From 5c12dc8e1515b6fb67439acd5e722349d435f06c Mon Sep 17 00:00:00 2001 From: Tim203 Date: Thu, 1 Apr 2021 00:37:58 +0200 Subject: [PATCH 1/4] Don't use a blocking algorithm for generating keys on unix-like systems This should fix GeyserMC/Floodgate#125 --- .../geysermc/floodgate/crypto/AesKeyProducer.java | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/common/src/main/java/org/geysermc/floodgate/crypto/AesKeyProducer.java b/common/src/main/java/org/geysermc/floodgate/crypto/AesKeyProducer.java index 5217b4cf7..bb2be89f8 100644 --- a/common/src/main/java/org/geysermc/floodgate/crypto/AesKeyProducer.java +++ b/common/src/main/java/org/geysermc/floodgate/crypto/AesKeyProducer.java @@ -29,7 +29,9 @@ package org.geysermc.floodgate.crypto; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; +import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; +import java.util.Locale; public final class AesKeyProducer implements KeyProducer { public static int KEY_SIZE = 128; @@ -38,7 +40,7 @@ public final class AesKeyProducer implements KeyProducer { public SecretKey produce() { try { KeyGenerator keyGenerator = KeyGenerator.getInstance("AES"); - keyGenerator.init(KEY_SIZE, SecureRandom.getInstanceStrong()); + keyGenerator.init(KEY_SIZE, getSecureRandom()); return keyGenerator.generateKey(); } catch (Exception exception) { throw new RuntimeException(exception); @@ -53,4 +55,14 @@ public final class AesKeyProducer implements KeyProducer { throw new RuntimeException(exception); } } + + private SecureRandom getSecureRandom() throws NoSuchAlgorithmException { + // use Windows-PRNG for windows (default impl is SHA1PRNG) + // default impl for unix-like systems is NativePRNG. + if (System.getProperty("os.name").toLowerCase(Locale.ROOT).contains("win")) { + return SecureRandom.getInstance("Windows-PRNG"); + } else { + return new SecureRandom(); + } + } } From a5a849c0598566744b5e08724a5ff849c88b9636 Mon Sep 17 00:00:00 2001 From: Tim203 Date: Thu, 1 Apr 2021 00:57:47 +0200 Subject: [PATCH 2/4] Use a better name to indicate Windows --- .../main/java/org/geysermc/floodgate/crypto/AesKeyProducer.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/src/main/java/org/geysermc/floodgate/crypto/AesKeyProducer.java b/common/src/main/java/org/geysermc/floodgate/crypto/AesKeyProducer.java index bb2be89f8..59080c195 100644 --- a/common/src/main/java/org/geysermc/floodgate/crypto/AesKeyProducer.java +++ b/common/src/main/java/org/geysermc/floodgate/crypto/AesKeyProducer.java @@ -59,7 +59,7 @@ public final class AesKeyProducer implements KeyProducer { private SecureRandom getSecureRandom() throws NoSuchAlgorithmException { // use Windows-PRNG for windows (default impl is SHA1PRNG) // default impl for unix-like systems is NativePRNG. - if (System.getProperty("os.name").toLowerCase(Locale.ROOT).contains("win")) { + if (System.getProperty("os.name").startsWith("Windows")) { return SecureRandom.getInstance("Windows-PRNG"); } else { return new SecureRandom(); From 23c3db28efe9c6202c438bd0dc7fb27f9f6e782e Mon Sep 17 00:00:00 2001 From: Tim203 Date: Sat, 3 Apr 2021 19:49:44 +0200 Subject: [PATCH 3/4] Another attempt to fix key generation --- .../geysermc/floodgate/crypto/AesKeyProducer.java | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/common/src/main/java/org/geysermc/floodgate/crypto/AesKeyProducer.java b/common/src/main/java/org/geysermc/floodgate/crypto/AesKeyProducer.java index 59080c195..faec0ad10 100644 --- a/common/src/main/java/org/geysermc/floodgate/crypto/AesKeyProducer.java +++ b/common/src/main/java/org/geysermc/floodgate/crypto/AesKeyProducer.java @@ -31,7 +31,6 @@ import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; -import java.util.Locale; public final class AesKeyProducer implements KeyProducer { public static int KEY_SIZE = 128; @@ -58,11 +57,18 @@ public final class AesKeyProducer implements KeyProducer { private SecureRandom getSecureRandom() throws NoSuchAlgorithmException { // use Windows-PRNG for windows (default impl is SHA1PRNG) - // default impl for unix-like systems is NativePRNG. if (System.getProperty("os.name").startsWith("Windows")) { return SecureRandom.getInstance("Windows-PRNG"); } else { - return new SecureRandom(); + try { + // NativePRNG (which should be the default on unix-systems) can still block your + // system. Even though it isn't as bad as NativePRNGBlocking, we still try to + // prevent that if possible + return SecureRandom.getInstance("NativePRNGNonBlocking"); + } catch (NoSuchAlgorithmException ignored) { + // at this point we just have to go with the default impl even if it blocks + return new SecureRandom(); + } } } } From 21c8a389e30ee9b882834d7dc8121694d5d97460 Mon Sep 17 00:00:00 2001 From: Tim203 Date: Sat, 3 Apr 2021 19:50:35 +0200 Subject: [PATCH 4/4] Fixed an issue with forwarding player links --- .../java/org/geysermc/floodgate/util/BedrockData.java | 3 +-- .../geysermc/connector/skin/FloodgateSkinUploader.java | 9 +++++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/common/src/main/java/org/geysermc/floodgate/util/BedrockData.java b/common/src/main/java/org/geysermc/floodgate/util/BedrockData.java index cbf49e126..81a6307a2 100644 --- a/common/src/main/java/org/geysermc/floodgate/util/BedrockData.java +++ b/common/src/main/java/org/geysermc/floodgate/util/BedrockData.java @@ -101,9 +101,8 @@ public final class BedrockData implements Cloneable { // The format is the same as the order of the fields in this class return version + '\0' + username + '\0' + xuid + '\0' + deviceOs + '\0' + languageCode + '\0' + uiProfile + '\0' + inputMode + '\0' + ip + '\0' + - (fromProxy ? 1 : 0) + '\0' + (linkedPlayer != null ? linkedPlayer.toString() : "null") + '\0' + - subscribeId + '\0' + verifyCode + '\0' + timestamp; + (fromProxy ? 1 : 0) + '\0' + subscribeId + '\0' + verifyCode + '\0' + timestamp; } @Override diff --git a/connector/src/main/java/org/geysermc/connector/skin/FloodgateSkinUploader.java b/connector/src/main/java/org/geysermc/connector/skin/FloodgateSkinUploader.java index 9f1a515a0..d61d3b632 100644 --- a/connector/src/main/java/org/geysermc/connector/skin/FloodgateSkinUploader.java +++ b/connector/src/main/java/org/geysermc/connector/skin/FloodgateSkinUploader.java @@ -39,6 +39,7 @@ import org.geysermc.floodgate.util.WebsocketEventType; import org.java_websocket.client.WebSocketClient; import org.java_websocket.handshake.ServerHandshake; +import javax.net.ssl.SSLException; import java.net.ConnectException; import java.nio.charset.StandardCharsets; import java.util.ArrayList; @@ -161,9 +162,13 @@ public final class FloodgateSkinUploader { @Override public void onError(Exception ex) { - if (!(ex instanceof ConnectException)) { - logger.error("Got an error", ex); + if (ex instanceof ConnectException || ex instanceof SSLException) { + if (logger.isDebug()) { + logger.error("[debug] Got an error", ex); + } + return; } + logger.error("Got an error", ex); } }; }