Remove use of OpenSSL for RSA PKCS1 encryption (#12). Closes #2

* Add handwritten RSA PKCS1 encryption using num-bigint and simple_asn1

* Add more logging to compare OpenSSL with/without side-by-side

* Log message and ciphertext in hex

* Print N and e as hexadecimal integers

* Fix bad encryption caused by zeros in PKCS1 padding

PS field in https://tools.ietf.org/html/rfc8017#section-7.2.1
Must be nonzero

* Use rand fill instead of rand_bytes

* Remove OpenSSL!

* Update CI scripts and docs to not install OpenSSL

* Remove copying OpenSSL DLLs (libeay and ssleay) in AppVeyor script

* Change rsa_public_encrypt_pkcs1 to return a Result<Vec<u8>, String>

* Add error checking, returning Err<String> on failure; RFC comments

* Add the required message representative range checking

* Use expect() instead of unwrap() on from_der

* Map the ASN.1 error to a String to return it from rsa_public_encrypt_pkcs1() instead of panicking

* Move RSA to a new crate, rsa_public_encrypt_pkcs1

https://github.com/iceiix/rsa_public_encrypt_pkcs1

* Update to rsa_public_encrypt_pkcs1 with simple_asn 0.1.0

https://github.com/iceiix/rsa_public_encrypt_pkcs1/issues/1

* Update to published version of rsa_public_encrypt_pkcs1, 0.1.0

* Remove unnecessarily added blank line

* Remove libssl-dev from .travis.yml

.travis.yml

@@ -12,15 +12,12 @@ cache: cargo
 before_install:
   - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew update          ; fi
   - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install sdl2    ; fi
-  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install openssl ; fi
   - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then sudo chown root:wheel /usr/local/bin/brew ; fi
   - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew link sdl2 ; fi
   - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then sudo apt-get update -qq ; fi
-  - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then sudo apt-get install -y libsdl2-dev libsdl2-mixer-dev libssl-dev gcc libegl1-mesa-dev libgles2-mesa-dev ; fi
+  - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then sudo apt-get install -y libsdl2-dev libsdl2-mixer-dev gcc libegl1-mesa-dev libgles2-mesa-dev ; fi
 script:
   - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export LIBRARY_PATH="$LIBRARY_PATH:/usr/local/lib"         ; fi
-  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export OPENSSL_INCLUDE_DIR=`brew --prefix openssl`/include ; fi
-  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export OPENSSL_LIB_DIR=`brew --prefix openssl`/lib         ; fi
   - cargo build --verbose
   - cargo test --verbose
 os:

Cargo.lock

@@ -176,6 +176,16 @@ dependencies = [
  "serde 1.0.79 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
+[[package]]
+name = "chrono"
+version = "0.4.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "num-integer 0.1.39 (registry+https://github.com/rust-lang/crates.io-index)",
+ "num-traits 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)",
+ "time 0.1.40 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "cloudabi"
 version = "0.0.3"
@@ -1092,6 +1102,16 @@ dependencies = [
  "uuid 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
+[[package]]
+name = "rsa_public_encrypt_pkcs1"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "num 0.1.42 (registry+https://github.com/rust-lang/crates.io-index)",
+ "rand 0.5.5 (registry+https://github.com/rust-lang/crates.io-index)",
+ "simple_asn1 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "rustc-serialize"
 version = "0.3.24"
@@ -1238,6 +1258,15 @@ dependencies = [
  "opaque-debug 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 
+[[package]]
+name = "simple_asn1"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "chrono 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)",
+ "num 0.1.42 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
 [[package]]
 name = "siphasher"
 version = "0.2.3"
@@ -1276,9 +1305,9 @@ dependencies = [
  "image 0.20.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "lazy_static 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "log 0.4.5 (registry+https://github.com/rust-lang/crates.io-index)",
- "openssl 0.10.15 (registry+https://github.com/rust-lang/crates.io-index)",
  "rand 0.5.5 (registry+https://github.com/rust-lang/crates.io-index)",
  "reqwest 0.9.4 (registry+https://github.com/rust-lang/crates.io-index)",
+ "rsa_public_encrypt_pkcs1 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "sdl2 0.31.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "serde 1.0.79 (registry+https://github.com/rust-lang/crates.io-index)",
  "serde_json 1.0.32 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -1715,6 +1744,7 @@ dependencies = [
 "checksum cfb8 0.3.1 (registry+https://github.com/rust-lang/crates.io-index)" = "246262ff86ddd02c34d3373bc1feef8bcdb92347f801ef0326f9a4091cfa164a"
 "checksum cfg-if 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "0c4e7bb64a8ebb0d856483e1e682ea3422f883c5f5615a90d51a2c82fe87fdd3"
 "checksum cgmath 0.16.1 (registry+https://github.com/rust-lang/crates.io-index)" = "64a4b57c8f4e3a2e9ac07e0f6abc9c24b6fc9e1b54c3478cfb598f3d0023e51c"
+"checksum chrono 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)" = "45912881121cb26fad7c38c17ba7daa18764771836b34fab7d3fbd93ed633878"
 "checksum cloudabi 0.0.3 (registry+https://github.com/rust-lang/crates.io-index)" = "ddfc5b9aa5d4507acaf872de71051dfd0e309860e88966e1051e462a077aac4f"
 "checksum collision 0.18.0 (registry+https://github.com/rust-lang/crates.io-index)" = "928b2092661bb4cd6f5e5a39c639ac6553a1e69750fab6de2edb86e2304f9eaa"
 "checksum color_quant 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)" = "0dbbb57365263e881e805dc77d94697c9118fd94d8da011240555aa7b23445bd"
@@ -1818,6 +1848,7 @@ dependencies = [
 "checksum redox_syscall 0.1.40 (registry+https://github.com/rust-lang/crates.io-index)" = "c214e91d3ecf43e9a4e41e578973adeb14b474f2bee858742d127af75a0112b1"
 "checksum remove_dir_all 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)" = "3488ba1b9a2084d38645c4c08276a1752dcbf2c7130d74f1569681ad5d2799c5"
 "checksum reqwest 0.9.4 (registry+https://github.com/rust-lang/crates.io-index)" = "00a5870d8edc74fc6e1eb58edbd2815d2243e1a2255d6bf9c82a7a875901b5db"
+"checksum rsa_public_encrypt_pkcs1 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "412d4bf1a097f5cc282e4429b18226ed77fd29e0330d773e01f050ef2ab29ce9"
 "checksum rustc-serialize 0.3.24 (registry+https://github.com/rust-lang/crates.io-index)" = "dcf128d1287d2ea9d80910b5f1120d0b8eede3fbf1abe91c40d39ea7d51e6fda"
 "checksum rustc_version 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "138e3e0acb6c9fb258b19b67cb8abd63c00679d2851805ea151465464fe9030a"
 "checksum ryu 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)" = "7153dd96dade874ab973e098cb62fcdbb89a03682e46b144fd09550998d4a4a7"
@@ -1836,6 +1867,7 @@ dependencies = [
 "checksum serde_json 1.0.32 (registry+https://github.com/rust-lang/crates.io-index)" = "43344e7ce05d0d8280c5940cabb4964bea626aa58b1ec0e8c73fa2a8512a38ce"
 "checksum serde_urlencoded 0.5.3 (registry+https://github.com/rust-lang/crates.io-index)" = "aaed41d9fb1e2f587201b863356590c90c1157495d811430a0c0325fe8169650"
 "checksum sha-1 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)" = "2cfd94fe9ed1245c2a1459f99373217b131a1b32b6d0922988b1e45b35249249"
+"checksum simple_asn1 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "8fa587b05019fe1244378f8f7df48aff4e74a7e90aa43b74a91c054a8862ce91"
 "checksum siphasher 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "0b8de496cf83d4ed58b6be86c3a275b8602f6ffe98d3024a869e124147a9a3ac"
 "checksum slab 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)" = "5f9776d6b986f77b35c6cf846c11ad986ff128fe0b2b63a3628e3755e8d3102d"
 "checksum smallvec 0.6.5 (registry+https://github.com/rust-lang/crates.io-index)" = "153ffa32fd170e9944f7e0838edf824a754ec4c1fc64746fcc9fe1f8fa602e5d"

Cargo.toml

@@ -26,9 +26,9 @@ log = { version = "0.4.5", features = ["std"] }
 cgmath = "0.16.1"
 lazy_static = "1.1.0"
 collision = "0.18.0"
-openssl = "0.10.15"
 aes = "0.3.2"
 cfb8 = "0.3.1"
+rsa_public_encrypt_pkcs1 = "0.1.0"
 # clippy = "*"
 
 [dependencies.steven_gl]

README.md

@@ -20,7 +20,7 @@ Feel free to pop in to say hi, [Webchat can be found here](https://irc.spi.gt/ir
 ## Building
 For more detailed info and platform specific instructions check the [wiki](https://github.com/Thinkofname/steven-rust/wiki/Compiling-and-or-running).
 
-Currently requires SDL2, OpenSSL and **beta or nightly** Rust to build.
+Currently requires SDL2, and **beta or nightly** Rust to build.
 
