2019-11-13 14:12:04 +00:00
|
|
|
/*
|
|
|
|
This file is part of Telegram Desktop,
|
|
|
|
the official desktop application for the Telegram messaging service.
|
|
|
|
|
|
|
|
For license and copyright information please follow this link:
|
|
|
|
https://github.com/telegramdesktop/tdesktop/blob/master/LEGAL
|
|
|
|
*/
|
2019-11-19 10:10:51 +00:00
|
|
|
#include "mtproto/details/mtproto_dc_key_binder.h"
|
2019-11-13 14:12:04 +00:00
|
|
|
|
2019-11-22 09:15:38 +00:00
|
|
|
#include "mtproto/details/mtproto_serialized_request.h"
|
2019-11-13 14:12:04 +00:00
|
|
|
#include "mtproto/mtp_instance.h"
|
2019-11-14 13:34:58 +00:00
|
|
|
#include "base/unixtime.h"
|
|
|
|
#include "base/openssl_help.h"
|
2021-09-15 10:21:45 +00:00
|
|
|
#include "base/random.h"
|
2019-11-14 13:34:58 +00:00
|
|
|
#include "scheme.h"
|
2019-11-13 14:12:04 +00:00
|
|
|
|
|
|
|
#include <QtCore/QPointer>
|
|
|
|
|
|
|
|
namespace MTP::details {
|
2019-11-14 13:34:58 +00:00
|
|
|
namespace {
|
|
|
|
|
|
|
|
[[nodiscard]] QByteArray EncryptBindAuthKeyInner(
|
|
|
|
const AuthKeyPtr &persistentKey,
|
|
|
|
mtpMsgId realMsgId,
|
|
|
|
const MTPBindAuthKeyInner &data) {
|
2019-11-22 09:15:38 +00:00
|
|
|
auto serialized = SerializedRequest::Serialize(data);
|
2019-11-14 13:34:58 +00:00
|
|
|
serialized.setMsgId(realMsgId);
|
|
|
|
serialized.setSeqNo(0);
|
2021-06-24 12:29:48 +00:00
|
|
|
serialized.addPadding(true);
|
2019-11-14 13:34:58 +00:00
|
|
|
|
2019-11-22 09:15:38 +00:00
|
|
|
constexpr auto kMsgIdPosition = SerializedRequest::kMessageIdPosition;
|
2019-11-14 13:34:58 +00:00
|
|
|
constexpr auto kMinMessageSize = 5;
|
|
|
|
|
|
|
|
const auto sizeInPrimes = serialized->size();
|
|
|
|
const auto messageSize = serialized.messageSize();
|
|
|
|
Assert(messageSize >= kMinMessageSize);
|
|
|
|
Assert(sizeInPrimes >= kMsgIdPosition + messageSize);
|
|
|
|
|
|
|
|
const auto sizeInBytes = sizeInPrimes * sizeof(mtpPrime);
|
|
|
|
const auto padding = sizeInBytes
|
|
|
|
- (kMsgIdPosition + messageSize) * sizeof(mtpPrime);
|
|
|
|
|
|
|
|
// session_id, salt - just random here.
|
|
|
|
bytes::set_random(bytes::make_span(*serialized).subspan(
|
|
|
|
0,
|
|
|
|
kMsgIdPosition * sizeof(mtpPrime)));
|
|
|
|
|
|
|
|
const auto hash = openssl::Sha1(bytes::make_span(*serialized).subspan(
|
|
|
|
0,
|
|
|
|
sizeInBytes - padding));
|
|
|
|
auto msgKey = MTPint128();
|
|
|
|
bytes::copy(
|
|
|
|
bytes::object_as_span(&msgKey),
|
|
|
|
bytes::make_span(hash).subspan(4));
|
|
|
|
|
|
|
|
constexpr auto kAuthKeyIdBytes = 2 * sizeof(mtpPrime);
|
|
|
|
constexpr auto kMessageKeyPosition = kAuthKeyIdBytes;
|
|
|
|
constexpr auto kMessageKeyBytes = 4 * sizeof(mtpPrime);
|
|
|
|
constexpr auto kPrefix = (kAuthKeyIdBytes + kMessageKeyBytes);
|
|
|
|
auto encrypted = QByteArray(kPrefix + sizeInBytes, Qt::Uninitialized);
|
|
|
|
*reinterpret_cast<uint64*>(encrypted.data()) = persistentKey->keyId();
|
|
|
|
*reinterpret_cast<MTPint128*>(encrypted.data() + kMessageKeyPosition)
|
|
|
|
= msgKey;
