New server framework, an example, and compressed packet fixed.

2021-11-27 15:25:55 +08:00
parent b909621c58
commit ab63acbd7e
13 changed files with 2792 additions and 69 deletions
--- a/server/auth/auth.go
+++ b/server/auth/auth.go
@ -0,0 +1,208 @@
+package auth
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha1"
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"github.com/Tnze/go-mc/data/packetid"
+	"io/ioutil"
+	"net/http"
+	"strings"
+
+	"github.com/Tnze/go-mc/net"
+	"github.com/Tnze/go-mc/net/CFB8"
+	pk "github.com/Tnze/go-mc/net/packet"
+	"github.com/google/uuid"
+)
+
+const verifyTokenLen = 16
+
+//Encrypt a connection, with authentication
+func Encrypt(conn *net.Conn, name string) (*Resp, error) {
+	//generate keys
+	key, err := rsa.GenerateKey(rand.Reader, 1024)
+	if err != nil {
+		return nil, err
+	}
+
+	publicKey, err := x509.MarshalPKIXPublicKey(&key.PublicKey)
+	if err != nil {
+		return nil, err
+	}
+
+	//encryption request
+	VT1, err := encryptionRequest(conn, publicKey)
+	if err != nil {
+		return nil, err
+	}
+
+	//encryption response
+	ESharedSecret, EVerifyToken, err := encryptionResponse(conn)
+	if err != nil {
+		return nil, err
+	}
+
+	//encryption the connection
+	SharedSecret, err := rsa.DecryptPKCS1v15(rand.Reader, key, ESharedSecret)
+	if err != nil {
+		return nil, err
+	}
+	VT2, err := rsa.DecryptPKCS1v15(rand.Reader, key, EVerifyToken)
+	if err != nil {
+		return nil, err
+	}
+
+	//confirm the verify token
+	if !bytes.Equal(VT1, VT2) {
+		return nil, errors.New("verify token not match")
+	}
+
+	block, err := aes.NewCipher(SharedSecret)
+	if err != nil {
+		return nil, errors.New("load aes encryption key fail")
+	}
+
+	conn.SetCipher( //启用加密
+		CFB8.NewCFB8Encrypt(block, SharedSecret),
+		CFB8.NewCFB8Decrypt(block, SharedSecret))
+
+	hash := authDigest("", SharedSecret, publicKey)
+	resp, err := authentication(name, hash) //auth
+	if err != nil {
+		return nil, errors.New("auth servers down")
+	}
+
+	return resp, nil
+}
+
+func encryptionRequest(conn *net.Conn, publicKey []byte) ([]byte, error) {
+	var verifyToken [verifyTokenLen]byte
+	_, err := rand.Read(verifyToken[:])
+	if err != nil {
+		return nil, err
+	}
+	err = conn.WritePacket(pk.Marshal(
+		packetid.EncryptionBeginClientbound,
+		pk.String(""),
+		pk.ByteArray(publicKey),
+		pk.ByteArray(verifyToken[:]),
+	))
+	return verifyToken[:], err
+}
+
+func encryptionResponse(conn *net.Conn) ([]byte, []byte, error) {
+	var p pk.Packet
+	err := conn.ReadPacket(&p)
+	if err != nil {
+		return nil, nil, err
+	}
+	if p.ID != packetid.EncryptionBeginServerbound {
+		return nil, nil, fmt.Errorf("0x%02X is not Encryption Response", p.ID)
+	}
+
+	var SharedSecret, VerifyToken pk.ByteArray
+	if err = p.Scan(&SharedSecret, &VerifyToken); err != nil {
+		return nil, nil, err
+	}
+
+	return SharedSecret, VerifyToken, nil
+}
+
+func authentication(name, hash string) (*Resp, error) {
+	resp, err := http.Get("https://sessionserver.mojang.com/session/minecraft/hasJoined?username=" + name + "&serverId=" + hash)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	var Resp Resp
+	err = json.Unmarshal(body, &Resp)
+
+	return &Resp, err
+}
+
+// authDigest computes a special SHA-1 digest required for Minecraft web
+// authentication on Premium servers (online-mode=true).
+// Source: http://wiki.vg/Protocol_Encryption#Server
+//
+// Also many, many thanks to SirCmpwn and his wonderful gist (C#):
+// https://gist.github.com/SirCmpwn/404223052379e82f91e6
+func authDigest(serverID string, sharedSecret, publicKey []byte) string {
+	h := sha1.New()
+	h.Write([]byte(serverID))
+	h.Write(sharedSecret)
+	h.Write(publicKey)
+	hash := h.Sum(nil)
+
+	// Check for negative hashes
+	negative := (hash[0] & 0x80) == 0x80
+	if negative {
+		hash = twosComplement(hash)
+	}
+
+	// Trim away zeroes
+	res := strings.TrimLeft(fmt.Sprintf("%x", hash), "0")
+	if negative {
+		res = "-" + res
+	}
+
+	return res
+}
+
+// little endian
+func twosComplement(p []byte) []byte {
+	carry := true
+	for i := len(p) - 1; i >= 0; i-- {
+		p[i] = byte(^p[i])
+		if carry {
+			carry = p[i] == 0xff
+			p[i]++
+		}
+	}
+	return p
+}
+
+//Resp is the response of authentication
+type Resp struct {
+	Name       string
+	ID         uuid.UUID
+	Properties [1]struct {
+		Name, Value, Signature string
+	}
+}
+
+//Texture includes player's skin and cape
+type Texture struct {
+	TimeStamp int64     `json:"timestamp"`
+	ID        uuid.UUID `json:"profileId"`
+	Name      string    `json:"profileName"`
+	Textures  struct {
+		SKIN, CAPE struct {
+			URL string `json:"url"`
+		}
+	} `json:"textures"`
+}
+
+//Texture unmarshal the base64 encoded texture of Resp
+func (r *Resp) Texture() (t Texture, err error) {
+	var texture []byte
+	texture, err = base64.StdEncoding.DecodeString(r.Properties[0].Value)
+	if err != nil {
+		return
+	}
+
+	err = json.Unmarshal(texture, &t)
+	return
+}
--- a/server/auth/auth_test.go
+++ b/server/auth/auth_test.go
@ -0,0 +1,58 @@
+package auth
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/google/uuid"
+)
+
+func TestResp(t *testing.T) {
+	var resp Resp
+	err := json.Unmarshal([]byte(`{"id":"853c80ef3c3749fdaa49938b674adae6","name":"jeb_","properties":[{"name":"textures","value":"eyJ0aW1lc3RhbXAiOjE1NTk1NDM5MzMwMjUsInByb2ZpbGVJZCI6Ijg1M2M4MGVmM2MzNzQ5ZmRhYTQ5OTM4YjY3NGFkYWU2IiwicHJvZmlsZU5hbWUiOiJqZWJfIiwidGV4dHVyZXMiOnsiU0tJTiI6eyJ1cmwiOiJodHRwOi8vdGV4dHVyZXMubWluZWNyYWZ0Lm5ldC90ZXh0dXJlLzdmZDliYTQyYTdjODFlZWVhMjJmMTUyNDI3MWFlODVhOGUwNDVjZTBhZjVhNmFlMTZjNjQwNmFlOTE3ZTY4YjUifSwiQ0FQRSI6eyJ1cmwiOiJodHRwOi8vdGV4dHVyZXMubWluZWNyYWZ0Lm5ldC90ZXh0dXJlLzU3ODZmZTk5YmUzNzdkZmI2ODU4ODU5ZjkyNmM0ZGJjOTk1NzUxZTkxY2VlMzczNDY4YzVmYmY0ODY1ZTcxNTEifX19"}]}`), &resp)
+	if err != nil {
+		panic(err)
+	}
+	wantID := uuid.Must(uuid.Parse("853c80ef3c3749fdaa49938b674adae6"))
+
+	//check UUID
+	if resp.ID != wantID {
+		t.Errorf("uuid doesn't match: %v, want %s", resp.ID, wantID)
+	}
+
+	//check name
+	if resp.Name != "jeb_" {
+		t.Errorf("name doesn't match: %s, want %s", resp.Name, "jeb_")
+	}
+
+	//check texture
+	texture, err := resp.Texture()
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	t.Log(texture.TimeStamp)
+
+	if texture.ID != wantID {
+		t.Errorf("uuid doesn't match: %v, want %s", texture.ID, wantID)
+	}
+
+	if texture.Name != "jeb_" {
+		t.Errorf("name doesn't match: %s, want %s", texture.Name, "jeb_")
+	}
+
+	const (
+		wantSKIN = "http://textures.minecraft.net/texture/7fd9ba42a7c81eeea22f1524271ae85a8e045ce0af5a6ae16c6406ae917e68b5"
+		wantCAPE = "http://textures.minecraft.net/texture/5786fe99be377dfb6858859f926c4dbc995751e91cee373468c5fbf4865e7151"
+	)
+	if texture.Textures.SKIN.URL != wantSKIN {
+		t.Errorf("skin url not match: %s, want %s",
+			texture.Textures.SKIN.URL,
+			wantSKIN)
+	}
+	if texture.Textures.CAPE.URL != wantCAPE {
+		t.Errorf("cape url not match: %s, want %s",
+			texture.Textures.CAPE.URL,
+			wantCAPE)
+	}
+}