From cf329420db722013df9883eca44cbfce11992d7c Mon Sep 17 00:00:00 2001 From: levlam Date: Sat, 27 Jul 2019 00:39:39 +0300 Subject: [PATCH] Mtproto: move KDF to separate files. GitOrigin-RevId: 5f57db386ccc90692180a34b84387ffd46d5f311 --- CMakeLists.txt | 2 + td/mtproto/Handshake.cpp | 1 + td/mtproto/KDF.cpp | 106 +++++++++++++++++++++++++++++++++++++++ td/mtproto/KDF.h | 22 ++++++++ td/mtproto/Transport.cpp | 2 +- td/mtproto/crypto.cpp | 95 ----------------------------------- td/mtproto/crypto.h | 5 -- 7 files changed, 132 insertions(+), 101 deletions(-) create mode 100644 td/mtproto/KDF.cpp create mode 100644 td/mtproto/KDF.h diff --git a/CMakeLists.txt b/CMakeLists.txt index 2f589037..41e2d05d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -343,6 +343,7 @@ set(TDLIB_SOURCE td/mtproto/HandshakeActor.cpp td/mtproto/HttpTransport.cpp td/mtproto/IStreamTransport.cpp + td/mtproto/KDF.cpp td/mtproto/Ping.cpp td/mtproto/PingConnection.cpp td/mtproto/ProxySecret.cpp @@ -473,6 +474,7 @@ set(TDLIB_SOURCE td/mtproto/HandshakeConnection.h td/mtproto/HttpTransport.h td/mtproto/IStreamTransport.h + td/mtproto/KDF.h td/mtproto/NoCryptoStorer.h td/mtproto/PacketInfo.h td/mtproto/PacketStorer.h diff --git a/td/mtproto/Handshake.cpp b/td/mtproto/Handshake.cpp index eaeccd96..0fc0c0ce 100644 --- a/td/mtproto/Handshake.cpp +++ b/td/mtproto/Handshake.cpp @@ -7,6 +7,7 @@ #include "td/mtproto/Handshake.h" #include "td/mtproto/crypto.h" +#include "td/mtproto/KDF.h" #include "td/mtproto/utils.h" #include "td/mtproto/mtproto_api.h" diff --git a/td/mtproto/KDF.cpp b/td/mtproto/KDF.cpp new file mode 100644 index 00000000..ccbeee59 --- /dev/null +++ b/td/mtproto/KDF.cpp @@ -0,0 +1,106 @@ +// +// Copyright Aliaksei Levin (levlam@telegram.org), Arseny Smirnov (arseny30@gmail.com) 2014-2019 +// +// Distributed under the Boost Software License, Version 1.0. (See accompanying +// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) +// +#include "td/mtproto/KDF.h" + +#include "td/utils/as.h" +#include "td/utils/common.h" +#include "td/utils/crypto.h" + +namespace td { +namespace mtproto { + +void KDF(Slice auth_key, const UInt128 &msg_key, int X, UInt256 *aes_key, UInt256 *aes_iv) { + CHECK(auth_key.size() == 2048 / 8); + const char *auth_key_raw = auth_key.data(); + uint8 buf[48]; + as(buf) = msg_key; + as(buf + 16) = as(auth_key_raw + X); + uint8 sha1_a[20]; + sha1(Slice(buf, 48), sha1_a); + + as(buf) = as(auth_key_raw + X + 32); + as(buf + 16) = msg_key; + as(buf + 32) = as(auth_key_raw + X + 48); + uint8 sha1_b[20]; + sha1(Slice(buf, 48), sha1_b); + + as(buf) = as(auth_key_raw + 64 + X); + as(buf + 32) = msg_key; + uint8 sha1_c[20]; + sha1(Slice(buf, 48), sha1_c); + + as(buf) = msg_key; + as(buf + 16) = as(auth_key_raw + 96 + X); + uint8 sha1_d[20]; + sha1(Slice(buf, 48), sha1_d); + + as(aes_key->raw) = as(sha1_a); + as>(aes_key->raw + 8) = as>(sha1_b + 8); + as>(aes_key->raw + 20) = as>(sha1_c + 4); + + as>(aes_iv->raw) = as>(sha1_a + 8); + as(aes_iv->raw + 12) = as(sha1_b); + as(aes_iv->raw + 20) = as(sha1_c + 16); + as(aes_iv->raw + 24) = as(sha1_d); +} + +void tmp_KDF(const UInt128 &server_nonce, const UInt256 &new_nonce, UInt256 *tmp_aes_key, UInt256 *tmp_aes_iv) { + // tmp_aes_key := SHA1(new_nonce + server_nonce) + substr(SHA1(server_nonce + new_nonce), 0, 12); + uint8 buf[512 / 8]; + as(buf) = new_nonce; + as(buf + 32) = server_nonce; + sha1(Slice(buf, 48), tmp_aes_key->raw); + + as(buf) = server_nonce; + as(buf + 16) = new_nonce; + uint8 sha1_server_new[20]; + sha1(Slice(buf, 48), sha1_server_new); + as>(tmp_aes_key->raw + 