MTPyroger/pyrogram/crypto/mtproto.py

# Pyrogram - Telegram MTProto API Client Library for Python
# Copyright (C) 2017-2018 Dan Tès <https://github.com/delivrance>
#
# This file is part of Pyrogram.
#
# Pyrogram is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Pyrogram is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with Pyrogram.  If not, see <http://www.gnu.org/licenses/>.

from hashlib import sha256
from io import BytesIO
from os import urandom

from pyrogram.raw.core import Message, Long
from . import aes


def kdf(auth_key: bytes, msg_key: bytes, outgoing: bool) -> tuple:
    # https://core.telegram.org/mtproto/description#defining-aes-key-and-initialization-vector
    x = 0 if outgoing else 8

    sha256_a = sha256(msg_key + auth_key[x: x + 36]).digest()
    sha256_b = sha256(auth_key[x + 40:x + 76] + msg_key).digest()  # 76 = 40 + 36

    aes_key = sha256_a[:8] + sha256_b[8:24] + sha256_a[24:32]
    aes_iv = sha256_b[:8] + sha256_a[8:24] + sha256_b[24:32]

    return aes_key, aes_iv


def pack(message: Message, salt: int, session_id: bytes, auth_key: bytes, auth_key_id: bytes) -> bytes:
    data = Long(salt) + session_id + message.write()
    padding = urandom(-(len(data) + 12) % 16 + 12)

    # 88 = 88 + 0 (outgoing message)
    msg_key_large = sha256(auth_key[88: 88 + 32] + data + padding).digest()
    msg_key = msg_key_large[8:24]
    aes_key, aes_iv = kdf(auth_key, msg_key, True)

    return auth_key_id + msg_key + aes.ige256_encrypt(data + padding, aes_key, aes_iv)


def unpack(b: BytesIO, session_id: bytes, auth_key: bytes, auth_key_id: bytes) -> Message:
    assert b.read(8) == auth_key_id, b.getvalue()

    msg_key = b.read(16)
    aes_key, aes_iv = kdf(auth_key, msg_key, False)
    data = BytesIO(aes.ige256_decrypt(b.read(), aes_key, aes_iv))
    data.read(8)

    # https://core.telegram.org/mtproto/security_guidelines#checking-session-id
    assert data.read(8) == session_id

    try:
        message = Message.read(data)
    except KeyError as e:
        if e.args[0] == 0:
            raise ConnectionError(f"Received empty data. Check your internet connection.")

        left = data.read().hex()

        left = [left[i:i + 64] for i in range(0, len(left), 64)]
        left = [[left[i:i + 8] for i in range(0, len(left), 8)] for left in left]
        left = "\n".join(" ".join(x for x in left) for left in left)

        raise ValueError(f"Unknown constructor found: {hex(e.args[0])}\n{left}")

    # https://core.telegram.org/mtproto/security_guidelines#checking-sha256-hash-value-of-msg-key
    # https://core.telegram.org/mtproto/security_guidelines#checking-message-length
    # 96 = 88 + 8 (incoming message)
    assert msg_key == sha256(auth_key[96:96 + 32] + data.getvalue()).digest()[8:24]

    # https://core.telegram.org/mtproto/security_guidelines#checking-msg-id
    assert message.msg_id % 2 != 0

    return message
Change logging hierarchy for loading plugins (#451) Loading plugins shouldn't be considered a warning 2020-08-21 05:28:27 +00:00			`# Pyrogram - Telegram MTProto API Client Library for Python`
			`# Copyright (C) 2017-2018 Dan Tès <https://github.com/delivrance>`
			`#`
			`# This file is part of Pyrogram.`
			`#`
			`# Pyrogram is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU Lesser General Public License as published`
			`# by the Free Software Foundation, either version 3 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# Pyrogram is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU Lesser General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU Lesser General Public License`
			`# along with Pyrogram. If not, see <http://www.gnu.org/licenses/>.`

			`from hashlib import sha256`
			`from io import BytesIO`
			`from os import urandom`

Deep rewrite: preparing for v1.0 - Pyrogram core is now fully asynchronous - Ditched Python 3.5, welcome 3.6 as minimum version. - Moved all types to pyrogram.types - Turned the Filters class into a module (filters) - Moved all filters to pyrogram.filters - Moved all handlers to pyrogram.handlers - Moved all emoji to pyrogram.emoji - Renamed pyrogram.api to pyrogram.raw - Clock is now synced with server's time - Telegram schema updated to Layer 117 - Greatly improved the TL compiler (proper type-constructor hierarchy) - Added "do not edit" warning in generated files - Crypto parts are executed in a thread pool to avoid blocking the event loop - idle() is now a separate function (it doesn't deal with Client instances) - Async storage, async filters and async progress callback (optional, can be sync too) - Added getpass back, for hidden password inputs 2020-08-22 06:05:05 +00:00			`from pyrogram.raw.core import Message, Long`
			`from . import aes`
Change logging hierarchy for loading plugins (#451) Loading plugins shouldn't be considered a warning 2020-08-21 05:28:27 +00:00

Deep rewrite: preparing for v1.0 - Pyrogram core is now fully asynchronous - Ditched Python 3.5, welcome 3.6 as minimum version. - Moved all types to pyrogram.types - Turned the Filters class into a module (filters) - Moved all filters to pyrogram.filters - Moved all handlers to pyrogram.handlers - Moved all emoji to pyrogram.emoji - Renamed pyrogram.api to pyrogram.raw - Clock is now synced with server's time - Telegram schema updated to Layer 117 - Greatly improved the TL compiler (proper type-constructor hierarchy) - Added "do not edit" warning in generated files - Crypto parts are executed in a thread pool to avoid blocking the event loop - idle() is now a separate function (it doesn't deal with Client instances) - Async storage, async filters and async progress callback (optional, can be sync too) - Added getpass back, for hidden password inputs 2020-08-22 06:05:05 +00:00			`def kdf(auth_key: bytes, msg_key: bytes, outgoing: bool) -> tuple:`
			`# https://core.telegram.org/mtproto/description#defining-aes-key-and-initialization-vector`
			`x = 0 if outgoing else 8`
Change logging hierarchy for loading plugins (#451) Loading plugins shouldn't be considered a warning 2020-08-21 05:28:27 +00:00
Deep rewrite: preparing for v1.0 - Pyrogram core is now fully asynchronous - Ditched Python 3.5, welcome 3.6 as minimum version. - Moved all types to pyrogram.types - Turned the Filters class into a module (filters) - Moved all filters to pyrogram.filters - Moved all handlers to pyrogram.handlers - Moved all emoji to pyrogram.emoji - Renamed pyrogram.api to pyrogram.raw - Clock is now synced with server's time - Telegram schema updated to Layer 117 - Greatly improved the TL compiler (proper type-constructor hierarchy) - Added "do not edit" warning in generated files - Crypto parts are executed in a thread pool to avoid blocking the event loop - idle() is now a separate function (it doesn't deal with Client instances) - Async storage, async filters and async progress callback (optional, can be sync too) - Added getpass back, for hidden password inputs 2020-08-22 06:05:05 +00:00			`sha256_a = sha256(msg_key + auth_key[x: x + 36]).digest()`
			`sha256_b = sha256(auth_key[x + 40:x + 76] + msg_key).digest() # 76 = 40 + 36`
Change logging hierarchy for loading plugins (#451) Loading plugins shouldn't be considered a warning 2020-08-21 05:28:27 +00:00
Deep rewrite: preparing for v1.0 - Pyrogram core is now fully asynchronous - Ditched Python 3.5, welcome 3.6 as minimum version. - Moved all types to pyrogram.types - Turned the Filters class into a module (filters) - Moved all filters to pyrogram.filters - Moved all handlers to pyrogram.handlers - Moved all emoji to pyrogram.emoji - Renamed pyrogram.api to pyrogram.raw - Clock is now synced with server's time - Telegram schema updated to Layer 117 - Greatly improved the TL compiler (proper type-constructor hierarchy) - Added "do not edit" warning in generated files - Crypto parts are executed in a thread pool to avoid blocking the event loop - idle() is now a separate function (it doesn't deal with Client instances) - Async storage, async filters and async progress callback (optional, can be sync too) - Added getpass back, for hidden password inputs 2020-08-22 06:05:05 +00:00			`aes_key = sha256_a[:8] + sha256_b[8:24] + sha256_a[24:32]`
			`aes_iv = sha256_b[:8] + sha256_a[8:24] + sha256_b[24:32]`
Change logging hierarchy for loading plugins (#451) Loading plugins shouldn't be considered a warning 2020-08-21 05:28:27 +00:00
Deep rewrite: preparing for v1.0 - Pyrogram core is now fully asynchronous - Ditched Python 3.5, welcome 3.6 as minimum version. - Moved all types to pyrogram.types - Turned the Filters class into a module (filters) - Moved all filters to pyrogram.filters - Moved all handlers to pyrogram.handlers - Moved all emoji to pyrogram.emoji - Renamed pyrogram.api to pyrogram.raw - Clock is now synced with server's time - Telegram schema updated to Layer 117 - Greatly improved the TL compiler (proper type-constructor hierarchy) - Added "do not edit" warning in generated files - Crypto parts are executed in a thread pool to avoid blocking the event loop - idle() is now a separate function (it doesn't deal with Client instances) - Async storage, async filters and async progress callback (optional, can be sync too) - Added getpass back, for hidden password inputs 2020-08-22 06:05:05 +00:00			`return aes_key, aes_iv`
Change logging hierarchy for loading plugins (#451) Loading plugins shouldn't be considered a warning 2020-08-21 05:28:27 +00:00

