Documentation
¶
Overview ¶
Package exchange contains Telegram key exchange algorithm flows. See https://core.telegram.org/mtproto/auth_key.
Index ¶
- Constants
- Variables
- type ClientExchange
- type ClientExchangeResult
- type ExchangeMode
- type Exchanger
- func (e Exchanger) Client(keys []PublicKey) ClientExchange
- func (e Exchanger) Server(key PrivateKey) ServerExchange
- func (e Exchanger) WithClock(c clock.Clock) Exchanger
- func (e Exchanger) WithLogger(logger log.Logger) Exchanger
- func (e Exchanger) WithRand(reader io.Reader) Exchanger
- func (e Exchanger) WithTempMode(expiresIn int) Exchanger
- func (e Exchanger) WithTimeout(timeout time.Duration) Exchanger
- type PrivateKey
- type PublicKey
- type ServerExchange
- type ServerExchangeError
- type ServerExchangeResult
- type ServerRNG
- type TestServerRNG
- type UnexpectedEncryptedError
Constants ¶
const DefaultTimeout = 1 * time.Minute
DefaultTimeout is default WithTimeout parameter value.
Variables ¶
var ErrKeyFingerprintNotFound = errors.New("key fingerprint not found")
ErrKeyFingerprintNotFound is returned when client can't find keys by fingerprints provided by server during key exchange.
Functions ¶
This section is empty.
Types ¶
type ClientExchange ¶
type ClientExchange struct {
// contains filtered or unexported fields
}
ClientExchange is a client-side key exchange flow.
func (ClientExchange) Run ¶
func (c ClientExchange) Run(ctx context.Context) (ClientExchangeResult, error)
Run runs client-side flow.
type ClientExchangeResult ¶
type ClientExchangeResult struct {
AuthKey crypto.AuthKey
SessionID int64
ServerSalt int64
// ExpiresAt is unix timestamp for temporary keys, zero for permanent.
ExpiresAt int64
}
ClientExchangeResult contains client part of key exchange result.
type ExchangeMode ¶ added in v0.140.0
type ExchangeMode int
ExchangeMode controls type of generated auth key.
const ( // ExchangeModePermanent creates permanent authorization key. ExchangeModePermanent ExchangeMode = iota // ExchangeModeTemporary creates temporary authorization key. ExchangeModeTemporary )
type Exchanger ¶
type Exchanger struct {
// contains filtered or unexported fields
}
Exchanger is builder for key exchangers.
func NewExchanger ¶
NewExchanger creates new Exchanger.
func (Exchanger) Client ¶
func (e Exchanger) Client(keys []PublicKey) ClientExchange
Client creates new ClientExchange using parameters from Exchanger.
func (Exchanger) Server ¶
func (e Exchanger) Server(key PrivateKey) ServerExchange
Server creates new ServerExchange using parameters from Exchanger.
func (Exchanger) WithLogger ¶
WithLogger sets exchange flow logger.
func (Exchanger) WithTempMode ¶ added in v0.140.0
WithTempMode configures temporary authorization key exchange.
expiresIn is temporary key lifetime in seconds.
type PrivateKey ¶
type PrivateKey struct {
// RSA private key.
RSA *rsa.PrivateKey
}
PrivateKey is a private Telegram server key.
func (PrivateKey) Fingerprint ¶
func (k PrivateKey) Fingerprint() int64
Fingerprint computes key fingerprint.
func (PrivateKey) Public ¶
func (k PrivateKey) Public() PublicKey
Public returns PublicKey of this PrivateKey pair.
func (PrivateKey) Zero ¶
func (k PrivateKey) Zero() bool
Zero denotes that current PublicKey is zero value.
type PublicKey ¶
PublicKey is a public Telegram server key.
func (PublicKey) Fingerprint ¶
Fingerprint computes key fingerprint.
type ServerExchange ¶
type ServerExchange struct {
// contains filtered or unexported fields
}
ServerExchange is a server-side key exchange flow.
func (ServerExchange) Run ¶
func (s ServerExchange) Run(ctx context.Context) (ServerExchangeResult, error)
Run runs server-side flow. If b parameter is not nil, it will be used as first read message. Otherwise, it will be read from connection.
type ServerExchangeError ¶
ServerExchangeError is returned when exchange fails due to some security or validation checks.
func (*ServerExchangeError) Error ¶
func (s *ServerExchangeError) Error() string
Error implements error.
func (*ServerExchangeError) Unwrap ¶
func (s *ServerExchangeError) Unwrap() error
Unwrap implements error wrapper interface.
type ServerExchangeResult ¶
ServerExchangeResult contains server part of key exchange result.
type ServerRNG ¶
type ServerRNG interface {
PQ() (pq *big.Int, err error)
GA(g int, dhPrime *big.Int) (a, ga *big.Int, err error)
DhPrime() (p *big.Int, err error)
}
ServerRNG is server-side random number generator.
type TestServerRNG ¶
type TestServerRNG struct {
// contains filtered or unexported fields
}
TestServerRNG implements testing-only ServerRNG.
func (TestServerRNG) DhPrime ¶
func (s TestServerRNG) DhPrime() (p *big.Int, err error)
DhPrime always returns testing dh_prime.
type UnexpectedEncryptedError ¶ added in v0.156.3
type UnexpectedEncryptedError struct {
// AuthKeyID is the auth key id the encrypted frame was sent with.
AuthKeyID [8]byte
// Frame is the raw transport frame (the full encrypted message).
Frame []byte
}
UnexpectedEncryptedError is returned by the server key-exchange flow when it reads a frame whose leading auth key id is non-zero while expecting an unencrypted exchange message. This means the peer is using an already established auth key instead of performing key exchange.
The caller should resolve the key and handle Frame as an encrypted message rather than treating it as an exchange failure. In particular, callers must not blindly reply with auth_key_not_found (-404): clients such as Telegram Desktop treat a -404 on a temporary key as "key destroyed", discard it and re-run key exchange, which leads to a reconnect/key-exchange storm.
func (*UnexpectedEncryptedError) Error ¶ added in v0.156.3
func (e *UnexpectedEncryptedError) Error() string
Error implements error.
Source Files