Update server keys.

2021-07-08 16:39:34 +03:00 · 2021-07-08 16:39:34 +03:00 · e9e2428237
parent fe4d3cb549
commit e9e2428237
5 changed files with 57 additions and 95 deletions
--- a/td/mtproto/Handshake.cpp
+++ b/td/mtproto/Handshake.cpp
@ -24,6 +24,8 @@
 #include "td/utils/tl_parsers.h"
 #include "td/utils/tl_storers.h"

+#include <algorithm>
+
 namespace td {
 namespace mtproto {

@ -108,24 +110,36 @@ Status AuthKeyHandshake::on_res_pq(Slice message, Callback *connection, PublicRs
      UNREACHABLE();
  }

-  auto size = 20 + data.size();
-  if (size > 255) {
+  string encrypted_data(256, '\0');
+  auto data_size = data.size();
+  if (data_size > 144) {
    return Status::Error("Too big data");
  }

-  // data_with_hash := SHA1(data) + data + (any random bytes); such that the length equals to 255 bytes;
-  alignas(8) uint8 data_with_hash[255];
-  sha1(data, data_with_hash);
-  MutableSlice(data_with_hash + 20, data.size()).copy_from(data);
+  data.resize(192);
+  Random::secure_bytes(MutableSlice(data).substr(data_size));

-  // encrypted_data := RSA (data_with_hash, server_public_key); a 255-byte long number (big endian)
-  //   is raised to the requisite power over the requisite modulus, and the result is stored as a 256-byte number.
-  string encrypted_data(256, 0);
-  rsa_key.rsa.encrypt(data_with_hash, size, sizeof(data_with_hash),
-                      reinterpret_cast<unsigned char *>(&encrypted_data[0]), encrypted_data.size());
+  while (true) {
+    string aes_key(32, '\0');
+    Random::secure_bytes(MutableSlice(aes_key));
+
+    string data_with_hash = data + sha256(aes_key + data);
+    std::reverse(data_with_hash.begin(), data_with_hash.begin() + data.size());
+
+    string decrypted_data(256, '\0');
+    string aes_iv(32, '\0');
+    aes_ige_encrypt(aes_key, aes_iv, data_with_hash, MutableSlice(decrypted_data).substr(32));
+
+    auto hash = sha256(MutableSlice(decrypted_data).substr(32));
+    for (size_t i = 0; i < 32; i++) {
+      decrypted_data[i] = static_cast<char>(aes_key[i] ^ hash[i]);
+    }
+
+    if (rsa_key.rsa.encrypt(decrypted_data, encrypted_data)) {
+      break;
+    }
+  }

-  // req_DH_params#d712e4be nonce:int128 server_nonce:int128 p:string q:string public_key_fingerprint:long
-  // encrypted_data:string = Server_DH_Params
  mtproto_api::req_DH_params req_dh_params(nonce_, server_nonce_, p, q, rsa_key.fingerprint, encrypted_data);

  send(connection, create_storer(req_dh_params));
--- a/td/mtproto/RSA.cpp
+++ b/td/mtproto/RSA.cpp
@ -128,27 +128,22 @@ size_t RSA::size() const {
  return 256;
 }

-size_t RSA::encrypt(unsigned char *from, size_t from_len, size_t max_from_len, unsigned char *to, size_t to_len) const {
-  CHECK(from_len > 0 && from_len <= 2550);
-  size_t pad = (25500 - from_len - 32) % 255 + 32;
-  size_t chunks = (from_len + pad) / 255;
+bool RSA::encrypt(Slice from, MutableSlice to) const {
+  CHECK(from.size() == 256)
+  CHECK(to.size() == 256)
  int bits = n_.get_num_bits();
  CHECK(bits >= 2041 && bits <= 2048);
-  CHECK(chunks * 255 == from_len + pad);
-  CHECK(from_len + pad <= max_from_len);
-  CHECK(chunks * 256 <= to_len);
-  Random::secure_bytes(from + from_len, pad);

