2013-07-18 09:27:19 +02:00
|
|
|
|
using System;
|
|
|
|
|
|
using System.Collections.Generic;
|
|
|
|
|
|
using System.Linq;
|
|
|
|
|
|
using System.Text;
|
|
|
|
|
|
using System.Security.Cryptography;
|
|
|
|
|
|
|
|
|
|
|
|
namespace MinecraftClient
|
|
|
|
|
|
{
|
|
|
|
|
|
/// <summary>
|
2014-03-16 23:04:43 +01:00
|
|
|
|
/// Methods for handling all the crypto stuff: RSA (Encryption Key Request), AES (Encrypted Stream), SHA-1 (Server Hash).
|
2013-07-18 09:27:19 +02:00
|
|
|
|
/// </summary>
|
|
|
|
|
|
|
|
|
|
|
|
public class Crypto
|
|
|
|
|
|
{
|
2014-03-16 23:04:43 +01:00
|
|
|
|
/// <summary>
|
|
|
|
|
|
/// Get a cryptographic service for encrypting data using the server's RSA public key
|
|
|
|
|
|
/// </summary>
|
|
|
|
|
|
/// <param name="key">Byte array containing the encoded key</param>
|
|
|
|
|
|
/// <returns>Returns the corresponding RSA Crypto Service</returns>
|
2013-07-18 09:27:19 +02:00
|
|
|
|
|
2014-03-16 23:04:43 +01:00
|
|
|
|
public static RSACryptoServiceProvider DecodeRSAPublicKey(byte[] x509key)
|
2013-07-18 09:27:19 +02:00
|
|
|
|
{
|
2014-03-16 23:04:43 +01:00
|
|
|
|
/* Code from StackOverflow no. 18091460 */
|
2013-07-18 09:27:19 +02:00
|
|
|
|
|
2014-03-16 23:04:43 +01:00
|
|
|
|
byte[] SeqOID = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01 };
|
2013-07-18 09:27:19 +02:00
|
|
|
|
|
2014-03-16 23:04:43 +01:00
|
|
|
|
System.IO.MemoryStream ms = new System.IO.MemoryStream(x509key);
|
|
|
|
|
|
System.IO.BinaryReader reader = new System.IO.BinaryReader(ms);
|
|
|
|
|
|
|
|
|
|
|
|
if (reader.ReadByte() == 0x30)
|
|
|
|
|
|
ReadASNLength(reader); //skip the size
|
|
|
|
|
|
else
|
|
|
|
|
|
return null;
|
|
|
|
|
|
|
|
|
|
|
|
int identifierSize = 0; //total length of Object Identifier section
|
|
|
|
|
|
if (reader.ReadByte() == 0x30)
|
|
|
|
|
|
identifierSize = ReadASNLength(reader);
|
|
|
|
|
|
else
|
|
|
|
|
|
return null;
|
|
|
|
|
|
|
|
|
|
|
|
if (reader.ReadByte() == 0x06) //is the next element an object identifier?
|
2013-07-18 09:27:19 +02:00
|
|
|
|
{
|
2014-03-16 23:04:43 +01:00
|
|
|
|
int oidLength = ReadASNLength(reader);
|
|
|
|
|
|
byte[] oidBytes = new byte[oidLength];
|
|
|
|
|
|
reader.Read(oidBytes, 0, oidBytes.Length);
|
|
|
|
|
|
if (oidBytes.SequenceEqual(SeqOID) == false) //is the object identifier rsaEncryption PKCS#1?
|
|
|
|
|
|
return null;
|
|
|
|
|
|
|
|
|
|
|
|
int remainingBytes = identifierSize - 2 - oidBytes.Length;
|
|
|
|
|
|
reader.ReadBytes(remainingBytes);
|
2013-07-18 09:27:19 +02:00
|
|
|
|
}
|
2014-03-16 23:04:43 +01:00
|
|
|
|
|
|
|
|
|
|
if (reader.ReadByte() == 0x03) //is the next element a bit string?
