mtcute/packages/core/src/network/auth-key.ts

import Long from 'long'

import { tl } from '@mtcute/tl'
import { TlBinaryReader, TlReaderMap } from '@mtcute/tl-runtime'

import { MtcuteError } from '../types/errors.js'
import { createAesIgeForMessage } from '../utils/crypto/mtproto.js'
import { buffersEqual, concatBuffers, dataViewFromBuffer, ICryptoProvider, Logger } from '../utils/index.js'

export class AuthKey {
    ready = false

    key!: Uint8Array
    id!: Uint8Array
    clientSalt!: Uint8Array
    serverSalt!: Uint8Array

    constructor(
        readonly _crypto: ICryptoProvider,
        readonly log: Logger,
        readonly _readerMap: TlReaderMap,
    ) {}

    match(keyId: Uint8Array): boolean {
        return this.ready && buffersEqual(keyId, this.id)
    }

    setup(authKey?: Uint8Array | null): void {
        if (!authKey) return this.reset()

        this.ready = true
        this.key = authKey
        this.clientSalt = authKey.subarray(88, 120)
        this.serverSalt = authKey.subarray(96, 128)
        this.id = this._crypto.sha1(authKey).subarray(-8)

        this.log.verbose('auth key set up, id = %h', this.id)
    }

    encryptMessage(message: Uint8Array, serverSalt: Long, sessionId: Long): Uint8Array {
        if (!this.ready) throw new MtcuteError('Keys are not set up!')

        let padding = (16 /* header size */ + message.length + 12) /* min padding */ % 16
        padding = 12 + (padding ? 16 - padding : 0)

        const buf = new Uint8Array(16 + message.length + padding)
        const dv = dataViewFromBuffer(buf)

        dv.setInt32(0, serverSalt.low, true)
        dv.setInt32(4, serverSalt.high, true)
        dv.setInt32(8, sessionId.low, true)
        dv.setInt32(12, sessionId.high, true)
        buf.set(message, 16)
        this._crypto.randomFill(buf.subarray(16 + message.length, 16 + message.length + padding))

        const messageKey = this._crypto.sha256(concatBuffers([this.clientSalt, buf])).subarray(8, 24)
        const ige = createAesIgeForMessage(this._crypto, this.key, messageKey, true)
        const encryptedData = ige.encrypt(buf)

        return concatBuffers([this.id, messageKey, encryptedData])
    }

    decryptMessage(
        data: Uint8Array,
        sessionId: Long,
        callback: (msgId: tl.Long, seqNo: number, data: TlBinaryReader) => void,
    ): void {
        const messageKey = data.subarray(8, 24)
        let encryptedData = data.subarray(24)

        const mod16 = encryptedData.byteLength % 16

        if (mod16 !== 0) {
            // strip padding in case of padded transport.
            // i wish this could be done at transport level, but we can't properly align anything there
            // because padding size is not known, and transport level should not be aware of MTProto structure
            encryptedData = encryptedData.subarray(0, encryptedData.byteLength - mod16)
        }

        const ige = createAesIgeForMessage(this._crypto, this.key, messageKey, false)
        const innerData = ige.decrypt(encryptedData)

        const msgKeySource = this._crypto.sha256(concatBuffers([this.serverSalt, innerData]))
        const expectedMessageKey = msgKeySource.subarray(8, 24)

        if (!buffersEqual(messageKey, expectedMessageKey)) {
            this.log.warn('received message with invalid messageKey = %h (expected %h)', messageKey, expectedMessageKey)

            return
        }

        const innerReader = new TlBinaryReader(this._readerMap, innerData)
        innerReader.seek(8) // skip salt
        const sessionId_ = innerReader.long()
        const messageId = innerReader.long(true)

        if (sessionId_.neq(sessionId)) {
            this.log.warn('ignoring message with invalid sessionId = %h', sessionId_)

            return
        }

        const seqNo = innerReader.uint()
        const length = innerReader.uint()

        if (length > innerData.length - 32 /* header size */) {
            this.log.warn('ignoring message with invalid length: %d > %d', length, innerData.length - 32)

            return
        }

        if (length % 4 !== 0) {
            this.log.warn('ignoring message with invalid length: %d is not a multiple of 4', length)

            return
        }

        const paddingSize = innerData.length - length - 32 // header size

        if (paddingSize < 12 || paddingSize > 1024) {
            this.log.warn('ignoring message with invalid padding size: %d', paddingSize)

            return
        }

        callback(messageId, seqNo, innerReader)
    }

    copyFrom(authKey: AuthKey): void {
        this.ready = authKey.ready
        this.key = authKey.key
        this.id = authKey.id
        this.serverSalt = authKey.serverSalt
        this.clientSalt = authKey.clientSalt
    }

    reset(): void {
        this.ready = false
    }
}
build: fixes after rebase 2023-06-10 00:37:26 +03:00			`import Long from 'long'`

			`import { tl } from '@mtcute/tl'`
refactor: extracted auth key management to AuthKey class 2022-11-06 02:27:46 +03:00			`import { TlBinaryReader, TlReaderMap } from '@mtcute/tl-runtime'`
build: fixes after rebase 2023-06-10 00:37:26 +03:00
ESM + end-to-end tests (#11) * feat: moved tl-runtime to esm and native ArrayBuffers * feat: migration to esm * fix(core): web-related fixes * test: finally, some good fucking e2e * chore: fixed linters etc * ci: added e2e to ci * build(tl): fixed gen-code on node 20 * fix: codegen Uint8Array, not Buffer never `git reset --hard` kids * build: only do type-aware linting for `packages/` build: ignore no-unresolved in ci for e2e * fix: node 16 doesn't have subtle crypto apparently? * fix(tests): use Uint8Array for gods sake please can i just merge this already * ci: don't parallel tasks in ci because machines are utter garbage and it may just randomly break * ci: pass secrets to e2e tests * ci: separate cli command for ci apparently im retarded * fix: run codegen in e2e im actually retarded * ci: more fixes for e2e * ci: debugging stuff * ci: still debugging * ci: hopefully fix ci??? 2023-10-16 19:23:53 +03:00			`import { MtcuteError } from '../types/errors.js'`
			`import { createAesIgeForMessage } from '../utils/crypto/mtproto.js'`
chore(core): moved random to crypto provider, added tests for functions relying on rng 2023-11-12 00:36:00 +03:00			`import { buffersEqual, concatBuffers, dataViewFromBuffer, ICryptoProvider, Logger } from '../utils/index.js'`
refactor: extracted auth key management to AuthKey class 2022-11-06 02:27:46 +03:00
			`export class AuthKey {`
			`ready = false`

ESM + end-to-end tests (#11) * feat: moved tl-runtime to esm and native ArrayBuffers * feat: migration to esm * fix(core): web-related fixes * test: finally, some good fucking e2e * chore: fixed linters etc * ci: added e2e to ci * build(tl): fixed gen-code on node 20 * fix: codegen Uint8Array, not Buffer never `git reset --hard` kids * build: only do type-aware linting for `packages/` build: ignore no-unresolved in ci for e2e * fix: node 16 doesn't have subtle crypto apparently? * fix(tests): use Uint8Array for gods sake please can i just merge this already * ci: don't parallel tasks in ci because machines are utter garbage and it may just randomly break * ci: pass secrets to e2e tests * ci: separate cli command for ci apparently im retarded * fix: run codegen in e2e im actually retarded * ci: more fixes for e2e * ci: debugging stuff * ci: still debugging * ci: hopefully fix ci??? 2023-10-16 19:23:53 +03:00			`key!: Uint8Array`
			`id!: Uint8Array`
			`clientSalt!: Uint8Array`
			`serverSalt!: Uint8Array`
refactor: extracted auth key management to AuthKey class 2022-11-06 02:27:46 +03:00
build(deps): bumped prettier to 3.0.3 2023-10-06 21:15:52 +03:00			`constructor(`
			`readonly _crypto: ICryptoProvider,`
			`readonly log: Logger,`
			`readonly _readerMap: TlReaderMap,`
			`) {}`
refactor: extracted auth key management to AuthKey class 2022-11-06 02:27:46 +03:00
ESM + end-to-end tests (#11) * feat: moved tl-runtime to esm and native ArrayBuffers * feat: migration to esm * fix(core): web-related fixes * test: finally, some good fucking e2e * chore: fixed linters etc * ci: added e2e to ci * build(tl): fixed gen-code on node 20 * fix: codegen Uint8Array, not Buffer never `git reset --hard` kids * build: only do type-aware linting for `packages/` build: ignore no-unresolved in ci for e2e * fix: node 16 doesn't have subtle crypto apparently? * fix(tests): use Uint8Array for gods sake please can i just merge this already * ci: don't parallel tasks in ci because machines are utter garbage and it may just randomly break * ci: pass secrets to e2e tests * ci: separate cli command for ci apparently im retarded * fix: run codegen in e2e im actually retarded * ci: more fixes for e2e * ci: debugging stuff * ci: still debugging * ci: hopefully fix ci??? 2023-10-16 19:23:53 +03:00			`match(keyId: Uint8Array): boolean {`
refactor: extracted auth key management to AuthKey class 2022-11-06 02:27:46 +03:00			`return this.ready && buffersEqual(keyId, this.id)`
			`}`