20) = as>(sha1_server_new); + + // tmp_aes_iv := substr(SHA1(server_nonce + new_nonce), 12, 8) + SHA1(new_nonce + new_nonce) + substr(new_nonce, 0, 4) + as(tmp_aes_iv->raw) = as(sha1_server_new + 12); + + as(buf) = new_nonce; + as(buf + 32) = new_nonce; + sha1(Slice(buf, 64), tmp_aes_iv->raw + 8); + as(tmp_aes_iv->raw + 28) = as(new_nonce.raw); +} + +void KDF2(Slice auth_key, const UInt128 &msg_key, int X, UInt256 *aes_key, UInt256 *aes_iv) { + uint8 buf_raw[36 + 16]; + MutableSlice buf(buf_raw, 36 + 16); + Slice msg_key_slice = as_slice(msg_key); + + // sha256_a = SHA256 (msg_key + substr(auth_key, x, 36)); + buf.copy_from(msg_key_slice); + buf.substr(16, 36).copy_from(auth_key.substr(X, 36)); + uint8 sha256_a_raw[32]; + MutableSlice sha256_a(sha256_a_raw, 32); + sha256(buf, sha256_a); + + // sha256_b = SHA256 (substr(auth_key, 40+x, 36) + msg_key); + buf.copy_from(auth_key.substr(40 + X, 36)); + buf.substr(36).copy_from(msg_key_slice); + uint8 sha256_b_raw[32]; + MutableSlice sha256_b(sha256_b_raw, 32); + sha256(buf, sha256_b); + + // aes_key = substr(sha256_a, 0, 8) + substr(sha256_b, 8, 16) + substr(sha256_a, 24, 8); + MutableSlice aes_key_slice(aes_key->raw, sizeof(aes_key->raw)); + aes_key_slice.copy_from(sha256_a.substr(0, 8)); + aes_key_slice.substr(8).copy_from(sha256_b.substr(8, 16)); + aes_key_slice.substr(24).copy_from(sha256_a.substr(24, 8)); + + // aes_iv = substr(sha256_b, 0, 8) + substr(sha256_a, 8, 16) + substr(sha256_b, 24, 8); + MutableSlice aes_iv_slice(aes_iv->raw, sizeof(aes_iv->raw)); + aes_iv_slice.copy_from(sha256_b.substr(0, 8)); + aes_iv_slice.substr(8).copy_from(sha256_a.substr(8, 16)); + aes_iv_slice.substr(24).copy_from(sha256_b.substr(24, 8)); +} + +} // namespace mtproto +} // namespace td diff --git a/td/mtproto/KDF.h b/td/mtproto/KDF.h new file mode 100644 index 00000000..d8056b2c --- /dev/null +++ b/td/mtproto/KDF.h @@ -0,0 +1,22 @@ +// +// Copyright Aliaksei Levin (levlam@telegram.org), Arseny Smirnov (arseny30@gmail.com) 2014-2019 +// +// Distributed under the Boost Software License, Version 1.0. (See accompanying +// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) +// +#pragma once + +#include "td/utils/Slice.h" +#include "td/utils/UInt.h" + +namespace td { +namespace mtproto { + +void KDF(Slice auth_key, const UInt128 &msg_key, int X, UInt256 *aes_key, UInt256 *aes_iv); + +void tmp_KDF(const UInt128 &server_nonce, const UInt256 &new_nonce, UInt256 *tmp_aes_key, UInt256 *tmp_aes_iv); + +void KDF2(Slice auth_key, const UInt128 &msg_key, int X, UInt256 *aes_key, UInt256 *aes_iv); + +} // namespace mtproto +} // namespace td diff --git a/td/mtproto/Transport.cpp b/td/mtproto/Transport.cpp index af96e030..3bcef789 100644 --- a/td/mtproto/Transport.cpp +++ b/td/mtproto/Transport.cpp @@ -7,7 +7,7 @@ #include "td/mtproto/Transport.h" #include "td/mtproto/AuthKey.h" -#include "td/mtproto/crypto.h" +#include "td/mtproto/KDF.h" #include "td/utils/as.h" #include "td/utils/crypto.h" diff --git a/td/mtproto/crypto.cpp b/td/mtproto/crypto.cpp index a3ff6157..7839d7f1 100644 --- a/td/mtproto/crypto.cpp +++ b/td/mtproto/crypto.cpp @@ -130,99 +130,4 @@ void RSA::decrypt(Slice from, MutableSlice to) const { std::memcpy(to.data(), result.c_str(), 256); } -/*** KDF ***/ -void KDF(const string &auth_key, const UInt128 &msg_key, int X, UInt256 *aes_key, UInt256 *aes_iv) { - CHECK(auth_key.size() == 2048 / 8); - const char *auth_key_raw = auth_key.c_str(); - uint8 buf[48]; - as(buf) = msg_key; - as(buf + 16) = as(auth_key_raw + X); - uint8 sha1_a[20]; - sha1(Slice(buf, 48), sha1_a); - - as(buf) = as(auth_key_raw + X + 32); - as(buf + 16) = msg_key; - as(buf + 32) = as(auth_key_raw + X + 48); - uint8 sha1_b[20]; - sha1(Slice(buf, 48), sha1_b); - - as(buf) = as(auth_key_raw + 64 + X); - as(buf + 32) = msg_key; - uint8 sha1_c[20]; - sha1(Slice(buf, 48), sha1_c); - - as(buf) = msg_key; - as(buf + 16) = as(auth_key_raw + 96 + X); - uint8 sha1_d[20]; - sha1(Slice(buf, 48), sha1_d); - - as(aes_key->raw) = as(sha1_a); - as>(aes_key->raw + 8) = as>(sha1_b + 8); - as>(aes_key->raw + 20) = as>(sha1_c + 4); - - as>(aes_iv->raw) = as>(sha1_a + 8); - as(aes_iv->raw + 12) = as(sha1_b); - as(aes_iv->raw + 20) = as(sha1_c + 16); - as(aes_iv->raw + 24) = as(sha1_d); -} - -void tmp_KDF(const UInt128 &server_nonce, const UInt256 &new_nonce, UInt256 *tmp_aes_key, UInt256 *tmp_aes_iv) { - // tmp_aes_key := SHA1(new_nonce + server_nonce) + substr (SHA1(server_nonce + new_nonce), 0, 12); - uint8 buf[512 / 8]; - as(buf) = new_nonce; - as(buf + 32) = server_nonce; - sha1(Slice(buf, 48), tmp_aes_key->raw); - - as(buf) = server_nonce; - as(buf + 16) = new_nonce; - uint8 sha1_server_new[20]; - sha1(Slice(buf, 48), sha1_server_new); - as>(tmp_aes_key->raw + 20) = as>(sha1_server_new); - - // tmp_aes_iv := substr (SHA1(server_nonce + new_nonce), 12, 8) + SHA1(new_nonce + new_nonce) + substr (new_nonce, - // 0, - // 4); - as(tmp_aes_iv->raw) = as(sha1_server_new + 12); - - as(buf) = new_nonce; - as(buf + 32) = new_nonce; - sha1(Slice(buf, 64), tmp_aes_iv->raw + 8); - as(tmp_aes_iv->raw + 28) = as(new_nonce.raw); -} - -// msg_key_large = SHA256 (substr (auth_key, 88+x, 32) + plaintext + random_padding); -// msg_key = substr (msg_key_large, 8, 16); - -void KDF2(Slice auth_key, const UInt128 &msg_key, int X, UInt256 *aes_key, UInt256 *aes_iv) { - uint8 buf_raw[36 + 16]; - MutableSlice buf(buf_raw, 36 + 16); - Slice msg_key_slice = as_slice(msg_key); - - // sha256_a = SHA256 (msg_key + substr (auth_key, x, 36)); - buf.copy_from(msg_key_slice); - buf.substr(16, 36).copy_from(auth_key.substr(X, 36)); - uint8 sha256_a_raw[32]; - MutableSlice sha256_a(sha256_a_raw, 32); - sha256(buf, sha256_a); - - // sha256_b = SHA256 (substr (auth_key, 40+x, 36) + msg_key); - buf.copy_from(auth_key.substr(40 + X, 36)); - buf.substr(36).copy_from(msg_key_slice); - uint8 sha256_b_raw[32]; - MutableSlice sha256_b(sha256_b_raw, 32); - sha256(buf, sha256_b); - - // aes_key = substr (sha256_a, 0, 8) + substr (sha256_b, 8, 16) + substr (sha256_a, 24, 8); - MutableSlice aes_key_slice(aes_key->raw, sizeof(aes_key->raw)); - aes_key_slice.copy_from(sha256_a.substr(0, 8)); - aes_key_slice.substr(8).copy_from(sha256_b.substr(8, 16)); - aes_key_slice.substr(24).copy_from(sha256_a.substr(24, 8)); - - // aes_iv = substr (sha256_b, 0, 8) + substr (sha256_a, 8, 16) + substr (sha256_b, 24, 8); - MutableSlice aes_iv_slice(aes_iv->raw, sizeof(aes_iv->raw)); - aes_iv_slice.copy_from(sha256_b.substr(0, 8)); - aes_iv_slice.substr(8).copy_from(sha256_a.substr(8, 16)); - aes_iv_slice.substr(24).copy_from(sha256_b.substr(24, 8)); -} - } // namespace td diff --git a/td/mtproto/crypto.h b/td/mtproto/crypto.h index 5552ffb2..00e82d0b 100644 --- a/td/mtproto/crypto.h +++ b/td/mtproto/crypto.h @@ -42,9 +42,4 @@ class PublicRsaKeyInterface { virtual void drop_keys() = 0; }; -/*** KDF ***/ -void KDF(const string &auth_key, const UInt128 &msg_key, int X, UInt256 *aes_key, UInt256 *aes_iv); -void tmp_KDF(const UInt128 &server_nonce, const UInt256 &new_nonce, UInt256 *tmp_aes_key, UInt256 *tmp_aes_iv); -void KDF2(Slice auth_key, const UInt128 &msg_key, int X, UInt256 *aes_key, UInt256 *aes_iv); - } // namespace td