Module: MTProto::Crypto::SRP

Defined in:

lib/mtproto/crypto/srp.rb

Constant Summary

SIZE_FOR_HASH =

256

Class Method Summary

• .bytes_to_int(bytes) ⇒ Object
• .compute_check(algo:, srp_b:, srp_id:, password:) ⇒ Object
• .compute_hash(salt1, salt2, password) ⇒ Object
• .generate_and_check_random(g, p, b_for_hash) ⇒ Object
• .int_to_256_bytes(num) ⇒ Object
• .mod_pow(base, exp, mod) ⇒ Object
• .pad_to_256(bytes) ⇒ Object
• .pbkdf2_sha512(password, salt, iterations) ⇒ Object
• .sha256(*parts) ⇒ Object
• .xor(a, b) ⇒ Object

Class Method Details

.bytes_to_int(bytes) ⇒ Object

# File 'lib/mtproto/crypto/srp.rb', line 108

def bytes_to_int(bytes)
  bytes.unpack1('H*').to_i(16)
end

.compute_check(algo:, srp_b:, srp_id:, password:) ⇒ Object

# File 'lib/mtproto/crypto/srp.rb', line 13

def compute_check(algo:, srp_b:, srp_id:, password:)
  salt1 = algo[:salt1]
  salt2 = algo[:salt2]
  g = algo[:g]
  p_bytes = algo[:p]

  p_int = bytes_to_int(p_bytes)
  g_int = g
  b_int = bytes_to_int(srp_b)

  pw_hash = compute_hash(salt1, salt2, password)
  x = bytes_to_int(pw_hash)

  p_for_hash = pad_to_256(p_bytes)
  g_for_hash = int_to_256_bytes(g_int)
  b_for_hash = pad_to_256(srp_b)

  g_x = mod_pow(g_int, x, p_int)
  k = bytes_to_int(sha256(p_for_hash, g_for_hash))
  kg_x = (k * g_x) % p_int

  a_int, a_for_hash, u = generate_and_check_random(g_int, p_int, b_for_hash)

  g_b = (b_int - kg_x) % p_int
  ux = u * x
  a_ux = a_int + ux
  s_int = mod_pow(g_b, a_ux, p_int)
  k_key = sha256(int_to_256_bytes(s_int))

  m1 = sha256(
    xor(sha256(p_for_hash), sha256(g_for_hash)),
    sha256(salt1),
    sha256(salt2),
    a_for_hash,
    b_for_hash,
    k_key
  )

  { srp_id: srp_id, a: a_for_hash, m1: m1 }
end

.compute_hash(salt1, salt2, password) ⇒ Object

# File 'lib/mtproto/crypto/srp.rb', line 54

def compute_hash(salt1, salt2, password)
  hash1 = sha256(salt1, password.encode('utf-8'), salt1)
  hash2 = sha256(salt2, hash1, salt2)
  hash3 = pbkdf2_sha512(hash2, salt1, 100_000)
  sha256(salt2, hash3, salt2)
end

.generate_and_check_random(g, p, b_for_hash) ⇒ Object

# File 'lib/mtproto/crypto/srp.rb', line 81

def generate_and_check_random(g, p, b_for_hash)
  loop do
    random = SecureRandom.random_bytes(256)
    a_int = bytes_to_int(random)
    a_big = mod_pow(g, a_int, p)
    a_for_hash = int_to_256_bytes(a_big)
    u = bytes_to_int(sha256(a_for_hash, b_for_hash))
    next if u.zero?

    return [a_int, a_for_hash, u]
  end
end

.int_to_256_bytes(num) ⇒ Object

# File 'lib/mtproto/crypto/srp.rb', line 101

def int_to_256_bytes(num)
  hex = num.to_s(16)
  hex = "0#{hex}" if hex.length.odd?
  raw = [hex].pack('H*')
  pad_to_256(raw)
end

.mod_pow(base, exp, mod) ⇒ Object

# File 'lib/mtproto/crypto/srp.rb', line 77

def mod_pow(base, exp, mod)
  base.to_bn.mod_exp(exp.to_bn, mod.to_bn).to_i
end

.pad_to_256(bytes) ⇒ Object

# File 'lib/mtproto/crypto/srp.rb', line 94

def pad_to_256(bytes)
  bytes = bytes.b
  return bytes if bytes.bytesize >= SIZE_FOR_HASH

  ("\x00" * (SIZE_FOR_HASH - bytes.bytesize)).b + bytes
end

.pbkdf2_sha512(password, salt, iterations) ⇒ Object

# File 'lib/mtproto/crypto/srp.rb', line 67

def pbkdf2_sha512(password, salt, iterations)
  OpenSSL::KDF.pbkdf2_hmac(
    password,
    salt: salt,
    iterations: iterations,
    length: 64,
    hash: 'SHA512'
  )
end

.sha256(*parts) ⇒ Object

# File 'lib/mtproto/crypto/srp.rb', line 61

def sha256(*parts)
  digest = OpenSSL::Digest.new('SHA256')
  parts.each { |p| digest.update(p) }
  digest.digest
end

.xor(a, b) ⇒ Object

# File 'lib/mtproto/crypto/srp.rb', line 112

def xor(a, b)
  a.bytes.zip(b.bytes).map { |x, y| x ^ y }.pack('C*')
end