2017-11-26 18:57:40 +03:00
|
|
|
"""
|
|
|
|
This module holds the CdnDecrypter utility class.
|
|
|
|
"""
|
2017-08-28 17:25:10 +03:00
|
|
|
from hashlib import sha256
|
|
|
|
|
2021-09-12 13:16:02 +03:00
|
|
|
from .. import _tl
|
2017-08-28 21:30:33 +03:00
|
|
|
from ..crypto import AESModeCTR
|
2017-08-28 17:25:10 +03:00
|
|
|
from ..errors import CdnFileTamperedError
|
|
|
|
|
|
|
|
|
|
|
|
class CdnDecrypter:
|
2017-11-26 18:57:40 +03:00
|
|
|
"""
|
|
|
|
Used when downloading a file results in a 'FileCdnRedirect' to
|
|
|
|
both prepare the redirect, decrypt the file as it downloads, and
|
|
|
|
ensure the file hasn't been tampered. https://core.telegram.org/cdn
|
2017-08-28 17:25:10 +03:00
|
|
|
"""
|
|
|
|
def __init__(self, cdn_client, file_token, cdn_aes, cdn_file_hashes):
|
2017-11-26 18:57:40 +03:00
|
|
|
"""
|
|
|
|
Initializes the CDN decrypter.
|
|
|
|
|
|
|
|
:param cdn_client: a client connected to a CDN.
|
|
|
|
:param file_token: the token of the file to be used.
|
|
|
|
:param cdn_aes: the AES CTR used to decrypt the file.
|
|
|
|
:param cdn_file_hashes: the hashes the decrypted file must match.
|
|
|
|
"""
|
2017-08-28 17:25:10 +03:00
|
|
|
self.client = cdn_client
|
|
|
|
self.file_token = file_token
|
|
|
|
self.cdn_aes = cdn_aes
|
|
|
|
self.cdn_file_hashes = cdn_file_hashes
|
|
|
|
|
|
|
|
@staticmethod
|
2018-06-10 13:04:23 +03:00
|
|
|
async def prepare_decrypter(client, cdn_client, cdn_redirect):
|
2017-11-26 18:57:40 +03:00
|
|
|
"""
|
|
|
|
Prepares a new CDN decrypter.
|
|
|
|
|
|
|
|
:param client: a TelegramClient connected to the main servers.
|
|
|
|
:param cdn_client: a new client connected to the CDN.
|
|
|
|
:param cdn_redirect: the redirect file object that caused this call.
|
|
|
|
:return: (CdnDecrypter, first chunk file data)
|
2017-08-28 17:25:10 +03:00
|
|
|
"""
|
2017-08-28 21:30:33 +03:00
|
|
|
cdn_aes = AESModeCTR(
|
|
|
|
key=cdn_redirect.encryption_key,
|
2017-09-05 17:43:53 +03:00
|
|
|
# 12 first bytes of the IV..4 bytes of the offset (0, big endian)
|
|
|
|
iv=cdn_redirect.encryption_iv[:12] + bytes(4)
|
2017-08-28 17:25:10 +03:00
|
|
|
)
|
|
|
|
|
2017-09-05 17:43:53 +03:00
|
|
|
# We assume that cdn_redirect.cdn_file_hashes are ordered by offset,
|
|
|
|
# and that there will be enough of these to retrieve the whole file.
|
2017-08-28 17:25:10 +03:00
|
|
|
decrypter = CdnDecrypter(
|
|
|
|
cdn_client, cdn_redirect.file_token,
|
|
|
|
cdn_aes, cdn_redirect.cdn_file_hashes
|
|
|
|
)
|
|
|
|
|
2021-09-12 13:16:02 +03:00
|
|
|
cdn_file = await cdn_client(_tl.fn.upload.GetCdnFile(
|
2017-09-17 17:06:43 +03:00
|
|
|
file_token=cdn_redirect.file_token,
|
|
|
|
offset=cdn_redirect.cdn_file_hashes[0].offset,
|
|
|
|
limit=cdn_redirect.cdn_file_hashes[0].limit
|
|
|
|
))
|
2021-09-12 13:16:02 +03:00
|
|
|
if isinstance(cdn_file, _tl.upload.CdnFileReuploadNeeded):
|
2017-08-28 17:25:10 +03:00
|
|
|
# We need to use the original client here
|
2021-09-12 13:16:02 +03:00
|
|
|
await client(_tl.fn.upload.ReuploadCdnFile(
|
2017-08-28 17:25:10 +03:00
|
|
|
file_token=cdn_redirect.file_token,
|
|
|
|
request_token=cdn_file.request_token
|
|
|
|
))
|
|
|
|
|
|
|
|
# We want to always return a valid upload.CdnFile
|
2017-09-05 17:43:53 +03:00
|
|
|
cdn_file = decrypter.get_file()
|
2017-08-28 17:25:10 +03:00
|
|
|
else:
|
|
|
|
cdn_file.bytes = decrypter.cdn_aes.encrypt(cdn_file.bytes)
|
2017-09-05 17:43:53 +03:00
|
|
|
cdn_hash = decrypter.cdn_file_hashes.pop(0)
|
|
|
|
decrypter.check(cdn_file.bytes, cdn_hash)
|
2017-08-28 17:25:10 +03:00
|
|
|
|
|
|
|
return decrypter, cdn_file
|
|
|
|
|
2017-09-05 17:43:53 +03:00
|
|
|
def get_file(self):
|
2017-11-26 18:57:40 +03:00
|
|
|
"""
|
|
|
|
Calls GetCdnFileRequest and decrypts its bytes.
|
|
|
|
Also ensures that the file hasn't been tampered.
|
|
|
|
|
|
|
|
:return: the CdnFile result.
|
2017-08-28 17:25:10 +03:00
|
|
|
"""
|
2017-09-05 17:43:53 +03:00
|
|
|
if self.cdn_file_hashes:
|
|
|
|
cdn_hash = self.cdn_file_hashes.pop(0)
|
2021-09-12 13:16:02 +03:00
|
|
|
cdn_file = self.client(_tl.fn.upload.GetCdnFile(
|
2017-09-05 17:43:53 +03:00
|
|
|
self.file_token, cdn_hash.offset, cdn_hash.limit
|
|
|
|
))
|
|
|
|
cdn_file.bytes = self.cdn_aes.encrypt(cdn_file.bytes)
|
|
|
|
self.check(cdn_file.bytes, cdn_hash)
|
|
|
|
else:
|
2021-09-12 13:16:02 +03:00
|
|
|
cdn_file = _tl.upload.CdnFile(bytes(0))
|
2017-08-28 17:25:10 +03:00
|
|
|
|
2017-09-05 17:43:53 +03:00
|
|
|
return cdn_file
|
2017-08-28 17:25:10 +03:00
|
|
|
|
|
|
|
@staticmethod
|
2017-09-05 17:43:53 +03:00
|
|
|
def check(data, cdn_hash):
|
2017-11-26 18:57:40 +03:00
|
|
|
"""
|
|
|
|
Checks the integrity of the given data.
|
|
|
|
Raises CdnFileTamperedError if the integrity check fails.
|
|
|
|
|
|
|
|
:param data: the data to be hashed.
|
|
|
|
:param cdn_hash: the expected hash.
|
|
|
|
"""
|
2017-09-05 17:43:53 +03:00
|
|
|
if sha256(data).digest() != cdn_hash.hash:
|
|
|
|
raise CdnFileTamperedError()
|