Updated dependencies for bouncycastle
This commit is contained in:
nathan
parent
4b1c491c21
commit
094bc76a6e
|
|
@ -31,7 +31,7 @@ import dorkbox.network.util.store.NullSettingsStore;
|
|||
import dorkbox.network.util.store.SettingsStore;
|
||||
import dorkbox.util.collections.IntMap;
|
||||
import dorkbox.util.collections.IntMap.Entries;
|
||||
import dorkbox.util.crypto.Crypto;
|
||||
import dorkbox.util.crypto.CryptoECC;
|
||||
import dorkbox.util.entropy.Entropy;
|
||||
import dorkbox.util.exceptions.InitializationException;
|
||||
import dorkbox.util.exceptions.SecurityException;
|
||||
|
|
@ -230,8 +230,8 @@ class EndPoint<C extends Connection> {
|
|||
SecureRandom secureRandom = new SecureRandom(seedBytes);
|
||||
secureRandom.nextBytes(seedBytes);
|
||||
|
||||
this.logger.debug("Now generating ECC (" + Crypto.ECC.p521_curve + ") keys. Please wait!");
|
||||
AsymmetricCipherKeyPair generateKeyPair = Crypto.ECC.generateKeyPair(Crypto.ECC.p521_curve, secureRandom);
|
||||
this.logger.debug("Now generating ECC (" + CryptoECC.p521_curve + ") keys. Please wait!");
|
||||
AsymmetricCipherKeyPair generateKeyPair = CryptoECC.generateKeyPair(CryptoECC.p521_curve, secureRandom);
|
||||
|
||||
privateKey = (ECPrivateKeyParameters) generateKeyPair.getPrivate();
|
||||
publicKey = (ECPublicKeyParameters) generateKeyPair.getPublic();
|
||||
|
|
@ -759,7 +759,7 @@ class EndPoint<C extends Connection> {
|
|||
return false;
|
||||
}
|
||||
}
|
||||
else if (!Crypto.ECC.compare(this.privateKey, other.privateKey)) {
|
||||
else if (!CryptoECC.compare(this.privateKey, other.privateKey)) {
|
||||
return false;
|
||||
}
|
||||
if (this.publicKey == null) {
|
||||
|
|
@ -767,7 +767,7 @@ class EndPoint<C extends Connection> {
|
|||
return false;
|
||||
}
|
||||
}
|
||||
else if (!Crypto.ECC.compare(this.publicKey, other.publicKey)) {
|
||||
else if (!CryptoECC.compare(this.publicKey, other.publicKey)) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
|
|
|
|||
|
|
@ -15,7 +15,11 @@
|
|||
*/
|
||||
package dorkbox.network.connection;
|
||||
|
||||
import com.esotericsoftware.kryo.*;
|
||||
import com.esotericsoftware.kryo.ClassResolver;
|
||||
import com.esotericsoftware.kryo.Kryo;
|
||||
import com.esotericsoftware.kryo.KryoException;
|
||||
import com.esotericsoftware.kryo.Registration;
|
||||
import com.esotericsoftware.kryo.Serializer;
|
||||
import com.esotericsoftware.kryo.factories.ReflectionSerializerFactory;
|
||||
import com.esotericsoftware.kryo.factories.SerializerFactory;
|
||||
import com.esotericsoftware.kryo.io.Input;
|
||||
|
|
@ -24,13 +28,26 @@ import com.esotericsoftware.kryo.serializers.CollectionSerializer;
|
|||
import com.esotericsoftware.kryo.serializers.FieldSerializer;
|
||||
import com.esotericsoftware.kryo.util.MapReferenceResolver;
|
||||
import dorkbox.network.connection.ping.PingMessage;
|
||||
import dorkbox.network.rmi.*;
|
||||
import dorkbox.network.rmi.CachedMethod;
|
||||
import dorkbox.network.rmi.InvokeMethod;
|
||||
