summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormadmaxoft <github@xoft.cz>2014-04-29 17:37:15 +0200
committermadmaxoft <github@xoft.cz>2014-04-29 17:37:15 +0200
commit6cb2d2461f869d5c9d986cccec5edf1021878df2 (patch)
tree41445e9e4a1336026e905be5a20700b58511c58d
parentMoved cPublicKey to its separate file in PolarSSL++. (diff)
downloadcuberite-6cb2d2461f869d5c9d986cccec5edf1021878df2.tar
cuberite-6cb2d2461f869d5c9d986cccec5edf1021878df2.tar.gz
cuberite-6cb2d2461f869d5c9d986cccec5edf1021878df2.tar.bz2
cuberite-6cb2d2461f869d5c9d986cccec5edf1021878df2.tar.lz
cuberite-6cb2d2461f869d5c9d986cccec5edf1021878df2.tar.xz
cuberite-6cb2d2461f869d5c9d986cccec5edf1021878df2.tar.zst
cuberite-6cb2d2461f869d5c9d986cccec5edf1021878df2.zip
-rw-r--r--Tools/ProtoProxy/CMakeLists.txt6
-rw-r--r--Tools/ProtoProxy/Connection.cpp4
-rw-r--r--Tools/ProtoProxy/Connection.h10
-rw-r--r--Tools/ProtoProxy/Globals.h6
-rw-r--r--src/Crypto.cpp257
-rw-r--r--src/Crypto.h124
-rw-r--r--src/PolarSSL++/AesCfb128Decryptor.cpp67
-rw-r--r--src/PolarSSL++/AesCfb128Decryptor.h52
-rw-r--r--src/PolarSSL++/AesCfb128Encryptor.cpp68
-rw-r--r--src/PolarSSL++/AesCfb128Encryptor.h50
-rw-r--r--src/PolarSSL++/CMakeLists.txt42
-rw-r--r--src/PolarSSL++/Sha1Checksum.cpp138
-rw-r--r--src/PolarSSL++/Sha1Checksum.h52
-rw-r--r--src/Protocol/Protocol132.cpp18
-rw-r--r--src/Protocol/Protocol132.h7
-rw-r--r--src/Protocol/Protocol17x.cpp5
-rw-r--r--src/Protocol/Protocol17x.h7
17 files changed, 477 insertions, 436 deletions
diff --git a/Tools/ProtoProxy/CMakeLists.txt b/Tools/ProtoProxy/CMakeLists.txt
index a2241f355..a136c95df 100644
--- a/Tools/ProtoProxy/CMakeLists.txt
+++ b/Tools/ProtoProxy/CMakeLists.txt
@@ -36,7 +36,8 @@ set(SHARED_SRC
../../src/StringUtils.cpp
../../src/Log.cpp
../../src/MCLogger.cpp
- ../../src/Crypto.cpp
+ ../../src/PolarSSL++/AesCfb128Decryptor.cpp
+ ../../src/PolarSSL++/AesCfb128Encryptor.cpp
../../src/PolarSSL++/CtrDrbgContext.cpp
../../src/PolarSSL++/EntropyContext.cpp
../../src/PolarSSL++/PublicKey.cpp
@@ -47,7 +48,8 @@ set(SHARED_HDR
../../src/StringUtils.h
../../src/Log.h
../../src/MCLogger.h
- ../../src/Crypto.h
+ ../../src/PolarSSL++/AesCfb128Decryptor.h
+ ../../src/PolarSSL++/AesCfb128Encryptor.h
../../src/PolarSSL++/CtrDrbgContext.h
../../src/PolarSSL++/EntropyContext.h
../../src/PolarSSL++/PublicKey.h
diff --git a/Tools/ProtoProxy/Connection.cpp b/Tools/ProtoProxy/Connection.cpp
index fcbd9190c..26aed2206 100644
--- a/Tools/ProtoProxy/Connection.cpp
+++ b/Tools/ProtoProxy/Connection.cpp
@@ -472,7 +472,7 @@ bool cConnection::SendData(SOCKET a_Socket, cByteBuffer & a_Data, const char * a
-bool cConnection::SendEncryptedData(SOCKET a_Socket, cAESCFBEncryptor & a_Encryptor, const char * a_Data, size_t a_Size, const char * a_Peer)
+bool cConnection::SendEncryptedData(SOCKET a_Socket, cAesCfb128Encryptor & a_Encryptor, const char * a_Data, size_t a_Size, const char * a_Peer)
{
DataLog(a_Data, a_Size, "Encrypting %d bytes to %s", a_Size, a_Peer);
const Byte * Data = (const Byte *)a_Data;
@@ -496,7 +496,7 @@ bool cConnection::SendEncryptedData(SOCKET a_Socket, cAESCFBEncryptor & a_Encryp
-bool cConnection::SendEncryptedData(SOCKET a_Socket, cAESCFBEncryptor & a_Encryptor, cByteBuffer & a_Data, const char * a_Peer)
+bool cConnection::SendEncryptedData(SOCKET a_Socket, cAesCfb128Encryptor & a_Encryptor, cByteBuffer & a_Data, const char * a_Peer)
{
AString All;
a_Data.ReadAll(All);
diff --git a/Tools/ProtoProxy/Connection.h b/Tools/ProtoProxy/Connection.h
index 9e04994b7..1fc9536de 100644
--- a/Tools/ProtoProxy/Connection.h
