layer-crypto 0.4.7

Cryptographic primitives for Telegram MTProto: AES-IGE, RSA, SHA-1/256, auth key derivation
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109

# layer-crypto

Cryptographic primitives for the Telegram MTProto 2.0 protocol.

[![Crates.io](https://img.shields.io/crates/v/layer-crypto?color=fc8d62)](https://crates.io/crates/layer-crypto)
[![docs.rs](https://img.shields.io/badge/docs.rs-layer--crypto-5865F2)](https://docs.rs/layer-crypto)
[![License: MIT OR Apache-2.0](https://img.shields.io/badge/license-MIT%20OR%20Apache--2.0-blue.svg)](#license)

Implements AES-IGE, RSA, SHA-1/256, Diffie-Hellman, PQ factorization, auth key derivation, and transport obfuscation. All algorithms are written from scratch to match Telegram's specification.

---

## Installation

```toml
[dependencies]
layer-crypto = "0.4.7"
```

---

## Modules

### AES-IGE

MTProto uses AES-IGE mode, not available in standard crypto libraries. Used by `layer-mtproto` to encrypt and decrypt every MTProto message.

```rust
use layer_crypto::aes::{ige_encrypt, ige_decrypt};

// key: 32 bytes, iv: 32 bytes
let ciphertext = ige_encrypt(&plaintext, &key, &iv);
let recovered  = ige_decrypt(&ciphertext, &key, &iv);
```

### RSA

Encrypts `p_q_inner_data` with Telegram's server public key during the DH handshake. Uses `num-bigint` for modular exponentiation.

```rust
use layer_crypto::rsa::encrypt;
let encrypted = encrypt(&data, &public_key_modulus, &public_key_exponent);
```

### SHA

```rust
use layer_crypto::sha::{sha1, sha256};

let hash1 = sha1(&data);   // [u8; 20]
let hash2 = sha256(&data); // [u8; 32]
```

SHA-1 is used in auth key derivation and older `msg_key` paths. SHA-256 is used in MTProto 2.0 `msg_key` derivation.

### PQ Factorization

The server sends a product `pq` during DH Step 1 that the client must factor. Uses Pollard's rho algorithm, O(n^1/4) expected time.

```rust
use layer_crypto::factorize::factorize;

let (p, q) = factorize(0x17ED48941A08F981_u64);
// p * q == pq, p < q, both prime
```

### Auth Key Derivation

After DH exchange, the raw shared secret is expanded into the 2048-bit auth key using Telegram's SHA-1-based KDF. Runs inside `layer-mtproto`'s `authentication::finish()`.

### Diffie-Hellman

`g^a mod p` and `g^(ab) mod p` computed via `num-bigint`. Parameters received from the server are validated before use.

### Transport Obfuscation

`ObfuscatedCodec` XOR-encrypts all bytes over the TCP connection to resist protocol fingerprinting.

```rust
use layer_crypto::obfuscated::ObfuscatedCodec;

let (codec, init_bytes) = ObfuscatedCodec::new()?;
// Send init_bytes to server first, then use codec for all subsequent I/O
```

---

## Stack position

```
layer-client
└ layer-mtproto
  ├ layer-tl-types
  └ layer-crypto  <-- here
```

---

## Note

This crate is purpose-built for MTProto. For general-purpose Rust crypto, use [RustCrypto](https://github.com/RustCrypto).

---

## License

MIT or Apache-2.0, at your option. See [LICENSE-MIT](../LICENSE-MIT) and [LICENSE-APACHE](../LICENSE-APACHE).

**Ankit Chaubey** - [github.com/ankit-chaubey](https://github.com/ankit-chaubey)