Auth key generation example

In the examples below, the transport headers are omitted:

For example, for the abridged version of the transport », the client sends 0xef as the first byte (important: only prior to the very first data packet), then the packet length is encoded with a single byte (0x01-0x7e = data length divided by 4; or 0x7f followed by 3 bytes (little endian) divided by 4) followed by the data itself. In this case, server responses have the same structure (although the server does not send 0xefas the first byte).

Detailed documentation on creating authorization keys is available here ».

DH exchange initiation

1) Client sends query to server

Sent payload (excluding transport headers/trailers):

0000 | 00 00 00 00 00 00 00 00 7C 92 07 00 A6 E1 B1 69
0010 | 14 00 00 00 F1 8E 7E BE F3 B2 EA DD CA 9E 5E 9E
0020 | 63 E0 07 4A E0 68 F7 8F

Payload (de)serialization:

req_pq_multi#be7e8ef1 nonce:int128 = ResPQ;

2) Server sends response of the form

Received payload (excluding transport headers/trailers):

0000 | 00 00 00 00 00 00 00 00 01 64 AF FA A6 E1 B1 69
0010 | 50 00 00 00 63 24 16 05 F3 B2 EA DD CA 9E 5E 9E
0020 | 63 E0 07 4A E0 68 F7 8F E9 98 46 74 07 98 77 6B
0030 | 6C 44 B5 59 9B 3A 59 3A 08 22 EE 39 E2 B1 BA 32
0040 | E9 00 00 00 15 C4 B5 1C 03 00 00 00 85 FD 64 DE
0050 | 85 1D 9D D0 A5 B7 F7 09 35 5F C3 0B 21 6B E8 6C
0060 | 02 2B B4 C3

Payload (de)serialization:

resPQ#05162463 nonce:int128 server_nonce:int128 pq:string server_public_key_fingerprints:Vector<strlong> = ResPQ;

In our case, the client only has the following public keys, with the following fingerprints:

• 85FD64DE851D9DD0

Let's choose the only matching key, the one with fingerprint equal to 85FD64DE851D9DD0.

Proof of work

3) Client decomposes pq into prime factors such that p < q.

pq = 2517012887553848041

Decompose into 2 prime cofactors p < q: 2517012887553848041 = 1562045549 * 1611356909

p = 1562045549
q = 1611356909

Presenting proof of work; Server authentication

4) encrypted_data payload generation

First of all, generate an encrypted_data payload as follows:

Generated payload (excluding transport headers/trailers):

0000 | 95 5F F5 A9 08 22 EE 39 E2 B1 BA 32 E9 00 00 00
0010 | 04 5D 1A EC 6D 00 00 00 04 60 0B 5A ED 00 00 00
0020 | F3 B2 EA DD CA 9E 5E 9E 63 E0 07 4A E0 68 F7 8F
0030 | E9 98 46 74 07 98 77 6B 6C 44 B5 59 9B 3A 59 3A
0040 | E6 3E AA 9B A1 BE 1E 24 22 2C B0 28 22 15 53 97
0050 | 2A B1 6C 3B 6D 58 0E 18 80 9B 0E 8D 48 F9 57 C3
0060 | 02 00 00 00

Payload (de)serialization:

p_q_inner_data_dc#a9f55f95 pq:string p:string q:string nonce:int128 server_nonce:int128 new_nonce:int256 dc:int = P_Q_inner_data;

The serialization of P_Q_inner_data produces data, which is used to generate encrypted_data as specified in step 4.1.
These are the inputs to the algorithm specified in step 4.1:

data = 955FF5A90822EE39E2B1BA32E9000000045D1AEC6D00000004600B5AED000000F3B2EADDCA9E5E9E63E0074AE068F78FE99846740798776B6C44B5599B3A593AE63EAA9BA1BE1E24222CB028221553972AB16C3B6D580E18809B0E8D48F957C302000000
random_padding_bytes = DB5D5E1BFF36EEB5BE9033DE8ACB38210389F9B3F4575C1F3E1EC00E3157408868A6539CA0722455D7102034321D6665E60F137471D089DF121A1959D850FE2356F8D396E3078ACA7A031F744313FCAF3742FD59A80465D5EEFC72A7

