rb_mumble_protocol 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 3e1daa7a8599ad332f998313a54453e096eb3cdb0a2e091028bc33e179945168
+  data.tar.gz: 24859982a247cdf5f3d9bfc03d163db347995aa9b7642650043737749ba0d43e
+SHA512:
+  metadata.gz: d7f2032dd233a3714bca92ca14f2918b65bd89e1891f68881c720dcd741ea16764e589a72ab4fc293257424a6482420f252460cb0ae4092408f02eccc5def763
+  data.tar.gz: 31c1e2b93dbb4834023c98272090248b4633486e5a8fe7eeb48e6a6c2d09a207d5ad95cb4bf16588370d1d7da1581b31ffe182b03049b3761c4538881fff30d3

data/Cargo.lock

@@ -0,0 +1,385 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 3
+
+[[package]]
+name = "aho-corasick"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "43f6cb1bf222025340178f382c426f13757b2960e89779dfcb319c32542a5a41"
+dependencies = [
+ "memchr",
+]
+
+[[package]]
+name = "bindgen"
+version = "0.62.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c6720a8b7b2d39dd533285ed438d458f65b31b5c257e6ac7bb3d7e82844dd722"
+dependencies = [
+ "bitflags",
+ "cexpr",
+ "clang-sys",
+ "lazy_static",
+ "lazycell",
+ "peeking_take_while",
+ "proc-macro2",
+ "quote",
+ "regex",
+ "rustc-hash",
+ "shlex",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "bitflags"
+version = "1.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
+
+[[package]]
+name = "bytes"
+version = "1.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "89b2fd2a0dcf38d7971e2194b6b6eebab45ae01067456a7fd93d5547a61b70be"
+
+[[package]]
+name = "cc"
+version = "1.0.79"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f"
+
+[[package]]
+name = "cexpr"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
+dependencies = [
+ "nom",
+]
+
+[[package]]
+name = "cfg-if"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
+
+[[package]]
+name = "clang-sys"
+version = "1.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c688fc74432808e3eb684cae8830a86be1d66a2bd58e1f248ed0960a590baf6f"
+dependencies = [
+ "glob",
+ "libc",
+ "libloading",
+]
+
+[[package]]
+name = "foreign-types"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
+dependencies = [
+ "foreign-types-shared",
+]
+
+[[package]]
+name = "foreign-types-shared"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
+
+[[package]]
+name = "glob"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b"
+
+[[package]]
+name = "lazy_static"
+version = "1.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
+
+[[package]]
+name = "lazycell"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
+
+[[package]]
+name = "libc"
+version = "0.2.147"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b4668fb0ea861c1df094127ac5f1da3409a82116a4ba74fca2e58ef927159bb3"
+
+[[package]]
+name = "libloading"
+version = "0.7.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b67380fd3b2fbe7527a606e18729d21c6f3951633d0500574c4dc22d2d638b9f"
+dependencies = [
+ "cfg-if",
+ "winapi",
+]
+
+[[package]]
+name = "magnus"
+version = "0.4.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fc87660cd7daa49fddbfd524c836de54d5c927d520cd163f43700c5087c57d6c"
+dependencies = [
+ "magnus-macros",
+ "rb-sys",
+ "rb-sys-env",
+]
+
+[[package]]
+name = "magnus-macros"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "206cb23bfeea05180c97522ef6a3e52a4eb17b0ed2f30ee3ca9c4f994d2378ae"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "memchr"
+version = "2.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d"
+
+[[package]]
+name = "minimal-lexical"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
+
+[[package]]
+name = "nom"
+version = "7.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a"
+dependencies = [
+ "memchr",
+ "minimal-lexical",
+]
+
+[[package]]
+name = "once_cell"
+version = "1.18.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d"
+
+[[package]]
+name = "openssl"
+version = "0.10.55"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "345df152bc43501c5eb9e4654ff05f794effb78d4efe3d53abc158baddc0703d"
+dependencies = [
+ "bitflags",
+ "cfg-if",
+ "foreign-types",
+ "libc",
+ "once_cell",
+ "openssl-macros",
+ "openssl-sys",
+]
+
+[[package]]