import dorkbox.network.rmi.InvokeMethodResult;
|
||||
import dorkbox.network.rmi.InvokeMethodSerializer;
|
||||
import dorkbox.network.rmi.RemoteInvocationHandler;
|
||||
import dorkbox.network.rmi.RemoteObjectSerializer;
|
||||
import dorkbox.network.rmi.RmiRegistration;
|
||||
import dorkbox.network.util.CryptoSerializationManager;
|
||||
import dorkbox.util.crypto.Crypto;
|
||||
import dorkbox.util.crypto.CryptoAES;
|
||||
import dorkbox.util.objectPool.ObjectPool;
|
||||
import dorkbox.util.objectPool.ObjectPoolFactory;
|
||||
import dorkbox.util.objectPool.PoolableObject;
|
||||
import dorkbox.util.serialization.*;
|
||||
import dorkbox.util.serialization.ArraysAsListSerializer;
|
||||
import dorkbox.util.serialization.EccPrivateKeySerializer;
|
||||
import dorkbox.util.serialization.EccPublicKeySerializer;
|
||||
import dorkbox.util.serialization.FieldAnnotationAwareSerializer;
|
||||
import dorkbox.util.serialization.IesParametersSerializer;
|
||||
import dorkbox.util.serialization.IesWithCipherParametersSerializer;
|
||||
import dorkbox.util.serialization.IgnoreSerialization;
|
||||
import dorkbox.util.serialization.UnmodifiableCollectionsSerializer;
|
||||
import io.netty.buffer.ByteBuf;
|
||||
import io.netty.buffer.ByteBufUtil;
|
||||
import io.netty.handler.codec.compression.CompressionException;
|
||||
|
|
@ -887,7 +904,7 @@ class KryoCryptoSerializationManager implements CryptoSerializationManager {
|
|||
logger2.trace("Encrypting data with - AES {}", connection);
|
||||
}
|
||||
|
||||
Crypto.AES.encrypt(kryo.aesEngine, connection.getCryptoParameters(), bufferWithData, bufferTempData, length, logger);
|
||||
CryptoAES.encrypt(kryo.aesEngine, connection.getCryptoParameters(), bufferWithData, bufferTempData, length, logger);
|
||||
|
||||
// swap buffers
|
||||
ByteBuf tmp = bufferWithData;
|
||||
|
|
@ -962,7 +979,7 @@ class KryoCryptoSerializationManager implements CryptoSerializationManager {
|
|||
}
|
||||
|
||||
// length-1 to adjust for the magic byte
|
||||
Crypto.AES.decrypt(kryo.aesEngine, connection.getCryptoParameters(), bufferWithData, bufferTempData, length - 1, logger);
|
||||
CryptoAES.decrypt(kryo.aesEngine, connection.getCryptoParameters(), bufferWithData, bufferTempData, length - 1, logger);
|
||||
|
||||
// correct which buffers are used
|
||||
bufferWithData = bufferTempData;
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ import dorkbox.network.connection.registration.MetaChannel;
|
|||
import dorkbox.network.pipeline.KryoEncoder;
|
||||
import dorkbox.network.pipeline.KryoEncoderCrypto;
|
||||
import dorkbox.util.collections.IntMap;
|
||||
import dorkbox.util.crypto.Crypto;
|
||||
import dorkbox.util.crypto.CryptoECC;
|
||||
import dorkbox.util.exceptions.SecurityException;
|
||||
import org.bouncycastle.crypto.CipherParameters;
|
||||
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
|
||||
|
|
@ -188,7 +188,7 @@ class RegistrationWrapper<C extends Connection> implements UdpServer {
|
|||
}
|
||||
else {
|
||||
// COMPARE!