And this is the output:

encrypted_data = 68DC7368BC4C48FA79115E9E4E00ED6376031C299BCD9AE96DD74430841E82F7E4676B6C03D380D6B117476B881FB52ECED7B6E44FF40B6FC7A7681EE354D6A0DB59F165156A6803F2011D3F9BB2E821D3C17F9DF6B37EDBFAF147063039EFDC15FC47D4177FBED2B104434634B807420F08ADDE7B14E0EA48B0F8F0296D32F6F6E503F2B52A133123043D725EE7F6C77D325C9ECE851E5471E6D80965D62FC1DAD882D582714B878AC2DCE92C4964A891E98118D9F24F7CAA76B9ECC5560B99A1EFB5A2417F108C00518DA619EC81260147A2FECD3DBEAE41E4511FAF52261074627B416D631C747AA5A0A7E1FD74F29E3EA1D55DAB45253D1CB0F27F9DD9BF

The length of the final string is 256 bytes.

5) Send req_DH_params query with generated encrypted_data

Sent payload (excluding transport headers/trailers):

0000 | 00 00 00 00 00 00 00 00 60 D5 07 00 A7 E1 B1 69
0010 | 40 01 00 00 BE E4 12 D7 F3 B2 EA DD CA 9E 5E 9E
0020 | 63 E0 07 4A E0 68 F7 8F E9 98 46 74 07 98 77 6B
0030 | 6C 44 B5 59 9B 3A 59 3A 04 5D 1A EC 6D 00 00 00
0040 | 04 60 0B 5A ED 00 00 00 85 FD 64 DE 85 1D 9D D0
0050 | FE 00 01 00 68 DC 73 68 BC 4C 48 FA 79 11 5E 9E
0060 | 4E 00 ED 63 76 03 1C 29 9B CD 9A E9 6D D7 44 30
0070 | 84 1E 82 F7 E4 67 6B 6C 03 D3 80 D6 B1 17 47 6B
0080 | 88 1F B5 2E CE D7 B6 E4 4F F4 0B 6F C7 A7 68 1E
0090 | E3 54 D6 A0 DB 59 F1 65 15 6A 68 03 F2 01 1D 3F
00A0 | 9B B2 E8 21 D3 C1 7F 9D F6 B3 7E DB FA F1 47 06
00B0 | 30 39 EF DC 15 FC 47 D4 17 7F BE D2 B1 04 43 46
00C0 | 34 B8 07 42 0F 08 AD DE 7B 14 E0 EA 48 B0 F8 F0
00D0 | 29 6D 32 F6 F6 E5 03 F2 B5 2A 13 31 23 04 3D 72
00E0 | 5E E7 F6 C7 7D 32 5C 9E CE 85 1E 54 71 E6 D8 09
00F0 | 65 D6 2F C1 DA D8 82 D5 82 71 4B 87 8A C2 DC E9
0100 | 2C 49 64 A8 91 E9 81 18 D9 F2 4F 7C AA 76 B9 EC
0110 | C5 56 0B 99 A1 EF B5 A2 41 7F 10 8C 00 51 8D A6
0120 | 19 EC 81 26 01 47 A2 FE CD 3D BE AE 41 E4 51 1F
0130 | AF 52 26 10 74 62 7B 41 6D 63 1C 74 7A A5 A0 A7
0140 | E1 FD 74 F2 9E 3E A1 D5 5D AB 45 25 3D 1C B0 F2
0150 | 7F 9D D9 BF

Payload (de)serialization:

req_DH_params#d712e4be nonce:int128 server_nonce:int128 p:string q:string public_key_fingerprint:long encrypted_data:string = Server_DH_Params;

6) Server responds with:

Received payload (excluding transport headers/trailers):

