From c938dd308208260f3ac6c805b90389fdc4d14c79 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 28 Jun 2023 21:48:10 +0000 Subject: [PATCH] Update content of files --- .../mtproto/auth_key.html | 15 +- .../mtproto/samples-auth_key.html | 448 +++++++++--------- 2 files changed, 235 insertions(+), 228 deletions(-) diff --git a/data/web/corefork.telegram.org/mtproto/auth_key.html b/data/web/corefork.telegram.org/mtproto/auth_key.html index 2033c4b7a9..4e99c945a8 100644 --- a/data/web/corefork.telegram.org/mtproto/auth_key.html +++ b/data/web/corefork.telegram.org/mtproto/auth_key.html @@ -57,9 +57,8 @@
3) Client decomposes pq into prime factors such that p < q.

This starts a round of Diffie-Hellman key exchanges.

Presenting proof of work; Server authentication

-
4) Client sends query to server
-
req_DH_params#d712e4be nonce:int128 server_nonce:int128 p:string q:string public_key_fingerprint:long encrypted_data:string = Server_DH_Params
-

Here, encrypted_data is obtained as follows:

+
4) encrypted_data payload generation
+

First of all, generate an encrypted_data payload as follows:

-
5) Server responds with:
+
5) Send req_DH_params query with generated encrypted_data
+
req_DH_params#d712e4be nonce:int128 server_nonce:int128 p:string q:string public_key_fingerprint:long encrypted_data:string = Server_DH_Params
+
6) Server responds with:
server_DH_params_ok#d0e8075c nonce:int128 server_nonce:int128 encrypted_answer:string = Server_DH_Params;

If the query is incorrect, the server returns a -404 error and the handshake must be restarted (any subsequent request also returns -404, even if it is correct).
@@ -110,7 +111,7 @@ A -444 error may also be returned if a test DC ID is passed in If the verification takes too long time (which is the case for older mobile devices), one might initially run only 15 Miller--Rabin iterations for verifying primeness of p and (p - 1)/2 with error probability not exceeding one billionth, and do more iterations later in the background.

Another optimization is to embed into the client application code a small table with some known "good" couples (g,p) (or just known safe primes p, since the condition on g is easily verified during execution), checked during code generation phase, so as to avoid doing such verification during runtime altogether. Server changes these values rarely, thus one usually has to put the current value of server's dh_prime into such a table. For example, current value of dh_prime equals (in big-endian byte order)

C7 1C AE B9 C6 B1 C9 04 8E 6C 52 2F 70 F1 3F 73 98 0D 40 23 8E 3E 21 C1 49 34 D0 37 56 3D 93 0F 48 19 8A 0A A7 C1 40 58 22 94 93 D2 25 30 F4 DB FA 33 6F 6E 0A C9 25 13 95 43 AE D4 4C CE 7C 37 20 FD 51 F6 94 58 70 5A C6 8C D4 FE 6B 6B 13 AB DC 97 46 51 29 69 32 84 54 F1 8F AF 8C 59 5F 64 24 77 FE 96 BB 2A 94 1D 5B CD 1D 4A C8 CC 49 88 07 08 FA 9B 37 8E 3C 4F 3A 90 60 BE E6 7C F9 A4 A4 A6 95 81 10 51 90 7E 16 27 53 B5 6B 0F 6B 41 0D BA 74 D8 A8 4B 2A 14 B3 14 4E 0E F1 28 47 54 FD 17 ED 95 0D 59 65 B4 B9 DD 46 58 2D B1 17 8D 16 9C 6B C4 65 B0 D6 FF 9C A3 92 8F EF 5B 9A E4 E4 18 FC 15 E8 3E BE A0 F8 7F A9 FF 5E ED 70 05 0D ED 28 49 F4 7B F9 59 D9 56 85 0C E9 29 85 1F 0D 81 15 F6 35 B1 05 EE 2E 4E 15 D0 4B 24 54 BF 6F 4F AD F0 34 B1 04 03 11 9C D8 E3 B9 2F CC 5B
-
6) Client computes random 2048-bit number b (using a sufficient amount of entropy) and sends the server a message
+
7) Client computes random 2048-bit number b (using a sufficient amount of entropy) and sends the server a message
set_client_DH_params#f5045f1f nonce:int128 server_nonce:int128 encrypted_data:string = Set_client_DH_params_answer;

Here, encrypted_data is obtained thus:

The retry_id field is equal to zero at the time of the first attempt; otherwise, it is equal to auth_key_aux_hash from the previous failed attempt (see Item 9).

-
7) Thereafter, auth_key equals pow(g, {ab}) mod dh_prime; on the server, it is computed as pow(g_b, a) mod dh_prime, and on the client as (g_a)^b mod dh_prime.
-
8) auth_key_hash is computed := 64 lower-order bits of SHA1 (auth_key). The server checks whether there already is another key with the same auth_key_hash and responds in one of the following ways.
+
8) Thereafter, auth_key equals pow(g, {ab}) mod dh_prime; on the server, it is computed as pow(g_b, a) mod dh_prime, and on the client as (g_a)^b mod dh_prime.
+

Auth_key_hash is computed := 64 lower-order bits of SHA1 (auth_key). The server checks whether there already is another key with the same auth_key_hash and responds in one of the following ways.

DH key exchange complete

9) Server responds in one of three ways:
dh_gen_ok#3bcbf734 nonce:int128 server_nonce:int128 new_nonce_hash1:int128 = Set_client_DH_params_answer;
diff --git a/data/web/corefork.telegram.org/mtproto/samples-auth_key.html b/data/web/corefork.telegram.org/mtproto/samples-auth_key.html
index 1a35b03717..f14103a07e 100644
--- a/data/web/corefork.telegram.org/mtproto/samples-auth_key.html
+++ b/data/web/corefork.telegram.org/mtproto/samples-auth_key.html
@@ -42,17 +42,21 @@
   

   
Auth key generation example

   
-  
In the examples below, the transport headers are omitted:

+  

+
+

+
In the examples below, the transport headers are omitted:

 

 
For example, for the abridged version of the transport », the client sends 0xef as the first byte (important: only prior to the very first data packet), then the packet length is encoded with a single byte (0x01-0x7e = data length divided by 4; or 0x7f followed by 3 bytes (little endian) divided by 4) followed by the data itself. In this case, server responses have the same structure (although the server does not send 0xefas the first byte).

 

 
Detailed documentation on creating authorization keys is available here ».

-
1. request req_pq_multi

+
DH exchange initiation

+
1) Client sends query to server

 
 
Sent payload (excluding transport headers/trailers):

-
0000 | 00 00 00 00 00 00 00 00 00 00 00 00 DC 9D 9C 64
-0010 | 14 00 00 00 F1 8E 7E BE 36 5B 3A 12 7C 5B 59 09
-0020 | 49 0E 6C 3A EC EC 01 26

+
0000 | 00 00 00 00 00 00 00 00 00 00 00 00 87 A8 9C 64
+0010 | 14 00 00 00 F1 8E 7E BE FA DA 40 F3 24 30 86 3C
+0020 | 25 83 58 32 EF 2E CF 48

 
Payload (de)serialization:

 
req_pq_multi#be7e8ef1 nonce:int128 = ResPQ;

 
@@ -74,7 +78,7 @@
 
-
+
@@ -92,20 +96,20 @@
 
-
+

 message_id
 8, 800000000DC9D9C640000000087A89C64
 Exact unixtime*2^32, +(4*N) if N messages with the same message ID were already generated
 

 

 nonce
 24, 16365B3A127C5B5909490E6C3AECEC0126FADA40F32430863C25835832EF2ECF48
 Random number
 

 
 

 
-
2. response respq

+
2) Server sends response of the form

 
 
Received payload (excluding transport headers/trailers):

-
0000 | 00 00 00 00 00 00 00 00 01 90 2F 78 DC 9D 9C 64
-0010 | 54 00 00 00 63 24 16 05 36 5B 3A 12 7C 5B 59 09
-0020 | 49 0E 6C 3A EC EC 01 26 C2 18 4E 38 BA C1 64 9C
-0030 | 35 FD 28 FC 20 E9 A7 EA 08 25 35 F6 04 92 13 80
-0040 | 5B 00 00 00 15 C4 B5 1C 03 00 00 00 A5 B7 F7 09
+
0000 | 00 00 00 00 00 00 00 00 01 B8 BB 7E 87 A8 9C 64
+0010 | 50 00 00 00 63 24 16 05 FA DA 40 F3 24 30 86 3C
+0020 | 25 83 58 32 EF 2E CF 48 82 93 B0 B5 EF 95 58 C3
+0030 | 28 89 A6 F6 05 CA C3 C6 08 16 2C D4 B9 32 B1 0F
+0040 | F1 00 00 00 15 C4 B5 1C 03 00 00 00 A5 B7 F7 09
 0050 | 35 5F C3 0B 21 6B E8 6C 02 2B B4 C3 85 FD 64 DE
 0060 | 85 1D 9D D0

 
Payload (de)serialization:

@@ -129,13 +133,13 @@
 
 message_id
 8, 8
-01902F78DC9D9C64
+01B8BB7E87A89C64
 Exact unixtime*2^32, +(4*N) if N messages with the same message ID were already generated
 
 
 message_length
 16, 4
-54000000 (84 in decimal)
+50000000 (80 in decimal)
 Message body length
 
 
@@ -147,19 +151,19 @@
 
 nonce
 24, 16
-365B3A127C5B5909490E6C3AECEC0126
+FADA40F32430863C25835832EF2ECF48
 Value generated by client in Step 1
 
 
 server_nonce
 40, 16
-C2184E38BAC1649C35FD28FC20E9A7EA
+8293B0B5EF9558C32889A6F605CAC3C6
 Server-generated random number
 
 
 pq
 56, 12
-082535F6049213805B000000
TL byte deserialization 
=> bigendian conversion to decimal
=> 2681319652660052059
+08162CD4B932B10FF1000000
TL byte deserialization 
=> bigendian conversion to decimal
=> 1597885859694186481
 Single-byte prefix denoting length, an 8-byte string, and three bytes of padding
 
 
@@ -202,22 +206,25 @@
 
 
Let's choose the only matching key, the one with fingerprint equal to 85FD64DE851D9DD0.

 
-
2.1. decompose p and q

+
Proof of work

+
3) Client decomposes pq into prime factors such that p < q.