+name = "openssl-macros"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.27",
+]
+
+[[package]]
+name = "openssl-sys"
+version = "0.9.90"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "374533b0e45f3a7ced10fcaeccca020e66656bc03dac384f852e4e5a7a8104a6"
+dependencies = [
+ "cc",
+ "libc",
+ "pkg-config",
+ "vcpkg",
+]
+
+[[package]]
+name = "peeking_take_while"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099"
+
+[[package]]
+name = "pkg-config"
+version = "0.3.27"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964"
+
+[[package]]
+name = "proc-macro2"
+version = "1.0.66"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "18fb31db3f9bddb2ea821cde30a9f70117e3f119938b5ee630b7403aa6e2ead9"
+dependencies = [
+ "unicode-ident",
+]
+
+[[package]]
+name = "quote"
+version = "1.0.31"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5fe8a65d69dd0808184ebb5f836ab526bb259db23c657efa38711b1072ee47f0"
+dependencies = [
+ "proc-macro2",
+]
+
+[[package]]
+name = "rb-sys"
+version = "0.9.79"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "939fb78db3e4f26665c1d4c7b91ca66d3578335a19aba552d4a6445811d07072"
+dependencies = [
+ "rb-sys-build",
+]
+
+[[package]]
+name = "rb-sys-build"
+version = "0.9.79"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "335a95eb0420d52fa94ef12019df3c2c250c6b19cbb3c60bd05cb7e9c362072c"
+dependencies = [
+ "bindgen",
+ "lazy_static",
+ "proc-macro2",
+ "quote",
+ "regex",
+ "shell-words",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "rb-sys-env"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a35802679f07360454b418a5d1735c89716bde01d35b1560fc953c1415a0b3bb"
+
+[[package]]
+name = "rb_mumble_protocol"
+version = "0.1.0"
+dependencies = [
+ "bytes",
+ "magnus",
+ "openssl",
+]
+
+[[package]]
+name = "regex"
+version = "1.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b2eae68fc220f7cf2532e4494aded17545fce192d59cd996e0fe7887f4ceb575"
+dependencies = [
+ "aho-corasick",
+ "memchr",
+ "regex-automata",
+ "regex-syntax",
+]
+
+[[package]]
+name = "regex-automata"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "39354c10dd07468c2e73926b23bb9c2caca74c5501e38a35da70406f1d923310"
+dependencies = [
+ "aho-corasick",
+ "memchr",
+ "regex-syntax",
+]
+
+[[package]]
+name = "regex-syntax"
+version = "0.7.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e5ea92a5b6195c6ef2a0295ea818b312502c6fc94dde986c5553242e18fd4ce2"
+
+[[package]]
+name = "rustc-hash"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
+
+[[package]]
+name = "shell-words"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "24188a676b6ae68c3b2cb3a01be17fbf7240ce009799bb56d5b1409051e78fde"
+
+[[package]]
+name = "shlex"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "43b2853a4d09f215c24cc5489c992ce46052d359b5109343cbafbf26bc62f8a3"
+
+[[package]]
+name = "syn"
+version = "1.0.109"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
+[[package]]
+name = "syn"
+version = "2.0.27"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b60f673f44a8255b9c8c657daf66a596d435f2da81a555b06dc644d080ba45e0"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
+[[package]]
+name = "unicode-ident"
+version = "1.0.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "301abaae475aa91687eb82514b328ab47a211a533026cb25fc3e519b86adfc3c"
+
+[[package]]
+name = "vcpkg"
+version = "0.2.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
+
+[[package]]
+name = "winapi"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
+dependencies = [
+ "winapi-i686-pc-windows-gnu",
+ "winapi-x86_64-pc-windows-gnu",
+]
+
+[[package]]
+name = "winapi-i686-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
+
+[[package]]
+name = "winapi-x86_64-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"

data/Cargo.toml

@@ -0,0 +1,7 @@
+# This Cargo.toml is here to let externals tools (IDEs, etc.) know that this is
+# a Rust project. Your extensions dependencies should be added to the Cargo.toml
+# in the ext/ directory.
+
+[workspace]
+members = ["./ext/rb_mumble_protocol"]
+# resolver = "2"

