Module: MTProto::Crypto::DHValidator

Defined in:
lib/mtproto/crypto/dh_validator.rb

Class Method Summary collapse

Class Method Details

.validate_dh_params(g, dh_prime_bytes, g_a_bytes) ⇒ Object 



10
11
12
13
14
15
16
17
18
19
 
# File 'lib/mtproto/crypto/dh_validator.rb', line 10

def validate_dh_params(g, dh_prime_bytes, g_a_bytes)
  dh_prime = OpenSSL::BN.new(dh_prime_bytes, 2)
  g_a = OpenSSL::BN.new(g_a_bytes, 2)

  validate_g(g, dh_prime)
  validate_dh_prime(dh_prime)
  validate_g_a(g_a, dh_prime)

  true
end

.validate_dh_prime(dh_prime) ⇒ Object 



47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
# File 'lib/mtproto/crypto/dh_validator.rb', line 47

def validate_dh_prime(dh_prime)
  bit_length = dh_prime.num_bits

  raise 'dh_prime must be 2048 bits' unless bit_length == 2048

  min_prime = OpenSSL::BN.new(2)**2047
  max_prime = OpenSSL::BN.new(2)**2048

  if dh_prime <= min_prime || dh_prime >= max_prime
    raise 'dh_prime out of range (must be 2^2047 < p < 2^2048)'
  end

  true
end

.validate_g(g, dh_prime) ⇒ Object 



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/mtproto/crypto/dh_validator.rb', line 21

def validate_g(g, dh_prime)
  raise 'Invalid g: must be 2, 3, 4, 5, 6, or 7' unless [2, 3, 4, 5, 6, 7].include?(g)

  p_mod = case g
  when 2
    dh_prime % 8 == 7
  when 3
    dh_prime % 3 == 2
  when 4
    true
  when 5
    mod5 = dh_prime % 5
    mod5 == 1 || mod5 == 4
  when 6
    mod24 = dh_prime % 24
    mod24 == 19 || mod24 == 23
  when 7
    mod7 = dh_prime % 7
    [3, 5, 6].include?(mod7)
  end

  raise "g=#{g} is not a valid generator for this prime" unless p_mod

  true
end

.validate_g_a(g_a, dh_prime) ⇒ Object 



62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
 
# File 'lib/mtproto/crypto/dh_validator.rb', line 62

def validate_g_a(g_a, dh_prime)
  one = OpenSSL::BN.new(1)
  dh_prime_minus_one = dh_prime - one

  raise 'g_a must be > 1' if g_a <= one
  raise 'g_a must be < dh_prime - 1' if g_a >= dh_prime_minus_one

  safety_range_min = OpenSSL::BN.new(2)**1984
  safety_range_max = dh_prime - safety_range_min

  if g_a < safety_range_min || g_a > safety_range_max
    raise 'g_a outside safety range (2^1984 to dh_prime - 2^1984)'
  end

  true
end