 
-
pq = 2681319652660052059

-
Decompose into 2 prime cofactors: 2681319652660052059 = 1608915439 * 1666538581

-
p = 1608915439
-q = 1666538581

+
pq = 1597885859694186481

+
Decompose into 2 prime cofactors: 1597885859694186481 = 1058029501 * 1510246981

+
p = 1058029501
+q = 1510246981

 
-
2.2. encrypted_data generation

+
Presenting proof of work; Server authentication

+
4) encrypted_data payload generation

+
First of all, generate an encrypted_data payload as follows:

 
 
Generated payload (excluding transport headers/trailers):

-
0000 | 95 5F F5 A9 08 25 35 F6 04 92 13 80 5B 00 00 00
-0010 | 04 5F E6 19 EF 00 00 00 04 63 55 5C 55 00 00 00
-0020 | 36 5B 3A 12 7C 5B 59 09 49 0E 6C 3A EC EC 01 26
-0030 | C2 18 4E 38 BA C1 64 9C 35 FD 28 FC 20 E9 A7 EA
-0040 | AA BB EA 0C 77 25 B4 A6 27 D8 E4 05 7B C3 BD A4
-0050 | DF B4 30 72 30 91 E0 E2 0F BD 94 FC D0 F2 6F 24
+
0000 | 95 5F F5 A9 08 16 2C D4 B9 32 B1 0F F1 00 00 00
+0010 | 04 3F 10 3F BD 00 00 00 04 5A 04 8A 45 00 00 00
+0020 | FA DA 40 F3 24 30 86 3C 25 83 58 32 EF 2E CF 48
+0030 | 82 93 B0 B5 EF 95 58 C3 28 89 A6 F6 05 CA C3 C6
+0040 | E5 6A F7 39 8C 71 42 86 86 98 E5 F5 8F 89 A1 8B
+0050 | AA 43 00 AE 87 A7 B9 6B 0D 01 B1 DC E9 9B 07 21
 0060 | 02 00 00 00

 
Payload (de)serialization:

 
p_q_inner_data_dc#a9f55f95 pq:string p:string q:string nonce:int128 server_nonce:int128 new_nonce:int256 dc:int = P_Q_inner_data;

@@ -240,37 +247,37 @@ q = 1666538581

 
 pq
 4, 12
-082535F6049213805B000000
TL byte deserialization 
=> bigendian conversion to decimal
=> 2681319652660052059
+08162CD4B932B10FF1000000
TL byte deserialization 
=> bigendian conversion to decimal
=> 1597885859694186481
 Single-byte prefix denoting length, 8-byte string, and three bytes of padding
 
 
 p
 16, 8
-045FE619EF000000
TL byte deserialization 
=> bigendian conversion to decimal
=> 1608915439
+043F103FBD000000
TL byte deserialization 
=> bigendian conversion to decimal
=> 1058029501
 First prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding
 
 
 q
 24, 8
-0463555C55000000
TL byte deserialization 
=> bigendian conversion to decimal
=> 1666538581
+045A048A45000000
TL byte deserialization 
=> bigendian conversion to decimal
=> 1510246981
 Second prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding
 
 
 nonce
 32, 16
-365B3A127C5B5909490E6C3AECEC0126
+FADA40F32430863C25835832EF2ECF48
 Value generated by client in Step 1
 
 
 server_nonce
 48, 16
-C2184E38BAC1649C35FD28FC20E9A7EA
+8293B0B5EF9558C32889A6F605CAC3C6
 Value received from server in Step 2
 
 
 new_nonce
 64, 32
-AABBEA0C7725B4A627D8E4057BC3BDA4 DFB430723091E0E20FBD94FCD0F26F24
+E56AF7398C7142868698E5F58F89A18B AA4300AE87A7B96B0D01B1DCE99B0721
 Client-generated random number
 
 
@@ -285,39 +292,39 @@ q = 1666538581

 
The serialization of P_Q_inner_data produces data, which is used to generate encrypted_data as specified in step 4.1.

 These are the inputs to the algorithm specified in step 4.1:

 
-
data = 955FF5A9082535F6049213805B000000045FE619EF0000000463555C55000000365B3A127C5B5909490E6C3AECEC0126C2184E38BAC1649C35FD28FC20E9A7EAAABBEA0C7725B4A627D8E4057BC3BDA4DFB430723091E0E20FBD94FCD0F26F2402000000
-random_padding_bytes = 216450FD2A974A81475A90261BAE56428354F18BEE55BFB415135941FFA2607DA534FB9099CB6B7A33FBF9E40ADCD43CB29C14B8E4C16DC2E0471A1E92D21966398AF8FF1EFEEF787DEB0D5AB1AA674D154799D1C9E9DBECA2682FD5

+
data = 955FF5A908162CD4B932B10FF1000000043F103FBD000000045A048A45000000FADA40F32430863C25835832EF2ECF488293B0B5EF9558C32889A6F605CAC3C6E56AF7398C7142868698E5F58F89A18BAA4300AE87A7B96B0D01B1DCE99B072102000000
+random_padding_bytes = 534E43A33047EE7E3881F92F669DC5A6159FED723D7D2A7DD86A1AB4AE22AF3263AB39822511EF8CF2DD65C4B1D6B48FAA4ECC8E4621ED0DDC27D473F80DDD996BEB457BF8A486E0B024EC86C7A77D531087F944712FEDD47EBE03F0

 
 
And this is the output:

 
-
encrypted_data = 272390AE7D9BD642310E05D77A4C34AE44CA3790AA81FAA4D18DE327DF7DF575105FDD874416F2E907C97AA97A0697D460E3824C51397675E5314196EBF6E1E771436830844417671E295822E1FB892DC830CEFC756EBBF5926703930918FC0FA379B350D5C4F74C8221622C58BD0561E898DDC1F614AE73A6D6E727D1857361E7940A233DB206A23F7B02A109C0D694DF29CC9C63085A98F6C478A726C7D01889DB009A471C2C471530AD95FDD7989B13D6216345314BEF01E84C8D673786861343A9979C54DD937BFA1A1B12C02B303EAFC9F69F16DBBED0AD5689495B90DD2F4062562DCF7934B75F5F00C9059005CE581DC2EE704548703E74C975EED2E4

+
encrypted_data = 5E846BB856F59D773EFCA596F018400A5748CE6A6DC8B5C791ECA7F570A004FE95524B927B6ED73687B86514B9D27D19BA06D59BCF00239945C90BD31E3D96EE364676803FFB9BA656AFF8F39DB696A505BF142746295CC03F61589E86359D91B588A1FD8B8AD5FA25E492FF64C6A8CF4553D38EDFB303C5F31129DF808BA59FAA3DFAE27C4E66D4A2A2BC9C7C7B615C765C15DAB6711E6905126FF5F0CFCCE43C5B6187DDFCF4881A008002CCDE822F38CEC935FD3564A7812FE0E35F83A0291C6BD853A467AF9D75B02579FAD20D19BC49DDA21E6D5734C3E223BF55D8261E2ED41646B70043DC9CDC1DEFB8123E952459C811E2F17404B8E99802847851BF

 
 
The length of the final string is 256 bytes.

-
3. request req_dh_params

+
5) Send req_DH_params query with generated encrypted_data

 
 
Sent payload (excluding transport headers/trailers):

-
0000 | 00 00 00 00 00 00 00 00 04 00 00 00 DC 9D 9C 64
-0010 | 40 01 00 00 BE E4 12 D7 36 5B 3A 12 7C 5B 59 09
-0020 | 49 0E 6C 3A EC EC 01 26 C2 18 4E 38 BA C1 64 9C
-0030 | 35 FD 28 FC 20 E9 A7 EA 04 5F E6 19 EF 00 00 00
-0040 | 04 63 55 5C 55 00 00 00 85 FD 64 DE 85 1D 9D D0
-0050 | FE 00 01 00 27 23 90 AE 7D 9B D6 42 31 0E 05 D7
-0060 | 7A 4C 34 AE 44 CA 37 90 AA 81 FA A4 D1 8D E3 27
-0070 | DF 7D F5 75 10 5F DD 87 44 16 F2 E9 07 C9 7A A9
-0080 | 7A 06 97 D4 60 E3 82 4C 51 39 76 75 E5 31 41 96
-0090 | EB F6 E1 E7 71 43 68 30 84 44 17 67 1E 29 58 22
-00A0 | E1 FB 89 2D C8 30 CE FC 75 6E BB F5 92 67 03 93
-00B0 | 09 18 FC 0F A3 79 B3 50 D5 C4 F7 4C 82 21 62 2C
-00C0 | 58 BD 05 61 E8 98 DD C1 F6 14 AE 73 A6 D6 E7 27
-00D0 | D1 85 73 61 E7 94 0A 23 3D B2 06 A2 3F 7B 02 A1
-00E0 | 09 C0 D6 94 DF 29 CC 9C 63 08 5A 98 F6 C4 78 A7
-00F0 | 26 C7 D0 18 89 DB 00 9A 47 1C 2C 47 15 30 AD 95
-0100 | FD D7 98 9B 13 D6 21 63 45 31 4B EF 01 E8 4C 8D
-0110 | 67 37 86 86 13 43 A9 97 9C 54 DD 93 7B FA 1A 1B
-0120 | 12 C0 2B 30 3E AF C9 F6 9F 16 DB BE D0 AD 56 89
-0130 | 49 5B 90 DD 2F 40 62 56 2D CF 79 34 B7 5F 5F 00
-0140 | C9 05 90 05 CE 58 1D C2 EE 70 45 48 70 3E 74 C9
-0150 | 75 EE D2 E4

+
0000 | 00 00 00 00 00 00 00 00 04 00 00 00 87 A8 9C 64
+0010 | 40 01 00 00 BE E4 12 D7 FA DA 40 F3 24 30 86 3C
+0020 | 25 83 58 32 EF 2E CF 48 82 93 B0 B5 EF 95 58 C3
+0030 | 28 89 A6 F6 05 CA C3 C6 04 3F 10 3F BD 00 00 00
+0040 | 04 5A 04 8A 45 00 00 00 85 FD 64 DE 85 1D 9D D0
+0050 | FE 00 01 00 5E 84 6B B8 56 F5 9D 77 3E FC A5 96
+0060 | F0 18 40 0A 57 48 CE 6A 6D C8 B5 C7 91 EC A7 F5
+0070 | 70 A0 04 FE 95 52 4B 92 7B 6E D7 36 87 B8 65 14
+0080 | B9 D2 7D 19 BA 06 D5 9B CF 00 23 99 45 C9 0B D3
+0090 | 1E 3D 96 EE 36 46 76 80 3F FB 9B A6 56 AF F8 F3
+00A0 | 9D B6 96 A5 05 BF 14 27 46 29 5C C0 3F 61 58 9E
+00B0 | 86 35 9D 91 B5 88 A1 FD 8B 8A D5 FA 25 E4 92 FF
+00C0 | 64 C6 A8 CF 45 53 D3 8E DF B3 03 C5 F3 11 29 DF
+00D0 | 80 8B A5 9F AA 3D FA E2 7C 4E 66 D4 A2 A2 BC 9C
+00E0 | 7C 7B 61 5C 76 5C 15 DA B6 71 1E 69 05 12 6F F5
+00F0 | F0 CF CC E4 3C 5B 61 87 DD FC F4 88 1A 00 80 02
+0100 | CC DE 82 2F 38 CE C9 35 FD 35 64 A7 81 2F E0 E3
+0110 | 5F 83 A0 29 1C 6B D8 53 A4 67 AF 9D 75 B0 25 79
+0120 | FA D2 0D 19 BC 49 DD A2 1E 6D 57 34 C3 E2 23 BF
+0130 | 55 D8 26 1E 2E D4 16 46 B7 00 43 DC 9C DC 1D EF
+0140 | B8 12 3E 95 24 59 C8 11 E2 F1 74 04 B8 E9 98 02
+0150 | 84 78 51 BF

 
Payload (de)serialization:

 
req_DH_params#d712e4be nonce:int128 server_nonce:int128 p:string q:string public_key_fingerprint:long encrypted_data:string = Server_DH_Params;

 
@@ -339,7 +346,7 @@ random_padding_bytes = 216450FD2A974A81475A90261BAE56428354F18BEE55BFB415135941F
 
-
+
@@ -357,25 +364,25 @@ random_padding_bytes = 216450FD2A974A81475A90261BAE56428354F18BEE55BFB415135941F
 
-
+
-
+
-
+
-
+
@@ -387,56 +394,56 @@ random_padding_bytes = 216450FD2A974A81475A90261BAE56428354F18BEE55BFB415135941F
 
-
+

 message_id
 8, 804000000DC9D9C640400000087A89C64
 Exact unixtime*2^32, +(4*N) if N messages with the same message ID were already generated
 

 

 nonce
 24, 16365B3A127C5B5909490E6C3AECEC0126FADA40F32430863C25835832EF2ECF48
 Value generated by client in Step 1
 

 

 server_nonce
 40, 16C2184E38BAC1649C35FD28FC20E9A7EA8293B0B5EF9558C32889A6F605CAC3C6
 Value received from server in Step 2
 

 

 p
 56, 8045FE619EF000000
TL byte deserialization 
=> bigendian conversion to decimal
=> 1608915439		043F103FBD000000
TL byte deserialization 
=> bigendian conversion to decimal
=> 1058029501		
 First prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding
 

 

 q
 64, 80463555C55000000
TL byte deserialization 
=> bigendian conversion to decimal
=> 1666538581		045A048A45000000
TL byte deserialization 
=> bigendian conversion to decimal
=> 1510246981		
 Second prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding
 

 

 encrypted_data
 80, 260FE000100272390AE7D9BD642310E05D7 7A4C34AE44CA3790AA81FAA4D18DE327 DF7DF575105FDD874416F2E907C97AA9 7A0697D460E3824C51397675E5314196 EBF6E1E771436830844417671E295822 E1FB892DC830CEFC756EBBF592670393 0918FC0FA379B350D5C4F74C8221622C 58BD0561E898DDC1F614AE73A6D6E727 D1857361E7940A233DB206A23F7B02A1 09C0D694DF29CC9C63085A98F6C478A7 26C7D01889DB009A471C2C471530AD95 FDD7989B13D6216345314BEF01E84C8D 673786861343A9979C54DD937BFA1A1B 12C02B303EAFC9F69F16DBBED0AD5689 495B90DD2F4062562DCF7934B75F5F00 C9059005CE581DC2EE704548703E74C9
 75EED2E4		FE0001005E846BB856F59D773EFCA596 F018400A5748CE6A6DC8B5C791ECA7F5 70A004FE95524B927B6ED73687B86514 B9D27D19BA06D59BCF00239945C90BD3 1E3D96EE364676803FFB9BA656AFF8F3 9DB696A505BF142746295CC03F61589E 86359D91B588A1FD8B8AD5FA25E492FF 64C6A8CF4553D38EDFB303C5F31129DF 808BA59FAA3DFAE27C4E66D4A2A2BC9C 7C7B615C765C15DAB6711E6905126FF5 F0CFCCE43C5B6187DDFCF4881A008002 CCDE822F38CEC935FD3564A7812FE0E3 5F83A0291C6BD853A467AF9D75B02579 FAD20D19BC49DDA21E6D5734C3E223BF 55D8261E2ED41646B70043DC9CDC1DEF B8123E952459C811E2F17404B8E99802
 847851BF		
 See Generation of encrypted_data »
 

 
 

 
-
4. response server_dh_params_ok

+
6) Server responds with:

 
 
Received payload (excluding transport headers/trailers):

-
0000 | 00 00 00 00 00 00 00 00 01 F4 AA 18 DD 9D 9C 64
-0010 | 84 02 00 00 5C 07 E8 D0 36 5B 3A 12 7C 5B 59 09
-0020 | 49 0E 6C 3A EC EC 01 26 C2 18 4E 38 BA C1 64 9C
-0030 | 35 FD 28 FC 20 E9 A7 EA FE 50 02 00 70 2F F1 03
-0040 | 2B 5B A7 26 4B 04 CD 20 AA 98 0F B8 21 79 D0 16
-0050 | 27 46 00 12 8E C8 6B 8E 70 5D 09 B6 C9 23 9A A6
-0060 | 97 A9 9D 0D 6B 9F 39 7B 58 12 2C 49 20 5C 60 62
-0070 | 90 C6 4B 67 FD 47 AA 12 5E BC 78 20 89 1E 11 7C
-0080 | 99 10 98 4D 5F 82 4F 3B 51 3E 11 2E 73 3D 3A 79
-0090 | 5C 0C 82 F1 59 36 4B 35 9F ED 51 E0 65 AE 46 4E
-00A0 | 0A DF F0 5E 65 75 95 EF 0D DE 7D 28 D7 3A 86 42
-00B0 | 04 85 48 3C BD 77 AD EE 1B AF CB 00 02 07 4D 76
-00C0 | 6A C6 B7 C3 0D 4B 41 2F E2 DE 9B C7 0E FD 5D C2
-00D0 | E7 BA A4 D5 2E 96 AF E6 8A FB 4D E4 C1 8E 16 03
-00E0 | 4E 1F 0D 1E D8 93 07 B7 32 45 95 BF 8F DF 83 4C
-00F0 | 10 9E A1 E0 B9 D9 D0 B6 56 A3 B3 BB B1 C3 FC 36
-0100 | 27 FF F3 DE 47 0D 22 C8 37 5B 6C 76 99 AD 67 EF
-0110 | 0F 72 0B 16 F9 EA 69 5C 53 0D 13 E5 85 A7 E6 12
-0120 | 90 99 58 17 CB 21 ED 22 CD 74 BB 94 21 8C 39 CB
-0130 | A8 60 F6 65 3E 43 BB C7 2C 02 A0 47 B8 11 CD 4D
-0140 | 6A 48 46 EF A8 D3 F9 19 06 D9 05 6A AF 89 0E 0E
-0150 | F5 1E A3 A7 2D FC 7F B6 CE 81 74 6F 1E A0 45 CF
-0160 | B5 71 4D 2A E0 4E C0 12 CF 9A 44 24 CC B2 3C CC
-0170 | BB 4C 84 82 CE BF 06 4B EE 18 EE AF 2A 43 85 01
-0180 | 99 C7 44 31 ED BB 10 5C 63 CA 66 BA 31 37 84 40
-0190 | 5D B0 E7 4F DD 70 D0 D5 E2 2E FD 16 57 2B 79 0F
-01A0 | 9C E2 03 5E 51 E6 8B 82 7B 1B 7C 8E 36 48 E2 C3
-01B0 | 7F BE F2 4A D2 5D 7E 97 95 B9 18 3D B2 C8 6E 30
-01C0 | 8B 31 04 6E E2 92 3C C6 58 12 2F C9 02 40 95 C2
-01D0 | 93 F7 E7 F7 E9 59 6C C0 75 0F 55 86 F2 0F 85 6A
-01E0 | 56 1F A6 E2 FE 66 06 7C C7 5B A0 F1 A9 ED 76 C9
-01F0 | FE DC 8B 13 77 FB DB 9C CC D0 29 37 DD 8E EA 22
-0200 | 58 54 5A AA AB 6C BC 77 D9 1D 3F 22 87 41 DE 65
-0210 | AB 49 26 4B 36 1B 93 6D 7B E2 06 AA D1 90 4C A5
-0220 | 3D 29 14 48 DA D1 98 8B B2 77 9F 15 F6 F9 E8 26
-0230 | 2A 7E C2 69 0D 8A 19 4F 0A 66 E8 0C 2C 18 90 1C
-0240 | FD 81 1B 7C 2A 6A 07 DE 5A 62 AC 53 E6 BC F0 67
-0250 | 9B A3 00 C4 E3 50 1D DF C5 0B 2E 5E 64 69 5A 2F
-0260 | 38 C8 97 AD 6C DF 59 6B EB C7 5F 57 AB C5 F2 92
-0270 | 8D 7C AE E7 9C 23 66 BA 19 72 FE 1D 98 95 04 1D
-0280 | 4D 7F C8 48 3C 96 46 BB 1E BE FB 4D

+
0000 | 00 00 00 00 00 00 00 00 01 78 4F 2B 88 A8 9C 64
+0010 | 78 02 00 00 5C 07 E8 D0 FA DA 40 F3 24 30 86 3C
+0020 | 25 83 58 32 EF 2E CF 48 82 93 B0 B5 EF 95 58 C3
+0030 | 28 89 A6 F6 05 CA C3 C6 FE 50 02 00 AE 97 57 53
+0040 | 05 3F 28 E4 CB 74 11 62 70 70 21 D3 46 28 97 C6
+0050 | F2 49 46 98 10 6F 2D 4A 6A 8C CB E8 AE 5D 35 54
+0060 | 79 91 F3 81 0C EC E3 3E 14 60 B6 BB 6A 3A C9 B9
+0070 | 98 47 F9 5E 3C 47 08 82 E2 1C 9D 2D 0A BD 8D 91
+0080 | 71 03 4C EE 99 1F 90 7C 5F 13 1E DE 6E B7 33 0C
+0090 | 6E AD 5D 60 60 82 08 BF 40 DB 3D 20 F7 48 0B 34
+00A0 | 9B C5 F4 7B 67 F8 15 3F 3C 90 C1 88 68 22 8B 8D
+00B0 | A7 35 96 B7 7E 63 55 F9 17 81 B8 A8 42 51 79 EB
+00C0 | 05 A7 CE B9 04 0B 3B 25 17 1B E8 2B 17 A4 85 F2
+00D0 | 10 90 03 1E 12 26 74 79 8F B0 A8 19 EC 1D 71 53
+00E0 | 71 14 29 3B 82 1B 07 67 21 A5 C8 75 E4 F7 8B 1F
+00F0 | 2A 9D 1D F1 B3 0D 0A 13 36 7A 00 CD A3 6E EC E6
+0100 | 5C 6D 4A 91 D7 59 D6 53 1A 4D E4 AF 02 80 1C 52
+0110 | 7E 20 B3 07 D3 27 C5 D0 E3 91 61 59 44 9D 9E C2
+0120 | 4E E0 EF CD AA F7 8F 7D 8B F6 47 24 FB 62 FF 0E
+0130 | 7D AE D5 66 97 6A FA BC 34 86 A3 26 FB C2 F0 24
+0140 | 04 67 F5 D1 D1 CD 7E DF 33 9F F1 1F BE 4D 3F 83
+0150 | F4 33 CF 09 03 77 FE 20 47 CA 4B 35 7C 5F 75 4A
+0160 | F5 45 F4 3A 8C 09 F8 EE CF 7B 16 0B 31 F8 02 4D
+0170 | 5A 7F D8 45 D7 41 83 8A E8 9D 8C 09 B1 97 DB 51
+0180 | 29 E1 E1 06 06 51 54 12 97 04 F0 B9 23 74 9F 9B
+0190 | 65 D7 E6 B9 3C E4 96 5E 2A 76 EE A2 AE 18 44 4C
+01A0 | 5B 41 6E 08 62 C0 7F 83 AD C7 7D 35 02 22 5E 47
+01B0 | 5C B1 28 2B 25 1B F0 69 24 D5 ED F6 F1 98 7D 50
+01C0 | 1C 27 95 56 F0 FD 1B 4E 78 DC A0 72 A4 22 EE B6
+01D0 | 6A 80 73 A9 5E 93 92 8F 0D 40 FF AC E7 ED CB 49
+01E0 | C5 85 11 0E 66 A0 C4 B3 47 BC 44 7B 8E 3D 78 03
+01F0 | 49 26 BE 45 58 19 AA CC D4 DE 2F 16 D4 3D 4D FC
+0200 | B0 36 E0 41 88 2D A8 30 C1 28 3E AB 16 B7 04 0A
+0210 | 67 56 EC EA DD 88 9A 5E E7 57 B7 75 F5 B9 21 8F
+0220 | 3A CB A2 C3 90 E4 FA 7E AD 1D 05 4F E4 B9 8D 4C
+0230 | 31 04 6F 4D 3F AA E0 97 8E 8A 73 C2 32 38 8E 11
+0240 | B7 F1 FC C8 86 78 73 BD FC 99 74 FC 89 1A 95 7D
+0250 | 09 56 05 11 82 D7 B5 C6 3E FA 4E C3 3D 55 54 88
+0260 | 17 10 B2 41 1A 20 1C 5C 00 FF 19 4B DD 50 6F 7B
+0270 | D2 B4 6B E0 DE D0 9A 68 13 14 8B 03 6D 50 E1 5B
+0280 | 9C 1A 7D F2 75 C1 73 40 FC C4 E9 03