+++ b/Tools/ProtoProxy/Connection.h
@@ -11,6 +11,8 @@
#include "ByteBuffer.h"
#include "OSSupport/Timer.h"
+#include "PolarSSL++/AesCfb128Decryptor.h"
+#include "PolarSSL++/AesCfb128Encryptor.h"
@@ -66,8 +68,8 @@ protected:
cByteBuffer m_ClientBuffer;
cByteBuffer m_ServerBuffer;
- cAESCFBDecryptor m_ServerDecryptor;
- cAESCFBEncryptor m_ServerEncryptor;
+ cAesCfb128Decryptor m_ServerDecryptor;
+ cAesCfb128Encryptor m_ServerEncryptor;
AString m_ServerEncryptionBuffer; // Buffer for the data to be sent to the server once encryption is established
@@ -109,10 +111,10 @@ protected:
bool SendData(SOCKET a_Socket, cByteBuffer & a_Data, const char * a_Peer);
/// Sends data to the specfied socket, after encrypting it using a_Encryptor. If sending fails, prints a fail message using a_Peer and returns false
- bool SendEncryptedData(SOCKET a_Socket, cAESCFBEncryptor & a_Encryptor, const char * a_Data, size_t a_Size, const char * a_Peer);
+ bool SendEncryptedData(SOCKET a_Socket, cAesCfb128Encryptor & a_Encryptor, const char * a_Data, size_t a_Size, const char * a_Peer);
/// Sends data to the specfied socket, after encrypting it using a_Encryptor. If sending fails, prints a fail message using a_Peer and returns false
- bool SendEncryptedData(SOCKET a_Socket, cAESCFBEncryptor & a_Encryptor, cByteBuffer & a_Data, const char * a_Peer);
+ bool SendEncryptedData(SOCKET a_Socket, cAesCfb128Encryptor & a_Encryptor, cByteBuffer & a_Data, const char * a_Peer);
/// Decodes packets coming from the client, sends appropriate counterparts to the server; returns false if the connection is to be dropped
bool DecodeClientsPackets(const char * a_Data, int a_Size);
diff --git a/Tools/ProtoProxy/Globals.h b/Tools/ProtoProxy/Globals.h
index 186efa611..54e7e9251 100644
--- a/Tools/ProtoProxy/Globals.h
+++ b/Tools/ProtoProxy/Globals.h
@@ -246,12 +246,6 @@ public:
-#include "../../src/Crypto.h"
-
-
-
-
-
#define LOGERROR printf
#define LOGINFO printf
#define LOGWARNING printf
diff --git a/src/Crypto.cpp b/src/Crypto.cpp
deleted file mode 100644
index 370b498bf..000000000
--- a/src/Crypto.cpp
+++ /dev/null
@@ -1,257 +0,0 @@
-
-// Crypto.cpp
-
-// Implements classes that wrap the cryptographic code library
-
-#include "Globals.h"
-#include "Crypto.h"
-
-#include "polarssl/pk.h"
-
-
-
-
-
-/*
-// Self-test the hash formatting for known values:
-// sha1(Notch) : 4ed1f46bbe04bc756bcb17c0c7ce3e4632f06a48
-// sha1(jeb_) : -7c9d5b0044c130109a5d7b5fb5c317c02b4e28c1
-// sha1(simon) : 88e16a1019277b15d58faf0541e11910eb756f6
-
-class Test
-{
-public:
- Test(void)
- {
- AString DigestNotch, DigestJeb, DigestSimon;
- Byte Digest[20];
- cSHA1Checksum Checksum;
- Checksum.Update((const Byte *)"Notch", 5);
- Checksum.Finalize(Digest);
- cSHA1Checksum::DigestToJava(Digest, DigestNotch);
- Checksum.Restart();
- Checksum.Update((const Byte *)"jeb_", 4);
- Checksum.Finalize(Digest);
- cSHA1Checksum::DigestToJava(Digest, DigestJeb);
- Checksum.Restart();
- Checksum.Update((const Byte *)"simon", 5);
- Checksum.Finalize(Digest);
- cSHA1Checksum::DigestToJava(Digest, DigestSimon);
- printf("Notch: \"%s\"\n", DigestNotch.c_str());
- printf("jeb_: \"%s\"\n", DigestJeb.c_str());
- printf("simon: \"%s\"\n", DigestSimon.c_str());
- assert(DigestNotch == "4ed1f46bbe04bc756bcb17c0c7ce3e4632f06a48");
- assert(DigestJeb == "-7c9d5b0044c130109a5d7b5fb5c317c02b4e28c1");
- assert(DigestSimon == "88e16a1019277b15d58faf0541e11910eb756f6");
- }
-} test;
-*/
-
-
-
-
-
-
-///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
-// cAESCFBDecryptor:
-
