RSA serde

2025-06-04 22:20:56 -06:00 · 2025-06-04 22:20:56 -06:00 · 406e7997a8
commit 406e7997a8
parent a4838723f5
7 changed files with 414 additions and 5 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -105,12 +105,24 @@ version = "0.22.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"

+[[package]]
+name = "base64ct"
+version = "1.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
+
 [[package]]
 name = "bitflags"
 version = "2.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5c8214115b7bf84099f1309324e63141d4c5d7cc26862f97a0a857dbefe165bd"

+[[package]]
+name = "byteorder"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
+
 [[package]]
 name = "bytes"
 version = "1.10.1"
@ -177,9 +189,12 @@ dependencies = [
 "base64",
 "clap",
 "const_format",
+ "der",
 "futures",
 "nom",
 "once_cell",
+ "rand",
+ "rsa",
 "serde",
 "serde_json",
 "thiserror 2.0.12",
@ -192,6 +207,12 @@ dependencies = [
 "uuid",
 ]

+[[package]]
+name = "const-oid"
+version = "0.9.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
+
 [[package]]
 name = "const_format"
 version = "0.2.34"
@ -227,6 +248,39 @@ version = "0.8.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28"

+[[package]]
+name = "crypto-common"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
+dependencies = [
+ "generic-array",
+ "typenum",
+]
+
+[[package]]
+name = "der"
+version = "0.7.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb"
+dependencies = [
+ "const-oid",
+ "der_derive",
+ "pem-rfc7468",
+ "zeroize",
+]
+
+[[package]]
+name = "der_derive"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "deranged"
 version = "0.4.0"
@ -236,6 +290,16 @@ dependencies = [
 "powerfmt",
 ]

+[[package]]
+name = "digest"
+version = "0.10.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
+dependencies = [
+ "const-oid",
+ "crypto-common",
+]
+
 [[package]]
 name = "equivalent"
 version = "1.0.2"
@ -331,6 +395,27 @@ dependencies = [
 "slab",
 ]

+[[package]]
+name = "generic-array"
+version = "0.14.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
+dependencies = [
+ "typenum",
+ "version_check",
+]
+
+[[package]]
+name = "getrandom"
+version = "0.2.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "335ff9f135e4384c8150d6f27c6daed433577f86b4750418338c01a1a2528592"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "wasi 0.11.0+wasi-snapshot-preview1",
+]
+
 [[package]]
 name = "getrandom"
 version = "0.3.2"
@ -388,6 +473,9 @@ name = "lazy_static"
 version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
+dependencies = [
+ "spin",
+]

 [[package]]
 name = "libc"
@ -395,6 +483,12 @@ version = "0.2.172"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d750af042f7ef4f724306de029d18836c26c1765a54a6a3f094cbd23a7267ffa"

+[[package]]
+name = "libm"
+version = "0.2.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f9fbbcab51052fe104eb5e5d351cf728d30a5be1fe14d9be8a3b097481fb97de"
+
 [[package]]
 name = "lock_api"
 version = "0.4.12"
@ -463,12 +557,59 @@ dependencies = [
 "winapi",
 ]

+[[package]]
+name = "num-bigint-dig"
+version = "0.8.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dc84195820f291c7697304f3cbdadd1cb7199c0efc917ff5eafd71225c136151"
+dependencies = [
+ "byteorder",
+ "lazy_static",
+ "libm",
+ "num-integer",
+ "num-iter",
+ "num-traits",
+ "rand",
+ "smallvec",
+ "zeroize",
+]
+
 [[package]]
 name = "num-conv"
 version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"

+[[package]]
+name = "num-integer"
+version = "0.1.46"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f"
+dependencies = [
+ "num-traits",
+]
+
+[[package]]
+name = "num-iter"
+version = "0.1.45"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf"
+dependencies = [
+ "autocfg",
+ "num-integer",
+ "num-traits",
+]
+
+[[package]]
+name = "num-traits"
+version = "0.2.19"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841"
+dependencies = [
+ "autocfg",
+ "libm",
+]
+
 [[package]]
 name = "object"
 version = "0.36.7"
@ -513,6 +654,15 @@ dependencies = [
 "windows-targets",
 ]