 
Payload (de)serialization:

 
server_DH_params_ok#d0e8075c nonce:int128 server_nonce:int128 encrypted_answer:string = Server_DH_Params;

 
@@ -458,13 +465,13 @@ random_padding_bytes = 216450FD2A974A81475A90261BAE56428354F18BEE55BFB415135941F
 
-
+
-
+
@@ -476,41 +483,40 @@ random_padding_bytes = 216450FD2A974A81475A90261BAE56428354F18BEE55BFB415135941F
 
-
+
-
+
-
+

 message_id
 8, 801F4AA18DD9D9C6401784F2B88A89C64
 Exact unixtime*2^32, +(4*N) if N messages with the same message ID were already generated
 

 

 message_length
 16, 484020000 (644 in decimal)78020000 (632 in decimal)
 Message body length
 

 

 nonce
 24, 16365B3A127C5B5909490E6C3AECEC0126FADA40F32430863C25835832EF2ECF48
 Value generated by client in Step 1
 

 

 server_nonce
 40, 16C2184E38BAC1649C35FD28FC20E9A7EA8293B0B5EF9558C32889A6F605CAC3C6
 Value received from server in Step 2
 

 

 encrypted_answer
 56, 596FE500200702FF1032B5BA7264B04CD20 AA980FB82179D016274600128EC86B8E 705D09B6C9239AA697A99D0D6B9F397B 58122C49205C606290C64B67FD47AA12 5EBC7820891E117C9910984D5F824F3B 513E112E733D3A795C0C82F159364B35 9FED51E065AE464E0ADFF05E657595EF 0DDE7D28D73A86420485483CBD77ADEE 1BAFCB0002074D766AC6B7C30D4B412F E2DE9BC70EFD5DC2E7BAA4D52E96AFE6 8AFB4DE4C18E16034E1F0D1ED89307B7 324595BF8FDF834C109EA1E0B9D9D0B6 56A3B3BBB1C3FC3627FFF3DE470D22C8 375B6C7699AD67EF0F720B16F9EA695C 530D13E585A7E61290995817CB21ED22 CD74BB94218C39CBA860F6653E43BBC7 2C02A047B811CD4D6A4846EFA8D3F919 06D9056AAF890E0EF51EA3A72DFC7FB6 CE81746F1EA045CFB5714D2AE04EC012 CF9A4424CCB23CCCBB4C8482CEBF064B EE18EEAF2A43850199C74431EDBB105C 63CA66BA313784405DB0E74FDD70D0D5 E22EFD16572B790F9CE2035E51E68B82 7B1B7C8E3648E2C37FBEF24AD25D7E97 95B9183DB2C86E308B31046EE2923CC6 58122FC9024095C293F7E7F7E9596CC0 750F5586F20F856A561FA6E2FE66067C C75BA0F1A9ED76C9FEDC8B1377FBDB9C CCD02937DD8EEA2258545AAAAB6CBC77 D91D3F228741DE65AB49264B361B936D 7BE206AAD1904CA53D291448DAD1988B B2779F15F6F9E8262A7EC2690D8A194F 0A66E80C2C18901CFD811B7C2A6A07DE 5A62AC53E6BCF0679BA300C4E3501DDF C50B2E5E64695A2F38C897AD6CDF596B EBC75F57ABC5F2928D7CAEE79C2366BA 1972FE1D9895041D4D7FC8483C9646BB
 1EBEFB4D		FE500200AE975753053F28E4CB741162 707021D3462897C6F2494698106F2D4A 6A8CCBE8AE5D35547991F3810CECE33E 1460B6BB6A3AC9B99847F95E3C470882 E21C9D2D0ABD8D9171034CEE991F907C 5F131EDE6EB7330C6EAD5D60608208BF 40DB3D20F7480B349BC5F47B67F8153F 3C90C18868228B8DA73596B77E6355F9 1781B8A8425179EB05A7CEB9040B3B25 171BE82B17A485F21090031E12267479 8FB0A819EC1D71537114293B821B0767 21A5C875E4F78B1F2A9D1DF1B30D0A13 367A00CDA36EECE65C6D4A91D759D653 1A4DE4AF02801C527E20B307D327C5D0 E3916159449D9EC24EE0EFCDAAF78F7D 8BF64724FB62FF0E7DAED566976AFABC 3486A326FBC2F0240467F5D1D1CD7EDF 339FF11FBE4D3F83F433CF090377FE20 47CA4B357C5F754AF545F43A8C09F8EE CF7B160B31F8024D5A7FD845D741838A E89D8C09B197DB5129E1E10606515412 9704F0B923749F9B65D7E6B93CE4965E 2A76EEA2AE18444C5B416E0862C07F83 ADC77D3502225E475CB1282B251BF069 24D5EDF6F1987D501C279556F0FD1B4E 78DCA072A422EEB66A8073A95E93928F 0D40FFACE7EDCB49C585110E66A0C4B3 47BC447B8E3D78034926BE455819AACC D4DE2F16D43D4DFCB036E041882DA830 C1283EAB16B7040A6756ECEADD889A5E E757B775F5B9218F3ACBA2C390E4FA7E AD1D054FE4B98D4C31046F4D3FAAE097 8E8A73C232388E11B7F1FCC8867873BD FC9974FC891A957D0956051182D7B5C6 3EFA4EC33D5554881710B2411A201C5C 00FF194BDD506F7BD2B46BE0DED09A68 13148B036D50E15B9C1A7DF275C17340
 FCC4E903		
 See Decomposition of encrypted_answer »
 

 
 

 
-
4.1 server_dh_inner_data decryption and deserialization

-
Decrypt encrypted_answer using the reverse of the process specified in step 5:

+
Decrypt encrypted_answer using the reverse of the process specified in step 6:

 
-
encrypted_answer = 702FF1032B5BA7264B04CD20AA980FB82179D016274600128EC86B8E705D09B6C9239AA697A99D0D6B9F397B58122C49205C606290C64B67FD47AA125EBC7820891E117C9910984D5F824F3B513E112E733D3A795C0C82F159364B359FED51E065AE464E0ADFF05E657595EF0DDE7D28D73A86420485483CBD77ADEE1BAFCB0002074D766AC6B7C30D4B412FE2DE9BC70EFD5DC2E7BAA4D52E96AFE68AFB4DE4C18E16034E1F0D1ED89307B7324595BF8FDF834C109EA1E0B9D9D0B656A3B3BBB1C3FC3627FFF3DE470D22C8375B6C7699AD67EF0F720B16F9EA695C530D13E585A7E61290995817CB21ED22CD74BB94218C39CBA860F6653E43BBC72C02A047B811CD4D6A4846EFA8D3F91906D9056AAF890E0EF51EA3A72DFC7FB6CE81746F1EA045CFB5714D2AE04EC012CF9A4424CCB23CCCBB4C8482CEBF064BEE18EEAF2A43850199C74431EDBB105C63CA66BA313784405DB0E74FDD70D0D5E22EFD16572B790F9CE2035E51E68B827B1B7C8E3648E2C37FBEF24AD25D7E9795B9183DB2C86E308B31046EE2923CC658122FC9024095C293F7E7F7E9596CC0750F5586F20F856A561FA6E2FE66067CC75BA0F1A9ED76C9FEDC8B1377FBDB9CCCD02937DD8EEA2258545AAAAB6CBC77D91D3F228741DE65AB49264B361B936D7BE206AAD1904CA53D291448DAD1988BB2779F15F6F9E8262A7EC2690D8A194F0A66E80C2C18901CFD811B7C2A6A07DE5A62AC53E6BCF0679BA300C4E3501DDFC50B2E5E64695A2F38C897AD6CDF596BEBC75F57ABC5F2928D7CAEE79C2366BA1972FE1D9895041D4D7FC8483C9646BB1EBEFB4D
-tmp_aes_key = 81A769A19DC0ED0D3DABE397D479407674D72119F479C1425094F54AB0188100
-tmp_aes_iv = 3C22B0B11A532C2778AEB3002E5331A7B5D59D62E0E72FA734EB7B62AABBEA0C

+
encrypted_answer = AE975753053F28E4CB741162707021D3462897C6F2494698106F2D4A6A8CCBE8AE5D35547991F3810CECE33E1460B6BB6A3AC9B99847F95E3C470882E21C9D2D0ABD8D9171034CEE991F907C5F131EDE6EB7330C6EAD5D60608208BF40DB3D20F7480B349BC5F47B67F8153F3C90C18868228B8DA73596B77E6355F91781B8A8425179EB05A7CEB9040B3B25171BE82B17A485F21090031E122674798FB0A819EC1D71537114293B821B076721A5C875E4F78B1F2A9D1DF1B30D0A13367A00CDA36EECE65C6D4A91D759D6531A4DE4AF02801C527E20B307D327C5D0E3916159449D9EC24EE0EFCDAAF78F7D8BF64724FB62FF0E7DAED566976AFABC3486A326FBC2F0240467F5D1D1CD7EDF339FF11FBE4D3F83F433CF090377FE2047CA4B357C5F754AF545F43A8C09F8EECF7B160B31F8024D5A7FD845D741838AE89D8C09B197DB5129E1E106065154129704F0B923749F9B65D7E6B93CE4965E2A76EEA2AE18444C5B416E0862C07F83ADC77D3502225E475CB1282B251BF06924D5EDF6F1987D501C279556F0FD1B4E78DCA072A422EEB66A8073A95E93928F0D40FFACE7EDCB49C585110E66A0C4B347BC447B8E3D78034926BE455819AACCD4DE2F16D43D4DFCB036E041882DA830C1283EAB16B7040A6756ECEADD889A5EE757B775F5B9218F3ACBA2C390E4FA7EAD1D054FE4B98D4C31046F4D3FAAE0978E8A73C232388E11B7F1FCC8867873BDFC9974FC891A957D0956051182D7B5C63EFA4EC33D5554881710B2411A201C5C00FF194BDD506F7BD2B46BE0DED09A6813148B036D50E15B9C1A7DF275C17340FCC4E903
+tmp_aes_key = 5591331B9FCD7D6497E6CB4AA80ED849263CE0E54F29B93A527A6ED056DCCBC4
+tmp_aes_iv = D18064B0BB84ACB797BD4CB2F01B4FDE19F32A390408CAE58C7DCE20E56AF739

