diff options
author | madmaxoft <github@xoft.cz> | 2014-04-29 17:37:15 +0200 |
---|---|---|
committer | madmaxoft <github@xoft.cz> | 2014-04-29 17:37:15 +0200 |
commit | 6cb2d2461f869d5c9d986cccec5edf1021878df2 (patch) | |
tree | 41445e9e4a1336026e905be5a20700b58511c58d | |
parent | Moved cPublicKey to its separate file in PolarSSL++. (diff) | |
download | cuberite-6cb2d2461f869d5c9d986cccec5edf1021878df2.tar cuberite-6cb2d2461f869d5c9d986cccec5edf1021878df2.tar.gz cuberite-6cb2d2461f869d5c9d986cccec5edf1021878df2.tar.bz2 cuberite-6cb2d2461f869d5c9d986cccec5edf1021878df2.tar.lz cuberite-6cb2d2461f869d5c9d986cccec5edf1021878df2.tar.xz cuberite-6cb2d2461f869d5c9d986cccec5edf1021878df2.tar.zst cuberite-6cb2d2461f869d5c9d986cccec5edf1021878df2.zip |
-rw-r--r-- | Tools/ProtoProxy/CMakeLists.txt | 6 | ||||
-rw-r--r-- | Tools/ProtoProxy/Connection.cpp | 4 | ||||
-rw-r--r-- | Tools/ProtoProxy/Connection.h | 10 | ||||
-rw-r--r-- | Tools/ProtoProxy/Globals.h | 6 | ||||
-rw-r--r-- | src/Crypto.cpp | 257 | ||||
-rw-r--r-- | src/Crypto.h | 124 | ||||
-rw-r--r-- | src/PolarSSL++/AesCfb128Decryptor.cpp | 67 | ||||
-rw-r--r-- | src/PolarSSL++/AesCfb128Decryptor.h | 52 | ||||
-rw-r--r-- | src/PolarSSL++/AesCfb128Encryptor.cpp | 68 | ||||
-rw-r--r-- | src/PolarSSL++/AesCfb128Encryptor.h | 50 | ||||
-rw-r--r-- | src/PolarSSL++/CMakeLists.txt | 42 | ||||
-rw-r--r-- | src/PolarSSL++/Sha1Checksum.cpp | 138 | ||||
-rw-r--r-- | src/PolarSSL++/Sha1Checksum.h | 52 | ||||
-rw-r--r-- | src/Protocol/Protocol132.cpp | 18 | ||||
-rw-r--r-- | src/Protocol/Protocol132.h | 7 | ||||
-rw-r--r-- | src/Protocol/Protocol17x.cpp | 5 | ||||
-rw-r--r-- | src/Protocol/Protocol17x.h | 7 |
17 files changed, 477 insertions, 436 deletions
diff --git a/Tools/ProtoProxy/CMakeLists.txt b/Tools/ProtoProxy/CMakeLists.txt index a2241f355..a136c95df 100644 --- a/Tools/ProtoProxy/CMakeLists.txt +++ b/Tools/ProtoProxy/CMakeLists.txt @@ -36,7 +36,8 @@ set(SHARED_SRC ../../src/StringUtils.cpp ../../src/Log.cpp ../../src/MCLogger.cpp - ../../src/Crypto.cpp + ../../src/PolarSSL++/AesCfb128Decryptor.cpp + ../../src/PolarSSL++/AesCfb128Encryptor.cpp ../../src/PolarSSL++/CtrDrbgContext.cpp ../../src/PolarSSL++/EntropyContext.cpp ../../src/PolarSSL++/PublicKey.cpp @@ -47,7 +48,8 @@ set(SHARED_HDR ../../src/StringUtils.h ../../src/Log.h ../../src/MCLogger.h - ../../src/Crypto.h + ../../src/PolarSSL++/AesCfb128Decryptor.h + ../../src/PolarSSL++/AesCfb128Encryptor.h ../../src/PolarSSL++/CtrDrbgContext.h ../../src/PolarSSL++/EntropyContext.h ../../src/PolarSSL++/PublicKey.h diff --git a/Tools/ProtoProxy/Connection.cpp b/Tools/ProtoProxy/Connection.cpp index fcbd9190c..26aed2206 100644 --- a/Tools/ProtoProxy/Connection.cpp +++ b/Tools/ProtoProxy/Connection.cpp @@ -472,7 +472,7 @@ bool cConnection::SendData(SOCKET a_Socket, cByteBuffer & a_Data, const char * a -bool cConnection::SendEncryptedData(SOCKET a_Socket, cAESCFBEncryptor & a_Encryptor, const char * a_Data, size_t a_Size, const char * a_Peer) +bool cConnection::SendEncryptedData(SOCKET a_Socket, cAesCfb128Encryptor & a_Encryptor, const char * a_Data, size_t a_Size, const char * a_Peer) { DataLog(a_Data, a_Size, "Encrypting %d bytes to %s", a_Size, a_Peer); const Byte * Data = (const Byte *)a_Data; @@ -496,7 +496,7 @@ bool cConnection::SendEncryptedData(SOCKET a_Socket, cAESCFBEncryptor & a_Encryp -bool cConnection::SendEncryptedData(SOCKET a_Socket, cAESCFBEncryptor & a_Encryptor, cByteBuffer & a_Data, const char * a_Peer) +bool cConnection::SendEncryptedData(SOCKET a_Socket, cAesCfb128Encryptor & a_Encryptor, cByteBuffer & a_Data, const