tgcrypt_encryption

package
v0.9.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 20, 2024 License: MIT Imports: 16 Imported by: 0

Documentation

Overview

Generate init packet

Index

Constants

View Source
const (
	MiddleSecretUrl = "https://core.telegram.org/getProxySecret"
	MiddleConfigIp4 = "https://core.telegram.org/getProxyConfig"
	MiddleConfigIp6 = "https://core.telegram.org/getProxyConfigV6"
)
View Source
const (
	FlagNotEncrypted uint32 = 0x02
	FlagHasAdTag     uint32 = 0x8
	FlagMagic        uint32 = 0x1000
	FlagExtNode2     uint32 = 0x20000
	FlagPad          uint32 = 0x8000000
	FlagIntermediate uint32 = 0x20000000
	FlagAbbridged    uint32 = 0x40000000
	FlagQuickAck     uint32 = 0x80000000
)
View Source
const (
	Abridged     = 0xef
	Intermediate = 0xee //0xeeeeeeee
	Padded       = 0xdd //0xdddddddd
	Full         = 0
)
View Source
const AddTagLength = 16
View Source
const DcMaxIdx = int16(5)
View Source
const FakeTlsHandshakeLen = 1 + 2 + 2 + 512 // handshake version payload_length payload
View Source
const MaxPayloadSize = 1024 * 1024 // 131200
View Source
const NonceSize = 64
View Source
const RpcNonceLen = 16

Variables

View Source
var (
	RpcNonceTag     = [4]byte{0xaa, 0x87, 0xcb, 0x7a}
	RpcCryptoAesTag = [4]byte{0x01, 0, 0, 0}
	RpcHandShakeTag = [4]byte{0xf5, 0xee, 0x82, 0x76}
	RpcProxyAnsTag  = [4]byte{0x0d, 0xda, 0x03, 0x44}
	RpcCloseExtTag  = [4]byte{0xa2, 0x34, 0xb6, 0x5e}
	RpcSimpleAckTag = [4]byte{0x9b, 0x40, 0xac, 0x3b}
	RpcUnknown      = [4]byte{0xdf, 0xa2, 0x30, 0x57}
	RpcProxyReqTag  = [4]byte{0xee, 0xf1, 0xce, 0x36}
	ProxyTag        = [4]byte{0xae, 0x26, 0x1e, 0xdb}
	ExtraSize       = [4]byte{0x18, 0x00, 0x00, 0x00}
	PaddingFiller   = [4]byte{0x4, 0, 0, 0}
)
View Source
var DcIp4 = maplist.MapList[int16, string]{
	Data: map[int16][]string{
		1: {"149.154.175.50:443"},
		2: {"149.154.167.51:443", "95.161.76.100:443"},
		3: {"149.154.175.100:443"},
		4: {"149.154.167.91:443"},
		5: {"149.154.171.5:443"},
	},
}
View Source
var DcIp6 = maplist.MapList[int16, string]{
	Data: map[int16][]string{
		1: {"[2001:b28:f23d:f001::a]:443"},
		2: {"[2001:67c:04e8:f002::a]:443"},
		3: {"[2001:b28:f23d:f003::a]:443"},
		4: {"[2001:67c:04e8:f004::a]:443"},
		5: {"[2001:b28:f23f:f005::a]:443"},
	},
}
View Source
var ErrInvalidDigestError = errors.New("invalid client digest")
View Source
var FakeTlsHeader = [...]byte{
	0x16,
	0x03,
	0x01,
	0x02,
	0x00,
	0x01,
	0x00,
	0x01,
	0xfc,
	0x03,
	0x03}
View Source
var WrongNonceStarters = [...][]byte{
	{0xef},
	{0x48, 0x45, 0x41, 0x44},
	{0x50, 0x4f, 0x53, 0x54},
	{0x47, 0x45, 0x54, 0x20},
	{0x4f, 0x50, 0x54, 0x49},
	{0x16, 0x03, 0x01, 0x02},
	{0xdd, 0xdd, 0xdd, 0xdd},
	{0xee, 0xee, 0xee, 0xee},
}

Functions

func GetDcAddr added in v0.9.9

func GetDcAddr(dc int16) (ipv4, ipv6 string, err error)

func IsWrongNonce

func IsWrongNonce(nonce Nonce) bool

Check if nonce is correct. Usefull for clients validation

Types

type DcCtx

type DcCtx struct {
	// Nonce is generated for this-dc connection
	Nonce    Nonce
	Protocol uint8
	// contains filtered or unexported fields
}