0000 | 00 00 00 00 00 00 00 00 01 74 9F 8C A7 E1 B1 69
0010 | 78 02 00 00 5C 07 E8 D0 F3 B2 EA DD CA 9E 5E 9E
0020 | 63 E0 07 4A E0 68 F7 8F E9 98 46 74 07 98 77 6B
0030 | 6C 44 B5 59 9B 3A 59 3A FE 50 02 00 74 9B CF 14
0040 | DF 1B 5E 04 48 6B C8 7C F2 C3 DF B9 55 18 BE BD
0050 | 4C 79 51 70 7B A0 A6 F6 39 63 F2 8D DC 54 98 07
0060 | A5 A5 34 58 A2 78 80 DF 81 7D CD 5E D0 B1 5D E0
0070 | 53 AE B1 74 65 D4 8D 3C DB 59 5D B0 19 3B 68 5B
0080 | 7C C4 CD A7 12 A3 0F DE 45 0A 3B EE 79 4C 25 A5
0090 | 6D AD FC 4E 81 35 00 2E 3B 16 3C B6 D4 E2 84 CD
00A0 | 81 B8 5F FF AE 36 F8 23 C8 5C 48 90 E1 0B D2 9C
00B0 | 37 60 78 F0 65 D4 12 62 8A 79 6D 33 07 6C A7 ED
00C0 | 8D 9E 50 81 54 AD 21 51 16 DC 0A EE E0 F8 DD A8
00D0 | 62 0A 1B 97 08 3F C7 3D 9D CD 69 23 00 00 7D 62
00E0 | 13 7B 35 29 B6 0A 30 10 FE 29 2F 65 6F 56 59 BD
00F0 | 5A 8A 6F 5F BF B7 C5 E8 7B 5E C4 9A C4 15 92 9E
0100 | 53 76 A9 92 06 89 CF 74 15 F1 31 5E 37 91 0C 61
0110 | B8 82 7B 85 C8 B0 CE C4 F9 2C F1 68 6F 5B 1D 61
0120 | F1 1F F4 B6 2B C6 84 B0 FC A9 37 72 01 D7 02 59
0130 | 1A 5D DD 3D 98 59 99 FF 83 95 B0 E5 86 2A 4E 0B
0140 | D4 5E A1 1D 3B B1 98 09 AD B7 76 2D A9 B4 2C CE
0150 | EC 58 55 80 81 7C 7A AC 28 05 79 31 81 ED 93 F9
0160 | 8A 25 54 93 06 7A 99 6E 1B 86 52 CC 94 57 D3 04
0170 | B3 8D BB 57 09 17 06 45 7C CB AB A8 02 4C D1 9F
0180 | 3C BF 08 63 6F 5A A1 0F 75 95 BC BD F1 9F 00 76
0190 | 6D A1 A7 28 B7 9B 0C C9 72 88 1F 43 69 32 62 78
01A0 | 63 87 C3 48 1C 7A 3E 94 43 FE 6B 3F 84 A0 D8 2B
01B0 | 91 FB 1B 4A 8E FC 5A DD E6 2C 05 9B 33 1C 2B 70
01C0 | 76 AD 0B 6D AE BA 9B 46 1C C1 04 99 08 0B 6F 17
01D0 | 9A 67 39 CA 1B 10 78 B0 5E 55 51 FF 64 91 BA 77
01E0 | C7 95 26 51 82 3E 94 AB C9 D7 98 87 3E A6 A3 FF
01F0 | 36 33 41 52 35 5B AD 9C 3F 4F 64 7A 8D 6B 3B 12
0200 | 78 B2 5A 1E 55 03 9A AC 7D 13 F7 66 8D 37 C7 D1
0210 | 26 7B 8F 57 EE B0 E5 30 CD 98 8E AF 38 8A 8A FE
0220 | 66 71 BA AC 58 68 CC CC 49 F1 E2 B6 CC DE AC 78
0230 | 2D E4 B3 02 F5 63 D8 D5 02 13 8A C4 79 6B E0 69
0240 | 67 3F 07 4A 63 0C 37 60 82 2E AE 32 18 8A 4D B0
0250 | 49 53 27 6A BF 1C 01 04 35 32 F7 94 0B FB 3A 80
0260 | 09 89 9D 83 C6 08 2B 45 93 AD FC BE FC 9D 43 EC
0270 | 72 E8 70 FB 27 48 25 C0 86 ED 18 DA 56 E3 28 AC
0280 | 18 A7 99 A2 7D 11 91 91 6D 32 93 5E

Payload (de)serialization:

server_DH_params_ok#d0e8075c nonce:int128 server_nonce:int128 encrypted_answer:string = Server_DH_Params;

Decrypt encrypted_answer using the reverse of the process specified in step 6:

encrypted_answer = 749BCF14DF1B5E04486BC87CF2C3DFB95518BEBD4C7951707BA0A6F63963F28DDC549807A5A53458A27880DF817DCD5ED0B15DE053AEB17465D48D3CDB595DB0193B685B7CC4CDA712A30FDE450A3BEE794C25A56DADFC4E8135002E3B163CB6D4E284CD81B85FFFAE36F823C85C4890E10BD29C376078F065D412628A796D33076CA7ED8D9E508154AD215116DC0AEEE0F8DDA8620A1B97083FC73D9DCD692300007D62137B3529B60A3010FE292F656F5659BD5A8A6F5FBFB7C5E87B5EC49AC415929E5376A9920689CF7415F1315E37910C61B8827B85C8B0CEC4F92CF1686F5B1D61F11FF4B62BC684B0FCA9377201D702591A5DDD3D985999FF8395B0E5862A4E0BD45EA11D3BB19809ADB7762DA9B42CCEEC585580817C7AAC2805793181ED93F98A255493067A996E1B8652CC9457D304B38DBB57091706457CCBABA8024CD19F3CBF08636F5AA10F7595BCBDF19F00766DA1A728B79B0CC972881F43693262786387C3481C7A3E9443FE6B3F84A0D82B91FB1B4A8EFC5ADDE62C059B331C2B7076AD0B6DAEBA9B461CC10499080B6F179A6739CA1B1078B05E5551FF6491BA77C7952651823E94ABC9D798873EA6A3FF36334152355BAD9C3F4F647A8D6B3B1278B25A1E55039AAC7D13F7668D37C7D1267B8F57EEB0E530CD988EAF388A8AFE6671BAAC5868CCCC49F1E2B6CCDEAC782DE4B302F563D8D502138AC4796BE069673F074A630C3760822EAE32188A4DB04953276ABF1C01043532F7940BFB3A8009899D83C6082B4593ADFCBEFC9D43EC72E870FB274825C086ED18DA56E328AC18A799A27D1191916D32935E
tmp_aes_key = 9333E9C1A4D052D6E254C61EE084551FE337FFA3FD8A9AD81F895AF8FA68F479
tmp_aes_iv = 5C4B7DD3BA2672AFF3049EAE8F52ACBF45BEB8FE5DB9C295582E39C7E63EAA9B

Yielding:

answer_with_hash = 9AF8C9FCDB5B26FE38FFCD4FC2BC4A89CF856EB0BA0D89B5F3B2EADDCA9E5E9E63E0074AE068F78FE99846740798776B6C44B5599B3A593A03000000FE000100C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5BFE0001007E86AFBDBFD1D0D45BA24D9B122F6B99234955716839151D90F5254356BC45B831C354906222924D6B83DABEFE4C14A232D6C7D4A7770EF8C1AE34A042EC7BDF28C6E6BB953C0EC52D1F54A18C936D54F7E03029B319B4696C064CA81D59F4260D3BDB4930AC393E126BA1010BC4A6F9E6B0B25894141960278DDBA4294135F1C3BAF856631CB75E4FB961D0DBA7D852AB7549C2B5AAE4AEA0EE976E759D91413BDF37E5AB1C9A86F1546247877EC650F0F746D5B3B0A3CE43472A569AD8B1C0641CD2433C19C0CD7E01556F5AA8912B1D7349F3364453874FB9AAA096B3166C0BDA0E16733FEECA7085A60DBB5238C8BE90A80CAFB5025A9D3985489AB1CA5BA7E1B169795E5A9EFA4D2691
answer = BA0D89B5F3B2EADDCA9E5E9E63E0074AE068F78FE99846740798776B6C44B5599B3A593A03000000FE000100C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5BFE0001007E86AFBDBFD1D0D45BA24D9B122F6B99234955716839151D90F5254356BC45B831C354906222924D6B83DABEFE4C14A232D6C7D4A7770EF8C1AE34A042EC7BDF28C6E6BB953C0EC52D1F54A18C936D54F7E03029B319B4696C064CA81D59F4260D3BDB4930AC393E126BA1010BC4A6F9E6B0B25894141960278DDBA4294135F1C3BAF856631CB75E4FB961D0DBA7D852AB7549C2B5AAE4AEA0EE976E759D91413BDF37E5AB1C9A86F1546247877EC650F0F746D5B3B0A3CE43472A569AD8B1C0641CD2433C19C0CD7E01556F5AA8912B1D7349F3364453874FB9AAA096B3166C0BDA0E16733FEECA7085A60DBB5238C8BE90A80CAFB5025A9D3985489AB1CA5BA7E1B169795E5A9EFA4D2691

