Telethon/telethon/helpers.py

"""Various helpers not related to the Telegram API itself"""
import os
import struct
from hashlib import sha1, sha256

from telethon.crypto import AES
from telethon.errors import SecurityError
from telethon.extensions import BinaryReader


# region Multiple utilities


def generate_random_long(signed=True):
    """Generates a random long integer (8 bytes), which is optionally signed"""
    return int.from_bytes(os.urandom(8), signed=signed, byteorder='little')


def ensure_parent_dir_exists(file_path):
    """Ensures that the parent directory exists"""
    parent = os.path.dirname(file_path)
    if parent:
        os.makedirs(parent, exist_ok=True)

# endregion

# region Cryptographic related utils


def pack_message(session, message):
    """Packs a message following MtProto 2.0 guidelines"""
    # See https://core.telegram.org/mtproto/description
    data = struct.pack('<qq', session.salt, session.id) + bytes(message)
    padding = os.urandom(-(len(data) + 12) % 16 + 12)

    # Being substr(what, offset, length); x = 0 for client
    # "msg_key_large = SHA256(substr(auth_key, 88+x, 32) + pt + padding)"
    msg_key_large = sha256(
        session.auth_key.key[88:88 + 32] + data + padding).digest()

    # "msg_key = substr (msg_key_large, 8, 16)"
    msg_key = msg_key_large[8:24]
    aes_key, aes_iv = calc_key(session.auth_key.key, msg_key, True)

    key_id = struct.pack('<Q', session.auth_key.key_id)
    return key_id + msg_key + AES.encrypt_ige(data + padding, aes_key, aes_iv)


def unpack_message(session, reader):
    """Unpacks a message following MtProto 2.0 guidelines"""
    # See https://core.telegram.org/mtproto/description
    if reader.read_long(signed=False) != session.auth_key.key_id:
        raise SecurityError('Server replied with an invalid auth key')

    msg_key = reader.read(16)
    aes_key, aes_iv = calc_key(session.auth_key.key, msg_key, False)
    data = BinaryReader(AES.decrypt_ige(reader.read(), aes_key, aes_iv))

    data.read_long()  # remote_salt
    if data.read_long() != session.id:
        raise SecurityError('Server replied with a wrong session ID')

    remote_msg_id = data.read_long()
    remote_sequence = data.read_int()
    msg_len = data.read_int()
    message = data.read(msg_len)

    # https://core.telegram.org/mtproto/security_guidelines
    # Sections "checking sha256 hash" and "message length"
    if msg_key != sha256(
            session.auth_key.key[96:96 + 32] + data.get_bytes()).digest()[8:24]:
        raise SecurityError("Received msg_key doesn't match with expected one")

    return message, remote_msg_id, remote_sequence


def calc_key(auth_key, msg_key, client):
    """
    Calculate the key based on Telegram guidelines
    for MtProto 2, specifying whether it's the client or not.
    """
    # https://core.telegram.org/mtproto/description#defining-aes-key-and-initialization-vector
    x = 0 if client else 8

    sha256a = sha256(msg_key + auth_key[x: x + 36]).digest()
    sha256b = sha256(auth_key[x + 40:x + 76] + msg_key).digest()

    aes_key = sha256a[:8] + sha256b[8:24] + sha256a[24:32]
    aes_iv = sha256b[:8] + sha256a[8:24] + sha256b[24:32]

    return aes_key, aes_iv


def generate_key_data_from_nonce(server_nonce, new_nonce):
    """Generates the key data corresponding to the given nonce"""
    server_nonce = server_nonce.to_bytes(16, 'little', signed=True)
    new_nonce = new_nonce.to_bytes(32, 'little', signed=True)
    hash1 = sha1(new_nonce + server_nonce).digest()
    hash2 = sha1(server_nonce + new_nonce).digest()
    hash3 = sha1(new_nonce + new_nonce).digest()

    key = hash1 + hash2[:12]
    iv = hash2[12:20] + hash3 + new_nonce[:4]
    return key, iv


def get_password_hash(pw, current_salt):
    """Gets the password hash for the two-step verification.
       current_salt should be the byte array provided by
       invoking GetPasswordRequest()
    """

