mirrors/PocketMine-MP
1
0
Fork 0
mirror of https://github.com/pmmp/PocketMine-MP.git synced 2025-09-06 17:59:48 +00:00
Code Issues Projects Releases Wiki Activity

Implemented network encryption (#2343)

Browse Source 
For those who fuss about performance, you can disable the `network.enable-encryption` option to use sessions without encryption.
This commit is contained in:
Dylan K. Taylor
2018-07-31 15:54:18 +01:00
committed by GitHub
parent 62cb7963dc
commit 2bf6764112
13 changed files with 556 additions and 176 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
src/pocketmine/network/mcpe/NetworkCipher.php Normal file
View File

@ -0,0 +1,83 @@
<?php
/*
*
* ____ _ _ __ __ _ __ __ ____
* | _ \ ___ ___| | _____| |_| \/ (_)_ __ ___ | \/ | _ \
* | |_) / _ \ / __| |/ / _ \ __| |\/| | | '_ \ / _ \_____| |\/| | |_) |
* | __/ (_) | (__| < __/ |_| | | | | | | | __/_____| | | | __/
* |_| \___/ \___|_|\_\___|\__|_| |_|_|_| |_|\___| |_| |_|_|
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* @author PocketMine Team
* @link http://www.pocketmine.net/
*
*
*/
declare(strict_types=1);
namespace pocketmine\network\mcpe;
use Crypto\Cipher;
use pocketmine\utils\Binary;
class NetworkCipher{
private const ENCRYPTION_SCHEME = "AES-256-CFB8";
private const CHECKSUM_ALGO = "sha256";
public static $ENABLED = true;
/** @var string */
private $key;
/** @var Cipher */
private $decryptCipher;
/** @var int */
private $decryptCounter = 0;
/** @var Cipher */
private $encryptCipher;
/** @var int */
private $encryptCounter = 0;
public function __construct(string $encryptionKey){
//TODO: ext/crypto doesn't offer us a way to disable padding. This doesn't matter at the moment because we're
//using CFB8, but this might change in the future. This is supposed to be CFB8 no-padding.
$this->key = $encryptionKey;
$iv = substr($this->key, 0, 16);
$this->decryptCipher = new Cipher(self::ENCRYPTION_SCHEME);
$this->decryptCipher->decryptInit($this->key, $iv);
$this->encryptCipher = new Cipher(self::ENCRYPTION_SCHEME);
$this->encryptCipher->encryptInit($this->key, $iv);
}
public function decrypt($encrypted){
if(strlen($encrypted) < 9){
throw new \InvalidArgumentException("Payload is too short");
}
$decrypted = $this->decryptCipher->decryptUpdate($encrypted);
$payload = substr($decrypted, 0, -8);
if(($expected = $this->calculateChecksum($this->decryptCounter++, $payload)) !== ($actual = substr($decrypted, -8))){
throw new \InvalidArgumentException("Encrypted payload has invalid checksum (expected " . bin2hex($expected) . ", got " . bin2hex($actual) . ")");
}
return $payload;
}
public function encrypt(string $payload) : string{
return $this->encryptCipher->encryptUpdate($payload . $this->calculateChecksum($this->encryptCounter++, $payload));
}
private function calculateChecksum(int $counter, string $payload) : string{
return substr(hash(self::CHECKSUM_ALGO, Binary::writeLLong($counter) . $payload . $this->key, true), 0, 8);
}
}

