Source File
	dh.go

Belonging Package
	github.com/gotd/td/internal/crypto

package crypto

import (
	"math/big"

	"github.com/go-faster/errors"
)

// CheckDHParams checks that g_a, g_b and g params meet key exchange conditions.
//
// https://core.telegram.org/mtproto/auth_key#dh-key-exchange-complete
func CheckDHParams(dhPrime, g, gA, gB *big.Int) error {
	one := big.NewInt(1)
	dhPrimeMinusOne := big.NewInt(0).Sub(dhPrime, one)
	if !InRange(g, one, dhPrimeMinusOne) {
		return errors.New("kex: bad g, g must be 1 < g < dh_prime - 1")
	}
	if !InRange(gA, one, dhPrimeMinusOne) {
		return errors.New("kex: bad g_a, g_a must be 1 < g_a < dh_prime - 1")
	}
	if !InRange(gB, one, dhPrimeMinusOne) {
		return errors.New("kex: bad g_b, g_b must be 1 < g_b < dh_prime - 1")
	}

	// IMPORTANT: Apart from the conditions on the Diffie-Hellman prime
	// dh_prime and generator g, both sides are to check that g, g_a and
	// g_b are greater than 1 and less than dh_prime - 1. We recommend
	// checking that g_a and g_b are between 2^{2048-64} and
	// dh_prime - 2^{2048-64} as well.

	// 2^{2048-64}
	safetyRangeMin := big.NewInt(0).Exp(big.NewInt(2), big.NewInt(RSAKeyBits-64), nil)
	safetyRangeMax := big.NewInt(0).Sub(dhPrime, safetyRangeMin)
	if !InRange(gA, safetyRangeMin, safetyRangeMax) {
		return errors.New("kex: bad g_a, g_a must be 2^{2048-64} < g_a < dh_prime - 2^{2048-64}")
	}
	if !InRange(gB, safetyRangeMin, safetyRangeMax) {
		return errors.New("kex: bad g_b, g_b must be 2^{2048-64} < g_b < dh_prime - 2^{2048-64}")
	}

	return nil
}

// InRange checks whether x is in (min, max) range, i.e. min < x < max.
func InRange(x, min, max *big.Int) bool {
	return x.Cmp(min) > 0 && x.Cmp(max) < 0
}

The pages are generated with Golds v0.6.7. (GOOS=linux GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @Go100and1 (reachable from the left QR code) to get the latest news of Golds.