mtproto 0.0.3 → 0.0.5

data/lib/mtproto/client.rb

@@ -0,0 +1,235 @@
+# frozen_string_literal: true
+
+require 'securerandom'
+require 'digest'
+require_relative 'transport/tcp_connection'
+require_relative 'transport/abridged_packet_codec'
+require_relative 'tl/message'
+
+module MTProto
+  class Client
+    DC_ADDRESSES = {
+      1 => ['149.154.175.50', 443],
+      2 => ['149.154.167.51', 443],
+      3 => ['149.154.175.100', 443],
+      4 => ['149.154.167.91', 443],
+      5 => ['91.108.56.130', 443]
+    }.freeze
+
+    attr_reader :connection, :server_key, :auth_key, :server_salt, :time_offset, :session
+
+    def initialize(dc_id: 2)
+      host, port = DC_ADDRESSES[dc_id]
+      raise ArgumentError, "Unknown DC ID: #{dc_id}" unless host
+
+      codec = Transport::AbridgedPacketCodec.new
+      @connection = Transport::TCPConnection.new(host, port, codec)
+      @server_key = nil
+      @auth_key = nil
+      @server_salt = nil
+      @time_offset = 0
+      @session = nil
+      @connection_initialized = false
+    end
+
+    def connect
+      @connection.connect
+    end
+
+    def disconnect
+      @connection.close
+    end
+
+    def req_pq_multi
+      nonce = SecureRandom.random_bytes(16)
+
+      message = TL::Message.req_pq_multi(nonce)
+      payload = message.serialize
+
+      @connection.send(payload)
+
+      response_data = @connection.recv(timeout: 10)
+      response_message = TL::Message.deserialize(response_data)
+
+      res_pq = response_message.parse_res_pq
+
+      raise 'Nonce mismatch!' unless res_pq[:nonce] == nonce
+
+      res_pq
+    end
+
+    def make_auth_key
+      generator = AuthKeyGenerator.new(@connection)
+      result = generator.generate
+
+      @auth_key = generator.auth_key
+      @server_salt = generator.server_salt
+      @time_offset = generator.time_offset
+      @session = Session.new
+
+      result
+    end
+
+    def generate_msg_id
+      time = Time.now.to_f + @time_offset
+      msg_id = (time * (2**32)).to_i
+      (msg_id / 4) * 4
+    end
+
+    def rpc_call(body, content_related: true)
+      raise 'Auth key not generated' unless @auth_key
+      raise 'Session not initialized' unless @session
+
+      msg_id = generate_msg_id
+      seq_no = @session.next_seq_no(content_related: content_related)
+
+      encrypted_msg = EncryptedMessage.encrypt(
+        auth_key: @auth_key,
+        server_salt: @server_salt,
+        session_id: @session.session_id,
+        msg_id: msg_id,
+        seq_no: seq_no,
+        body: body
+      )
+
+      @connection.send(encrypted_msg.serialize)
+
+      response_data = @connection.recv(timeout: 10)
+
+      decrypted = EncryptedMessage.decrypt(
+        auth_key: @auth_key,
+        encrypted_message_data: response_data,
+        sender: :server
+      )
+
+      response_body = decrypted[:body]
+
+      constructor = response_body[0, 4].unpack1('L<')
+      puts "  [RPC] First response constructor: 0x#{constructor.to_s(16)} (#{response_body.bytesize} bytes)"
+
+      if constructor == TL::NewSessionCreated::CONSTRUCTOR
+        puts "  [RPC] Got new_session_created, waiting for actual response..."
+        session_info = TL::NewSessionCreated.deserialize(response_body)
+        @server_salt = session_info.server_salt
+        puts "  [RPC] Updated server_salt to: 0x#{@server_salt.to_s(16)}"
+
+        response_data = @connection.recv(timeout: 10)
+        puts "  [RPC] Second response received (#{response_data.bytesize} bytes encrypted)"
+        decrypted = EncryptedMessage.decrypt(
+          auth_key: @auth_key,
+          encrypted_message_data: response_data,
+          sender: :server
+        )
+        response_body = decrypted[:body]
+        constructor = response_body[0, 4].unpack1('L<')
+        puts "  [RPC] Second response constructor: 0x#{constructor.to_s(16)} (#{response_body.bytesize} bytes)"
+      end
+
+      if constructor == TL::Message::CONSTRUCTOR_MSG_CONTAINER
+        puts "  [RPC] Response is a container, unpacking..."
