Zeroize for key + log refactor + fix tests

- Fixed tests that failed to compile due to mismatched generic parameters of HandshakeResult:
  - Changed `HandshakeResult<i32>` to `HandshakeResult<i32, (), ()>`
  - Changed `HandshakeResult::BadClient` to `HandshakeResult::BadClient { reader: (), writer: () }`

- Added Zeroize for all structures holding key material:
  - AesCbc – key and IV are zeroized on drop
  - SecureRandomInner – PRNG output buffer is zeroized on drop; local key copy in constructor is zeroized immediately after being passed to the cipher
  - ObfuscationParams – all four key‑material fields are zeroized on drop
  - HandshakeSuccess – all four key‑material fields are zeroized on drop

- Added protocol‑requirement documentation for legacy hashes (CodeQL suppression) in hash.rs (MD5/SHA‑1)

- Added documentation for zeroize limitations of AesCtr (opaque cipher state) in aes.rs

- Implemented silent‑mode logging and refactored initialization:
  - Added LogLevel enum to config and CLI flags --silent / --log-level
  - Added parse_cli() to handle --silent, --log-level, --help
  - Restructured main.rs initialization order: CLI → config load → determine log level → init tracing
  - Errors before tracing initialization are printed via eprintln!
  - Proxy links (tg://) are printed via println! – always visible regardless of log level
  - Configuration summary and operational messages are logged via info! (suppressed in silent mode)
  - Connection processing errors are lowered to debug! (hidden in silent mode)
  - Warning about default tls_domain moved to main (after tracing init)

Co-Authored-By: brekotis <93345790+brekotis@users.noreply.github.com>

src/protocol/constants.rs

@@ -1,13 +1,13 @@
 //! Protocol constants and datacenter addresses
 
 use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
-use once_cell::sync::Lazy;
+use std::sync::LazyLock;
 
 // ============= Telegram Datacenters =============
 
 pub const TG_DATACENTER_PORT: u16 = 443;
 
-pub static TG_DATACENTERS_V4: Lazy<Vec<IpAddr>> = Lazy::new(|| {
+pub static TG_DATACENTERS_V4: LazyLock<Vec<IpAddr>> = LazyLock::new(|| {
     vec![
         IpAddr::V4(Ipv4Addr::new(149, 154, 175, 50)),
         IpAddr::V4(Ipv4Addr::new(149, 154, 167, 51)),
@@ -17,7 +17,7 @@ pub static TG_DATACENTERS_V4: Lazy<Vec<IpAddr>> = Lazy::new(|| {
     ]
 });
 
-pub static TG_DATACENTERS_V6: Lazy<Vec<IpAddr>> = Lazy::new(|| {
+pub static TG_DATACENTERS_V6: LazyLock<Vec<IpAddr>> = LazyLock::new(|| {
     vec![
         IpAddr::V6("2001:b28:f23d:f001::a".parse().unwrap()),
         IpAddr::V6("2001:67c:04e8:f002::a".parse().unwrap()),
@@ -29,8 +29,8 @@ pub static TG_DATACENTERS_V6: Lazy<Vec<IpAddr>> = Lazy::new(|| {
 
 // ============= Middle Proxies (for advertising) =============
 
-pub static TG_MIDDLE_PROXIES_V4: Lazy<std::collections::HashMap<i32, Vec<(IpAddr, u16)>>> = 
-    Lazy::new(|| {
+pub static TG_MIDDLE_PROXIES_V4: LazyLock<std::collections::HashMap<i32, Vec<(IpAddr, u16)>>> = 
+    LazyLock::new(|| {
         let mut m = std::collections::HashMap::new();
         m.insert(1, vec![(IpAddr::V4(Ipv4Addr::new(149, 154, 175, 50)), 8888)]);
         m.insert(-1, vec![(IpAddr::V4(Ipv4Addr::new(149, 154, 175, 50)), 8888)]);
@@ -45,8 +45,8 @@ pub static TG_MIDDLE_PROXIES_V4: Lazy<std::collections::HashMap<i32, Vec<(IpAddr
         m
     });
 