-cAESCFBDecryptor::cAESCFBDecryptor(void) :
- m_IVOffset(0),
- m_IsValid(false)
-{
-}
-
-
-
-
-
-cAESCFBDecryptor::~cAESCFBDecryptor()
-{
- // Clear the leftover in-memory data, so that they can't be accessed by a backdoor
- memset(&m_Aes, 0, sizeof(m_Aes));
-}
-
-
-
-
-
-void cAESCFBDecryptor::Init(const Byte a_Key[16], const Byte a_IV[16])
-{
- ASSERT(!IsValid()); // Cannot Init twice
-
- memcpy(m_IV, a_IV, 16);
- aes_setkey_enc(&m_Aes, a_Key, 128);
- m_IsValid = true;
-}
-
-
-
-
-
-void cAESCFBDecryptor::ProcessData(Byte * a_DecryptedOut, const Byte * a_EncryptedIn, size_t a_Length)
-{
- ASSERT(IsValid()); // Must Init() first
-
- // PolarSSL doesn't support AES-CFB8, need to implement it manually:
- for (size_t i = 0; i < a_Length; i++)
- {
- Byte Buffer[sizeof(m_IV)];
- aes_crypt_ecb(&m_Aes, AES_ENCRYPT, m_IV, Buffer);
- for (size_t idx = 0; idx < sizeof(m_IV) - 1; idx++)
- {
- m_IV[idx] = m_IV[idx + 1];
- }
- m_IV[sizeof(m_IV) - 1] = a_EncryptedIn[i];
- a_DecryptedOut[i] = a_EncryptedIn[i] ^ Buffer[0];
- }
-}
-
-
-
-
-
-///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
-// cAESCFBEncryptor:
-
-cAESCFBEncryptor::cAESCFBEncryptor(void) :
- m_IVOffset(0),
- m_IsValid(false)
-{
-}
-
-
-
-
-
-cAESCFBEncryptor::~cAESCFBEncryptor()
-{
- // Clear the leftover in-memory data, so that they can't be accessed by a backdoor
- memset(&m_Aes, 0, sizeof(m_Aes));
-}
-
-
-
-
-
-void cAESCFBEncryptor::Init(const Byte a_Key[16], const Byte a_IV[16])
-{
- ASSERT(!IsValid()); // Cannot Init twice
- ASSERT(m_IVOffset == 0);
-
- memcpy(m_IV, a_IV, 16);
- aes_setkey_enc(&m_Aes, a_Key, 128);
- m_IsValid = true;
-}
-
-
-
-
-
-void cAESCFBEncryptor::ProcessData(Byte * a_EncryptedOut, const Byte * a_PlainIn, size_t a_Length)
-{
- ASSERT(IsValid()); // Must Init() first
-
- // PolarSSL doesn't do AES-CFB8, so we need to implement it ourselves:
- for (size_t i = 0; i < a_Length; i++)
- {
- Byte Buffer[sizeof(m_IV)];
- aes_crypt_ecb(&m_Aes, AES_ENCRYPT, m_IV, Buffer);
- for (size_t idx = 0; idx < sizeof(m_IV) - 1; idx++)
- {
- m_IV[idx] = m_IV[idx + 1];
- }
- a_EncryptedOut[i] = a_PlainIn[i] ^ Buffer[0];
- m_IV[sizeof(m_IV) - 1] = a_EncryptedOut[i];
- }
-}
-
-
-
-
-
-///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
-// cSHA1Checksum:
-
-cSHA1Checksum::cSHA1Checksum(void) :
- m_DoesAcceptInput(true)
-{
- sha1_starts(&m_Sha1);
-}
-
-
-
-
-
-void cSHA1Checksum::Update(const Byte * a_Data, size_t a_Length)
-{
- ASSERT(m_DoesAcceptInput); // Not Finalize()-d yet, or Restart()-ed
-
- sha1_update(&m_Sha1, a_Data, a_Length);
-}
-
-
-
-
-
-void cSHA1Checksum::Finalize(cSHA1Checksum::Checksum & a_Output)
-{
- ASSERT(m_DoesAcceptInput); // Not Finalize()-d yet, or Restart()-ed
-
- sha1_finish(&m_Sha1, a_Output);
- m_DoesAcceptInput = false;
-}
-
-
-
-
-
-void cSHA1Checksum::DigestToJava(const Checksum & a_Digest, AString & a_Out)
-{
- Checksum Digest;
- memcpy(Digest, a_Digest, sizeof(Digest));
-
- bool IsNegative = (Digest[0] >= 0x80);
- if (IsNegative)
- {
- // Two's complement:
- bool carry = true; // Add one to the whole number
- for (int i = 19; i >= 0; i--)
- {
- Digest[i] = ~Digest[i];
- if (carry)
- {
- carry = (Digest[i] == 0xff);
- Digest[i]++;
- }
- }
- }
- a_Out.clear();
- a_Out.reserve(40);
- for (int i = 0; i < 20; i++)
- {
- AppendPrintf(a_Out, "%02x", Digest[i]);
- }
- while ((a_Out.length() > 0) && (a_Out[0] == '0'))
- {
- a_Out.erase(0, 1);
- }
- if (IsNegative)
- {
- a_Out.insert(0, "-");
- }
-}
-
-
-
-
-
-
-void cSHA1Checksum::Restart(void)
-{
- sha1_starts(&m_Sha1);
- m_DoesAcceptInput = true;
-}
-
-
-
-