Deep rewrite: preparing for v1.0 - Pyrogram core is now fully asynchronous - Ditched Python 3.5, welcome 3.6 as minimum version. - Moved all types to pyrogram.types - Turned the Filters class into a module (filters) - Moved all filters to pyrogram.filters - Moved all handlers to pyrogram.handlers - Moved all emoji to pyrogram.emoji - Renamed pyrogram.api to pyrogram.raw - Clock is now synced with server's time - Telegram schema updated to Layer 117 - Greatly improved the TL compiler (proper type-constructor hierarchy) - Added "do not edit" warning in generated files - Crypto parts are executed in a thread pool to avoid blocking the event loop - idle() is now a separate function (it doesn't deal with Client instances) - Async storage, async filters and async progress callback (optional, can be sync too) - Added getpass back, for hidden password inputs 2020-08-22 06:05:05 +00:00			`def pack(message: Message, salt: int, session_id: bytes, auth_key: bytes, auth_key_id: bytes) -> bytes:`
			`data = Long(salt) + session_id + message.write()`
			`padding = urandom(-(len(data) + 12) % 16 + 12)`
Change logging hierarchy for loading plugins (#451) Loading plugins shouldn't be considered a warning 2020-08-21 05:28:27 +00:00
Deep rewrite: preparing for v1.0 - Pyrogram core is now fully asynchronous - Ditched Python 3.5, welcome 3.6 as minimum version. - Moved all types to pyrogram.types - Turned the Filters class into a module (filters) - Moved all filters to pyrogram.filters - Moved all handlers to pyrogram.handlers - Moved all emoji to pyrogram.emoji - Renamed pyrogram.api to pyrogram.raw - Clock is now synced with server's time - Telegram schema updated to Layer 117 - Greatly improved the TL compiler (proper type-constructor hierarchy) - Added "do not edit" warning in generated files - Crypto parts are executed in a thread pool to avoid blocking the event loop - idle() is now a separate function (it doesn't deal with Client instances) - Async storage, async filters and async progress callback (optional, can be sync too) - Added getpass back, for hidden password inputs 2020-08-22 06:05:05 +00:00			`# 88 = 88 + 0 (outgoing message)`
			`msg_key_large = sha256(auth_key[88: 88 + 32] + data + padding).digest()`
			`msg_key = msg_key_large[8:24]`
			`aes_key, aes_iv = kdf(auth_key, msg_key, True)`
Change logging hierarchy for loading plugins (#451) Loading plugins shouldn't be considered a warning 2020-08-21 05:28:27 +00:00
Deep rewrite: preparing for v1.0 - Pyrogram core is now fully asynchronous - Ditched Python 3.5, welcome 3.6 as minimum version. - Moved all types to pyrogram.types - Turned the Filters class into a module (filters) - Moved all filters to pyrogram.filters - Moved all handlers to pyrogram.handlers - Moved all emoji to pyrogram.emoji - Renamed pyrogram.api to pyrogram.raw - Clock is now synced with server's time - Telegram schema updated to Layer 117 - Greatly improved the TL compiler (proper type-constructor hierarchy) - Added "do not edit" warning in generated files - Crypto parts are executed in a thread pool to avoid blocking the event loop - idle() is now a separate function (it doesn't deal with Client instances) - Async storage, async filters and async progress callback (optional, can be sync too) - Added getpass back, for hidden password inputs 2020-08-22 06:05:05 +00:00			`return auth_key_id + msg_key + aes.ige256_encrypt(data + padding, aes_key, aes_iv)`
Change logging hierarchy for loading plugins (#451) Loading plugins shouldn't be considered a warning 2020-08-21 05:28:27 +00:00