|
||||
if (!Crypto.ECC.compare(publicKey, savedPublicKey)) {
|
||||
if (!CryptoECC.compare(publicKey, savedPublicKey)) {
|
||||
String byAddress;
|
||||
try {
|
||||
byAddress = InetAddress.getByAddress(hostAddress)
|
||||
|
|
|
|||
|
|
@ -24,7 +24,8 @@ import dorkbox.network.connection.registration.Registration;
|
|||
import dorkbox.network.util.CryptoSerializationManager;
|
||||
import dorkbox.util.bytes.OptimizeUtilsByteArray;
|
||||
import dorkbox.util.collections.IntMap;
|
||||
import dorkbox.util.crypto.Crypto;
|
||||
import dorkbox.util.crypto.CryptoAES;
|
||||
import dorkbox.util.crypto.CryptoECC;
|
||||
import dorkbox.util.exceptions.SecurityException;
|
||||
import dorkbox.util.serialization.EccPublicKeySerializer;
|
||||
import io.netty.channel.Channel;
|
||||
|
|
@ -49,7 +50,7 @@ public
|
|||
class RegistrationRemoteHandlerClientTCP<C extends Connection> extends RegistrationRemoteHandlerClient<C> {
|
||||
|
||||
private static final String DELETE_IP = "eleteIP"; // purposefully missing the "D", since that is a system parameter, which starts with "-D"
|
||||
private static final ECParameterSpec eccSpec = ECNamedCurveTable.getParameterSpec(Crypto.ECC.p521_curve);
|
||||
private static final ECParameterSpec eccSpec = ECNamedCurveTable.getParameterSpec(CryptoECC.p521_curve);
|
||||
private final ThreadLocal<IESEngine> eccEngineLocal = new ThreadLocal<IESEngine>();
|
||||
|
||||
public
|
||||
|
|
@ -98,7 +99,7 @@ class RegistrationRemoteHandlerClientTCP<C extends Connection> extends Registrat
|
|||
IESEngine getEccEngine() {
|
||||
IESEngine iesEngine = this.eccEngineLocal.get();
|
||||
if (iesEngine == null) {
|
||||
iesEngine = Crypto.ECC.createEngine();
|
||||
iesEngine = CryptoECC.createEngine();
|
||||
this.eccEngineLocal.set(iesEngine);
|
||||
}
|
||||
return iesEngine;
|
||||
|
|
@ -207,12 +208,12 @@ class RegistrationRemoteHandlerClientTCP<C extends Connection> extends Registrat
|
|||
// setup crypto state
|
||||
IESEngine decrypt = getEccEngine();
|
||||
|
||||
byte[] aesKeyBytes = Crypto.ECC.decrypt(decrypt,
|
||||
registrationWrapper2.getPrivateKey(),
|
||||
registration.publicKey,
|
||||
registration.eccParameters,
|
||||
registration.aesKey,
|
||||
logger);
|
||||
byte[] aesKeyBytes = CryptoECC.decrypt(decrypt,
|
||||
registrationWrapper2.getPrivateKey(),
|
||||
registration.publicKey,
|
||||
registration.eccParameters,
|
||||
registration.aesKey,
|
||||
logger);
|
||||
|
||||
if (aesKeyBytes.length != 32) {
|
||||
logger2.error("Invalid decryption of aesKey. Aborting.");
|
||||
|
|
@ -223,7 +224,7 @@ class RegistrationRemoteHandlerClientTCP<C extends Connection> extends Registrat
|
|||
}
|
||||
|
||||
// now decrypt payload using AES
|
||||
byte[] payload = Crypto.AES.decrypt(getAesEngine(), aesKeyBytes, registration.aesIV, registration.payload, logger);
|
||||
byte[] payload = CryptoAES.decrypt(getAesEngine(), aesKeyBytes, registration.aesIV, registration.payload, logger);
|
||||
|
||||
if (payload.length == 0) {
|
||||
logger2.error("Invalid decryption of payload. Aborting.");
|
||||
|
|
@ -262,7 +263,7 @@ class RegistrationRemoteHandlerClientTCP<C extends Connection> extends Registrat
|
|||
|
||||
// It is OK that we generate a new ECC keypair for ECDHE everytime that we connect. The server rotates keys every XXXX
|
||||
// seconds, since this step is expensive.