34
src/pocketmine/network/mcpe/NetworkSession.php
View File

@ -27,6 +27,7 @@ use pocketmine\event\player\PlayerCreationEvent;
use pocketmine\event\server\DataPacketReceiveEvent;
use pocketmine\event\server\DataPacketSendEvent;
use pocketmine\network\mcpe\handler\DeathSessionHandler;
use pocketmine\network\mcpe\handler\HandshakeSessionHandler;
use pocketmine\network\mcpe\handler\LoginSessionHandler;
use pocketmine\network\mcpe\handler\PreSpawnSessionHandler;
use pocketmine\network\mcpe\handler\ResourcePacksSessionHandler;
@ -36,14 +37,13 @@ use pocketmine\network\mcpe\protocol\DataPacket;
use pocketmine\network\mcpe\protocol\DisconnectPacket;
use pocketmine\network\mcpe\protocol\PacketPool;
use pocketmine\network\mcpe\protocol\PlayStatusPacket;
use pocketmine\network\mcpe\protocol\ServerToClientHandshakePacket;
use pocketmine\network\NetworkInterface;
use pocketmine\Player;
use pocketmine\Server;
use pocketmine\timings\Timings;
class NetworkSession{
/** @var Server */
private $server;
/** @var Player */
@ -63,6 +63,9 @@ class NetworkSession{
/** @var bool */
private $connected = true;
/** @var NetworkCipher */
private $cipher;
public function __construct(Server $server, NetworkInterface $interface, string $ip, int $port){
$this->server = $server;
$this->interface = $interface;
@ -142,7 +145,15 @@ class NetworkSession{
return;
}
//TODO: decryption if enabled
if($this->cipher !== null){
try{
$payload = $this->cipher->decrypt($payload);
}catch(\InvalidArgumentException $e){
$this->server->getLogger()->debug("Encrypted packet from " . $this->ip . " " . $this->port . ": " . bin2hex($payload));
$this->disconnect("Packet decryption error: " . $e->getMessage());
return;
}
}
try{
$stream = new PacketStream(NetworkCompression::decompress($payload));
@ -151,6 +162,7 @@ class NetworkSession{
$this->disconnect("Compressed packet batch decode error (incompatible game version?)", false);
return;
}
while(!$stream->feof() and $this->connected){
$this->handleDataPacket(PacketPool::getPacket($stream->getString()));
}
@ -193,7 +205,9 @@ class NetworkSession{
}
public function sendEncoded(string $payload, bool $immediate = false) : void{
//TODO: encryption
if($this->cipher !== null){
$payload = $this->cipher->encrypt($payload);
}
$this->interface->putPacket($this, $payload, $immediate);
}
@ -262,13 +276,23 @@ class NetworkSession{
$this->player = null;
}
//TODO: onEnableEncryption() step
public function enableEncryption(string $encryptionKey, string $handshakeJwt) : void{
$pk = new ServerToClientHandshakePacket();
$pk->jwt = $handshakeJwt;
$this->sendDataPacket($pk, true); //make sure this gets sent before encryption is enabled
$this->cipher = new NetworkCipher($encryptionKey);
$this->setHandler(new HandshakeSessionHandler($this));
$this->server->getLogger()->debug("Enabled encryption for $this->ip $this->port");
}
public function onLoginSuccess() : void{
$pk = new PlayStatusPacket();
$pk->status = PlayStatusPacket::LOGIN_SUCCESS;
$this->sendDataPacket($pk);
$this->player->onLoginSuccess();
$this->setHandler(new ResourcePacksSessionHandler($this->player, $this, $this->server->getResourcePackManager()));
}