-pub static TG_MIDDLE_PROXIES_V6: Lazy<std::collections::HashMap<i32, Vec<(IpAddr, u16)>>> = 
-    Lazy::new(|| {
+pub static TG_MIDDLE_PROXIES_V6: LazyLock<std::collections::HashMap<i32, Vec<(IpAddr, u16)>>> = 
+    LazyLock::new(|| {
         let mut m = std::collections::HashMap::new();
         m.insert(1, vec![(IpAddr::V6("2001:b28:f23d:f001::d".parse().unwrap()), 8888)]);
         m.insert(-1, vec![(IpAddr::V6("2001:b28:f23d:f001::d".parse().unwrap()), 8888)]);
@@ -167,8 +167,6 @@ pub const DEFAULT_ACK_TIMEOUT_SECS: u64 = 300;
 // ============= Buffer Sizes =============
 
 /// Default buffer size
-/// CHANGED: Reduced from 64KB to 16KB to match TLS record size and align with
-/// the new buffering strategy for better iOS upload performance.
 pub const DEFAULT_BUFFER_SIZE: usize = 16384;
 
 /// Small buffer size for bad client handling

src/protocol/obfuscation.rs

@@ -1,10 +1,13 @@
 //! MTProto Obfuscation
 
+use zeroize::Zeroize;
 use crate::crypto::{sha256, AesCtr};
 use crate::error::Result;
 use super::constants::*;
 
 /// Obfuscation parameters from handshake
+///
+/// Key material is zeroized on drop.
 #[derive(Debug, Clone)]
 pub struct ObfuscationParams {
     /// Key for decrypting client -> proxy traffic
@@ -21,25 +24,31 @@ pub struct ObfuscationParams {
     pub dc_idx: i16,
 }
 
+impl Drop for ObfuscationParams {
+    fn drop(&mut self) {
+        self.decrypt_key.zeroize();
+        self.decrypt_iv.zeroize();
+        self.encrypt_key.zeroize();
+        self.encrypt_iv.zeroize();
+    }
+}
+
 impl ObfuscationParams {
     /// Parse obfuscation parameters from handshake bytes
     /// Returns None if handshake doesn't match any user secret
     pub fn from_handshake(
         handshake: &[u8; HANDSHAKE_LEN],
-        secrets: &[(String, Vec<u8>)], // (username, secret_bytes)
+        secrets: &[(String, Vec<u8>)],
     ) -> Option<(Self, String)> {
-        // Extract prekey and IV for decryption
         let dec_prekey_iv = &handshake[SKIP_LEN..SKIP_LEN + PREKEY_LEN + IV_LEN];
         let dec_prekey = &dec_prekey_iv[..PREKEY_LEN];
         let dec_iv_bytes = &dec_prekey_iv[PREKEY_LEN..];
         
-        // Reversed for encryption direction
         let enc_prekey_iv: Vec<u8> = dec_prekey_iv.iter().rev().copied().collect();
         let enc_prekey = &enc_prekey_iv[..PREKEY_LEN];
         let enc_iv_bytes = &enc_prekey_iv[PREKEY_LEN..];
         
         for (username, secret) in secrets {
-            // Derive decryption key
             let mut dec_key_input = Vec::with_capacity(PREKEY_LEN + secret.len());
             dec_key_input.extend_from_slice(dec_prekey);
             dec_key_input.extend_from_slice(secret);
@@ -47,26 +56,22 @@ impl ObfuscationParams {
             
             let decrypt_iv = u128::from_be_bytes(dec_iv_bytes.try_into().unwrap());
             
-            // Create decryptor and decrypt handshake
             let mut decryptor = AesCtr::new(&decrypt_key, decrypt_iv);
             let decrypted = decryptor.decrypt(handshake);
             
-            // Check protocol tag
             let tag_bytes: [u8; 4] = decrypted[PROTO_TAG_POS..PROTO_TAG_POS + 4]
                 .try_into()
                 .unwrap();
             
             let proto_tag = match ProtoTag::from_bytes(tag_bytes) {
                 Some(tag) => tag,
-                None => continue, // Try next secret
+                None => continue,
             };
             
