mc_protocol 2.1.1

Rust implementation of Minecraft Java Edition protocol primitives: serialization, packet framing, encryption, and compression
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356

//! AES-128-CFB8 stream encryption as used by the Minecraft Java Edition protocol.
//!
//! After a successful login handshake, both sides agree on a 16-byte shared
//! secret. From that point on, every byte sent and received is encrypted with
//! AES-128 in CFB8 mode using the shared secret as both the key and the IV.
//!
//! # Example (sync)
//!
//! ```rust,no_run
//! use std::net::TcpStream;
//! use mc_protocol::encryption::{Cfb8Encryptor, Cfb8Decryptor};
//!
//! let key = [0u8; 16]; // replace with actual shared secret
//! let mut stream = TcpStream::connect("127.0.0.1:25565").unwrap();
//!
//! let mut encryptor = Cfb8Encryptor::new(&key).unwrap();
//! let mut decryptor = Cfb8Decryptor::new(&key).unwrap();
//!
//! // Encrypt data before writing
//! let plaintext = b"hello";
//! let ciphertext = encryptor.encrypt(plaintext).unwrap();
//! ```
//!
//! # Example (async)
//!
//! ```rust,no_run
//! use tokio::net::TcpStream;
//! use mc_protocol::encryption::Cfb8Stream;
//!
//! # #[tokio::main] async fn main() -> std::io::Result<()> {
//! let stream = TcpStream::connect("127.0.0.1:25565").await?;
//! let key = [0u8; 16];
//! let encrypted = Cfb8Stream::new_from_tcp(stream, &key)?;
//! # Ok(()) }
//! ```

use openssl::symm::{Cipher, Crypter, Mode};
use std::io::{self, Read, Write};

#[cfg(feature = "async")]
use {
    std::pin::Pin,
    std::task::{Context, Poll},
    tokio::io::{AsyncRead, AsyncWrite, ReadBuf},
    tokio::net::tcp::{OwnedReadHalf, OwnedWriteHalf},
    tokio::net::TcpStream,
};

// ---------------------------------------------------------------------------
// Low-level encryptor / decryptor
// ---------------------------------------------------------------------------

/// Stateful AES-128-CFB8 encryptor.
pub struct Cfb8Encryptor {
    crypter: Crypter,
}

impl Cfb8Encryptor {
    /// Create a new encryptor with the given 16-byte key.
    /// The IV is the same as the key, as required by Minecraft.
    pub fn new(key: &[u8; 16]) -> io::Result<Self> {
        let mut crypter = Crypter::new(Cipher::aes_128_cfb8(), Mode::Encrypt, key, Some(key))
            .map_err(|e| io::Error::new(io::ErrorKind::Other, e))?;
        crypter.pad(false);
        Ok(Self { crypter })
    }

    /// Encrypt a slice of plaintext bytes, returning the ciphertext.
    pub fn encrypt(&mut self, plaintext: &[u8]) -> io::Result<Vec<u8>> {
        let mut output = vec![0u8; plaintext.len() + 16];
        let n = self
            .crypter
            .update(plaintext, &mut output)
            .map_err(|e| io::Error::new(io::ErrorKind::Other, e))?;
        output.truncate(n);
        Ok(output)
    }
}

/// Stateful AES-128-CFB8 decryptor.
pub struct Cfb8Decryptor {
    crypter: Crypter,
}

impl Cfb8Decryptor {
    /// Create a new decryptor with the given 16-byte key.
    /// The IV is the same as the key, as required by Minecraft.
    pub fn new(key: &[u8; 16]) -> io::Result<Self> {
        let mut crypter = Crypter::new(Cipher::aes_128_cfb8(), Mode::Decrypt, key, Some(key))
            .map_err(|e| io::Error::new(io::ErrorKind::Other, e))?;
        crypter.pad(false);
        Ok(Self { crypter })
    }

    /// Decrypt a slice of ciphertext bytes, returning the plaintext.
    pub fn decrypt(&mut self, ciphertext: &[u8]) -> io::Result<Vec<u8>> {
        let mut output = vec![0u8; ciphertext.len() + 16];
        let n = self
            .crypter
            .update(ciphertext, &mut output)
            .map_err(|e| io::Error::new(io::ErrorKind::Other, e))?;
        output.truncate(n);
        Ok(output)
    }
}

