From 094bc76a6e77deb6dc62688410f75120b6f12bec Mon Sep 17 00:00:00 2001 From: nathan Date: Sun, 15 Nov 2015 20:29:12 +0100 Subject: [PATCH] Updated dependencies for bouncycastle --- .../dorkbox/network/connection/EndPoint.java | 10 +++---- .../KryoCryptoSerializationManager.java | 29 +++++++++++++++---- .../connection/RegistrationWrapper.java | 4 +-- .../RegistrationRemoteHandlerClientTCP.java | 25 ++++++++-------- .../RegistrationRemoteHandlerClientUDP.java | 4 +-- .../RegistrationRemoteHandlerClientUDT.java | 4 +-- .../RegistrationRemoteHandlerServerTCP.java | 21 +++++++------- .../RegistrationRemoteHandlerServerUDP.java | 12 ++++---- .../RegistrationRemoteHandlerServerUDT.java | 12 ++++---- 9 files changed, 70 insertions(+), 51 deletions(-) diff --git a/Dorkbox-Network/src/dorkbox/network/connection/EndPoint.java b/Dorkbox-Network/src/dorkbox/network/connection/EndPoint.java index f4520a5e..c31a9159 100644 --- a/Dorkbox-Network/src/dorkbox/network/connection/EndPoint.java +++ b/Dorkbox-Network/src/dorkbox/network/connection/EndPoint.java @@ -31,7 +31,7 @@ import dorkbox.network.util.store.NullSettingsStore; import dorkbox.network.util.store.SettingsStore; import dorkbox.util.collections.IntMap; import dorkbox.util.collections.IntMap.Entries; -import dorkbox.util.crypto.Crypto; +import dorkbox.util.crypto.CryptoECC; import dorkbox.util.entropy.Entropy; import dorkbox.util.exceptions.InitializationException; import dorkbox.util.exceptions.SecurityException; @@ -230,8 +230,8 @@ class EndPoint { SecureRandom secureRandom = new SecureRandom(seedBytes); secureRandom.nextBytes(seedBytes); - this.logger.debug("Now generating ECC (" + Crypto.ECC.p521_curve + ") keys. Please wait!"); - AsymmetricCipherKeyPair generateKeyPair = Crypto.ECC.generateKeyPair(Crypto.ECC.p521_curve, secureRandom); + this.logger.debug("Now generating ECC (" + CryptoECC.p521_curve + ") keys. Please wait!"); + AsymmetricCipherKeyPair generateKeyPair = CryptoECC.generateKeyPair(CryptoECC.p521_curve, secureRandom); privateKey = (ECPrivateKeyParameters) generateKeyPair.getPrivate(); publicKey = (ECPublicKeyParameters) generateKeyPair.getPublic(); @@ -759,7 +759,7 @@ class EndPoint { return false; } } - else if (!Crypto.ECC.compare(this.privateKey, other.privateKey)) { + else if (!CryptoECC.compare(this.privateKey, other.privateKey)) { return false; } if (this.publicKey == null) { @@ -767,7 +767,7 @@ class EndPoint { return false; } } - else if (!Crypto.ECC.compare(this.publicKey, other.publicKey)) { + else if (!CryptoECC.compare(this.publicKey, other.publicKey)) { return false; } return true; diff --git a/Dorkbox-Network/src/dorkbox/network/connection/KryoCryptoSerializationManager.java b/Dorkbox-Network/src/dorkbox/network/connection/KryoCryptoSerializationManager.java index d8e413fd..950fcdb6 100644 --- a/Dorkbox-Network/src/dorkbox/network/connection/KryoCryptoSerializationManager.java +++ b/Dorkbox-Network/src/dorkbox/network/connection/KryoCryptoSerializationManager.java @@ -15,7 +15,11 @@ */ package dorkbox.network.connection; -import com.esotericsoftware.kryo.*; +import com.esotericsoftware.kryo.ClassResolver; +import com.esotericsoftware.kryo.Kryo; +import com.esotericsoftware.kryo.KryoException; +import com.esotericsoftware.kryo.Registration; +import com.esotericsoftware.kryo.Serializer; import com.esotericsoftware.kryo.factories.ReflectionSerializerFactory; import com.esotericsoftware.kryo.factories.SerializerFactory; import com.esotericsoftware.kryo.io.Input; @@ -24,13 +28,26 @@ import com.esotericsoftware.kryo.serializers.CollectionSerializer; import com.esotericsoftware.kryo.serializers.FieldSerializer; import com.esotericsoftware.kryo.util.MapReferenceResolver; import dorkbox.network.connection.ping.PingMessage; -import dorkbox.network.rmi.