From cf329420db722013df9883eca44cbfce11992d7c Mon Sep 17 00:00:00 2001
From: levlam <levlam@telegram.org>
Date: Sat, 27 Jul 2019 00:39:39 +0300
Subject: [PATCH] Mtproto: move KDF to separate files.

GitOrigin-RevId: 5f57db386ccc90692180a34b84387ffd46d5f311
---
 CMakeLists.txt           |   2 +
 td/mtproto/Handshake.cpp |   1 +
 td/mtproto/KDF.cpp       | 106 +++++++++++++++++++++++++++++++++++++++
 td/mtproto/KDF.h         |  22 ++++++++
 td/mtproto/Transport.cpp |   2 +-
 td/mtproto/crypto.cpp    |  95 -----------------------------------
 td/mtproto/crypto.h      |   5 --
 7 files changed, 132 insertions(+), 101 deletions(-)
 create mode 100644 td/mtproto/KDF.cpp
 create mode 100644 td/mtproto/KDF.h

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 2f5890373..41e2d05d1 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -343,6 +343,7 @@ set(TDLIB_SOURCE
   td/mtproto/HandshakeActor.cpp
   td/mtproto/HttpTransport.cpp
   td/mtproto/IStreamTransport.cpp
+  td/mtproto/KDF.cpp
   td/mtproto/Ping.cpp
   td/mtproto/PingConnection.cpp
   td/mtproto/ProxySecret.cpp
@@ -473,6 +474,7 @@ set(TDLIB_SOURCE
   td/mtproto/HandshakeConnection.h
   td/mtproto/HttpTransport.h
   td/mtproto/IStreamTransport.h
+  td/mtproto/KDF.h
   td/mtproto/NoCryptoStorer.h
   td/mtproto/PacketInfo.h
   td/mtproto/PacketStorer.h
diff --git a/td/mtproto/Handshake.cpp b/td/mtproto/Handshake.cpp
index eaeccd969..0fc0c0ce7 100644
--- a/td/mtproto/Handshake.cpp
+++ b/td/mtproto/Handshake.cpp
@@ -7,6 +7,7 @@
 #include "td/mtproto/Handshake.h"
 
 #include "td/mtproto/crypto.h"
+#include "td/mtproto/KDF.h"
 #include "td/mtproto/utils.h"
 