+        container = TL::MsgContainer.deserialize(response_body)
+        puts "  [RPC] Container has #{container.messages.size} messages"
+
+        container.messages.each_with_index do |msg, i|
+          msg_constructor = msg[:body][0, 4].unpack1('L<')
+          puts "  [RPC]   Message #{i}: constructor=0x#{msg_constructor.to_s(16)}, size=#{msg[:body].bytesize}"
+        end
+
+        rpc_result = container.messages.find do |msg|
+          msg[:body][0, 4].unpack1('L<') == 0xf35c6d01
+        end
+
+        if rpc_result
+          puts "  [RPC] Found rpc_result in container, extracting..."
+          return rpc_result[:body][12..]
+        end
+
+        new_session = container.messages.find { |msg| msg[:body][0, 4].unpack1('L<') == TL::NewSessionCreated::CONSTRUCTOR }
+        if new_session
+          puts "  [RPC] Container has new_session_created, updating salt and waiting for RPC result..."
+          session_info = TL::NewSessionCreated.deserialize(new_session[:body])
+          @server_salt = session_info.server_salt
+          puts "  [RPC] Updated server_salt to: 0x#{@server_salt.to_s(16)}"
+
+          response_data = @connection.recv(timeout: 10)
+          puts "  [RPC] Next response received (#{response_data.bytesize} bytes encrypted)"
+          decrypted = EncryptedMessage.decrypt(
+            auth_key: @auth_key,
+            encrypted_message_data: response_data,
+            sender: :server
+          )
+          response_body = decrypted[:body]
+          constructor = response_body[0, 4].unpack1('L<')
+          puts "  [RPC] Next response constructor: 0x#{constructor.to_s(16)} (#{response_body.bytesize} bytes)"
+
+          if constructor == 0xf35c6d01
+            puts "  [RPC] Next response is rpc_result, extracting payload..."
+            return response_body[12..]
+          end
+
+          if constructor == TL::Message::CONSTRUCTOR_MSG_CONTAINER
+            puts "  [RPC] Next response is also a container, looking for rpc_result..."
+            container = TL::MsgContainer.deserialize(response_body)
+            rpc_result = container.messages.find { |msg| msg[:body][0, 4].unpack1('L<') == 0xf35c6d01 }
+            return rpc_result[:body][12..] if rpc_result
+          end
+
+          return response_body
+        end
+
+        puts "  [RPC] No rpc_result found, returning first message body"
+        return container.messages.first[:body]
+      end
+
+      if constructor == 0xf35c6d01
+        puts "  [RPC] Response is rpc_result, extracting payload..."
+        return response_body[12..]
+      end
+
+      puts "  [RPC] Returning raw response body (constructor: 0x#{constructor.to_s(16)})"
+      response_body
+    end
+
+    def invoke_with_layer(layer, query)
+      body = TL::Serializer.serialize_int(0xda9b0d0d)
+      body += TL::Serializer.serialize_int(layer)
+      body += query
+      body
+    end
+
+    def init_connection(api_id, device_model, system_version, app_version, system_lang_code, lang_code, query)
+      body = TL::Serializer.serialize_int(0xc1cd5ea9)
+      flags = 0
+      body += TL::Serializer.serialize_int(flags)
+      body += TL::Serializer.serialize_int(api_id)
+      body += TL::Serializer.serialize_string(device_model)
+      body += TL::Serializer.serialize_string(system_version)
+      body += TL::Serializer.serialize_string(app_version)
+      body += TL::Serializer.serialize_string(system_lang_code)
+      body += TL::Serializer.serialize_string('')
+      body += TL::Serializer.serialize_string(lang_code)
+      body += query
+      body
+    end
+
+    def help_get_config
+      query = [0xc4f9186b].pack('L<')
+
+      unless @connection_initialized
+        query = init_connection(
+          123456,
+          'Ruby MTProto',
+          'Ruby 3.x',
+          '0.1.0',
+          'en',
+          'en',
+          query
+        )
+        query = invoke_with_layer(214, query)
+        @connection_initialized = true
+      end
+
+      rpc_call(query)
+    end
+  end
+end