diff --git a/src/Crypto.h b/src/Crypto.h
deleted file mode 100644
index 993b21afb..000000000
--- a/src/Crypto.h
+++ /dev/null
@@ -1,124 +0,0 @@
-
-// Crypto.h
-
-// Declares classes that wrap the cryptographic code library
-
-
-
-
-
-#pragma once
-
-#include "polarssl/rsa.h"
-#include "polarssl/aes.h"
-#include "polarssl/entropy.h"
-#include "polarssl/ctr_drbg.h"
-#include "polarssl/sha1.h"
-
-
-
-
-
-/** Decrypts data using the AES / CFB (128) algorithm */
-class cAESCFBDecryptor
-{
-public:
- Byte test;
-
- cAESCFBDecryptor(void);
- ~cAESCFBDecryptor();
-
- /** Initializes the decryptor with the specified Key / IV */
- void Init(const Byte a_Key[16], const Byte a_IV[16]);
-
- /** Decrypts a_Length bytes of the encrypted data; produces a_Length output bytes */
- void ProcessData(Byte * a_DecryptedOut, const Byte * a_EncryptedIn, size_t a_Length);
-
- /** Returns true if the object has been initialized with the Key / IV */
- bool IsValid(void) const { return m_IsValid; }
-
-protected:
- aes_context m_Aes;
-
- /** The InitialVector, used by the CFB mode decryption */
- Byte m_IV[16];
-
- /** Current offset in the m_IV, used by the CFB mode decryption */
- size_t m_IVOffset;
-
- /** Indicates whether the object has been initialized with the Key / IV */
- bool m_IsValid;
-} ;
-
-
-
-
-
-/** Encrypts data using the AES / CFB (128) algorithm */
-class cAESCFBEncryptor
-{
-public:
- cAESCFBEncryptor(void);
- ~cAESCFBEncryptor();
-
- /** Initializes the decryptor with the specified Key / IV */
- void Init(const Byte a_Key[16], const Byte a_IV[16]);
-
- /** Encrypts a_Length bytes of the plain data; produces a_Length output bytes */
- void ProcessData(Byte * a_EncryptedOut, const Byte * a_PlainIn, size_t a_Length);
-
- /** Returns true if the object has been initialized with the Key / IV */
- bool IsValid(void) const { return m_IsValid; }
-
-protected:
- aes_context m_Aes;
-
- /** The InitialVector, used by the CFB mode encryption */
- Byte m_IV[16];
-
- /** Current offset in the m_IV, used by the CFB mode encryption */
- size_t m_IVOffset;
-
- /** Indicates whether the object has been initialized with the Key / IV */
- bool m_IsValid;
-} ;
-
-
-
-
-
-/** Calculates a SHA1 checksum for data stream */
-class cSHA1Checksum
-{
-public:
- typedef Byte Checksum[20]; // The type used for storing the checksum
-
- cSHA1Checksum(void);
-
- /** Adds the specified data to the checksum */
- void Update(const Byte * a_Data, size_t a_Length);
-
- /** Calculates and returns the final checksum */
- void Finalize(Checksum & a_Output);
-
- /** Returns true if the object is accepts more input data, false if Finalize()-d (need to Restart()) */
- bool DoesAcceptInput(void) const { return m_DoesAcceptInput; }
-
- /** Converts a raw 160-bit SHA1 digest into a Java Hex representation
- According to http://wiki.vg/wiki/index.php?title=Protocol_Encryption&oldid=2802
- */
- static void DigestToJava(const Checksum & a_Digest, AString & a_JavaOut);
-
- /** Clears the current context and start a new checksum calculation */
- void Restart(void);
-
-protected:
- /** True if the object is accepts more input data, false if Finalize()-d (need to Restart()) */
- bool m_DoesAcceptInput;
-
- sha1_context m_Sha1;
-} ;
-
-
-
-
diff --git a/src/PolarSSL++/AesCfb128Decryptor.cpp b/src/PolarSSL++/AesCfb128Decryptor.cpp
new file mode 100644
index 000000000..af0d5106e
--- /dev/null
+++ b/src/PolarSSL++/AesCfb128Decryptor.cpp
@@ -0,0 +1,67 @@
+
+// AesCfb128Decryptor.cpp
+
+// Implements the cAesCfb128Decryptor class decrypting data using AES CFB-128
+
