From 63fbe661581ccb0ff2c83277c6658aea08586aae Mon Sep 17 00:00:00 2001
From: "Breno A." <git@breno.tech>
Date: Sun, 9 Jun 2024 13:06:59 -0300
Subject: [PATCH] security: add secure mode and padding scheme

---
 src/main/java/emu/grasscutter/auth/DefaultAuthenticators.java  | 2 +-
 .../server/packet/recv/HandlerGetPlayerTokenReq.java           | 2 +-
 src/main/java/emu/grasscutter/utils/Crypto.java                | 3 ++-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/main/java/emu/grasscutter/auth/DefaultAuthenticators.java b/src/main/java/emu/grasscutter/auth/DefaultAuthenticators.java
index 1892d4504..eceae40cc 100644
--- a/src/main/java/emu/grasscutter/auth/DefaultAuthenticators.java
+++ b/src/main/java/emu/grasscutter/auth/DefaultAuthenticators.java
@@ -103,7 +103,7 @@ public final class DefaultAuthenticators {
                 KeyFactory keyFactory = KeyFactory.getInstance("RSA");
                 RSAPrivateKey private_key = (RSAPrivateKey) keyFactory.generatePrivate(keySpec);
 
-                Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
+                Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
 
                 cipher.init(Cipher.DECRYPT_MODE, private_key);
 
diff --git a/src/main/java/emu/grasscutter/server/packet/recv/HandlerGetPlayerTokenReq.java b/src/main/java/emu/grasscutter/server/packet/recv/HandlerGetPlayerTokenReq.java
index 3a54acc52..c267124d8 100644
--- a/src/main/java/emu/grasscutter/server/packet/recv/HandlerGetPlayerTokenReq.java
+++ b/src/main/java/emu/grasscutter/server/packet/recv/HandlerGetPlayerTokenReq.java
@@ -113,7 +113,7 @@ public class HandlerGetPlayerTokenReq extends PacketHandler {
         if (req.getKeyId() > 0) {
             var encryptSeed = session.getEncryptSeed();
             try {
-                var cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
+                var cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
                 cipher.init(Cipher.DECRYPT_MODE, Crypto.CUR_SIGNING_KEY);
 
                 var clientSeedEncrypted = Utils.base64Decode(req.getClientRandKey());
diff --git a/src/main/java/emu/grasscutter/utils/Crypto.java b/src/main/java/emu/grasscutter/utils/Crypto.java
index 01b515b7b..01ab0c470 100644
--- a/src/main/java/emu/grasscutter/utils/Crypto.java
+++ b/src/main/java/emu/grasscutter/utils/Crypto.java
@@ -10,6 +10,7 @@ import java.security.spec.*;
 import java.util.*;
 import java.util.regex.Pattern;
 import javax.crypto.Cipher;
+import javax.crypto.NoSuchPaddingException;
 
 public final class Crypto {
 
@@ -100,8 +101,8 @@ public final class Crypto {
         if (key_id == null) {
             throw new Exception("Key ID was not set");
         }
+        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
 
-        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
         cipher.init(Cipher.ENCRYPT_MODE, EncryptionKeys.get(Integer.valueOf(key_id)));
 
         // Encrypt regionInfo in chunks