public AuthKeyNegotiator( [NotNull] IClientTransportConfig clientTransportConfig, [NotNull] IMTProtoClientBuilder mtProtoBuilder, [NotNull] TLRig tlRig, [NotNull] INonceGenerator nonceGenerator, [NotNull] IHashServices hashServices, [NotNull] IEncryptionServices encryptionServices, [NotNull] IKeyChain keyChain) { Argument.IsNotNull(() => clientTransportConfig); Argument.IsNotNull(() => mtProtoBuilder); Argument.IsNotNull(() => tlRig); Argument.IsNotNull(() => nonceGenerator); Argument.IsNotNull(() => hashServices); Argument.IsNotNull(() => encryptionServices); Argument.IsNotNull(() => keyChain); _clientTransportConfig = clientTransportConfig; _mtProtoBuilder = mtProtoBuilder; _tlRig = tlRig; _nonceGenerator = nonceGenerator; _hashServices = hashServices; _encryptionServices = encryptionServices; _keyChain = keyChain; }
public KeyChain([NotNull] TLRig tlRig, [NotNull] IHashServices hashServices) { Argument.IsNotNull(() => tlRig); Argument.IsNotNull(() => hashServices); _tlRig = tlRig; _hashServices = hashServices; }
/// <summary> /// Initializes a new instance of the <see cref="EncryptedMessage" /> class from a plain inner message data. /// </summary> /// <param name="authKey"> /// Authorization Key a 2048-bit key shared by the client device and the server, created upon user /// registration directly on the client device be exchanging Diffie-Hellman keys, and never transmitted over a network. /// Each authorization key is user-specific. There is nothing that prevents a user from having several keys (that /// correspond to “permanent sessions” on different devices), and some of these may be locked forever in the event the /// device is lost. /// </param> /// <param name="salt"> /// Server Salt is a (random) 64-bit number periodically (say, every 24 hours) changed (separately for /// each session) at the request of the server. All subsequent messages must contain the new salt (although, messages /// with the old salt are still accepted for a further 300 seconds). Required to protect against replay attacks and /// certain tricks associated with adjusting the client clock to a moment in the distant future. /// </param> /// <param name="sessionId"> /// Session is a (random) 64-bit number generated by the client to distinguish between individual sessions (for /// example, between different instances of the application, created with the same authorization key). The session in /// conjunction with the key identifier corresponds to an application instance. The server can maintain session state. /// Under no circumstances can a message meant for one session be sent into a different session. The server may /// unilaterally forget any client sessions; clients should be able to handle this. /// </param> /// <param name="messageId"> /// Message Identifier is a (time-dependent) 64-bit number used uniquely to identify a message within a session. Client /// message identifiers are divisible by 4, server message identifiers modulo 4 yield 1 if the message is a response to /// a client message, and 3 otherwise. Client message identifiers must increase monotonically (within a single /// session), the same as server message identifiers, and must approximately equal unixtime*2^32. This way, a message /// identifier points to the approximate moment in time the message was created. A message is rejected over 300 seconds /// after it is created or 30 seconds before it is created (this is needed to protect from replay attacks). In this /// situation, it must be re-sent with a different identifier (or placed in a container with a higher identifier). The /// identifier of a message container must be strictly greater than those of its nested messages. /// </param> /// <param name="seqNumber"> /// Message Sequence Number is a 32-bit number equal to twice the number of “content-related” messages (those requiring /// acknowledgment, and in particular those that are not containers) created by the sender prior to this message and /// subsequently incremented by one if the current message is a content-related message. A container is always /// generated after its entire contents; therefore, its sequence number is greater than or equal to the sequence /// numbers of the messages contained in it. /// </param> /// <param name="messageData">Plain inner message data.