feat(wasm): added sha1/256 to wasm, removed most of async in crypto 2023-11-07 22:49:35 +03:00			`setup(authKey?: Uint8Array \| null): void {`
refactor: extracted auth key management to AuthKey class 2022-11-06 02:27:46 +03:00			`if (!authKey) return this.reset()`

			`this.ready = true`
			`this.key = authKey`
ESM + end-to-end tests (#11) * feat: moved tl-runtime to esm and native ArrayBuffers * feat: migration to esm * fix(core): web-related fixes * test: finally, some good fucking e2e * chore: fixed linters etc * ci: added e2e to ci * build(tl): fixed gen-code on node 20 * fix: codegen Uint8Array, not Buffer never `git reset --hard` kids * build: only do type-aware linting for `packages/` build: ignore no-unresolved in ci for e2e * fix: node 16 doesn't have subtle crypto apparently? * fix(tests): use Uint8Array for gods sake please can i just merge this already * ci: don't parallel tasks in ci because machines are utter garbage and it may just randomly break * ci: pass secrets to e2e tests * ci: separate cli command for ci apparently im retarded * fix: run codegen in e2e im actually retarded * ci: more fixes for e2e * ci: debugging stuff * ci: still debugging * ci: hopefully fix ci??? 2023-10-16 19:23:53 +03:00			`this.clientSalt = authKey.subarray(88, 120)`
			`this.serverSalt = authKey.subarray(96, 128)`
feat(wasm): added sha1/256 to wasm, removed most of async in crypto 2023-11-07 22:49:35 +03:00			`this.id = this._crypto.sha1(authKey).subarray(-8)`
feat(core): (initial) support pfs 2022-11-07 00:08:59 +03:00
			`this.log.verbose('auth key set up, id = %h', this.id)`
refactor: extracted auth key management to AuthKey class 2022-11-06 02:27:46 +03:00			`}`

feat(wasm): added sha1/256 to wasm, removed most of async in crypto 2023-11-07 22:49:35 +03:00			`encryptMessage(message: Uint8Array, serverSalt: Long, sessionId: Long): Uint8Array {`
refactor: move errors to core 2023-09-22 15:32:28 +03:00			`if (!this.ready) throw new MtcuteError('Keys are not set up!')`
refactor: extracted auth key management to AuthKey class 2022-11-06 02:27:46 +03:00
chore: changed prettier width to 120 2023-09-24 01:32:22 +03:00			`let padding = (16 /* header size / + message.length + 12) / min padding */ % 16`
refactor: extracted auth key management to AuthKey class 2022-11-06 02:27:46 +03:00			`padding = 12 + (padding ? 16 - padding : 0)`