 #include "td/mtproto/mtproto_api.h"
diff --git a/td/mtproto/KDF.cpp b/td/mtproto/KDF.cpp
new file mode 100644
index 000000000..ccbeee595
--- /dev/null
+++ b/td/mtproto/KDF.cpp
@@ -0,0 +1,106 @@
+//
+// Copyright Aliaksei Levin (levlam@telegram.org), Arseny Smirnov (arseny30@gmail.com) 2014-2019
+//
+// Distributed under the Boost Software License, Version 1.0. (See accompanying
+// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+//
+#include "td/mtproto/KDF.h"
+
+#include "td/utils/as.h"
+#include "td/utils/common.h"
+#include "td/utils/crypto.h"
+
+namespace td {
+namespace mtproto {
+
+void KDF(Slice auth_key, const UInt128 &msg_key, int X, UInt256 *aes_key, UInt256 *aes_iv) {
+  CHECK(auth_key.size() == 2048 / 8);
+  const char *auth_key_raw = auth_key.data();
+  uint8 buf[48];
+  as<UInt128>(buf) = msg_key;
+  as<UInt256>(buf + 16) = as<UInt256>(auth_key_raw + X);
+  uint8 sha1_a[20];
+  sha1(Slice(buf, 48), sha1_a);
+
+  as<UInt128>(buf) = as<UInt128>(auth_key_raw + X + 32);
+  as<UInt128>(buf + 16) = msg_key;
+  as<UInt128>(buf + 32) = as<UInt128>(auth_key_raw + X + 48);
+  uint8 sha1_b[20];
+  sha1(Slice(buf, 48), sha1_b);
+
+  as<UInt256>(buf) = as<UInt256>(auth_key_raw + 64 + X);
+  as<UInt128>(buf + 32) = msg_key;
+  uint8 sha1_c[20];
+  sha1(Slice(buf, 48), sha1_c);
+
+  as<UInt128>(buf) = msg_key;
+  as<UInt256>(buf + 16) = as<UInt256>(auth_key_raw + 96 + X);
+  uint8 sha1_d[20];
+  sha1(Slice(buf, 48), sha1_d);
+
+  as<uint64>(aes_key->raw) = as<uint64>(sha1_a);
+  as<UInt<96>>(aes_key->raw + 8) = as<UInt<96>>(sha1_b + 8);
+  as<UInt<96>>(aes_key->raw + 20) = as<UInt<96>>(sha1_c + 4);
+
+  as<UInt<96>>(aes_iv->raw) = as<UInt<96>>(sha1_a + 8);
+  as<uint64>(aes_iv->raw + 12) = as<uint64>(sha1_b);
+  as<uint32>(aes_iv->raw + 20) = as<uint32>(sha1_c + 16);
+  as<uint64>(aes_iv->raw + 24) = as<uint64>(sha1_d);
+}
+
+void tmp_KDF(const UInt128 &server_nonce, const UInt256 &new_nonce, UInt256 *tmp_aes_key, UInt256 *tmp_aes_iv) {
+  // tmp_aes_key := SHA1(new_nonce + server_nonce) + substr(SHA1(server_nonce + new_nonce), 0, 12);
+  uint8 buf[512 / 8];
+  as<UInt256>(buf) = new_nonce;
+  as<UInt128>(buf + 32) = server_nonce;
+  sha1(Slice(buf, 48), tmp_aes_key->raw);
+
+  as<UInt128>(buf) = server_nonce;
+  as<UInt256>(buf + 16) = new_nonce;
+  uint8 sha1_server_new[20];
+  sha1(Slice(buf, 48), sha1_server_new);
+  as<UInt<96>>(tmp_aes_key->raw + 20) = as<UInt<96>>(sha1_server_new);
+
+  // tmp_aes_iv := substr(SHA1(server_nonce + new_nonce), 12, 8) + SHA1(new_nonce + new_nonce) + substr(new_nonce, 0, 4)
+  as<uint64>(tmp_aes_iv->raw) = as<uint64>(sha1_server_new + 12);
+
+  as<UInt256>(buf) = new_nonce;