char * a_Peer) { AString All; a_Data.ReadAll(All); diff --git a/Tools/ProtoProxy/Connection.h b/Tools/ProtoProxy/Connection.h index 9e04994b7..1fc9536de 100644 --- a/Tools/ProtoProxy/Connection.h +++ b/Tools/ProtoProxy/Connection.h @@ -11,6 +11,8 @@ #include "ByteBuffer.h" #include "OSSupport/Timer.h" +#include "PolarSSL++/AesCfb128Decryptor.h" +#include "PolarSSL++/AesCfb128Encryptor.h" @@ -66,8 +68,8 @@ protected: cByteBuffer m_ClientBuffer; cByteBuffer m_ServerBuffer; - cAESCFBDecryptor m_ServerDecryptor; - cAESCFBEncryptor m_ServerEncryptor; + cAesCfb128Decryptor m_ServerDecryptor; + cAesCfb128Encryptor m_ServerEncryptor; AString m_ServerEncryptionBuffer; // Buffer for the data to be sent to the server once encryption is established @@ -109,10 +111,10 @@ protected: bool SendData(SOCKET a_Socket, cByteBuffer & a_Data, const char * a_Peer); /// Sends data to the specfied socket, after encrypting it using a_Encryptor. If sending fails, prints a fail message using a_Peer and returns false - bool SendEncryptedData(SOCKET a_Socket, cAESCFBEncryptor & a_Encryptor, const char * a_Data, size_t a_Size, const char * a_Peer); + bool SendEncryptedData(SOCKET a_Socket, cAesCfb128Encryptor & a_Encryptor, const char * a_Data, size_t a_Size, const char * a_Peer); /// Sends data to the specfied socket, after encrypting it using a_Encryptor. If sending fails, prints a fail message using a_Peer and returns false - bool SendEncryptedData(SOCKET a_Socket, cAESCFBEncryptor & a_Encryptor, cByteBuffer & a_Data, const char * a_Peer); + bool SendEncryptedData(SOCKET a_Socket, cAesCfb128Encryptor & a_Encryptor, cByteBuffer & a_Data, const char * a_Peer); /// Decodes packets coming from the client, sends appropriate counterparts to the server; returns false if the connection is to be dropped bool DecodeClientsPackets(const char * a_Data, int a_Size); diff --git a/Tools/ProtoProxy/Globals.h b/Tools/ProtoProxy/Globals.h index 186efa611..54e7e9251 100644 --- a/Tools/ProtoProxy/Globals.h +++ b/Tools/ProtoProxy/Globals.h @@ -246,12 +246,6 @@ public: -#include "../../src/Crypto.h" - - - - - #define LOGERROR printf #define LOGINFO printf #define LOGWARNING printf diff --git a/src/Crypto.cpp b/src/Crypto.cpp deleted file mode 100644 index 370b498bf..000000000 --- a/src/Crypto.cpp +++ /dev/null @@ -1,257 +0,0 @@ - -// Crypto.cpp - -// Implements classes that wrap the cryptographic code library - -#include "Globals.h" -#include "Crypto.h" - -#include "polarssl/pk.h" - - - - - -/* -// Self-test the hash formatting for known values: -// sha1(Notch) : 4ed1f46bbe04bc756bcb17c0c7ce3e4632f06a48 -// sha1(jeb_) : -7c9d5b0044c130109a5d7b5fb5c317c02b4e28c1 -// sha1(simon) : 88e16a1019277b15d58faf0541e11910eb756f6 - -class Test -{ -public: - Test(void) - { - AString DigestNotch, DigestJeb, DigestSimon; - Byte Digest[20]; - cSHA1Checksum Checksum; - Checksum.Update((const Byte *)"Notch", 5); - Checksum.Finalize(Digest); - cSHA1Checksum::DigestToJava(Digest, DigestNotch); - Checksum.Restart(); - Checksum.Update((const Byte *)"jeb_", 4); - Checksum.Finalize(Digest); - cSHA1Checksum::DigestToJava(Digest, DigestJeb); - Checksum.Restart(); - Checksum.Update((const Byte *)"simon", 5); - Checksum.Finalize(Digest); - cSHA1Checksum::DigestToJava(Digest, DigestSimon); - printf("Notch: \"%s\"\n", DigestNotch.c_str()); - printf("jeb_: \"%s\"\n", DigestJeb.c_str()); - printf("simon: \"%s\"\n", DigestSimon.c_str()); - assert(DigestNotch == "4ed1f46bbe04bc756bcb17c0c7ce3e4632f06a48"); - assert(DigestJeb == "-7c9d5b0044c130109a5d7b5fb5c317c02b4e28c1"); - assert(DigestSimon == "88e16a1019277b15d58faf0541e11910eb756f6"); - } -} test; -*/ - - - - - - -/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -// cAESCFBDecryptor: - -cAESCFBDecryptor::cAESCFBDecryptor(void) : - m_IVOffset(0), - m_IsValid(false) -{ -} - - - - - -cAESCFBDecryptor::~cAESCFBDecryptor() -{ - // Clear the leftover in-memory data, so that they can't be accessed by a backdoor - memset(&m_Aes, 0, sizeof(m_Aes)); -} - - - - - -void cAESCFBDecryptor::Init(const Byte a_Key[16], const Byte a_IV[16]) -{ - ASSERT(!IsValid()); // Cannot Init twice - - memcpy(m_IV, a_IV, 16); - aes_setkey_enc(&m_Aes, a_Key, 128); - m_IsValid = true; -} - - - - - -void cAESCFBDecryptor::ProcessData(Byte * a_DecryptedOut, const Byte * a_EncryptedIn, size_t a_Length) -{ - ASSERT(IsValid()); // Must Init() first - - // PolarSSL doesn't support AES-CFB8, need to implement it manually: - for (size_t i = 0; i < a_Length; i++) - { - Byte Buffer[sizeof(m_IV)]; - aes_crypt_ecb(&m_Aes, AES_ENCRYPT, m_IV, Buffer); - for (size_t idx = 0; idx < sizeof(m_IV) - 1; idx++) - { - m_IV[idx] = m_IV[idx + 1]; - } - m_IV[sizeof(m_IV) - 1] = a_EncryptedIn[i]; - a_DecryptedOut[i] = a_EncryptedIn[i] ^ Buffer[0]; - } -} - - - - - -/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -// cAESCFBEncryptor: - -cAESCFBEncryptor::cAESCFBEncryptor(void) : - m_IVOffset(0), - m_IsValid(false) -{ -} - - - - - -cAESCFBEncryptor::~cAESCFBEncryptor() -{ - // Clear the leftover in-memory data, so that they can't be accessed by a backdoor - memset(&m_Aes, 0, sizeof(m_Aes)); -} - - - - - -void cAESCFBEncryptor::Init(const Byte a_Key[16], const Byte a_IV[16]) -{ - ASSERT(!IsValid()); // Cannot Init twice - ASSERT(m_IVOffset == 0); - - memcpy(m_IV, a_IV, 16); - aes_setkey_enc(&m_Aes, a_Key, 128); - m_IsValid = true; -} - - - - - -void cAESCFBEncryptor::ProcessData(Byte * a_EncryptedOut, const Byte * a_PlainIn, size_t a_Length) -{ - ASSERT(IsValid()); // Must Init() first - - // PolarSSL doesn't do AES-CFB8, so we need to implement it ourselves: - for (size_t i = 0; i < a_Length; i++) - { - Byte Buffer[sizeof(m_IV)]; - aes_crypt_ecb(&m_Aes, AES_ENCRYPT, m_IV, Buffer); - for (size_t idx = 0; idx < sizeof(m_IV) - 1; idx++) - { - m_IV[idx] = m_IV[idx + 1]; - } - a_EncryptedOut[i] = a_PlainIn[i] ^ Buffer[0]; - m_IV[sizeof(m_IV) - 1] = a_EncryptedOut[i]; - } -} - - - - - -/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -// cSHA1Checksum: - -cSHA1Checksum::cSHA1Checksum(void) : - m_DoesAcceptInput(true) -{ - sha1_starts(&m_Sha1); -} - - - - - -void cSHA1Checksum::Update(const Byte * a_Data, size_t a_Length) -{ - ASSERT(m_DoesAcceptInput); // Not Finalize()-d yet, or Restart()-ed - - sha1_update(&m_Sha1, a_Data, a_Length); -} - - - - - -void cSHA1Checksum::Finalize(cSHA1Checksum::Checksum & a_Output) -{ - ASSERT(m_DoesAcceptInput); // Not Finalize()-d yet, or Restart()-ed - - sha1_finish(&m_Sha1, a_Output); - m_DoesAcceptInput = false; -} - - - - - -void cSHA1Checksum::DigestToJava(const Checksum & a_Digest, AString & a_Out) -{ - Checksum Digest; - memcpy(Digest, a_Digest, sizeof(Digest)); - - bool IsNegative = (Digest[0] >= 0x80); - if (IsNegative) - { - // Two's complement: - bool carry = true; // Add one to the whole number - for (int i = 19; i >= 0; i--) - { - Digest[i] = ~Digest[i]; - if (carry) - { - carry = (Digest[i] == 0xff); - Digest[i]++; - } - } - } - a_Out.clear(); - a_Out.reserve(40); - for (int i = 0; i < 20; i++) - { - AppendPrintf(a_Out, "%02x", Digest[i]); - } - while ((a_Out.length() > 0) && (a_Out[0] == '0')) - { - a_Out.erase(0, 1); - } - if (IsNegative) - { - a_Out.insert(0, "-"); - } -} - - - - - - -void cSHA1Checksum::Restart(void) -{ - sha1_starts(&m_Sha1); - m_DoesAcceptInput = true; -} - - - - diff --git a/src/Crypto.h b/src/Crypto.h deleted file mode 100644 index 993b21afb..000000000 --- a/src/Crypto.h +++ /dev/null @@ -1,124 +0,0 @@ - -// Crypto.h - -// Declares classes that wrap the cryptographic code library - - - - - -#pragma once - -#include "polarssl/rsa.h" -#include "polarssl/aes.h" -#include "polarssl/entropy.h" -#include "polarssl/ctr_drbg.h" -#include "polarssl/sha1.h" - - - - - -/** Decrypts data using the AES / CFB (128) algorithm */ -class cAESCFBDecryptor -{ -public: - Byte test; - - cAESCFBDecryptor(void); - ~cAESCFBDecryptor(); - - /** Initializes the decryptor with the specified Key / IV */ - void Init(const Byte a_Key[16], const Byte a_IV[16]); - - /** Decrypts a_Length bytes of the encrypted data; produces a_Length output bytes */ - void ProcessData(Byte * a_DecryptedOut, const Byte * a_EncryptedIn, size_t a_Length); - - /** Returns true if the object has been initialized with the Key / IV */ - bool IsValid(void) const { return m_IsValid; } - -protected: - aes_context m_Aes; - - /** The InitialVector, used by the CFB mode decryption */ - Byte m_IV[16]; - - /** Current offset in the m_IV, used by the CFB mode decryption */ - size_t m_IVOffset; - - /** Indicates whether the object has been initialized with the Key / IV */ - bool m_IsValid; -} ; - - - - - -/** Encrypts data using the AES / CFB (128) algorithm */ -class cAESCFBEncryptor -{ -public: - cAESCFBEncryptor(void); - ~cAESCFBEncryptor(); - - /** Initializes the decryptor with the specified Key / IV */ - void Init(const Byte a_Key[16], const Byte a_IV[16]); - - /** Encrypts a_Length bytes of the plain data; produces a_Length output bytes */ - void ProcessData(Byte * a_EncryptedOut, const Byte * a_PlainIn, size_t a_Length); - - /** Returns true if the object has been initialized with the Key / IV */ - bool IsValid(void) const { return m_IsValid; } - -protected: - aes_context m_Aes; - - /** The InitialVector, used by the CFB mode encryption */ - Byte m_IV[16]; - - /** Current offset in the m_IV, used by the CFB mode encryption */ - size_t m_IVOffset; - - /** Indicates whether the object has been initialized with the Key / IV */ - bool m_IsValid; -} ; - - - - - -/** Calculates a SHA1 checksum for data stream */ -class cSHA1Checksum -{ -public: - typedef Byte Checksum[20]; // The type used for storing the checksum - - cSHA1Checksum(void); - - /** Adds the specified data to the checksum */ - void Update(const Byte * a_Data, size_t a_Length); - - /** Calculates and returns the final checksum */ - void Finalize(Checksum & a_Output); - - /** Returns true if the object is accepts more input data, false if Finalize()-d (need to Restart()) */ - bool DoesAcceptInput(void) const { return m_DoesAcceptInput; } - - /** Converts a raw 160-bit SHA1 digest into a Java Hex representation - According to http://wiki.vg/wiki/index.php?title=Protocol_Encryption&oldid=2802 - */ - static void DigestToJava(const Checksum & a_Digest, AString & a_JavaOut); - - /** Clears the current context and start a new checksum calculation */ - void Restart(void); - -protected: - /** True if the object is accepts more input data, false if Finalize()-d (need to Restart()) */ - bool m_DoesAcceptInput; - - sha1_context m_Sha1; -} ; - - - - diff --git a/src/PolarSSL++/AesCfb128Decryptor.cpp b/src/PolarSSL++/AesCfb128Decryptor.cpp new file mode 100644 index 000000000..af0d5106e --- /dev/null +++ b/src/PolarSSL++/AesCfb128Decryptor.cpp @@ -0,0 +1,67 @@ + +// AesCfb128Decryptor.cpp + +// Implements the cAesCfb128Decryptor class decrypting data using AES CFB-128 + +#include "Globals.h" +#include "AesCfb128Decryptor.h" + + + + + +cAesCfb128Decryptor::cAesCfb128Decryptor(void) : + m_IVOffset(0), + m_IsValid(false) +{ +} + + + + + +cAesCfb128Decryptor::~cAesCfb128Decryptor() +{ + // Clear the leftover in-memory data, so that they can't be accessed by a backdoor + memset(&m_Aes, 0, sizeof(m_Aes)); +} + + + + + +void cAesCfb128Decryptor::Init(const Byte a_Key[16], const Byte a_IV[16]) +{ + ASSERT(!IsValid()); // Cannot Init twice + + memcpy(m_IV, a_IV, 16); + aes_setkey_enc(&m_Aes, a_Key, 128); + m_IsValid = true; +} + + + + + +void cAesCfb128Decryptor::ProcessData(Byte * a_DecryptedOut, const Byte * a_EncryptedIn, size_t a_Length) +{ + ASSERT(IsValid()); // Must Init() first + + // PolarSSL doesn't support AES-CFB8, need to implement it manually: + for (size_t i = 0; i < a_Length; i++) + { + Byte Buffer[sizeof(m_IV)]; + aes_crypt_ecb(&m_Aes, AES_ENCRYPT, m_IV, Buffer); + for (size_t idx = 0; idx < sizeof(m_IV) - 1; idx++) + { + m_IV[idx] = m_IV[idx + 1]; + } + m_IV[sizeof(m_IV) - 1] = a_EncryptedIn[i]; + a_DecryptedOut[i] = a_EncryptedIn[i] ^ Buffer[0]; + } +} + + + + + diff --git a/src/PolarSSL++/AesCfb128Decryptor.h b/src/PolarSSL++/AesCfb128Decryptor.h new file mode 100644 index 000000000..68c203d70 --- /dev/null +++ b/src/PolarSSL++/AesCfb128Decryptor.h @@ -0,0 +1,52 @@ + +// AesCfb128Decryptor.h + +// Declares the cAesCfb128Decryptor class decrypting data using AES CFB-128 + + + + + +#pragma once + +#include "polarssl/aes.h" + + + + + +/** Decrypts data using the AES / CFB 128 algorithm */ +class cAesCfb128Decryptor +{ +public: + Byte test; + + cAesCfb128Decryptor(void); + ~cAesCfb128Decryptor(); + + /** Initializes the decryptor with the specified Key / IV */ + void Init(const Byte a_Key[16], const Byte a_IV[16]); + + /** Decrypts a_Length bytes of the encrypted data; produces a_Length output bytes */ + void ProcessData(Byte * a_DecryptedOut, const Byte * a_EncryptedIn, size_t a_Length); + + /** Returns true if the object has been initialized with the Key / IV */ + bool IsValid(void) const { return m_IsValid; } + +protected: + aes_context m_Aes; + + /** The InitialVector, used by the CFB mode decryption */ + Byte m_IV[16]; + + /** Current offset in the m_IV, used by the CFB mode decryption */ + size_t m_IVOffset; + + /** Indicates whether the object has been initialized with the Key / IV */ + bool m_IsValid; +} ; + + + + + diff --git a/src/PolarSSL++/AesCfb128Encryptor.cpp b/src/PolarSSL++/AesCfb128Encryptor.cpp new file mode 100644 index 000000000..a641ad48e --- /dev/null +++ b/src/PolarSSL++/AesCfb128Encryptor.cpp @@ -0,0 +1,68 @@ + +// AesCfb128Encryptor.cpp + +// Implements the cAesCfb128Encryptor class encrypting data using AES CFB-128 + +#include "Globals.h" +#include "AesCfb128Encryptor.h" + + + + + +cAesCfb128Encryptor::cAesCfb128Encryptor(void) : + m_IVOffset(0), + m_IsValid(false) +{ +} + + + + + +cAesCfb128Encryptor::~cAesCfb128Encryptor() +{ + // Clear the leftover in-memory data, so that they can't be accessed by a backdoor + memset(&m_Aes, 0, sizeof(m_Aes)); +} + + + + + +void cAesCfb128Encryptor::Init(const Byte a_Key[16], const Byte a_IV[16]) +{ + ASSERT(!IsValid()); // Cannot Init twice + ASSERT(m_IVOffset == 0); + + memcpy(m_IV, a_IV, 16); + aes_setkey_enc(&m_Aes, a_Key, 128); + m_IsValid = true; +} + + + + + +void cAesCfb128Encryptor::ProcessData(Byte * a_EncryptedOut, const Byte * a_PlainIn, size_t a_Length) +{ + ASSERT(IsValid()); // Must Init() first + + // PolarSSL doesn't do AES-CFB8, so we need to implement it ourselves: + for (size_t i = 0; i < a_Length; i++) + { + Byte Buffer[sizeof(m_IV)]; + aes_crypt_ecb(&m_Aes, AES_ENCRYPT, m_IV, Buffer); + for (size_t idx = 0; idx < sizeof(m_IV) - 1; idx++) + { + m_IV[idx] = m_IV[idx + 1]; + } + a_EncryptedOut[i] = a_PlainIn[i] ^ Buffer[0]; + m_IV[sizeof(m_IV) - 1] = a_EncryptedOut[i]; + } +} + + + + + diff --git a/src/PolarSSL++/AesCfb128Encryptor.h b/src/PolarSSL++/AesCfb128Encryptor.h new file mode 100644 index 000000000..9dbb5d2c3 --- /dev/null +++ b/src/PolarSSL++/AesCfb128Encryptor.h @@ -0,0 +1,50 @@ + +// AesCfb128Encryptor.h + +// Declares the cAesCfb128Encryptor class encrypting data using AES CFB-128 + + + + + +#pragma once + +#include "polarssl/aes.h" + + + + + +/** Encrypts data using the AES / CFB (128) algorithm */ +class cAesCfb128Encryptor +{ +public: + cAesCfb128Encryptor(void); + ~cAesCfb128Encryptor(); + + /** Initializes the decryptor with the specified Key / IV */ + void Init(const Byte a_Key[16], const Byte a_IV[16]); + + /** Encrypts a_Length bytes of the plain data; produces a_Length output bytes */ + void ProcessData(Byte * a_EncryptedOut, const Byte * a_PlainIn, size_t a_Length); + + /** Returns true if the object has been initialized with the Key / IV */ + bool IsValid(void) const { return m_IsValid; } + +protected: + aes_context m_Aes; + + /** The InitialVector, used by the CFB mode encryption */ + Byte m_IV[16]; + + /** Current offset in the m_IV, used by the CFB mode encryption */ + size_t m_IVOffset; + + /** Indicates whether the object has been initialized with the Key / IV */ + bool m_IsValid; +} ; + + + + + diff --git a/src/PolarSSL++/CMakeLists.txt b/src/PolarSSL++/CMakeLists.txt index bf7720abc..b0a592760 100644 --- a/src/PolarSSL++/CMakeLists.txt +++ b/src/PolarSSL++/CMakeLists.txt @@ -5,27 +5,33 @@ project (MCServer) include_directories ("${PROJECT_SOURCE_DIR}/../") set(SOURCES - "BlockingSslClientSocket.cpp" - "BufferedSslContext.cpp" - "CallbackSslContext.cpp" - "CtrDrbgContext.cpp" - "EntropyContext.cpp" - "PublicKey.cpp" - "RsaPrivateKey.cpp" - "SslContext.cpp" - "X509Cert.cpp" + AesCfb128Decryptor.cpp + AesCfb128Encryptor.cpp + BlockingSslClientSocket.cpp + BufferedSslContext.cpp + CallbackSslContext.cpp + CtrDrbgContext.cpp + EntropyContext.cpp + PublicKey.cpp + RsaPrivateKey.cpp + Sha1Checksum.cpp + SslContext.cpp + X509Cert.cpp ) set(HEADERS - "BlockingSslClientSocket.h" - "BufferedSslContext.h" - "CallbackSslContext.h" - "CtrDrbgContext.h" - "EntropyContext.h" - "PublicKey.h" - "RsaPrivateKey.h" - "SslContext.h" - "X509Cert.h" + AesCfb128Decryptor.h + AesCfb128Encryptor.h + BlockingSslClientSocket.h + BufferedSslContext.h + CallbackSslContext.h + CtrDrbgContext.h + EntropyContext.h + PublicKey.h + RsaPrivateKey.h + SslContext.h + Sha1Checksum.h + X509Cert.h ) add_library(PolarSSL++ ${SOURCES} ${HEADERS}) diff --git a/src/PolarSSL++/Sha1Checksum.cpp b/src/PolarSSL++/Sha1Checksum.cpp new file mode 100644 index 000000000..a1ee9d7b9 --- /dev/null +++ b/src/PolarSSL++/Sha1Checksum.cpp @@ -0,0 +1,138 @@ + +// Sha1Checksum.cpp + +// Declares the cSha1Checksum class representing the SHA-1 checksum calculator + +#include "Globals.h" +#include "Sha1Checksum.h" + + + + + +/* +// Self-test the hash formatting for known values: +// sha1(Notch) : 4ed1f46bbe04bc756bcb17c0c7ce3e4632f06a48 +// sha1(jeb_) : -7c9d5b0044c130109a5d7b5fb5c317c02b4e28c1 +// sha1(simon) : 88e16a1019277b15d58faf0541e11910eb756f6 + +static class Test +{ +public: + Test(void) + { + AString DigestNotch, DigestJeb, DigestSimon; + Byte