ESM + end-to-end tests (#11) * feat: moved tl-runtime to esm and native ArrayBuffers * feat: migration to esm * fix(core): web-related fixes * test: finally, some good fucking e2e * chore: fixed linters etc * ci: added e2e to ci * build(tl): fixed gen-code on node 20 * fix: codegen Uint8Array, not Buffer never `git reset --hard` kids * build: only do type-aware linting for `packages/` build: ignore no-unresolved in ci for e2e * fix: node 16 doesn't have subtle crypto apparently? * fix(tests): use Uint8Array for gods sake please can i just merge this already * ci: don't parallel tasks in ci because machines are utter garbage and it may just randomly break * ci: pass secrets to e2e tests * ci: separate cli command for ci apparently im retarded * fix: run codegen in e2e im actually retarded * ci: more fixes for e2e * ci: debugging stuff * ci: still debugging * ci: hopefully fix ci??? 2023-10-16 19:23:53 +03:00			`const buf = new Uint8Array(16 + message.length + padding)`
			`const dv = dataViewFromBuffer(buf)`
refactor: extracted auth key management to AuthKey class 2022-11-06 02:27:46 +03:00
ESM + end-to-end tests (#11) * feat: moved tl-runtime to esm and native ArrayBuffers * feat: migration to esm * fix(core): web-related fixes * test: finally, some good fucking e2e * chore: fixed linters etc * ci: added e2e to ci * build(tl): fixed gen-code on node 20 * fix: codegen Uint8Array, not Buffer never `git reset --hard` kids * build: only do type-aware linting for `packages/` build: ignore no-unresolved in ci for e2e * fix: node 16 doesn't have subtle crypto apparently? * fix(tests): use Uint8Array for gods sake please can i just merge this already * ci: don't parallel tasks in ci because machines are utter garbage and it may just randomly break * ci: pass secrets to e2e tests * ci: separate cli command for ci apparently im retarded * fix: run codegen in e2e im actually retarded * ci: more fixes for e2e * ci: debugging stuff * ci: still debugging * ci: hopefully fix ci??? 2023-10-16 19:23:53 +03:00			`dv.setInt32(0, serverSalt.low, true)`
			`dv.setInt32(4, serverSalt.high, true)`
			`dv.setInt32(8, sessionId.low, true)`
			`dv.setInt32(12, sessionId.high, true)`
			`buf.set(message, 16)`
chore(core): moved random to crypto provider, added tests for functions relying on rng 2023-11-12 00:36:00 +03:00			`this._crypto.randomFill(buf.subarray(16 + message.length, 16 + message.length + padding))`
refactor: extracted auth key management to AuthKey class 2022-11-06 02:27:46 +03:00
feat(wasm): added sha1/256 to wasm, removed most of async in crypto 2023-11-07 22:49:35 +03:00			`const messageKey = this._crypto.sha256(concatBuffers([this.clientSalt, buf])).subarray(8, 24)`
			`const ige = createAesIgeForMessage(this._crypto, this.key, messageKey, true)`
feat: wasm! 🚀 2023-11-04 06:44:18 +03:00			`const encryptedData = ige.encrypt(buf)`
refactor: extracted auth key management to AuthKey class 2022-11-06 02:27:46 +03:00
ESM + end-to-end tests (#11) * feat: moved tl-runtime to esm and native ArrayBuffers * feat: migration to esm * fix(core): web-related fixes * test: finally, some good fucking e2e * chore: fixed linters etc * ci: added e2e to ci * build(tl): fixed gen-code on node 20 * fix: codegen Uint8Array, not Buffer never `git reset --hard` kids * build: only do type-aware linting for `packages/` build: ignore no-unresolved in ci for e2e * fix: node 16 doesn't have subtle crypto apparently? * fix(tests): use Uint8Array for gods sake please can i just merge this already * ci: don't parallel tasks in ci because machines are utter garbage and it may just randomly break * ci: pass secrets to e2e tests * ci: separate cli command for ci apparently im retarded * fix: run codegen in e2e im actually retarded * ci: more fixes for e2e * ci: debugging stuff * ci: still debugging * ci: hopefully fix ci??? 2023-10-16 19:23:53 +03:00			`return concatBuffers([this.id, messageKey, encryptedData])`
refactor: extracted auth key management to AuthKey class 2022-11-06 02:27:46 +03:00			`}`