+  as<UInt256>(buf + 32) = new_nonce;
+  sha1(Slice(buf, 64), tmp_aes_iv->raw + 8);
+  as<uint32>(tmp_aes_iv->raw + 28) = as<uint32>(new_nonce.raw);
+}
+
+void KDF2(Slice auth_key, const UInt128 &msg_key, int X, UInt256 *aes_key, UInt256 *aes_iv) {
+  uint8 buf_raw[36 + 16];
+  MutableSlice buf(buf_raw, 36 + 16);
+  Slice msg_key_slice = as_slice(msg_key);
+
+  // sha256_a = SHA256 (msg_key + substr(auth_key, x, 36));
+  buf.copy_from(msg_key_slice);
+  buf.substr(16, 36).copy_from(auth_key.substr(X, 36));
+  uint8 sha256_a_raw[32];
+  MutableSlice sha256_a(sha256_a_raw, 32);
+  sha256(buf, sha256_a);
+
+  // sha256_b = SHA256 (substr(auth_key, 40+x, 36) + msg_key);
+  buf.copy_from(auth_key.substr(40 + X, 36));
+  buf.substr(36).copy_from(msg_key_slice);
+  uint8 sha256_b_raw[32];
+  MutableSlice sha256_b(sha256_b_raw, 32);
+  sha256(buf, sha256_b);
+
+  // aes_key = substr(sha256_a, 0, 8) + substr(sha256_b, 8, 16) + substr(sha256_a, 24, 8);
+  MutableSlice aes_key_slice(aes_key->raw, sizeof(aes_key->raw));
+  aes_key_slice.copy_from(sha256_a.substr(0, 8));
+  aes_key_slice.substr(8).copy_from(sha256_b.substr(8, 16));
+  aes_key_slice.substr(24).copy_from(sha256_a.substr(24, 8));
+
+  // aes_iv = substr(sha256_b, 0, 8) + substr(sha256_a, 8, 16) + substr(sha256_b, 24, 8);
+  MutableSlice aes_iv_slice(aes_iv->raw, sizeof(aes_iv->raw));
+  aes_iv_slice.copy_from(sha256_b.substr(0, 8));
+  aes_iv_slice.substr(8).copy_from(sha256_a.substr(8, 16));
+  aes_iv_slice.substr(24).copy_from(sha256_b.substr(24, 8));
+}
+
+}  // namespace mtproto
+}  // namespace td
diff --git a/td/mtproto/KDF.h b/td/mtproto/KDF.h
new file mode 100644
index 000000000..d8056b2cb
--- /dev/null
+++ b/td/mtproto/KDF.h
@@ -0,0 +1,22 @@
+//
+// Copyright Aliaksei Levin (levlam@telegram.org), Arseny Smirnov (arseny30@gmail.com) 2014-2019
+//
+// Distributed under the Boost Software License, Version 1.0. (See accompanying
+// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+//
+#pragma once
+
+#include "td/utils/Slice.h"
+#include "td/utils/UInt.h"
+
+namespace td {
+namespace mtproto {
+
+void KDF(Slice auth_key, const UInt128 &msg_key, int X, UInt256 *aes_key, UInt256 *aes_iv);
+
+void tmp_KDF(const UInt128 &server_nonce, const UInt256 &new_nonce, UInt256 *tmp_aes_key, UInt256 *tmp_aes_iv);
+
+void KDF2(Slice auth_key, const UInt128 &msg_key, int X, UInt256 *aes_key, UInt256 *aes_iv);
+
+}  // namespace mtproto
+}  // namespace td
diff --git a/td/mtproto/Transport.cpp b/td/mtproto/Transport.cpp
index af96e030b..3bcef7894 100644
--- a/td/mtproto/Transport.cpp
+++ b/td/mtproto/Transport.cpp
@@ -7,7 +7,7 @@
 #include "td/mtproto/Transport.h"
 