 
 
Yielding:

 
-
answer_with_hash = B5268655881048B58B35EEAD840D915DB708F81EBA0D89B5365B3A127C5B5909490E6C3AECEC0126C2184E38BAC1649C35FD28FC20E9A7EA03000000FE000100C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5BFE000100AA3BB529DC2EF3C74A49AB7F8C9A84BFE86F5CC3ACBBBB5EE047566E5AF06CE56F10627D75F886ECD2777D1679B87E81523BB585DC50F768C9A419C22C260B6924B17A8F153B9F260FC161ECE1D595380FC33CDBDF552F019FB829E0701C005A7B849A71F9EF8C5141E01F152466F41BB9F13B0FEF8E0EFC3091DAF7C4A9E4F65F77B4D3F15EC3977FFA6CB6BAB7F995E2CE25398E09DA9EAD7AAA4BF05A9133B954080F7B258F20C0FADE9E44A7B2AA73E51D91AC86720335CBB38A3DB90689D85233899F292228EFB6FD285923760A5E220ADC3F52B3E0265BFC5AB23E4DDC2D4E14E18B2811EE656B5A16586663289D02422C48F1B8D77017EFFCD276E5EDDD9D9C64A1FEA3302BD58173
-answer = BA0D89B5365B3A127C5B5909490E6C3AECEC0126C2184E38BAC1649C35FD28FC20E9A7EA03000000FE000100C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5BFE000100AA3BB529DC2EF3C74A49AB7F8C9A84BFE86F5CC3ACBBBB5EE047566E5AF06CE56F10627D75F886ECD2777D1679B87E81523BB585DC50F768C9A419C22C260B6924B17A8F153B9F260FC161ECE1D595380FC33CDBDF552F019FB829E0701C005A7B849A71F9EF8C5141E01F152466F41BB9F13B0FEF8E0EFC3091DAF7C4A9E4F65F77B4D3F15EC3977FFA6CB6BAB7F995E2CE25398E09DA9EAD7AAA4BF05A9133B954080F7B258F20C0FADE9E44A7B2AA73E51D91AC86720335CBB38A3DB90689D85233899F292228EFB6FD285923760A5E220ADC3F52B3E0265BFC5AB23E4DDC2D4E14E18B2811EE656B5A16586663289D02422C48F1B8D77017EFFCD276E5EDDD9D9C64A1FEA3302BD58173

+
answer_with_hash = 3486D4CAFF64BF66ECDE51033357BEBA33383EC4BA0D89B5FADA40F32430863C25835832EF2ECF488293B0B5EF9558C32889A6F605CAC3C603000000FE000100C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5BFE00010016FF6EA381CEBAC834CD02D5F61E51E80F7BB20351E46926C814967E6EA967D6CD0066A5A300FFFD9467036AA11DC0B4711A2AD0BA0A91E237BD290F879435B459DE032D262716909E6C6996BCED43461D5360BCD8C0039509F0F57FD4FD9B77F9A1E84C3D37763A0143924FC101C8F1B04B2140FF368EDBA7E9EF9E58E6B86C028B46FA8B1D05CEB6DF48E576AA7C08EC53513ACEF71EAB76ED09A17914B6371D4C2F86EEA1CB5652433E3C3EA4262011CBBE3555443BB140332EEBF9C7E6D07C759AE7D1A5B5738E17A7DA9E5DBDEE2BC1CC90356595CD42F38FDECCDB2A1A3FC3D9009F8B7373D958F5E49BB45E8DB39AD9DDCCC48A475D30B3BB8878CAE588A89C64F26D4DA99DBEA065
+answer = BA0D89B5FADA40F32430863C25835832EF2ECF488293B0B5EF9558C32889A6F605CAC3C603000000FE000100C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5BFE00010016FF6EA381CEBAC834CD02D5F61E51E80F7BB20351E46926C814967E6EA967D6CD0066A5A300FFFD9467036AA11DC0B4711A2AD0BA0A91E237BD290F879435B459DE032D262716909E6C6996BCED43461D5360BCD8C0039509F0F57FD4FD9B77F9A1E84C3D37763A0143924FC101C8F1B04B2140FF368EDBA7E9EF9E58E6B86C028B46FA8B1D05CEB6DF48E576AA7C08EC53513ACEF71EAB76ED09A17914B6371D4C2F86EEA1CB5652433E3C3EA4262011CBBE3555443BB140332EEBF9C7E6D07C759AE7D1A5B5738E17A7DA9E5DBDEE2BC1CC90356595CD42F38FDECCDB2A1A3FC3D9009F8B7373D958F5E49BB45E8DB39AD9DDCCC48A475D30B3BB8878CAE588A89C64F26D4DA99DBEA065

 
 
 
Generated payload (excluding transport headers/trailers):

-
0000 | BA 0D 89 B5 36 5B 3A 12 7C 5B 59 09 49 0E 6C 3A
-0010 | EC EC 01 26 C2 18 4E 38 BA C1 64 9C 35 FD 28 FC
-0020 | 20 E9 A7 EA 03 00 00 00 FE 00 01 00 C7 1C AE B9
+
0000 | BA 0D 89 B5 FA DA 40 F3 24 30 86 3C 25 83 58 32
+0010 | EF 2E CF 48 82 93 B0 B5 EF 95 58 C3 28 89 A6 F6
+0020 | 05 CA C3 C6 03 00 00 00 FE 00 01 00 C7 1C AE B9
 0030 | C6 B1 C9 04 8E 6C 52 2F 70 F1 3F 73 98 0D 40 23
 0040 | 8E 3E 21 C1 49 34 D0 37 56 3D 93 0F 48 19 8A 0A
 0050 | A7 C1 40 58 22 94 93 D2 25 30 F4 DB FA 33 6F 6E
@@ -527,23 +533,23 @@ answer = BA0D89B5365B3A127C5B5909490E6C3AECEC0126C2184E38BAC1649C35FD28FC20E9A7E
 0100 | F4 7B F9 59 D9 56 85 0C E9 29 85 1F 0D 81 15 F6
 0110 | 35 B1 05 EE 2E 4E 15 D0 4B 24 54 BF 6F 4F AD F0
 0120 | 34 B1 04 03 11 9C D8 E3 B9 2F CC 5B FE 00 01 00
-0130 | AA 3B B5 29 DC 2E F3 C7 4A 49 AB 7F 8C 9A 84 BF
-0140 | E8 6F 5C C3 AC BB BB 5E E0 47 56 6E 5A F0 6C E5
-0150 | 6F 10 62 7D 75 F8 86 EC D2 77 7D 16 79 B8 7E 81
-0160 | 52 3B B5 85 DC 50 F7 68 C9 A4 19 C2 2C 26 0B 69
-0170 | 24 B1 7A 8F 15 3B 9F 26 0F C1 61 EC E1 D5 95 38
-0180 | 0F C3 3C DB DF 55 2F 01 9F B8 29 E0 70 1C 00 5A
-0190 | 7B 84 9A 71 F9 EF 8C 51 41 E0 1F 15 24 66 F4 1B
-01A0 | B9 F1 3B 0F EF 8E 0E FC 30 91 DA F7 C4 A9 E4 F6
-01B0 | 5F 77 B4 D3 F1 5E C3 97 7F FA 6C B6 BA B7 F9 95
-01C0 | E2 CE 25 39 8E 09 DA 9E AD 7A AA 4B F0 5A 91 33
-01D0 | B9 54 08 0F 7B 25 8F 20 C0 FA DE 9E 44 A7 B2 AA
-01E0 | 73 E5 1D 91 AC 86 72 03 35 CB B3 8A 3D B9 06 89
-01F0 | D8 52 33 89 9F 29 22 28 EF B6 FD 28 59 23 76 0A
-0200 | 5E 22 0A DC 3F 52 B3 E0 26 5B FC 5A B2 3E 4D DC
-0210 | 2D 4E 14 E1 8B 28 11 EE 65 6B 5A 16 58 66 63 28
-0220 | 9D 02 42 2C 48 F1 B8 D7 70 17 EF FC D2 76 E5 ED
-0230 | DD 9D 9C 64

+0130 | 16 FF 6E A3 81 CE BA C8 34 CD 02 D5 F6 1E 51 E8
+0140 | 0F 7B B2 03 51 E4 69 26 C8 14 96 7E 6E A9 67 D6
+0150 | CD 00 66 A5 A3 00 FF FD 94 67 03 6A A1 1D C0 B4
+0160 | 71 1A 2A D0 BA 0A 91 E2 37 BD 29 0F 87 94 35 B4
+0170 | 59 DE 03 2D 26 27 16 90 9E 6C 69 96 BC ED 43 46
+0180 | 1D 53 60 BC D8 C0 03 95 09 F0 F5 7F D4 FD 9B 77
+0190 | F9 A1 E8 4C 3D 37 76 3A 01 43 92 4F C1 01 C8 F1
+01A0 | B0 4B 21 40 FF 36 8E DB A7 E9 EF 9E 58 E6 B8 6C
+01B0 | 02 8B 46 FA 8B 1D 05 CE B6 DF 48 E5 76 AA 7C 08
+01C0 | EC 53 51 3A CE F7 1E AB 76 ED 09 A1 79 14 B6 37
+01D0 | 1D 4C 2F 86 EE A1 CB 56 52 43 3E 3C 3E A4 26 20
+01E0 | 11 CB BE 35 55 44 3B B1 40 33 2E EB F9 C7 E6 D0
+01F0 | 7C 75 9A E7 D1 A5 B5 73 8E 17 A7 DA 9E 5D BD EE
+0200 | 2B C1 CC 90 35 65 95 CD 42 F3 8F DE CC DB 2A 1A
+0210 | 3F C3 D9 00 9F 8B 73 73 D9 58 F5 E4 9B B4 5E 8D
+0220 | B3 9A D9 DD CC C4 8A 47 5D 30 B3 BB 88 78 CA E5
+0230 | 88 A8 9C 64

 
Payload (de)serialization:

 
server_DH_inner_data#b5890dba nonce:int128 server_nonce:int128 g:int dh_prime:string g_a:string server_time:int = Server_DH_inner_data;