|
|
|
|
|
|
|
|
aesIgeEncrypt_oldmtp(
|
|
|
|
serialized->constData(),
|
|
|
|
encrypted.data() + kPrefix,
|
|
|
|
sizeInBytes,
|
|
|
|
persistentKey,
|
|
|
|
msgKey);
|
|
|
|
|
|
|
|
return encrypted;
|
|
|
|
}
|
|
|
|
|
|
|
|
} // namespace
|
2019-11-13 14:12:04 +00:00
|
|
|
|
2019-11-19 10:10:51 +00:00
|
|
|
DcKeyBinder::DcKeyBinder(AuthKeyPtr &&persistentKey)
|
|
|
|
: _persistentKey(std::move(persistentKey)) {
|
|
|
|
Expects(_persistentKey != nullptr);
|
|
|
|
}
|
|
|
|
|
2019-11-22 09:15:38 +00:00
|
|
|
SerializedRequest DcKeyBinder::prepareRequest(
|
2019-11-14 13:34:58 +00:00
|
|
|
const AuthKeyPtr &temporaryKey,
|
|
|
|
uint64 sessionId) {
|
2019-11-19 10:10:51 +00:00
|
|
|
Expects(temporaryKey != nullptr);
|
|
|
|
Expects(temporaryKey->expiresAt() != 0);
|
2019-11-14 13:34:58 +00:00
|
|
|
|
2021-09-15 10:21:45 +00:00
|
|
|
const auto nonce = base::RandomValue<uint64>();
|
2019-11-22 09:06:48 +00:00
|
|
|
const auto msgId = base::unixtime::mtproto_msg_id();
|
2019-11-22 09:15:38 +00:00
|
|
|
auto result = SerializedRequest::Serialize(MTPauth_BindTempAuthKey(
|
2019-11-14 13:34:58 +00:00
|
|
|
MTP_long(_persistentKey->keyId()),
|
|
|
|
MTP_long(nonce),
|
2019-11-19 10:10:51 +00:00
|
|
|
MTP_int(temporaryKey->expiresAt()),
|
2019-11-14 13:34:58 +00:00
|
|
|
MTP_bytes(EncryptBindAuthKeyInner(
|
|
|
|
_persistentKey,
|
2019-11-22 09:06:48 +00:00
|
|
|
msgId,
|
2019-11-14 13:34:58 +00:00
|
|
|
MTP_bind_auth_key_inner(
|
|
|
|
MTP_long(nonce),
|
|
|
|
MTP_long(temporaryKey->keyId()),
|
|
|
|
MTP_long(_persistentKey->keyId()),
|
|
|
|
MTP_long(sessionId),
|
2019-11-19 10:10:51 +00:00
|
|
|
MTP_int(temporaryKey->expiresAt()))))));
|
2019-11-22 09:06:48 +00:00
|
|
|
result.setMsgId(msgId);
|
2019-11-14 13:34:58 +00:00
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
2019-11-22 09:06:48 +00:00
|
|
|
DcKeyBindState DcKeyBinder::handleResponse(const mtpBuffer &response) {
|
2019-11-14 13:34:58 +00:00
|
|
|
Expects(!response.isEmpty());
|
|
|
|
|
2021-10-19 13:00:21 +00:00
|
|
|
auto from = response.data();
|
2019-11-19 10:10:51 +00:00
|
|
|
const auto end = from + response.size();
|
|
|
|
auto error = MTPRpcError();
|
|
|
|
if (response[0] == mtpc_boolTrue) {
|
|
|
|
return DcKeyBindState::Success;
|
|
|
|
} else if (response[0] == mtpc_rpc_error && error.read(from, end)) {
|
|
|
|
const auto destroyed = error.match([&](const MTPDrpc_error &data) {
|
2019-11-14 13:34:58 +00:00
|
|
|
return (data.verror_code().v == 400)
|
|
|
|
&& (data.verror_message().v == "ENCRYPTED_MESSAGE_INVALID");
|
|
|
|
});
|
2019-11-19 10:10:51 +00:00
|
|
|
return destroyed
|
|
|
|
? DcKeyBindState::DefinitelyDestroyed
|
|
|
|
: DcKeyBindState::Failed;
|
|
|
|
} else {
|
|
|
|
return DcKeyBindState::Failed;
|
|
|
|
}
|
|
|
|
}
|
2019-11-14 13:34:58 +00:00
|
|
|
|
2019-11-19 10:10:51 +00:00
|
|
|
AuthKeyPtr DcKeyBinder::persistentKey() const {
|
|
|
|
return _persistentKey;
|
|
|
|
}
|
|
|
|
|
2019-11-13 14:12:04 +00:00
|
|
|
} // namespace MTP::details
|