mineshare 0.2.0

A small, no portforwarding reverse proxy app for small Minecraft servers
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318

#![warn(clippy::all, clippy::pedantic)]
#![allow(clippy::cast_possible_truncation)]
#![allow(clippy::missing_errors_doc)]

use bincode::{BorrowDecode, Decode, Encode};
use std::io::ErrorKind;
use std::net::SocketAddr;
use tokio::io::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt};
use tracing::warn;

pub mod wordlist;

pub const PROTOCOL_VERSION: u64 = 2;

/// Messages transferred through the initial TLS stream between proxy and server
#[derive(Debug, Clone, Encode, Decode)]
pub enum Message {
    /// Proxy request to server to echo back these bytes
    HeartBeat([u8; 32]),
    /// Server response to heartbeat request, echoing back requested bytes
    HeartBeatEcho([u8; 32]),
    /// Request from proxy to server telling server to open the TCP stream that the client connection will
    /// be proxied through.
    NewClient(u128),
}

/// Initial message from proxy to server telling server the domain it is assigned, the proxy's public key,
/// and the proxy server's protocol number. This protocol number will be incremented every time the protocol changes.
#[derive(Debug, Clone, Encode, Decode)]
pub struct DomainAndPubKey {
    /// The url that was assigned to the Minecraft server. (ex: <word>-<word>-<word>.mineshare.dev)
    pub domain: String,
    /// The server's public key, used for authenticating the server during Diffie Hellman
    pub public_key: [u8; 32],
    /// Protocol version for the proxy server, not Minecraft protocol version
    pub protocol_version: u64,
}

impl DomainAndPubKey {
    #[must_use]
    pub fn new(domain: String, public_key: [u8; 32], protocol_version: u64) -> Self {
        Self {
            domain,
            public_key,
            protocol_version,
        }
    }
}

/// An IP Address + Port
#[derive(Debug, Clone, Encode, Decode)]
pub struct Addr(pub SocketAddr);

/// A simple "HELLO" string from server to proxy server to validate that the server is a valid mineshare server
/// and not a random port 443 connection.
/// It's probably not very smart to use 443 for something other than HTTPS, but it works so...
#[derive(Debug, Clone, Encode, BorrowDecode)]
pub struct ServerHello<'a>(pub &'a str, pub Option<&'a str>);

impl<'a> BincodeAsync<'a> for ServerHello<'a> {}
impl BincodeAsync<'_> for Message {}
impl BincodeAsync<'_> for DomainAndPubKey {}
impl BincodeAsync<'_> for Addr {}

/// Helper trait for serializing & deserializing data into async streams
pub trait BincodeAsync<'a>: BorrowDecode<'a, ()> + Encode + Send {
    /// Encode this struct into the stream
    fn encode<S: AsyncWrite + Unpin + Send>(
        self,
        r: &mut S,
        buf: &mut [u8],
    ) -> impl Future<Output = Result<usize, std::io::Error>> + Send {
        async {
            let len = bincode::encode_into_slice(self, buf, bincode::config::standard())
                .map_err(|e| std::io::Error::new(ErrorKind::InvalidData, e))?;
            r.write_u32(len as u32).await?;
            r.write_all(&buf[..len]).await?;
            r.flush().await?;
            Ok(len + 4)
        }
    }
    /// Decode this struct from the stream
    fn parse<S: AsyncRead + Unpin + Send>(
        r: &mut S,
        buf: &'a mut [u8],
    ) -> impl Future<Output = Result<Self, std::io::Error>> + Send {
        async {
            let len = r.read_u32().await?;
            let len = len as usize;
            if len > buf.len() {
                return Err(ErrorKind::InvalidData.into());
            }
            let read = r.read_exact(&mut buf[..len]).await?;
            let (decoded, _len) = match bincode::borrow_decode_from_slice::<Self, _>(
                &buf[..read],
                bincode::config::standard(),
            ) {
                Ok(d) => d,
                Err(e) => return Err(std::io::Error::new(ErrorKind::InvalidData, e)),
            };
            Ok(decoded)
        }
    }
}