 
@@ -565,13 +571,13 @@ answer = BA0D89B5365B3A127C5B5909490E6C3AECEC0126C2184E38BAC1649C35FD28FC20E9A7E
 
-
+
-
+
@@ -589,49 +595,49 @@ answer = BA0D89B5365B3A127C5B5909490E6C3AECEC0126C2184E38BAC1649C35FD28FC20E9A7E
 
-
+
-
+

 nonce
 4, 16365B3A127C5B5909490E6C3AECEC0126FADA40F32430863C25835832EF2ECF48
 Value generated by client in Step 1
 

 

 server_nonce
 20, 16C2184E38BAC1649C35FD28FC20E9A7EA8293B0B5EF9558C32889A6F605CAC3C6
 Value received from server in Step 2
 

 

 g_a
 300, 260FE000100AA3BB529DC2EF3C74A49AB7F 8C9A84BFE86F5CC3ACBBBB5EE047566E 5AF06CE56F10627D75F886ECD2777D16 79B87E81523BB585DC50F768C9A419C2 2C260B6924B17A8F153B9F260FC161EC E1D595380FC33CDBDF552F019FB829E0 701C005A7B849A71F9EF8C5141E01F15 2466F41BB9F13B0FEF8E0EFC3091DAF7 C4A9E4F65F77B4D3F15EC3977FFA6CB6 BAB7F995E2CE25398E09DA9EAD7AAA4B F05A9133B954080F7B258F20C0FADE9E 44A7B2AA73E51D91AC86720335CBB38A 3DB90689D85233899F292228EFB6FD28 5923760A5E220ADC3F52B3E0265BFC5A B23E4DDC2D4E14E18B2811EE656B5A16 586663289D02422C48F1B8D77017EFFC
 D276E5ED		FE00010016FF6EA381CEBAC834CD02D5 F61E51E80F7BB20351E46926C814967E 6EA967D6CD0066A5A300FFFD9467036A A11DC0B4711A2AD0BA0A91E237BD290F 879435B459DE032D262716909E6C6996 BCED43461D5360BCD8C0039509F0F57F D4FD9B77F9A1E84C3D37763A0143924F C101C8F1B04B2140FF368EDBA7E9EF9E 58E6B86C028B46FA8B1D05CEB6DF48E5 76AA7C08EC53513ACEF71EAB76ED09A1 7914B6371D4C2F86EEA1CB5652433E3C 3EA4262011CBBE3555443BB140332EEB F9C7E6D07C759AE7D1A5B5738E17A7DA 9E5DBDEE2BC1CC90356595CD42F38FDE CCDB2A1A3FC3D9009F8B7373D958F5E4 9BB45E8DB39AD9DDCCC48A475D30B3BB
 8878CAE5		
 g_a diffie-hellman parameter
 

 

 server_time
 560, 4DD9D9C64 (1687985629 in decimal)88A89C64 (1687988360 in decimal)
 Server time
 

 
 

 
-
4.2. generate diffie-helman parameters

+
7) Client computes random 2048-bit number b (using a sufficient amount of entropy) and sends the server a message

 
First, generate a secure random 2048-bit number b:

 
-
b = 3333AB3DDBC89A3297AFD5C1FD314F9F6F90D3FDFB47EEC50B6710C2378B98D18EDDB06FD1977780D8B10A5DE2B5CBAD8FADD3F6526F3ECB8AF27ADF629915701287D23BC30EC426C4DCF8663DA2D700A98617E74EEFDDA53F4F6DEC2086406FC9FD1EBF423380E57C796B599978B6A028A70CA23D9D53318A9CD17C4AF652CA9119AFB6031EBD15293D1BFEA24183FE033113FF79BCC7C9A472CFC4CEFC800793CBC2366777525895056107937C7C52C34CD318F91F8B59D5DAA100AE11A2C4381D2FC16086C8C46BA641CF25036F52575688956773C91C734D7BF63FBC699795669B832A879A93B06238720B35A46B4C8878627D96C18577C978BFE9499157

+
b = 60E5EF5739A1F05DC94CF59C95D5210BBF75D1F538074CDFAD3783A47FA5964DFB3B8BE62890C1226356A032A7F3CCCFA732C1FF1979445861CFCAE42A6E5BFC932BE2EF3D128B94D90CBB617666A89E1765E7480EBC6EBA29A5B59C4BE174B6BAF7E3FFA8C43A6CA68D438FC08C7BAFB1895E253C9968E282B5E07FE0D9C7CD97AFC24A976BBBAE55C5FA8A8C257A4DBC1010696FCC6B9EA5AAB2FC2FDEE44BF837E4A3F46D230EEDFA337173E8188C30582FB93153B86EB8AB51592CA18D53A6CD1EE6034D5D05901430EB0F6B5BB04C700BA0D23FFD56D2286786620FE1A8F1799DD59FD278334D3EA1882A145AFCCCA0E358F51FA684E2114754C6E6D9F5

 
 
Then compute g_b = pow(g, b) mod dh_prime

 
-
g_b = 3DE753B9F0985A68E14BD95E3B720FCB617EB5899AA28772C8B477BAD4FA9544C671AA9D4B3E2F90ABDC55B25A61AD4FE5132AD3CFEDC5EA196110F4E4F02656F57D61FCE05D660F129DD1B817A003F73783BA041103A199B0AAB76A13FFFC339C35DB8A368FCBB4B35387CB82A019886FEFB17227616BBE287818B5553E339247890288C2DC6077FE721F769F92751F637E1731D1101803E522F293D4BEB4B17FDF121FB5C23B8D0EF2B02A0706638FD6415B5A7E90B8A55AE6CA13E2F238BF4C7856D1406ED546D7A6A79CBCEDDBF2209C0F074502067B7A15B2AD28EE139D2250006ECE5A2449C87F2B0EAA0B2CB75CD97D775055495DB03C7E03F9F614DF

+
g_b = 6CACFC730C86DE7CF114F5685EC456F4782B254C4D340F0D7E6DE5689D8DFB2FEC553950F48D6E027F982F4ADE4D783D9360804BB6DD9A81C22AEC69C74177E7ECCB1D5F41B4231EBB6CF6AE69E7157755950A42A4E27171900E98DA314CF492F1D124B69FAA203AF07C8C615FC32F9EA28C786C6102F7B571932FFA1E3216EBD8F9EA4709D9BF1212DB7D9EB4E081B0912C94A136EF66D0CD7065FDB4D9AB123FC92D009A00FE5E06B3CC1A015F561CA89CE9F7907A5F5D95F36544BFD9B588CC27D8D9EDD1313B6425DAFF97EB04A9BD47D4DA15D6E3B951C631B3515982E86A163FEE161FF7C70485C1BCAA675BF6FD1EC376D383E1C17707BF1802E51291

 
-
4.3 generation of encrypted_data

+
7.1) generation of encrypted_data

 
 
Generated payload (excluding transport headers/trailers):

-
0000 | 54 B6 43 66 36 5B 3A 12 7C 5B 59 09 49 0E 6C 3A
-0010 | EC EC 01 26 C2 18 4E 38 BA C1 64 9C 35 FD 28 FC
-0020 | 20 E9 A7 EA 00 00 00 00 00 00 00 00 FE 00 01 00
-0030 | 3D E7 53 B9 F0 98 5A 68 E1 4B D9 5E 3B 72 0F CB
-0040 | 61 7E B5 89 9A A2 87 72 C8 B4 77 BA D4 FA 95 44
-0050 | C6 71 AA 9D 4B 3E 2F 90 AB DC 55 B2 5A 61 AD 4F
-0060 | E5 13 2A D3 CF ED C5 EA 19 61 10 F4 E4 F0 26 56
-0070 | F5 7D 61 FC E0 5D 66 0F 12 9D D1 B8 17 A0 03 F7
-0080 | 37 83 BA 04 11 03 A1 99 B0 AA B7 6A 13 FF FC 33
-0090 | 9C 35 DB 8A 36 8F CB B4 B3 53 87 CB 82 A0 19 88
-00A0 | 6F EF B1 72 27 61 6B BE 28 78 18 B5 55 3E 33 92
-00B0 | 47 89 02 88 C2 DC 60 77 FE 72 1F 76 9F 92 75 1F
-00C0 | 63 7E 17 31 D1 10 18 03 E5 22 F2 93 D4 BE B4 B1
-00D0 | 7F DF 12 1F B5 C2 3B 8D 0E F2 B0 2A 07 06 63 8F
-00E0 | D6 41 5B 5A 7E 90 B8 A5 5A E6 CA 13 E2 F2 38 BF
-00F0 | 4C 78 56 D1 40 6E D5 46 D7 A6 A7 9C BC ED DB F2
-0100 | 20 9C 0F 07 45 02 06 7B 7A 15 B2 AD 28 EE 13 9D
-0110 | 22 50 00 6E CE 5A 24 49 C8 7F 2B 0E AA 0B 2C B7
-0120 | 5C D9 7D 77 50 55 49 5D B0 3C 7E 03 F9 F6 14 DF

+
0000 | 54 B6 43 66 FA DA 40 F3 24 30 86 3C 25 83 58 32
+0010 | EF 2E CF 48 82 93 B0 B5 EF 95 58 C3 28 89 A6 F6
+0020 | 05 CA C3 C6 00 00 00 00 00 00 00 00 FE 00 01 00
+0030 | 6C AC FC 73 0C 86 DE 7C F1 14 F5 68 5E C4 56 F4
+0040 | 78 2B 25 4C 4D 34 0F 0D 7E 6D E5 68 9D 8D FB 2F
+0050 | EC 55 39 50 F4 8D 6E 02 7F 98 2F 4A DE 4D 78 3D
+0060 | 93 60 80 4B B6 DD 9A 81 C2 2A EC 69 C7 41 77 E7
+0070 | EC CB 1D 5F 41 B4 23 1E BB 6C F6 AE 69 E7 15 77
+0080 | 55 95 0A 42 A4 E2 71 71 90 0E 98 DA 31 4C F4 92
+0090 | F1 D1 24 B6 9F AA 20 3A F0 7C 8C 61 5F C3 2F 9E
+00A0 | A2 8C 78 6C 61 02 F7 B5 71 93 2F FA 1E 32 16 EB
+00B0 | D8 F9 EA 47 09 D9 BF 12 12 DB 7D 9E B4 E0 81 B0
+00C0 | 91 2C 94 A1 36 EF 66 D0 CD 70 65 FD B4 D9 AB 12
+00D0 | 3F C9 2D 00 9A 00 FE 5E 06 B3 CC 1A 01 5F 56 1C
+00E0 | A8 9C E9 F7 90 7A 5F 5D 95 F3 65 44 BF D9 B5 88
+00F0 | CC 27 D8 D9 ED D1 31 3B 64 25 DA FF 97 EB 04 A9
+0100 | BD 47 D4 DA 15 D6 E3 B9 51 C6 31 B3 51 59 82 E8
+0110 | 6A 16 3F EE 16 1F F7 C7 04 85 C1 BC AA 67 5B F6
+0120 | FD 1E C3 76 D3 83 E1 C1 77 07 BF 18 02 E5 12 91

 
Payload (de)serialization:

 
client_DH_inner_data#6643b654 nonce:int128 server_nonce:int128 retry_id:long g_b:string = Client_DH_Inner_Data;

