Skip to content

ferogram-crypto

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History
 
 

ferogram-crypto

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
src
src
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 

README.md

ferogram-crypto

Cryptographic primitives for the Telegram MTProto 2.0 protocol.

Crates.io Telegram Channel docs.rs License: MIT OR Apache-2.0

Implements AES-IGE, RSA, SHA-1/256, Diffie-Hellman, PQ factorization, auth key derivation, and transport obfuscation. All algorithms are written from scratch to match Telegram's specification.

Installation

[dependencies]
ferogram-crypto = "0.3.0"

Modules

AES-IGE

MTProto uses AES-IGE mode, not available in standard crypto libraries. Used by ferogram-mtproto to encrypt and decrypt every MTProto message.

use ferogram_crypto::aes::{ige_encrypt, ige_decrypt};

// key: 32 bytes, iv: 32 bytes
let ciphertext = ige_encrypt(&plaintext, &key, &iv);
let recovered  = ige_decrypt(&ciphertext, &key, &iv);

RSA

Encrypts p_q_inner_data with Telegram's server public key during the DH handshake. Uses num-bigint for modular exponentiation.

use ferogram_crypto::rsa::encrypt;
let encrypted = encrypt(&data, &public_key_modulus, &public_key_exponent);

SHA

use ferogram_crypto::sha::{sha1, sha256};

let hash1 = sha1(&data);   // [u8; 20]
let hash2 = sha256(&data); // [u8; 32]

SHA-1 is used in auth key derivation and older msg_key paths. SHA-256 is used in MTProto 2.0 msg_key derivation.

PQ Factorization

The server sends a product pq during DH Step 1 that the client must factor. Uses Pollard's rho algorithm, O(n^1/4) expected time.

use ferogram_crypto::factorize::factorize;

let (p, q) = factorize(0x17ED48941A08F981_u64);
// p * q == pq, p < q, both prime

Auth Key Derivation

After DH exchange, the raw shared secret is expanded into the 2048-bit auth key using Telegram's SHA-1-based KDF. Runs inside ferogram-mtproto's authentication::finish().

Diffie-Hellman

g^a mod p and g^(ab) mod p computed via num-bigint. Parameters received from the server are validated before use.

Transport Obfuscation

ObfuscatedCodec XOR-encrypts all bytes over the TCP connection to resist protocol fingerprinting.

use ferogram_crypto::obfuscated::ObfuscatedCodec;

let (codec, init_bytes) = ObfuscatedCodec::new()?;
// Send init_bytes to server first, then use codec for all subsequent I/O

Stack position

ferogram
└ ferogram-mtproto
  ├ ferogram-tl-types
  └ ferogram-crypto  <-- here

Note

This crate is purpose-built for MTProto. For general-purpose Rust crypto, use RustCrypto.

License

MIT or Apache-2.0, at your option. See LICENSE-MIT and LICENSE-APACHE.

Ankit Chaubey - github.com/ankit-chaubey