ferogram_crypto/
aes.rs

1// Copyright (c) Ankit Chaubey <ankitchaubey.dev@gmail.com>
2// SPDX-License-Identifier: MIT OR Apache-2.0
3//
4// ferogram: async Telegram MTProto client in Rust
5// https://github.com/ankit-chaubey/ferogram
6//
7// If you use or modify this code, keep this notice at the top of your file
8// and include the LICENSE-MIT or LICENSE-APACHE file from this repository:
9// https://github.com/ankit-chaubey/ferogram
10
11#![allow(deprecated)]
12
13use aes::Aes256;
14use aes::cipher::generic_array::GenericArray;
15use aes::cipher::{BlockDecrypt, BlockEncrypt, KeyInit};
16
17/// Encrypt `buffer` in-place with AES-256-IGE.
18/// `buffer.len()` must be a multiple of 16.
19pub fn ige_encrypt(buffer: &mut [u8], key: &[u8; 32], iv: &[u8; 32]) {
20    assert_eq!(buffer.len() % 16, 0);
21    let cipher = Aes256::new(GenericArray::from_slice(key));
22
23    let mut iv1: [u8; 16] = iv[..16].try_into().unwrap();
24    let mut iv2: [u8; 16] = iv[16..].try_into().unwrap();
25    let mut next_iv2 = [0u8; 16];
26
27    for block in buffer.chunks_mut(16) {
28        next_iv2.copy_from_slice(block);
29        for i in 0..16 {
30            block[i] ^= iv1[i];
31        }
32        cipher.encrypt_block(GenericArray::from_mut_slice(block));
33        for i in 0..16 {
34            block[i] ^= iv2[i];
35        }
36        iv1.copy_from_slice(block);
37        std::mem::swap(&mut iv2, &mut next_iv2);
38    }
39}
40
41/// Encrypt/decrypt `buffer` in-place with AES-256-CTR (symmetric).
42/// `key` = 32 bytes, `iv` = 16 bytes (full block = counter starting value).
43pub fn ctr_crypt(buffer: &mut [u8], key: &[u8; 32], iv: &[u8; 16]) {
44    use ctr::Ctr128BE;
45    use ctr::cipher::{KeyIvInit, StreamCipher};
46    let mut cipher =
47        Ctr128BE::<Aes256>::new(GenericArray::from_slice(key), GenericArray::from_slice(iv));
48    cipher.apply_keystream(buffer);
49}
50
51/// Return the effective AES-CTR IV for a CDN chunk starting at `byte_offset`.
52/// Telegram CDN increments the counter (big-endian uint128) by `byte_offset / 16`.
53pub fn ctr_iv_at_offset(base_iv: &[u8; 16], byte_offset: u64) -> [u8; 16] {
54    let block_offset = byte_offset / 16;
55    let iv_int = u128::from_be_bytes(*base_iv);
56    iv_int.wrapping_add(block_offset as u128).to_be_bytes()
57}
58
59/// Decrypt `buffer` in-place with AES-256-IGE.
60/// `buffer.len()` must be a multiple of 16.
61pub fn ige_decrypt(buffer: &mut [u8], key: &[u8; 32], iv: &[u8; 32]) {
62    assert_eq!(buffer.len() % 16, 0);
63    let cipher = Aes256::new(GenericArray::from_slice(key));
64
65    let mut iv1: [u8; 16] = iv[..16].try_into().unwrap();
66    let mut iv2: [u8; 16] = iv[16..].try_into().unwrap();
67    let mut next_iv1 = [0u8; 16];
68
69    for block in buffer.chunks_mut(16) {
70        next_iv1.copy_from_slice(block);
71        for i in 0..16 {
72            block[i] ^= iv2[i];
73        }
74        cipher.decrypt_block(GenericArray::from_mut_slice(block));
75        for i in 0..16 {
76            block[i] ^= iv1[i];
77        }
78        std::mem::swap(&mut iv1, &mut next_iv1);
79        iv2.copy_from_slice(block);
80    }
81}
ferogram_crypto/aes.rs

ferogram_crypto/
aes.rs