|
||||
metaChannel.ecdhKey = Crypto.ECC.generateKeyPair(eccSpec, new SecureRandom());
|
||||
metaChannel.ecdhKey = CryptoECC.generateKeyPair(eccSpec, new SecureRandom());
|
||||
|
||||
// register the channel!
|
||||
try {
|
||||
|
|
@ -307,7 +308,7 @@ class RegistrationRemoteHandlerClientTCP<C extends Connection> extends Registrat
|
|||
Output output = new Output(1024);
|
||||
EccPublicKeySerializer.write(output, (ECPublicKeyParameters) metaChannel.ecdhKey.getPublic());
|
||||
byte[] pubKeyAsBytes = output.toBytes();
|
||||
register.payload = Crypto.AES.encrypt(getAesEngine(), aesKeyBytes, registration.aesIV, pubKeyAsBytes, logger);
|
||||
register.payload = CryptoAES.encrypt(getAesEngine(), aesKeyBytes, registration.aesIV, pubKeyAsBytes, logger);
|
||||
|
||||
channel.writeAndFlush(register);
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ import dorkbox.network.util.CryptoSerializationManager;
|
|||
import dorkbox.util.bytes.OptimizeUtilsByteArray;
|
||||
import dorkbox.util.collections.IntMap;
|
||||
import dorkbox.util.collections.IntMap.Entries;
|
||||
import dorkbox.util.crypto.Crypto;
|
||||
import dorkbox.util.crypto.CryptoAES;
|
||||
import io.netty.channel.Channel;
|
||||
import io.netty.channel.ChannelHandlerContext;
|
||||
import io.netty.channel.ChannelPipeline;
|
||||
|
|
@ -149,7 +149,7 @@ class RegistrationRemoteHandlerClientUDP<C extends Connection> extends Registrat
|
|||
Registration registration = (Registration) message;
|
||||
|
||||
// now decrypt channelID using AES
|
||||
byte[] payload = Crypto.AES.decrypt(getAesEngine(), metaChannel.aesKey, metaChannel.aesIV, registration.payload, logger);
|
||||
byte[] payload = CryptoAES.decrypt(getAesEngine(), metaChannel.aesKey, metaChannel.aesIV, registration.payload, logger);
|
||||
|
||||
OptimizeUtilsByteArray optimizeUtils = OptimizeUtilsByteArray.get();
|
||||
if (!optimizeUtils.canReadInt(payload)) {
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ import dorkbox.network.util.CryptoSerializationManager;
|
|||
import dorkbox.util.bytes.OptimizeUtilsByteArray;
|
||||
import dorkbox.util.collections.IntMap;
|
||||
import dorkbox.util.collections.IntMap.Entries;
|
||||
import dorkbox.util.crypto.Crypto;
|
||||
import dorkbox.util.crypto.CryptoAES;
|
||||
import io.netty.channel.Channel;
|
||||
import io.netty.channel.ChannelHandlerContext;
|
||||
import io.netty.util.ReferenceCountUtil;
|
||||
|
|
@ -142,7 +142,7 @@ class RegistrationRemoteHandlerClientUDT<C extends Connection> extends Registrat
|
|||
Registration registration = (Registration) message;
|
||||
|
||||
// now decrypt channelID using AES
|
||||
byte[] payload = Crypto.AES.decrypt(getAesEngine(), metaChannel.aesKey, metaChannel.aesIV, registration.payload, logger);
|
||||
byte[] payload = CryptoAES.decrypt(getAesEngine(), metaChannel.aesKey, metaChannel.aesIV, registration.payload, logger);