/// Try and parse the hostname from the initial client packet from a Minecraft client to a Minecraft server
/// Returns `Ok(Some(&[u8]))` if hostname was parsed successfully
/// Returns `Ok(None)` if it needs more data
/// Returns `Err(e)` if an error happened or data is malformed
pub fn try_parse_init_packet(
    buf: &[u8],
    addr: SocketAddr,
) -> Result<Option<&[u8]>, std::io::Error> {
    let mut inner_cursor = 0;
    let Some((_len, read)) = varint::decode_varint(buf)? else {
        return Ok(None);
    };
    inner_cursor += read;
    let Some((packet_id, read)) = varint::decode_varint(&buf[inner_cursor..])? else {
        return Ok(None);
    };
    inner_cursor += read;
    if packet_id != 0 {
        // Handshaking protocol ID should be 0
        warn!("client {addr} sent invalid packet protocol ID");
        return Err(ErrorKind::InvalidData.into());
    }
    let Some((_protocol_version, read)) = varint::decode_varint(&buf[inner_cursor..])? else {
        return Ok(None);
    };
    inner_cursor += read;
    let Some((strlen, read)) = varint::decode_varint(&buf[inner_cursor..])? else {
        return Ok(None);
    };
    inner_cursor += read;
    if strlen > 256 {
        warn!("Received packet with hostname len set to {strlen}");
        return Err(ErrorKind::InvalidData.into());
    }
    if buf[inner_cursor..].len() < strlen as usize {
        // Haven't received enough data
        return Ok(None);
    }
    let hostname = &buf[inner_cursor..inner_cursor + strlen as usize];
    Ok(Some(hostname))
}

/// Utilities for encoding and decoding varints
pub mod varint {
    /// Encode a u64 as a varint.
    #[must_use]
    pub fn encode_varint(mut value: u64) -> ([u8; 10], usize) {
        let mut index = 0;
        let mut buf = [0u8; 10];
        while value >= 0x80 {
            buf[index] = (value as u8 & 0x7F) | 0x80;
            index += 1;
            value >>= 7;
        }
        buf[index] = value as u8;
        index += 1;
        (buf, index)
    }
    /// Decode a varint from a buffer
    pub fn decode_varint(buf: &[u8]) -> Result<Option<(u64, usize)>, std::io::Error> {
        let mut result = 0;
        for i in 0..10 {
            let byte = match buf.get(i) {
                Some(b) => *b,
                None => return Ok(None),
            };
            result |= u64::from(byte & 0x7f) << (7 * i);
            if byte & 0x80 == 0 {
                return Ok(Some((result, i + 1)));
            }
        }
        Err(std::io::ErrorKind::InvalidData.into())
    }
}

/// An encapsulation of a simple, secure authenticated Diffie Hellman with previous knowledge of a public key.
pub mod dhauth {
    use std::sync::atomic::{AtomicU64, Ordering};

    use super::BincodeAsync;
    use aes_gcm_siv::aead::Aead;
    use aes_gcm_siv::{Aes256GcmSiv, KeyInit as _, Nonce};
    use bincode::{BorrowDecode, Decode, Encode};
    use blake3::Hasher;
    use ed25519_dalek::{Signature, Signer, SigningKey, Verifier, VerifyingKey};
    use rand::Rng as _;
    use tokio::io::{AsyncRead, AsyncWrite};
    use tracing::error;
    use x25519_dalek::{EphemeralSecret, PublicKey};

    #[derive(Clone, Debug, Encode, Decode)]
    struct BobPublic([u8; 32]);
    #[derive(Clone, Debug, Encode, Decode)]
    struct AlicePubSignature([u8; 32], [u8; 64]);
    #[derive(Clone, Debug, Encode, BorrowDecode)]
    struct Id<'a>([u8; 12], &'a [u8]);

    impl BincodeAsync<'_> for BobPublic {}
    impl BincodeAsync<'_> for AlicePubSignature {}
    impl<'a> BincodeAsync<'a> for Id<'a> {}

    pub struct AuthenticatorProxy<'a, S: AsyncRead + AsyncWrite + Send + Unpin> {
        pub inner: &'a mut S,
        pub alice_private_sign_key: SigningKey,
        pub counter: &'a AtomicU64,
    }

    impl<S: AsyncRead + AsyncWrite + Send + Unpin> AuthenticatorProxy<'_, S> {
        #[allow(clippy::missing_panics_doc)]
        pub async fn get_id(mut self) -> Result<u128, std::io::Error> {
            let mut buf = [0u8; 128];
            let alice_secret = EphemeralSecret::random();
            let alice_public = PublicKey::from(&alice_secret);

