Zeroize for key + log refactor + fix tests

- Fixed tests that failed to compile due to mismatched generic parameters of HandshakeResult: - Changed `HandshakeResult<i32>` to `HandshakeResult<i32, (), ()>` - Changed `HandshakeResult::BadClient` to `HandshakeResult::BadClient { reader: (), writer: () }` - Added Zeroize for all structures holding key material: - AesCbc – key and IV are zeroized on drop - SecureRandomInner – PRNG output buffer is zeroized on drop; local key copy in constructor is zeroized immediately after being passed to the cipher - ObfuscationParams – all four key‑material fields are zeroized on drop - HandshakeSuccess – all four key‑material fields are zeroized on drop - Added protocol‑requirement documentation for legacy hashes (CodeQL suppression) in hash.rs (MD5/SHA‑1) - Added documentation for zeroize limitations of AesCtr (opaque cipher state) in aes.rs - Implemented silent‑mode logging and refactored initialization: - Added LogLevel enum to config and CLI flags --silent / --log-level - Added parse_cli() to handle --silent, --log-level, --help - Restructured main.rs initialization order: CLI → config load → determine log level → init tracing - Errors before tracing initialization are printed via eprintln! - Proxy links (tg://) are printed via println! – always visible regardless of log level - Configuration summary and operational messages are logged via info! (suppressed in silent mode) - Connection processing errors are lowered to debug! (hidden in silent mode) - Warning about default tls_domain moved to main (after tracing init) Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>
2026-02-07 19:49:41 +03:00
parent b9428d9780
commit 92cedabc81
12 changed files with 355 additions and 225 deletions
--- a/src/crypto/hash.rs
+++ b/src/crypto/hash.rs
@@ -1,3 +1,16 @@
+//! Cryptographic hash functions
+//!
+//! ## Protocol-required algorithms
+//!
+//! This module exposes MD5 and SHA-1 alongside SHA-256. These weaker
+//! hash functions are **required by the Telegram Middle Proxy protocol**
+//! (`derive_middleproxy_keys`) and cannot be replaced without breaking
+//! compatibility. They are NOT used for any security-sensitive purpose
+//! outside of that specific key derivation scheme mandated by Telegram.
+//!
+//! Static analysis tools (CodeQL, cargo-audit) may flag them — the
+//! usages are intentional and protocol-mandated.
+
 use hmac::{Hmac, Mac};
 use sha2::Sha256;
 use md5::Md5;
@@ -21,14 +34,16 @@ pub fn sha256_hmac(key: &[u8], data: &[u8]) -> [u8; 32] {
    mac.finalize().into_bytes().into()
 }

-/// SHA-1
+/// SHA-1 — **protocol-required** by Telegram Middle Proxy key derivation.
+/// Not used for general-purpose hashing.
 pub fn sha1(data: &[u8]) -> [u8; 20] {
    let mut hasher = Sha1::new();
    hasher.update(data);
    hasher.finalize().into()
 }

-/// MD5
+/// MD5 — **protocol-required** by Telegram Middle Proxy key derivation.
+/// Not used for general-purpose hashing.
 pub fn md5(data: &[u8]) -> [u8; 16] {
    let mut hasher = Md5::new();
    hasher.update(data);
@@ -40,7 +55,11 @@ pub fn crc32(data: &[u8]) -> u32 {
    crc32fast::hash(data)
 }

-/// Middle Proxy Keygen
+/// Middle Proxy key derivation
+///
+/// Uses MD5 + SHA-1 as mandated by the Telegram Middle Proxy protocol.
+/// These algorithms are NOT replaceable here — changing them would break
+/// interoperability with Telegram's middle proxy infrastructure.
 pub fn derive_middleproxy_keys(
    nonce_srv: &[u8; 16],
    nonce_clt: &[u8; 16],