-  size_t result = chunks * 256;
+  BigNum x = BigNum::from_binary(from);
+  if (BigNum::compare(x, n_) >= 0) {
+    return false;
+  }
+
  BigNumContext ctx;
  BigNum y;
-  while (chunks-- > 0) {
-    BigNum x = BigNum::from_binary(Slice(from, 255));
-    BigNum::mod_exp(y, x, e_, n_, ctx);
-    MutableSlice(to, 256).copy_from(y.to_binary(256));
-    to += 256;
-  }
-  return result;
+  BigNum::mod_exp(y, x, e_, n_, ctx);
+  to.copy_from(y.to_binary(256));
+  return true;
 }

 void RSA::decrypt_signature(Slice from, MutableSlice to) const {
--- a/td/mtproto/RSA.h
+++ b/td/mtproto/RSA.h
@ -19,7 +19,8 @@ class RSA {
  RSA clone() const;
  int64 get_fingerprint() const;
  size_t size() const;
-  size_t encrypt(unsigned char *from, size_t from_len, size_t max_from_len, unsigned char *to, size_t to_len) const;
+
+  bool encrypt(Slice from, MutableSlice to) const;

  void decrypt_signature(Slice from, MutableSlice to) const;

--- a/td/telegram/net/PublicRsaKeyShared.cpp
+++ b/td/telegram/net/PublicRsaKeyShared.cpp
@ -33,74 +33,25 @@ PublicRsaKeyShared::PublicRsaKeyShared(DcId dc_id, bool is_test) : dc_id_(dc_id)
  if (is_test) {
    add_pem(
        "-----BEGIN RSA PUBLIC KEY-----\n"
-        "MIIBCgKCAQEAr4v4wxMDXIaMOh8bayF/NyoYdpcysn5EbjTIOZC0RkgzsRj3SGlu\n"
-        "52QSz+ysO41dQAjpFLgxPVJoOlxXokaOq827IfW0bGCm0doT5hxtedu9UCQKbE8j\n"
-        "lDOk+kWMXHPZFJKWRgKgTu9hcB3y3Vk+JFfLpq3d5ZB48B4bcwrRQnzkx5GhWOFX\n"
-        "x73ZgjO93eoQ2b/lDyXxK4B4IS+hZhjzezPZTI5upTRbs5ljlApsddsHrKk6jJNj\n"
-        "8Ygs/ps8e6ct82jLXbnndC9s8HjEvDvBPH9IPjv5JUlmHMBFZ5vFQIfbpo0u0+1P\n"
-        "n6bkEi5o7/ifoyVv2pAZTRwppTz0EuXD8QIDAQAB\n"
+        "MIIBCgKCAQEAyMEdY1aR+sCR3ZSJrtztKTKqigvO/vBfqACJLZtS7QMgCGXJ6XIR\n"
+        "yy7mx66W0/sOFa7/1mAZtEoIokDP3ShoqF4fVNb6XeqgQfaUHd8wJpDWHcR2OFwv\n"
+        "plUUI1PLTktZ9uW2WE23b+ixNwJjJGwBDJPQEQFBE+vfmH0JP503wr5INS1poWg/\n"
+        "j25sIWeYPHYeOrFp/eXaqhISP6G+q2IeTaWTXpwZj4LzXq5YOpk4bYEQ6mvRq7D1\n"
+        "aHWfYmlEGepfaYR8Q0YqvvhYtMte3ITnuSJs171+GDqpdKcSwHnd6FudwGO4pcCO\n"
+        "j4WcDuXc2CTHgH8gFTNhp/Y8/SpDOhvn9QIDAQAB\n"
        "-----END RSA PUBLIC KEY-----");
    return;
  }

