Switch to OAEP padding

This is because nodejs has disabled RSA_PKCS1_PADDING due to CVE-2023-46809.

Author: Protonull

mapsync-mod/src/main/java/gjum/minecraft/mapsync/mod/net/SyncClient.java

@@ -23,10 +23,12 @@
 import io.netty.channel.socket.nio.NioSocketChannel;
 import io.netty.handler.codec.LengthFieldBasedFrameDecoder;
 import io.netty.handler.codec.LengthFieldPrepender;
+import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.PublicKey;
+import java.security.spec.MGF1ParameterSpec;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
@@ -39,6 +41,8 @@
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.SecretKey;
+import javax.crypto.spec.OAEPParameterSpec;
+import javax.crypto.spec.PSource;
 import javax.crypto.spec.SecretKeySpec;
 import net.minecraft.client.Minecraft;
 import net.minecraft.client.User;
@@ -286,7 +290,7 @@ void setUpEncryption(ChannelHandlerContext ctx, ClientboundEncryptionRequestPack
 					encrypt(packet.publicKey(), sharedSecret),
 					encrypt(packet.publicKey(), packet.verifyToken())));
 		} catch (NoSuchAlgorithmException | InvalidKeyException | NoSuchPaddingException | BadPaddingException |
-				 IllegalBlockSizeException e) {
+				 IllegalBlockSizeException | InvalidAlgorithmParameterException e) {
 			shutDown();
 			throw new RuntimeException(e);
 		}
@@ -299,9 +303,15 @@ void setUpEncryption(ChannelHandlerContext ctx, ClientboundEncryptionRequestPack
 		handleEncryptionSuccess();
 	}
 
-	private static byte[] encrypt(PublicKey key, byte[] data) throws NoSuchPaddingException, NoSuchAlgorithmException, BadPaddingException, IllegalBlockSizeException, InvalidKeyException {
-		Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
-		cipher.init(Cipher.ENCRYPT_MODE, key);
+	private static byte[] encrypt(PublicKey key, byte[] data) throws NoSuchPaddingException, NoSuchAlgorithmException, BadPaddingException, IllegalBlockSizeException, InvalidKeyException, InvalidAlgorithmParameterException {
+		Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
+		// https://docs.openssl.org/master/man3/RSA_public_encrypt/#description
+		cipher.init(Cipher.ENCRYPT_MODE, key, new OAEPParameterSpec(
+			"SHA-256",
+			"MGF1",
+			new MGF1ParameterSpec("SHA-256"),
+			PSource.PSpecified.DEFAULT
+		));
 		return cipher.doFinal(data);
 	}
 }

mapsync-server/src/server.ts

@@ -51,7 +51,8 @@ export class TcpServer {
         return crypto.privateDecrypt(
             {
                 key: this.keyPair.privateKey,
-                padding: crypto.constants.RSA_PKCS1_PADDING,
+                padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
+                oaepHash: "sha256"
             },
             buf,
         );