229
src/pocketmine/network/mcpe/ProcessLoginTask.php Normal file
View File

@ -0,0 +1,229 @@
<?php
/*
*
* ____ _ _ __ __ _ __ __ ____
* | _ \ ___ ___| | _____| |_| \/ (_)_ __ ___ | \/ | _ \
* | |_) / _ \ / __| |/ / _ \ __| |\/| | | '_ \ / _ \_____| |\/| | |_) |
* | __/ (_) | (__| < __/ |_| | | | | | | | __/_____| | | | __/
* |_| \___/ \___|_|\_\___|\__|_| |_|_|_| |_|\___| |_| |_|_|
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* @author PocketMine Team
* @link http://www.pocketmine.net/
*
*
*/
declare(strict_types=1);
namespace pocketmine\network\mcpe;
use Mdanter\Ecc\Crypto\Key\PrivateKeyInterface;
use Mdanter\Ecc\Crypto\Key\PublicKeyInterface;
use Mdanter\Ecc\Crypto\Signature\Signature;
use Mdanter\Ecc\EccFactory;
use Mdanter\Ecc\Serializer\PrivateKey\DerPrivateKeySerializer;
use Mdanter\Ecc\Serializer\PrivateKey\PemPrivateKeySerializer;
use Mdanter\Ecc\Serializer\PublicKey\DerPublicKeySerializer;
use Mdanter\Ecc\Serializer\PublicKey\PemPublicKeySerializer;
use Mdanter\Ecc\Serializer\Signature\DerSignatureSerializer;
use pocketmine\network\mcpe\protocol\LoginPacket;
use pocketmine\Player;
use pocketmine\scheduler\AsyncTask;
use pocketmine\Server;
class ProcessLoginTask extends AsyncTask{
public const MOJANG_ROOT_PUBLIC_KEY = "MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8ELkixyLcwlZryUQcu1TvPOmI2B7vX83ndnWRUaXm74wFfa5f/lwQNTfrLVHa2PmenpGI6JhIMUJaWZrjmMj90NoKNFSNBuKdm8rYiXsfaz3K36x/1U26HpG0ZxK/V1V";
/** @var PrivateKeyInterface|null */
private static $SERVER_PRIVATE_KEY = null;
/** @var LoginPacket */
private $packet;
/**
* @var string|null
* Whether the keychain signatures were validated correctly. This will be set to an error message if any link in the
* keychain is invalid for whatever reason (bad signature, not in nbf-exp window, etc). If this is non-null, the
* keychain might have been tampered with. The player will always be disconnected if this is non-null.
*/
private $error = "Unknown";
/**
* @var bool
* Whether the player is logged into Xbox Live. This is true if any link in the keychain is signed with the Mojang
* root public key.
*/
private $authenticated = false;
/**
* @var bool
* Whether or not to enable encryption for the session that sent this login.
*/
private $useEncryption = true;
/** @var PrivateKeyInterface|null */
private $serverPrivateKey = null;
/** @var string|null */
private $aesKey = null;
/** @var string|null */
private $handshakeJwt = null;
public function __construct(Player $player, LoginPacket $packet, bool $useEncryption = true){
$this->storeLocal($player);
$this->packet = $packet;
$this->useEncryption = $useEncryption;
if($useEncryption){
if(self::$SERVER_PRIVATE_KEY === null){
self::$SERVER_PRIVATE_KEY = EccFactory::getNistCurves()->generator384()->createPrivateKey();
}
$this->serverPrivateKey = self::$SERVER_PRIVATE_KEY;
}
}
public function onRun() : void{
try{
$clientPub = $this->validateChain();
}catch(VerifyLoginException $e){
$this->error = $e->getMessage();
return;
}
if($this->useEncryption){
$serverPriv = $this->serverPrivateKey;
$salt = random_bytes(16);
$sharedSecret = $serverPriv->createExchange($clientPub)->calculateSharedKey();
$this->aesKey = hash('sha256', $salt . hex2bin(str_pad(gmp_strval($sharedSecret, 16), 96, "0", STR_PAD_LEFT)), true);
$this->handshakeJwt = $this->generateServerHandshakeJwt($serverPriv, $salt);
}
$this->error = null;
}
private function validateChain() : PublicKeyInterface{
$packet = $this->packet;
$currentKey = null;
$first = true;
foreach($packet->chainData["chain"] as $jwt){
