Update server keys.

This commit is contained in:
levlam 2021-07-08 16:39:34 +03:00
parent fe4d3cb549
commit e9e2428237
5 changed files with 57 additions and 95 deletions

View File

@ -24,6 +24,8 @@
#include "td/utils/tl_parsers.h"
#include "td/utils/tl_storers.h"
#include <algorithm>
namespace td {
namespace mtproto {
@ -108,24 +110,36 @@ Status AuthKeyHandshake::on_res_pq(Slice message, Callback *connection, PublicRs
UNREACHABLE();
}
auto size = 20 + data.size();
if (size > 255) {
string encrypted_data(256, '\0');
auto data_size = data.size();
if (data_size > 144) {
return Status::Error("Too big data");
}
// data_with_hash := SHA1(data) + data + (any random bytes); such that the length equals to 255 bytes;
alignas(8) uint8 data_with_hash[255];
sha1(data, data_with_hash);
MutableSlice(data_with_hash + 20, data.size()).copy_from(data);
data.resize(192);
Random::secure_bytes(MutableSlice(data).substr(data_size));
// encrypted_data := RSA (data_with_hash, server_public_key); a 255-byte long number (big endian)
// is raised to the requisite power over the requisite modulus, and the result is stored as a 256-byte number.
string encrypted_data(256, 0);
rsa_key.rsa.encrypt(data_with_hash, size, sizeof(data_with_hash),
reinterpret_cast<unsigned char *>(&encrypted_data[0]), encrypted_data.size());
while (true) {
string aes_key(32, '\0');
Random::secure_bytes(MutableSlice(aes_key));
string data_with_hash = data + sha256(aes_key + data);
std::reverse(data_with_hash.begin(), data_with_hash.begin() + data.size());
string decrypted_data(256, '\0');
string aes_iv(32, '\0');
aes_ige_encrypt(aes_key, aes_iv, data_with_hash, MutableSlice(decrypted_data).substr(32));
auto hash = sha256(MutableSlice(decrypted_data).substr(32));
for (size_t i = 0; i < 32; i++) {
decrypted_data[i] = static_cast<char>(aes_key[i] ^ hash[i]);
}
if (rsa_key.rsa.encrypt(decrypted_data, encrypted_data)) {
break;
}
}
// req_DH_params#d712e4be nonce:int128 server_nonce:int128 p:string q:string public_key_fingerprint:long
// encrypted_data:string = Server_DH_Params
mtproto_api::req_DH_params req_dh_params(nonce_, server_nonce_, p, q, rsa_key.fingerprint, encrypted_data);
send(connection, create_storer(req_dh_params));

View File

@ -128,27 +128,22 @@ size_t RSA::size() const {
return 256;
}
size_t RSA::encrypt(unsigned char *from, size_t from_len, size_t max_from_len, unsigned char *to, size_t to_len) const {
CHECK(from_len > 0 && from_len <= 2550);
size_t pad = (25500 - from_len - 32) % 255 + 32;
size_t chunks = (from_len + pad) / 255;
bool RSA::encrypt(Slice from, MutableSlice to) const {
CHECK(from.size() == 256)
CHECK(to.size() == 256)
int bits = n_.get_num_bits();
CHECK(bits >= 2041 && bits <= 2048);
CHECK(chunks * 255 == from_len + pad);
CHECK(from_len + pad <= max_from_len);
CHECK(chunks * 256 <= to_len);
Random::secure_bytes(from + from_len, pad);
size_t result = chunks * 256;
BigNum x = BigNum::from_binary(from);
if (BigNum::compare(x, n_) >= 0) {
return false;
}
BigNumContext ctx;
BigNum y;
while (chunks-- > 0) {
BigNum x = BigNum::from_binary(Slice(from, 255));
BigNum::mod_exp(y, x, e_, n_, ctx);
MutableSlice(to, 256).copy_from(y.to_binary(256));
to += 256;
}
return result;
to.copy_from(y.to_binary(256));
return true;
}
void RSA::decrypt_signature(Slice from, MutableSlice to) const {

View File

@ -19,7 +19,8 @@ class RSA {
RSA clone() const;
int64 get_fingerprint() const;
size_t size() const;
size_t encrypt(unsigned char *from, size_t from_len, size_t max_from_len, unsigned char *to, size_t to_len) const;
bool encrypt(Slice from, MutableSlice to) const;
void decrypt_signature(Slice from, MutableSlice to) const;