 `cargo build --release`
 

appveyor.yml

@@ -28,14 +28,6 @@ build_script:
 
     cargo -V
 
-
-    vcpkg integrate install
-
-    vcpkg install openssl:%PLATFORM%-windows
-
-    set VCPKGRS_DYNAMIC=1
-
-
     appveyor DownloadFile https://www.libsdl.org/release/SDL2-devel-2.0.4-VC.zip -FileName sdl2-dev.zip
 
     mkdir C:\sdl2
@@ -53,10 +45,6 @@ build_script:
 
     cp C:\sdl2\SDL2-2.0.4\lib\%PLATFORM%\SDL2.dll dist-debug
 
-    cp C:\tools\vcpkg\installed\%PLATFORM%-windows\bin\libeay32.dll dist-debug
-
-    cp C:\tools\vcpkg\installed\%PLATFORM%-windows\bin\ssleay32.dll dist-debug
-
 
     cargo build --release
 
@@ -66,9 +54,6 @@ build_script:
 
     cp C:\sdl2\SDL2-2.0.4\lib\%PLATFORM%\SDL2.dll dist
 
-    cp C:\tools\vcpkg\installed\%PLATFORM%-windows\bin\libeay32.dll dist
-
-    cp C:\tools\vcpkg\installed\%PLATFORM%-windows\bin\ssleay32.dll dist
 artifacts:
 - path: dist
 - path: dist-debug

src/main.rs

@@ -21,7 +21,6 @@ use std::time::{Instant, Duration};
 extern crate byteorder;
 #[macro_use]
 extern crate serde_json;
-extern crate openssl;
 extern crate aes;
 extern crate cfb8;
 extern crate sha1;
@@ -36,6 +35,7 @@ extern crate log;
 #[macro_use]
 extern crate lazy_static;
 extern crate collision;
+extern crate rsa_public_encrypt_pkcs1;
 pub extern crate steven_blocks;
 extern crate steven_shared as shared;
 

src/protocol/mod.rs

@@ -19,7 +19,6 @@ use cfb8::Cfb8;
 use cfb8::stream_cipher::{NewStreamCipher, StreamCipher};
 use serde_json;
 use reqwest;
-use openssl;
 
 pub mod mojang;
 
@@ -694,7 +693,6 @@ pub enum Error {
     IOError(io::Error),
     Json(serde_json::Error),
     Reqwest(reqwest::Error),
-    OpenSSL(openssl::error::ErrorStack),
 }
 
 impl convert::From<io::Error> for Error {
@@ -715,12 +713,6 @@ impl convert::From<reqwest::Error> for Error {
     }
 }
 
-impl convert::From<openssl::error::ErrorStack> for Error {
-    fn from(e: openssl::error::ErrorStack) -> Error {
-        Error::OpenSSL(e)
-    }
-}
-
 impl ::std::error::Error for Error {
     fn description(&self) -> &str {
         match *self {
@@ -729,7 +721,6 @@ impl ::std::error::Error for Error {
             Error::IOError(ref e) => e.description(),
             Error::Json(ref e) => e.description(),
             Error::Reqwest(ref e) => e.description(),
-            Error::OpenSSL(ref e) => e.description(),
         }
     }
 }
@@ -742,7 +733,6 @@ impl ::std::fmt::Display for Error {
             Error::IOError(ref e) => e.fmt(f),
             Error::Json(ref e) => e.fmt(f),
             Error::Reqwest(ref e) => e.fmt(f),
-            Error::OpenSSL(ref e) => e.fmt(f),
         }
     }
 }

src/server/mod.rs

@@ -31,6 +31,7 @@ use cgmath::prelude::*;
 use types::Gamemode;
 use shared::{Axis, Position};
 use format;
+use rsa_public_encrypt_pkcs1;
 
 mod sun;
 pub mod plugin_messages;
@@ -102,8 +103,6 @@ macro_rules! handle_packet {
 impl Server {
 
     pub fn connect(resources: Arc<RwLock<resources::Manager>>, profile: mojang::Profile, address: &str) -> Result<Server, protocol::Error> {
-        use openssl::rand::rand_bytes;
-        use openssl::rsa::{Rsa, Padding};
         let mut conn = try!(protocol::Conn::new(address));
 
         let host = conn.host.clone();
@@ -144,14 +143,18 @@ impl Server {
             };
         }
 
-        let rsa = Rsa::public_key_from_der(&packet.public_key.data).unwrap();
+        println!("packet.public_key.data = {:?}", &packet.public_key.data);
         let mut shared = [0; 16];
-        rand_bytes(&mut shared).unwrap();
+        // TODO: is this cryptographically secure enough?
+        rand::thread_rng().fill(&mut shared);
 
-        let mut shared_e = vec![0; rsa.size() as usize];
-        let mut token_e = vec![0; rsa.size() as usize];
-        rsa.public_encrypt(&shared, &mut shared_e, Padding::PKCS1)?;
-        rsa.public_encrypt(&packet.verify_token.data, &mut token_e, Padding::PKCS1)?;
+        println!("shared ({:} bytes) = {:?}", shared.len(), &shared);
+        println!("packet.verify_token.data = {:?}", &packet.verify_token.data);
+
+        let shared_e = rsa_public_encrypt_pkcs1::encrypt(&packet.public_key.data, &shared).unwrap();
+        let token_e = rsa_public_encrypt_pkcs1::encrypt(&packet.public_key.data, &packet.verify_token.data).unwrap();
+        println!("new shared_e({:}) = {:?}", shared_e.len(), &shared_e);
+        println!("new token_e({:}) = {:?}", token_e.len(), &token_e);
 
         try!(profile.join_server(&packet.server_id, &shared, &packet.public_key.data));