|
||||
|
||||
OptimizeUtilsByteArray optimizeUtils = OptimizeUtilsByteArray.get();
|
||||
if (!optimizeUtils.canReadInt(payload)) {
|
||||
|
|
|
|||
|
|
@ -25,7 +25,8 @@ import dorkbox.network.util.CryptoSerializationManager;
|
|||
import dorkbox.util.MathUtil;
|
||||
import dorkbox.util.bytes.OptimizeUtilsByteArray;
|
||||
import dorkbox.util.collections.IntMap;
|
||||
import dorkbox.util.crypto.Crypto;
|
||||
import dorkbox.util.crypto.CryptoAES;
|
||||
import dorkbox.util.crypto.CryptoECC;
|
||||
import dorkbox.util.serialization.EccPublicKeySerializer;
|
||||
import io.netty.channel.Channel;
|
||||
import io.netty.channel.ChannelHandlerContext;
|
||||
|
|
@ -51,10 +52,10 @@ class RegistrationRemoteHandlerServerTCP<C extends Connection> extends Registrat
|
|||
|
||||
private static final long ECDH_TIMEOUT = 10L * 60L * 60L * 1000L * 1000L * 1000L; // 10 minutes in nanoseconds
|
||||
|
||||
private static final ECParameterSpec eccSpec = ECNamedCurveTable.getParameterSpec(Crypto.ECC.p521_curve);
|
||||
private static final ECParameterSpec eccSpec = ECNamedCurveTable.getParameterSpec(CryptoECC.p521_curve);
|
||||
private final Object ecdhKeyLock = new Object();
|
||||
private final ThreadLocal<IESEngine> eccEngineLocal = new ThreadLocal<IESEngine>();
|
||||
private AsymmetricCipherKeyPair ecdhKeyPair = Crypto.ECC.generateKeyPair(eccSpec, new SecureRandom());
|
||||
private AsymmetricCipherKeyPair ecdhKeyPair = CryptoECC.generateKeyPair(eccSpec, new SecureRandom());
|
||||
private volatile long ecdhTimeout = System.nanoTime();
|
||||
|
||||
|
||||
|
|
@ -69,7 +70,7 @@ class RegistrationRemoteHandlerServerTCP<C extends Connection> extends Registrat
|
|||
IESEngine getEccEngine() {
|
||||
IESEngine iesEngine = this.eccEngineLocal.get();
|
||||
if (iesEngine == null) {
|
||||
iesEngine = Crypto.ECC.createEngine();
|
||||
iesEngine = CryptoECC.createEngine();
|
||||
this.eccEngineLocal.set(iesEngine);
|
||||
}
|
||||
return iesEngine;
|
||||
|
|
@ -83,7 +84,7 @@ class RegistrationRemoteHandlerServerTCP<C extends Connection> extends Registrat
|
|||
if (System.nanoTime() - this.ecdhTimeout > ECDH_TIMEOUT) {
|
||||
synchronized (this.ecdhKeyLock) {
|
||||
this.ecdhTimeout = System.nanoTime();
|
||||
this.ecdhKeyPair = Crypto.ECC.generateKeyPair(eccSpec, secureRandom);
|
||||
this.ecdhKeyPair = CryptoECC.generateKeyPair(eccSpec, secureRandom);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -239,12 +240,12 @@ class RegistrationRemoteHandlerServerTCP<C extends Connection> extends Registrat
|
|||
IESEngine encrypt = getEccEngine();
|
||||
|
||||
register.publicKey = registrationWrapper2.getPublicKey();
|
||||
register.eccParameters = Crypto.ECC.generateSharedParameters(secureRandom);
|
||||
register.eccParameters = CryptoECC.generateSharedParameters(secureRandom);
|
||||
|
||||
// now we have to ENCRYPT the AES key!
