Telethon/telethon/_crypto/cdndecrypter.py

"""
This module holds the CdnDecrypter utility class.
"""
from hashlib import sha256

from .. import _tl
from .._crypto import AESModeCTR
from ..errors import CdnFileTamperedError


class CdnDecrypter:
    """
    Used when downloading a file results in a 'FileCdnRedirect' to
    both prepare the redirect, decrypt the file as it downloads, and
    ensure the file hasn't been tampered. https://core.telegram.org/cdn
    """
    def __init__(self, cdn_client, file_token, cdn_aes, cdn_file_hashes):
        """
        Initializes the CDN decrypter.

        :param cdn_client: a client connected to a CDN.
        :param file_token: the token of the file to be used.
        :param cdn_aes: the AES CTR used to decrypt the file.
        :param cdn_file_hashes: the hashes the decrypted file must match.
        """
        self.client = cdn_client
        self.file_token = file_token
        self.cdn_aes = cdn_aes
        self.cdn_file_hashes = cdn_file_hashes

    @staticmethod
    async def prepare_decrypter(client, cdn_client, cdn_redirect):
        """
        Prepares a new CDN decrypter.

        :param client: a TelegramClient connected to the main servers.
        :param cdn_client: a new client connected to the CDN.
        :param cdn_redirect: the redirect file object that caused this call.
        :return: (CdnDecrypter, first chunk file data)
        """
        cdn_aes = AESModeCTR(
            key=cdn_redirect.encryption_key,
            # 12 first bytes of the IV..4 bytes of the offset (0, big endian)
            iv=cdn_redirect.encryption_iv[:12] + bytes(4)
        )

        # We assume that cdn_redirect.cdn_file_hashes are ordered by offset,
        # and that there will be enough of these to retrieve the whole file.
        decrypter = CdnDecrypter(
            cdn_client, cdn_redirect.file_token,
            cdn_aes, cdn_redirect.cdn_file_hashes
        )

        cdn_file = await cdn_client(_tl.fn.upload.GetCdnFile(
            file_token=cdn_redirect.file_token,
            offset=cdn_redirect.cdn_file_hashes[0].offset,
            limit=cdn_redirect.cdn_file_hashes[0].limit
        ))
        if isinstance(cdn_file, _tl.upload.CdnFileReuploadNeeded):
            # We need to use the original client here
            await client(_tl.fn.upload.ReuploadCdnFile(
                file_token=cdn_redirect.file_token,
                request_token=cdn_file.request_token
            ))

            # We want to always return a valid upload.CdnFile
            cdn_file = decrypter.get_file()
        else:
            cdn_file.bytes = decrypter.cdn_aes.encrypt(cdn_file.bytes)
            cdn_hash = decrypter.cdn_file_hashes.pop(0)
            decrypter.check(cdn_file.bytes, cdn_hash)

        return decrypter, cdn_file

    def get_file(self):
        """
        Calls GetCdnFile and decrypts its bytes.
        Also ensures that the file hasn't been tampered.

        :return: the CdnFile result.
        """
        if self.cdn_file_hashes:
            cdn_hash = self.cdn_file_hashes.pop(0)
            cdn_file = self.client(_tl.fn.upload.GetCdnFile(
                self.file_token, cdn_hash.offset, cdn_hash.limit
            ))
            cdn_file.bytes = self.cdn_aes.encrypt(cdn_file.bytes)
            self.check(cdn_file.bytes, cdn_hash)
        else:
            cdn_file = _tl.upload.CdnFile(bytes(0))

        return cdn_file

    @staticmethod
    def check(data, cdn_hash):
        """
        Checks the integrity of the given data.
        Raises CdnFileTamperedError if the integrity check fails.

        :param data: the data to be hashed.
        :param cdn_hash: the expected hash.
        """
        if sha256(data).digest() != cdn_hash.hash:
            raise CdnFileTamperedError()
Document the crypto/ module 2017-11-26 18:57:40 +03:00			`"""`
			`This module holds the CdnDecrypter utility class.`
			`"""`
Turn HashChecker into CdnDecrypter to abstract CDN-specific aspects 2017-08-28 17:25:10 +03:00			`from hashlib import sha256`

Replace most raw API usage with new location 2021-09-12 13:16:02 +03:00			`from .. import _tl`
Fix imports 2021-09-12 14:27:13 +03:00			`from .._crypto import AESModeCTR`
Turn HashChecker into CdnDecrypter to abstract CDN-specific aspects 2017-08-28 17:25:10 +03:00			`from ..errors import CdnFileTamperedError`