Generated payload (excluding transport headers/trailers):

0000 | BA 0D 89 B5 F3 B2 EA DD CA 9E 5E 9E 63 E0 07 4A
0010 | E0 68 F7 8F E9 98 46 74 07 98 77 6B 6C 44 B5 59
0020 | 9B 3A 59 3A 03 00 00 00 FE 00 01 00 C7 1C AE B9
0030 | C6 B1 C9 04 8E 6C 52 2F 70 F1 3F 73 98 0D 40 23
0040 | 8E 3E 21 C1 49 34 D0 37 56 3D 93 0F 48 19 8A 0A
0050 | A7 C1 40 58 22 94 93 D2 25 30 F4 DB FA 33 6F 6E
0060 | 0A C9 25 13 95 43 AE D4 4C CE 7C 37 20 FD 51 F6
0070 | 94 58 70 5A C6 8C D4 FE 6B 6B 13 AB DC 97 46 51
0080 | 29 69 32 84 54 F1 8F AF 8C 59 5F 64 24 77 FE 96
0090 | BB 2A 94 1D 5B CD 1D 4A C8 CC 49 88 07 08 FA 9B
00A0 | 37 8E 3C 4F 3A 90 60 BE E6 7C F9 A4 A4 A6 95 81
00B0 | 10 51 90 7E 16 27 53 B5 6B 0F 6B 41 0D BA 74 D8
00C0 | A8 4B 2A 14 B3 14 4E 0E F1 28 47 54 FD 17 ED 95
00D0 | 0D 59 65 B4 B9 DD 46 58 2D B1 17 8D 16 9C 6B C4
00E0 | 65 B0 D6 FF 9C A3 92 8F EF 5B 9A E4 E4 18 FC 15
00F0 | E8 3E BE A0 F8 7F A9 FF 5E ED 70 05 0D ED 28 49
0100 | F4 7B F9 59 D9 56 85 0C E9 29 85 1F 0D 81 15 F6
0110 | 35 B1 05 EE 2E 4E 15 D0 4B 24 54 BF 6F 4F AD F0
0120 | 34 B1 04 03 11 9C D8 E3 B9 2F CC 5B FE 00 01 00
0130 | 7E 86 AF BD BF D1 D0 D4 5B A2 4D 9B 12 2F 6B 99
0140 | 23 49 55 71 68 39 15 1D 90 F5 25 43 56 BC 45 B8
0150 | 31 C3 54 90 62 22 92 4D 6B 83 DA BE FE 4C 14 A2
0160 | 32 D6 C7 D4 A7 77 0E F8 C1 AE 34 A0 42 EC 7B DF
0170 | 28 C6 E6 BB 95 3C 0E C5 2D 1F 54 A1 8C 93 6D 54
0180 | F7 E0 30 29 B3 19 B4 69 6C 06 4C A8 1D 59 F4 26
0190 | 0D 3B DB 49 30 AC 39 3E 12 6B A1 01 0B C4 A6 F9
01A0 | E6 B0 B2 58 94 14 19 60 27 8D DB A4 29 41 35 F1
01B0 | C3 BA F8 56 63 1C B7 5E 4F B9 61 D0 DB A7 D8 52
01C0 | AB 75 49 C2 B5 AA E4 AE A0 EE 97 6E 75 9D 91 41
01D0 | 3B DF 37 E5 AB 1C 9A 86 F1 54 62 47 87 7E C6 50
01E0 | F0 F7 46 D5 B3 B0 A3 CE 43 47 2A 56 9A D8 B1 C0
01F0 | 64 1C D2 43 3C 19 C0 CD 7E 01 55 6F 5A A8 91 2B
0200 | 1D 73 49 F3 36 44 53 87 4F B9 AA A0 96 B3 16 6C
0210 | 0B DA 0E 16 73 3F EE CA 70 85 A6 0D BB 52 38 C8
0220 | BE 90 A8 0C AF B5 02 5A 9D 39 85 48 9A B1 CA 5B
0230 | A7 E1 B1 69

