1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
mod signing;
use aes::cipher::inout::InOutBuf;
use aes::{
cipher::{BlockDecryptMut, BlockEncryptMut, KeyIvInit},
Aes128,
};
use rand::{rngs::OsRng, RngCore};
use sha1::{Digest, Sha1};
pub use signing::*;
fn generate_secret_key() -> [u8; 16] {
let mut key = [0u8; 16];
OsRng.fill_bytes(&mut key);
key
}
pub fn digest_data(server_id: &[u8], public_key: &[u8], private_key: &[u8]) -> Vec<u8> {
let mut digest = Sha1::new();
digest.update(server_id);
digest.update(public_key);
digest.update(private_key);
digest.finalize().to_vec()
}
pub fn hex_digest(digest: &[u8]) -> String {
// Note that the Sha1.hexdigest() method used by minecraft is non standard.
// It doesn't match the digest method found in most programming languages
// and libraries. It works by treating the sha1 output bytes as one large
// integer in two's complement and then printing the integer in base 16,
// placing a minus sign if the interpreted number is negative.
num_bigint::BigInt::from_signed_bytes_be(digest).to_str_radix(16)
}
#[derive(Debug)]
pub struct EncryptResult {
pub secret_key: [u8; 16],
pub encrypted_public_key: Vec<u8>,
pub encrypted_nonce: Vec<u8>,
}
pub fn encrypt(public_key: &[u8], nonce: &[u8]) -> Result<EncryptResult, String> {
// On receipt of a Encryption Request from the server, the client will
// generate a random 16-byte shared secret, to be used with the AES/CFB8
// stream cipher.
let secret_key = generate_secret_key();
// let hash = hex_digest(&digest_data(server_id.as_bytes(), public_key, &secret_key));
// this.keybytes = Crypt.encryptUsingKey(publicKey, secretKey.getEncoded());
// this.nonce = Crypt.encryptUsingKey(publicKey, arrby);
let encrypted_public_key: Vec<u8> = rsa_public_encrypt_pkcs1::encrypt(public_key, &secret_key)?;
let encrypted_nonce: Vec<u8> = rsa_public_encrypt_pkcs1::encrypt(public_key, nonce)?;
Ok(EncryptResult {
secret_key,
encrypted_public_key,
encrypted_nonce,
})
}
pub type Aes128CfbEnc = cfb8::Encryptor<Aes128>;
pub type Aes128CfbDec = cfb8::Decryptor<Aes128>;
pub fn create_cipher(key: &[u8]) -> (Aes128CfbEnc, Aes128CfbDec) {
(
Aes128CfbEnc::new_from_slices(key, key).unwrap(),
Aes128CfbDec::new_from_slices(key, key).unwrap(),
)
}
pub fn encrypt_packet(cipher: &mut Aes128CfbEnc, packet: &mut [u8]) {
let (chunks, rest) = InOutBuf::from(packet).into_chunks();
assert!(rest.is_empty());
cipher.encrypt_blocks_inout_mut(chunks);
}
pub fn decrypt_packet(cipher: &mut Aes128CfbDec, packet: &mut [u8]) {
let (chunks, rest) = InOutBuf::from(packet).into_chunks();
assert!(rest.is_empty());
cipher.decrypt_blocks_inout_mut(chunks);
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_generate_secret_key() {
let key = generate_secret_key();
assert_eq!(key.len(), 16);
}
#[test]
fn test_hex_digest() {
let digest = hex_digest(&digest_data(b"Notch", &[], &[]));
assert_eq!(digest, "4ed1f46bbe04bc756bcb17c0c7ce3e4632f06a48");
let digest = hex_digest(&digest_data(b"jeb_", &[], &[]));
assert_eq!(digest, "-7c9d5b0044c130109a5d7b5fb5c317c02b4e28c1");
let digest = hex_digest(&digest_data(b"simon", &[], &[]));
assert_eq!(digest, "88e16a1019277b15d58faf0541e11910eb756f6");
}
}
|
