package crypto

Import Path
	github.com/gotd/td/internal/crypto (on go.dev)

Dependency Relation
	imports 21 packages, and imported by 11 packages



Package-Level Type Names (total 6, all are exported)


	/* sort exporteds by:  |  */
	
		AuthKey is a Key with cached id.

		
			ID [8]byte
			Value Key
		
			
				DecodeJSON decode AuthKey from object with base64-encoded key and integer ID.

			
				EncodeJSON encodes AuthKey as object with base64-encoded key and integer ID.

			
				IntID returns key fingerprint (ID) as int64.

			
				MarshalJSON implements json.Marshaler.

			
				MarshalLogObject implements zap.ObjectMarshaler.

			
				SetIntID sets key fingerprint (ID) as int64.

			
				String implements fmt.Stringer.

			
				UnmarshalJSON implements json.Unmarshaler.

			
				Zero reports whether Key is zero value.

		
			 AuthKey : encoding/json.Marshaler
			*AuthKey : encoding/json.Unmarshaler
			 AuthKey : fmt.Stringer
			 AuthKey : go.uber.org/zap.ObjectMarshalerPtr[...]
			 AuthKey : go.uber.org/zap/zapcore.ObjectMarshaler[T]
		
			func Key.WithID() AuthKey
		
			func Cipher.Decrypt(k AuthKey, encrypted *EncryptedMessage) (*EncryptedMessageData, error)
			func Cipher.DecryptFromBuffer(k AuthKey, buf *bin.Buffer) (*EncryptedMessageData, error)
			func Cipher.Encrypt(key AuthKey, data EncryptedMessageData, b *bin.Buffer) error
			func github.com/gotd/td/internal/mtproto.Cipher.DecryptFromBuffer(k AuthKey, buf *bin.Buffer) (*EncryptedMessageData, error)
			func github.com/gotd/td/internal/mtproto.Cipher.Encrypt(key AuthKey, data EncryptedMessageData, b *bin.Buffer) error
			


	
		Cipher is message encryption utility struct.

		
			
		
			
				Decrypt decrypts data from encrypted message using AES-IGE.

			
				DecryptFromBuffer decodes EncryptedMessage and decrypts it.

			
				Encrypt encrypts EncryptedMessageData using AES-IGE to given buffer.

			
				Rand returns random generator.

			
		
			 Cipher : github.com/gotd/td/internal/mtproto.Cipher
		
			func NewClientCipher(rand io.Reader) Cipher
			func NewServerCipher(rand io.Reader) Cipher


	
		EncryptedMessage of protocol.

		
			AuthKeyID [8]byte
			EncryptedData []byte
			MsgKey bin.Int128
		
			
				Decode implements bin.Decoder.

			
				DecodeWithoutCopy is like Decode, but EncryptedData references to given buffer instead of
				copying.

			
				Encode implements bin.Encoder.

		
			*EncryptedMessage : github.com/gotd/td/bin.Decoder
			 EncryptedMessage : github.com/gotd/td/bin.Encoder
			*EncryptedMessage : github.com/gotd/td/bin.Object
		
			
		
			func Cipher.Decrypt(k AuthKey, encrypted *EncryptedMessage) (*EncryptedMessageData, error)
			


	
		EncryptedMessageData is stored in EncryptedMessage.EncryptedData.

		
			
				Message to encode to MessageDataWithPadding.
				Needed to prevent unnecessary allocations in EncodeWithoutCopy.

			MessageDataLen int32
			MessageDataWithPadding []byte
			MessageID int64
			Salt int64
			SeqNo int32
			SessionID int64
		
			
				Data returns message data without hash.

			
				Decode implements bin.Decoder.

			
				DecodeWithoutCopy is like Decode, but MessageDataWithPadding references to given buffer instead of
				copying.

			
				Encode implements bin.Encoder.

			
				EncodeWithoutCopy is like Encode, but tries to encode Message and uses only one buffer
				to encode. If Message is nil, fallbacks to Encode.

		
			*EncryptedMessageData : github.com/gotd/td/bin.Decoder
			 EncryptedMessageData : github.com/gotd/td/bin.Encoder
			*EncryptedMessageData : github.com/gotd/td/bin.Object
		
			func Cipher.Decrypt(k AuthKey, encrypted *EncryptedMessage) (*EncryptedMessageData, error)
			func Cipher.DecryptFromBuffer(k AuthKey, buf *bin.Buffer) (*EncryptedMessageData, error)
			func github.com/gotd/td/internal/mtproto.Cipher.DecryptFromBuffer(k AuthKey, buf *bin.Buffer) (*EncryptedMessageData, error)
			
		
			func Cipher.Encrypt(key AuthKey, data EncryptedMessageData, b *bin.Buffer) error
			func github.com/gotd/td/internal/mtproto.Cipher.Encrypt(key AuthKey, data EncryptedMessageData, b *bin.Buffer) error


	
		Key represents 2048-bit authorization key value.

		
			
				AuxHash returns aux_hash value of key.

			
				ID returns auth_key_id.

			( Key) String() string
			
				WithID creates new AuthKey from Key.

			
				Zero reports whether Key is zero value.

		
			 Key : fmt.Stringer
			
		
			
		
			func Keys(authKey Key, msgKey bin.Int128, mode Side) (key, iv bin.Int256)
			func MessageKey(authKey Key, plaintextPadded []byte, mode Side) bin.Int128
			func NonceHash1(newNonce bin.Int256, key Key) (r bin.Int128)
			func OldKeys(authKey Key, msgKey bin.Int128, mode Side) (key, iv bin.Int256)
			


	
		Side on which encryption is performed.

		
			
				DecryptSide returns Side for decryption.

		
			func Side.DecryptSide() Side
		
			func Keys(authKey Key, msgKey bin.Int128, mode Side) (key, iv bin.Int256)
			func MessageKey(authKey Key, plaintextPadded []byte, mode Side) bin.Int128
			func OldKeys(authKey Key, msgKey bin.Int128, mode Side) (key, iv bin.Int256)
			
		
			const Client
			const Server




Package-Level Functions (total 55, in which 34 are exported)


	
		CheckDH performs DH parameters check described in Telegram docs.
		
			Client is expected to check whether p is a safe 2048-bit prime (meaning that both p and (p-1)/2 are prime,
			and that 2^2047 < p < 2^2048), and that g generates a cyclic subgroup of prime order (p-1)/2, i.e.
			is a quadratic residue mod p. Since g is always equal to 2, 3, 4, 5, 6 or 7, this is easily done using quadratic
			reciprocity law, yielding a simple condition on p mod 4g — namely, p mod 8 = 7 for g = 2; p mod 3 = 2 for g = 3;
			no extra condition for g = 4; p mod 5 = 1 or 4 for g = 5; p mod 24 = 19 or 23 for g = 6; and p mod 7 = 3,
			5 or 6 for g = 7.
		
		See https://core.telegram.org/mtproto/auth_key#presenting-proof-of-work-server-authentication.
		
		See https://core.telegram.org/api/srp#checking-the-password-with-srp.
		
		See https://core.telegram.org/api/end-to-end#sending-a-request.


	
		CheckDHParams checks that g_a, g_b and g params meet key exchange conditions.
		
		https://core.telegram.org/mtproto/auth_key#dh-key-exchange-complete


	
		CheckGP checks whether g generates a cyclic subgroup of prime order (p-1)/2, i.e. is a quadratic residue mod p.
		Also check that g is 2, 3, 4, 5, 6 or 7.
		
		This function is needed by some Telegram algorithms(Key generation, SRP 2FA).
		
		See https://core.telegram.org/mtproto/auth_key.
		
		See https://core.telegram.org/api/srp.


	
		DataWithHash prepends data with SHA1(data) and 0..15 random bytes so result
		length is divisible by 16.
		