+#include "Globals.h"
+#include "AesCfb128Decryptor.h"
+
+
+
+
+
+cAesCfb128Decryptor::cAesCfb128Decryptor(void) :
+ m_IVOffset(0),
+ m_IsValid(false)
+{
+}
+
+
+
+
+
+cAesCfb128Decryptor::~cAesCfb128Decryptor()
+{
+ // Clear the leftover in-memory data, so that they can't be accessed by a backdoor
+ memset(&m_Aes, 0, sizeof(m_Aes));
+}
+
+
+
+
+
+void cAesCfb128Decryptor::Init(const Byte a_Key[16], const Byte a_IV[16])
+{
+ ASSERT(!IsValid()); // Cannot Init twice
+
+ memcpy(m_IV, a_IV, 16);
+ aes_setkey_enc(&m_Aes, a_Key, 128);
+ m_IsValid = true;
+}
+
+
+
+
+
+void cAesCfb128Decryptor::ProcessData(Byte * a_DecryptedOut, const Byte * a_EncryptedIn, size_t a_Length)
+{
+ ASSERT(IsValid()); // Must Init() first
+
+ // PolarSSL doesn't support AES-CFB8, need to implement it manually:
+ for (size_t i = 0; i < a_Length; i++)
+ {
+ Byte Buffer[sizeof(m_IV)];
+ aes_crypt_ecb(&m_Aes, AES_ENCRYPT, m_IV, Buffer);
+ for (size_t idx = 0; idx < sizeof(m_IV) - 1; idx++)
+ {
+ m_IV[idx] = m_IV[idx + 1];
+ }
+ m_IV[sizeof(m_IV) - 1] = a_EncryptedIn[i];
+ a_DecryptedOut[i] = a_EncryptedIn[i] ^ Buffer[0];
+ }
+}
+
+
+
+
+
diff --git a/src/PolarSSL++/AesCfb128Decryptor.h b/src/PolarSSL++/AesCfb128Decryptor.h
new file mode 100644
index 000000000..68c203d70
--- /dev/null
+++ b/src/PolarSSL++/AesCfb128Decryptor.h
@@ -0,0 +1,52 @@
+
+// AesCfb128Decryptor.h
+
+// Declares the cAesCfb128Decryptor class decrypting data using AES CFB-128
+
+
+
+
+
+#pragma once
+
+#include "polarssl/aes.h"
+
+
+
+
+
+/** Decrypts data using the AES / CFB 128 algorithm */
+class cAesCfb128Decryptor
+{
+public:
+ Byte test;
+
+ cAesCfb128Decryptor(void);
+ ~cAesCfb128Decryptor();
+
+ /** Initializes the decryptor with the specified Key / IV */
+ void Init(const Byte a_Key[16], const Byte a_IV[16]);
+
+ /** Decrypts a_Length bytes of the encrypted data; produces a_Length output bytes */
+ void ProcessData(Byte * a_DecryptedOut, const Byte * a_EncryptedIn, size_t a_Length);
+
+ /** Returns true if the object has been initialized with the Key / IV */
+ bool IsValid(void) const { return m_IsValid; }
+
+protected:
+ aes_context m_Aes;
+
+ /** The InitialVector, used by the CFB mode decryption */
+ Byte m_IV[16];
+
+ /** Current offset in the m_IV, used by the CFB mode decryption */
+ size_t m_IVOffset;
+
+ /** Indicates whether the object has been initialized with the Key / IV */
+ bool m_IsValid;
+} ;
+
+
+
+
+
diff --git a/src/PolarSSL++/AesCfb128Encryptor.cpp b/src/PolarSSL++/AesCfb128Encryptor.cpp
new file mode 100644
index 000000000..a641ad48e
--- /dev/null
+++ b/src/PolarSSL++/AesCfb128Encryptor.cpp
@@ -0,0 +1,68 @@
+
+// AesCfb128Encryptor.cpp
+
+// Implements the cAesCfb128Encryptor class encrypting data using AES CFB-128
+
+#include "Globals.h"
+#include "AesCfb128Encryptor.h"
+
+
+
+
+
+cAesCfb128Encryptor::cAesCfb128Encryptor(void) :
+ m_IVOffset(0),
+ m_IsValid(false)
+{
+}
+
+
+
+
+
+cAesCfb128Encryptor::~cAesCfb128Encryptor()
+{
+ // Clear the leftover in-memory data, so that they can't be accessed by a backdoor
+ memset(&m_Aes, 0, sizeof(m_Aes));
+}
+
+
+
+
+
+void cAesCfb128Encryptor::Init(const Byte a_Key[16], const Byte a_IV[16])
+{
+ ASSERT(!IsValid()); // Cannot Init twice
+ ASSERT(m_IVOffset == 0);
+
+ memcpy(m_IV, a_IV, 16);
+ aes_setkey_enc(&m_Aes, a_Key, 128);
+ m_IsValid = true;
+}
+
+
+
+
+
+void cAesCfb128Encryptor::ProcessData(Byte * a_EncryptedOut, const Byte * a_PlainIn, size_t a_Length)
+{
+ ASSERT(IsValid()); // Must Init() first
+
+ // PolarSSL doesn't do AES-CFB8, so we need to implement it ourselves:
+ for (size_t i = 0; i < a_Length; i++)
+ {
+ Byte Buffer[sizeof(m_IV)];
+ aes_crypt_ecb(&m_Aes, AES_ENCRYPT, m_IV, Buffer);
+ for (size_t idx = 0; idx < sizeof(m_IV) - 1; idx++)
+ {
+ m_IV[idx] = m_IV[idx + 1];
+ }
+ a_EncryptedOut[i] = a_PlainIn[i] ^ Buffer[0];
+ m_IV[sizeof(m_IV) - 1] = a_EncryptedOut[i];
+ }
+}
+
+
+
+
+
diff --git a/src/PolarSSL++/AesCfb128Encryptor.h b/src/PolarSSL++/AesCfb128Encryptor.h
new file mode 100644
index 000000000..9dbb5d2c3
--- /dev/null
+++ b/src/PolarSSL++/AesCfb128Encryptor.h
@@ -0,0 +1,50 @@
+
+// AesCfb128Encryptor.h
+
+// Declares the cAesCfb128Encryptor class encrypting data using AES CFB-128
+
+
+
+
+
+#pragma once
+
+#include "polarssl/aes.h"
+
+
+
+
+
+/** Encrypts data using the AES / CFB (128) algorithm */
+class cAesCfb128Encryptor
+{
+public:
+ cAesCfb128Encryptor(void);
+ ~cAesCfb128Encryptor();
+
+ /** Initializes the decryptor with the specified Key / IV */
+ void Init(const Byte a_Key[16], const Byte a_IV[16]);
+
+ /** Encrypts a_Length bytes of the plain data; produces a_Length output bytes */
+ void ProcessData(Byte * a_EncryptedOut, const Byte * a_PlainIn, size_t a_Length);
+
+ /** Returns true if the object has been initialized with the Key / IV */
+ bool IsValid(void) const { return m_IsValid; }
+
+protected:
+ aes_context m_Aes;
+
+ /** The InitialVector, used by the CFB mode encryption */
+ Byte m_IV[16];
+
+ /** Current offset in the m_IV, used by the CFB mode encryption */
+ size_t m_IVOffset;
+
+ /** Indicates whether the object has been initialized with the Key / IV */
+ bool m_IsValid;
+} ;
+
+
+
+
+
diff --git a/src/PolarSSL++/CMakeLists.txt b/src/PolarSSL++/CMakeLists.txt
index bf7720abc..b0a592760 100644
--- a/src/PolarSSL++/CMakeLists.txt
+++ b/src/PolarSSL++/CMakeLists.txt
@@ -5,27 +5,33 @@ project (MCServer)
include_directories ("${PROJECT_SOURCE_DIR}/../")
set(SOURCES
- "BlockingSslClientSocket.cpp"
- "BufferedSslContext.cpp"
- "CallbackSslContext.cpp"
- "CtrDrbgContext.cpp"
- "EntropyContext.cpp"
- "PublicKey.cpp"
- "RsaPrivateKey.cpp"
- "SslContext.cpp"
- "X509Cert.cpp"
+ AesCfb128Decryptor.cpp
+ AesCfb128Encryptor.cpp
+ BlockingSslClientSocket.cpp
+ BufferedSslContext.cpp
+ CallbackSslContext.cpp
+ CtrDrbgContext.cpp
+ EntropyContext.cpp
+ PublicKey.cpp
+ RsaPrivateKey.cpp
+ Sha1Checksum.cpp
+ SslContext.cpp
+ X509Cert.cpp
)
set(HEADERS
- "BlockingSslClientSocket.h"
- "BufferedSslContext.h"
- "CallbackSslContext.h"
- "CtrDrbgContext.h"
- "EntropyContext.h"
- "PublicKey.h"
- "RsaPrivateKey.h"
- "SslContext.h"
- "X509Cert.h"
+ AesCfb128Decryptor.h
+ AesCfb128Encryptor.h
+ BlockingSslClientSocket.h
+ BufferedSslContext.h
+ CallbackSslContext.h
+ CtrDrbgContext.h
+ EntropyContext.h
+ PublicKey.h
+ RsaPrivateKey.h
+ SslContext.h
+ Sha1Checksum.h
+ X509Cert.h
)
add_library(PolarSSL++ ${SOURCES} ${HEADERS})
diff --git a/src/PolarSSL++/Sha1Checksum.cpp b/src/PolarSSL++/Sha1Checksum.cpp
new file mode 100644
index 000000000..a1ee9d7b9
--- /dev/null
+++ b/src/PolarSSL++/Sha1Checksum.cpp
@@ -0,0 +1,138 @@
+
+// Sha1Checksum.cpp
+
+// Declares the cSha1Checksum class representing the SHA-1 checksum calculator
+
+#include "Globals.h"
+#include "Sha1Checksum.h"
+
+
+
+
+
+/*
+// Self-test the hash formatting for known values:
+// sha1(Notch) : 4ed1f46bbe04bc756bcb17c0c7ce3e4632f06a48
+// sha1(jeb_) : -7c9d5b0044c130109a5d7b5fb5c317c02b4e28c1
+// sha1(simon) : 88e16a1019277b15d58faf0541e11910eb756f6
+
+static class Test
+{
+public:
+ Test(void)
+ {
+ AString DigestNotch, DigestJeb, DigestSimon;
+ Byte Digest[20];
+ cSha1Checksum Checksum;