    # Passwords are encoded as UTF-8
    # At https://github.com/DrKLO/Telegram/blob/e31388
    # src/main/java/org/telegram/ui/LoginActivity.java#L2003
    data = pw.encode('utf-8')

    pw_hash = current_salt + data + current_salt
    return sha256(pw_hash).digest()

# endregion
Slightly reorganise the project structure 2017-06-09 17:13:39 +03:00			`"""Various helpers not related to the Telegram API itself"""`
Many code-style improvements 2016-11-30 00:29:42 +03:00			`import os`
Implement MtProto 2.0 (closes #484, thanks @delivrance!) Huge shoutout to @delivrance's pyrogram, specially this commit: pyrogram/pyrogram/commit/42f9a2d6994baaf9ecad590d1ff4d175a8c56454 2018-01-06 03:55:11 +03:00			`import struct`
			`from hashlib import sha1, sha256`

			`from telethon.crypto import AES`
Add a few security checks when unpacking messages from server Also delete MtProto 1.0 leftovers. 2018-01-06 04:03:23 +03:00			`from telethon.errors import SecurityError`
Implement MtProto 2.0 (closes #484, thanks @delivrance!) Huge shoutout to @delivrance's pyrogram, specially this commit: pyrogram/pyrogram/commit/42f9a2d6994baaf9ecad590d1ff4d175a8c56454 2018-01-06 03:55:11 +03:00			`from telethon.extensions import BinaryReader`

Reviewed authenticator.py 2016-08-30 18:40:49 +03:00
Completely refactored unit tests, removed unused code 2016-09-08 17:11:37 +03:00			`# region Multiple utilities`
Initial release The initial release contains the most basic implementation of TLSharp core. This is also fully untested, since no test can be done until more work is done. 2016-08-26 13:58:53 +03:00

			`def generate_random_long(signed=True):`
Added and updated documentation 2016-08-28 14:43:00 +03:00			`"""Generates a random long integer (8 bytes), which is optionally signed"""`
Several fixes to authenticator, added more unit tests Some fixes include, in more detail: - Using little over big endianess in some parts - Flagging all the constructor numbers as unsigned - Fixed bugs with factorizer - Implemented TLSharp's RSA 2016-09-03 11:54:58 +03:00			`return int.from_bytes(os.urandom(8), signed=signed, byteorder='little')`
Initial release The initial release contains the most basic implementation of TLSharp core. This is also fully untested, since no test can be done until more work is done. 2016-08-26 13:58:53 +03:00

Gave more power to the TelegramClients and bug fixes Fixed uploads for large files on TcpClient Added more RPCError's for handling invalid phone code Added more media handlers: now you're also able to both send and download documents! The InteractiveTelegramClient now supports working with media aswell 2016-09-12 20:32:16 +03:00			`def ensure_parent_dir_exists(file_path):`
			`"""Ensures that the parent directory exists"""`
			`parent = os.path.dirname(file_path)`
			`if parent:`
			`os.makedirs(parent, exist_ok=True)`

Completely refactored unit tests, removed unused code 2016-09-08 17:11:37 +03:00			`# endregion`

			`# region Cryptographic related utils`
Reviewed authenticator.py 2016-08-30 18:40:49 +03:00

Implement MtProto 2.0 (closes #484, thanks @delivrance!) Huge shoutout to @delivrance's pyrogram, specially this commit: pyrogram/pyrogram/commit/42f9a2d6994baaf9ecad590d1ff4d175a8c56454 2018-01-06 03:55:11 +03:00			`def pack_message(session, message):`
			`"""Packs a message following MtProto 2.0 guidelines"""`
			`# See https://core.telegram.org/mtproto/description`
			`data = struct.pack('<qq', session.salt, session.id) + bytes(message)`
			`padding = os.urandom(-(len(data) + 12) % 16 + 12)`

			`# Being substr(what, offset, length); x = 0 for client`
			`# "msg_key_large = SHA256(substr(auth_key, 88+x, 32) + pt + padding)"`
			`msg_key_large = sha256(`
			`session.auth_key.key[88:88 + 32] + data + padding).digest()`

			`# "msg_key = substr (msg_key_large, 8, 16)"`
			`msg_key = msg_key_large[8:24]`
Add a few security checks when unpacking messages from server Also delete MtProto 1.0 leftovers. 2018-01-06 04:03:23 +03:00			`aes_key, aes_iv = calc_key(session.auth_key.key, msg_key, True)`
Implement MtProto 2.0 (closes #484, thanks @delivrance!) Huge shoutout to @delivrance's pyrogram, specially this commit: pyrogram/pyrogram/commit/42f9a2d6994baaf9ecad590d1ff4d175a8c56454 2018-01-06 03:55:11 +03:00
			`key_id = struct.pack('<Q', session.auth_key.key_id)`
			`return key_id + msg_key + AES.encrypt_ige(data + padding, aes_key, aes_iv)`


			`def unpack_message(session, reader):`
			`"""Unpacks a message following MtProto 2.0 guidelines"""`
			`# See https://core.telegram.org/mtproto/description`
Add a few security checks when unpacking messages from server Also delete MtProto 1.0 leftovers. 2018-01-06 04:03:23 +03:00			`if reader.read_long(signed=False) != session.auth_key.key_id:`
			`raise SecurityError('Server replied with an invalid auth key')`
Implement MtProto 2.0 (closes #484, thanks @delivrance!) Huge shoutout to @delivrance's pyrogram, specially this commit: pyrogram/pyrogram/commit/42f9a2d6994baaf9ecad590d1ff4d175a8c56454 2018-01-06 03:55:11 +03:00
			`msg_key = reader.read(16)`
Add a few security checks when unpacking messages from server Also delete MtProto 1.0 leftovers. 2018-01-06 04:03:23 +03:00			`aes_key, aes_iv = calc_key(session.auth_key.key, msg_key, False)`
Implement MtProto 2.0 (closes #484, thanks @delivrance!) Huge shoutout to @delivrance's pyrogram, specially this commit: pyrogram/pyrogram/commit/42f9a2d6994baaf9ecad590d1ff4d175a8c56454 2018-01-06 03:55:11 +03:00			`data = BinaryReader(AES.decrypt_ige(reader.read(), aes_key, aes_iv))`

			`data.read_long() # remote_salt`
Add a few security checks when unpacking messages from server Also delete MtProto 1.0 leftovers. 2018-01-06 04:03:23 +03:00			`if data.read_long() != session.id:`
			`raise SecurityError('Server replied with a wrong session ID')`

Implement MtProto 2.0 (closes #484, thanks @delivrance!) Huge shoutout to @delivrance's pyrogram, specially this commit: pyrogram/pyrogram/commit/42f9a2d6994baaf9ecad590d1ff4d175a8c56454 2018-01-06 03:55:11 +03:00			`remote_msg_id = data.read_long()`
			`remote_sequence = data.read_int()`
			`msg_len = data.read_int()`
			`message = data.read(msg_len)`

Add a few security checks when unpacking messages from server Also delete MtProto 1.0 leftovers. 2018-01-06 04:03:23 +03:00			`# https://core.telegram.org/mtproto/security_guidelines`
			`# Sections "checking sha256 hash" and "message length"`
			`if msg_key != sha256(`
			`session.auth_key.key[96:96 + 32] + data.get_bytes()).digest()[8:24]:`
			`raise SecurityError("Received msg_key doesn't match with expected one")`
Implement MtProto 2.0 (closes #484, thanks @delivrance!) Huge shoutout to @delivrance's pyrogram, specially this commit: pyrogram/pyrogram/commit/42f9a2d6994baaf9ecad590d1ff4d175a8c56454 2018-01-06 03:55:11 +03:00
Add a few security checks when unpacking messages from server Also delete MtProto 1.0 leftovers. 2018-01-06 04:03:23 +03:00			`return message, remote_msg_id, remote_sequence`
Initial release The initial release contains the most basic implementation of TLSharp core. This is also fully untested, since no test can be done until more work is done. 2016-08-26 13:58:53 +03:00