*; +import dorkbox.network.rmi.CachedMethod; +import dorkbox.network.rmi.InvokeMethod; +import dorkbox.network.rmi.InvokeMethodResult; +import dorkbox.network.rmi.InvokeMethodSerializer; +import dorkbox.network.rmi.RemoteInvocationHandler; +import dorkbox.network.rmi.RemoteObjectSerializer; +import dorkbox.network.rmi.RmiRegistration; import dorkbox.network.util.CryptoSerializationManager; -import dorkbox.util.crypto.Crypto; +import dorkbox.util.crypto.CryptoAES; import dorkbox.util.objectPool.ObjectPool; import dorkbox.util.objectPool.ObjectPoolFactory; import dorkbox.util.objectPool.PoolableObject; -import dorkbox.util.serialization.*; +import dorkbox.util.serialization.ArraysAsListSerializer; +import dorkbox.util.serialization.EccPrivateKeySerializer; +import dorkbox.util.serialization.EccPublicKeySerializer; +import dorkbox.util.serialization.FieldAnnotationAwareSerializer; +import dorkbox.util.serialization.IesParametersSerializer; +import dorkbox.util.serialization.IesWithCipherParametersSerializer; +import dorkbox.util.serialization.IgnoreSerialization; +import dorkbox.util.serialization.UnmodifiableCollectionsSerializer; import io.netty.buffer.ByteBuf; import io.netty.buffer.ByteBufUtil; import io.netty.handler.codec.compression.CompressionException; @@ -887,7 +904,7 @@ class KryoCryptoSerializationManager implements CryptoSerializationManager { logger2.trace("Encrypting data with - AES {}", connection); } - Crypto.AES.encrypt(kryo.aesEngine, connection.getCryptoParameters(), bufferWithData, bufferTempData, length, logger); + CryptoAES.encrypt(kryo.aesEngine, connection.getCryptoParameters(), bufferWithData, bufferTempData, length, logger); // swap buffers ByteBuf tmp = bufferWithData; @@ -962,7 +979,7 @@ class KryoCryptoSerializationManager implements CryptoSerializationManager { } // length-1 to adjust for the magic byte - Crypto.AES.decrypt(kryo.aesEngine, connection.getCryptoParameters(), bufferWithData, bufferTempData, length - 1, logger); + CryptoAES.decrypt(kryo.aesEngine, connection.getCryptoParameters(), bufferWithData, bufferTempData, length - 1, logger); // correct which buffers are used bufferWithData = bufferTempData; diff --git a/Dorkbox-Network/src/dorkbox/network/connection/RegistrationWrapper.java b/Dorkbox-Network/src/dorkbox/network/connection/RegistrationWrapper.java index 7006ab19..12de3052 100644 --- a/Dorkbox-Network/src/dorkbox/network/connection/RegistrationWrapper.java +++ b/Dorkbox-Network/src/dorkbox/network/connection/RegistrationWrapper.java @@ -19,7 +19,7 @@ import dorkbox.network.connection.registration.MetaChannel; import dorkbox.network.pipeline.KryoEncoder; import dorkbox.network.pipeline.KryoEncoderCrypto; import dorkbox.util.collections.IntMap; -import dorkbox.util.crypto.Crypto; +import dorkbox.util.crypto.CryptoECC; import dorkbox.util.exceptions.SecurityException; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; @@ -188,7 +188,7 @@ class RegistrationWrapper implements UdpServer { } else { // COMPARE! - if (!Crypto.ECC.compare(publicKey, savedPublicKey)) { + if (!CryptoECC.compare(publicKey, savedPublicKey)) { String byAddress; try { byAddress = InetAddress.getByAddress(hostAddress) diff --git a/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerClientTCP.java b/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerClientTCP.java index 61d82709..319f4468 100644 --- a/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerClientTCP.java +++ b/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerClientTCP.java @@ -24,7 +24,8 @@ import dorkbox.network.connection.registration.Registration; import dorkbox.network.util.CryptoSerializationManager; import dorkbox.util.bytes.OptimizeUtilsByteArray; import dorkbox.util.collections.IntMap; -import dorkbox.util.crypto.Crypto; +import dorkbox.util.crypto.CryptoAES; +import dorkbox.util.crypto.CryptoECC; import dorkbox.util.exceptions.SecurityException; import dorkbox.util.serialization.EccPublicKeySerializer; import io.netty.channel.Channel; @@ -49,7 +50,7 @@ public class RegistrationRemoteHandlerClientTCP extends RegistrationRemoteHandlerClient { private static final String DELETE_IP = "eleteIP"; // purposefully missing the "D", since that is a system parameter, which starts with "-D" - private static final ECParameterSpec eccSpec = ECNamedCurveTable.getParameterSpec(Crypto.ECC.p521_curve); + private static final ECParameterSpec eccSpec = ECNamedCurveTable.getParameterSpec(CryptoECC.p521_curve); private final ThreadLocal eccEngineLocal = new ThreadLocal(); public @@ -98,7 +99,7 @@ class RegistrationRemoteHandlerClientTCP extends Registrat IESEngine getEccEngine() { IESEngine iesEngine = this.eccEngineLocal.get(); if (iesEngine == null) { - iesEngine = Crypto.ECC.createEngine(); + iesEngine = CryptoECC.createEngine(); this.eccEngineLocal.set(iesEngine); } return iesEngine; @@ -207,12 +208,12 @@ class RegistrationRemoteHandlerClientTCP extends Registrat // setup crypto state IESEngine decrypt = getEccEngine(); - byte[] aesKeyBytes = Crypto.ECC.decrypt(decrypt, - registrationWrapper2.getPrivateKey(), - registration.publicKey, - registration.eccParameters, - registration.aesKey, - logger); + byte[] aesKeyBytes = CryptoECC.decrypt(decrypt, + registrationWrapper2.getPrivateKey(), + registration.publicKey, + registration.eccParameters, + registration.aesKey, + logger); if (aesKeyBytes.length != 32) { logger2.error("Invalid decryption of aesKey. Aborting."); @@ -223,7 +224,7 @@ class RegistrationRemoteHandlerClientTCP extends Registrat } // now decrypt payload using AES - byte[] payload = Crypto.AES.decrypt(getAesEngine(), aesKeyBytes, registration.aesIV, registration.payload, logger); + byte[] payload = CryptoAES.decrypt(getAesEngine(), aesKeyBytes, registration.aesIV, registration.payload, logger); if (payload.length == 0) { logger2.error("Invalid decryption of payload. Aborting."); @@ -262,7 +263,7 @@ class RegistrationRemoteHandlerClientTCP extends Registrat // It is OK that we generate a new ECC keypair for ECDHE everytime that we connect. The server rotates keys every XXXX // seconds, since this step is expensive. - metaChannel.ecdhKey = Crypto.ECC.generateKeyPair(eccSpec, new SecureRandom()); + metaChannel.ecdhKey = CryptoECC.generateKeyPair(eccSpec, new SecureRandom()); // register the channel! try { @@ -307,7 +308,7 @@ class RegistrationRemoteHandlerClientTCP extends Registrat Output output = new Output(1024); EccPublicKeySerializer.write(output, (ECPublicKeyParameters) metaChannel.ecdhKey.getPublic()); byte[] pubKeyAsBytes = output.toBytes(); - register.payload = Crypto.AES.encrypt(getAesEngine(), aesKeyBytes, registration.aesIV, pubKeyAsBytes, logger); + register.payload = CryptoAES.encrypt(getAesEngine(), aesKeyBytes, registration.aesIV, pubKeyAsBytes, logger); channel.writeAndFlush(register); diff --git a/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerClientUDP.java b/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerClientUDP.java index 328cef5d..5e10fbbc 100644 --- a/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerClientUDP.java +++ b/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerClientUDP.java @@ -25,7 +25,7 @@ import dorkbox.network.util.CryptoSerializationManager; import dorkbox.util.bytes.OptimizeUtilsByteArray; import dorkbox.util.collections.IntMap; import dorkbox.util.collections.IntMap.Entries; -import dorkbox.util.crypto.Crypto; +import dorkbox.util.crypto.CryptoAES; import io.netty.channel.Channel; import io.netty.channel.ChannelHandlerContext; import io.netty.channel.ChannelPipeline; @@ -149,7 +149,7 @@ class RegistrationRemoteHandlerClientUDP extends Registrat Registration registration = (Registration) message; // now decrypt channelID using AES - byte[] payload = Crypto.AES.decrypt(getAesEngine(), metaChannel.aesKey, metaChannel.aesIV, registration.payload, logger); + byte[] payload = CryptoAES.decrypt(getAesEngine(), metaChannel.aesKey, metaChannel.aesIV, registration.payload, logger); OptimizeUtilsByteArray