data/ext/rb_mumble_protocol/Cargo.toml

@@ -0,0 +1,14 @@
+[package]
+name = "rb_mumble_protocol"
+version = "0.1.0"
+edition = "2021"
+authors = ["Mikhail Odebe <derpiranha@gmail.com>"]
+publish = false
+
+[lib]
+crate-type = ["cdylib"]
+
+[dependencies]
+magnus = { version = "0.4" }
+bytes = "1.0"
+openssl = { version = "0.10" }

data/ext/rb_mumble_protocol/src/crypt_state.rs

@@ -0,0 +1,456 @@
+//! Implementation of the cryptography used for Mumble's voice channel
+
+use bytes::BytesMut;
+use openssl::memcmp;
+use openssl::rand::rand_bytes;
+
+/// Maximum size of an encrypted Mumble packet.
+/// Note that larger packets can be produced if there is sufficient voice data in one packet but
+/// there's no guarantee that the remote end will not just drop it.
+pub const MAX_PACKET_SIZE: usize = 1024;
+/// Size in bytes of the AES key used in `CryptState`.
+pub const KEY_SIZE: usize = 16;
+/// Size in bytes of blocks for the AES primitive.
+pub const BLOCK_SIZE: usize = std::mem::size_of::<u128>();
+
+/// Implements OCB2-AES128 for encryption and authentication of the voice packets
+/// when transmitted over UDP.
+/// Also provides statistics about good, late and lost packets.
+///
+/// Note that OCB is covered by patents, however a license has been granted for use in "most"
+/// software. See: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
+///
+/// Based on https://github.com/mumble-voip/mumble/blob/e31d267a11b4ed0597ad41309a7f6b715837141f/src/CryptState.cpp
+#[derive(Debug)]
+pub struct CryptState {
+    key: [u8; KEY_SIZE],
+
+    // internally as native endianness, externally as little endian and during ocb_* as big endian
+    encrypt_nonce: u128,
+    decrypt_nonce: u128,
+    decrypt_history: [u8; 0x100],
+
+    good: u32,
+    late: u32,
+    lost: u32,
+}
+
+/// The reason a decrypt operation failed.
+#[derive(Clone, Copy, Debug, PartialEq, Eq)]
+pub enum DecryptError {
+    /// The packet is too short to be decrypted
+    Eof,
+    /// The packet has already been decrypted previously.
+    Repeat,
+    /// The packet was far too late.
+    Late,
+    /// The MAC of the decrypted packet did not match.
+    ///
+    /// This may also indicate a substantial de-sync of the decryption nonce.
+    Mac,
+}
+
+impl CryptState {
+    /// Creates a new CryptState with randomly generated key and initial encrypt- and decrypt-nonce.
+    pub fn generate_new() -> Self {
+        let mut key = [0; KEY_SIZE];
+        rand_bytes(&mut key).unwrap();
+
+        CryptState {
+            key,
+
+            encrypt_nonce: 0,
+            decrypt_nonce: 1 << 127,
+            decrypt_history: [0; 0x100],
+
+            good: 0,
+            late: 0,
+            lost: 0,
+        }
+    }
+
+    pub fn make_new(&self) -> Self {
+        CryptState {
+            key: self.key.clone(),
+
+            encrypt_nonce: self.encrypt_nonce.clone(),
+            decrypt_nonce: self.decrypt_nonce.clone(),
+            decrypt_history: [0; 0x100],
+
+            good: 0,
+            late: 0,
+            lost: 0,
+        }
+    }
+
+    /// Creates a new CryptState from previously generated key, encrypt- and decrypt-nonce.
+    pub fn new_from(
+        key: [u8; KEY_SIZE],
+        encrypt_nonce: [u8; BLOCK_SIZE],
+        decrypt_nonce: [u8; BLOCK_SIZE],
+    ) -> Self {
+        CryptState {
+            key,
+
+            encrypt_nonce: u128::from_le_bytes(encrypt_nonce),
+            decrypt_nonce: u128::from_le_bytes(decrypt_nonce),
+            decrypt_history: [0; 0x100],
+
+            good: 0,
+            late: 0,
+            lost: 0,
+        }
+    }
+
+    /// Returns the amount of packets transmitted without issues.
+    pub fn get_good(&self) -> u32 {
+        self.good
+    }
+
+    /// Returns the amount of packets which were transmitted successfully but arrived late.
+    pub fn get_late(&self) -> u32 {
+        self.late
+    }
+
+    /// Returns the amount of packets which were lost.
+    pub fn get_lost(&self) -> u32 {
+        self.lost
+    }
+