Context for obfuscation this-DC connection

func DcCtxNew

func DcCtxNew(dc int16, protocol byte) (c *DcCtx)

func (*DcCtx) DecryptNext

func (c *DcCtx) DecryptNext(buf []byte)

func (*DcCtx) EncryptNext

func (c *DcCtx) EncryptNext(buf []byte)

type ErrInvalidProtocol added in v0.9.9

type ErrInvalidProtocol struct {
	// contains filtered or unexported fields
}

func (ErrInvalidProtocol) Error added in v0.9.9

func (ip ErrInvalidProtocol) Error() string

type ErrInvalidProtocolFields added in v0.9.9

type ErrInvalidProtocolFields struct {
	// contains filtered or unexported fields
}

func (ErrInvalidProtocolFields) Error added in v0.9.9

func (ipf ErrInvalidProtocolFields) Error() string

type ErrSecretLength added in v0.9.9

type ErrSecretLength struct {
	// contains filtered or unexported fields
}

func (ErrSecretLength) Error added in v0.9.9

func (e ErrSecretLength) Error() string

type FakeTlsCtx

type FakeTlsCtx struct {
	Header    FakeTlsHandshake
	Digest    [32]byte
	Timestamp uint32
	Secret    *Secret
}

func FakeTlsCtxFromTlsHeader

func FakeTlsCtxFromTlsHeader(header FakeTlsHandshake, secret *Secret) (c *FakeTlsCtx, err error)

Checks handshake bytes against user secret (does not check timestamp) Return client-this faketls context in case os success.

type FakeTlsHandshake

type FakeTlsHandshake = [FakeTlsHandshakeLen]byte

FakeTlsHandshake is a set of bytes client supposed to send for initiate faketls connection.

type MiddleCtx

type MiddleCtx struct {
	CliNonce RpcNonce
	AdTag    []byte
	Out      netip.AddrPort
	MP       netip.AddrPort
	Obf      *MpCtx
}

this-middle_proxy encryption context

func NewMiddleCtx

func NewMiddleCtx(
	ipOut netip.AddrPort,
	ipMP netip.AddrPort,
	adTag []byte,
) (m *MiddleCtx)

func (*MiddleCtx) BlockSize

func (m *MiddleCtx) BlockSize() int

func (*MiddleCtx) DecryptBlock

func (m *MiddleCtx) DecryptBlock(buf []byte)

func (*MiddleCtx) EncryptBlock

func (m *MiddleCtx) EncryptBlock(buf []byte)

func (*MiddleCtx) SetObf

func (m *MiddleCtx) SetObf(
	MpNonce, CliTimestamp, MpSecret []byte,
)

initialize obfuscator for MiddleCtx MpNonce is usualu received from middleproxy upo connection CliTimestamp measured upon connection MpSecret usualy received from MiddleSecretUrl

type MpCtx

type MpCtx struct {
	// contains filtered or unexported fields
}

Set of block ciphers for this-middle_proxy connection

func (*MpCtx) BlockSize

func (m *MpCtx) BlockSize() int

func (*MpCtx) DecryptBlocks

func (m *MpCtx) DecryptBlocks(buf []byte)

func (*MpCtx) EncryptBlocks

func (m *MpCtx) EncryptBlocks(buf []byte)

type Nonce

type Nonce [NonceSize]byte

nonce is a set of bytes, received when initiating encrypted connection

type ObfCtx

type ObfCtx struct {
	// Nonce received from client
	Nonce Nonce
	// Secret from config
	Secret   *Secret
	Protocol uint8
	Dc       int16
	Random   [2]byte
	// contains filtered or unexported fields
}

Context for client-This obfuscation

func ObfCtxFromNonce

func ObfCtxFromNonce(header Nonce, secret *Secret) (c *ObfCtx, err error)

Generate client-this encryption context

func (*ObfCtx) DecryptNext

func (c *ObfCtx) DecryptNext(buf []byte)

func (*ObfCtx) EncryptNext

func (c *ObfCtx) EncryptNext(buf []byte)

type Obfuscator

type Obfuscator interface {
	// decrypt supposedly received bytes in buffer and advance decryption context
	DecryptNext(buf []byte)
	// encrypt supposedly send bytes in buffer and advance encryption context
	EncryptNext(buf []byte)
}

Common interface that supports encryption and decryption of obfuscated messages.

type RpcNonce

type RpcNonce [RpcNonceLen]byte

type Secret

type Secret struct {
	RawSecret []byte
	Type      SecretType
	Tag       byte
	Fakehost  string
}

func NewSecret

func NewSecret(secret []byte) (*Secret, error)

Generate secret from byte array

func NewSecretHex

func NewSecretHex(secret string) (*Secret, error)

Generate secret from hex string

type SecretType

type SecretType int
const (
	Simple  SecretType = 1
	Secured SecretType = 2
	FakeTLS SecretType = 3
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL