Struct CipherState 

pub struct CipherState { /* private fields */ }

Stateful AES-128-CFB8 stream cipher for Minecraft protocol encryption.

After the login handshake, all traffic is encrypted with AES-128-CFB8 where the key and IV are both the 16-byte shared secret. The cipher is stateful — its internal feedback register advances with every byte, so encryption must happen on the raw TCP byte stream, not per-frame.

CFB-8 processes one byte at a time:

1. Encrypt the 16-byte shift register with AES-128-ECB
2. XOR the first byte of the result with the plaintext/ciphertext byte
3. Shift the register left by 1 byte, inserting the output byte at the end

Implementations

impl CipherState

pub fn new(shared_secret: &[u8; 16]) -> Self

Creates a new cipher from the shared secret.

Per the Minecraft protocol, the key and IV are both the 16-byte shared secret (AES-128-CFB8 with key == IV).

pub fn decrypt(&mut self, data: &mut [u8])

Decrypts data in-place.

Must be called on the raw byte stream (before frame decoding).

pub fn encrypt(&mut self, data: &mut [u8])

Encrypts data in-place.

Must be called on the raw byte stream (after frame encoding).

pub fn split(self) -> (DecryptCipher, EncryptCipher)

Splits this cipher into independent decrypt and encrypt halves.

Each half owns its own AES key schedule and IV register, allowing concurrent decryption (reader task) and encryption (writer task) after the connection is split.

Trait Implementations

impl Debug for CipherState

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.