data/lib/mtproto/crypto/aes_ige.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+begin
+  require 'aes_ige/aes_ige'
+rescue LoadError => e
+  warn "Failed to load AES-IGE C extension: #{e.message}"
+  warn 'Run: cd ext/aes_ige && ruby extconf.rb && make'
+  warn 'AES-IGE encryption/decryption will not be available'
+
+  module MTProto
+    module Crypto
+      module AES_IGE
+        def self.encrypt_ige(_plaintext, _key, _iv)
+          raise NotImplementedError, 'AES-IGE not available (C extension not loaded)'
+        end
+
+        def self.decrypt_ige(_ciphertext, _key, _iv)
+          raise NotImplementedError, 'AES-IGE not available (C extension not loaded)'
+        end
+      end
+    end
+  end
+end

data/lib/mtproto/crypto/auth_key_helper.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require 'digest'
+
+module MTProto
+  module Crypto
+    module AuthKeyHelper
+      module_function
+
+      def derive_tmp_aes_key(new_nonce, server_nonce)
+        sha1_a = Digest::SHA1.digest(new_nonce + server_nonce)
+        sha1_b = Digest::SHA1.digest(server_nonce + new_nonce)
+
+        sha1_a + sha1_b[0, 12]
+      end
+
+      def derive_tmp_aes_iv(new_nonce, server_nonce)
+        sha1_b = Digest::SHA1.digest(server_nonce + new_nonce)
+        sha1_c = Digest::SHA1.digest(new_nonce + new_nonce)
+
+        sha1_b[12, 8] + sha1_c + new_nonce[0, 4]
+      end
+    end
+  end
+end

data/lib/mtproto/crypto/dh_key_exchange.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+require 'openssl'
+require 'securerandom'
+
+module MTProto
+  module Crypto
+    module DHKeyExchange
+      module_function
+
+      def generate_client_dh_params(g, dh_prime_bytes)
+        dh_prime = OpenSSL::BN.new(dh_prime_bytes, 2)
+        g_bn = OpenSSL::BN.new(g)
+
+        b = generate_random_2048_bit_number
+        g_b = g_bn.mod_exp(b, dh_prime)
+
+        DHValidator.validate_g_a(g_b, dh_prime)
+
+        {
+          b: b,
+          g_b: g_b,
+          g_b_bytes: g_b.to_s(2)
+        }
+      end
+
+      def compute_auth_key(g_a_bytes, b, dh_prime_bytes)
+        g_a = OpenSSL::BN.new(g_a_bytes, 2)
+        dh_prime = OpenSSL::BN.new(dh_prime_bytes, 2)
+
+        auth_key_bn = g_a.mod_exp(b, dh_prime)
+        auth_key_bn.to_s(2)
+      end
+
+      def generate_random_2048_bit_number
+        random_bytes = SecureRandom.random_bytes(256)
+        random_bytes[0] = (random_bytes[0].ord | 0x80).chr
+
+        bn = OpenSSL::BN.new(random_bytes, 2)
+        bn
+      end
+    end
+  end
+end