$this->validateToken($jwt, $currentKey, $first);
if($first){
$first = false;
}
}
/** @var string $clientKey */
$clientKey = $currentKey;
$this->validateToken($packet->clientDataJwt, $currentKey);
return (new DerPublicKeySerializer())->parse(base64_decode($clientKey, true));
}
/**
* @param string $jwt
* @param null|string $currentPublicKey
* @param bool $first
*
* @throws VerifyLoginException if errors are encountered
*/
private function validateToken(string $jwt, ?string &$currentPublicKey, bool $first = false) : void{
[$headB64, $payloadB64, $sigB64] = explode('.', $jwt);
if($currentPublicKey === null){
if(!$first){
throw new VerifyLoginException("%pocketmine.disconnect.invalidSession.missingKey");
}
//First link, check that it is self-signed
$headers = json_decode(self::b64UrlDecode($headB64), true);
$currentPublicKey = $headers["x5u"];
}
$plainSignature = self::b64UrlDecode($sigB64);
assert(strlen($plainSignature) === 96);
[$rString, $sString] = str_split($plainSignature, 48);
$sig = new Signature(gmp_init(bin2hex($rString), 16), gmp_init(bin2hex($sString), 16));
$derSerializer = new DerPublicKeySerializer();
$v = openssl_verify(
"$headB64.$payloadB64",
(new DerSignatureSerializer())->serialize($sig),
(new PemPublicKeySerializer($derSerializer))->serialize($derSerializer->parse(base64_decode($currentPublicKey))),
OPENSSL_ALGO_SHA384
);
if($v !== 1){
throw new VerifyLoginException("%pocketmine.disconnect.invalidSession.badSignature");
}
if($currentPublicKey === self::MOJANG_ROOT_PUBLIC_KEY){
$this->authenticated = true; //we're signed into xbox live
}
$claims = json_decode(self::b64UrlDecode($payloadB64), true);
$time = time();
if(isset($claims["nbf"]) and $claims["nbf"] > $time){
throw new VerifyLoginException("%pocketmine.disconnect.invalidSession.tooEarly");
}
if(isset($claims["exp"]) and $claims["exp"] < $time){
throw new VerifyLoginException("%pocketmine.disconnect.invalidSession.tooLate");
}
$currentPublicKey = $claims["identityPublicKey"] ?? null; //if there are further links, the next link should be signed with this
}
private function generateServerHandshakeJwt(PrivateKeyInterface $serverPriv, string $salt) : string{
$jwtBody = self::b64UrlEncode(json_encode([
"x5u" => base64_encode((new DerPublicKeySerializer())->serialize($serverPriv->getPublicKey())),
"alg" => "ES384"
])
) . "." . self::b64UrlEncode(json_encode([
"salt" => base64_encode($salt)
])
);
openssl_sign($jwtBody, $sig, (new PemPrivateKeySerializer(new DerPrivateKeySerializer()))->serialize($serverPriv), OPENSSL_ALGO_SHA384);
$decodedSig = (new DerSignatureSerializer())->parse($sig);
$jwtSig = self::b64UrlEncode(
hex2bin(str_pad(gmp_strval($decodedSig->getR(), 16), 96, "0", STR_PAD_LEFT)) .
hex2bin(str_pad(gmp_strval($decodedSig->getS(), 16), 96, "0", STR_PAD_LEFT))
);
return "$jwtBody.$jwtSig";
}
private static function b64UrlDecode(string $str) : string{
return base64_decode(strtr($str, '-_', '+/'), true);
}
private static function b64UrlEncode(string $str) : string{
return strtr(base64_encode($str), '+/', '-_');
}
public function onCompletion(Server $server) : void{
/** @var Player $player */
$player = $this->fetchLocal();
if($player->isClosed()){
$server->getLogger()->error("Player " . $player->getName() . " was disconnected before their login could be verified");
}elseif($player->setAuthenticationStatus($this->authenticated, $this->error)){
if(!$this->useEncryption){
$player->getNetworkSession()->onLoginSuccess();
}else{
$player->getNetworkSession()->enableEncryption($this->aesKey, $this->handshakeJwt);
}
}
}
}