+[[package]]
+name = "pem-rfc7468"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412"
+dependencies = [
+ "base64ct",
+]
+
 [[package]]
 name = "pin-project-lite"
 version = "0.2.16"
@ -525,12 +675,42 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"

+[[package]]
+name = "pkcs1"
+version = "0.7.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f"
+dependencies = [
+ "der",
+ "pkcs8",
+ "spki",
+]
+
+[[package]]
+name = "pkcs8"
+version = "0.10.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
+dependencies = [
+ "der",
+ "spki",
+]
+
 [[package]]
 name = "powerfmt"
 version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"

+[[package]]
+name = "ppv-lite86"
+version = "0.2.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9"
+dependencies = [
+ "zerocopy",
+]
+
 [[package]]
 name = "proc-macro2"
 version = "1.0.95"
@ -555,6 +735,36 @@ version = "5.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "74765f6d916ee2faa39bc8e68e4f3ed8949b48cccdac59983d287a7cb71ce9c5"

+[[package]]
+name = "rand"
+version = "0.8.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
+dependencies = [
+ "libc",
+ "rand_chacha",
+ "rand_core",
+]
+
+[[package]]
+name = "rand_chacha"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
+dependencies = [
+ "ppv-lite86",
+ "rand_core",
+]
+
+[[package]]
+name = "rand_core"
+version = "0.6.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
+dependencies = [
+ "getrandom 0.2.16",
+]
+
 [[package]]
 name = "redox_syscall"
 version = "0.5.11"
@ -564,6 +774,26 @@ dependencies = [
 "bitflags",
 ]

+[[package]]
+name = "rsa"
+version = "0.9.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "78928ac1ed176a5ca1d17e578a1825f3d81ca54cf41053a592584b020cfd691b"
+dependencies = [
+ "const-oid",
+ "digest",
+ "num-bigint-dig",
+ "num-integer",
+ "num-traits",
+ "pkcs1",
+ "pkcs8",
+ "rand_core",
+ "signature",
+ "spki",
+ "subtle",
+ "zeroize",
+]
+
 [[package]]
 name = "rustc-demangle"
 version = "0.1.24"
@ -641,6 +871,16 @@ dependencies = [
 "libc",
 ]

+[[package]]
+name = "signature"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
+dependencies = [
+ "digest",
+ "rand_core",
+]
+
 [[package]]
 name = "slab"
 version = "0.4.9"
@ -666,12 +906,34 @@ dependencies = [
 "windows-sys 0.52.0",
 ]

+[[package]]
+name = "spin"
+version = "0.9.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
+
+[[package]]
+name = "spki"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d"
+dependencies = [
+ "base64ct",
+ "der",
+]
+
 [[package]]
 name = "strsim"
 version = "0.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"

+[[package]]
+name = "subtle"
+version = "2.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
+
 [[package]]
 name = "syn"
 version = "2.0.101"
@ -917,6 +1179,12 @@ dependencies = [
 "tracing-log",
 ]

+[[package]]
+name = "typenum"
+version = "1.18.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f"
+
 [[package]]
 name = "unicode-ident"
 version = "1.0.18"
@ -941,7 +1209,7 @@ version = "1.16.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "458f7a779bf54acc9f347480ac654f68407d3aab21269a6e3c9f922acd9e2da9"
 dependencies = [
- "getrandom",
+ "getrandom 0.3.2",
 ]

 [[package]]
@ -950,6 +1218,12 @@ version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ba73ea9cf16a25df0c8caa16c51acb937d5712a8429db78a3ee29d5dcacd3a65"