data/lib/mtproto/crypto/dh_validator.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+require 'openssl'
+
+module MTProto
+  module Crypto
+    module DHValidator
+      module_function
+
+      def validate_dh_params(g, dh_prime_bytes, g_a_bytes)
+        dh_prime = OpenSSL::BN.new(dh_prime_bytes, 2)
+        g_a = OpenSSL::BN.new(g_a_bytes, 2)
+
+        validate_g(g, dh_prime)
+        validate_dh_prime(dh_prime)
+        validate_g_a(g_a, dh_prime)
+
+        true
+      end
+
+      def validate_g(g, dh_prime)
+        raise 'Invalid g: must be 2, 3, 4, 5, 6, or 7' unless [2, 3, 4, 5, 6, 7].include?(g)
+
+        p_mod = case g
+        when 2
+          dh_prime % 8 == 7
+        when 3
+          dh_prime % 3 == 2
+        when 4
+          true
+        when 5
+          mod5 = dh_prime % 5
+          mod5 == 1 || mod5 == 4
+        when 6
+          mod24 = dh_prime % 24
+          mod24 == 19 || mod24 == 23
+        when 7
+          mod7 = dh_prime % 7
+          [3, 5, 6].include?(mod7)
+        end
+
+        raise "g=#{g} is not a valid generator for this prime" unless p_mod
+
+        true
+      end
+
+      def validate_dh_prime(dh_prime)
+        bit_length = dh_prime.num_bits
+
+        raise 'dh_prime must be 2048 bits' unless bit_length == 2048
+
+        min_prime = OpenSSL::BN.new(2)**2047
+        max_prime = OpenSSL::BN.new(2)**2048
+
+        if dh_prime <= min_prime || dh_prime >= max_prime
+          raise 'dh_prime out of range (must be 2^2047 < p < 2^2048)'
+        end
+
+        true
+      end
+
+      def validate_g_a(g_a, dh_prime)
+        one = OpenSSL::BN.new(1)
+        dh_prime_minus_one = dh_prime - one
+
+        raise 'g_a must be > 1' if g_a <= one
+        raise 'g_a must be < dh_prime - 1' if g_a >= dh_prime_minus_one
+
+        safety_range_min = OpenSSL::BN.new(2)**1984
+        safety_range_max = dh_prime - safety_range_min
+
+        if g_a < safety_range_min || g_a > safety_range_max
+          raise 'g_a outside safety range (2^1984 to dh_prime - 2^1984)'
+        end
+
+        true
+      end
+    end
+  end
+end

data/lib/mtproto/crypto/factorization.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+begin
+  require 'factorization/factorization'
+rescue LoadError => e
+  warn "Failed to load Factorization C extension: #{e.message}"
+  warn 'Run: cd ext/factorization && ruby extconf.rb && make'
+  raise
+end
+
+module MTProto
+  module Crypto
+    module Factorization
+      module_function
+
+      def factorize_pq(pq_bytes)
+        FactorizationExt.factorize_pq(pq_bytes)
+      end
+
+      def bytes_to_integer(bytes)
+        bytes.unpack('C*').inject(0) { |sum, byte| (sum << 8) | byte }
+      end
+
+      def integer_sqrt(n)
+        return n if n < 2
+
+        x = n
+        y = (x + 1) / 2
+
+        while y < x
+          x = y
+          y = (x + n / x) / 2
+        end
+
+        x
+      end
+    end
+  end
+end

data/lib/mtproto/crypto/message_key.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require 'digest'
+
+module MTProto
+  module Crypto
+    module MessageKey
+      module_function
+
+      def generate_msg_key(auth_key, plaintext, sender: :client)
+        x = sender == :client ? 0 : 8
+        auth_key_part = auth_key[88 + x, 32]
+
+        sha256_a = Digest::SHA256.digest(auth_key_part + plaintext)
+
+        sha256_a[8, 16]
+      end
+
+      def derive_aes_key_iv(auth_key, msg_key, sender: :client)
+        x = sender == :client ? 0 : 8
+
+        sha256_a = Digest::SHA256.digest(msg_key + auth_key[x, 36])
+        sha256_b = Digest::SHA256.digest(auth_key[40 + x, 36] + msg_key)
+
+        aes_key = sha256_a[0, 8] + sha256_b[8, 16] + sha256_a[24, 8]
+        aes_iv = sha256_b[0, 8] + sha256_a[8, 16] + sha256_b[24, 8]
+
+        { aes_key: aes_key, aes_iv: aes_iv }
+      end
+    end
+  end
+end

