Telethon/telethon/crypto/aes.py

"""
AES IGE implementation in Python.

If available, cryptg will be used instead, otherwise
if available, libssl will be used instead, otherwise
the Python implementation will be used.
"""
import os
import pyaes
import logging
from . import libssl


__log__ = logging.getLogger(__name__)


try:
    import cryptg
    __log__.info('cryptg detected, it will be used for encryption')
except ImportError:
    cryptg = None
    if libssl.encrypt_ige and libssl.decrypt_ige:
        __log__.info('libssl detected, it will be used for encryption')
    else:
        __log__.info('cryptg module not installed and libssl not found, '
                     'falling back to (slower) Python encryption')


class AES:
    """
    Class that servers as an interface to encrypt and decrypt
    text through the AES IGE mode.
    """
    @staticmethod
    def decrypt_ige(cipher_text, key, iv):
        """
        Decrypts the given text in 16-bytes blocks by using the
        given key and 32-bytes initialization vector.
        """
        if cryptg:
            return cryptg.decrypt_ige(cipher_text, key, iv)
        if libssl.decrypt_ige:
            return libssl.decrypt_ige(cipher_text, key, iv)

        iv1 = iv[:len(iv) // 2]
        iv2 = iv[len(iv) // 2:]

        aes = pyaes.AES(key)

        plain_text = []
        blocks_count = len(cipher_text) // 16

        cipher_text_block = [0] * 16
        for block_index in range(blocks_count):
            for i in range(16):
                cipher_text_block[i] = \
                    cipher_text[block_index * 16 + i] ^ iv2[i]

            plain_text_block = aes.decrypt(cipher_text_block)

            for i in range(16):
                plain_text_block[i] ^= iv1[i]

            iv1 = cipher_text[block_index * 16:block_index * 16 + 16]
            iv2 = plain_text_block

            plain_text.extend(plain_text_block)

        return bytes(plain_text)

    @staticmethod
    def encrypt_ige(plain_text, key, iv):
        """
        Encrypts the given text in 16-bytes blocks by using the
        given key and 32-bytes initialization vector.
        """
        padding = len(plain_text) % 16
        if padding:
            plain_text += os.urandom(16 - padding)

        if cryptg:
            return cryptg.encrypt_ige(plain_text, key, iv)
        if libssl.encrypt_ige:
            return libssl.encrypt_ige(plain_text, key, iv)

        iv1 = iv[:len(iv) // 2]
        iv2 = iv[len(iv) // 2:]

        aes = pyaes.AES(key)

        cipher_text = []
        blocks_count = len(plain_text) // 16

        for block_index in range(blocks_count):
            plain_text_block = list(
                plain_text[block_index * 16:block_index * 16 + 16]
            )
            for i in range(16):
                plain_text_block[i] ^= iv1[i]

            cipher_text_block = aes.encrypt(plain_text_block)

            for i in range(16):
                cipher_text_block[i] ^= iv2[i]

            iv1 = cipher_text_block
            iv2 = plain_text[block_index * 16:block_index * 16 + 16]

            cipher_text.extend(cipher_text_block)

        return bytes(cipher_text)
Document the crypto/ module 2017-11-26 18:57:40 +03:00			`"""`
Revert 030f292 (use libssl if available) 2018-07-25 13:11:58 +03:00			`AES IGE implementation in Python.`

Revert "Use tgcrypto if available (#1715)" This reverts commit 42cc9e61fbc55cff8dc7eeacecddb579d8adb85f. tgcrypto was made for Pyrogram, and seeing it used elsewhere without much credit "hurts" the author. I personally do not endorse its use, hence the lack of attention or notes in the documentation. People who still want to benefit from the speed boost should go out of their way to discover, install and patch Telethon's aes.py module instead, all while complying with the respective license (another reason to avoid said code in Telethon, which is under the much more permissive MIT license). People using tgcrypto for anything other than Pyrogram will do so knowing full-well that this was not the library's intended usage. 2021-03-20 19:20:33 +03:00			`If available, cryptg will be used instead, otherwise`
Revert 030f292 (use libssl if available) 2018-07-25 13:11:58 +03:00			`if available, libssl will be used instead, otherwise`
			`the Python implementation will be used.`
Document the crypto/ module 2017-11-26 18:57:40 +03:00			`"""`
Pythonized some parts 2016-09-16 15:04:46 +03:00			`import os`
Finished authenticator (now it works!) 2016-09-03 21:34:24 +03:00			`import pyaes`
Revert 030f292 (use libssl if available) 2018-07-25 13:11:58 +03:00			`import logging`
			`from . import libssl`