Payload (de)serialization:

server_DH_inner_data#b5890dba nonce:int128 server_nonce:int128 g:int dh_prime:string g_a:string server_time:int = Server_DH_inner_data;

7) Client computes random 2048-bit number b (using a sufficient amount of entropy) and sends the server a message

First, generate a secure random 2048-bit number b:

b = BF497DF7DBD1375009B430BA42F241B03A2822D8D31A8D20DE03291ED1CF346B16E7027209CC938C2BDE9F6F13A11D5B94B800CE0543EF94003303FEE7FCEE5554229FB5FD5022111095DE17D7C642914A41D486338EC3C4559AEDDD17DB01D9271933CCBDFDCBB1E3960152E956C9F2656C2E481BEA846094A38A3F71A9B65C5AE699A8D9367CBC8975C71CF72ABBC590CEAEE936C8AE4F2EA3648AB763267B087499F1CD95082008BB4E3C23DA6A6392F65DFED2599BC2ECD1B09AD9B385D137EC38CD71E7CEE3A0B526C3CA15F2D89887CC2CC0D16BCE305DD4CF39B922B7D7E6FF4D96FB9596E3749D0D75B0860FE3BCBACB07D4AA37C316C0E9524DB9C6

Then compute g_b = pow(g, b) mod dh_prime

g_b = 6A9BBFE8574B5E681162C7EAE8338BEDF937765F96F6CB3DB22FAD5EF2E273C0656C5F4A143C8E456CF9E674734418D0A35607AE6E9F78842D951A9A74631349A7BC1843E386A7565851692031FE511D1B10CB20286E96470B4FEEBFB2E987B7148B8FCD6FE7FE3B2C9E6D915BC781D2C5459CA854A839400C9FA9BDBFA3192B9A3671D5BB1E85176B933CDF8C78B28729B0FF0600E9C64534D08F657279B0A50ADB83D65C51C571939F92A21DE5F19FC9572AAA11E80D81E8A3994F0B02E9ADEBF4C6A3EE45683B08EE18EE64315776FF46661E558F7483680B2B090215BC21E81890FFFE1D6BC7A38BAA17F8F7D8B9CF12536B88D51945E20304C754DFCDBF

7.1) generation of encrypted_data

Generated payload (excluding transport headers/trailers):

0000 | 54 B6 43 66 F3 B2 EA DD CA 9E 5E 9E 63 E0 07 4A
0010 | E0 68 F7 8F E9 98 46 74 07 98 77 6B 6C 44 B5 59
0020 | 9B 3A 59 3A 00 00 00 00 00 00 00 00 FE 00 01 00
0030 | 6A 9B BF E8 57 4B 5E 68 11 62 C7 EA E8 33 8B ED
0040 | F9 37 76 5F 96 F6 CB 3D B2 2F AD 5E F2 E2 73 C0
0050 | 65 6C 5F 4A 14 3C 8E 45 6C F9 E6 74 73 44 18 D0
0060 | A3 56 07 AE 6E 9F 78 84 2D 95 1A 9A 74 63 13 49
0070 | A7 BC 18 43 E3 86 A7 56 58 51 69 20 31 FE 51 1D
0080 | 1B 10 CB 20 28 6E 96 47 0B 4F EE BF B2 E9 87 B7
0090 | 14 8B 8F CD 6F E7 FE 3B 2C 9E 6D 91 5B C7 81 D2
00A0 | C5 45 9C A8 54 A8 39 40 0C 9F A9 BD BF A3 19 2B
00B0 | 9A 36 71 D5 BB 1E 85 17 6B 93 3C DF 8C 78 B2 87
00C0 | 29 B0 FF 06 00 E9 C6 45 34 D0 8F 65 72 79 B0 A5
00D0 | 0A DB 83 D6 5C 51 C5 71 93 9F 92 A2 1D E5 F1 9F
00E0 | C9 57 2A AA 11 E8 0D 81 E8 A3 99 4F 0B 02 E9 AD
00F0 | EB F4 C6 A3 EE 45 68 3B 08 EE 18 EE 64 31 57 76
0100 | FF 46 66 1E 55 8F 74 83 68 0B 2B 09 02 15 BC 21
0110 | E8 18 90 FF FE 1D 6B C7 A3 8B AA 17 F8 F7 D8 B9
0120 | CF 12 53 6B 88 D5 19 45 E2 03 04 C7 54 DF CD BF