-  //old_key
  add_pem(
      "-----BEGIN RSA PUBLIC KEY-----\n"
-      "MIIBCgKCAQEAwVACPi9w23mF3tBkdZz+zwrzKOaaQdr01vAbU4E1pvkfj4sqDsm6\n"
-      "lyDONS789sVoD/xCS9Y0hkkC3gtL1tSfTlgCMOOul9lcixlEKzwKENj1Yz/s7daS\n"
-      "an9tqw3bfUV/nqgbhGX81v/+7RFAEd+RwFnK7a+XYl9sluzHRyVVaTTveB2GazTw\n"
-      "Efzk2DWgkBluml8OREmvfraX3bkHZJTKX4EQSjBbbdJ2ZXIsRrYOXfaA+xayEGB+\n"
-      "8hdlLmAjbCVfaigxX0CDqWeR1yFL9kwd9P0NsZRPsmoqVwMbMu7mStFai6aIhc3n\n"
-      "Slv8kg9qv1m6XHVQY3PnEw+QQtqSIXklHwIDAQAB\n"
+      "MIIBCgKCAQEA6LszBcC1LGzyr992NzE0ieY+BSaOW622Aa9Bd4ZHLl+TuFQ4lo4g\n"
+      "5nKaMBwK/BIb9xUfg0Q29/2mgIR6Zr9krM7HjuIcCzFvDtr+L0GQjae9H0pRB2OO\n"
+      "62cECs5HKhT5DZ98K33vmWiLowc621dQuwKWSQKjWf50XYFw42h21P2KXUGyp2y/\n"
+      "+aEyZ+uVgLLQbRA1dEjSDZ2iGRy12Mk5gpYc397aYp438fsJoHIgJ2lgMv5h7WY9\n"
+      "t6N/byY9Nw9p21Og3AoXSL2q/2IJ1WRUhebgAdGVMlV1fkuOQoEzR7EdpqtQD9Cs\n"
+      "5+bfo3Nhmcyvk5ftB0WkJ9z6bNZ7yxrP8wIDAQAB\n"
      "-----END RSA PUBLIC KEY-----");
-
-  // a35e0b92d00f9b61c351ce30526cb855649b12a35e01fe39b5b315e81b515779  key1.pub
-  add_pem(
-      "-----BEGIN RSA PUBLIC KEY-----\n"
-      "MIIBCgKCAQEAruw2yP/BCcsJliRoW5eB\n"
-      "VBVle9dtjJw+OYED160Wybum9SXtBBLXriwt4rROd9csv0t0OHCaTmRqBcQ0J8fx\n"
-      "hN6/cpR1GWgOZRUAiQxoMnlt0R93LCX/j1dnVa/gVbCjdSxpbrfY2g2L4frzjJvd\n"
-      "l84Kd9ORYjDEAyFnEA7dD556OptgLQQ2e2iVNq8NZLYTzLp5YpOdO1doK+ttrltg\n"
-      "gTCy5SrKeLoCPPbOgGsdxJxyz5KKcZnSLj16yE5HvJQn0CNpRdENvRUXe6tBP78O\n"
-      "39oJ8BTHp9oIjd6XWXAsp2CvK45Ol8wFXGF710w9lwCGNbmNxNYhtIkdqfsEcwR5\n"
-      "JwIDAQAB\n"
-      "-----END RSA PUBLIC KEY-----\n");
-
-  // f1c346bd6de0c3365658e0740de42372e51262099d47ee097c3ff1e238ebf985  key2.pub
-  add_pem(
-      "-----BEGIN RSA PUBLIC KEY-----\n"
-      "MIIBCgKCAQEAvfLHfYH2r9R70w8prHbl\n"
-      "Wt/nDkh+XkgpflqQVcnAfSuTtO05lNPspQmL8Y2XjVT4t8cT6xAkdgfmmvnvRPOO\n"
-      "KPi0OfJXoRVylFzAQG/j83u5K3kRLbae7fLccVhKZhY46lvsueI1hQdLgNV9n1cQ\n"
-      "3TDS2pQOCtovG4eDl9wacrXOJTG2990VjgnIKNA0UMoP+KF03qzryqIt3oTvZq03\n"
-      "DyWdGK+AZjgBLaDKSnC6qD2cFY81UryRWOab8zKkWAnhw2kFpcqhI0jdV5QaSCEx\n"
-      "vnsjVaX0Y1N0870931/5Jb9ICe4nweZ9kSDF/gip3kWLG0o8XQpChDfyvsqB9OLV\n"
-      "/wIDAQAB\n"
-      "-----END RSA PUBLIC KEY-----\n");
-
-  // 129e129a464a2b515f579fd568f5579e8a6ea2832a362b07f282a7c271acfead  key3.pub
-  add_pem(
-      "-----BEGIN RSA PUBLIC KEY-----\n"
-      "MIIBCgKCAQEAs/ditzm+mPND6xkhzwFI\n"
-      "z6J/968CtkcSE/7Z2qAJiXbmZ3UDJPGrzqTDHkO30R8VeRM/Kz2f4nR05GIFiITl\n"
-      "4bEjvpy7xqRDspJcCFIOcyXm8abVDhF+th6knSU0yLtNKuQVP6voMrnt9MV1X92L\n"
-      "GZQLgdHZbPQz0Z5qIpaKhdyA8DEvWWvSUwwc+yi1/gGaybwlzZwqXYoPOhwMebzK\n"
-      "Uk0xW14htcJrRrq+PXXQbRzTMynseCoPIoke0dtCodbA3qQxQovE16q9zz4Otv2k\n"
-      "4j63cz53J+mhkVWAeWxVGI0lltJmWtEYK6er8VqqWot3nqmWMXogrgRLggv/Nbbo\n"
-      "oQIDAQAB\n"
-      "-----END RSA PUBLIC KEY-----\n");
-
-  // f9e47d59fbe0fa338ac8c5085201a0dd58dfd88f44abb16756ee5e9d50d52949  key4.pub
-  add_pem(
-      "-----BEGIN RSA PUBLIC KEY-----\n"
-      "MIIBCgKCAQEAvmpxVY7ld/8DAjz6F6q0\n"
-      "5shjg8/4p6047bn6/m8yPy1RBsvIyvuDuGnP/RzPEhzXQ9UJ5Ynmh2XJZgHoE9xb\n"
-      "nfxL5BXHplJhMtADXKM9bWB11PU1Eioc3+AXBB8QiNFBn2XI5UkO5hPhbb9mJpjA\n"
-      "9Uhw8EdfqJP8QetVsI/xrCEbwEXe0xvifRLJbY08/Gp66KpQvy7g8w7VB8wlgePe\n"
-      "xW3pT13Ap6vuC+mQuJPyiHvSxjEKHgqePji9NP3tJUFQjcECqcm0yV7/2d0t/pbC\n"
-      "m+ZH1sadZspQCEPPrtbkQBlvHb4OLiIWPGHKSMeRFvp3IWcmdJqXahxLCUS1Eh6M\n"
-      "AQIDAQAB\n"
-      "-----END RSA PUBLIC KEY-----\n");
 }