            let BobPublic(client_public) = BobPublic::parse(&mut self.inner, &mut buf).await?;
            let bob_public = PublicKey::from(client_public);

            let hashed = sha256(alice_public, bob_public);
            // Since we sign the hashed alice public and bob public, replay isn't possible because
            // The bob hash will be different in previous interactions
            // On-path MITM is also impossible because when bob verifies the signature, it will be off
            // and he will immediately terminate the connection, suspecting a MITM.
            let signature = self.alice_private_sign_key.sign(&hashed);
            let signature = signature.to_bytes();
            let len = AlicePubSignature(alice_public.to_bytes(), signature)
                .encode(&mut self.inner, &mut buf)
                .await?;
            self.counter.fetch_add(len as u64, Ordering::Relaxed);
            let Id(nonce, data) = Id::parse(&mut self.inner, &mut buf).await.map_err(|e| {
                std::io::Error::other(format!("Connection error OR A MITM OCCURED: {e}"))
            })?;

            // If we got here, it implicitly means that bob accepted our signature, which means
            // We weren't MITM'd.
            // Therefore, this should be the shared secret between bob and us
            let shared = alice_secret.diffie_hellman(&bob_public).to_bytes();
            let key = shared.into();
            let aes = Aes256GcmSiv::new(&key);

            let decrypted = aes
                .decrypt(&Nonce::from(nonce), data)
                .map_err(|_e| std::io::Error::other("Error occured when decrypting key"))?;

            if decrypted.len() != 16 {
                return Err(std::io::Error::other(format!(
                    "ID is {} bytes, expected 16",
                    decrypted.len()
                )));
            }

            let id = u128::from_be_bytes(decrypted[..].try_into().unwrap());

            Ok(id)
        }
    }
    pub struct AuthenticatorServer<'a, S: AsyncRead + AsyncWrite + Send + Unpin> {
        pub inner: &'a mut S,
        pub alice_public_sign_key: VerifyingKey,
    }
    impl<S: AsyncRead + AsyncWrite + Send + Unpin> AuthenticatorServer<'_, S> {
        pub async fn send_id(mut self, id: u128) -> Result<(), std::io::Error> {
            let mut buf = [0u8; 1024];
            let bob_secret = EphemeralSecret::random();
            let bob_public = PublicKey::from(&bob_secret);

            BobPublic(bob_public.to_bytes())
                .encode(&mut self.inner, &mut buf)
                .await?;
            let AlicePubSignature(alice_public, signature) =
                AlicePubSignature::parse(&mut self.inner, &mut buf).await?;
            let alice_public = PublicKey::from(alice_public);

            // Since the alice and bob public keys should be the same on alice's side as ours,
            // the hash should also be the same
            let hashed = sha256(alice_public, bob_public);

            // If the hash is the same, then the verification should pass. Otherwise,
            // it's probably a MITM.
            let res = self
                .alice_public_sign_key
                .verify(&hashed, &Signature::from(signature));
            if let Err(e) = res {
                error!("POTENTIAL MITM? Signature error!!! {e}");
                return Err(std::io::Error::new(std::io::ErrorKind::InvalidData, e));
            }
            // Since the hash matched, this should be the shared secret between alice and us
            let shared = bob_secret.diffie_hellman(&alice_public).to_bytes();
            let key = shared.into();
            let aes = Aes256GcmSiv::new(&key);
            let mut nonce = [0u8; 12];
            rand::rng().fill(&mut nonce);
            let nonce_gen = Nonce::from(nonce);
            let id = id.to_be_bytes();
            let ciphertext = aes
                .encrypt(&nonce_gen, &id as &[u8])
                .map_err(|_e| std::io::Error::other("An error occured while encrypting id"))?;

            Id(nonce, &ciphertext)
                .encode(&mut self.inner, &mut buf)
                .await?;

            // We've sent the ID, so now we're done :)
            Ok(())
        }
    }
    fn sha256(pub1: PublicKey, pub2: PublicKey) -> [u8; 32] {
        let mut hasher = Hasher::new();
        hasher.update(b"MINESHARE");
        hasher.update(pub1.as_bytes());
        hasher.update(pub2.as_bytes());
        hasher.finalize().into()
    }
}