Removed pocketmine subdirectory, map PSR-4 style

2025-09-07 10:22:56 +00:00 · 2019-07-30 19:14:57 +01:00
parent 7a77d3dc30
commit 5499ac620c
1044 changed files with 3 additions and 3 deletions
--- a/src/network/mcpe/encryption/NetworkCipher.php
+++ b/src/network/mcpe/encryption/NetworkCipher.php
@ -0,0 +1,93 @@
+<?php
+
+/*
+ *
+ *  ____            _        _   __  __ _                  __  __ ____
+ * |  _ \ ___   ___| | _____| |_|  \/  (_)_ __   ___      |  \/  |  _ \
+ * | |_) / _ \ / __| |/ / _ \ __| |\/| | | '_ \ / _ \_____| |\/| | |_) |
+ * |  __/ (_) | (__|   <  __/ |_| |  | | | | | |  __/_____| |  | |  __/
+ * |_|   \___/ \___|_|\_\___|\__|_|  |_|_|_| |_|\___|     |_|  |_|_|
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * @author PocketMine Team
+ * @link http://www.pocketmine.net/
+ *
+ *
+*/
+
+declare(strict_types=1);
+
+namespace pocketmine\network\mcpe\encryption;
+
+use Crypto\Cipher;
+use pocketmine\utils\Binary;
+use function bin2hex;
+use function openssl_digest;
+use function strlen;
+use function substr;
+
+class NetworkCipher{
+	private const ENCRYPTION_SCHEME = "AES-256-CFB8";
+	private const CHECKSUM_ALGO = "sha256";
+
+	public static $ENABLED = true;
+
+	/** @var string */
+	private $key;
+
+	/** @var Cipher */
+	private $decryptCipher;
+	/** @var int */
+	private $decryptCounter = 0;
+
+	/** @var Cipher */
+	private $encryptCipher;
+	/** @var int */
+	private $encryptCounter = 0;
+
+	public function __construct(string $encryptionKey){
+		//TODO: ext/crypto doesn't offer us a way to disable padding. This doesn't matter at the moment because we're
+		//using CFB8, but this might change in the future. This is supposed to be CFB8 no-padding.
+
+		$this->key = $encryptionKey;
+		$iv = substr($this->key, 0, 16);
+
+		$this->decryptCipher = new Cipher(self::ENCRYPTION_SCHEME);
+		$this->decryptCipher->decryptInit($this->key, $iv);
+
+		$this->encryptCipher = new Cipher(self::ENCRYPTION_SCHEME);
+		$this->encryptCipher->encryptInit($this->key, $iv);
+	}
+
+	/**
+	 * @param string $encrypted
+	 *
+	 * @return string
+	 * @throws \UnexpectedValueException
+	 */
+	public function decrypt(string $encrypted) : string{
+		if(strlen($encrypted) < 9){
+			throw new \UnexpectedValueException("Payload is too short");
+		}
+		$decrypted = $this->decryptCipher->decryptUpdate($encrypted);
+		$payload = substr($decrypted, 0, -8);
+
+		if(($expected = $this->calculateChecksum($this->decryptCounter++, $payload)) !== ($actual = substr($decrypted, -8))){
+			throw new \UnexpectedValueException("Encrypted payload has invalid checksum (expected " . bin2hex($expected) . ", got " . bin2hex($actual) . ")");
+		}
+
+		return $payload;
+	}
+
+	public function encrypt(string $payload) : string{
+		return $this->encryptCipher->encryptUpdate($payload . $this->calculateChecksum($this->encryptCounter++, $payload));
+	}
+
+	private function calculateChecksum(int $counter, string $payload) : string{
+		return substr(openssl_digest(Binary::writeLLong($counter) . $payload . $this->key, self::CHECKSUM_ALGO, true), 0, 8);
+	}
+}
--- a/src/network/mcpe/encryption/PrepareEncryptionTask.php
+++ b/src/network/mcpe/encryption/PrepareEncryptionTask.php
@ -0,0 +1,112 @@
+<?php
+
+/*
+ *
+ *  ____            _        _   __  __ _                  __  __ ____
+ * |  _ \ ___   ___| | _____| |_|  \/  (_)_ __   ___      |  \/  |  _ \
+ * | |_) / _ \ / __| |/ / _ \ __| |\/| | | '_ \ / _ \_____| |\/| | |_) |
