layer-crypto 0.2.2

Cryptographic primitives for Telegram MTProto: AES-IGE, RSA, SHA-1/256, auth key derivation
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118

<div align="center">

# ๐Ÿ” layer-crypto

**Cryptographic primitives for the Telegram MTProto 2.0 protocol.**

[![Crates.io](https://img.shields.io/crates/v/layer-crypto?color=fc8d62)](https://crates.io/crates/layer-crypto)
[![License: MIT OR Apache-2.0](https://img.shields.io/badge/license-MIT%20OR%20Apache--2.0-blue.svg)](#license)
[![Rust](https://img.shields.io/badge/rust-2024_edition-f74c00)](https://www.rust-lang.org/)

*AES-IGE, RSA, SHA, DH โ€” everything MTProto needs to secure a connection.*

</div>

---

## ๐Ÿ“ฆ Installation

```toml
[dependencies]
layer-crypto = "0.1.1"
```

---

## โœจ What It Does

`layer-crypto` implements all the cryptographic operations required by the Telegram MTProto 2.0 protocol โ€” from the initial RSA-encrypted DH handshake all the way to the per-message AES-IGE encryption. Every algorithm here is implemented from scratch to match Telegram's exact specification.

---

## ๐Ÿ”ง What's Inside

### AES-IGE (`aes.rs`)

MTProto uses **AES-IGE** (Infinite Garble Extension) mode โ€” not a standard mode you'll find in most crypto libraries. Implemented from scratch.

```rust
use layer_crypto::aes::{ige_encrypt, ige_decrypt};

// key: 32 bytes, iv: 32 bytes
let ciphertext = ige_encrypt(&plaintext, &key, &iv);
let plaintext  = ige_decrypt(&ciphertext, &key, &iv);
```

### RSA (`rsa.rs`)

Used during the DH handshake to encrypt the `p_q_inner_data` with Telegram's server public key.

```rust
use layer_crypto::rsa::encrypt;

let encrypted = encrypt(&data, &public_key_modulus, &public_key_exponent);
```

### SHA (`sha.rs`)

Both SHA-1 (used in auth key derivation and older message signatures) and SHA-256 (used in MTProto 2.0 `msg_key` derivation).

```rust
use layer_crypto::sha::{sha1, sha256};

let hash1 = sha1(&data);
let hash2 = sha256(&data);
```

### Auth Key Derivation

After the DH key exchange, the raw shared secret `g^(a*b) mod p` is expanded into the 2048-bit auth key using a specific SHA-1-based KDF defined by Telegram.

### PQ Factorization (`factorize.rs`)

During `step1` of the handshake, the server sends a `pq` value that the client must factor into `p` and `q`. Uses **Pollard's rho algorithm** for fast factorization.

```rust
use layer_crypto::factorize::factorize;

let (p, q) = factorize(pq);
```

### Diffie-Hellman

The `g^a mod p` and shared secret computations use big-integer arithmetic via `num-bigint`.

---

## ๐Ÿ”’ Security Note

This library is purpose-built for the Telegram MTProto protocol. The algorithms are implemented to match Telegram's exact specification, not for general-purpose cryptographic use. If you need general crypto in Rust, use the [RustCrypto](https://github.com/RustCrypto) crates.

---

## ๐Ÿ”— Part of the layer stack

```
layer-client
โ””โ”€โ”€ layer-mtproto
    โ”œโ”€โ”€ layer-tl-types
    โ””โ”€โ”€ layer-crypto    โ† you are here
```

---

## ๐Ÿ“„ License

Licensed under either of, at your option:

- **MIT License** โ€” see [LICENSE-MIT](../LICENSE-MIT)
- **Apache License, Version 2.0** โ€” see [LICENSE-APACHE](../LICENSE-APACHE)

---

## ๐Ÿ‘ค Author

**Ankit Chaubey**
[github.com/ankit-chaubey](https://github.com/ankit-chaubey) ยท [ankitchaubey.in](https://ankitchaubey.in) ยท [ankitchaubey.dev@gmail.com](mailto:ankitchaubey.dev@gmail.com)

๐Ÿ“ฆ [github.com/ankit-chaubey/layer](https://github.com/ankit-chaubey/layer)