 
@@ -653,73 +659,73 @@ answer = BA0D89B5365B3A127C5B5909490E6C3AECEC0126C2184E38BAC1649C35FD28FC20E9A7E
 
-
+
-
+
-
+
-
+

 nonce
 4, 16365B3A127C5B5909490E6C3AECEC0126FADA40F32430863C25835832EF2ECF48
 Value generated by client in Step 1
 

 

 server_nonce
 20, 16C2184E38BAC1649C35FD28FC20E9A7EA8293B0B5EF9558C32889A6F605CAC3C6
 Value received from server in Step 2
 

 

 g_b
 36, 260FE0001003DE753B9F0985A68E14BD95E 3B720FCB617EB5899AA28772C8B477BA D4FA9544C671AA9D4B3E2F90ABDC55B2 5A61AD4FE5132AD3CFEDC5EA196110F4 E4F02656F57D61FCE05D660F129DD1B8 17A003F73783BA041103A199B0AAB76A 13FFFC339C35DB8A368FCBB4B35387CB 82A019886FEFB17227616BBE287818B5 553E339247890288C2DC6077FE721F76 9F92751F637E1731D1101803E522F293 D4BEB4B17FDF121FB5C23B8D0EF2B02A 0706638FD6415B5A7E90B8A55AE6CA13 E2F238BF4C7856D1406ED546D7A6A79C BCEDDBF2209C0F074502067B7A15B2AD 28EE139D2250006ECE5A2449C87F2B0E AA0B2CB75CD97D775055495DB03C7E03
 F9F614DF		FE0001006CACFC730C86DE7CF114F568 5EC456F4782B254C4D340F0D7E6DE568 9D8DFB2FEC553950F48D6E027F982F4A DE4D783D9360804BB6DD9A81C22AEC69 C74177E7ECCB1D5F41B4231EBB6CF6AE 69E7157755950A42A4E27171900E98DA 314CF492F1D124B69FAA203AF07C8C61 5FC32F9EA28C786C6102F7B571932FFA 1E3216EBD8F9EA4709D9BF1212DB7D9E B4E081B0912C94A136EF66D0CD7065FD B4D9AB123FC92D009A00FE5E06B3CC1A 015F561CA89CE9F7907A5F5D95F36544 BFD9B588CC27D8D9EDD1313B6425DAFF 97EB04A9BD47D4DA15D6E3B951C631B3 515982E86A163FEE161FF7C70485C1BC AA675BF6FD1EC376D383E1C17707BF18
 02E51291		
 Single-byte prefix denoting length, a 256-byte (2048-bit) string, and zero bytes of padding
 

 

 retry_id
 296, 8
 0000000000000000Equal to zero at the time of the first attempt; otherwise, it is equal to auth_key_aux_hash from the previous failed attempt (see Item 9).Equal to zero at the time of the first attempt; otherwise, it is equal to auth_key_aux_hash from the previous failed attempt (see Item 7).
 

 
 

 
 
The serialization of Client_DH_Inner_Data produces a string data. This is used to generate encrypted_data as specified in step 6, using the following inputs:

 
-
data = 54B64366365B3A127C5B5909490E6C3AECEC0126C2184E38BAC1649C35FD28FC20E9A7EA0000000000000000FE0001003DE753B9F0985A68E14BD95E3B720FCB617EB5899AA28772C8B477BAD4FA9544C671AA9D4B3E2F90ABDC55B25A61AD4FE5132AD3CFEDC5EA196110F4E4F02656F57D61FCE05D660F129DD1B817A003F73783BA041103A199B0AAB76A13FFFC339C35DB8A368FCBB4B35387CB82A019886FEFB17227616BBE287818B5553E339247890288C2DC6077FE721F769F92751F637E1731D1101803E522F293D4BEB4B17FDF121FB5C23B8D0EF2B02A0706638FD6415B5A7E90B8A55AE6CA13E2F238BF4C7856D1406ED546D7A6A79CBCEDDBF2209C0F074502067B7A15B2AD28EE139D2250006ECE5A2449C87F2B0EAA0B2CB75CD97D775055495DB03C7E03F9F614DF
-padding = 8FD908884FACC949D9DC73DE
-tmp_aes_key = 81A769A19DC0ED0D3DABE397D479407674D72119F479C1425094F54AB0188100
-tmp_aes_iv = 3C22B0B11A532C2778AEB3002E5331A7B5D59D62E0E72FA734EB7B62AABBEA0C

+
data = 54B64366FADA40F32430863C25835832EF2ECF488293B0B5EF9558C32889A6F605CAC3C60000000000000000FE0001006CACFC730C86DE7CF114F5685EC456F4782B254C4D340F0D7E6DE5689D8DFB2FEC553950F48D6E027F982F4ADE4D783D9360804BB6DD9A81C22AEC69C74177E7ECCB1D5F41B4231EBB6CF6AE69E7157755950A42A4E27171900E98DA314CF492F1D124B69FAA203AF07C8C615FC32F9EA28C786C6102F7B571932FFA1E3216EBD8F9EA4709D9BF1212DB7D9EB4E081B0912C94A136EF66D0CD7065FDB4D9AB123FC92D009A00FE5E06B3CC1A015F561CA89CE9F7907A5F5D95F36544BFD9B588CC27D8D9EDD1313B6425DAFF97EB04A9BD47D4DA15D6E3B951C631B3515982E86A163FEE161FF7C70485C1BCAA675BF6FD1EC376D383E1C17707BF1802E51291
+padding = ADBCA793403652D954B1FC6C
+tmp_aes_key = 5591331B9FCD7D6497E6CB4AA80ED849263CE0E54F29B93A527A6ED056DCCBC4
+tmp_aes_iv = D18064B0BB84ACB797BD4CB2F01B4FDE19F32A390408CAE58C7DCE20E56AF739

 
 
Process:

 
data_with_hash := SHA1(data) + data + padding (0-15 random bytes such that total length is divisible by 16)
 encrypted_data := AES256_ige_encrypt (data_with_hash, tmp_aes_key, tmp_aes_iv);

 
Output:

 
-
encrypted_data = 93330604E44C6F993349C60F05C23EDC56B844B57C654AEDF19B44F5EF8DB9590F7D9A9F8E81C50C377E3481D8DF9DD585D45AE25D3B9E51CE4FF584130236697C14C6BBFD65599D53132AB5FB31FF4AAC92EC7F256B5F9CE8FFB747F77E9F81588D277E3DFFB9F14E3642ACD2A1F9BBE66054608627027692D2A08DCC6671A4E6A43EFF37053E7F57DA1E04D8D6395D27BD09D7D49F46713CF0232073B342A3E2F34D23D9D8CD70E154A713B0AFACC27910ABC49D99EBA882FEBC22F6A5E7FD5AE5ABF49352372FA64D9D11BF4380197C59AEDE23D11DD7E09FABDD85A6173CD0CB8F1DFD7D0301C6DD4E40FDDC9C3A80C1E5ABDC51ADFEF357753C7B7D4DE4E8A4CAF10DF7248BCDACE125A08A35CBF4A021CFA1D78F606EE604BA14F012B13F22252C952FD52B0560679C63168188B07805E45613C7EFEE8C5495E72931C2553A0FCA7BB11D3ED48F1A5043DC776D

+
encrypted_data = 38F1719D5B8EF6E2AAB74FF2FD0B2A57317F1971CF66A68AD134589D66FFB95C1152B185C55421B7473080AE93787546166019B391207ABFA3B110C442B0F319CB738DB7303641DA3E2165231923A93D1136920FB4764614BC2F9A9A13273819AF019DC33332FB87B1F179C1A228B44BB03E3673D664979F8F50385A5F9779C55CBD9FDE7BA94AF9DB9AEDF5D30AF621E38E8006B63429731E4FD63E524BF08DAE17B298E0E7221EB4358782AB7B95CDEC66B50143D415CD0CFC4CBA2CAB26D4203B37BA4AB223694B5187EA6F3B017690A5CE7A5BC6AFE0E49AA05CB90CEF4B6E9BE64703032A49A76EAC8AB06F2F2C23BE94F96D9F32BE3691852885CF1A691394C5A0B46CCBE66A3B967463E9163A19414FCC670301823E9FC1E9B3DDBB66680E97C267A8F743CC6D20CE0C4E557B7F51923A9F3BEF77E7190B42C1BACB24690C476EA6BDD7F7C73A99AE42AF8FD7

 
 
The length of the final string is 336 bytes.

-
5. request set_client_dh_params

+
7.2) set_client_DH_params query

 
 
Sent payload (excluding transport headers/trailers):

-
0000 | 00 00 00 00 00 00 00 00 00 00 00 00 DD 9D 9C 64
-0010 | 78 01 00 00 1F 5F 04 F5 36 5B 3A 12 7C 5B 59 09
-0020 | 49 0E 6C 3A EC EC 01 26 C2 18 4E 38 BA C1 64 9C
-0030 | 35 FD 28 FC 20 E9 A7 EA FE 50 01 00 93 33 06 04
-0040 | E4 4C 6F 99 33 49 C6 0F 05 C2 3E DC 56 B8 44 B5
-0050 | 7C 65 4A ED F1 9B 44 F5 EF 8D B9 59 0F 7D 9A 9F
-0060 | 8E 81 C5 0C 37 7E 34 81 D8 DF 9D D5 85 D4 5A E2
-0070 | 5D 3B 9E 51 CE 4F F5 84 13 02 36 69 7C 14 C6 BB
-0080 | FD 65 59 9D 53 13 2A B5 FB 31 FF 4A AC 92 EC 7F
-0090 | 25 6B 5F 9C E8 FF B7 47 F7 7E 9F 81 58 8D 27 7E
-00A0 | 3D FF B9 F1 4E 36 42 AC D2 A1 F9 BB E6 60 54 60
-00B0 | 86 27 02 76 92 D2 A0 8D CC 66 71 A4 E6 A4 3E FF
-00C0 | 37 05 3E 7F 57 DA 1E 04 D8 D6 39 5D 27 BD 09 D7
-00D0 | D4 9F 46 71 3C F0 23 20 73 B3 42 A3 E2 F3 4D 23
-00E0 | D9 D8 CD 70 E1 54 A7 13 B0 AF AC C2 79 10 AB C4
-00F0 | 9D 99 EB A8 82 FE BC 22 F6 A5 E7 FD 5A E5 AB F4
-0100 | 93 52 37 2F A6 4D 9D 11 BF 43 80 19 7C 59 AE DE
-0110 | 23 D1 1D D7 E0 9F AB DD 85 A6 17 3C D0 CB 8F 1D
-0120 | FD 7D 03 01 C6 DD 4E 40 FD DC 9C 3A 80 C1 E5 AB
-0130 | DC 51 AD FE F3 57 75 3C 7B 7D 4D E4 E8 A4 CA F1
-0140 | 0D F7 24 8B CD AC E1 25 A0 8A 35 CB F4 A0 21 CF
-0150 | A1 D7 8F 60 6E E6 04 BA 14 F0 12 B1 3F 22 25 2C
-0160 | 95 2F D5 2B 05 60 67 9C 63 16 81 88 B0 78 05 E4
-0170 | 56 13 C7 EF EE 8C 54 95 E7 29 31 C2 55 3A 0F CA
-0180 | 7B B1 1D 3E D4 8F 1A 50 43 DC 77 6D