Deep rewrite: preparing for v1.0 - Pyrogram core is now fully asynchronous - Ditched Python 3.5, welcome 3.6 as minimum version. - Moved all types to pyrogram.types - Turned the Filters class into a module (filters) - Moved all filters to pyrogram.filters - Moved all handlers to pyrogram.handlers - Moved all emoji to pyrogram.emoji - Renamed pyrogram.api to pyrogram.raw - Clock is now synced with server's time - Telegram schema updated to Layer 117 - Greatly improved the TL compiler (proper type-constructor hierarchy) - Added "do not edit" warning in generated files - Crypto parts are executed in a thread pool to avoid blocking the event loop - idle() is now a separate function (it doesn't deal with Client instances) - Async storage, async filters and async progress callback (optional, can be sync too) - Added getpass back, for hidden password inputs 2020-08-22 06:05:05 +00:00			`def unpack(b: BytesIO, session_id: bytes, auth_key: bytes, auth_key_id: bytes) -> Message:`
			`assert b.read(8) == auth_key_id, b.getvalue()`

			`msg_key = b.read(16)`
			`aes_key, aes_iv = kdf(auth_key, msg_key, False)`
			`data = BytesIO(aes.ige256_decrypt(b.read(), aes_key, aes_iv))`
			`data.read(8)`

			`# https://core.telegram.org/mtproto/security_guidelines#checking-session-id`
			`assert data.read(8) == session_id`

Move the "unknown constructor found" logging logic 2021-03-17 14:03:18 +00:00			`try:`
			`message = Message.read(data)`
			`except KeyError as e:`
Better error message in case of empty data in buffer 2021-04-26 14:09:39 +00:00			`if e.args[0] == 0:`
			`raise ConnectionError(f"Received empty data. Check your internet connection.")`

Move the "unknown constructor found" logging logic 2021-03-17 14:03:18 +00:00			`left = data.read().hex()`

			`left = [left[i:i + 64] for i in range(0, len(left), 64)]`
			`left = [[left[i:i + 8] for i in range(0, len(left), 8)] for left in left]`
			`left = "\n".join(" ".join(x for x in left) for left in left)`

			`raise ValueError(f"Unknown constructor found: {hex(e.args[0])}\n{left}")`
Deep rewrite: preparing for v1.0 - Pyrogram core is now fully asynchronous - Ditched Python 3.5, welcome 3.6 as minimum version. - Moved all types to pyrogram.types - Turned the Filters class into a module (filters) - Moved all filters to pyrogram.filters - Moved all handlers to pyrogram.handlers - Moved all emoji to pyrogram.emoji - Renamed pyrogram.api to pyrogram.raw - Clock is now synced with server's time - Telegram schema updated to Layer 117 - Greatly improved the TL compiler (proper type-constructor hierarchy) - Added "do not edit" warning in generated files - Crypto parts are executed in a thread pool to avoid blocking the event loop - idle() is now a separate function (it doesn't deal with Client instances) - Async storage, async filters and async progress callback (optional, can be sync too) - Added getpass back, for hidden password inputs 2020-08-22 06:05:05 +00:00
			`# https://core.telegram.org/mtproto/security_guidelines#checking-sha256-hash-value-of-msg-key`
			`# https://core.telegram.org/mtproto/security_guidelines#checking-message-length`
			`# 96 = 88 + 8 (incoming message)`
			`assert msg_key == sha256(auth_key[96:96 + 32] + data.getvalue()).digest()[8:24]`

			`# https://core.telegram.org/mtproto/security_guidelines#checking-msg-id`
			`assert message.msg_id % 2 != 0`

			`return message`