mirrors/PocketMine-MP
1
0
Fork 0
mirror of https://github.com/pmmp/PocketMine-MP.git synced 2025-07-04 00:59:51 +00:00
Code Issues Projects Releases Wiki Activity

Merge branch 'legacy/pm4' into stable

Browse Source
This commit is contained in:
Dylan K. Taylor 2023-07-14 13:03:14 +01:00
commit 489a7ba365
No known key found for this signature in database
GPG Key ID: 8927471A91CAFD3D
5 changed files with 42 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
composer.json
View File

@ -33,7 +33,7 @@
"composer-runtime-api": "^2.0", "composer-runtime-api": "^2.0",
"adhocore/json-comment": "~1.2.0", "adhocore/json-comment": "~1.2.0",
"fgrosse/phpasn1": "~2.5.0", "fgrosse/phpasn1": "~2.5.0",
"pocketmine/netresearch-jsonmapper": "~v4.2.999", "pocketmine/netresearch-jsonmapper": "~v4.2.1000",
"pocketmine/bedrock-block-upgrade-schema": "~3.1.0+bedrock-1.20.10", "pocketmine/bedrock-block-upgrade-schema": "~3.1.0+bedrock-1.20.10",
"pocketmine/bedrock-data": "~2.4.0+bedrock-1.20.10", "pocketmine/bedrock-data": "~2.4.0+bedrock-1.20.10",
"pocketmine/bedrock-item-upgrade-schema": "~1.4.0+bedrock-1.20.10", "pocketmine/bedrock-item-upgrade-schema": "~1.4.0+bedrock-1.20.10",

14
composer.lock generated
View File

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"content-hash": "e0c0208b3fc3d1b20fef20d2fc43fc90", "content-hash": "ee46ec27f8dfc8c767527b7776fe9992",
"packages": [ "packages": [
{ {
"name": "adhocore/json-comment", "name": "adhocore/json-comment",
@ -639,16 +639,16 @@
}, },
{ {
"name": "pocketmine/netresearch-jsonmapper", "name": "pocketmine/netresearch-jsonmapper",
"version": "v4.2.999", "version": "v4.2.1000",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/pmmp/netresearch-jsonmapper.git", "url": "https://github.com/pmmp/netresearch-jsonmapper.git",
"reference": "f700806dec756ed825a8200dc2950ead98265956" "reference": "078764e869e9b732f97206ec9363480a77c35532"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/pmmp/netresearch-jsonmapper/zipball/f700806dec756ed825a8200dc2950ead98265956", "url": "https://api.github.com/repos/pmmp/netresearch-jsonmapper/zipball/078764e869e9b732f97206ec9363480a77c35532",
"reference": "f700806dec756ed825a8200dc2950ead98265956", "reference": "078764e869e9b732f97206ec9363480a77c35532",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -687,9 +687,9 @@
"support": { "support": {
"email": "cweiske@cweiske.de", "email": "cweiske@cweiske.de",
"issues": "https://github.com/cweiske/jsonmapper/issues", "issues": "https://github.com/cweiske/jsonmapper/issues",
"source": "https://github.com/pmmp/netresearch-jsonmapper/tree/v4.2.999" "source": "https://github.com/pmmp/netresearch-jsonmapper/tree/v4.2.1000"
}, },
"time": "2023-06-01T13:43:01+00:00" "time": "2023-07-14T10:44:14+00:00"
}, },
{ {
"name": "pocketmine/raklib", "name": "pocketmine/raklib",

12
src/network/mcpe/JwtUtils.php
View File

@ -61,6 +61,7 @@ use const OPENSSL_ALGO_SHA384;
use const STR_PAD_LEFT; use const STR_PAD_LEFT;
final class JwtUtils{ final class JwtUtils{
public const BEDROCK_SIGNING_KEY_CURVE_NAME = "secp384r1";
/** /**
* @return string[] * @return string[]
@ -203,6 +204,17 @@ final class JwtUtils{
if($signingKeyOpenSSL === false){ if($signingKeyOpenSSL === false){
throw new JwtException("OpenSSL failed to parse key: " . openssl_error_string()); throw new JwtException("OpenSSL failed to parse key: " . openssl_error_string());
} }
$details = openssl_pkey_get_details($signingKeyOpenSSL);
if($details === false){
throw new JwtException("OpenSSL failed to get details from key: " . openssl_error_string());
}
if(!isset($details['ec']['curve_name'])){
throw new JwtException("Expected an EC key");
}
$curve = $details['ec']['curve_name'];
if($curve !== self::BEDROCK_SIGNING_KEY_CURVE_NAME){
throw new JwtException("Key must belong to curve " . self::BEDROCK_SIGNING_KEY_CURVE_NAME . ", got $curve");
}
return $signingKeyOpenSSL; return $signingKeyOpenSSL;
} }
} }

