Merge pull request #15 from 9seconds/secure

Support secure mode

README.md

@@ -91,20 +91,55 @@ or
 $ head -c 512 /dev/urandom | md5sum | cut -f 1 -d ' '
 ```
 
+## Secure mode
+
+If you want to support new secure mode, please prepend `dd` to the
+secret. For example, secret `cf18fa8ea0267057e2c61a5f7322a8e7` should
+be `ddcf18fa8ea0267057e2c61a5f7322a8e7`. But pay attention that some
+old clients won't support this mode. If this is not your case, I would
+suggest to go with this mode.
+
+Oneliners to generate such secrets:
+
+```console
+$ echo dd$(openssl rand -hex 16)
+```
+
+or
+
+```console
+$ echo dd$(head -c 512 /dev/urandom | md5sum | cut -f 1 -d ' ')
+```
+
+
+# How to run the tool
+
 Now run the tool:
 
 ```console
 $ mtg <secret>
 ```
 
+How to run the tool with ADTag:
+
+```console
+$ mtg <secret> <adtag>
+```
+
 This tool will listen on port 3128 by default with the given secret.
 
 # One-line runner
 
-```
+```console
 $ docker run --name mtg --restart=unless-stopped -p 3128:3128 -p 3129:3129 -d nineseconds/mtg $(openssl rand -hex 16)
 ```
 
+or in secret mode:
+
+```console
+$ docker run --name mtg --restart=unless-stopped -p 3128:3128 -p 3129:3129 -d nineseconds/mtg dd$(openssl rand -hex 16)
+```
+
 You will have this tool up and running on port 3128. Now curl
 `localhost:3129` to get `tg://` links or do `docker logs mtg`. Also,
 port 3129 will show you some statistics if you are interested in.

config/config.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"net"
 	"strconv"
+	"strings"
 
 	"github.com/juju/errors"
 )
@@ -90,6 +91,7 @@ func NewConfig(debug, verbose bool, // nolint: gocyclo
 	publicIPv6 net.IP, publicIPv6Port uint16,
 	statsIP net.IP, statsPort uint16,
 	secret, adtag string) (*Config, error) {
+	secret = strings.TrimPrefix(secret, "dd")
 	if len(secret) != 32 {
 		return nil, errors.New("Telegram demands secret of length 32")
 	}

mtproto/connection_options.go

@@ -39,6 +39,7 @@ const (
 	ConnectionTypeUnknown ConnectionType = iota
 	ConnectionTypeAbridged
 	ConnectionTypeIntermediate
+	ConnectionTypeSecure
 )
 
 // ConnectionProtocol* define which connection protocols to use.
@@ -53,6 +54,7 @@ const (
 var (
 	ConnectionTagAbridged     = []byte{0xef, 0xef, 0xef, 0xef}
 	ConnectionTagIntermediate = []byte{0xee, 0xee, 0xee, 0xee}
+	ConnectionTagSecure       = []byte{0xdd, 0xdd, 0xdd, 0xdd}
 )
 
 // Tag maps connection type to the corresponding handshake tag.
@@ -62,6 +64,8 @@ func (t ConnectionType) Tag() ([]byte, error) {
 		return ConnectionTagAbridged, nil
 	case ConnectionTypeIntermediate:
 		return ConnectionTagIntermediate, nil
+	case ConnectionTypeSecure:
+		return ConnectionTagSecure, nil
 	default:
 		return nil, errors.Errorf("Unknown connection type %d", t)
 	}
@@ -75,6 +79,9 @@ func ConnectionTagFromHandshake(magic []byte) (ConnectionType, error) {
 	if bytes.Equal(magic, ConnectionTagAbridged) {
 		return ConnectionTypeAbridged, nil
 	}
+	if bytes.Equal(magic, ConnectionTagSecure) {
+		return ConnectionTypeSecure, nil
+	}
 
 	return ConnectionTypeUnknown, errors.New("Unknown handshake protocol")
 }