+    /// Returns the shared, **private** key.
+    pub fn get_key(&self) -> &[u8; KEY_SIZE] {
+        &self.key
+    }
+
+    /// Returns the nonce used for encrypting.
+    pub fn get_encrypt_nonce(&self) -> [u8; BLOCK_SIZE] {
+        self.encrypt_nonce.to_le_bytes()
+    }
+
+    /// Returns the nonce used for decrypting.
+    pub fn get_decrypt_nonce(&self) -> [u8; BLOCK_SIZE] {
+        self.decrypt_nonce.to_le_bytes()
+    }
+
+    /// Updates the nonce used for decrypting.
+    pub fn set_decrypt_nonce(&mut self, nonce: &[u8; BLOCK_SIZE]) {
+        self.decrypt_nonce = u128::from_le_bytes(*nonce);
+    }
+
+    /// Encrypts an encoded voice packet and returns the resulting bytes.
+    pub fn encrypt(&mut self, src: Vec<u8>, dst: &mut BytesMut) {
+        self.encrypt_nonce = self.encrypt_nonce.wrapping_add(1);
+
+        // Leave four bytes for header
+        dst.resize(4, 0);
+        let mut inner = dst.split_off(4);
+
+        // Copy source bytes
+        inner.extend_from_slice(&src);
+
+        // Encryption
+        let tag = self.ocb_encrypt(inner.as_mut());
+
+        // Build result
+        dst.unsplit(inner);
+        dst[0] = self.encrypt_nonce as u8;
+        dst[1..4].copy_from_slice(&tag.to_be_bytes()[0..3]);
+    }
+
+    /// Decrypts a voice packet and (if successful) returns the resulting bytes.
+    pub fn decrypt(&mut self, buf: &mut BytesMut) -> Result<(), DecryptError> {
+        if buf.len() < 4 {
+            return Err(DecryptError::Eof);
+        }
+        let header = buf.split_to(4);
+        let nonce_0 = header[0];
+
+        // If we update our decrypt_nonce and the tag check fails or we've been processing late
+        // packets, we need to revert it
+        let saved_nonce = self.decrypt_nonce;
+        let mut late = false; // will always restore nonce if this is the case
+        let mut lost = 0; // for stats only
+
+        if self.decrypt_nonce.wrapping_add(1) as u8 == nonce_0 {
+            // in order
+            self.decrypt_nonce = self.decrypt_nonce.wrapping_add(1);
+        } else {
+            // packet is late or repeated, or we lost a few packets in between
+            let diff = nonce_0.wrapping_sub(self.decrypt_nonce as u8) as i8;
+
+            self.decrypt_nonce = self.decrypt_nonce.wrapping_add(diff as u128);
+            if diff > 0 {
+                lost = i32::from(diff - 1); // lost a few packets in between this and the last one
+            } else if diff > -30 {
+                if self.decrypt_history[nonce_0 as usize] == (self.decrypt_nonce >> 8) as u8 {
+                    self.decrypt_nonce = saved_nonce;
+                    return Err(DecryptError::Repeat);
+                }
+                // just late
+                late = true;
+                lost = -1;
+            } else {
+                return Err(DecryptError::Late); // late by more than 30 packets
+            }
+        }
+
+        let tag = self.ocb_decrypt(buf.as_mut());
+
+        if !memcmp::eq(&tag.to_be_bytes()[0..3], &header[1..4]) {
+            self.decrypt_nonce = saved_nonce;
+            return Err(DecryptError::Mac);
+        }
+
+        self.decrypt_history[nonce_0 as usize] = (self.decrypt_nonce >> 8) as u8;
+
+        self.good += 1;
+        if late {
+            self.late += 1;
+            self.decrypt_nonce = saved_nonce;
+        }
+        self.lost = (self.lost as i32 + lost as i32) as u32;
+
+        Ok(())
+    }
+
+    /// Encrypt the provided buffer using AES-OCB, returning the tag.
+    fn ocb_encrypt(&self, mut buf: &mut [u8]) -> u128 {
+        let mut offset = self.aes_encrypt(self.encrypt_nonce.to_be());
+        let mut checksum = 0u128;
+
+        while buf.len() > BLOCK_SIZE {
+            let (chunk, remainder) = buf.split_at_mut(BLOCK_SIZE);
+            buf = remainder;
+            let chunk: &mut [u8; BLOCK_SIZE] = chunk.try_into().expect("split_at works");
+
+            offset = s2(offset);
+
+            let plain = u128::from_be_bytes(*chunk);
