2014-05-30 08:53:19 +00:00
|
|
|
/*
|
|
|
|
|
This file is part of Telegram Desktop,
|
2014-12-01 10:47:38 +00:00
|
|
|
the official desktop version of Telegram messaging app, see https://telegram.org
|
2014-05-30 08:53:19 +00:00
|
|
|
|
|
|
|
|
Telegram Desktop is free software: you can redistribute it and/or modify
|
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
|
|
It is distributed in the hope that it will be useful,
|
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
2015-10-03 13:16:42 +00:00
|
|
|
In addition, as a special exception, the copyright holders give permission
|
|
|
|
|
to link the code of portions of this program with the OpenSSL library.
|
|
|
|
|
|
2014-05-30 08:53:19 +00:00
|
|
|
Full license: https://github.com/telegramdesktop/tdesktop/blob/master/LICENSE
|
2017-01-11 18:31:31 +00:00
|
|
|
Copyright (c) 2014-2017 John Preston, https://desktop.telegram.org
|
2014-05-30 08:53:19 +00:00
|
|
|
*/
|
|
|
|
|
#pragma once
|
|
|
|
|
|
2017-02-22 15:18:26 +00:00
|
|
|
#include <array>
|
|
|
|
|
#include <memory>
|
|
|
|
|
|
2016-03-24 12:57:10 +00:00
|
|
|
namespace MTP {
|
|
|
|
|
|
|
|
|
|
class AuthKey {
|
2014-05-30 08:53:19 +00:00
|
|
|
public:
|
2017-02-22 15:18:26 +00:00
|
|
|
static constexpr auto kSize = 256; // 2048 bits.
|
|
|
|
|
using Data = std::array<char, kSize>;
|
2014-05-30 08:53:19 +00:00
|
|
|
|
|
|
|
|
bool created() const {
|
|
|
|
|
return _isset;
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-22 15:18:26 +00:00
|
|
|
void setKey(const Data &from) {
|
|
|
|
|
_key = from;
|
|
|
|
|
auto sha1 = hashSha1(_key.data(), _key.size());
|
|
|
|
|
|
|
|
|
|
// Lower 64 bits = 8 bytes of 20 byte SHA1 hash.
|
|
|
|
|
_keyId = *reinterpret_cast<uint64*>(sha1.data() + 12);
|
2014-05-30 08:53:19 +00:00
|
|
|
_isset = true;
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-22 15:18:26 +00:00
|
|
|
void setDC(int dc) {
|
2014-05-30 08:53:19 +00:00
|
|
|
_dc = dc;
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-22 15:18:26 +00:00
|
|
|
int getDC() const {
|
2016-10-01 21:09:44 +00:00
|
|
|
t_assert(_isset);
|
2014-05-30 08:53:19 +00:00
|
|
|
return _dc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
uint64 keyId() const {
|
2016-10-01 21:09:44 +00:00
|
|
|
t_assert(_isset);
|
2014-05-30 08:53:19 +00:00
|
|
|
return _keyId;
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-22 09:45:04 +00:00
|
|
|
void prepareAES(const MTPint128 &msgKey, MTPint256 &aesKey, MTPint256 &aesIV, bool send = true) const {
|
2016-10-01 21:09:44 +00:00
|
|
|
t_assert(_isset);
|
2014-05-30 08:53:19 +00:00
|
|
|
|
|
|
|
|
uint32 x = send ? 0 : 8;
|
|
|
|
|
|
|
|
|
|
uchar data_a[16 + 32], sha1_a[20];
|
|
|
|
|
memcpy(data_a, &msgKey, 16);
|
2017-02-22 15:18:26 +00:00
|
|
|
memcpy(data_a + 16, _key.data() + x, 32);
|
2014-05-30 08:53:19 +00:00
|
|
|
hashSha1(data_a, 16 + 32, sha1_a);
|
|
|
|
|
|
|
|
|
|
uchar data_b[16 + 16 + 16], sha1_b[20];
|
2017-02-22 15:18:26 +00:00
|
|
|
memcpy(data_b, _key.data() + 32 + x, 16);
|
2014-05-30 08:53:19 +00:00
|
|
|
memcpy(data_b + 16, &msgKey, 16);
|
2017-02-22 15:18:26 +00:00
|
|
|
memcpy(data_b + 32, _key.data() + 48 + x, 16);
|
2014-05-30 08:53:19 +00:00
|
|
|
hashSha1(data_b, 16 + 16 + 16, sha1_b);
|
|
|
|
|
|
|
|
|
|
uchar data_c[32 + 16], sha1_c[20];
|
2017-02-22 15:18:26 +00:00
|
|
|
memcpy(data_c, _key.data() + 64 + x, 32);
|
2014-05-30 08:53:19 +00:00
|
|
|
memcpy(data_c + 32, &msgKey, 16);
|
|
|
|
|
hashSha1(data_c, 32 + 16, sha1_c);
|
|
|
|
|
|
|
|
|
|
uchar data_d[16 + 32], sha1_d[20];
|
|
|
|
|
memcpy(data_d, &msgKey, 16);
|
2017-02-22 15:18:26 +00:00
|
|
|
memcpy(data_d + 16, _key.data() + 96 + x, 32);
|
2014-05-30 08:53:19 +00:00
|
|
|
hashSha1(data_d, 16 + 32, sha1_d);
|
|
|
|
|
|
2017-02-22 15:18:26 +00:00
|
|
|
auto key = reinterpret_cast<uchar*>(&aesKey);
|
|
|
|
|
auto iv = reinterpret_cast<uchar*>(&aesIV);
|
2014-05-30 08:53:19 +00:00
|
|
|
memcpy(key, sha1_a, 8);
|
|
|
|
|
memcpy(key + 8, sha1_b + 8, 12);
|
|
|
|
|
memcpy(key + 8 + 12, sha1_c + 4, 12);
|
|
|
|
|
memcpy(iv, sha1_a + 8, 12);
|
|
|
|
|
memcpy(iv + 12, sha1_b, 8);
|
|
|
|
|
memcpy(iv + 12 + 8, sha1_c + 16, 4);
|
|
|
|
|
memcpy(iv + 12 + 8 + 4, sha1_d, 8);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void write(QDataStream &to) const {
|
2016-10-01 21:09:44 +00:00
|
|
|
t_assert(_isset);
|
2017-02-22 15:18:26 +00:00
|
|
|
to.writeRawData(_key.data(), _key.size());
|
2014-05-30 08:53:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static const uint64 RecreateKeyId = 0xFFFFFFFFFFFFFFFFL;
|
|
|
|
|
|
2016-03-24 12:57:10 +00:00
|
|
|
friend bool operator==(const AuthKey &a, const AuthKey &b);
|
2015-03-02 12:34:16 +00:00
|
|
|
|
2014-05-30 08:53:19 +00:00
|
|
|
private:
|
2017-02-22 15:18:26 +00:00
|
|
|
Data _key = { 0 };
|
|
|
|
|
uint64 _keyId = 0;
|
|
|
|
|
bool _isset = false;
|
|
|
|
|
int _dc = 0;
|
2014-05-30 08:53:19 +00:00
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
2016-03-24 12:57:10 +00:00
|
|
|
inline bool operator==(const AuthKey &a, const AuthKey &b) {
|
2017-02-22 15:18:26 +00:00
|
|
|
return (a._key == b._key);
|
2015-03-02 12:34:16 +00:00
|
|
|
}
|
|
|
|
|
|
2017-02-22 15:18:26 +00:00
|
|
|
using AuthKeyPtr = std::shared_ptr<AuthKey>;
|
|
|
|
|
using AuthKeysMap = QVector<AuthKeyPtr>;
|
2014-05-30 08:53:19 +00:00
|
|
|
|
2016-03-24 12:57:10 +00:00
|
|
|