154
src/pocketmine/network/mcpe/VerifyLoginTask.php
View File

@ -1,154 +0,0 @@
<?php
/*
*
* ____ _ _ __ __ _ __ __ ____
* | _ \ ___ ___| | _____| |_| \/ (_)_ __ ___ | \/ | _ \
* | |_) / _ \ / __| |/ / _ \ __| |\/| | | '_ \ / _ \_____| |\/| | |_) |
* | __/ (_) | (__| < __/ |_| | | | | | | | __/_____| | | | __/
* |_| \___/ \___|_|\_\___|\__|_| |_|_|_| |_|\___| |_| |_|_|
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* @author PocketMine Team
* @link http://www.pocketmine.net/
*
*
*/
declare(strict_types=1);
namespace pocketmine\network\mcpe;
use pocketmine\network\mcpe\protocol\LoginPacket;
use pocketmine\Player;
use pocketmine\scheduler\AsyncTask;
use pocketmine\Server;
class VerifyLoginTask extends AsyncTask{
public const MOJANG_ROOT_PUBLIC_KEY = "MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8ELkixyLcwlZryUQcu1TvPOmI2B7vX83ndnWRUaXm74wFfa5f/lwQNTfrLVHa2PmenpGI6JhIMUJaWZrjmMj90NoKNFSNBuKdm8rYiXsfaz3K36x/1U26HpG0ZxK/V1V";
/** @var LoginPacket */
private $packet;
/**
* @var string|null
* Whether the keychain signatures were validated correctly. This will be set to an error message if any link in the
* keychain is invalid for whatever reason (bad signature, not in nbf-exp window, etc). If this is non-null, the
* keychain might have been tampered with. The player will always be disconnected if this is non-null.
*/
private $error = "Unknown";
/**
* @var bool
* Whether the player is logged into Xbox Live. This is true if any link in the keychain is signed with the Mojang
* root public key.
*/
private $authenticated = false;
public function __construct(Player $player, LoginPacket $packet){
$this->storeLocal($player);
$this->packet = $packet;
}
public function onRun() : void{
$packet = $this->packet; //Get it in a local variable to make sure it stays unserialized
try{
$currentKey = null;
$first = true;
foreach($packet->chainData["chain"] as $jwt){
$this->validateToken($jwt, $currentKey, $first);
$first = false;
}
$this->validateToken($packet->clientDataJwt, $currentKey);
$this->error = null;
}catch(VerifyLoginException $e){
$this->error = $e->getMessage();
}
}
/**
* @param string $jwt
* @param null|string $currentPublicKey
* @param bool $first
*
* @throws VerifyLoginException if errors are encountered
*/
private function validateToken(string $jwt, ?string &$currentPublicKey, bool $first = false) : void{
[$headB64, $payloadB64, $sigB64] = explode('.', $jwt);
$headers = json_decode(base64_decode(strtr($headB64, '-_', '+/'), true), true);
if($currentPublicKey === null){
if(!$first){
throw new VerifyLoginException("%pocketmine.disconnect.invalidSession.missingKey");
}
//First link, check that it is self-signed
$currentPublicKey = $headers["x5u"];
}
$plainSignature = base64_decode(strtr($sigB64, '-_', '+/'), true);
//OpenSSL wants a DER-encoded signature, so we extract R and S from the plain signature and crudely serialize it.
assert(strlen($plainSignature) === 96);
[$rString, $sString] = str_split($plainSignature, 48);
$rString = ltrim($rString, "\x00");
if(ord($rString{0}) >= 128){ //Would be considered signed, pad it with an extra zero
$rString = "\x00" . $rString;
}
$sString = ltrim($sString, "\x00");
if(ord($sString{0}) >= 128){ //Would be considered signed, pad it with an extra zero
$sString = "\x00" . $sString;
}
//0x02 = Integer ASN.1 tag
$sequence = "\x02" . chr(strlen($rString)) . $rString . "\x02" . chr(strlen($sString)) . $sString;
//0x30 = Sequence ASN.1 tag
$derSignature = "\x30" . chr(strlen($sequence)) . $sequence;
$v = openssl_verify("$headB64.$payloadB64", $derSignature, "-----BEGIN PUBLIC KEY-----\n" . $currentPublicKey . "\n-----END PUBLIC KEY-----\n", OPENSSL_ALGO_SHA384);
if($v !== 1){
throw new VerifyLoginException("%pocketmine.disconnect.invalidSession.badSignature");
}
if($currentPublicKey === self::MOJANG_ROOT_PUBLIC_KEY){
$this->authenticated = true; //we're signed into xbox live
}
$claims = json_decode(base64_decode(strtr($payloadB64, '-_', '+/'), true), true);
$time = time();
if(isset($claims["nbf"]) and $claims["nbf"] > $time){
throw new VerifyLoginException("%pocketmine.disconnect.invalidSession.tooEarly");
}
if(isset($claims["exp"]) and $claims["exp"] < $time){
throw new VerifyLoginException("%pocketmine.disconnect.invalidSession.tooLate");
}
$currentPublicKey = $claims["identityPublicKey"] ?? null; //if there are further links, the next link should be signed with this
}
public function onCompletion(Server $server) : void{
/** @var Player $player */
$player = $this->fetchLocal();
if($player->isClosed()){
$server->getLogger()->error("Player " . $player->getName() . " was disconnected before their login could be verified");
}else{
$player->onVerifyCompleted($this->authenticated, $this->error);
}
}
}