+[[package]]
+name = "version_check"
+version = "0.9.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
+
 [[package]]
 name = "wasi"
 version = "0.11.0+wasi-snapshot-preview1"
@ -1086,3 +1360,29 @@ checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1"
 dependencies = [
 "bitflags",
 ]
+
+[[package]]
+name = "zerocopy"
+version = "0.8.25"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a1702d9583232ddb9174e01bb7c15a2ab8fb1bc6f227aa1233858c351a3ba0cb"
+dependencies = [
+ "zerocopy-derive",
+]
+
+[[package]]
+name = "zerocopy-derive"
+version = "0.8.25"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "28a6e20d751156648aa063f3800b706ee209a32c0b4d9f24be3d980b01be55ef"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "zeroize"
+version = "1.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde"
--- a/Cargo.toml
+++ b/Cargo.toml
@ -38,3 +38,6 @@ tracing = { version = "0.1.37", features = ["log"] }
 tracing-subscriber = { version = "0.3.17", features = ["tracing-log"] }
 tracing-appender = "0.2.2"
 uuid = { version = "1.13.1", features = ["v4"] }
+rsa = "0.9.8"
+rand = { version = "0.8.5", features = ["std"] }
+der = { version = "0.7.10", features = ["alloc", "derive"] }
--- a/src/protocol/encryption.rs
+++ b/src/protocol/encryption.rs
@ -0,0 +1,85 @@
+use der::{
+    asn1::{AnyRef, ObjectIdentifier},
+    Decode, DecodeValue, Encode, EncodeValue, Header, Reader, Sequence, Tag,
+};
+
+pub use crate::protocol::parsing::Parsable;
+pub use rsa::RsaPublicKey;
+
+impl Parsable for RsaPublicKey {
+    fn parse(data: &[u8]) -> nom::IResult<&[u8], Self> {
+        let spki = SubjectPublicKeyInfo::from_der(data).unwrap();
+
+        let modulus = rsa::BigUint::from_bytes_be(spki.subject_public_key.modulus.as_bytes());
+        let exponent =
+            rsa::BigUint::from_bytes_be(spki.subject_public_key.public_exponent.as_bytes());
+
+        Ok((&[], RsaPublicKey::new(modulus, exponent).unwrap()))
+    }
+    fn serialize(&self) -> Vec<u8> {
+        use rsa::traits::PublicKeyParts;
+        let algorithm = PublicKeyAlgorithm::default();
+        let subject_public_key = SubjectPublicKey {
+            modulus: der::asn1::Int::new(&self.n().to_bytes_be()).unwrap(),
+            public_exponent: der::asn1::Int::new(&self.e().to_bytes_be()).unwrap(),
+        };
+        let spki = SubjectPublicKeyInfo {
+            algorithm,
+            subject_public_key,
+        };
+        let mut buf = Vec::new();
+        spki.encode(&mut buf).unwrap();
+        buf
+    }
+}
+
+// Custom decode implementation for SubjectPublicKeyInfo.
+#[derive(Debug, Clone, PartialEq, Eq)]
+struct SubjectPublicKeyInfo<'a> {
+    algorithm: PublicKeyAlgorithm<'a>,
+    subject_public_key: SubjectPublicKey,
+}
+impl<'a> DecodeValue<'a> for SubjectPublicKeyInfo<'a> {
+    fn decode_value<R: Reader<'a>>(reader: &mut R, _header: Header) -> der::Result<Self> {
+        let algorithm = reader.decode()?;
+        let spk_der: der::asn1::BitString = reader.decode()?;
+        let spk_der = spk_der.as_bytes().unwrap();
+        let subject_public_key = SubjectPublicKey::from_der(spk_der).unwrap();
+
+        Ok(Self {
+            algorithm,
+            subject_public_key,
+        })
+    }
+}
+impl EncodeValue for SubjectPublicKeyInfo<'_> {
+    fn value_len(&self) -> der::Result<der::Length> {
+        self.algorithm.value_len()? + self.subject_public_key.value_len()?
+    }
+    fn encode_value(&self, writer: &mut impl der::Writer) -> der::Result<()> {
+        self.algorithm.encode_value(writer)?;
+        self.subject_public_key.encode_value(writer)?;
+        Ok(())
+    }
+}
+impl<'a> Sequence<'a> for SubjectPublicKeyInfo<'a> {}
+
+#[derive(Debug, Clone, PartialEq, Eq, Sequence)]