10
src/network/mcpe/auth/ProcessLoginTask.php
View File

@ -34,7 +34,6 @@ use pocketmine\thread\NonThreadSafeValue;
use function base64_decode; use function base64_decode;
use function igbinary_serialize; use function igbinary_serialize;
use function igbinary_unserialize; use function igbinary_unserialize;
use function openssl_error_string;
use function time; use function time;
class ProcessLoginTask extends AsyncTask{ class ProcessLoginTask extends AsyncTask{
@ -164,7 +163,8 @@ class ProcessLoginTask extends AsyncTask{
try{ try{
$signingKeyOpenSSL = JwtUtils::parseDerPublicKey($headerDerKey); $signingKeyOpenSSL = JwtUtils::parseDerPublicKey($headerDerKey);
}catch(JwtException $e){ }catch(JwtException $e){
throw new VerifyLoginException("Invalid JWT public key: " . openssl_error_string()); //TODO: we shouldn't be showing this internal information to the client
throw new VerifyLoginException("Invalid JWT public key: " . $e->getMessage(), null, 0, $e);
} }
try{ try{
if(!JwtUtils::verify($jwt, $signingKeyOpenSSL)){ if(!JwtUtils::verify($jwt, $signingKeyOpenSSL)){
@ -204,6 +204,12 @@ class ProcessLoginTask extends AsyncTask{
if($identityPublicKey === false){ if($identityPublicKey === false){
throw new VerifyLoginException("Invalid identityPublicKey: base64 error decoding"); throw new VerifyLoginException("Invalid identityPublicKey: base64 error decoding");
} }
try{
//verify key format and parameters
JwtUtils::parseDerPublicKey($identityPublicKey);
}catch(JwtException $e){
throw new VerifyLoginException("Invalid identityPublicKey: " . $e->getMessage(), null, 0, $e);
}
$currentPublicKey = $identityPublicKey; //if there are further links, the next link should be signed with this $currentPublicKey = $identityPublicKey; //if there are further links, the next link should be signed with this
} }
} }

14
src/network/mcpe/encryption/EncryptionUtils.php
View File

@ -33,6 +33,7 @@ use function hex2bin;
use function openssl_digest; use function openssl_digest;
use function openssl_error_string; use function openssl_error_string;
use function openssl_pkey_derive; use function openssl_pkey_derive;
use function openssl_pkey_get_details;
use function str_pad; use function str_pad;
use const STR_PAD_LEFT; use const STR_PAD_LEFT;
@ -42,7 +43,20 @@ final class EncryptionUtils{
//NOOP //NOOP
} }
private static function validateKey(\OpenSSLAsymmetricKey $key) : void{
$keyDetails = Utils::assumeNotFalse(openssl_pkey_get_details($key));
if(!isset($keyDetails["ec"]["curve_name"])){
throw new \InvalidArgumentException("Key must be an EC key");
}
$curveName = $keyDetails["ec"]["curve_name"];
if($curveName !== JwtUtils::BEDROCK_SIGNING_KEY_CURVE_NAME){
throw new \InvalidArgumentException("Key must belong to the " . JwtUtils::BEDROCK_SIGNING_KEY_CURVE_NAME . " elliptic curve, got $curveName");
}
}
public static function generateSharedSecret(\OpenSSLAsymmetricKey $localPriv, \OpenSSLAsymmetricKey $remotePub) : \GMP{ public static function generateSharedSecret(\OpenSSLAsymmetricKey $localPriv, \OpenSSLAsymmetricKey $remotePub) : \GMP{
self::validateKey($localPriv);
self::validateKey($remotePub);
$hexSecret = openssl_pkey_derive($remotePub, $localPriv, 48); $hexSecret = openssl_pkey_derive($remotePub, $localPriv, 48);
if($hexSecret === false){ if($hexSecret === false){
throw new \InvalidArgumentException("Failed to derive shared secret: " . openssl_error_string()); throw new \InvalidArgumentException("Failed to derive shared secret: " . openssl_error_string());