 void PublicRsaKeyShared::add_rsa(mtproto::RSA rsa) {
--- a/test/mtproto.cpp
+++ b/test/mtproto.cpp
@ -33,6 +33,7 @@

 #include "td/utils/base64.h"
 #include "td/utils/common.h"
+#include "td/utils/crypto.h"
 #include "td/utils/logging.h"
 #include "td/utils/port/Clocks.h"
 #include "td/utils/port/IPAddress.h"
@ -726,11 +727,11 @@ TEST(Mtproto, RSA) {
      "8Ygs/ps8e6ct82jLXbnndC9s8HjEvDvBPH9IPjv5JUlmHMBFZ5vFQIfbpo0u0+1P\n"
      "n6bkEi5o7/ifoyVv2pAZTRwppTz0EuXD8QIDAQAB\n"
      "-----END RSA PUBLIC KEY-----");
-  auto rsa = mtproto::RSA::from_pem_public_key(pem).move_as_ok();
+  auto rsa = td::mtproto::RSA::from_pem_public_key(pem).move_as_ok();
  ASSERT_EQ(-7596991558377038078, rsa.get_fingerprint());
  ASSERT_EQ(256u, rsa.size());

-  string s(255, '\0');
-  string to(256, '\0');
-  ASSERT_EQ(256u, rsa.encrypt(MutableSlice(s).ubegin(), 10, 255, MutableSlice(to).ubegin(), 256));
+  td::string to(256, '\0');
+  rsa.encrypt(pem.substr(0, 256), to);
+  ASSERT_EQ("U2nJEtB2AgpHrm3HB0yhpTQgb0wbesi9Pv/W1v/vULU=", td::base64_encode(td::sha256(to)));
 }