View File

@ -33,74 +33,25 @@ PublicRsaKeyShared::PublicRsaKeyShared(DcId dc_id, bool is_test) : dc_id_(dc_id)
if (is_test) {
add_pem(
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIIBCgKCAQEAr4v4wxMDXIaMOh8bayF/NyoYdpcysn5EbjTIOZC0RkgzsRj3SGlu\n"
"52QSz+ysO41dQAjpFLgxPVJoOlxXokaOq827IfW0bGCm0doT5hxtedu9UCQKbE8j\n"
"lDOk+kWMXHPZFJKWRgKgTu9hcB3y3Vk+JFfLpq3d5ZB48B4bcwrRQnzkx5GhWOFX\n"
"x73ZgjO93eoQ2b/lDyXxK4B4IS+hZhjzezPZTI5upTRbs5ljlApsddsHrKk6jJNj\n"
"8Ygs/ps8e6ct82jLXbnndC9s8HjEvDvBPH9IPjv5JUlmHMBFZ5vFQIfbpo0u0+1P\n"
"n6bkEi5o7/ifoyVv2pAZTRwppTz0EuXD8QIDAQAB\n"
"MIIBCgKCAQEAyMEdY1aR+sCR3ZSJrtztKTKqigvO/vBfqACJLZtS7QMgCGXJ6XIR\n"
"yy7mx66W0/sOFa7/1mAZtEoIokDP3ShoqF4fVNb6XeqgQfaUHd8wJpDWHcR2OFwv\n"
"plUUI1PLTktZ9uW2WE23b+ixNwJjJGwBDJPQEQFBE+vfmH0JP503wr5INS1poWg/\n"
"j25sIWeYPHYeOrFp/eXaqhISP6G+q2IeTaWTXpwZj4LzXq5YOpk4bYEQ6mvRq7D1\n"
"aHWfYmlEGepfaYR8Q0YqvvhYtMte3ITnuSJs171+GDqpdKcSwHnd6FudwGO4pcCO\n"
"j4WcDuXc2CTHgH8gFTNhp/Y8/SpDOhvn9QIDAQAB\n"
"-----END RSA PUBLIC KEY-----");
return;
}
//old_key
add_pem(
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIIBCgKCAQEAwVACPi9w23mF3tBkdZz+zwrzKOaaQdr01vAbU4E1pvkfj4sqDsm6\n"
"lyDONS789sVoD/xCS9Y0hkkC3gtL1tSfTlgCMOOul9lcixlEKzwKENj1Yz/s7daS\n"
"an9tqw3bfUV/nqgbhGX81v/+7RFAEd+RwFnK7a+XYl9sluzHRyVVaTTveB2GazTw\n"
"Efzk2DWgkBluml8OREmvfraX3bkHZJTKX4EQSjBbbdJ2ZXIsRrYOXfaA+xayEGB+\n"
"8hdlLmAjbCVfaigxX0CDqWeR1yFL9kwd9P0NsZRPsmoqVwMbMu7mStFai6aIhc3n\n"
"Slv8kg9qv1m6XHVQY3PnEw+QQtqSIXklHwIDAQAB\n"
"MIIBCgKCAQEA6LszBcC1LGzyr992NzE0ieY+BSaOW622Aa9Bd4ZHLl+TuFQ4lo4g\n"
"5nKaMBwK/BIb9xUfg0Q29/2mgIR6Zr9krM7HjuIcCzFvDtr+L0GQjae9H0pRB2OO\n"
"62cECs5HKhT5DZ98K33vmWiLowc621dQuwKWSQKjWf50XYFw42h21P2KXUGyp2y/\n"
"+aEyZ+uVgLLQbRA1dEjSDZ2iGRy12Mk5gpYc397aYp438fsJoHIgJ2lgMv5h7WY9\n"
"t6N/byY9Nw9p21Og3AoXSL2q/2IJ1WRUhebgAdGVMlV1fkuOQoEzR7EdpqtQD9Cs\n"
"5+bfo3Nhmcyvk5ftB0WkJ9z6bNZ7yxrP8wIDAQAB\n"
"-----END RSA PUBLIC KEY-----");
// a35e0b92d00f9b61c351ce30526cb855649b12a35e01fe39b5b315e81b515779 key1.pub
add_pem(
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIIBCgKCAQEAruw2yP/BCcsJliRoW5eB\n"
"VBVle9dtjJw+OYED160Wybum9SXtBBLXriwt4rROd9csv0t0OHCaTmRqBcQ0J8fx\n"
"hN6/cpR1GWgOZRUAiQxoMnlt0R93LCX/j1dnVa/gVbCjdSxpbrfY2g2L4frzjJvd\n"
"l84Kd9ORYjDEAyFnEA7dD556OptgLQQ2e2iVNq8NZLYTzLp5YpOdO1doK+ttrltg\n"
"gTCy5SrKeLoCPPbOgGsdxJxyz5KKcZnSLj16yE5HvJQn0CNpRdENvRUXe6tBP78O\n"
"39oJ8BTHp9oIjd6XWXAsp2CvK45Ol8wFXGF710w9lwCGNbmNxNYhtIkdqfsEcwR5\n"
"JwIDAQAB\n"
"-----END RSA PUBLIC KEY-----\n");
// f1c346bd6de0c3365658e0740de42372e51262099d47ee097c3ff1e238ebf985 key2.pub
add_pem(
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIIBCgKCAQEAvfLHfYH2r9R70w8prHbl\n"
"Wt/nDkh+XkgpflqQVcnAfSuTtO05lNPspQmL8Y2XjVT4t8cT6xAkdgfmmvnvRPOO\n"
"KPi0OfJXoRVylFzAQG/j83u5K3kRLbae7fLccVhKZhY46lvsueI1hQdLgNV9n1cQ\n"
"3TDS2pQOCtovG4eDl9wacrXOJTG2990VjgnIKNA0UMoP+KF03qzryqIt3oTvZq03\n"
"DyWdGK+AZjgBLaDKSnC6qD2cFY81UryRWOab8zKkWAnhw2kFpcqhI0jdV5QaSCEx\n"
"vnsjVaX0Y1N0870931/5Jb9ICe4nweZ9kSDF/gip3kWLG0o8XQpChDfyvsqB9OLV\n"
"/wIDAQAB\n"
"-----END RSA PUBLIC KEY-----\n");
// 129e129a464a2b515f579fd568f5579e8a6ea2832a362b07f282a7c271acfead key3.pub
add_pem(
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIIBCgKCAQEAs/ditzm+mPND6xkhzwFI\n"
"z6J/968CtkcSE/7Z2qAJiXbmZ3UDJPGrzqTDHkO30R8VeRM/Kz2f4nR05GIFiITl\n"
"4bEjvpy7xqRDspJcCFIOcyXm8abVDhF+th6knSU0yLtNKuQVP6voMrnt9MV1X92L\n"
"GZQLgdHZbPQz0Z5qIpaKhdyA8DEvWWvSUwwc+yi1/gGaybwlzZwqXYoPOhwMebzK\n"
"Uk0xW14htcJrRrq+PXXQbRzTMynseCoPIoke0dtCodbA3qQxQovE16q9zz4Otv2k\n"
"4j63cz53J+mhkVWAeWxVGI0lltJmWtEYK6er8VqqWot3nqmWMXogrgRLggv/Nbbo\n"
"oQIDAQAB\n"
"-----END RSA PUBLIC KEY-----\n");
// f9e47d59fbe0fa338ac8c5085201a0dd58dfd88f44abb16756ee5e9d50d52949 key4.pub
add_pem(
"-----BEGIN RSA PUBLIC KEY-----\n"
"MIIBCgKCAQEAvmpxVY7ld/8DAjz6F6q0\n"
"5shjg8/4p6047bn6/m8yPy1RBsvIyvuDuGnP/RzPEhzXQ9UJ5Ynmh2XJZgHoE9xb\n"
"nfxL5BXHplJhMtADXKM9bWB11PU1Eioc3+AXBB8QiNFBn2XI5UkO5hPhbb9mJpjA\n"
"9Uhw8EdfqJP8QetVsI/xrCEbwEXe0xvifRLJbY08/Gp66KpQvy7g8w7VB8wlgePe\n"
"xW3pT13Ap6vuC+mQuJPyiHvSxjEKHgqePji9NP3tJUFQjcECqcm0yV7/2d0t/pbC\n"
"m+ZH1sadZspQCEPPrtbkQBlvHb4OLiIWPGHKSMeRFvp3IWcmdJqXahxLCUS1Eh6M\n"
"AQIDAQAB\n"
"-----END RSA PUBLIC KEY-----\n");
}
void PublicRsaKeyShared::add_rsa(mtproto::RSA rsa) {

View File

@ -33,6 +33,7 @@
#include "td/utils/base64.h"
#include "td/utils/common.h"
#include "td/utils/crypto.h"
#include "td/utils/logging.h"
#include "td/utils/port/Clocks.h"
#include "td/utils/port/IPAddress.h"
@ -726,11 +727,11 @@ TEST(Mtproto, RSA) {
"8Ygs/ps8e6ct82jLXbnndC9s8HjEvDvBPH9IPjv5JUlmHMBFZ5vFQIfbpo0u0+1P\n"
"n6bkEi5o7/ifoyVv2pAZTRwppTz0EuXD8QIDAQAB\n"
"-----END RSA PUBLIC KEY-----");
auto rsa = mtproto::RSA::from_pem_public_key(pem).move_as_ok();
auto rsa = td::mtproto::RSA::from_pem_public_key(pem).move_as_ok();
ASSERT_EQ(-7596991558377038078, rsa.get_fingerprint());
ASSERT_EQ(256u, rsa.size());
string s(255, '\0');
string to(256, '\0');
ASSERT_EQ(256u, rsa.encrypt(MutableSlice(s).ubegin(), 10, 255, MutableSlice(to).ubegin(), 256));
td::string to(256, '\0');
rsa.encrypt(pem.substr(0, 256), to);
ASSERT_EQ("U2nJEtB2AgpHrm3HB0yhpTQgb0wbesi9Pv/W1v/vULU=", td::base64_encode(td::sha256(to)));
}