feat(wasm): added sha1/256 to wasm, removed most of async in crypto 2023-11-07 22:49:35 +03:00			`decryptMessage(`
ESM + end-to-end tests (#11) * feat: moved tl-runtime to esm and native ArrayBuffers * feat: migration to esm * fix(core): web-related fixes * test: finally, some good fucking e2e * chore: fixed linters etc * ci: added e2e to ci * build(tl): fixed gen-code on node 20 * fix: codegen Uint8Array, not Buffer never `git reset --hard` kids * build: only do type-aware linting for `packages/` build: ignore no-unresolved in ci for e2e * fix: node 16 doesn't have subtle crypto apparently? * fix(tests): use Uint8Array for gods sake please can i just merge this already * ci: don't parallel tasks in ci because machines are utter garbage and it may just randomly break * ci: pass secrets to e2e tests * ci: separate cli command for ci apparently im retarded * fix: run codegen in e2e im actually retarded * ci: more fixes for e2e * ci: debugging stuff * ci: still debugging * ci: hopefully fix ci??? 2023-10-16 19:23:53 +03:00			`data: Uint8Array,`
refactor: extracted auth key management to AuthKey class 2022-11-06 02:27:46 +03:00			`sessionId: Long,`
build: fixes after rebase 2023-06-10 00:37:26 +03:00			`callback: (msgId: tl.Long, seqNo: number, data: TlBinaryReader) => void,`
feat(wasm): added sha1/256 to wasm, removed most of async in crypto 2023-11-07 22:49:35 +03:00			`): void {`
ESM + end-to-end tests (#11) * feat: moved tl-runtime to esm and native ArrayBuffers * feat: migration to esm * fix(core): web-related fixes * test: finally, some good fucking e2e * chore: fixed linters etc * ci: added e2e to ci * build(tl): fixed gen-code on node 20 * fix: codegen Uint8Array, not Buffer never `git reset --hard` kids * build: only do type-aware linting for `packages/` build: ignore no-unresolved in ci for e2e * fix: node 16 doesn't have subtle crypto apparently? * fix(tests): use Uint8Array for gods sake please can i just merge this already * ci: don't parallel tasks in ci because machines are utter garbage and it may just randomly break * ci: pass secrets to e2e tests * ci: separate cli command for ci apparently im retarded * fix: run codegen in e2e im actually retarded * ci: more fixes for e2e * ci: debugging stuff * ci: still debugging * ci: hopefully fix ci??? 2023-10-16 19:23:53 +03:00			`const messageKey = data.subarray(8, 24)`
			`let encryptedData = data.subarray(24)`