+            let encrypted = self.aes_encrypt(offset ^ plain) ^ offset;
+            chunk.copy_from_slice(&encrypted.to_be_bytes());
+
+            checksum ^= plain;
+        }
+
+        offset = s2(offset);
+
+        let len = buf.len();
+        assert!(len <= BLOCK_SIZE);
+        let pad = self.aes_encrypt((len * 8) as u128 ^ offset);
+        let mut block = pad.to_be_bytes();
+        block[..len].copy_from_slice(buf);
+        let plain = u128::from_be_bytes(block);
+        let encrypted = pad ^ plain;
+        buf.copy_from_slice(&encrypted.to_be_bytes()[..len]);
+
+        checksum ^= plain;
+
+        self.aes_encrypt(offset ^ s2(offset) ^ checksum)
+    }
+
+    /// Decrypt the provided buffer using AES-OCB, returning the tag.
+    /// **Make sure to verify that the tag matches!**
+    fn ocb_decrypt(&self, mut buf: &mut [u8]) -> u128 {
+        let mut offset = self.aes_encrypt(self.decrypt_nonce.to_be());
+        let mut checksum = 0u128;
+
+        while buf.len() > BLOCK_SIZE {
+            let (chunk, remainder) = buf.split_at_mut(BLOCK_SIZE);
+            buf = remainder;
+            let chunk: &mut [u8; BLOCK_SIZE] = chunk.try_into().expect("split_at works");
+
+            offset = s2(offset);
+
+            let encrypted = u128::from_be_bytes(*chunk);
+            let plain = self.aes_decrypt(offset ^ encrypted) ^ offset;
+            chunk.copy_from_slice(&plain.to_be_bytes());
+
+            checksum ^= plain;
+        }
+
+        offset = s2(offset);
+
+        let len = buf.len();
+        assert!(len <= BLOCK_SIZE);
+        let pad = self.aes_encrypt((len * 8) as u128 ^ offset);
+        let mut block = [0; BLOCK_SIZE];
+        block[..len].copy_from_slice(buf);
+        let plain = u128::from_be_bytes(block) ^ pad;
+        buf.copy_from_slice(&plain.to_be_bytes()[..len]);
+
+        checksum ^= plain;
+
+        self.aes_encrypt(offset ^ s2(offset) ^ checksum)
+    }
+
+    /// AES-128 encryption primitive.
+    fn aes_encrypt(&self, block: u128) -> u128 {
+        // TODO is there no better way to do this (and aes_decrypt)?
+        let mut result = [0u8; BLOCK_SIZE * 2];
+        let mut crypter = openssl::symm::Crypter::new(
+            openssl::symm::Cipher::aes_128_ecb(),
+            openssl::symm::Mode::Encrypt,
+            &self.key,
+            None,
+        )
+            .unwrap();
+        crypter.pad(false);
+        crypter.update(&block.to_be_bytes(), &mut result).unwrap();
+        crypter.finalize(&mut result).unwrap();
+        u128::from_be_bytes((&result[..BLOCK_SIZE]).try_into().unwrap())
+    }
+
+    /// AES-128 decryption primitive.
+    fn aes_decrypt(&self, block: u128) -> u128 {
+        let mut result = [0u8; BLOCK_SIZE * 2];
+        let mut crypter = openssl::symm::Crypter::new(
+            openssl::symm::Cipher::aes_128_ecb(),
+            openssl::symm::Mode::Decrypt,
+            &self.key,
+            None,
+        )
+            .unwrap();
+        crypter.pad(false);
+        crypter.update(&block.to_be_bytes(), &mut result).unwrap();
+        crypter.finalize(&mut result).unwrap();
+        u128::from_be_bytes((&result[..BLOCK_SIZE]).try_into().unwrap())
+    }
+}
+
+fn s2(block: u128) -> u128 {
+    let rot = block.rotate_left(1);
+    let carry = rot & 1;
+    rot ^ (carry * 0x86)
+}
+
+#[cfg(test)]
+mod test {
+    use bytes::BufMut;
+
+    use super::*;
+
+    fn u128hex(src: &str) -> u128 {
+        u128::from_str_radix(src, 16).unwrap()
+    }
+
+    fn bytes_from_hex(src: &str) -> BytesMut {
+        let mut buf = BytesMut::new();
+        hex_to_bytes(src, &mut buf);
+        buf
+    }
+
+    fn hex_to_bytes(src: &str, dst: &mut BytesMut) {
+        dst.clear();
+        dst.reserve(src.len() / 2);
+        let mut iter = src.chars();
+        while !iter.as_str().is_empty() {
+            dst.put_u8(u8::from_str_radix(&iter.as_str()[..2], 16).unwrap());
+            iter.next();
+            iter.next();
+        }
+    }
+
+    #[test]
+    fn encrypt_and_decrypt_are_inverse() {