			`__log__ = logging.getLogger(__name__)`

Finished authenticator (now it works!) 2016-09-03 21:34:24 +03:00
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`try:`
Revert "Use tgcrypto if available (#1715)" This reverts commit 42cc9e61fbc55cff8dc7eeacecddb579d8adb85f. tgcrypto was made for Pyrogram, and seeing it used elsewhere without much credit "hurts" the author. I personally do not endorse its use, hence the lack of attention or notes in the documentation. People who still want to benefit from the speed boost should go out of their way to discover, install and patch Telethon's aes.py module instead, all while complying with the respective license (another reason to avoid said code in Telethon, which is under the much more permissive MIT license). People using tgcrypto for anything other than Pyrogram will do so knowing full-well that this was not the library's intended usage. 2021-03-20 19:20:33 +03:00			`import cryptg`
			`__log__.info('cryptg detected, it will be used for encryption')`
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`except ImportError:`
Revert "Use tgcrypto if available (#1715)" This reverts commit 42cc9e61fbc55cff8dc7eeacecddb579d8adb85f. tgcrypto was made for Pyrogram, and seeing it used elsewhere without much credit "hurts" the author. I personally do not endorse its use, hence the lack of attention or notes in the documentation. People who still want to benefit from the speed boost should go out of their way to discover, install and patch Telethon's aes.py module instead, all while complying with the respective license (another reason to avoid said code in Telethon, which is under the much more permissive MIT license). People using tgcrypto for anything other than Pyrogram will do so knowing full-well that this was not the library's intended usage. 2021-03-20 19:20:33 +03:00			`cryptg = None`
			`if libssl.encrypt_ige and libssl.decrypt_ige:`
			`__log__.info('libssl detected, it will be used for encryption')`
			`else:`
			`__log__.info('cryptg module not installed and libssl not found, '`
			`'falling back to (slower) Python encryption')`
Finished authenticator (now it works!) 2016-09-03 21:34:24 +03:00
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00
			`class AES:`
			`"""`
			`Class that servers as an interface to encrypt and decrypt`
			`text through the AES IGE mode.`
			`"""`
			`@staticmethod`
			`def decrypt_ige(cipher_text, key, iv):`
Document the crypto/ module 2017-11-26 18:57:40 +03:00			`"""`
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`Decrypts the given text in 16-bytes blocks by using the`
			`given key and 32-bytes initialization vector.`
Document the crypto/ module 2017-11-26 18:57:40 +03:00			`"""`
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`if cryptg:`
			`return cryptg.decrypt_ige(cipher_text, key, iv)`
Revert 030f292 (use libssl if available) 2018-07-25 13:11:58 +03:00			`if libssl.decrypt_ige:`
			`return libssl.decrypt_ige(cipher_text, key, iv)`
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00
			`iv1 = iv[:len(iv) // 2]`
			`iv2 = iv[len(iv) // 2:]`
Finished authenticator (now it works!) 2016-09-03 21:34:24 +03:00
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`aes = pyaes.AES(key)`
Finished authenticator (now it works!) 2016-09-03 21:34:24 +03:00
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`plain_text = []`
			`blocks_count = len(cipher_text) // 16`
Finished authenticator (now it works!) 2016-09-03 21:34:24 +03:00
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`cipher_text_block = [0] * 16`
			`for block_index in range(blocks_count):`
			`for i in range(16):`
			`cipher_text_block[i] = \`
			`cipher_text[block_index * 16 + i] ^ iv2[i]`
Finished authenticator (now it works!) 2016-09-03 21:34:24 +03:00
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`plain_text_block = aes.decrypt(cipher_text_block)`
Finished authenticator (now it works!) 2016-09-03 21:34:24 +03:00
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`for i in range(16):`
			`plain_text_block[i] ^= iv1[i]`
Finished authenticator (now it works!) 2016-09-03 21:34:24 +03:00
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`iv1 = cipher_text[block_index * 16:block_index * 16 + 16]`
			`iv2 = plain_text_block`
Finished authenticator (now it works!) 2016-09-03 21:34:24 +03:00
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`plain_text.extend(plain_text_block)`
Finished authenticator (now it works!) 2016-09-03 21:34:24 +03:00
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`return bytes(plain_text)`
Pythonized some parts 2016-09-16 15:04:46 +03:00
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`@staticmethod`
			`def encrypt_ige(plain_text, key, iv):`
			`"""`
			`Encrypts the given text in 16-bytes blocks by using the`
			`given key and 32-bytes initialization vector.`
			`"""`
Revert 030f292 (use libssl if available) 2018-07-25 13:11:58 +03:00			`padding = len(plain_text) % 16`
			`if padding:`
			`plain_text += os.urandom(16 - padding)`
Finished authenticator (now it works!) 2016-09-03 21:34:24 +03:00
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`if cryptg:`
			`return cryptg.encrypt_ige(plain_text, key, iv)`
Revert 030f292 (use libssl if available) 2018-07-25 13:11:58 +03:00			`if libssl.encrypt_ige:`
			`return libssl.encrypt_ige(plain_text, key, iv)`
Finished authenticator (now it works!) 2016-09-03 21:34:24 +03:00
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`iv1 = iv[:len(iv) // 2]`
			`iv2 = iv[len(iv) // 2:]`
Finished authenticator (now it works!) 2016-09-03 21:34:24 +03:00
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`aes = pyaes.AES(key)`
Finished authenticator (now it works!) 2016-09-03 21:34:24 +03:00
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`cipher_text = []`
			`blocks_count = len(plain_text) // 16`
Finished authenticator (now it works!) 2016-09-03 21:34:24 +03:00
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`for block_index in range(blocks_count):`
			`plain_text_block = list(`
			`plain_text[block_index * 16:block_index * 16 + 16]`
			`)`
			`for i in range(16):`
			`plain_text_block[i] ^= iv1[i]`
Finished authenticator (now it works!) 2016-09-03 21:34:24 +03:00
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`cipher_text_block = aes.encrypt(plain_text_block)`
Finished authenticator (now it works!) 2016-09-03 21:34:24 +03:00
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`for i in range(16):`
			`cipher_text_block[i] ^= iv2[i]`
Finished authenticator (now it works!) 2016-09-03 21:34:24 +03:00
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`iv1 = cipher_text_block`
			`iv2 = plain_text[block_index * 16:block_index * 16 + 16]`
Finished authenticator (now it works!) 2016-09-03 21:34:24 +03:00
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`cipher_text.extend(cipher_text_block)`
Faster crypto by using libssl (closes #199) 2017-08-20 02:21:11 +03:00
Dump libssl bindings in favour of the new optional cryptg module 2018-02-16 20:24:44 +03:00			`return bytes(cipher_text)`