+ * |  __/ (_) | (__|   <  __/ |_| |  | | | | | |  __/_____| |  | |  __/
+ * |_|   \___/ \___|_|\_\___|\__|_|  |_|_|_| |_|\___|     |_|  |_|_|
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * @author PocketMine Team
+ * @link http://www.pocketmine.net/
+ *
+ *
+*/
+
+declare(strict_types=1);
+
+namespace pocketmine\network\mcpe\encryption;
+
+use Mdanter\Ecc\Crypto\Key\PrivateKeyInterface;
+use Mdanter\Ecc\Crypto\Key\PublicKeyInterface;
+use Mdanter\Ecc\EccFactory;
+use Mdanter\Ecc\Serializer\PrivateKey\DerPrivateKeySerializer;
+use Mdanter\Ecc\Serializer\PrivateKey\PemPrivateKeySerializer;
+use Mdanter\Ecc\Serializer\PublicKey\DerPublicKeySerializer;
+use Mdanter\Ecc\Serializer\Signature\DerSignatureSerializer;
+use pocketmine\network\mcpe\NetworkSession;
+use pocketmine\scheduler\AsyncTask;
+use function base64_encode;
+use function gmp_strval;
+use function hex2bin;
+use function json_encode;
+use function openssl_digest;
+use function openssl_sign;
+use function rtrim;
+use function str_pad;
+use const OPENSSL_ALGO_SHA384;
+use const STR_PAD_LEFT;
+
+class PrepareEncryptionTask extends AsyncTask{
+
+	private const TLS_KEY_SESSION = "session";
+
+	/** @var PrivateKeyInterface|null */
+	private static $SERVER_PRIVATE_KEY = null;
+
+	/** @var PrivateKeyInterface|null */
+	private $serverPrivateKey = null;
+
+	/** @var string|null */
+	private $aesKey = null;
+	/** @var string|null */
+	private $handshakeJwt = null;
+	/** @var PublicKeyInterface */
+	private $clientPub;
+
+	public function __construct(NetworkSession $session, PublicKeyInterface $clientPub){
+		if(self::$SERVER_PRIVATE_KEY === null){
+			self::$SERVER_PRIVATE_KEY = EccFactory::getNistCurves()->generator384()->createPrivateKey();
+		}
+
+		$this->serverPrivateKey = self::$SERVER_PRIVATE_KEY;
+		$this->clientPub = $clientPub;
+		$this->storeLocal(self::TLS_KEY_SESSION, $session);
+	}
+
+	public function onRun() : void{
+		$serverPriv = $this->serverPrivateKey;
+		$salt = random_bytes(16);
+		$sharedSecret = $serverPriv->createExchange($this->clientPub)->calculateSharedKey();
+
+		$this->aesKey = openssl_digest($salt . hex2bin(str_pad(gmp_strval($sharedSecret, 16), 96, "0", STR_PAD_LEFT)), 'sha256', true);
+		$this->handshakeJwt = $this->generateServerHandshakeJwt($serverPriv, $salt);
+	}
+
+	private function generateServerHandshakeJwt(PrivateKeyInterface $serverPriv, string $salt) : string{
+		$jwtBody = self::b64UrlEncode(json_encode([
+				"x5u" => base64_encode((new DerPublicKeySerializer())->serialize($serverPriv->getPublicKey())),
+				"alg" => "ES384"
+			])
+		) . "." . self::b64UrlEncode(json_encode([
+				"salt" => base64_encode($salt)
+			])
+		);
+
+		openssl_sign($jwtBody, $sig, (new PemPrivateKeySerializer(new DerPrivateKeySerializer()))->serialize($serverPriv), OPENSSL_ALGO_SHA384);
+
+		$decodedSig = (new DerSignatureSerializer())->parse($sig);
+		$jwtSig = self::b64UrlEncode(
+			hex2bin(str_pad(gmp_strval($decodedSig->getR(), 16), 96, "0", STR_PAD_LEFT)) .
+			hex2bin(str_pad(gmp_strval($decodedSig->getS(), 16), 96, "0", STR_PAD_LEFT))
+		);
+
+		return "$jwtBody.$jwtSig";
+	}
+
+	private static function b64UrlEncode(string $str) : string{
+		return rtrim(strtr(base64_encode($str), '+/', '-_'), '=');
+	}
+
+	public function onCompletion() : void{
+		/** @var NetworkSession $session */
+		$session = $this->fetchLocal(self::TLS_KEY_SESSION);
+		$session->enableEncryption($this->aesKey, $this->handshakeJwt);
+	}
+}