void aesIgeEncrypt(const void *src, void *dst, uint32 len, const void *key, const void *iv);
|
|
|
|
|
void aesIgeDecrypt(const void *src, void *dst, uint32 len, const void *key, const void *iv);
|
2014-05-30 08:53:19 +00:00
|
|
|
|
2016-03-24 12:57:10 +00:00
|
|
|
inline void aesIgeEncrypt(const void *src, void *dst, uint32 len, const AuthKeyPtr &authKey, const MTPint128 &msgKey) {
|
2014-05-30 08:53:19 +00:00
|
|
|
MTPint256 aesKey, aesIV;
|
|
|
|
|
authKey->prepareAES(msgKey, aesKey, aesIV);
|
|
|
|
|
|
2016-03-24 12:57:10 +00:00
|
|
|
return aesIgeEncrypt(src, dst, len, static_cast<const void*>(&aesKey), static_cast<const void*>(&aesIV));
|
2014-05-30 08:53:19 +00:00
|
|
|
}
|
|
|
|
|
|
2016-03-24 12:57:10 +00:00
|
|
|
inline void aesEncryptLocal(const void *src, void *dst, uint32 len, const AuthKey *authKey, const void *key128) {
|
2014-05-30 08:53:19 +00:00
|
|
|
MTPint256 aesKey, aesIV;
|
|
|
|
|
authKey->prepareAES(*(const MTPint128*)key128, aesKey, aesIV, false);
|
|
|
|
|
|
2016-03-24 12:57:10 +00:00
|
|
|
return aesIgeEncrypt(src, dst, len, static_cast<const void*>(&aesKey), static_cast<const void*>(&aesIV));
|
2014-05-30 08:53:19 +00:00
|
|
|
}
|
|
|
|
|
|
2016-03-24 12:57:10 +00:00
|
|
|
inline void aesIgeDecrypt(const void *src, void *dst, uint32 len, const AuthKeyPtr &authKey, const MTPint128 &msgKey) {
|
2014-05-30 08:53:19 +00:00
|
|
|
MTPint256 aesKey, aesIV;
|
|
|
|
|
authKey->prepareAES(msgKey, aesKey, aesIV, false);
|
|
|
|
|
|
2016-03-24 12:57:10 +00:00
|
|
|
return aesIgeDecrypt(src, dst, len, static_cast<const void*>(&aesKey), static_cast<const void*>(&aesIV));
|
2014-05-30 08:53:19 +00:00
|
|
|
}
|
|
|
|
|
|
2016-03-24 12:57:10 +00:00
|
|
|
inline void aesDecryptLocal(const void *src, void *dst, uint32 len, const AuthKey *authKey, const void *key128) {
|
2014-05-30 08:53:19 +00:00
|
|
|
MTPint256 aesKey, aesIV;
|
|
|
|
|
authKey->prepareAES(*(const MTPint128*)key128, aesKey, aesIV, false);
|
|
|
|
|
|
2016-03-24 12:57:10 +00:00
|
|
|
return aesIgeDecrypt(src, dst, len, static_cast<const void*>(&aesKey), static_cast<const void*>(&aesIV));
|
2014-05-30 08:53:19 +00:00
|
|
|
}
|
2016-03-24 12:57:10 +00:00
|
|
|
|
|
|
|
|
// ctr used inplace, encrypt the data and leave it at the same place
|
|
|
|
|
struct CTRState {
|
|
|
|
|
static constexpr int KeySize = 32;
|
|
|
|
|
static constexpr int IvecSize = 16;
|
|
|
|
|
static constexpr int EcountSize = 16;
|
|
|
|
|
|
|
|
|
|
uchar ivec[IvecSize] = { 0 };
|
|
|
|
|
uint32 num = 0;
|
|
|
|
|
uchar ecount[EcountSize] = { 0 };
|
|
|
|
|
};
|
|
|
|
|
void aesCtrEncrypt(void *data, uint32 len, const void *key, CTRState *state);
|
|
|
|
|
|
|
|
|
|
} // namespace MTP
|