|
2013-07-18 09:27:19 +02:00
|
|
|
|
{
|
2014-03-16 23:04:43 +01:00
|
|
|
|
ReadASNLength(reader); //skip the size
|
|
|
|
|
|
reader.ReadByte(); //skip unused bits indicator
|
|
|
|
|
|
if (reader.ReadByte() == 0x30)
|
|
|
|
|
|
{
|
|
|
|
|
|
ReadASNLength(reader); //skip the size
|
|
|
|
|
|
if (reader.ReadByte() == 0x02) //is it an integer?
|
|
|
|
|
|
{
|
|
|
|
|
|
int modulusSize = ReadASNLength(reader);
|
|
|
|
|
|
byte[] modulus = new byte[modulusSize];
|
|
|
|
|
|
reader.Read(modulus, 0, modulus.Length);
|
|
|
|
|
|
if (modulus[0] == 0x00) //strip off the first byte if it's 0
|
|
|
|
|
|
{
|
|
|
|
|
|
byte[] tempModulus = new byte[modulus.Length - 1];
|
|
|
|
|
|
Array.Copy(modulus, 1, tempModulus, 0, modulus.Length - 1);
|
|
|
|
|
|
modulus = tempModulus;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (reader.ReadByte() == 0x02) //is it an integer?
|
|
|
|
|
|
{
|
|
|
|
|
|
int exponentSize = ReadASNLength(reader);
|
|
|
|
|
|
byte[] exponent = new byte[exponentSize];
|
|
|
|
|
|
reader.Read(exponent, 0, exponent.Length);
|
|
|
|
|
|
|
|
|
|
|
|
RSACryptoServiceProvider RSA = new RSACryptoServiceProvider();
|
|
|
|
|
|
RSAParameters RSAKeyInfo = new RSAParameters();
|
|
|
|
|
|
RSAKeyInfo.Modulus = modulus;
|
|
|
|
|
|
RSAKeyInfo.Exponent = exponent;
|
|
|
|
|
|
RSA.ImportParameters(RSAKeyInfo);
|
|
|
|
|
|
return RSA;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2013-07-18 09:27:19 +02:00
|
|
|
|
}
|
|
|
|
|
|
return null;
|
|
|
|
|
|
}
|
2014-03-16 23:04:43 +01:00
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
|
/// Subfunction for decrypting ASN.1 (x509) RSA certificate data fields lengths
|
|
|
|
|
|
/// </summary>
|
|
|
|
|
|
/// <param name="reader">StreamReader containing the stream to decode</param>
|
|
|
|
|
|
/// <returns>Return the read length</returns>
|
|
|
|
|
|
|
|
|
|
|
|
private static int ReadASNLength(System.IO.BinaryReader reader)
|
2013-07-18 09:27:19 +02:00
|
|
|
|
{
|
2014-03-16 23:04:43 +01:00
|
|
|
|
//Note: this method only reads lengths up to 4 bytes long as
|
|
|
|
|
|
//this is satisfactory for the majority of situations.
|
|
|
|
|
|
int length = reader.ReadByte();
|
|
|
|
|
|
if ((length & 0x00000080) == 0x00000080) //is the length greater than 1 byte
|
2013-07-18 09:27:19 +02:00
|
|
|
|
{
|
2014-03-16 23:04:43 +01:00
|
|
|
|
int count = length & 0x0000000f;
|
|
|
|
|
|
byte[] lengthBytes = new byte[4];
|
|
|
|
|
|
reader.Read(lengthBytes, 4 - count, count);
|
|
|
|
|
|
Array.Reverse(lengthBytes); //
|
|
|
|
|
|
length = BitConverter.ToInt32(lengthBytes, 0);
|
2013-07-18 09:27:19 +02:00
|
|
|
|
}
|
2014-03-16 23:04:43 +01:00
|
|
|
|
return length;
|
|
|
|
|
|
}
|
2013-07-18 09:27:19 +02:00
|
|
|
|
|
2014-03-16 23:04:43 +01:00
|
|
|
|
/// <summary>
|
|
|
|
|
|
/// Generate a new random AES key for symmetric encryption
|
|
|
|
|
|
/// </summary>
|
|
|
|
|
|
/// <returns>Returns a byte array containing the key</returns>
|
|
|
|
|
|
|
|
|
|
|
|
public static byte[] GenerateAESPrivateKey()
|
|
|
|
|
|
{
|
|
|
|
|
|
AesManaged AES = new AesManaged();
|
|
|
|
|
|
AES.KeySize = 128; AES.GenerateKey();
|
|
|
|
|
|
return AES.Key;
|
2013-07-18 09:27:19 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
2014-03-16 23:04:43 +01:00
|
|
|
|
/// <summary>
|
|
|
|
|
|
/// Get a SHA-1 hash for online-mode session checking
|
|
|
|
|
|
/// </summary>
|
|
|
|
|
|
/// <param name="serverID">Server ID hash</param>
|
|
|
|
|
|
/// <param name="PublicKey">Server's RSA key</param>
|
|
|
|
|
|
/// <param name="SecretKey">Secret key chosen by the client</param>
|
|
|
|
|
|
/// <returns>Returns the corresponding SHA-1 hex hash</returns>
|
2014-03-13 12:12:44 +01:00
|
|
|
|
|
2014-03-16 23:04:43 +01:00
|
|
|
|
public static string getServerHash(string serverID, byte[] PublicKey, byte[] SecretKey)
|
2014-03-13 12:12:44 +01:00
|
|
|
|
{
|
2014-03-16 23:04:43 +01:00
|
|
|
|
byte[] hash = digest(new byte[][] { Encoding.GetEncoding("iso-8859-1").GetBytes(serverID), SecretKey, PublicKey });
|
2014-03-13 12:12:44 +01:00
|
|
|
|
bool negative = (hash[0] & 0x80) == 0x80;
|
2014-03-16 23:04:43 +01:00
|
|
|
|
if (negative) { hash = TwosComplementLittleEndian(hash); }
|
2014-03-13 12:12:44 +01:00
|
|
|
|
string result = GetHexString(hash).TrimStart('0');
|
|
|
|
|
|
if (negative) { result = "-" + result; }
|
|
|
|
|
|
return result;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-03-16 23:04:43 +01:00
|
|
|
|
/// <summary>
|
|
|
|
|
|
/// Generate a SHA-1 hash using several byte arrays
|
|
|
|
|
|
/// </summary>
|
|
|
|
|
|
/// <param name="tohash">array of byte arrays to hash</param>
|
|
|
|
|
|
/// <returns>Returns the hashed data</returns>
|
|
|
|
|
|
|
2014-03-13 12:12:44 +01:00
|
|
|
|
private static byte[] digest(byte[][] tohash)
|
|
|
|
|
|
{
|
|
|
|
|
|
SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider();
|
|
|
|
|
|
for (int i = 0; i < tohash.Length; i++)
|
|
|
|
|
|
sha1.TransformBlock(tohash[i], 0, tohash[i].Length, tohash[i], 0);
|
|
|
|
|
|
sha1.TransformFinalBlock(new byte[] { }, 0, 0);
|
|
|
|
|
|
return sha1.Hash;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-03-16 23:04:43 +01:00
|
|
|
|
/// <summary>
|
|
|
|
|
|
/// Converts a byte array to its hex string representation
|
|
|
|
|
|
/// </summary>
|
|
|
|
|
|
/// <param name="p">Byte array to convert</param>
|
|
|
|
|
|
/// <returns>Returns the string representation</returns>
|
|
|
|
|
|
|
2014-03-13 12:12:44 +01:00
|
|
|
|
private static string GetHexString(byte[] p)
|
|
|
|
|
|
{
|
|
|
|
|
|
string result = string.Empty;
|
|
|
|
|
|
for (int i = 0; i < p.Length; i++)
|
|
|
|
|
|
result += p[i].ToString("x2");
|
|
|
|
|
|
return result;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2014-03-16 23:04:43 +01:00
|
|
|
|
/// <summary>
|
|
|
|
|
|
/// Compute the two's complement of a little endian byte array
|
|
|
|
|
|
/// </summary>
|
|
|
|
|
|
/// <param name="p">Byte array to compute</param>
|
|
|
|
|
|
/// <returns>Returns the corresponding two's complement</returns>
|
|
|
|
|
|
|
|
|
|
|
|
private static byte[] TwosComplementLittleEndian(byte[] p)
|
2014-03-13 12:12:44 +01:00
|
|
|
|
{
|
|
|
|
|
|
int i;
|
|
|
|
|
|
bool carry = true;
|
|
|
|
|
|
for (i = p.Length - 1; i >= 0; i--)
|
|
|
|
|
|
{
|
|
|
|
|
|
p[i] = (byte)~p[i];
|
|
|
|
|
|
if (carry)
|
|
|
|
|
|
{
|
|
|
|
|
|
carry = p[i] == 0xFF;
|
|
|
|
|
|
p[i]++;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return p;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2013-07-18 09:27:19 +02:00
|
|
|
|
/// <summary>
|
2014-03-16 23:04:43 +01:00
|
|
|
|
/// An encrypted stream using AES, used for encrypting network data on the fly using AES.