// ---------------------------------------------------------------------------
// Sync encrypted stream wrapper
// ---------------------------------------------------------------------------

/// A synchronous read-half that transparently decrypts incoming bytes.
pub struct Cfb8ReadHalf<R> {
    inner: R,
    decryptor: Cfb8Decryptor,
}

impl<R: Read> Cfb8ReadHalf<R> {
    /// Wrap a reader with AES-128-CFB8 decryption.
    pub fn new(inner: R, key: &[u8; 16]) -> io::Result<Self> {
        Ok(Self {
            inner,
            decryptor: Cfb8Decryptor::new(key)?,
        })
    }

    /// Unwrap, discarding the decryptor state.
    pub fn into_inner(self) -> R {
        self.inner
    }
}

impl<R: Read> Read for Cfb8ReadHalf<R> {
    fn read(&mut self, buf: &mut [u8]) -> io::Result<usize> {
        let n = self.inner.read(buf)?;
        if n == 0 {
            return Ok(0);
        }
        let decrypted = self.decryptor.decrypt(&buf[..n])?;
        buf[..n].copy_from_slice(&decrypted[..n]);
        Ok(n)
    }
}

/// A synchronous write-half that transparently encrypts outgoing bytes.
pub struct Cfb8WriteHalf<W> {
    inner: W,
    encryptor: Cfb8Encryptor,
}

impl<W: Write> Cfb8WriteHalf<W> {
    /// Wrap a writer with AES-128-CFB8 encryption.
    pub fn new(inner: W, key: &[u8; 16]) -> io::Result<Self> {
        Ok(Self {
            inner,
            encryptor: Cfb8Encryptor::new(key)?,
        })
    }

    /// Unwrap, discarding the encryptor state.
    pub fn into_inner(self) -> W {
        self.inner
    }
}

impl<W: Write> Write for Cfb8WriteHalf<W> {
    fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
        let encrypted = self.encryptor.encrypt(buf)?;
        self.inner.write_all(&encrypted)?;
        Ok(buf.len())
    }

    fn flush(&mut self) -> io::Result<()> {
        self.inner.flush()
    }
}

// ---------------------------------------------------------------------------
// Async encrypted stream wrappers
// ---------------------------------------------------------------------------

/// Async read-half that transparently decrypts incoming bytes.
#[cfg(feature = "async")]
pub struct AsyncCfb8ReadHalf<R> {
    inner: R,
    decryptor: Cfb8Decryptor,
}

#[cfg(feature = "async")]
impl<R> AsyncCfb8ReadHalf<R> {
    /// Wrap an async reader with decryption.
    pub fn new(inner: R, key: &[u8; 16]) -> io::Result<Self> {
        Ok(Self {
            inner,
            decryptor: Cfb8Decryptor::new(key)?,
        })
    }

    /// Unwrap the inner reader.
    pub fn into_inner(self) -> R {
        self.inner
    }
}

#[cfg(feature = "async")]
impl<R: AsyncRead + Unpin> AsyncRead for AsyncCfb8ReadHalf<R> {
    fn poll_read(
        mut self: Pin<&mut Self>,
        cx: &mut Context<'_>,
        buf: &mut ReadBuf<'_>,
    ) -> Poll<io::Result<()>> {
        let pre_len = buf.filled().len();
        let poll = Pin::new(&mut self.inner).poll_read(cx, buf);

        if let Poll::Ready(Ok(())) = &poll {
            let new_data = &mut buf.filled_mut()[pre_len..];
            if !new_data.is_empty() {
                match self.decryptor.decrypt(new_data) {
                    Ok(decrypted) => new_data.copy_from_slice(&decrypted[..new_data.len()]),
                    Err(e) => return Poll::Ready(Err(e)),
                }
            }
        }

        poll
    }
}

/// Async write-half that transparently encrypts outgoing bytes.
#[cfg(feature = "async")]
pub struct AsyncCfb8WriteHalf<W> {
    inner: W,
    encryptor: Cfb8Encryptor,
}

#[cfg(feature = "async")]
impl<W> AsyncCfb8WriteHalf<W> {
    /// Wrap an async writer with encryption.
    pub fn new(inner: W, key: &[u8; 16]) -> io::Result<Self> {
        Ok(Self {
            inner,
            encryptor: Cfb8Encryptor::new(key)?,
        })
    }

