librespot_core/
authentication.rs

1use std::io::{self, Read};
2
3use aes::Aes192;
4use base64::engine::Engine as _;
5use base64::engine::general_purpose::STANDARD as BASE64;
6use byteorder::{BigEndian, ByteOrder};
7use pbkdf2::pbkdf2_hmac;
8use protobuf::Enum;
9use serde::{Deserialize, Serialize};
10use sha1::{Digest, Sha1};
11use thiserror::Error;
12
13use crate::{Error, protocol::authentication::AuthenticationType};
14
15#[derive(Debug, Error)]
16pub enum AuthenticationError {
17    #[error("unknown authentication type {0}")]
18    AuthType(u32),
19    #[error("invalid key")]
20    Key,
21}
22
23impl From<AuthenticationError> for Error {
24    fn from(err: AuthenticationError) -> Self {
25        Error::invalid_argument(err)
26    }
27}
28
29/// The credentials are used to log into the Spotify API.
30#[derive(Debug, Clone, Default, Serialize, Deserialize, PartialEq)]
31pub struct Credentials {
32    pub username: Option<String>,
33
34    #[serde(serialize_with = "serialize_protobuf_enum")]
35    #[serde(deserialize_with = "deserialize_protobuf_enum")]
36    pub auth_type: AuthenticationType,
37
38    #[serde(alias = "encoded_auth_blob")]
39    #[serde(serialize_with = "serialize_base64")]
40    #[serde(deserialize_with = "deserialize_base64")]
41    pub auth_data: Vec<u8>,
42}
43
44impl Credentials {
45    /// Intialize these credentials from a username and a password.
46    ///
47    /// ### Example
48    /// ```rust
49    /// use librespot_core::authentication::Credentials;
50    ///
51    /// let creds = Credentials::with_password("my account", "my password");
52    /// ```
53    pub fn with_password(username: impl Into<String>, password: impl Into<String>) -> Self {
54        Self {
55            username: Some(username.into()),
56            auth_type: AuthenticationType::AUTHENTICATION_USER_PASS,
57            auth_data: password.into().into_bytes(),
58        }
59    }
60
61    pub fn with_access_token(token: impl Into<String>) -> Self {
62        Self {
63            username: None,
64            auth_type: AuthenticationType::AUTHENTICATION_SPOTIFY_TOKEN,
65            auth_data: token.into().into_bytes(),
66        }
67    }
68
69    pub fn with_blob(
70        username: impl Into<String>,
71        encrypted_blob: impl AsRef<[u8]>,
72        device_id: impl AsRef<[u8]>,
73    ) -> Result<Self, Error> {
74        fn read_u8<R: Read>(stream: &mut R) -> io::Result<u8> {
75            let mut data = [0u8];
76            stream.read_exact(&mut data)?;
77            Ok(data[0])
78        }
79
80        fn read_int<R: Read>(stream: &mut R) -> io::Result<u32> {
81            let lo = read_u8(stream)? as u32;
82            if lo & 0x80 == 0 {
83                return Ok(lo);
84            }
85
86            let hi = read_u8(stream)? as u32;
87            Ok(lo & 0x7f | (hi << 7))
88        }
89
90        fn read_bytes<R: Read>(stream: &mut R) -> io::Result<Vec<u8>> {
91            let length = read_int(stream)?;
92            let mut data = vec![0u8; length as usize];
93            stream.read_exact(&mut data)?;
94
95            Ok(data)
96        }
97
98        let username = username.into();
99
100        let secret = Sha1::digest(device_id.as_ref());
101
102        let key = {
103            let mut key = [0u8; 24];
104            if key.len() < 20 {
105                return Err(AuthenticationError::Key.into());
106            }
107
108            pbkdf2_hmac::<Sha1>(&secret, username.as_bytes(), 0x100, &mut key[0..20]);
109
110            let hash = &Sha1::digest(&key[..20]);
111            key[..20].copy_from_slice(hash);
112            BigEndian::write_u32(&mut key[20..], 20);
113            key
114        };
115
116        // decrypt data using ECB mode without padding
117        let blob = {
118            use aes::cipher::generic_array::GenericArray;
119            use aes::cipher::{BlockDecrypt, BlockSizeUser, KeyInit};
120
121            let mut data = BASE64.decode(encrypted_blob)?;
122            let cipher = Aes192::new(GenericArray::from_slice(&key));
123            let block_size = Aes192::block_size();
124
125            for chunk in data.chunks_exact_mut(block_size) {
126                cipher.decrypt_block(GenericArray::from_mut_slice(chunk));
127            }
128
129            let l = data.len();
130            for i in 0..l - 0x10 {
131                data[l - i - 1] ^= data[l - i - 0x11];
132            }
133
134            data
135        };
136
137        let mut cursor = io::Cursor::new(blob.as_slice());
138        read_u8(&mut cursor)?;
139        read_bytes(&mut cursor)?;
140        read_u8(&mut cursor)?;
141        let auth_type = read_int(&mut cursor)?;
142        let auth_type = AuthenticationType::from_i32(auth_type as i32)
143            .ok_or(AuthenticationError::AuthType(auth_type))?;
144        read_u8(&mut cursor)?;
145        let auth_data = read_bytes(&mut cursor)?;
146
147        Ok(Self {
148            username: Some(username),
149            auth_type,
150            auth_data,
151        })
152    }
153}
154
155fn serialize_protobuf_enum<T, S>(v: &T, ser: S) -> Result<S::Ok, S::Error>
156where
157    T: Enum,
158    S: serde::Serializer,
159{
160    serde::Serialize::serialize(&v.value(), ser)
161}
162
163fn deserialize_protobuf_enum<'de, T, D>(de: D) -> Result<T, D::Error>
164where
165    T: Enum,
166    D: serde::Deserializer<'de>,
167{
168    let v: i32 = serde::Deserialize::deserialize(de)?;
169    T::from_i32(v).ok_or_else(|| serde::de::Error::custom("Invalid enum value"))
170}
171
172fn serialize_base64<T, S>(v: &T, ser: S) -> Result<S::Ok, S::Error>
173where
174    T: AsRef<[u8]>,
175    S: serde::Serializer,
176{
177    serde::Serialize::serialize(&BASE64.encode(v.as_ref()), ser)
178}
179
180fn deserialize_base64<'de, D>(de: D) -> Result<Vec<u8>, D::Error>
181where
182    D: serde::Deserializer<'de>,
183{
184    let v: String = serde::Deserialize::deserialize(de)?;
185    BASE64
186        .decode(v)
187        .map_err(|e| serde::de::Error::custom(e.to_string()))
188}