Payload (de)serialization:

client_DH_inner_data#6643b654 nonce:int128 server_nonce:int128 retry_id:long g_b:string = Client_DH_Inner_Data;

The serialization of Client_DH_Inner_Data produces a string data. This is used to generate encrypted_data as specified in step 6, using the following inputs:

data = 54B64366F3B2EADDCA9E5E9E63E0074AE068F78FE99846740798776B6C44B5599B3A593A0000000000000000FE0001006A9BBFE8574B5E681162C7EAE8338BEDF937765F96F6CB3DB22FAD5EF2E273C0656C5F4A143C8E456CF9E674734418D0A35607AE6E9F78842D951A9A74631349A7BC1843E386A7565851692031FE511D1B10CB20286E96470B4FEEBFB2E987B7148B8FCD6FE7FE3B2C9E6D915BC781D2C5459CA854A839400C9FA9BDBFA3192B9A3671D5BB1E85176B933CDF8C78B28729B0FF0600E9C64534D08F657279B0A50ADB83D65C51C571939F92A21DE5F19FC9572AAA11E80D81E8A3994F0B02E9ADEBF4C6A3EE45683B08EE18EE64315776FF46661E558F7483680B2B090215BC21E81890FFFE1D6BC7A38BAA17F8F7D8B9CF12536B88D51945E20304C754DFCDBF
padding = FAC1C95359BEFC17E1DAB497
tmp_aes_key = 9333E9C1A4D052D6E254C61EE084551FE337FFA3FD8A9AD81F895AF8FA68F479
tmp_aes_iv = 5C4B7DD3BA2672AFF3049EAE8F52ACBF45BEB8FE5DB9C295582E39C7E63EAA9B

Process:

data_with_hash := SHA1(data) + data + padding (0-15 random bytes such that total length is divisible by 16)
encrypted_data := AES256_ige_encrypt (data_with_hash, tmp_aes_key, tmp_aes_iv);

Output:

encrypted_data = 4DDDC2363AFCD360E0E9F19ECFC9F5FCA2C7496058B6D4DBDC17365FAF0BDAB6E9E91C99242DB8513C8C420369B3304C0737D858F8C62B58BB8D4427ACAFF01AEF9E8333C87645B28847D9AD5CFD8CC4F1267D1430A592DEAAA9963D19C2C19929FA58EA3A502013B6B5FAEA8D1D29503A7F7673D7E5721FDE5699A41372C198B0DFAE4AC83C787EF3759C8D96D62050B2744DA3CB63D83910857728BD9D1F794947F6F46F9AE157D6857377BC55EC8C709AF77791638C293CAABD8ABCEA511E7E79CF2D0386B4FA863DCDED05D4C0DF713F57E4C2460373B6C8A63BA524AD9CE5BDCC15376EEE6A7F2D4D255E1DCF04CDA51FC61BED5C599136B922E64670E51FAF26A504B6B5B5CCEBCBB29517979D34848052C507BD1391DBC0CD0CC804E6E7973A5ECFD3CDEEECC1A3C25A9AFEFCD143082F992BE6506F3732F82A7D4DA1344C37A405447C55D58B25DC7E283040

The length of the final string is 336 bytes.