|
2013-07-18 09:27:19 +02:00
|
|
|
|
/// </summary>
|
|
|
|
|
|
|
|
|
|
|
|
public class AesStream : System.IO.Stream
|
|
|
|
|
|
{
|
|
|
|
|
|
CryptoStream enc;
|
|
|
|
|
|
CryptoStream dec;
|
|
|
|
|
|
public AesStream(System.IO.Stream stream, byte[] key)
|
|
|
|
|
|
{
|
|
|
|
|
|
BaseStream = stream;
|
|
|
|
|
|
enc = new CryptoStream(stream, GenerateAES(key).CreateEncryptor(), CryptoStreamMode.Write);
|
|
|
|
|
|
dec = new CryptoStream(stream, GenerateAES(key).CreateDecryptor(), CryptoStreamMode.Read);
|
|
|
|
|
|
}
|
|
|
|
|
|
public System.IO.Stream BaseStream { get; set; }
|
|
|
|
|
|
|
|
|
|
|
|
public override bool CanRead
|
|
|
|
|
|
{
|
|
|
|
|
|
get { return true; }
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public override bool CanSeek
|
|
|
|
|
|
{
|
|
|
|
|
|
get { return false; }
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public override bool CanWrite
|
|
|
|
|
|
{
|
|
|
|
|
|
get { return true; }
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public override void Flush()
|
|
|
|
|
|
{
|
|
|
|
|
|
BaseStream.Flush();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public override long Length
|
|
|
|
|
|
{
|
|
|
|
|
|
get { throw new NotSupportedException(); }
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public override long Position
|
|
|
|
|
|
{
|
|
|
|
|
|
get
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new NotSupportedException();
|
|
|
|
|
|
}
|
|
|
|
|
|
set
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new NotSupportedException();
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public override int ReadByte()
|
|
|
|
|
|
{
|
|
|
|
|
|
return dec.ReadByte();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public override int Read(byte[] buffer, int offset, int count)
|
|
|
|
|
|
{
|
|
|
|
|
|
return dec.Read(buffer, offset, count);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public override long Seek(long offset, System.IO.SeekOrigin origin)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new NotSupportedException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public override void SetLength(long value)
|
|
|
|
|
|
{
|
|
|
|
|
|
throw new NotSupportedException();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public override void WriteByte(byte b)
|
|
|
|
|
|
{
|
|
|
|
|
|
enc.WriteByte(b);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public override void Write(byte[] buffer, int offset, int count)
|
|
|
|
|
|
{
|
|
|
|
|
|
enc.Write(buffer, offset, count);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private RijndaelManaged GenerateAES(byte[] key)
|
|
|
|
|
|
{
|
|
|
|
|
|
RijndaelManaged cipher = new RijndaelManaged();
|
|
|
|
|
|
cipher.Mode = CipherMode.CFB;
|
|
|
|
|
|
cipher.Padding = PaddingMode.None;
|
|
|
|
|
|
cipher.KeySize = 128;
|
|
|
|
|
|
cipher.FeedbackSize = 8;
|
|
|
|
|
|
cipher.Key = key;
|
|
|
|
|
|
cipher.IV = key;
|
|
|
|
|
|
return cipher;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