Add a few security checks when unpacking messages from server Also delete MtProto 1.0 leftovers. 2018-01-06 04:03:23 +03:00			`def calc_key(auth_key, msg_key, client):`
Implement MtProto 2.0 (closes #484, thanks @delivrance!) Huge shoutout to @delivrance's pyrogram, specially this commit: pyrogram/pyrogram/commit/42f9a2d6994baaf9ecad590d1ff4d175a8c56454 2018-01-06 03:55:11 +03:00			`"""`
			`Calculate the key based on Telegram guidelines`
			`for MtProto 2, specifying whether it's the client or not.`
			`"""`
			`# https://core.telegram.org/mtproto/description#defining-aes-key-and-initialization-vector`
			`x = 0 if client else 8`

			`sha256a = sha256(msg_key + auth_key[x: x + 36]).digest()`
			`sha256b = sha256(auth_key[x + 40:x + 76] + msg_key).digest()`

			`aes_key = sha256a[:8] + sha256b[8:24] + sha256a[24:32]`
			`aes_iv = sha256b[:8] + sha256a[8:24] + sha256b[24:32]`

			`return aes_key, aes_iv`


Make lint happier 2017-05-21 14:59:16 +03:00			`def generate_key_data_from_nonce(server_nonce, new_nonce):`
			`"""Generates the key data corresponding to the given nonce"""`
Use autogen code on the authenticator instead hardcoding requests 2017-09-28 12:36:51 +03:00			`server_nonce = server_nonce.to_bytes(16, 'little', signed=True)`
			`new_nonce = new_nonce.to_bytes(32, 'little', signed=True)`
			`hash1 = sha1(new_nonce + server_nonce).digest()`
			`hash2 = sha1(server_nonce + new_nonce).digest()`
			`hash3 = sha1(new_nonce + new_nonce).digest()`
Reviewed authenticator.py 2016-08-30 18:40:49 +03:00
Totally refactored source files location Now it should be easier to turn Telethon into a pip package 2016-09-17 21:42:34 +03:00			`key = hash1 + hash2[:12]`
			`iv = hash2[12:20] + hash3 + new_nonce[:4]`
			`return key, iv`
Reviewed authenticator.py 2016-08-30 18:40:49 +03:00

Added two-step verification (fixes #4) and more info for errors 2016-11-26 14:04:02 +03:00			`def get_password_hash(pw, current_salt):`
			`"""Gets the password hash for the two-step verification.`
Make lint happier 2017-09-04 18:10:04 +03:00			`current_salt should be the byte array provided by`
			`invoking GetPasswordRequest()`
			`"""`
Added two-step verification (fixes #4) and more info for errors 2016-11-26 14:04:02 +03:00
			`# Passwords are encoded as UTF-8`
Make lint happier 2017-05-21 14:59:16 +03:00			`# At https://github.com/DrKLO/Telegram/blob/e31388`
			`# src/main/java/org/telegram/ui/LoginActivity.java#L2003`
Added two-step verification (fixes #4) and more info for errors 2016-11-26 14:04:02 +03:00			`data = pw.encode('utf-8')`

Many code-style improvements 2016-11-30 00:29:42 +03:00			`pw_hash = current_salt + data + current_salt`
Use more straightforward calls of hashlib.sha1/sha256 2017-06-02 17:49:03 +03:00			`return sha256(pw_hash).digest()`
Added two-step verification (fixes #4) and more info for errors 2016-11-26 14:04:02 +03:00
Completely refactored unit tests, removed unused code 2016-09-08 17:11:37 +03:00			`# endregion`