			`class CdnDecrypter:`
Document the crypto/ module 2017-11-26 18:57:40 +03:00			`"""`
			`Used when downloading a file results in a 'FileCdnRedirect' to`
			`both prepare the redirect, decrypt the file as it downloads, and`
			`ensure the file hasn't been tampered. https://core.telegram.org/cdn`
Turn HashChecker into CdnDecrypter to abstract CDN-specific aspects 2017-08-28 17:25:10 +03:00			`"""`
			`def __init__(self, cdn_client, file_token, cdn_aes, cdn_file_hashes):`
Document the crypto/ module 2017-11-26 18:57:40 +03:00			`"""`
			`Initializes the CDN decrypter.`

			`:param cdn_client: a client connected to a CDN.`
			`:param file_token: the token of the file to be used.`
			`:param cdn_aes: the AES CTR used to decrypt the file.`
			`:param cdn_file_hashes: the hashes the decrypted file must match.`
			`"""`
Turn HashChecker into CdnDecrypter to abstract CDN-specific aspects 2017-08-28 17:25:10 +03:00			`self.client = cdn_client`
			`self.file_token = file_token`
			`self.cdn_aes = cdn_aes`
			`self.cdn_file_hashes = cdn_file_hashes`

			`@staticmethod`
Separate download requests from the TelegramClient 2018-06-10 13:04:23 +03:00			`async def prepare_decrypter(client, cdn_client, cdn_redirect):`
Document the crypto/ module 2017-11-26 18:57:40 +03:00			`"""`
			`Prepares a new CDN decrypter.`

			`:param client: a TelegramClient connected to the main servers.`
			`:param cdn_client: a new client connected to the CDN.`
			`:param cdn_redirect: the redirect file object that caused this call.`
			`:return: (CdnDecrypter, first chunk file data)`
Turn HashChecker into CdnDecrypter to abstract CDN-specific aspects 2017-08-28 17:25:10 +03:00			`"""`
Reuse the AESModeCTR class on CdnDecrypter 2017-08-28 21:30:33 +03:00			`cdn_aes = AESModeCTR(`
			`key=cdn_redirect.encryption_key,`
Stick to the offset and limit CdnFileHashes dictates (#222) The old intersection method and allowing an arbitrary part size wasn't working properly. Assuming that Telegram will send a sha sum for the whole file, in the correct order, we can simply use their offsets to download the file. 2017-09-05 17:43:53 +03:00			`# 12 first bytes of the IV..4 bytes of the offset (0, big endian)`
			`iv=cdn_redirect.encryption_iv[:12] + bytes(4)`
Turn HashChecker into CdnDecrypter to abstract CDN-specific aspects 2017-08-28 17:25:10 +03:00			`)`

Stick to the offset and limit CdnFileHashes dictates (#222) The old intersection method and allowing an arbitrary part size wasn't working properly. Assuming that Telegram will send a sha sum for the whole file, in the correct order, we can simply use their offsets to download the file. 2017-09-05 17:43:53 +03:00			`# We assume that cdn_redirect.cdn_file_hashes are ordered by offset,`
			`# and that there will be enough of these to retrieve the whole file.`
Turn HashChecker into CdnDecrypter to abstract CDN-specific aspects 2017-08-28 17:25:10 +03:00			`decrypter = CdnDecrypter(`
			`cdn_client, cdn_redirect.file_token,`
			`cdn_aes, cdn_redirect.cdn_file_hashes`
			`)`

Replace most raw API usage with new location 2021-09-12 13:16:02 +03:00			`cdn_file = await cdn_client(_tl.fn.upload.GetCdnFile(`
Get rid of the initial_query= parameter on .connect() 2017-09-17 17:06:43 +03:00			`file_token=cdn_redirect.file_token,`
			`offset=cdn_redirect.cdn_file_hashes[0].offset,`
			`limit=cdn_redirect.cdn_file_hashes[0].limit`
			`))`
Replace most raw API usage with new location 2021-09-12 13:16:02 +03:00			`if isinstance(cdn_file, _tl.upload.CdnFileReuploadNeeded):`
Turn HashChecker into CdnDecrypter to abstract CDN-specific aspects 2017-08-28 17:25:10 +03:00			`# We need to use the original client here`
Replace most raw API usage with new location 2021-09-12 13:16:02 +03:00			`await client(_tl.fn.upload.ReuploadCdnFile(`
Turn HashChecker into CdnDecrypter to abstract CDN-specific aspects 2017-08-28 17:25:10 +03:00			`file_token=cdn_redirect.file_token,`
			`request_token=cdn_file.request_token`
			`))`

