
}
|
||||
if ( CompressFactory.zlib.load() )
|
||||
{
|
||||
logger.info( "Using native code compressor" );
|
||||
logger.info( "Using zlib based native compressor." );
|
||||
} else
|
||||
{
|
||||
logger.info( "Using standard Java compressor. To enable zero copy compression, run on 64 bit Linux" );
|
||||
logger.info( "Using standard Java compressor." );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user