client: conform to Security Guidelines 

See https://core.telegram.org/mtproto/security_guidelines

- [x] [Validation of DH parameters](https://github.com/gotd/td/blob/9bc6d575da59078c5f10ac41eb3358f86a3b2b3d/internal/crypto/check_gp.go#L17-L49)
- [x] [g_a and g_b validation](https://github.com/gotd/td/blob/9bc6d575da59078c5f10ac41eb3358f86a3b2b3d/internal/crypto/dh.go#L24-L40)
- [x] [Checking SHA1 hash values during key generation](https://github.com/gotd/td/blob/9bc6d575da59078c5f10ac41eb3358f86a3b2b3d/internal/exchange/client_flow.go#L226)
- [x] Checking [nonce](https://github.com/gotd/td/blob/9bc6d575da59078c5f10ac41eb3358f86a3b2b3d/internal/exchange/client_flow.go#L41), [server_nonce and new_nonce fields](https://github.com/gotd/td/commit/39fc824cab476e7df09266d64f96d64063a96b92)
- [x] Using secure pseudorandom number generator to create DH secret parameters a and b
- [x] [Checking SHA256 hash value of msg_key](https://github.com/gotd/td/blob/9cf61a6ab5b3ce3f4894bda4aea48694cd3c6aee/internal/crypto/cipher_decrypt.go#L31-L34)
- [x] [Checking message length](https://github.com/gotd/td/commit/a4bdb76185132edaa4c6c77811856a4d14295b66)
- [x] [Checking session_id](https://github.com/gotd/td/blob/9bc6d575da59078c5f10ac41eb3358f86a3b2b3d/mtproto/read.go#L62-L65)
- [x] [Checking msg_id](https://github.com/gotd/td/pull/159)
- [x] Behavior in case of mismatch (we are ignoring message, but don't perform full re-connection)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

client: conform to Security Guidelines #155

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

client: conform to Security Guidelines #155

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions