layer-crypto
Cryptographic primitives for the Telegram MTProto 2.0 protocol.
Implements AES-IGE, RSA, SHA-1/256, Diffie-Hellman, PQ factorization, auth key derivation, and transport obfuscation. All algorithms are written from scratch to match Telegram's specification.
Installation
[]
= "0.4.7"
Modules
AES-IGE
MTProto uses AES-IGE mode, not available in standard crypto libraries. Used by layer-mtproto to encrypt and decrypt every MTProto message.
use ;
// key: 32 bytes, iv: 32 bytes
let ciphertext = ige_encrypt;
let recovered = ige_decrypt;
RSA
Encrypts p_q_inner_data with Telegram's server public key during the DH handshake. Uses num-bigint for modular exponentiation.
use encrypt;
let encrypted = encrypt;
SHA
use ;
let hash1 = sha1; // [u8; 20]
let hash2 = sha256; // [u8; 32]
SHA-1 is used in auth key derivation and older msg_key paths. SHA-256 is used in MTProto 2.0 msg_key derivation.
PQ Factorization
The server sends a product pq during DH Step 1 that the client must factor. Uses Pollard's rho algorithm, O(n^1/4) expected time.
use factorize;
let = factorize;
// p * q == pq, p < q, both prime
Auth Key Derivation
After DH exchange, the raw shared secret is expanded into the 2048-bit auth key using Telegram's SHA-1-based KDF. Runs inside layer-mtproto's authentication::finish().
Diffie-Hellman
g^a mod p and g^(ab) mod p computed via num-bigint. Parameters received from the server are validated before use.
Transport Obfuscation
ObfuscatedCodec XOR-encrypts all bytes over the TCP connection to resist protocol fingerprinting.
use ObfuscatedCodec;
let = new?;
// Send init_bytes to server first, then use codec for all subsequent I/O
Stack position
layer-client
└ layer-mtproto
├ layer-tl-types
└ layer-crypto <-- here
Note
This crate is purpose-built for MTProto. For general-purpose Rust crypto, use RustCrypto.
License
MIT or Apache-2.0, at your option. See LICENSE-MIT and LICENSE-APACHE.
Ankit Chaubey - github.com/ankit-chaubey