Remove use of OpenSSL for RSA PKCS1 encryption (#12). Closes Thinkofn…

…ame#2

* Add handwritten RSA PKCS1 encryption using num-bigint and simple_asn1

* Add more logging to compare OpenSSL with/without side-by-side

* Log message and ciphertext in hex

* Print N and e as hexadecimal integers

* Fix bad encryption caused by zeros in PKCS1 padding

PS field in https://tools.ietf.org/html/rfc8017#section-7.2.1
Must be nonzero

* Use rand fill instead of rand_bytes

* Remove OpenSSL!

* Update CI scripts and docs to not install OpenSSL

* Remove copying OpenSSL DLLs (libeay and ssleay) in AppVeyor script

* Change rsa_public_encrypt_pkcs1 to return a Result<Vec<u8>, String>

* Add error checking, returning Err<String> on failure; RFC comments

* Add the required message representative range checking

* Use expect() instead of unwrap() on from_der

* Map the ASN.1 error to a String to return it from rsa_public_encrypt_pkcs1() instead of panicking

* Move RSA to a new crate, rsa_public_encrypt_pkcs1

https://github.com/iceiix/rsa_public_encrypt_pkcs1

* Update to rsa_public_encrypt_pkcs1 with simple_asn 0.1.0

iceiix/rsa_public_encrypt_pkcs1#1

* Update to published version of rsa_public_encrypt_pkcs1, 0.1.0

* Remove unnecessarily added blank line

* Remove libssl-dev from .travis.yml

.travis.yml

@@ -12,15 +12,12 @@ cache: cargo
 before_install:
   - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew update          ; fi
   - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install sdl2    ; fi
-  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install openssl ; fi
   - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then sudo chown root:wheel /usr/local/bin/brew ; fi
   - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew link sdl2 ; fi
   - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then sudo apt-get update -qq ; fi
-  - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then sudo apt-get install -y libsdl2-dev libsdl2-mixer-dev libssl-dev gcc libegl1-mesa-dev libgles2-mesa-dev ; fi
+  - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then sudo apt-get install -y libsdl2-dev libsdl2-mixer-dev gcc libegl1-mesa-dev libgles2-mesa-dev ; fi
 script:
   - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export LIBRARY_PATH="$LIBRARY_PATH:/usr/local/lib"         ; fi
-  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export OPENSSL_INCLUDE_DIR=`brew --prefix openssl`/include ; fi
-  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export OPENSSL_LIB_DIR=`brew --prefix openssl`/lib         ; fi
   - cargo build --verbose
   - cargo test --verbose
 os:

Cargo.toml

@@ -26,9 +26,9 @@ log = { version = "0.4.5", features = ["std"] }
 cgmath = "0.16.1"
 lazy_static = "1.1.0"
 collision = "0.18.0"
-openssl = "0.10.15"
 aes = "0.3.2"
 cfb8 = "0.3.1"
+rsa_public_encrypt_pkcs1 = "0.1.0"
 # clippy = "*"
 
 [dependencies.steven_gl]

README.md

@@ -20,7 +20,7 @@ Feel free to pop in to say hi, [Webchat can be found here](https://irc.spi.gt/ir
 ## Building
 For more detailed info and platform specific instructions check the [wiki](https://github.com/Thinkofname/steven-rust/wiki/Compiling-and-or-running).
 
-Currently requires SDL2, OpenSSL and **beta or nightly** Rust to build.
+Currently requires SDL2, and **beta or nightly** Rust to build.
 
 `cargo build --release`
 

appveyor.yml

@@ -28,14 +28,6 @@ build_script:
 
     cargo -V
 
-
-    vcpkg integrate install
-
-    vcpkg install openssl:%PLATFORM%-windows
-
-    set VCPKGRS_DYNAMIC=1
-
-
     appveyor DownloadFile https://www.libsdl.org/release/SDL2-devel-2.0.4-VC.zip -FileName sdl2-dev.zip
 
     mkdir C:\sdl2
@@ -53,10 +45,6 @@ build_script:
 
     cp C:\sdl2\SDL2-2.0.4\lib\%PLATFORM%\SDL2.dll dist-debug
 
-    cp C:\tools\vcpkg\installed\%PLATFORM%-windows\bin\libeay32.dll dist-debug
-
-    cp C:\tools\vcpkg\installed\%PLATFORM%-windows\bin\ssleay32.dll dist-debug
-
 
     cargo build --release
 
@@ -66,9 +54,6 @@ build_script:
 