+ Checksum.Update((const Byte *)"Notch", 5);
+ Checksum.Finalize(Digest);
+ cSha1Checksum::DigestToJava(Digest, DigestNotch);
+ Checksum.Restart();
+ Checksum.Update((const Byte *)"jeb_", 4);
+ Checksum.Finalize(Digest);
+ cSha1Checksum::DigestToJava(Digest, DigestJeb);
+ Checksum.Restart();
+ Checksum.Update((const Byte *)"simon", 5);
+ Checksum.Finalize(Digest);
+ cSha1Checksum::DigestToJava(Digest, DigestSimon);
+ printf("Notch: \"%s\"\n", DigestNotch.c_str());
+ printf("jeb_: \"%s\"\n", DigestJeb.c_str());
+ printf("simon: \"%s\"\n", DigestSimon.c_str());
+ assert(DigestNotch == "4ed1f46bbe04bc756bcb17c0c7ce3e4632f06a48");
+ assert(DigestJeb == "-7c9d5b0044c130109a5d7b5fb5c317c02b4e28c1");
+ assert(DigestSimon == "88e16a1019277b15d58faf0541e11910eb756f6");
+ }
+} test;
+*/
+
+
+
+
+
+
+///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+// cSha1Checksum:
+
+cSha1Checksum::cSha1Checksum(void) :
+ m_DoesAcceptInput(true)
+{
+ sha1_starts(&m_Sha1);
+}
+
+
+
+
+
+void cSha1Checksum::Update(const Byte * a_Data, size_t a_Length)
+{
+ ASSERT(m_DoesAcceptInput); // Not Finalize()-d yet, or Restart()-ed
+
+ sha1_update(&m_Sha1, a_Data, a_Length);
+}
+
+
+
+
+
+void cSha1Checksum::Finalize(cSha1Checksum::Checksum & a_Output)
+{
+ ASSERT(m_DoesAcceptInput); // Not Finalize()-d yet, or Restart()-ed
+
+ sha1_finish(&m_Sha1, a_Output);
+ m_DoesAcceptInput = false;
+}
+
+
+
+
+
+void cSha1Checksum::DigestToJava(const Checksum & a_Digest, AString & a_Out)
+{
+ Checksum Digest;
+ memcpy(Digest, a_Digest, sizeof(Digest));
+
+ bool IsNegative = (Digest[0] >= 0x80);
+ if (IsNegative)
+ {
+ // Two's complement:
+ bool carry = true; // Add one to the whole number
+ for (int i = 19; i >= 0; i--)
+ {
+ Digest[i] = ~Digest[i];
+ if (carry)
+ {
+ carry = (Digest[i] == 0xff);
+ Digest[i]++;
+ }
+ }
+ }
+ a_Out.clear();
+ a_Out.reserve(40);
+ for (int i = 0; i < 20; i++)
+ {
+ AppendPrintf(a_Out, "%02x", Digest[i]);
+ }
+ while ((a_Out.length() > 0) && (a_Out[0] == '0'))
+ {
+ a_Out.erase(0, 1);
+ }
+ if (IsNegative)
+ {
+ a_Out.insert(0, "-");
+ }
+}
+
+
+
+
+
+
+void cSha1Checksum::Restart(void)
+{
+ sha1_starts(&m_Sha1);
+ m_DoesAcceptInput = true;
+}
+
+
+
+
diff --git a/src/PolarSSL++/Sha1Checksum.h b/src/PolarSSL++/Sha1Checksum.h
new file mode 100644
index 000000000..68fdbcf1b
--- /dev/null
+++ b/src/PolarSSL++/Sha1Checksum.h
@@ -0,0 +1,52 @@
+
+// Sha1Checksum.h
+
+// Declares the cSha1Checksum class representing the SHA-1 checksum calculator
+
+
+
+
+
+#pragma once
+
+#include "polarssl/sha1.h"
+
+
+
+
+
+/** Calculates a SHA1 checksum for data stream */
+class cSha1Checksum
+{
+public:
+ typedef Byte Checksum[20]; // The type used for storing the checksum
+
+ cSha1Checksum(void);
+
+ /** Adds the specified data to the checksum */
+ void Update(const Byte * a_Data, size_t a_Length);
+
+ /** Calculates and returns the final checksum */
+ void Finalize(Checksum & a_Output);
+
+ /** Returns true if the object is accepts more input data, false if Finalize()-d (need to Restart()) */
+ bool DoesAcceptInput(void) const { return m_DoesAcceptInput; }
+
+ /** Converts a raw 160-bit SHA1 digest into a Java Hex representation
+ According to http://wiki.vg/wiki/index.php?title=Protocol_Encryption&oldid=2802
+ */
+ static void DigestToJava(const Checksum & a_Digest, AString & a_JavaOut);
+
+ /** Clears the current context and start a new checksum calculation */
+ void Restart(void);
+
+protected:
+ /** True if the object is accepts more input data, false if Finalize()-d (need to Restart()) */
+ bool m_DoesAcceptInput;
+
+ sha1_context m_Sha1;
+} ;
+
+
+
+
diff --git a/src/Protocol/Protocol132.cpp b/src/Protocol/Protocol132.cpp
index acfa5e811..f4717f592 100644
--- a/src/Protocol/Protocol132.cpp
+++ b/src/Protocol/Protocol132.cpp
@@ -18,19 +18,7 @@
#include "../WorldStorage/FastNBT.h"
#include "../WorldStorage/EnchantmentSerializer.h"
#include "../StringCompression.h"
-
-#ifdef _MSC_VER
- #pragma warning(push)
- #pragma warning(disable:4127)
- #pragma warning(disable:4244)
- #pragma warning(disable:4231)
- #pragma warning(disable:4189)
- #pragma warning(disable:4702)
-#endif
-
-#ifdef _MSC_VER
- #pragma warning(pop)
-#endif
+#include "PolarSSL++/Sha1Checksum.h"
@@ -876,7 +864,7 @@ void cProtocol132::StartEncryption(const Byte * a_Key)
m_IsEncrypted = true;
// Prepare the m_AuthServerID:
- cSHA1Checksum Checksum;
+ cSha1Checksum Checksum;
cServer * Server = cRoot::Get()->GetServer();
AString ServerID = Server->GetServerID();
Checksum.Update((const Byte *)ServerID.c_str(), ServerID.length());
@@ -884,7 +872,7 @@ void cProtocol132::StartEncryption(const Byte * a_Key)
Checksum.Update((const Byte *)Server->GetPublicKeyDER().data(), Server->GetPublicKeyDER().size());
Byte Digest[20];
Checksum.Finalize(Digest);
- cSHA1Checksum::DigestToJava(Digest, m_AuthServerID);
+ cSha1Checksum::DigestToJava(Digest, m_AuthServerID);
}
diff --git a/src/Protocol/Protocol132.h b/src/Protocol/Protocol132.h
index b280c8a41..32bc7d581 100644
--- a/src/Protocol/Protocol132.h
+++ b/src/Protocol/Protocol132.h
@@ -24,7 +24,8 @@
#pragma warning(pop)
#endif
-#include "../Crypto.h"
+#include "PolarSSL++/AesCfb128Decryptor.h"
+#include "PolarSSL++/AesCfb128Encryptor.h"
@@ -79,8 +80,8 @@ public:
protected:
bool m_IsEncrypted;
- cAESCFBDecryptor m_Decryptor;
- cAESCFBEncryptor m_Encryptor;
+ cAesCfb128Decryptor m_Decryptor;
+ cAesCfb128Encryptor m_Encryptor;
AString m_DataToSend;
diff --git a/src/Protocol/Protocol17x.cpp b/src/Protocol/Protocol17x.cpp
index 001b8c219..a6d566625 100644
--- a/src/Protocol/Protocol17x.cpp
+++ b/src/Protocol/Protocol17x.cpp
@@ -33,6 +33,7 @@ Implements the 1.7.x protocol classes:
#include "../CompositeChat.h"
#include "../Entities/ArrowEntity.h"
#include "../Entities/FireworkEntity.h"
+#include "PolarSSL++/Sha1Checksum.h"
@@ -2293,7 +2294,7 @@ void cProtocol172::StartEncryption(const Byte * a_Key)
m_IsEncrypted = true;
// Prepare the m_AuthServerID:
- cSHA1Checksum Checksum;
+ cSha1Checksum Checksum;
cServer * Server = cRoot::Get()->GetServer();
const AString & ServerID = Server->GetServerID();
Checksum.Update((const Byte *)ServerID.c_str(), ServerID.length());
@@ -2301,7 +2302,7 @@ void cProtocol172::StartEncryption(const Byte * a_Key)
Checksum.Update((const Byte *)Server->GetPublicKeyDER().data(), Server->GetPublicKeyDER().size());
Byte Digest[20];
Checksum.Finalize(Digest);
- cSHA1Checksum::DigestToJava(Digest, m_AuthServerID);
+ cSha1Checksum::DigestToJava(Digest, m_AuthServerID);
}
diff --git a/src/Protocol/Protocol17x.h b/src/Protocol/Protocol17x.h
index 6a3e81eff..3f9c93357 100644
--- a/src/Protocol/Protocol17x.h
+++ b/src/Protocol/Protocol17x.h
@@ -30,7 +30,8 @@ Declares the 1.7.x protocol classes:
#pragma warning(pop)
#endif
-#include "../Crypto.h"
+#include "PolarSSL++/AesCfb128Decryptor.h"
+#include "PolarSSL++/AesCfb128Encryptor.h"
@@ -236,8 +237,8 @@ protected:
bool m_IsEncrypted;
- cAESCFBDecryptor m_Decryptor;
- cAESCFBEncryptor m_Encryptor;
+ cAesCfb128Decryptor m_Decryptor;
+ cAesCfb128Decryptor m_Encryptor;
/** The logfile where the comm is logged, when g_ShouldLogComm is true */
cFile m_CommLogFile;