|
||||
register.eccParameters = Crypto.ECC.generateSharedParameters(secureRandom);
|
||||
register.eccParameters = CryptoECC.generateSharedParameters(secureRandom);
|
||||
register.aesIV = metaChannel.aesIV;
|
||||
register.aesKey = Crypto.ECC.encrypt(encrypt,
|
||||
register.aesKey = CryptoECC.encrypt(encrypt,
|
||||
registrationWrapper2.getPrivateKey(),
|
||||
metaChannel.publicKey,
|
||||
register.eccParameters,
|
||||
|
|
@ -253,7 +254,7 @@ class RegistrationRemoteHandlerServerTCP<C extends Connection> extends Registrat
|
|||
|
||||
|
||||
// now encrypt payload via AES
|
||||
register.payload = Crypto.AES.encrypt(getAesEngine(), metaChannel.aesKey, register.aesIV, combinedBytes, logger);
|
||||
register.payload = CryptoAES.encrypt(getAesEngine(), metaChannel.aesKey, register.aesIV, combinedBytes, logger);
|
||||
|
||||
channel.writeAndFlush(register);
|
||||
|
||||
|
|
@ -276,7 +277,7 @@ class RegistrationRemoteHandlerServerTCP<C extends Connection> extends Registrat
|
|||
if (metaChannel.ecdhKey != null) {
|
||||
// now we have to decrypt the ECDH key using our TEMP AES keys
|
||||
|
||||
byte[] payload = Crypto.AES.decrypt(getAesEngine(),
|
||||
byte[] payload = CryptoAES.decrypt(getAesEngine(),
|
||||
metaChannel.aesKey,
|
||||
metaChannel.aesIV,
|
||||
registration.payload,
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ import dorkbox.network.util.CryptoSerializationManager;
|
|||
import dorkbox.util.bytes.OptimizeUtilsByteArray;
|
||||
import dorkbox.util.collections.IntMap;
|
||||
import dorkbox.util.collections.IntMap.Entries;
|
||||
import dorkbox.util.crypto.Crypto;
|
||||
import dorkbox.util.crypto.CryptoAES;
|
||||
import io.netty.buffer.ByteBuf;
|
||||
import io.netty.buffer.Unpooled;
|
||||
import io.netty.channel.Channel;
|
||||
|
|
@ -257,11 +257,11 @@ class RegistrationRemoteHandlerServerUDP<C extends Connection> extends MessageTo
|
|||
optimizeUtils.writeInt(idAsBytes, metaChannel.connectionID, true);
|
||||
|
||||
// now encrypt payload via AES
|
||||
register.payload = Crypto.AES.encrypt(RegistrationRemoteHandler.getAesEngine(),
|
||||
metaChannel.aesKey,
|
||||
metaChannel.aesIV,
|
||||
idAsBytes,
|
||||
logger);
|
||||
register.payload = CryptoAES.encrypt(RegistrationRemoteHandler.getAesEngine(),
|
||||
metaChannel.aesKey,
|
||||
metaChannel.aesIV,
|
||||
idAsBytes,
|
||||
logger);
|
||||
|
||||
channel.writeAndFlush(new UdpWrapper(register, udpRemoteAddress));
|
||||
if (logger2.isTraceEnabled()) {
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ import dorkbox.network.util.CryptoSerializationManager;
|
|||
import dorkbox.util.bytes.OptimizeUtilsByteArray;
|
||||
import dorkbox.util.collections.IntMap;
|
||||
import dorkbox.util.collections.IntMap.Entries;
|
||||
import dorkbox.util.crypto.Crypto;
|
||||
import dorkbox.util.crypto.CryptoAES;
|
||||
import io.netty.channel.Channel;
|
||||
import io.netty.channel.ChannelHandlerContext;
|
||||
import io.netty.util.ReferenceCountUtil;
|
||||
|
|
@ -127,11 +127,11 @@ class RegistrationRemoteHandlerServerUDT<C extends Connection> extends Registrat
|
|||
optimizeUtils.writeInt(idAsBytes, metaChannel.connectionID, true);
|
||||
|
||||
// now encrypt payload via AES
|
||||
register.payload = Crypto.AES.encrypt(RegistrationRemoteHandler.getAesEngine(),
|
||||
metaChannel.aesKey,
|
||||
metaChannel.aesIV,
|
||||
idAsBytes,
|
||||
logger);
|
||||
register.payload = CryptoAES.encrypt(RegistrationRemoteHandler.getAesEngine(),
|
||||
metaChannel.aesKey,
|
||||
metaChannel.aesIV,
|
||||
idAsBytes,
|
||||
logger);
|
||||
|
||||
// send back, so the client knows that UDP was ok. We include the encrypted connection ID, so the client knows it's a legit server
|
||||
channel.writeAndFlush(register);
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user