+
0000 | 00 00 00 00 00 00 00 00 00 00 00 00 88 A8 9C 64
+0010 | 78 01 00 00 1F 5F 04 F5 FA DA 40 F3 24 30 86 3C
+0020 | 25 83 58 32 EF 2E CF 48 82 93 B0 B5 EF 95 58 C3
+0030 | 28 89 A6 F6 05 CA C3 C6 FE 50 01 00 38 F1 71 9D
+0040 | 5B 8E F6 E2 AA B7 4F F2 FD 0B 2A 57 31 7F 19 71
+0050 | CF 66 A6 8A D1 34 58 9D 66 FF B9 5C 11 52 B1 85
+0060 | C5 54 21 B7 47 30 80 AE 93 78 75 46 16 60 19 B3
+0070 | 91 20 7A BF A3 B1 10 C4 42 B0 F3 19 CB 73 8D B7
+0080 | 30 36 41 DA 3E 21 65 23 19 23 A9 3D 11 36 92 0F
+0090 | B4 76 46 14 BC 2F 9A 9A 13 27 38 19 AF 01 9D C3
+00A0 | 33 32 FB 87 B1 F1 79 C1 A2 28 B4 4B B0 3E 36 73
+00B0 | D6 64 97 9F 8F 50 38 5A 5F 97 79 C5 5C BD 9F DE
+00C0 | 7B A9 4A F9 DB 9A ED F5 D3 0A F6 21 E3 8E 80 06
+00D0 | B6 34 29 73 1E 4F D6 3E 52 4B F0 8D AE 17 B2 98
+00E0 | E0 E7 22 1E B4 35 87 82 AB 7B 95 CD EC 66 B5 01
+00F0 | 43 D4 15 CD 0C FC 4C BA 2C AB 26 D4 20 3B 37 BA
+0100 | 4A B2 23 69 4B 51 87 EA 6F 3B 01 76 90 A5 CE 7A
+0110 | 5B C6 AF E0 E4 9A A0 5C B9 0C EF 4B 6E 9B E6 47
+0120 | 03 03 2A 49 A7 6E AC 8A B0 6F 2F 2C 23 BE 94 F9
+0130 | 6D 9F 32 BE 36 91 85 28 85 CF 1A 69 13 94 C5 A0
+0140 | B4 6C CB E6 6A 3B 96 74 63 E9 16 3A 19 41 4F CC
+0150 | 67 03 01 82 3E 9F C1 E9 B3 DD BB 66 68 0E 97 C2
+0160 | 67 A8 F7 43 CC 6D 20 CE 0C 4E 55 7B 7F 51 92 3A
+0170 | 9F 3B EF 77 E7 19 0B 42 C1 BA CB 24 69 0C 47 6E
+0180 | A6 BD D7 F7 C7 3A 99 AE 42 AF 8F D7

 
Payload (de)serialization:

 
set_client_DH_params#f5045f1f nonce:int128 server_nonce:int128 encrypted_data:string = Set_client_DH_params_answer;

 
@@ -741,7 +747,7 @@ encrypted_data := AES256_ige_encrypt (data_with_hash, tmp_aes_key, tmp_aes_iv);<
 
-
+
@@ -759,38 +765,38 @@ encrypted_data := AES256_ige_encrypt (data_with_hash, tmp_aes_key, tmp_aes_iv);<
 
-
+
-
+
-
+

 message_id
 8, 800000000DD9D9C640000000088A89C64
 Exact unixtime*2^32, +(4*N) if N messages with the same message ID were already generated
 

 

 nonce
 24, 16365B3A127C5B5909490E6C3AECEC0126FADA40F32430863C25835832EF2ECF48
 Value generated by client in Step 1
 

 

 server_nonce
 40, 16C2184E38BAC1649C35FD28FC20E9A7EA8293B0B5EF9558C32889A6F605CAC3C6
 Value received from server in Step 2
 

 

 encrypted_data
 56, 340FE50010093330604E44C6F993349C60F 05C23EDC56B844B57C654AEDF19B44F5 EF8DB9590F7D9A9F8E81C50C377E3481 D8DF9DD585D45AE25D3B9E51CE4FF584 130236697C14C6BBFD65599D53132AB5 FB31FF4AAC92EC7F256B5F9CE8FFB747 F77E9F81588D277E3DFFB9F14E3642AC D2A1F9BBE66054608627027692D2A08D CC6671A4E6A43EFF37053E7F57DA1E04 D8D6395D27BD09D7D49F46713CF02320 73B342A3E2F34D23D9D8CD70E154A713 B0AFACC27910ABC49D99EBA882FEBC22 F6A5E7FD5AE5ABF49352372FA64D9D11 BF4380197C59AEDE23D11DD7E09FABDD 85A6173CD0CB8F1DFD7D0301C6DD4E40 FDDC9C3A80C1E5ABDC51ADFEF357753C 7B7D4DE4E8A4CAF10DF7248BCDACE125 A08A35CBF4A021CFA1D78F606EE604BA 14F012B13F22252C952FD52B0560679C 63168188B07805E45613C7EFEE8C5495 E72931C2553A0FCA7BB11D3ED48F1A50
 43DC776D		FE50010038F1719D5B8EF6E2AAB74FF2 FD0B2A57317F1971CF66A68AD134589D 66FFB95C1152B185C55421B7473080AE 93787546166019B391207ABFA3B110C4 42B0F319CB738DB7303641DA3E216523 1923A93D1136920FB4764614BC2F9A9A 13273819AF019DC33332FB87B1F179C1 A228B44BB03E3673D664979F8F50385A 5F9779C55CBD9FDE7BA94AF9DB9AEDF5 D30AF621E38E8006B63429731E4FD63E 524BF08DAE17B298E0E7221EB4358782 AB7B95CDEC66B50143D415CD0CFC4CBA 2CAB26D4203B37BA4AB223694B5187EA 6F3B017690A5CE7A5BC6AFE0E49AA05C B90CEF4B6E9BE64703032A49A76EAC8A B06F2F2C23BE94F96D9F32BE36918528 85CF1A691394C5A0B46CCBE66A3B9674 63E9163A19414FCC670301823E9FC1E9 B3DDBB66680E97C267A8F743CC6D20CE 0C4E557B7F51923A9F3BEF77E7190B42 C1BACB24690C476EA6BDD7F7C73A99AE
 42AF8FD7		
 Encrypted client_DH_inner_data generated previously, serialized as a TL byte string
 

 
 

 
-
6. auth key generation

+
8) Auth key generation

 
The client computes the auth_key using formula g_a^b mod dh_prime:

 
-
auth_key = 05ACE659A2FCCFDE0B093E1FAC47A3FA50D252047AE565F40311FC448366518D7419AA9E1ACE2AAB527BAF62405988E30B8A604BA8FADFEDCB0E36A0C9DD11CEF496105F252996DDC7925D5BB0DDA956448F460AC373FAF99575CC8D477C77B90261092265F272DF7B82753DEBDC86831D36FFF971F05CD9D9E5A09088FE293F2E9BCF08A75B66A9FE01D91CD75707B8F91BEAFD541EA235CB831CCF7694DFAB9C7E1BECF60CCBF2A38C1CD413DCB9D2E109153F66693A54E5DECAB905BBF1D7434D6FCF6A7C8D5A9787DA866ACC25B9F1317D7DD34C185ADD5A90861CF592DD0B8C09F825D26FDE8F3E17AE16478BB5D7F95AE11D4F674D8D21EAF6CC67CF29

+
auth_key = 9027CFEBAE30F28B579427308BE6DFA56C87742E8EF3EBAE2AE2F5558A86901C5515580B0B6A9909D708DD5735184B93EC5162B921C10639501E2848B9E7D55512729BF0B3A54664A8E5CD3AA2C6E28356215492365992406F6EC7C9A5C2DEFAFCE7B69031E6444C60E4319F6792458B619302EBEB6EE4401E6D024FB0D00E052FE860F2A255A5F156244468D453FF23415ADE15A69690A8FBEF5971E4CF22A6C53A70CD9375AE85225EC93F2A97B07D765E4BBCC200C2DEBDB01FAFE7FDAB1D0EE3A8E0EE63C0B79BE887E933FB34B66A6BB595BBA8D18CF265688289BFA4E1DBF7A58EF32CFECFB415FA979609ABC0025F588EB9925D8AC42842827EDD00D8

 
-
7. reply set_client_dh_params_answer

+
9) Final server reply

 
The server verifies and confirms that auth_key_hash is unique: since it's unique, it replies with the following:

 
 
Received payload (excluding transport headers/trailers):

-
0000 | 00 00 00 00 00 00 00 00 01 A8 E5 65 DD 9D 9C 64
-0010 | A0 00 00 00 34 F7 CB 3B 36 5B 3A 12 7C 5B 59 09
-0020 | 49 0E 6C 3A EC EC 01 26 C2 18 4E 38 BA C1 64 9C
-0030 | 35 FD 28 FC 20 E9 A7 EA 20 6C 98 37 3F A1 E0 49
-0040 | 14 C0 9B E1 57 2B 96 3C

+
0000 | 00 00 00 00 00 00 00 00 01 D0 27 78 88 A8 9C 64
+0010 | 34 00 00 00 34 F7 CB 3B FA DA 40 F3 24 30 86 3C
+0020 | 25 83 58 32 EF 2E CF 48 82 93 B0 B5 EF 95 58 C3
+0030 | 28 89 A6 F6 05 CA C3 C6 50 DA F0 67 93 65 D2 53
+0040 | 2F DE 18 A4 36 13 0C A2

 
Payload (de)serialization:

 
dh_gen_ok#3bcbf734 nonce:int128 server_nonce:int128 new_nonce_hash1:int128 = Set_client_DH_params_answer;

 
@@ -812,13 +818,13 @@ encrypted_data := AES256_ige_encrypt (data_with_hash, tmp_aes_key, tmp_aes_iv);<
 
-
+
-
+
@@ -830,19 +836,19 @@ encrypted_data := AES256_ige_encrypt (data_with_hash, tmp_aes_key, tmp_aes_iv);<
 
-
+
-
+
-
+

 message_id
 8, 801A8E565DD9D9C6401D0277888A89C64
 Exact unixtime*2^32, +(4*N) if N messages with the same message ID were already generated
 

 

 message_length
 16, 4A0000000 (160 in decimal)34000000 (52 in decimal)
 Message body length
 

 

 nonce
 24, 16365B3A127C5B5909490E6C3AECEC0126FADA40F32430863C25835832EF2ECF48
 Value generated by client in Step 1
 

 

 server_nonce
 40, 16C2184E38BAC1649C35FD28FC20E9A7EA8293B0B5EF9558C32889A6F605CAC3C6
 Value received from server in Step 2
 

 

 new_nonce_hash1
 56, 16206C98373FA1E04914C09BE1572B963C50DAF0679365D2532FDE18A436130CA2
 The 128 lower-order bits of SHA1 of the byte string derived from the new_nonce string by adding a single byte with the value of 1, 2, or 3, and followed by another 8 bytes with auth_key_aux_hash. Different values are required to prevent an intruder from changing server response dh_gen_ok into dh_gen_retry.