Documentation ¶
Overview ¶
Package crypto implements cryptographical primitives for MTproto.
Reference:
Index ¶
- Constants
- func CheckDH(g int, p *big.Int) error
- func CheckDHParams(dhPrime, g, gA, gB *big.Int) error
- func CheckGP(g int, p *big.Int) error
- func DataWithHash(data []byte, randomSource io.Reader) ([]byte, error)
- func DecodeRSAPad(data []byte, key *rsa.PrivateKey) ([]byte, error)
- func DecomposePQ(pq *big.Int, randSource io.Reader) (p, q *big.Int, err error)
- func DecryptExchangeAnswer(data, key, iv []byte) (dst []byte, err error)
- func DefaultRand() io.Reader
- func EncryptExchangeAnswer(rand io.Reader, answer, key, iv []byte) (dst []byte, err error)
- func FillBytes(b *big.Int, to []byte) bool
- func GuessDataWithHash(dataWithHash []byte) []byte
- func InRange(x, min, max *big.Int) bool
- func Keys(authKey Key, msgKey bin.Int128, mode Side) (key, iv bin.Int256)
- func MessageKey(authKey Key, plaintextPadded []byte, mode Side) bin.Int128
- func NewSessionID(reader io.Reader) (int64, error)
- func NonceHash1(newNonce bin.Int256, key Key) (r bin.Int128)
- func OldKeys(authKey Key, msgKey bin.Int128, mode Side) (key, iv bin.Int256)
- func ParseRSA(data []byte) (*rsa.PublicKey, error)
- func ParseRSAPublicKeys(data []byte) ([]*rsa.PublicKey, error)
- func Prime(p *big.Int) bool
- func RSADecryptHashed(data []byte, key *rsa.PrivateKey) ([]byte, error)
- func RSAEncryptHashed(data []byte, key *rsa.PublicKey, randomSource io.Reader) ([]byte, error)
- func RSAFingerprint(key *rsa.PublicKey) int64
- func RSAPad(data []byte, key *rsa.PublicKey, randomSource io.Reader) ([]byte, error)
- func RSAPublicDecrypt(pub *rsa.PublicKey, sig []byte) ([]byte, error)
- func RandInt128(randSource io.Reader) (bin.Int128, error)
- func RandInt256(randSource io.Reader) (bin.Int256, error)
- func RandInt64(randSource io.Reader) (int64, error)
- func RandInt64n(randSource io.Reader, n int64) (int64, error)
- func SHA256(from ...[]byte) []byte
- func ServerSalt(newNonce bin.Int256, serverNonce bin.Int128) (salt int64)
- func TempAESKeys(newNonce, serverNonce *big.Int) (key, iv []byte)
- type AuthKey
- type Cipher
- func (c Cipher) Decrypt(k AuthKey, encrypted *EncryptedMessage) (*EncryptedMessageData, error)
- func (c Cipher) DecryptFromBuffer(k AuthKey, buf *bin.Buffer) (*EncryptedMessageData, error)
- func (c Cipher) Encrypt(key AuthKey, data EncryptedMessageData, b *bin.Buffer) error
- func (c Cipher) Rand() io.Reader
- type EncryptedMessage
- type EncryptedMessageData
- func (e *EncryptedMessageData) Data() []byte
- func (e *EncryptedMessageData) Decode(b *bin.Buffer) error
- func (e *EncryptedMessageData) DecodeWithoutCopy(b *bin.Buffer) error
- func (e EncryptedMessageData) Encode(b *bin.Buffer) error
- func (e EncryptedMessageData) EncodeWithoutCopy(b *bin.Buffer) error
- type Key
- type Side
Constants ¶
const RSAKeyBits = 2048
RSAKeyBits is RSA key size.
Can be used as rsa.GenerateKey(src, RSAKeyBits).
Variables ¶
This section is empty.
Functions ¶
func CheckDH ¶ added in v0.50.0
CheckDH performs DH parameters check described in Telegram docs.
Client is expected to check whether p is a safe 2048-bit prime (meaning that both p and (p-1)/2 are prime, and that 2^2047 < p < 2^2048), and that g generates a cyclic subgroup of prime order (p-1)/2, i.e. is a quadratic residue mod p. Since g is always equal to 2, 3, 4, 5, 6 or 7, this is easily done using quadratic reciprocity law, yielding a simple condition on p mod 4g — namely, p mod 8 = 7 for g = 2; p mod 3 = 2 for g = 3; no extra condition for g = 4; p mod 5 = 1 or 4 for g = 5; p mod 24 = 19 or 23 for g = 6; and p mod 7 = 3, 5 or 6 for g = 7.