optimizeUtils = OptimizeUtilsByteArray.get(); if (!optimizeUtils.canReadInt(payload)) { diff --git a/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerClientUDT.java b/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerClientUDT.java index bdd9f88f..b670fb12 100644 --- a/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerClientUDT.java +++ b/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerClientUDT.java @@ -23,7 +23,7 @@ import dorkbox.network.util.CryptoSerializationManager; import dorkbox.util.bytes.OptimizeUtilsByteArray; import dorkbox.util.collections.IntMap; import dorkbox.util.collections.IntMap.Entries; -import dorkbox.util.crypto.Crypto; +import dorkbox.util.crypto.CryptoAES; import io.netty.channel.Channel; import io.netty.channel.ChannelHandlerContext; import io.netty.util.ReferenceCountUtil; @@ -142,7 +142,7 @@ class RegistrationRemoteHandlerClientUDT extends Registrat Registration registration = (Registration) message; // now decrypt channelID using AES - byte[] payload = Crypto.AES.decrypt(getAesEngine(), metaChannel.aesKey, metaChannel.aesIV, registration.payload, logger); + byte[] payload = CryptoAES.decrypt(getAesEngine(), metaChannel.aesKey, metaChannel.aesIV, registration.payload, logger); OptimizeUtilsByteArray optimizeUtils = OptimizeUtilsByteArray.get(); if (!optimizeUtils.canReadInt(payload)) { diff --git a/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerServerTCP.java b/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerServerTCP.java index 348f3bf3..f656fad3 100644 --- a/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerServerTCP.java +++ b/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerServerTCP.java @@ -25,7 +25,8 @@ import dorkbox.network.util.CryptoSerializationManager; import dorkbox.util.MathUtil; import dorkbox.util.bytes.OptimizeUtilsByteArray; import dorkbox.util.collections.IntMap; -import dorkbox.util.crypto.Crypto; +import dorkbox.util.crypto.CryptoAES; +import dorkbox.util.crypto.CryptoECC; import dorkbox.util.serialization.EccPublicKeySerializer; import io.netty.channel.Channel; import io.netty.channel.ChannelHandlerContext; @@ -51,10 +52,10 @@ class RegistrationRemoteHandlerServerTCP extends Registrat private static final long ECDH_TIMEOUT = 10L * 60L * 60L * 1000L * 1000L * 1000L; // 10 minutes in nanoseconds - private static final ECParameterSpec eccSpec = ECNamedCurveTable.getParameterSpec(Crypto.ECC.p521_curve); + private static final ECParameterSpec eccSpec = ECNamedCurveTable.getParameterSpec(CryptoECC.p521_curve); private final Object ecdhKeyLock = new Object(); private final ThreadLocal eccEngineLocal = new ThreadLocal(); - private AsymmetricCipherKeyPair ecdhKeyPair = Crypto.ECC.generateKeyPair(eccSpec, new SecureRandom()); + private AsymmetricCipherKeyPair ecdhKeyPair = CryptoECC.generateKeyPair(eccSpec, new SecureRandom()); private volatile long ecdhTimeout = System.nanoTime(); @@ -69,7 +70,7 @@ class RegistrationRemoteHandlerServerTCP extends Registrat IESEngine getEccEngine() { IESEngine iesEngine = this.eccEngineLocal.get(); if (iesEngine == null) { - iesEngine = Crypto.ECC.createEngine(); + iesEngine = CryptoECC.createEngine(); this.eccEngineLocal.set(iesEngine); } return iesEngine; @@ -83,7 +84,7 @@ class RegistrationRemoteHandlerServerTCP extends Registrat if (System.nanoTime() - this.ecdhTimeout > ECDH_TIMEOUT) { synchronized (this.ecdhKeyLock) { this.ecdhTimeout = System.nanoTime(); - this.ecdhKeyPair = Crypto.ECC.generateKeyPair(eccSpec, secureRandom); + this.ecdhKeyPair = CryptoECC.generateKeyPair(eccSpec, secureRandom); } } @@ -239,12 +240,12 @@ class RegistrationRemoteHandlerServerTCP extends Registrat IESEngine encrypt = getEccEngine(); register.publicKey = registrationWrapper2.getPublicKey(); - register.eccParameters = Crypto.ECC.generateSharedParameters(secureRandom); + register.eccParameters = CryptoECC.generateSharedParameters(secureRandom); // now we have to ENCRYPT the AES key! - register.eccParameters = Crypto.ECC.generateSharedParameters(secureRandom); + register.eccParameters = CryptoECC.generateSharedParameters(secureRandom); register.aesIV = metaChannel.aesIV; - register.aesKey = Crypto.ECC.encrypt(encrypt, + register.aesKey = CryptoECC.encrypt(encrypt, registrationWrapper2.getPrivateKey(), metaChannel.publicKey, register.eccParameters, @@ -253,7 +254,7 @@ class RegistrationRemoteHandlerServerTCP extends Registrat // now encrypt payload via AES - register.payload = Crypto.AES.encrypt(getAesEngine(), metaChannel.aesKey, register.aesIV, combinedBytes, logger); + register.payload = CryptoAES.encrypt(getAesEngine(), metaChannel.aesKey, register.aesIV, combinedBytes, logger); channel.writeAndFlush(register); @@ -276,7 +277,7 @@ class RegistrationRemoteHandlerServerTCP extends Registrat if (metaChannel.ecdhKey != null) { // now we have to decrypt the ECDH key using our TEMP AES keys - byte[] payload = Crypto.AES.decrypt(getAesEngine(), + byte[] payload = CryptoAES.decrypt(getAesEngine(), metaChannel.aesKey, metaChannel.aesIV, registration.payload, diff --git a/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerServerUDP.java b/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerServerUDP.java index f63f3fcb..0b762ece 100644 --- a/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerServerUDP.java +++ b/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerServerUDP.java @@ -27,7 +27,7 @@ import dorkbox.network.util.CryptoSerializationManager; import dorkbox.util.bytes.OptimizeUtilsByteArray; import dorkbox.util.collections.IntMap; import dorkbox.util.collections.IntMap.Entries; -import dorkbox.util.crypto.Crypto; +import dorkbox.util.crypto.CryptoAES; import io.netty.buffer.ByteBuf; import io.netty.buffer.Unpooled; import io.netty.channel.Channel; @@ -257,11 +257,11 @@ class RegistrationRemoteHandlerServerUDP extends MessageTo optimizeUtils.writeInt(idAsBytes, metaChannel.connectionID, true); // now encrypt payload via AES - register.payload = Crypto.AES.encrypt(RegistrationRemoteHandler.getAesEngine(), - metaChannel.aesKey, - metaChannel.aesIV, - idAsBytes, - logger); + register.payload = CryptoAES.encrypt(RegistrationRemoteHandler.getAesEngine(), + metaChannel.aesKey, + metaChannel.aesIV, + idAsBytes, + logger); channel.writeAndFlush(new UdpWrapper(register, udpRemoteAddress)); if (logger2.isTraceEnabled()) { diff --git a/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerServerUDT.java b/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerServerUDT.java index f7cc87c8..6f997e1e 100644 --- a/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerServerUDT.java +++ b/Dorkbox-Network/src/dorkbox/network/connection/registration/remote/RegistrationRemoteHandlerServerUDT.java @@ -23,7 +23,7 @@ import dorkbox.network.util.CryptoSerializationManager; import dorkbox.util.bytes.OptimizeUtilsByteArray; import dorkbox.util.collections.IntMap; import dorkbox.util.collections.IntMap.Entries; -import dorkbox.util.crypto.Crypto; +import dorkbox.util.crypto.CryptoAES; import io.netty.channel.Channel; import io.netty.channel.ChannelHandlerContext; import io.netty.util.ReferenceCountUtil; @@ -127,11 +127,11 @@ class RegistrationRemoteHandlerServerUDT extends Registrat optimizeUtils.writeInt(idAsBytes, metaChannel.connectionID, true); // now encrypt payload via AES - register.payload = Crypto.AES.encrypt(RegistrationRemoteHandler.getAesEngine(), - metaChannel.aesKey, - metaChannel.aesIV, - idAsBytes, - logger); + register.payload = CryptoAES.encrypt(RegistrationRemoteHandler.getAesEngine(), + metaChannel.aesKey, + metaChannel.aesIV, + idAsBytes, + logger); // send back, so the client knows that UDP was ok. We include the encrypted connection ID, so the client knows it's a legit server channel.writeAndFlush(register);