 #include "td/mtproto/AuthKey.h"
-#include "td/mtproto/crypto.h"
+#include "td/mtproto/KDF.h"
 
 #include "td/utils/as.h"
 #include "td/utils/crypto.h"
diff --git a/td/mtproto/crypto.cpp b/td/mtproto/crypto.cpp
index a3ff6157c..7839d7f1a 100644
--- a/td/mtproto/crypto.cpp
+++ b/td/mtproto/crypto.cpp
@@ -130,99 +130,4 @@ void RSA::decrypt(Slice from, MutableSlice to) const {
   std::memcpy(to.data(), result.c_str(), 256);
 }
 
-/*** KDF ***/
-void KDF(const string &auth_key, const UInt128 &msg_key, int X, UInt256 *aes_key, UInt256 *aes_iv) {
-  CHECK(auth_key.size() == 2048 / 8);
-  const char *auth_key_raw = auth_key.c_str();
-  uint8 buf[48];
-  as<UInt128>(buf) = msg_key;
-  as<UInt256>(buf + 16) = as<UInt256>(auth_key_raw + X);
-  uint8 sha1_a[20];
-  sha1(Slice(buf, 48), sha1_a);
-
-  as<UInt128>(buf) = as<UInt128>(auth_key_raw + X + 32);
-  as<UInt128>(buf + 16) = msg_key;
-  as<UInt128>(buf + 32) = as<UInt128>(auth_key_raw + X + 48);
-  uint8 sha1_b[20];
-  sha1(Slice(buf, 48), sha1_b);
-
-  as<UInt256>(buf) = as<UInt256>(auth_key_raw + 64 + X);
-  as<UInt128>(buf + 32) = msg_key;
-  uint8 sha1_c[20];
-  sha1(Slice(buf, 48), sha1_c);
-
-  as<UInt128>(buf) = msg_key;
-  as<UInt256>(buf + 16) = as<UInt256>(auth_key_raw + 96 + X);
-  uint8 sha1_d[20];
-  sha1(Slice(buf, 48), sha1_d);
-
-  as<uint64>(aes_key->raw) = as<uint64>(sha1_a);
-  as<UInt<96>>(aes_key->raw + 8) = as<UInt<96>>(sha1_b + 8);
-  as<UInt<96>>(aes_key->raw + 20) = as<UInt<96>>(sha1_c + 4);
-
-  as<UInt<96>>(aes_iv->raw) = as<UInt<96>>(sha1_a + 8);
-  as<uint64>(aes_iv->raw + 12) = as<uint64>(sha1_b);
-  as<uint32>(aes_iv->raw + 20) = as<uint32>(sha1_c + 16);
-  as<uint64>(aes_iv->raw + 24) = as<uint64>(sha1_d);
-}
-
-void tmp_KDF(const UInt128 &server_nonce, const UInt256 &new_nonce, UInt256 *tmp_aes_key, UInt256 *tmp_aes_iv) {
-  // tmp_aes_key := SHA1(new_nonce + server_nonce) + substr (SHA1(server_nonce + new_nonce), 0, 12);
-  uint8 buf[512 / 8];
-  as<UInt256>(buf) = new_nonce;
-  as<UInt128>(buf + 32) = server_nonce;
-  sha1(Slice(buf, 48), tmp_aes_key->raw);
-
-  as<UInt128>(buf) = server_nonce;
-  as<UInt256>(buf + 16) = new_nonce;
-  uint8 sha1_server_new[20];
-  sha1(Slice(buf, 48), sha1_server_new);
-  as<UInt<96>>(tmp_aes_key->raw + 20) = as<UInt<96>>(sha1_server_new);
-
-  // tmp_aes_iv := substr (SHA1(server_nonce + new_nonce), 12, 8) + SHA1(new_nonce + new_nonce) + substr (new_nonce,
-  // 0,
-  // 4);
-  as<uint64>(tmp_aes_iv->raw) = as<uint64>(sha1_server_new + 12);
-
-  as<UInt256>(buf) = new_nonce;
-  as<UInt256>(buf + 32) = new_nonce;
-  sha1(Slice(buf, 64), tmp_aes_iv->raw + 8);
-  as<uint32>(tmp_aes_iv->raw + 28) = as<uint32>(new_nonce.raw);
-}
-
-// msg_key_large = SHA256 (substr (auth_key, 88+x, 32) + plaintext + random_padding);
-// msg_key = substr (msg_key_large, 8, 16);
-
-void KDF2(Slice auth_key, const UInt128 &msg_key, int X, UInt256 *aes_key, UInt256 *aes_iv) {
-  uint8 buf_raw[36 + 16];
-  MutableSlice buf(buf_raw, 36 + 16);
-  Slice msg_key_slice = as_slice(msg_key);
-
-  // sha256_a = SHA256 (msg_key + substr (auth_key, x, 36));
-  buf.copy_from(msg_key_slice);
-  buf.substr(16, 36).copy_from(auth_key.substr(X, 36));
-  uint8 sha256_a_raw[32];
-  MutableSlice sha256_a(sha256_a_raw, 32);
-  sha256(buf, sha256_a);
-
-  // sha256_b = SHA256 (substr (auth_key, 40+x, 36) + msg_key);
-  buf.copy_from(auth_key.substr(40 + X, 36));
-  buf.substr(36).copy_from(msg_key_slice);
-  uint8 sha256_b_raw[32];
-  MutableSlice sha256_b(sha256_b_raw, 32);
-  sha256(buf, sha256_b);
-
-  // aes_key = substr (sha256_a, 0, 8) + substr (sha256_b, 8, 16) + substr (sha256_a, 24, 8);
-  MutableSlice aes_key_slice(aes_key->raw, sizeof(aes_key->raw));
-  aes_key_slice.copy_from(sha256_a.substr(0, 8));
-  aes_key_slice.substr(8).copy_from(sha256_b.substr(8, 16));
-  aes_key_slice.substr(24).copy_from(sha256_a.substr(24, 8));
-
-  // aes_iv = substr (sha256_b, 0, 8) + substr (sha256_a, 8, 16) + substr (sha256_b, 24, 8);
-  MutableSlice aes_iv_slice(aes_iv->raw, sizeof(aes_iv->raw));
-  aes_iv_slice.copy_from(sha256_b.substr(0, 8));
-  aes_iv_slice.substr(8).copy_from(sha256_a.substr(8, 16));
-  aes_iv_slice.substr(24).copy_from(sha256_b.substr(24, 8));
-}
-
 }  // namespace td
diff --git a/td/mtproto/crypto.h b/td/mtproto/crypto.h
index 5552ffb21..00e82d0b0 100644
--- a/td/mtproto/crypto.h
+++ b/td/mtproto/crypto.h
@@ -42,9 +42,4 @@ class PublicRsaKeyInterface {
   virtual void drop_keys() = 0;
 };
 
-/*** KDF ***/
-void KDF(const string &auth_key, const UInt128 &msg_key, int X, UInt256 *aes_key, UInt256 *aes_iv);
-void tmp_KDF(const UInt128 &server_nonce, const UInt256 &new_nonce, UInt256 *tmp_aes_key, UInt256 *tmp_aes_iv);
-void KDF2(Slice auth_key, const UInt128 &msg_key, int X, UInt256 *aes_key, UInt256 *aes_iv);
-
 }  // namespace td