			`# We want to always return a valid upload.CdnFile`
Stick to the offset and limit CdnFileHashes dictates (#222) The old intersection method and allowing an arbitrary part size wasn't working properly. Assuming that Telegram will send a sha sum for the whole file, in the correct order, we can simply use their offsets to download the file. 2017-09-05 17:43:53 +03:00			`cdn_file = decrypter.get_file()`
Turn HashChecker into CdnDecrypter to abstract CDN-specific aspects 2017-08-28 17:25:10 +03:00			`else:`
			`cdn_file.bytes = decrypter.cdn_aes.encrypt(cdn_file.bytes)`
Stick to the offset and limit CdnFileHashes dictates (#222) The old intersection method and allowing an arbitrary part size wasn't working properly. Assuming that Telegram will send a sha sum for the whole file, in the correct order, we can simply use their offsets to download the file. 2017-09-05 17:43:53 +03:00			`cdn_hash = decrypter.cdn_file_hashes.pop(0)`
			`decrypter.check(cdn_file.bytes, cdn_hash)`
Turn HashChecker into CdnDecrypter to abstract CDN-specific aspects 2017-08-28 17:25:10 +03:00
			`return decrypter, cdn_file`

Stick to the offset and limit CdnFileHashes dictates (#222) The old intersection method and allowing an arbitrary part size wasn't working properly. Assuming that Telegram will send a sha sum for the whole file, in the correct order, we can simply use their offsets to download the file. 2017-09-05 17:43:53 +03:00			`def get_file(self):`
Document the crypto/ module 2017-11-26 18:57:40 +03:00			`"""`
Address remaining uses of the Request suffix with raw API 2021-09-13 22:00:31 +03:00			`Calls GetCdnFile and decrypts its bytes.`
Document the crypto/ module 2017-11-26 18:57:40 +03:00			`Also ensures that the file hasn't been tampered.`

			`:return: the CdnFile result.`
Turn HashChecker into CdnDecrypter to abstract CDN-specific aspects 2017-08-28 17:25:10 +03:00			`"""`
Stick to the offset and limit CdnFileHashes dictates (#222) The old intersection method and allowing an arbitrary part size wasn't working properly. Assuming that Telegram will send a sha sum for the whole file, in the correct order, we can simply use their offsets to download the file. 2017-09-05 17:43:53 +03:00			`if self.cdn_file_hashes:`
			`cdn_hash = self.cdn_file_hashes.pop(0)`
Replace most raw API usage with new location 2021-09-12 13:16:02 +03:00			`cdn_file = self.client(_tl.fn.upload.GetCdnFile(`
Stick to the offset and limit CdnFileHashes dictates (#222) The old intersection method and allowing an arbitrary part size wasn't working properly. Assuming that Telegram will send a sha sum for the whole file, in the correct order, we can simply use their offsets to download the file. 2017-09-05 17:43:53 +03:00			`self.file_token, cdn_hash.offset, cdn_hash.limit`
			`))`
			`cdn_file.bytes = self.cdn_aes.encrypt(cdn_file.bytes)`
			`self.check(cdn_file.bytes, cdn_hash)`
			`else:`
Replace most raw API usage with new location 2021-09-12 13:16:02 +03:00			`cdn_file = _tl.upload.CdnFile(bytes(0))`
Turn HashChecker into CdnDecrypter to abstract CDN-specific aspects 2017-08-28 17:25:10 +03:00
Stick to the offset and limit CdnFileHashes dictates (#222) The old intersection method and allowing an arbitrary part size wasn't working properly. Assuming that Telegram will send a sha sum for the whole file, in the correct order, we can simply use their offsets to download the file. 2017-09-05 17:43:53 +03:00			`return cdn_file`
Turn HashChecker into CdnDecrypter to abstract CDN-specific aspects 2017-08-28 17:25:10 +03:00
			`@staticmethod`
Stick to the offset and limit CdnFileHashes dictates (#222) The old intersection method and allowing an arbitrary part size wasn't working properly. Assuming that Telegram will send a sha sum for the whole file, in the correct order, we can simply use their offsets to download the file. 2017-09-05 17:43:53 +03:00			`def check(data, cdn_hash):`
Document the crypto/ module 2017-11-26 18:57:40 +03:00			`"""`
			`Checks the integrity of the given data.`
			`Raises CdnFileTamperedError if the integrity check fails.`

			`:param data: the data to be hashed.`
			`:param cdn_hash: the expected hash.`
			`"""`
Stick to the offset and limit CdnFileHashes dictates (#222) The old intersection method and allowing an arbitrary part size wasn't working properly. Assuming that Telegram will send a sha sum for the whole file, in the correct order, we can simply use their offsets to download the file. 2017-09-05 17:43:53 +03:00			`if sha256(data).digest() != cdn_hash.hash:`
			`raise CdnFileTamperedError()`