+        let mut server_state = CryptState::generate_new();
+        // swap nonce vectors side to side
+        let mut client_state =
+            CryptState::new_from(
+                *server_state.get_key(),
+                server_state.get_decrypt_nonce(),
+                server_state.get_encrypt_nonce(),
+            );
+
+        let mut buffer = BytesMut::new();
+        let src = "test".as_bytes().to_vec();
+        server_state.encrypt(src.clone(), &mut buffer);
+
+        let mut buffer2 = BytesMut::new();
+        buffer2.extend_from_slice(&(buffer.to_vec()));
+
+        client_state.decrypt(&mut buffer2).unwrap();
+
+        assert_eq!(src, buffer2.to_vec());
+    }
+
+    #[test]
+    fn aes_test_vectors() {
+        let key = u128hex("E8E9EAEBEDEEEFF0F2F3F4F5F7F8F9FA");
+        let state =
+            CryptState::new_from(key.to_be_bytes(), Default::default(), Default::default());
+        assert_eq!(
+            u128hex("6743C3D1519AB4F2CD9A78AB09A511BD"),
+            state.aes_encrypt(u128hex("014BAF2278A69D331D5180103643E99A"))
+        );
+        assert_eq!(
+            u128hex("014BAF2278A69D331D5180103643E99A"),
+            state.aes_decrypt(u128hex("6743C3D1519AB4F2CD9A78AB09A511BD"))
+        );
+    }
+
+    // Test vectors from http://web.cs.ucdavis.edu/~rogaway/papers/draft-krovetz-ocb-00.txt
+    // (excluding ones with headers since those aren't implemented here)
+    #[test]
+    #[allow(clippy::cognitive_complexity)] // all macro-generated
+    fn ocb_test_vectors() {
+        macro_rules! test_cases {
+            ($(
+                T : $name:expr,
+                M : $plain:expr,
+                C : $cipher:expr,
+                T : $tag:expr,
+            )*) => {$(
+                let key = u128hex("000102030405060708090a0b0c0d0e0f");
+                let nonce = u128hex("000102030405060708090a0b0c0d0e0f");
+                let state = CryptState::new_from(
+                    key.to_be_bytes(),
+                    nonce.to_be_bytes(),
+                    nonce.to_be_bytes(),
+                );
+
+                let mut result = BytesMut::new();
+                hex_to_bytes($plain.as_ref(), &mut result);
+                let tag = state.ocb_encrypt(&mut result);
+                assert_eq!(bytes_from_hex($cipher), result, concat!("ENCRYPT-RESULT-", $name));
+                assert_eq!(u128hex($tag), tag, concat!("ENCRYPT-TAG-", $name));
+
+                hex_to_bytes($cipher.as_ref(), &mut result);
+                let tag = state.ocb_decrypt(&mut result);
+                assert_eq!(bytes_from_hex($plain), result, concat!("DECRYPT-RESULT-", $name));
+                assert_eq!(u128hex($tag), tag, concat!("DECRYPT-TAG-", $name));
+            )*};
+        }
+
+        test_cases! {
+            T : "OCB-AES-128-0B",
+            M : "",
+            C : "",
+            T : "BF3108130773AD5EC70EC69E7875A7B0",
+
+            T : "OCB-AES-128-8B",
+            M : "0001020304050607",
+            C : "C636B3A868F429BB",
+            T : "A45F5FDEA5C088D1D7C8BE37CABC8C5C",
+
+            T : "OCB-AES-128-16B",
+            M : "000102030405060708090A0B0C0D0E0F",
+            C : "52E48F5D19FE2D9869F0C4A4B3D2BE57",
+            T : "F7EE49AE7AA5B5E6645DB6B3966136F9",
+
+            T : "OCB-AES-128-24B",
+            M : "000102030405060708090A0B0C0D0E0F1011121314151617",
+            C : "F75D6BC8B4DC8D66B836A2B08B32A636CC579E145D323BEB",
+            T : "A1A50F822819D6E0A216784AC24AC84C",
+
+            T : "OCB-AES-128-32B",
+            M : "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+            C : "F75D6BC8B4DC8D66B836A2B08B32A636CEC3C555037571709DA25E1BB0421A27",
+            T : "09CA6C73F0B5C6C5FD587122D75F2AA3",
+
+            T : "OCB-AES-128-40B",
+            M : "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627",
+            C : "F75D6BC8B4DC8D66B836A2B08B32A6369F1CD3C5228D79FD6C267F5F6AA7B231C7DFB9D59951AE9C",
+            T : "9DB0CDF880F73E3E10D4EB3217766688",
+        }
+    }
+}

