A few small code cleanups for cryptography

* Remove some unused cryptographic code * Add some notes about how Minecraft's cryptography choices have not quite survived the test of time
2024-12-21 03:45:17 -05:00
parent 39191957ea
commit af97ffffa5
5 changed files with 36 additions and 54 deletions
--- a/native/src/main/c/jni_cipher_macos.c
+++ b/native/src/main/c/jni_cipher_macos.c
@@ -26,6 +26,15 @@ Java_com_velocitypowered_natives_encryption_OpenSslCipherImpl_init(JNIEnv *env,
        return 0;
    }

+    // But, you're saying, *why* are we using the key as the IV? After all, reusing the key as
+    // the IV defeats the entire point - we might as well just initialize it to all zeroes.
+    //
+    // You can blame Mojang. For the record, we also don't consider the Minecraft protocol
+    // encryption scheme to be secure, and it has reached the point where any serious cryptographic
+    // protocol needs a refresh. There are multiple obvious weaknesses, and this is far from the
+    // most serious.
+    //
+    // If you are using Minecraft in a security-sensitive application, *I don't know what to say.*
    CCCryptorRef cryptor = NULL;
    CCCryptorStatus result = CCCryptorCreateWithMode(encrypt ? kCCEncrypt : kCCDecrypt,
        kCCModeCFB8,
--- a/native/src/main/c/jni_cipher_openssl.c
+++ b/native/src/main/c/jni_cipher_openssl.c
@@ -32,6 +32,15 @@ Java_com_velocitypowered_natives_encryption_OpenSslCipherImpl_init(JNIEnv *env,
        return 0;
    }

+    // But, you're saying, *why* are we using the key as the IV? After all, reusing the key as
+    // the IV defeats the entire point - we might as well just initialize it to all zeroes.
+    //
+    // You can blame Mojang. For the record, we also don't consider the Minecraft protocol
+    // encryption scheme to be secure, and it has reached the point where any serious cryptographic
+    // protocol needs a refresh. There are multiple obvious weaknesses, and this is far from the
+    // most serious.
+    //
+    // If you are using Minecraft in a security-sensitive application, *I don't know what to say.*
    int result = EVP_CipherInit(ctx, EVP_aes_128_cfb8(), (byte*) keyBytes, (byte*) keyBytes,
        encrypt);
    if (result != 1) {
--- a/native/src/main/java/com/velocitypowered/natives/encryption/JavaVelocityCipher.java
+++ b/native/src/main/java/com/velocitypowered/natives/encryption/JavaVelocityCipher.java
@@ -48,6 +48,15 @@ public class JavaVelocityCipher implements VelocityCipher {

  private JavaVelocityCipher(boolean encrypt, SecretKey key) throws GeneralSecurityException {
    this.cipher = Cipher.getInstance("AES/CFB8/NoPadding");
+    // But, you're saying, *why* are we using the key as the IV? After all, reusing the key as
+    // the IV defeats the entire point - we might as well just initialize it to all zeroes.
+    //
+    // You can blame Mojang. For the record, we also don't consider the Minecraft protocol
+    // encryption scheme to be secure, and it has reached the point where any serious cryptographic
+    // protocol needs a refresh. There are multiple obvious weaknesses, and this is far from the
+    // most serious.
+    //
+    // If you are using Minecraft in a security-sensitive application, *I don't know what to say.*
    this.cipher.init(encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, key,
        new IvParameterSpec(key.getEncoded()));
  }