+struct PublicKeyAlgorithm<'a> {
+    pub algorithm: ObjectIdentifier,
+    pub parameters: Option<AnyRef<'a>>,
+}
+impl Default for PublicKeyAlgorithm<'_> {
+    fn default() -> Self {
+        Self {
+            algorithm: ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.1"),
+            parameters: Some(AnyRef::new(Tag::Null, &[]).unwrap()),
+        }
+    }
+}
+
+#[derive(Debug, Clone, PartialEq, Eq, Sequence)]
+struct SubjectPublicKey {
+    pub modulus: der::asn1::Int,
+    pub public_exponent: der::asn1::Int,
+}
--- a/src/protocol/mod.rs
+++ b/src/protocol/mod.rs
@ -1,5 +1,7 @@
 /// Implementation of Minecraft's blocks.
 pub mod blocks;
+/// Protocol encryption.
+pub mod encryption;
 /// Implementation of Minecraft's entities.
 pub mod entities;
 /// When using the protocol encounters errors.
--- a/src/protocol/packets.rs
+++ b/src/protocol/packets.rs
@ -217,6 +217,7 @@ packets!(
                field server_id: String,
                field public_key: Vec<u8>,
                field verify_token: Vec<u8>,
+                field use_mojang_authentication: bool,
            }
            packet LoginSuccess 0x02 {
                field uuid: Uuid,
--- a/src/proxy/mod.rs
+++ b/src/proxy/mod.rs
@ -40,6 +40,26 @@ impl Proxy {
                    .unwrap() = serde_json::Value::String(new_description);
                Packet::StatusResponse(status)
            }
+            Packet::EncryptionRequest(mut p) => {
+                trace!("Rewriting encryption request packet: {:?}", p);
+                use crate::protocol::parsing::Parsable;
+
+                // Decode the upstream public key from the packet.
+                let upstream_public_key = rsa::RsaPublicKey::parse(&p.public_key)
+                    .expect("Failed to parse RSA public key from packet");
+                trace!("server public key: {:?}", upstream_public_key);
+
+                // Make our own private and public rsa keys and send those instead.
+                use rand::SeedableRng;
+                let mut rng = rand::rngs::StdRng::from_entropy();
+                let private_key = rsa::RsaPrivateKey::new(&mut rng, 1024)
+                    .expect("Failed to generate RSA private key");
+                let public_key = private_key.to_public_key();
+                trace!("local public key: {:?}", public_key);
+                p.public_key = public_key.serialize();
+
+                Packet::EncryptionRequest(p)
+            }
            p => p,
        }
    }
@ -82,7 +102,6 @@ impl App for Proxy {
            upstream_address,
        })
    }
-    #[tracing::instrument]
    async fn update(&mut self) -> Result<(), Self::Error> {
        let _ = self.connections.update().await.map_err(Error::Network)?;

@ -157,7 +176,7 @@ impl App for Proxy {
                }
            }
        }
-        
+
        if client_error {
            let id = client.id();
            // Drop the &mut Connection
@ -177,7 +196,6 @@ impl App for Proxy {

        Ok(())
    }
-    #[tracing::instrument]
    async fn shutdown(self) -> Result<(), Self::Error> {
        // Ensure any child tasks have been shut down.
        self.running.cancel();
--- a/src/server/mod.rs
+++ b/src/server/mod.rs
@ -6,6 +6,7 @@ pub mod error;
 pub mod net;

 use crate::config::Config;
+use crate::protocol::types::Uuid;
 use crate::protocol::ClientState;
 use crate::App;
 use config::ServerConfig;
@ -15,7 +16,6 @@ use tokio::net::{TcpListener, ToSocketAddrs};
 use tokio::{sync::RwLock, task::JoinHandle};
 use tokio_util::sync::CancellationToken;
 use tracing::{error, trace};
-use crate::protocol::types::Uuid;

 /// The main state and logic of the program.
 #[derive(Debug)]