data/ext/rb_mumble_protocol/src/lib.rs

@@ -0,0 +1,113 @@
+use std::cell::RefCell;
+
+use magnus::{class, define_module, method, function, prelude::*, Error, RHash};
+
+use bytes::BytesMut;
+
+pub mod crypt_state;
+
+#[magnus::wrap(class = "RbMumbleProtocol::CryptState", free_immediatly, size)]
+struct CryptStateRef(RefCell<crypt_state::CryptState>);
+
+impl CryptStateRef {
+    pub fn new() -> Self {
+        Self(RefCell::new(crypt_state::CryptState::generate_new()))
+    }
+
+    pub fn new_from(
+        key: Vec<u8>,
+        encrypt_nonce: Vec<u8>,
+        decrypt_nonce: Vec<u8>,
+    ) -> Self {
+        let new_key =
+            key
+            .try_into()
+            .unwrap_or_else(|v: Vec<u8>| panic!("Expected a Key of length {} but it was {}", 16, v.len()));
+
+        let new_encrypt_nonce =
+            encrypt_nonce
+            .try_into()
+            .unwrap_or_else(|v: Vec<u8>| panic!("Expected a Encrypt nonce of length {} but it was {}", 16, v.len()));
+
+        let new_decrypt_nonce =
+            decrypt_nonce
+                .try_into()
+                .unwrap_or_else(|v: Vec<u8>| panic!("Expected a Decrypt nonce of length {} but it was {}", 16, v.len()));
+
+        let new_state = crypt_state::CryptState::new_from(
+            new_key,
+            new_encrypt_nonce,
+            new_decrypt_nonce
+        );
+
+        Self(RefCell::new(new_state))
+    }
+
+    pub fn key(&self) -> Vec<u8> { self.0.try_borrow_mut().unwrap().get_key().to_vec() }
+    pub fn encrypt_nonce(&self) -> Vec<u8> { self.0.try_borrow_mut().unwrap().get_encrypt_nonce().to_vec() }
+    pub fn decrypt_nonce(&self) -> Vec<u8> { self.0.try_borrow_mut().unwrap().get_decrypt_nonce().to_vec() }
+
+    pub fn stats(&self) -> RHash {
+        let hash = RHash::new();
+        let state = self.0.try_borrow_mut().unwrap();
+
+        let _ = hash.aset("good", state.get_good());
+        let _ = hash.aset("late", state.get_late());
+        let _ = hash.aset("lost", state.get_lost());
+
+        hash
+    }
+
+    pub fn encrypt(&self, src: Vec<u8>) -> Vec<u8> {
+        let mut buffer = BytesMut::new();
+
+        self.0.try_borrow_mut().unwrap().encrypt(src, &mut buffer);
+
+        buffer.to_vec()
+    }
+
+    pub fn decrypt(&self, encrypted: Vec<u8>) -> Vec<u8> {
+        let mut buffer = BytesMut::new();
+        buffer.extend_from_slice(&encrypted);
+
+        self.0.try_borrow_mut().unwrap().decrypt(&mut buffer).unwrap();
+
+        buffer.to_vec()
+    }
+}
+
+#[magnus::init]
+fn init() -> Result<(), Error> {
+    let module = define_module("RbMumbleProtocol")?;
+    let class = module.define_class("CryptState", class::object())?;
+
+    class.define_singleton_method("new", function!(CryptStateRef::new, 0))?;
+    class.define_singleton_method("new_from", function!(CryptStateRef::new_from, 3))?;
+
+    class.define_method("key", method!(CryptStateRef::key, 0))?;
+    class.define_method("encrypt_nonce", method!(CryptStateRef::encrypt_nonce, 0))?;
+    class.define_method("decrypt_nonce", method!(CryptStateRef::decrypt_nonce, 0))?;
+    class.define_method("stats", method!(CryptStateRef::stats, 0))?;
+
+    class.define_method("encrypt", method!(CryptStateRef::encrypt, 1))?;
+    class.define_method("decrypt", method!(CryptStateRef::decrypt, 1))?;
+
+    Ok(())
+}
+
+#[test]
+fn encrypt_and_decrypt_are_inverse() {
+    let server_state = CryptStateRef::new();
+    // swap nonce vectors side to side
+    let client_state = CryptStateRef::new_from(
+        server_state.key(),
+        server_state.decrypt_nonce(),
+        server_state.encrypt_nonce()
+    );
+
+    let src= "test".as_bytes().to_vec();
+    let encrypted= server_state.encrypt(src.clone());
+    let result= client_state.decrypt(encrypted.clone());
+
+    assert_eq!(src, result);
+}