Digest[20]; + cSha1Checksum Checksum; + Checksum.Update((const Byte *)"Notch", 5); + Checksum.Finalize(Digest); + cSha1Checksum::DigestToJava(Digest, DigestNotch); + Checksum.Restart(); + Checksum.Update((const Byte *)"jeb_", 4); + Checksum.Finalize(Digest); + cSha1Checksum::DigestToJava(Digest, DigestJeb); + Checksum.Restart(); + Checksum.Update((const Byte *)"simon", 5); + Checksum.Finalize(Digest); + cSha1Checksum::DigestToJava(Digest, DigestSimon); + printf("Notch: \"%s\"\n", DigestNotch.c_str()); + printf("jeb_: \"%s\"\n", DigestJeb.c_str()); + printf("simon: \"%s\"\n", DigestSimon.c_str()); + assert(DigestNotch == "4ed1f46bbe04bc756bcb17c0c7ce3e4632f06a48"); + assert(DigestJeb == "-7c9d5b0044c130109a5d7b5fb5c317c02b4e28c1"); + assert(DigestSimon == "88e16a1019277b15d58faf0541e11910eb756f6"); + } +} test; +*/ + + + + + + +/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// +// cSha1Checksum: + +cSha1Checksum::cSha1Checksum(void) : + m_DoesAcceptInput(true) +{ + sha1_starts(&m_Sha1); +} + + + + + +void cSha1Checksum::Update(const Byte * a_Data, size_t a_Length) +{ + ASSERT(m_DoesAcceptInput); // Not Finalize()-d yet, or Restart()-ed + + sha1_update(&m_Sha1, a_Data, a_Length); +} + + + + + +void cSha1Checksum::Finalize(cSha1Checksum::Checksum & a_Output) +{ + ASSERT(m_DoesAcceptInput); // Not Finalize()-d yet, or Restart()-ed + + sha1_finish(&m_Sha1, a_Output); + m_DoesAcceptInput = false; +} + + + + + +void cSha1Checksum::DigestToJava(const Checksum & a_Digest, AString & a_Out) +{ + Checksum Digest; + memcpy(Digest, a_Digest, sizeof(Digest)); + + bool IsNegative = (Digest[0] >= 0x80); + if (IsNegative) + { + // Two's complement: + bool carry = true; // Add one to the whole number + for (int i = 19; i >= 0; i--) + { + Digest[i] = ~Digest[i]; + if (carry) + { + carry = (Digest[i] == 0xff); + Digest[i]++; + } + } + } + a_Out.clear(); + a_Out.reserve(40); + for (int i = 0; i < 20; i++) + { + AppendPrintf(a_Out, "%02x", Digest[i]); + } + while ((a_Out.length() > 0) && (a_Out[0] == '0')) + { + a_Out.erase(0, 1); + } + if (IsNegative) + { + a_Out.insert(0, "-"); + } +} + + + + + + +void cSha1Checksum::Restart(void) +{ + sha1_starts(&m_Sha1); + m_DoesAcceptInput = true; +} + + + + diff --git a/src/PolarSSL++/Sha1Checksum.h b/src/PolarSSL++/Sha1Checksum.h new file mode 100644 index 000000000..68fdbcf1b --- /dev/null +++ b/src/PolarSSL++/Sha1Checksum.h @@ -0,0 +1,52 @@ + +// Sha1Checksum.h + +// Declares the cSha1Checksum class representing the SHA-1 checksum calculator + + + + + +#pragma once + +#include "polarssl/sha1.h" + + + + + +/** Calculates a SHA1 checksum for data stream */ +class cSha1Checksum +{ +public: + typedef Byte Checksum[20]; // The type used for storing the checksum + + cSha1Checksum(void); + + /** Adds the specified data to the checksum */ + void Update(const Byte * a_Data, size_t a_Length); + + /** Calculates and returns the final checksum */ + void Finalize(Checksum & a_Output); + + /** Returns true if the object is accepts more input data, false if Finalize()-d (need to Restart()) */ + bool DoesAcceptInput(void) const { return m_DoesAcceptInput; } + + /** Converts a raw 160-bit SHA1 digest into a Java Hex representation + According to http://wiki.vg/wiki/index.php?title=Protocol_Encryption&oldid=2802 + */ + static void DigestToJava(const Checksum & a_Digest, AString & a_JavaOut); + + /** Clears the current context and start a new checksum calculation */ + void Restart(void); + +protected: + /** True if the object is accepts more input data, false if Finalize()-d (need to Restart()) */ + bool m_DoesAcceptInput; + + sha1_context m_Sha1; +} ; + + + + diff --git a/src/Protocol/Protocol132.cpp b/src/Protocol/Protocol132.cpp index acfa5e811..f4717f592 100644 --- a/src/Protocol/Protocol132.cpp +++ b/src/Protocol/Protocol132.cpp @@ -18,19 +18,7 @@ #include "../WorldStorage/FastNBT.h" #include "../WorldStorage/EnchantmentSerializer.h" #include "../StringCompression.h" - -#ifdef _MSC_VER - #pragma warning(push) - #pragma warning(disable:4127) - #pragma warning(disable:4244) - #pragma warning(disable:4231) - #pragma warning(disable:4189) - #pragma warning(disable:4702) -#endif - -#ifdef _MSC_VER - #pragma warning(pop) -#endif +#include "PolarSSL++/Sha1Checksum.h" @@ -876,7 +864,7 @@ void cProtocol132::StartEncryption(const Byte * a_Key) m_IsEncrypted = true; // Prepare the m_AuthServerID: - cSHA1Checksum Checksum; + cSha1Checksum Checksum; cServer * Server = cRoot::Get()->GetServer(); AString ServerID = Server->GetServerID(); Checksum.Update((const Byte *)ServerID.c_str(), ServerID.length()); @@ -884,7 +872,7 @@ void cProtocol132::StartEncryption(const Byte * a_Key) Checksum.Update((const Byte *)Server->GetPublicKeyDER().data(), Server->GetPublicKeyDER().size()); Byte Digest[20]; Checksum.Finalize(Digest); - cSHA1Checksum::DigestToJava(Digest, m_AuthServerID); + cSha1Checksum::DigestToJava(Digest, m_AuthServerID); } diff --git a/src/Protocol/Protocol132.h b/src/Protocol/Protocol132.h index b280c8a41..32bc7d581 100644 --- a/src/Protocol/Protocol132.h +++ b/src/Protocol/Protocol132.h @@ -24,7 +24,8 @@ #pragma warning(pop) #endif -#include "../Crypto.h" +#include "PolarSSL++/AesCfb128Decryptor.h" +#include "PolarSSL++/AesCfb128Encryptor.h" @@ -79,8 +80,8 @@ public: protected: bool m_IsEncrypted; - cAESCFBDecryptor m_Decryptor; - cAESCFBEncryptor m_Encryptor; + cAesCfb128Decryptor m_Decryptor; + cAesCfb128Encryptor m_Encryptor; AString m_DataToSend; diff --git a/src/Protocol/Protocol17x.cpp b/src/Protocol/Protocol17x.cpp index 001b8c219..a6d566625 100644 --- a/src/Protocol/Protocol17x.cpp +++ b/src/Protocol/Protocol17x.cpp @@ -33,6 +33,7 @@ Implements the 1.7.x protocol classes: #include "../CompositeChat.h" #include "../Entities/ArrowEntity.h" #include "../Entities/FireworkEntity.h" +#include "PolarSSL++/Sha1Checksum.h" @@ -2293,7 +2294,7 @@ void cProtocol172::StartEncryption(const Byte * a_Key) m_IsEncrypted = true; // Prepare the m_AuthServerID: - cSHA1Checksum Checksum; + cSha1Checksum Checksum; cServer * Server = cRoot::Get()->GetServer(); const AString & ServerID = Server->GetServerID(); Checksum.Update((const Byte *)ServerID.c_str(), ServerID.length()); @@ -2301,7 +2302,7 @@ void cProtocol172::StartEncryption(const Byte * a_Key) Checksum.Update((const Byte *)Server->GetPublicKeyDER().data(), Server->GetPublicKeyDER().size()); Byte Digest[20]; Checksum.Finalize(Digest); - cSHA1Checksum::DigestToJava(Digest, m_AuthServerID); + cSha1Checksum::DigestToJava(Digest, m_AuthServerID); } diff --git a/src/Protocol/Protocol17x.h b/src/Protocol/Protocol17x.h index 6a3e81eff..3f9c93357 100644 --- a/src/Protocol/Protocol17x.h +++ b/src/Protocol/Protocol17x.h @@ -30,7 +30,8 @@ Declares the 1.7.x protocol classes: #pragma warning(pop) #endif -#include "../Crypto.h" +#include "PolarSSL++/AesCfb128Decryptor.h" +#include "PolarSSL++/AesCfb128Encryptor.h" @@ -236,8 +237,8 @@ protected: bool m_IsEncrypted; - cAESCFBDecryptor m_Decryptor; - cAESCFBEncryptor m_Encryptor; + cAesCfb128Decryptor m_Decryptor; + cAesCfb128Decryptor m_Encryptor; /** The logfile where the comm is logged, when g_ShouldLogComm is true */ cFile m_CommLogFile; |