45
src/pocketmine/network/mcpe/handler/HandshakeSessionHandler.php Normal file
View File

@ -0,0 +1,45 @@
<?php
/*
*
* ____ _ _ __ __ _ __ __ ____
* | _ \ ___ ___| | _____| |_| \/ (_)_ __ ___ | \/ | _ \
* | |_) / _ \ / __| |/ / _ \ __| |\/| | | '_ \ / _ \_____| |\/| | |_) |
* | __/ (_) | (__| < __/ |_| | | | | | | | __/_____| | | | __/
* |_| \___/ \___|_|\_\___|\__|_| |_|_|_| |_|\___| |_| |_|_|
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* @author PocketMine Team
* @link http://www.pocketmine.net/
*
*
*/
declare(strict_types=1);
namespace pocketmine\network\mcpe\handler;
use pocketmine\network\mcpe\NetworkSession;
use pocketmine\network\mcpe\protocol\ClientToServerHandshakePacket;
/**
* Handler responsible for awaiting client response from crypto handshake.
*/
class HandshakeSessionHandler extends SessionHandler{
/** @var string */
private $session;
public function __construct(NetworkSession $session){
$this->session = $session;
}
public function handleClientToServerHandshake(ClientToServerHandshakePacket $packet) : bool{
$this->session->onLoginSuccess();
return true;
}
}

5
src/pocketmine/network/mcpe/handler/SimpleSessionHandler.php
View File

@ -30,7 +30,6 @@ use pocketmine\network\mcpe\protocol\BlockEntityDataPacket;
use pocketmine\network\mcpe\protocol\BlockPickRequestPacket;
use pocketmine\network\mcpe\protocol\BookEditPacket;
use pocketmine\network\mcpe\protocol\BossEventPacket;
use pocketmine\network\mcpe\protocol\ClientToServerHandshakePacket;
use pocketmine\network\mcpe\protocol\CommandBlockUpdatePacket;
use pocketmine\network\mcpe\protocol\CommandRequestPacket;
use pocketmine\network\mcpe\protocol\ContainerClosePacket;
@ -75,10 +74,6 @@ class SimpleSessionHandler extends SessionHandler{
$this->player = $player;
}
public function handleClientToServerHandshake(ClientToServerHandshakePacket $packet) : bool{
return false; //TODO
}
public function handleText(TextPacket $packet) : bool{
if($packet->type === TextPacket::TYPE_CHAT){
return $this->player->chat($packet->message);