See https://core.telegram.org/mtproto/auth_key#presenting-proof-of-work-server-authentication.
See https://core.telegram.org/api/srp#checking-the-password-with-srp.
See https://core.telegram.org/api/end-to-end#sending-a-request.
func CheckDHParams ¶
CheckDHParams checks that g_a, g_b and g params meet key exchange conditions.
https://core.telegram.org/mtproto/auth_key#dh-key-exchange-complete
func CheckGP ¶ added in v0.15.1
CheckGP checks whether g generates a cyclic subgroup of prime order (p-1)/2, i.e. is a quadratic residue mod p. Also check that g is 2, 3, 4, 5, 6 or 7.
This function is needed by some Telegram algorithms(Key generation, SRP 2FA).
func DataWithHash ¶
DataWithHash prepends data with SHA1(data) and 0..15 random bytes so result length is divisible by 16.
Use GuessDataWithHash(result) to obtain data.
func DecodeRSAPad ¶ added in v0.50.0
func DecodeRSAPad(data []byte, key *rsa.PrivateKey) ([]byte, error)
DecodeRSAPad implements server-side decoder of RSAPad.
func DecomposePQ ¶
DecomposePQ decomposes pq into prime factors such that p < q.
func DecryptExchangeAnswer ¶ added in v0.12.0
DecryptExchangeAnswer decrypts messages created during key exchange.
func DefaultRand ¶ added in v0.50.0
DefaultRand returns default entropy source.
func EncryptExchangeAnswer ¶ added in v0.12.0
EncryptExchangeAnswer encrypts messages created during key exchange.
func FillBytes ¶ added in v0.50.0
FillBytes is safe version of (*big.Int).FillBytes. Returns false if to length is not exact equal to big.Int's. Otherwise fills to using b and returns true.
func GuessDataWithHash ¶
GuessDataWithHash guesses data from data_with_hash.
func InRange ¶ added in v0.11.0
InRange checks whether x is in (min, max) range, i.e. min < x < max.
func Keys ¶
Keys returns (aes_key, aes_iv) pair for AES-IGE.
See https://core.telegram.org/mtproto/description#defining-aes-key-and-initialization-vector
Example:
key, iv := crypto.Keys(authKey, messageKey, crypto.Client) cipher, err := aes.NewCipher(key[:]) if err != nil { return nil, err } encryptor := ige.NewIGEEncrypter(cipher, iv[:])
func MessageKey ¶
MessageKey computes message key for provided auth_key and padded payload.
func NewSessionID ¶
NewSessionID generates new random int64 from reader.
Use crypto/rand.Reader if session id should be cryptographically safe.
func NonceHash1 ¶ added in v0.15.1
NonceHash1 computes nonce_hash_1. See https://core.telegram.org/mtproto/auth_key#dh-key-exchange-complete.
func OldKeys ¶ added in v0.51.0
OldKeys returns (aes_key, aes_iv) pair for AES-IGE.
See https://core.telegram.org/mtproto/description_v1#defining-aes-key-and-initialization-vector
Example:
key, iv := crypto.OldKeys(authKey, messageKey, crypto.Client) cipher, err := aes.NewCipher(key[:]) if err != nil { return nil, err } encryptor := ige.NewIGEEncrypter(cipher, iv[:])
Warning: MTProto 1.0 is deprecated.
func ParseRSAPublicKeys ¶
ParseRSAPublicKeys parses data as list of PEM-encdoed public keys.
func RSADecryptHashed ¶ added in v0.11.0
func RSADecryptHashed(data []byte, key *rsa.PrivateKey) ([]byte, error)
RSADecryptHashed decrypts given data with RSA.
func RSAEncryptHashed ¶ added in v0.11.0
RSAEncryptHashed encrypts given data with RSA, prefixing with a hash.
func RSAFingerprint ¶
RSAFingerprint returns fingerprint of RSA public key as defined in MTProto.
func RSAPad ¶ added in v0.50.0
RSAPad encrypts given data with RSA, prefixing with a hash.
See https://core.telegram.org/mtproto/auth_key#presenting-proof-of-work-server-authentication.
func RSAPublicDecrypt ¶ added in v0.31.0
RSAPublicDecrypt recovers the message digest from the raw signature using the signer’s RSA public key.
See also OpenSSL’s RSA_public_decrypt with RSA_NO_PADDING.
func RandInt128 ¶
RandInt128 generates and returns new random 128-bit integer.
