You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
83 lines
2.4 KiB
83 lines
2.4 KiB
package crypto |
|
|
|
import ( |
|
"crypto/aes" |
|
|
|
"github.com/go-faster/errors" |
|
|
|
"github.com/gotd/ige" |
|
|
|
"github.com/gotd/td/bin" |
|
) |
|
|
|
// DecryptFromBuffer decodes EncryptedMessage and decrypts it. |
|
func (c Cipher) DecryptFromBuffer(k AuthKey, buf *bin.Buffer) (*EncryptedMessageData, error) { |
|
msg := &EncryptedMessage{} |
|
// Because we assume that buffer is valid during decrypting, we able to |
|
// use DecodeWithoutCopy and do not allocate inner buffer for EncryptedMessage. |
|
if err := msg.DecodeWithoutCopy(buf); err != nil { |
|
return nil, err |
|
} |
|
|
|
return c.Decrypt(k, msg) |
|
} |
|
|
|
// Decrypt decrypts data from encrypted message using AES-IGE. |
|
func (c Cipher) Decrypt(k AuthKey, encrypted *EncryptedMessage) (*EncryptedMessageData, error) { |
|
plaintext, err := c.decryptMessage(k, encrypted) |
|
if err != nil { |
|
return nil, err |
|
} |
|
|
|
side := c.encryptSide.DecryptSide() |
|
// Checking SHA256 hash value of msg_key |
|
msgKey := MessageKey(k.Value, plaintext, side) |
|
if msgKey != encrypted.MsgKey { |
|
return nil, errors.New("msg_key is invalid") |
|
} |
|
|
|
msg := &EncryptedMessageData{} |
|
// Notice: do not re-use plaintext, because we use DecodeWithoutCopy, it references |
|
// original buffer. |
|
if err := msg.DecodeWithoutCopy(&bin.Buffer{Buf: plaintext}); err != nil { |
|
return nil, err |
|
} |
|
|
|
{ |
|
// Checking that padding of decrypted message is not too big. |
|
const maxPadding = 1024 |
|
n := int(msg.MessageDataLen) |
|
paddingLen := len(msg.MessageDataWithPadding) - n |
|
|
|
switch { |
|
case n < 0: |
|
return nil, errors.Errorf("message length is invalid: %d less than zero", n) |
|
case n%4 != 0: |
|
return nil, errors.Errorf("message length is invalid: %d is not divisible by 4", n) |
|
case paddingLen > maxPadding: |
|
return nil, errors.Errorf("padding %d of message is too big", paddingLen) |
|
} |
|
} |
|
|
|
return msg, nil |
|
} |
|
|
|
// decryptMessage decrypts data from encrypted message using AES-IGE. |
|
func (c Cipher) decryptMessage(k AuthKey, encrypted *EncryptedMessage) ([]byte, error) { |
|
if k.ID != encrypted.AuthKeyID { |
|
return nil, errors.New("unknown auth key id") |
|
} |
|
if len(encrypted.EncryptedData)%16 != 0 { |
|
return nil, errors.New("invalid encrypted data padding") |
|
} |
|
|
|
key, iv := Keys(k.Value, encrypted.MsgKey, c.encryptSide.DecryptSide()) |
|
cipher, err := aes.NewCipher(key[:]) |
|
if err != nil { |
|
return nil, err |
|
} |
|
plaintext := make([]byte, len(encrypted.EncryptedData)) |
|
ige.DecryptBlocks(cipher, iv[:], plaintext, encrypted.EncryptedData) |
|
|
|
return plaintext, nil |
|
}
|
|
|