			`const mod16 = encryptedData.byteLength % 16`

			`if (mod16 !== 0) {`
			`// strip padding in case of padded transport.`
			`// i wish this could be done at transport level, but we can't properly align anything there`
			`// because padding size is not known, and transport level should not be aware of MTProto structure`
			`encryptedData = encryptedData.subarray(0, encryptedData.byteLength - mod16)`
			`}`
refactor: extracted auth key management to AuthKey class 2022-11-06 02:27:46 +03:00
feat(wasm): added sha1/256 to wasm, removed most of async in crypto 2023-11-07 22:49:35 +03:00			`const ige = createAesIgeForMessage(this._crypto, this.key, messageKey, false)`
feat: wasm! 🚀 2023-11-04 06:44:18 +03:00			`const innerData = ige.decrypt(encryptedData)`
refactor: extracted auth key management to AuthKey class 2022-11-06 02:27:46 +03:00
feat(wasm): added sha1/256 to wasm, removed most of async in crypto 2023-11-07 22:49:35 +03:00			`const msgKeySource = this._crypto.sha256(concatBuffers([this.serverSalt, innerData]))`
ESM + end-to-end tests (#11) * feat: moved tl-runtime to esm and native ArrayBuffers * feat: migration to esm * fix(core): web-related fixes * test: finally, some good fucking e2e * chore: fixed linters etc * ci: added e2e to ci * build(tl): fixed gen-code on node 20 * fix: codegen Uint8Array, not Buffer never `git reset --hard` kids * build: only do type-aware linting for `packages/` build: ignore no-unresolved in ci for e2e * fix: node 16 doesn't have subtle crypto apparently? * fix(tests): use Uint8Array for gods sake please can i just merge this already * ci: don't parallel tasks in ci because machines are utter garbage and it may just randomly break * ci: pass secrets to e2e tests * ci: separate cli command for ci apparently im retarded * fix: run codegen in e2e im actually retarded * ci: more fixes for e2e * ci: debugging stuff * ci: still debugging * ci: hopefully fix ci??? 2023-10-16 19:23:53 +03:00			`const expectedMessageKey = msgKeySource.subarray(8, 24)`
refactor: extracted auth key management to AuthKey class 2022-11-06 02:27:46 +03:00
			`if (!buffersEqual(messageKey, expectedMessageKey)) {`
chore(core): moved random to crypto provider, added tests for functions relying on rng 2023-11-12 00:36:00 +03:00			`this.log.warn('received message with invalid messageKey = %h (expected %h)', messageKey, expectedMessageKey)`
build: fixes after rebase 2023-06-10 00:37:26 +03:00
refactor: extracted auth key management to AuthKey class 2022-11-06 02:27:46 +03:00			`return`
			`}`

			`const innerReader = new TlBinaryReader(this._readerMap, innerData)`
			`innerReader.seek(8) // skip salt`
			`const sessionId_ = innerReader.long()`
			`const messageId = innerReader.long(true)`

			`if (sessionId_.neq(sessionId)) {`
chore: changed prettier width to 120 2023-09-24 01:32:22 +03:00			`this.log.warn('ignoring message with invalid sessionId = %h', sessionId_)`
build: fixes after rebase 2023-06-10 00:37:26 +03:00
refactor: extracted auth key management to AuthKey class 2022-11-06 02:27:46 +03:00			`return`
			`}`

			`const seqNo = innerReader.uint()`
			`const length = innerReader.uint()`

			`if (length > innerData.length - 32 /* header size */) {`
chore: changed prettier width to 120 2023-09-24 01:32:22 +03:00			`this.log.warn('ignoring message with invalid length: %d > %d', length, innerData.length - 32)`
build: fixes after rebase 2023-06-10 00:37:26 +03:00
refactor: extracted auth key management to AuthKey class 2022-11-06 02:27:46 +03:00			`return`
			`}`

			`if (length % 4 !== 0) {`
chore: changed prettier width to 120 2023-09-24 01:32:22 +03:00			`this.log.warn('ignoring message with invalid length: %d is not a multiple of 4', length)`
build: fixes after rebase 2023-06-10 00:37:26 +03:00
refactor: extracted auth key management to AuthKey class 2022-11-06 02:27:46 +03:00			`return`
			`}`

			`const paddingSize = innerData.length - length - 32 // header size`

			`if (paddingSize < 12 \|\| paddingSize > 1024) {`
chore: changed prettier width to 120 2023-09-24 01:32:22 +03:00			`this.log.warn('ignoring message with invalid padding size: %d', paddingSize)`
build: fixes after rebase 2023-06-10 00:37:26 +03:00
refactor: extracted auth key management to AuthKey class 2022-11-06 02:27:46 +03:00			`return`
			`}`

			`callback(messageId, seqNo, innerReader)`
			`}`

			`copyFrom(authKey: AuthKey): void {`
			`this.ready = authKey.ready`
			`this.key = authKey.key`
			`this.id = authKey.id`
			`this.serverSalt = authKey.serverSalt`
			`this.clientSalt = authKey.clientSalt`
			`}`

			`reset(): void {`
			`this.ready = false`
			`}`
			`}`