    /// Unwrap the inner writer.
    pub fn into_inner(self) -> W {
        self.inner
    }
}

#[cfg(feature = "async")]
impl<W: AsyncWrite + Unpin> AsyncWrite for AsyncCfb8WriteHalf<W> {
    fn poll_write(
        mut self: Pin<&mut Self>,
        cx: &mut Context<'_>,
        buf: &[u8],
    ) -> Poll<io::Result<usize>> {
        let encrypted = match self.encryptor.encrypt(buf) {
            Ok(e) => e,
            Err(e) => return Poll::Ready(Err(e)),
        };
        match Pin::new(&mut self.inner).poll_write(cx, &encrypted) {
            Poll::Ready(Ok(_)) => Poll::Ready(Ok(buf.len())),
            other => other,
        }
    }

    fn poll_flush(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
        Pin::new(&mut self.inner).poll_flush(cx)
    }

    fn poll_shutdown(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
        Pin::new(&mut self.inner).poll_shutdown(cx)
    }
}

// ---------------------------------------------------------------------------
// Combined async stream
// ---------------------------------------------------------------------------

/// A combined async read/write stream with AES-128-CFB8 encryption.
///
/// Created from a `TcpStream` after the encryption handshake is complete.
#[cfg(feature = "async")]
pub struct Cfb8Stream<R, W> {
    /// The decrypting read half.
    pub read_half: AsyncCfb8ReadHalf<R>,
    /// The encrypting write half.
    pub write_half: AsyncCfb8WriteHalf<W>,
}

#[cfg(feature = "async")]
impl Cfb8Stream<OwnedReadHalf, OwnedWriteHalf> {
    /// Create an encrypted stream wrapping a `TcpStream`.
    ///
    /// The TCP stream is split into read and write halves, each wrapped with
    /// an independent AES-128-CFB8 cipher instance sharing the same key.
    pub fn new_from_tcp(stream: TcpStream, key: &[u8; 16]) -> io::Result<Self> {
        let (r, w) = stream.into_split();
        Ok(Self {
            read_half: AsyncCfb8ReadHalf::new(r, key)?,
            write_half: AsyncCfb8WriteHalf::new(w, key)?,
        })
    }
}

#[cfg(feature = "async")]
impl<R, W> Cfb8Stream<R, W> {
    /// Create a stream from pre-existing read and write halves.
    pub fn new(read_half: R, write_half: W, key: &[u8; 16]) -> io::Result<Self> {
        Ok(Self {
            read_half: AsyncCfb8ReadHalf::new(read_half, key)?,
            write_half: AsyncCfb8WriteHalf::new(write_half, key)?,
        })
    }

    /// Split into individual read and write halves.
    pub fn split(self) -> (AsyncCfb8ReadHalf<R>, AsyncCfb8WriteHalf<W>) {
        (self.read_half, self.write_half)
    }

    /// Unwrap into the bare inner read and write halves.
    pub fn into_inner(self) -> (R, W) {
        (self.read_half.into_inner(), self.write_half.into_inner())
    }
}

#[cfg(feature = "async")]
impl<R: AsyncRead + Unpin, W: AsyncWrite + Unpin> AsyncRead for Cfb8Stream<R, W> {
    fn poll_read(
        mut self: Pin<&mut Self>,
        cx: &mut Context<'_>,
        buf: &mut ReadBuf<'_>,
    ) -> Poll<io::Result<()>> {
        Pin::new(&mut self.read_half).poll_read(cx, buf)
    }
}

#[cfg(feature = "async")]
impl<R: AsyncRead + Unpin, W: AsyncWrite + Unpin> AsyncWrite for Cfb8Stream<R, W> {
    fn poll_write(
        mut self: Pin<&mut Self>,
        cx: &mut Context<'_>,
        buf: &[u8],
    ) -> Poll<io::Result<usize>> {
        Pin::new(&mut self.write_half).poll_write(cx, buf)
    }

    fn poll_flush(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
        Pin::new(&mut self.write_half).poll_flush(cx)
    }

    fn poll_shutdown(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<io::Result<()>> {
        Pin::new(&mut self.write_half).poll_shutdown(cx)
    }
}