-            // Extract DC index
             let dc_idx = i16::from_le_bytes(
                 decrypted[DC_IDX_POS..DC_IDX_POS + 2].try_into().unwrap()
             );
             
-            // Derive encryption key
             let mut enc_key_input = Vec::with_capacity(PREKEY_LEN + secret.len());
             enc_key_input.extend_from_slice(enc_prekey);
             enc_key_input.extend_from_slice(secret);
@@ -123,18 +128,15 @@ pub fn generate_nonce<R: FnMut(usize) -> Vec<u8>>(mut random_bytes: R) -> [u8; H
 
 /// Check if nonce is valid (not matching reserved patterns)
 pub fn is_valid_nonce(nonce: &[u8; HANDSHAKE_LEN]) -> bool {
-    // Check first byte
     if RESERVED_NONCE_FIRST_BYTES.contains(&nonce[0]) {
         return false;
     }
     
-    // Check first 4 bytes
     let first_four: [u8; 4] = nonce[..4].try_into().unwrap();
     if RESERVED_NONCE_BEGINNINGS.contains(&first_four) {
         return false;
     }
     
-    // Check bytes 4-7
     let continue_four: [u8; 4] = nonce[4..8].try_into().unwrap();
     if RESERVED_NONCE_CONTINUES.contains(&continue_four) {
         return false;
@@ -147,12 +149,10 @@ pub fn is_valid_nonce(nonce: &[u8; HANDSHAKE_LEN]) -> bool {
 pub fn prepare_tg_nonce(
     nonce: &mut [u8; HANDSHAKE_LEN],
     proto_tag: ProtoTag,
-    enc_key_iv: Option<&[u8]>, // For fast mode
+    enc_key_iv: Option<&[u8]>,
 ) {
-    // Set protocol tag
     nonce[PROTO_TAG_POS..PROTO_TAG_POS + 4].copy_from_slice(&proto_tag.to_bytes());
     
-    // For fast mode, copy the reversed enc_key_iv
     if let Some(key_iv) = enc_key_iv {
         let reversed: Vec<u8> = key_iv.iter().rev().copied().collect();
         nonce[SKIP_LEN..SKIP_LEN + KEY_LEN + IV_LEN].copy_from_slice(&reversed);
@@ -161,14 +161,12 @@ pub fn prepare_tg_nonce(
 
 /// Encrypt the outgoing nonce for Telegram
 pub fn encrypt_nonce(nonce: &[u8; HANDSHAKE_LEN]) -> Vec<u8> {
-    // Derive encryption key from the nonce itself
     let key_iv = &nonce[SKIP_LEN..SKIP_LEN + KEY_LEN + IV_LEN];
     let enc_key = sha256(key_iv);
     let enc_iv = u128::from_be_bytes(key_iv[..IV_LEN].try_into().unwrap());
     
     let mut encryptor = AesCtr::new(&enc_key, enc_iv);
     
-    // Only encrypt from PROTO_TAG_POS onwards
     let mut result = nonce.to_vec();
     let encrypted_part = encryptor.encrypt(&nonce[PROTO_TAG_POS..]);
     result[PROTO_TAG_POS..].copy_from_slice(&encrypted_part);
@@ -182,22 +180,18 @@ mod tests {
     
     #[test]
     fn test_is_valid_nonce() {
-        // Valid nonce
         let mut valid = [0x42u8; HANDSHAKE_LEN];
         valid[4..8].copy_from_slice(&[1, 2, 3, 4]);
         assert!(is_valid_nonce(&valid));
         
-        // Invalid: starts with 0xef
         let mut invalid = [0x00u8; HANDSHAKE_LEN];
         invalid[0] = 0xef;
         assert!(!is_valid_nonce(&invalid));
         
-        // Invalid: starts with HEAD
         let mut invalid = [0x00u8; HANDSHAKE_LEN];
         invalid[..4].copy_from_slice(b"HEAD");
         assert!(!is_valid_nonce(&invalid));
         
-        // Invalid: bytes 4-7 are zeros
         let mut invalid = [0x42u8; HANDSHAKE_LEN];
         invalid[4..8].copy_from_slice(&[0, 0, 0, 0]);
         assert!(!is_valid_nonce(&invalid));