		Use GuessDataWithHash(result) to obtain data.


	
		DecodeRSAPad implements server-side decoder of RSAPad.


	
		DecomposePQ decomposes pq into prime factors such that p < q.


	
		DecryptExchangeAnswer decrypts messages created during key exchange.


	
		DefaultRand returns default entropy source.


	
		EncryptExchangeAnswer encrypts messages created during key exchange.


	
		FillBytes is safe version of (*big.Int).FillBytes.
		Returns false if to length is not exact equal to big.Int's.
		Otherwise fills to using b and returns true.


	
		GuessDataWithHash guesses data from data_with_hash.


	
		InRange checks whether x is in (min, max) range, i.e. min < x < max.


	
		Keys returns (aes_key, aes_iv) pair for AES-IGE.
		
		See https://core.telegram.org/mtproto/description#defining-aes-key-and-initialization-vector
		
		Example:
		
			key, iv := crypto.Keys(authKey, messageKey, crypto.Client)
			cipher, err := aes.NewCipher(key[:])
			if err != nil {
				return nil, err
			}
			encryptor := ige.NewIGEEncrypter(cipher, iv[:])


	
		MessageKey computes message key for provided auth_key and padded payload.


	
		NewClientCipher creates new client-side Cipher.


	
		NewServerCipher creates new server-side Cipher.


	
		NewSessionID generates new random int64 from reader.
		
		Use crypto/rand.Reader if session id should be cryptographically safe.


	
		NonceHash1 computes nonce_hash_1.
		See https://core.telegram.org/mtproto/auth_key#dh-key-exchange-complete.


	
		OldKeys returns (aes_key, aes_iv) pair for AES-IGE.
		
		See https://core.telegram.org/mtproto/description_v1#defining-aes-key-and-initialization-vector
		
		Example:
		
			key, iv := crypto.OldKeys(authKey, messageKey, crypto.Client)
			cipher, err := aes.NewCipher(key[:])
			if err != nil {
				return nil, err
			}
			encryptor := ige.NewIGEEncrypter(cipher, iv[:])
		
		Warning: MTProto 1.0 is deprecated.


	
		ParseRSA parses data RSA key in PKCS1 or PKIX forms.


	
		ParseRSAPublicKeys parses data as list of PEM-encdoed public keys.


	
		Prime checks that given number is prime.


	
		RandInt128 generates and returns new random 128-bit integer.
		
		Use crypto/rand.Reader as randSource in production.


	
		RandInt256 generates and returns new random 256-bit integer.
		
		Use crypto/rand.Reader as randSource in production.


	
		RandInt64 returns random int64 from randSource.


	
		RandInt64n returns random int64 from randSource in [0; n).


	
		RSADecryptHashed decrypts given data with RSA.


	
		RSAEncryptHashed encrypts given data with RSA, prefixing with a hash.


	
		RSAFingerprint returns fingerprint of RSA public key as defined in MTProto.


	
		RSAPad encrypts given data with RSA, prefixing with a hash.
		
		See https://core.telegram.org/mtproto/auth_key#presenting-proof-of-work-server-authentication.


	
		RSAPublicDecrypt recovers the message digest from the raw signature
		using the signer’s RSA public key.
		
		See also OpenSSL’s RSA_public_decrypt with RSA_NO_PADDING.


	
		ServerSalt computes server salt.


	
		SHA256 returns SHA256 hash.


	
		TempAESKeys returns tmp_aes_key and tmp_aes_iv based on new_nonce and
		server_nonce as defined in "Creating an Authorization Key".


	


Package-Level Variables (only one, which is unexported)

	


Package-Level Constants (total 10, in which 3 are exported)


	
		Client side of encryption (e.g. messages from client).


	
		RSAKeyBits is RSA key size.
		
		Can be used as rsa.GenerateKey(src, RSAKeyBits).


	
		Server side of encryption (e.g. RPC responses).