data/lib/mtproto/crypto/rsa_key.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+require 'openssl'
+require 'digest'
+
+module MTProto
+  module Crypto
+    class RSAKey
+      TELEGRAM_KEY = <<~PEM
+        -----BEGIN RSA PUBLIC KEY-----
+        MIIBCgKCAQEA6LszBcC1LGzyr992NzE0ieY+BSaOW622Aa9Bd4ZHLl+TuFQ4lo4g
+        5nKaMBwK/BIb9xUfg0Q29/2mgIR6Zr9krM7HjuIcCzFvDtr+L0GQjae9H0pRB2OO
+        62cECs5HKhT5DZ98K33vmWiLowc621dQuwKWSQKjWf50XYFw42h21P2KXUGyp2y/
+        +aEyZ+uVgLLQbRA1dEjSDZ2iGRy12Mk5gpYc397aYp438fsJoHIgJ2lgMv5h7WY9
+        t6N/byY9Nw9p21Og3AoXSL2q/2IJ1WRUhebgAdGVMlV1fkuOQoEzR7EdpqtQD9Cs
+        5+bfo3Nhmcyvk5ftB0WkJ9z6bNZ7yxrP8wIDAQAB
+        -----END RSA PUBLIC KEY-----
+      PEM
+
+      attr_reader :key, :fingerprint
+
+      def initialize(pem_string)
+        @key = OpenSSL::PKey::RSA.new(pem_string)
+        @fingerprint = calculate_fingerprint
+      end
+
+      def self.telegram_key
+        @telegram_key ||= new(TELEGRAM_KEY)
+      end
+
+      def self.find_by_fingerprint(fingerprints)
+        telegram_key if fingerprints.include?(telegram_key.fingerprint)
+      end
+
+      private
+
+      def calculate_fingerprint
+        n_bytes = @key.n.to_s(2).unpack1('B*').scan(/.{8}/).map { |b| b.to_i(2) }.pack('C*')
+        e_bytes = @key.e.to_s(2).unpack1('B*').scan(/.{8}/).map { |b| b.to_i(2) }.pack('C*')
+
+        n_tl = serialize_bytes(n_bytes)
+        e_tl = serialize_bytes(e_bytes)
+
+        data = n_tl + e_tl
+        sha1 = Digest::SHA1.digest(data)
+
+        sha1[-8..].unpack1('Q<')
+      end
+
+      def serialize_bytes(bytes)
+        length = bytes.bytesize
+
+        if length <= 253
+          [length].pack('C') + bytes + padding(length + 1)
+        else
+          [254].pack('C') + [length].pack('L<')[0, 3] + bytes + padding(length + 4)
+        end
+      end
+
+      def padding(current_length)
+        pad_length = (4 - (current_length % 4)) % 4
+        "\x00" * pad_length
+      end
+    end
+  end
+end

data/lib/mtproto/crypto/rsa_pad.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+require 'securerandom'
+require 'digest'
+require 'openssl'
+
+module MTProto
+  module Crypto
+    module RSA_PAD
+      module_function
+
+      def encrypt(data, rsa_key)
+        raise ArgumentError, 'Data too large' if data.bytesize > 144
+
+        loop do
+          result = perform_encryption(data)
+          result_bn = OpenSSL::BN.new(result, 2)
+
+          return rsa_key.key.public_encrypt(result, OpenSSL::PKey::RSA::NO_PADDING) if result_bn < rsa_key.key.n
+
+          # If result >= modulus, retry with new random data
+        end
+      end
+
+      def perform_encryption(data)
+        data_with_padding = pad_to_192(data)
+        data_reversed = data_with_padding.reverse
+        temp_key = SecureRandom.random_bytes(32)
+        data_hash = Digest::SHA256.digest(temp_key + data_with_padding)
+        to_encrypt = data_reversed + data_hash
+
+        aes_key = temp_key
+        aes_iv = "\x00" * 32
+        encrypted = AES_IGE.encrypt_ige(to_encrypt, aes_key, aes_iv)
+
+        encrypted_hash = Digest::SHA256.digest(encrypted)
+        temp_key_xor = xor_bytes(temp_key, encrypted_hash)
+
+        temp_key_xor + encrypted
+      end
+
+      def pad_to_192(data)
+        padding_length = 192 - data.bytesize
+        raise ArgumentError, 'Data too large for RSA_PAD' if padding_length < 0
+
+        data + SecureRandom.random_bytes(padding_length)
+      end
+
+      def xor_bytes(bytes1, bytes2)
+        length = [bytes1.bytesize, bytes2.bytesize].min
+        result = String.new(capacity: length)
+        length.times do |i|
+          result << (bytes1.getbyte(i) ^ bytes2.getbyte(i))
+        end
+        result
+      end
+    end
+  end
+end