</param> /// <param name="sender">Sender of the message.</param> /// <param name="hashServices">Hash services.</param> /// <param name="encryptionServices">Encryption services.</param> public EncryptedMessage([NotNull] byte[] authKey, ulong salt, ulong sessionId, ulong messageId, uint seqNumber, [NotNull] byte[] messageData, Sender sender, [NotNull] IHashServices hashServices, [NotNull] IEncryptionServices encryptionServices) { Argument.IsNotNull(() => authKey); Argument.IsNotNull(() => messageData); Argument.IsNotNull(() => hashServices); Argument.IsNotNull(() => encryptionServices); _authKeyId = ComputeAuthKeyId(authKey, hashServices); _salt = salt; _sessionId = sessionId; _messageId = messageId; _seqNumber = seqNumber; _messageData = (byte[])messageData.Clone(); _messageDataLength = _messageData.Length; int innerDataLength = InnerHeaderLength + _messageDataLength; int mod = innerDataLength % Alignment; int paddingLength = mod > 0 ? Alignment - mod : 0; int innerDataWithPaddingLength = innerDataLength + paddingLength; _length = OuterHeaderLength + innerDataWithPaddingLength; // Writing inner data. var innerDataWithPadding = new byte[innerDataWithPaddingLength]; using (var streamer = new TLStreamer(innerDataWithPadding)) { streamer.WriteUInt64(_salt); streamer.WriteUInt64(_sessionId); streamer.WriteUInt64(_messageId); streamer.WriteUInt32(_seqNumber); streamer.WriteInt32(_messageDataLength); streamer.Write(_messageData); streamer.WriteRandomData(paddingLength); } _msgKey = ComputeMsgKey(new ArraySegment <byte>(innerDataWithPadding, 0, innerDataLength), hashServices); // Encrypting. byte[] aesKey, aesIV; ComputeAesKeyAndIV(authKey, _msgKey, out aesKey, out aesIV, hashServices, sender); byte[] encryptedData = encryptionServices.Aes256IgeEncrypt(innerDataWithPadding, aesKey, aesIV); Debug.Assert(encryptedData.Length == innerDataWithPaddingLength, "Wrong encrypted data length."); _messageBytes = new byte[_length]; using (var streamer = new TLStreamer(_messageBytes)) { // Writing header. streamer.WriteUInt64(_authKeyId); streamer.WriteInt128(_msgKey); // Writing encrypted data. streamer.Write(encryptedData, 0, innerDataWithPaddingLength); } }
/// <summary> /// Initializes a new instance of the <see cref="MessageCodec" /> class. /// </summary> /// <exception cref="System.ArgumentNullException">The <paramref name="tlRig" /> is <c>null</c>.</exception> /// <exception cref="System.ArgumentNullException">The <paramref name="hashServices" /> is <c>null</c>.</exception> /// <exception cref="System.ArgumentNullException">The <paramref name="encryptionServices" /> is <c>null</c>.</exception> public MessageCodec([NotNull] TLRig tlRig, [NotNull] IHashServices hashServices, [NotNull] IEncryptionServices encryptionServices, IRandomGenerator randomGenerator) { Argument.IsNotNull(() => tlRig); Argument.IsNotNull(() => hashServices); Argument.IsNotNull(() => encryptionServices); _tlRig = tlRig; _hashServices = hashServices; _encryptionServices = encryptionServices; _randomGenerator = randomGenerator; }
public AuthKeyNegotiator( [NotNull] IClientTransportConfig clientTransportConfig, [NotNull] IMTProtoClientBuilder mtProtoBuilder, [NotNull] TLRig tlRig, [NotNull] INonceGenerator nonceGenerator, [NotNull] IHashServices hashServices, [NotNull] IEncryptionServices encryptionServices, [NotNull] IKeyChain keyChain) { _clientTransportConfig = clientTransportConfig; _mtProtoBuilder = mtProtoBuilder; _tlRig = tlRig; _nonceGenerator = nonceGenerator; _hashServices = hashServices; _encryptionServices = encryptionServices; _keyChain = keyChain; }
public MTProtoClientBuilder( [NotNull] IClientTransportFactory clientTransportFactory, [NotNull] TLRig tlRig, [NotNull] IMessageIdGenerator messageIdGenerator, [NotNull] IMessageCodec messageCodec, [NotNull] IHashServices hashServices, [NotNull] IEncryptionServices encryptionServices, [NotNull] INonceGenerator nonceGenerator, [NotNull] IKeyChain keyChain) { _clientTransportFactory = clientTransportFactory; _tlRig = tlRig; _messageIdGenerator = messageIdGenerator; _messageCodec = messageCodec; _hashServices = hashServices; _encryptionServices = encryptionServices; _nonceGenerator = nonceGenerator; _keyChain = keyChain; }