Use crypto/rand.Reader as randSource in production.
func RandInt256 ¶
RandInt256 generates and returns new random 256-bit integer.
Use crypto/rand.Reader as randSource in production.
func RandInt64n ¶ added in v0.15.0
RandInt64n returns random int64 from randSource in [0; n).
func ServerSalt ¶ added in v0.12.0
ServerSalt computes server salt.
func TempAESKeys ¶
TempAESKeys returns tmp_aes_key and tmp_aes_iv based on new_nonce and server_nonce as defined in "Creating an Authorization Key".
Types ¶
type AuthKey ¶
AuthKey is a Key with cached id.
func (AuthKey) MarshalLogObject ¶ added in v0.50.0
func (a AuthKey) MarshalLogObject(encoder zapcore.ObjectEncoder) error
MarshalLogObject implements zap.ObjectMarshaler.
type Cipher ¶ added in v0.11.0
type Cipher struct {
// contains filtered or unexported fields
}
Cipher is message encryption utility struct.
func NewClientCipher ¶ added in v0.11.0
NewClientCipher creates new client-side Cipher.
func NewServerCipher ¶ added in v0.11.0
NewServerCipher creates new server-side Cipher.
func (Cipher) Decrypt ¶ added in v0.12.0
func (c Cipher) Decrypt(k AuthKey, encrypted *EncryptedMessage) (*EncryptedMessageData, error)
Decrypt decrypts data from encrypted message using AES-IGE.
func (Cipher) DecryptFromBuffer ¶ added in v0.12.0
DecryptFromBuffer decodes EncryptedMessage and decrypts it.
type EncryptedMessage ¶
EncryptedMessage of protocol.
func (*EncryptedMessage) Decode ¶
func (e *EncryptedMessage) Decode(b *bin.Buffer) error
Decode implements bin.Decoder.
func (*EncryptedMessage) DecodeWithoutCopy ¶ added in v0.43.0
func (e *EncryptedMessage) DecodeWithoutCopy(b *bin.Buffer) error
DecodeWithoutCopy is like Decode, but EncryptedData references to given buffer instead of copying.
type EncryptedMessageData ¶
type EncryptedMessageData struct { Salt int64 SessionID int64 MessageID int64 SeqNo int32 MessageDataLen int32 MessageDataWithPadding []byte // Message to encode to MessageDataWithPadding. // Needed to prevent unnecessary allocations in EncodeWithoutCopy. Message bin.Encoder }
EncryptedMessageData is stored in EncryptedMessage.EncryptedData.
func (*EncryptedMessageData) Data ¶ added in v0.11.0
func (e *EncryptedMessageData) Data() []byte
Data returns message data without hash.
func (*EncryptedMessageData) Decode ¶
func (e *EncryptedMessageData) Decode(b *bin.Buffer) error
Decode implements bin.Decoder.
func (*EncryptedMessageData) DecodeWithoutCopy ¶ added in v0.43.0
func (e *EncryptedMessageData) DecodeWithoutCopy(b *bin.Buffer) error
DecodeWithoutCopy is like Decode, but MessageDataWithPadding references to given buffer instead of copying.
func (EncryptedMessageData) Encode ¶
func (e EncryptedMessageData) Encode(b *bin.Buffer) error
Encode implements bin.Encoder.
func (EncryptedMessageData) EncodeWithoutCopy ¶ added in v0.43.1
func (e EncryptedMessageData) EncodeWithoutCopy(b *bin.Buffer) error
EncodeWithoutCopy is like Encode, but tries to encode Message and uses only one buffer to encode. If Message is nil, fallbacks to Encode.
type Key ¶ added in v0.19.0
type Key [256]byte
Key represents 2048-bit authorization key value.
type Side ¶
type Side byte
Side on which encryption is performed.
func (Side) DecryptSide ¶ added in v0.11.0
DecryptSide returns Side for decryption.
Source Files ¶
- check_dh.go
- check_gp.go
- cipher.go
- cipher_decrypt.go
- cipher_encrypt.go
- data_with_hash.go
- dh.go
- doc.go
- encrypted_message.go
- encrypted_message_data.go
- exchange.go
- fill_bytes.go
- key.go
- keys.go
- keys_old.go
- pq.go
- prime.go
- public_keys.go
- rand.go
- rand_notjs.go
- rsa.go
- rsa_fingerprint.go
- rsa_hashed.go
- rsa_pad.go
- salt.go
- session_id.go
- sha256.go
- temp_keys.go