data/lib/rb_mumble_protocol/crypt_state.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module RbMumbleProtocol
+  class CryptState
+  end
+end

data/lib/rb_mumble_protocol/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module RbMumbleProtocol
+  VERSION = "0.1.0"
+end

data/lib/rb_mumble_protocol.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require_relative "rb_mumble_protocol/version"
+require_relative "rb_mumble_protocol/crypt_state"
+require_relative "rb_mumble_protocol/rb_mumble_protocol"
+
+module RbMumbleProtocol
+  class Error < StandardError; end
+  # Your code goes here...
+end

metadata

@@ -0,0 +1,54 @@
+--- !ruby/object:Gem::Specification
+name: rb_mumble_protocol
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Mikhail Odebe
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-07-23 00:00:00.000000000 Z
+dependencies: []
+description: Gem that providing classes for implementing Mumble-related projects.
+email:
+- derpiranha@gmail.com
+executables: []
+extensions:
+- ext/rb_mumble_protocol/Cargo.toml
+extra_rdoc_files: []
+files:
+- Cargo.lock
+- Cargo.toml
+- ext/rb_mumble_protocol/Cargo.toml
+- ext/rb_mumble_protocol/src/crypt_state.rs
+- ext/rb_mumble_protocol/src/lib.rs
+- lib/rb_mumble_protocol.rb
+- lib/rb_mumble_protocol/crypt_state.rb
+- lib/rb_mumble_protocol/version.rb
+homepage: https://github.com/Odebe/rb_mumble_protocol
+licenses: []
+metadata:
+  homepage_uri: https://github.com/Odebe/rb_mumble_protocol
+  source_code_uri: https://github.com/Odebe/rb_mumble_protocol
+  changelog_uri: https://github.com/Odebe/rb_mumble_protocol
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.6.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.3.11
+requirements: []
+rubygems_version: 3.4.10
+signing_key:
+specification_version: 4
+summary: Gem that providing classes for implementing Mumble-related projects.
+test_files: []