public AuthKeyNegotiator([NotNull] IMTProtoConnectionFactory connectionFactory, [NotNull] TLRig tlRig, [NotNull] INonceGenerator nonceGenerator, [NotNull] IHashServices hashServices, [NotNull] IEncryptionServices encryptionServices, [NotNull] IKeyChain keyChain, [NotNull] ITransportConfigProvider transportConfigProvider) { Argument.IsNotNull(() => connectionFactory); Argument.IsNotNull(() => tlRig); Argument.IsNotNull(() => nonceGenerator); Argument.IsNotNull(() => hashServices); Argument.IsNotNull(() => encryptionServices); Argument.IsNotNull(() => keyChain); Argument.IsNotNull(() => transportConfigProvider); _connectionFactory = connectionFactory; _tlRig = tlRig; _nonceGenerator = nonceGenerator; _hashServices = hashServices; _encryptionServices = encryptionServices; _keyChain = keyChain; _transportConfigProvider = transportConfigProvider; }
public MTProtoConnection(TransportConfig transportConfig, [NotNull] ITransportFactory transportFactory, [NotNull] TLRig tlRig, [NotNull] IMessageIdGenerator messageIdGenerator, [NotNull] IHashServices hashServices, [NotNull] IEncryptionServices encryptionServices) { Argument.IsNotNull(() => transportFactory); Argument.IsNotNull(() => tlRig); Argument.IsNotNull(() => messageIdGenerator); Argument.IsNotNull(() => hashServices); Argument.IsNotNull(() => encryptionServices); _transportFactory = transportFactory; _tlRig = tlRig; _messageIdGenerator = messageIdGenerator; _hashServices = hashServices; _encryptionServices = encryptionServices; DefaultRpcTimeout = Defaults.RpcTimeout; DefaultConnectTimeout = Defaults.ConnectTimeout; _tlRig.PrepareSerializersForAllTLObjectsInAssembly(typeof(ITLAsyncMethods).GetAssemblyEx()); _sessionId = GetNextSessionId(); // Init transport. _transport = _transportFactory.CreateTransport(transportConfig); // History of messages in/out. _inMessages.ObserveOn(DefaultScheduler.Instance).Subscribe(_inMessagesHistory); _outMessages.ObserveOn(DefaultScheduler.Instance).Subscribe(_outMessagesHistory); // Connector in/out. _transport.ObserveOn(DefaultScheduler.Instance).Do(bytes => LogMessageInOut(bytes, "IN")).Subscribe(ProcessIncomingMessageBytes); _outMessages.ObserveOn(DefaultScheduler.Instance) .Do(message => LogMessageInOut(message.MessageBytes, "OUT")) .Subscribe(message => _transport.Send(message.MessageBytes)); _inMessages.ObserveOn(DefaultScheduler.Instance).Subscribe(ProcessIncomingMessage); }
public KeyChain([NotNull] TLRig tlRig, [NotNull] IHashServices hashServices) { _tlRig = tlRig; _hashServices = hashServices; }
private static void ComputeAesKeyAndIV(byte[] authKey, Int128 msgKey, out byte[] aesKey, out byte[] aesIV, IHashServices hashServices, Sender sender) { // x = 0 for messages from client to server and x = 8 for those from server to client. int x; switch (sender) { case Sender.Client: x = 0; break; case Sender.Server: x = 8; break; default: throw new ArgumentOutOfRangeException("sender"); } byte[] msgKeyBytes = msgKey.ToBytes(); byte[] buffer = _aesKeyAndIVComputationBuffer ?? (_aesKeyAndIVComputationBuffer = new byte[32 + MsgKeyLength]); // sha1_a = SHA1 (msg_key + substr (auth_key, x, 32)); Buffer.BlockCopy(msgKeyBytes, 0, buffer, 0, MsgKeyLength); Buffer.BlockCopy(authKey, x, buffer, MsgKeyLength, 32); byte[] sha1A = hashServices.ComputeSHA1(buffer); // sha1_b = SHA1 (substr (auth_key, 32+x, 16) + msg_key + substr (auth_key, 48+x, 16)); Buffer.BlockCopy(authKey, 32 + x, buffer, 0, 16); Buffer.BlockCopy(msgKeyBytes, 0, buffer, 16, MsgKeyLength); Buffer.BlockCopy(authKey, 48 + x, buffer, 16 + MsgKeyLength, 16); byte[] sha1B = hashServices.ComputeSHA1(buffer); // sha1_с = SHA1 (substr (auth_key, 64+x, 32) + msg_key); Buffer.BlockCopy(authKey, 64 + x, buffer, 0, 32); Buffer.BlockCopy(msgKeyBytes, 0, buffer, 32, MsgKeyLength); byte[] sha1C = hashServices.ComputeSHA1(buffer); // sha1_d = SHA1 (msg_key + substr (auth_key, 96+x, 32)); Buffer.BlockCopy(msgKeyBytes, 0, buffer, 0, MsgKeyLength); Buffer.BlockCopy(authKey, 96 + x, buffer, MsgKeyLength, 32); byte[] sha1D = hashServices.ComputeSHA1(buffer); // aes_key = substr (sha1_a, 0, 8) + substr (sha1_b, 8, 12) + substr (sha1_c, 4, 12); aesKey = new byte[32]; Buffer.BlockCopy(sha1A, 0, aesKey, 0, 8); Buffer.BlockCopy(sha1B, 8, aesKey, 8, 12); Buffer.BlockCopy(sha1C, 4, aesKey, 20, 12); // aes_iv = substr (sha1_a, 8, 12) + substr (sha1_b, 0, 8) + substr (sha1_c, 16, 4) + substr (sha1_d, 0, 8); aesIV = new byte[32]; Buffer.BlockCopy(sha1A, 8, aesIV, 0, 12); Buffer.BlockCopy(sha1B, 0, aesIV, 12, 8); Buffer.BlockCopy(sha1C, 16, aesIV, 20, 4); Buffer.BlockCopy(sha1D, 0, aesIV, 24, 8); }
private ulong ComputeAuthKeyId(byte[] authKey, IHashServices hashServices) { byte[] authKeySHA1 = hashServices.ComputeSHA1(authKey); return(authKeySHA1.ToUInt64(authKeySHA1.Length - 8, true)); }
/// <summary> /// Initializes a new instance of the <see cref="EncryptedMessage" /> class from a whole message bytes, which contain /// encrypted data. /// </summary> /// <param name="authKey"> /// Authorization Key a 2048-bit key shared by the client device and the server, created upon user /// registration directly on the client device be exchanging Diffie-Hellman keys, and never transmitted over a network. /// Each authorization key is user-specific. There is nothing that prevents a user from having several keys (that /// correspond to “permanent sessions” on different devices), and some of these may be locked forever in the event the /// device is lost. /// </param> /// <param name="messageBytes">Whole message bytes, which contain encrypted data.</param> /// <param name="sender">Sender of the message.</param> /// <param name="hashServices">Hash services.</param> /// <param name="encryptionServices">Encryption services.</param> public EncryptedMessage([NotNull] byte[] authKey, [NotNull] byte[] messageBytes, Sender sender, [NotNull] IHashServices hashServices, [NotNull] IEncryptionServices encryptionServices) { Argument.IsNotNull(() => authKey); Argument.IsNotNull(() => messageBytes); Argument.IsNotNull(() => hashServices); Argument.IsNotNull(() => encryptionServices); ulong authKeyId = ComputeAuthKeyId(authKey, hashServices); _messageBytes = messageBytes; _length = _messageBytes.Length; var encryptedData = new byte[_length - OuterHeaderLength]; using (var streamer = new TLStreamer(_messageBytes)) { // Reading header. _authKeyId = streamer.ReadUInt64(); if (_authKeyId != authKeyId) { throw new InvalidAuthKey(string.Format("Message encrypted with auth key with id={0}, but auth key provided for decryption with id={1}.", _authKeyId, authKeyId)); } _msgKey = streamer.ReadInt128(); // Reading encrypted data. streamer.Read(encryptedData, 0, encryptedData.Length); } // Decrypting. byte[] aesKey, aesIV; ComputeAesKeyAndIV(authKey, _msgKey, out aesKey, out aesIV, hashServices, sender); byte[] innerDataWithPadding = encryptionServices.Aes256IgeDecrypt(encryptedData, aesKey, aesIV); using (var streamer = new TLStreamer(innerDataWithPadding)) { _salt = streamer.ReadUInt64(); _sessionId = streamer.ReadUInt64(); _messageId = streamer.ReadUInt64(); _seqNumber = streamer.ReadUInt32(); _messageDataLength = streamer.ReadInt32(); _messageData = streamer.ReadBytes(_messageDataLength); } int innerDataLength = InnerHeaderLength + _messageDataLength; // When an encrypted message is received, it must be checked that // msg_key is in fact equal to the 128 lower-order bits // of the SHA1 hash of the previously encrypted portion. var msgKey = ComputeMsgKey(new ArraySegment <byte>(innerDataWithPadding, 0, innerDataLength), hashServices); if (_msgKey != msgKey) { throw new InvalidMessageException(string.Format("Expected message key to be {0}, but actual is {1}.", _msgKey, msgKey)); } }
private static Int128 ComputeMsgKey(ArraySegment <byte> bytes, [NotNull] IHashServices hashServices) { byte[] innerDataSHA1 = hashServices.ComputeSHA1(bytes); return(innerDataSHA1.ToInt128(innerDataSHA1.Length - 16, true)); }