move gotd fork into repo. (#111)

- update to latest telegram layer - remove some references to fields in tg.Entities that don't exist in the schema - originally added here: https://github.com/beeper/td/commit/820929062a2ba0104397bc01235ab58a9cff780e - referenced here - https://github.com/mautrix/telegramgo/commit/124f0967ed195b5a380c9bd02e170ada9710dde3 - https://github.com/mautrix/telegramgo/commit/4205047aab2e0639217148b5d125bfaab668bd8e
2025-06-27 20:03:37 -07:00
parent 0952df0244
commit 7a04f298d2
19264 changed files with 1539697 additions and 84 deletions
@@ -0,0 +1,91 @@
+package crypto
+
+import (
+	"crypto/aes"
+
+	"github.com/go-faster/errors"
+
+	"github.com/gotd/ige"
+
+	"go.mau.fi/mautrix-telegram/pkg/gotd/bin"
+)
+
+// DecryptFromBuffer decodes EncryptedMessage and decrypts it.
+func (c Cipher) DecryptFromBuffer(k AuthKey, buf *bin.Buffer) (*EncryptedMessageData, error) {
+	msg := &EncryptedMessage{}
+	// Because we assume that buffer is valid during decrypting, we able to
+	// use DecodeWithoutCopy and do not allocate inner buffer for EncryptedMessage.
+	if err := msg.DecodeWithoutCopy(buf); err != nil {
+		return nil, err
+	}
+
+	return c.Decrypt(k, msg)
+}
+
+func (c Cipher) DecryptRaw(k AuthKey, encrypted *EncryptedMessage) ([]byte, error) {
+	plaintext, err := c.decryptMessage(k, encrypted)
+	if err != nil {
+		return nil, err
+	}
+
+	side := c.encryptSide.DecryptSide()
+	// Checking SHA256 hash value of msg_key
+	msgKey := MessageKey(k.Value, plaintext, side)
+	if msgKey != encrypted.MsgKey {
+		return nil, errors.New("msg_key is invalid")
+	}
+	return plaintext, nil
+}
+
+// Decrypt decrypts data from encrypted message using AES-IGE.
+func (c Cipher) Decrypt(k AuthKey, encrypted *EncryptedMessage) (*EncryptedMessageData, error) {
+	plaintext, err := c.DecryptRaw(k, encrypted)
+	if err != nil {
+		return nil, err
+	}
+
+	msg := &EncryptedMessageData{}
+	// Notice: do not re-use plaintext, because we use DecodeWithoutCopy, it references
+	// original buffer.
+	if err := msg.DecodeWithoutCopy(&bin.Buffer{Buf: plaintext}); err != nil {
+		return nil, err
+	}
+
+	{
+		// Checking that padding of decrypted message is not too big.
+		const maxPadding = 1024
+		n := int(msg.MessageDataLen)
+		paddingLen := len(msg.MessageDataWithPadding) - n
+
+		switch {
+		case n < 0:
+			return nil, errors.Errorf("message length is invalid: %d less than zero", n)
+		case n%4 != 0:
+			return nil, errors.Errorf("message length is invalid: %d is not divisible by 4", n)
+		case paddingLen > maxPadding:
+			return nil, errors.Errorf("padding %d of message is too big", paddingLen)
+		}
+	}
+
+	return msg, nil
+}
+
+// decryptMessage decrypts data from encrypted message using AES-IGE.
+func (c Cipher) decryptMessage(k AuthKey, encrypted *EncryptedMessage) ([]byte, error) {
+	if k.ID != encrypted.AuthKeyID {
+		return nil, errors.New("unknown auth key id")
+	}
+	if len(encrypted.EncryptedData)%16 != 0 {
+		return nil, errors.New("invalid encrypted data padding")
+	}
+
+	key, iv := Keys(k.Value, encrypted.MsgKey, c.encryptSide.DecryptSide())
+	cipher, err := aes.NewCipher(key[:])
+	if err != nil {
+		return nil, err
+	}
+	plaintext := make([]byte, len(encrypted.EncryptedData))
+	ige.DecryptBlocks(cipher, iv[:], plaintext, encrypted.EncryptedData)
+
+	return plaintext, nil
+}