Add documentation-conforming checks

2025-06-16 05:55:20 +00:00 · 2022-03-30 01:22:26 +04:00 · 2022-03-30 01:22:26 +04:00 · 0e55dd7db7
commit 0e55dd7db7
parent 681d0891ed
2 changed files with 32 additions and 1 deletions
--- a/submodules/MtProtoKit/Sources/MTEncryption.m
+++ b/submodules/MtProtoKit/Sources/MTEncryption.m
@ -627,7 +627,22 @@ bool MTCheckIsSafeGAOrB(id<EncryptionProvider> provider, NSData *gAOrB, NSData *
        [context subInto:bnPMinusOne a:bnP b:bnOne];
        
        if ([context compare:bnNumber with:bnPMinusOne] == -1) {
-            result = true;
+            id<MTBignum> n2 = [context create];
+            [context assignWordTo:n2 value:2];
+            
+            id<MTBignum> n2048_minus_64 = [context create];
+            [context assignWordTo:n2048_minus_64 value:2048 - 64];
+            
+            id<MTBignum> n2_to_2048_minus_64 = [context create];
+            [context expInto:n2_to_2048_minus_64 a:n2 b:n2048_minus_64];
+            
+            id<MTBignum> dh_prime_minus_n2_to_2048_minus_64 = [context create];
+            [context subInto:dh_prime_minus_n2_to_2048_minus_64 a:bnP b:n2_to_2048_minus_64];
+            
+            if ([context compare:bnNumber with:n2_to_2048_minus_64] == 1 &&
+                [context compare:bnNumber with:dh_prime_minus_n2_to_2048_minus_64] == -1) {
+                result = true;
+            }
        }
    }
    
--- a/submodules/TelegramCore/Sources/State/ManagedSecretChatOutgoingOperations.swift
+++ b/submodules/TelegramCore/Sources/State/ManagedSecretChatOutgoingOperations.swift
@ -209,6 +209,10 @@ private func initialHandshakeAccept(postbox: Postbox, network: Network, peerId:
        
        let gb = MTExp(network.encryptionProvider, g, bData, p)!
        
+        if !MTCheckIsSafeGAOrB(network.encryptionProvider, gb, p) {
+            return .complete()
+        }
+        
        var key = MTExp(network.encryptionProvider, gA.makeData(), bData, p)!
        
        if key.count > 256 {
@ -284,6 +288,10 @@ private func pfsRequestKey(postbox: Postbox, network: Network, peerId: PeerId, l
        let aData = a.makeData()
        let ga = MTExp(network.encryptionProvider, g, aData, p)!
        
+        if !MTCheckIsSafeGAOrB(network.encryptionProvider, ga, p) {
+            return .complete()
+        }
+        
        return postbox.transaction { transaction -> Signal<Void, NoError> in
            if let state = transaction.getPeerChatState(peerId) as? SecretChatState {
                switch state.embeddedState {
@ -308,10 +316,18 @@ private func pfsAcceptKey(postbox: Postbox, network: Network, peerId: PeerId, la
        let g = Data(bytes: &gValue, count: 4)
        let p = config.p.makeData()
        
+        if !MTCheckIsSafeGAOrB(network.encryptionProvider, gA.makeData(), p) {
+            return .complete()
+        }
+        
        let bData = b.makeData()
        
        let gb = MTExp(network.encryptionProvider, g, bData, p)!
        
+        if !MTCheckIsSafeGAOrB(network.encryptionProvider, gb, p) {
+            return .complete()
+        }
+        
        var key = MTExp(network.encryptionProvider, gA.makeData(), bData, p)!
        
        if key.count > 256 {