data/lib/mtproto/encrypted_message.rb

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+require 'digest'
+require 'securerandom'
+
+module MTProto
+  class EncryptedMessage
+    attr_reader :auth_key_id, :msg_key, :encrypted_data
+
+    def initialize(auth_key_id:, msg_key:, encrypted_data:)
+      @auth_key_id = auth_key_id
+      @msg_key = msg_key
+      @encrypted_data = encrypted_data
+    end
+
+    def self.encrypt(auth_key:, server_salt:, session_id:, msg_id:, seq_no:, body:)
+      salt_bytes = [server_salt].pack('Q<')
+      session_id_bytes = [session_id].pack('Q<')
+      msg_id_bytes = [msg_id].pack('Q<')
+      seq_no_bytes = [seq_no].pack('L<')
+      body_length_bytes = [body.bytesize].pack('L<')
+
+      plaintext = salt_bytes + session_id_bytes + msg_id_bytes + seq_no_bytes + body_length_bytes + body
+
+      padding_length = (16 - (plaintext.bytesize % 16)) % 16
+      padding_length += 16 if padding_length < 12
+      plaintext += SecureRandom.random_bytes(padding_length)
+
+      msg_key = Crypto::MessageKey.generate_msg_key(auth_key, plaintext, sender: :client)
+
+      keys = Crypto::MessageKey.derive_aes_key_iv(auth_key, msg_key, sender: :client)
+
+      encrypted_data = Crypto::AES_IGE.encrypt_ige(plaintext, keys[:aes_key], keys[:aes_iv])
+
+      auth_key_id = Digest::SHA1.digest(auth_key)[-8..].unpack1('Q<')
+
+      new(auth_key_id: auth_key_id, msg_key: msg_key, encrypted_data: encrypted_data)
+    end
+
+    def self.decrypt(auth_key:, encrypted_message_data:, sender: :server)
+      auth_key_id = encrypted_message_data[0, 8].unpack1('Q<')
+      msg_key = encrypted_message_data[8, 16]
+      encrypted_data = encrypted_message_data[24..]
+
+      keys = Crypto::MessageKey.derive_aes_key_iv(auth_key, msg_key, sender: sender)
+
+      plaintext = Crypto::AES_IGE.decrypt_ige(encrypted_data, keys[:aes_key], keys[:aes_iv])
+
+      expected_msg_key = Crypto::MessageKey.generate_msg_key(auth_key, plaintext, sender: sender)
+      raise 'msg_key mismatch!' unless msg_key == expected_msg_key
+
+      offset = 0
+      server_salt = plaintext[offset, 8].unpack1('Q<')
+      offset += 8
+
+      session_id = plaintext[offset, 8].unpack1('Q<')
+      offset += 8
+
+      msg_id = plaintext[offset, 8].unpack1('Q<')
+      offset += 8
+
+      seq_no = plaintext[offset, 4].unpack1('L<')
+      offset += 4
+
+      body_length = plaintext[offset, 4].unpack1('L<')
+      offset += 4
+
+      body = plaintext[offset, body_length]
+
+      {
+        auth_key_id: auth_key_id,
+        msg_key: msg_key,
+        server_salt: server_salt,
+        session_id: session_id,
+        msg_id: msg_id,
+        seq_no: seq_no,
+        body: body
+      }
+    end
+
+    def serialize
+      auth_key_id_bytes = [@auth_key_id].pack('Q<')
+      auth_key_id_bytes + @msg_key + @encrypted_data
+    end
+  end
+end