7.2) set_client_DH_params query

Sent payload (excluding transport headers/trailers):

0000 | 00 00 00 00 00 00 00 00 64 D5 07 00 A7 E1 B1 69
0010 | 78 01 00 00 1F 5F 04 F5 F3 B2 EA DD CA 9E 5E 9E
0020 | 63 E0 07 4A E0 68 F7 8F E9 98 46 74 07 98 77 6B
0030 | 6C 44 B5 59 9B 3A 59 3A FE 50 01 00 4D DD C2 36
0040 | 3A FC D3 60 E0 E9 F1 9E CF C9 F5 FC A2 C7 49 60
0050 | 58 B6 D4 DB DC 17 36 5F AF 0B DA B6 E9 E9 1C 99
0060 | 24 2D B8 51 3C 8C 42 03 69 B3 30 4C 07 37 D8 58
0070 | F8 C6 2B 58 BB 8D 44 27 AC AF F0 1A EF 9E 83 33
0080 | C8 76 45 B2 88 47 D9 AD 5C FD 8C C4 F1 26 7D 14
0090 | 30 A5 92 DE AA A9 96 3D 19 C2 C1 99 29 FA 58 EA
00A0 | 3A 50 20 13 B6 B5 FA EA 8D 1D 29 50 3A 7F 76 73
00B0 | D7 E5 72 1F DE 56 99 A4 13 72 C1 98 B0 DF AE 4A
00C0 | C8 3C 78 7E F3 75 9C 8D 96 D6 20 50 B2 74 4D A3
00D0 | CB 63 D8 39 10 85 77 28 BD 9D 1F 79 49 47 F6 F4
00E0 | 6F 9A E1 57 D6 85 73 77 BC 55 EC 8C 70 9A F7 77
00F0 | 91 63 8C 29 3C AA BD 8A BC EA 51 1E 7E 79 CF 2D
0100 | 03 86 B4 FA 86 3D CD ED 05 D4 C0 DF 71 3F 57 E4
0110 | C2 46 03 73 B6 C8 A6 3B A5 24 AD 9C E5 BD CC 15
0120 | 37 6E EE 6A 7F 2D 4D 25 5E 1D CF 04 CD A5 1F C6
0130 | 1B ED 5C 59 91 36 B9 22 E6 46 70 E5 1F AF 26 A5
0140 | 04 B6 B5 B5 CC EB CB B2 95 17 97 9D 34 84 80 52
0150 | C5 07 BD 13 91 DB C0 CD 0C C8 04 E6 E7 97 3A 5E
0160 | CF D3 CD EE EC C1 A3 C2 5A 9A FE FC D1 43 08 2F
0170 | 99 2B E6 50 6F 37 32 F8 2A 7D 4D A1 34 4C 37 A4
0180 | 05 44 7C 55 D5 8B 25 DC 7E 28 30 40

Payload (de)serialization:

set_client_DH_params#f5045f1f nonce:int128 server_nonce:int128 encrypted_data:string = Set_client_DH_params_answer;

8) Auth key generation

The client computes the auth_key using formula g_a^b mod dh_prime:

auth_key = 912F6FE1E8966E34D5F9275D4C9C0D9D552A0F0BB15F4E5C921AD4F21D62433F49FE97235666F19670E6D2D49076F0F6CCF850020B985CC1880518E1545DF6BB265F7CD4B6E1EA1F661013319598C7343967B18C6937C39EA6DED1A0627FBB9B22750FA33E12527A87752B474E5632443D7391B04525812B544F7D75BA350085DD97C30B8CE2494C85C69167BB2DC18CA0B5B308302F933D17AD7F2BBE38712E7A8DC35E82D755C78147AF850917D060E9816ECCF185241407B637D529ACF73B1BEAB9AA2406D4EBC6CC0D4B0FD4F604ED77FB7488A3C6E6B8BC3562AC5022BB58B2F165F32CF58503CF97F1750422B934BDCC8541F36B1887DC73F7D3DD3BE0

9) Final server reply

The server verifies and confirms that auth_key_hash is unique: since it's unique, it replies with the following:

Received payload (excluding transport headers/trailers):

0000 | 00 00 00 00 00 00 00 00 01 CC 9E AB A8 E1 B1 69
0010 | 34 00 00 00 34 F7 CB 3B F3 B2 EA DD CA 9E 5E 9E
0020 | 63 E0 07 4A E0 68 F7 8F E9 98 46 74 07 98 77 6B
0030 | 6C 44 B5 59 9B 3A 59 3A C7 96 24 39 70 84 35 3F
0040 | 21 BF D7 DD B0 1E D6 9E

Payload (de)serialization:

dh_gen_ok#3bcbf734 nonce:int128 server_nonce:int128 new_nonce_hash1:int128 = Set_client_DH_params_answer;