     cp C:\sdl2\SDL2-2.0.4\lib\%PLATFORM%\SDL2.dll dist
 
-    cp C:\tools\vcpkg\installed\%PLATFORM%-windows\bin\libeay32.dll dist
-
-    cp C:\tools\vcpkg\installed\%PLATFORM%-windows\bin\ssleay32.dll dist
 artifacts:
 - path: dist
 - path: dist-debug

src/main.rs

@@ -21,7 +21,6 @@ use std::time::{Instant, Duration};
 extern crate byteorder;
 #[macro_use]
 extern crate serde_json;
-extern crate openssl;
 extern crate aes;
 extern crate cfb8;
 extern crate sha1;
@@ -36,6 +35,7 @@ extern crate log;
 #[macro_use]
 extern crate lazy_static;
 extern crate collision;
+extern crate rsa_public_encrypt_pkcs1;
 pub extern crate steven_blocks;
 extern crate steven_shared as shared;
 

src/protocol/mod.rs

@@ -19,7 +19,6 @@ use cfb8::Cfb8;
 use cfb8::stream_cipher::{NewStreamCipher, StreamCipher};
 use serde_json;
 use reqwest;
-use openssl;
 
 pub mod mojang;
 
@@ -694,7 +693,6 @@ pub enum Error {
     IOError(io::Error),
     Json(serde_json::Error),
     Reqwest(reqwest::Error),
-    OpenSSL(openssl::error::ErrorStack),
 }
 
 impl convert::From<io::Error> for Error {
@@ -715,12 +713,6 @@ impl convert::From<reqwest::Error> for Error {
     }
 }
 
-impl convert::From<openssl::error::ErrorStack> for Error {
-    fn from(e: openssl::error::ErrorStack) -> Error {
-        Error::OpenSSL(e)
-    }
-}
-
 impl ::std::error::Error for Error {
     fn description(&self) -> &str {
         match *self {
@@ -729,7 +721,6 @@ impl ::std::error::Error for Error {
             Error::IOError(ref e) => e.description(),
             Error::Json(ref e) => e.description(),
             Error::Reqwest(ref e) => e.description(),
-            Error::OpenSSL(ref e) => e.description(),
         }
     }
 }
@@ -742,7 +733,6 @@ impl ::std::fmt::Display for Error {
             Error::IOError(ref e) => e.fmt(f),
             Error::Json(ref e) => e.fmt(f),
             Error::Reqwest(ref e) => e.fmt(f),
-            Error::OpenSSL(ref e) => e.fmt(f),
         }
     }
 }

src/server/mod.rs

@@ -31,6 +31,7 @@ use cgmath::prelude::*;
 use types::Gamemode;
 use shared::{Axis, Position};
 use format;
+use rsa_public_encrypt_pkcs1;
 
 mod sun;
 pub mod plugin_messages;
@@ -102,8 +103,6 @@ macro_rules! handle_packet {
 impl Server {
 
     pub fn connect(resources: Arc<RwLock<resources::Manager>>, profile: mojang::Profile, address: &str) -> Result<Server, protocol::Error> {
-        use openssl::rand::rand_bytes;
-        use openssl::rsa::{Rsa, Padding};
         let mut conn = try!(protocol::Conn::new(address));
 
         let host = conn.host.clone();
@@ -144,14 +143,18 @@ impl Server {
             };
         }
 
-        let rsa = Rsa::public_key_from_der(&packet.public_key.data).unwrap();
+        println!("packet.public_key.data = {:?}", &packet.public_key.data);
         let mut shared = [0; 16];
-        rand_bytes(&mut shared).unwrap();
+        // TODO: is this cryptographically secure enough?
+        rand::thread_rng().fill(&mut shared);
 
-        let mut shared_e = vec![0; rsa.size() as usize];
-        let mut token_e = vec![0; rsa.size() as usize];
-        rsa.public_encrypt(&shared, &mut shared_e, Padding::PKCS1)?;
-        rsa.public_encrypt(&packet.verify_token.data, &mut token_e, Padding::PKCS1)?;
+        println!("shared ({:} bytes) = {:?}", shared.len(), &shared);
+        println!("packet.verify_token.data = {:?}", &packet.verify_token.data);
+
+        let shared_e = rsa_public_encrypt_pkcs1::encrypt(&packet.public_key.data, &shared).unwrap();
+        let token_e = rsa_public_encrypt_pkcs1::encrypt(&packet.public_key.data, &packet.verify_token.data).unwrap();
+        println!("new shared_e({:}) = {:?}", shared_e.len(), &shared_e);
+        println!("new token_e({:}) = {:?}", token_e.len(), &token_e);
 
         try!(profile.join_server(&packet.server_id, &shared, &packet.public_key.data));