LonamiWebs/Telethon
1
1
Fork 0
mirror of https://github.com/LonamiWebs/Telethon.git synced 2025-02-16 19:41:07 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update Telegram's RSA keys

Browse Source
This commit is contained in:
Lonami Exo 2019-10-03 20:51:45 +02:00
parent 72dd36bc17
commit 09f27f0dd7
2 changed files with 59 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
telethon/crypto/rsa.py
View File

@ -14,7 +14,7 @@ except ImportError:
from ..tl import TLObject from ..tl import TLObject
# {fingerprint: Crypto.PublicKey.RSA._RSAobj} dictionary # {fingerprint: (Crypto.PublicKey.RSA._RSAobj, old)} dictionary
_server_keys = {} _server_keys = {}
@ -47,26 +47,27 @@ def _compute_fingerprint(key):
return struct.unpack('<q', sha1(n + e).digest()[-8:])[0] return struct.unpack('<q', sha1(n + e).digest()[-8:])[0]
def add_key(pub): def add_key(pub, *, old):
"""Adds a new public key to be used when encrypting new data is needed""" """Adds a new public key to be used when encrypting new data is needed"""
global _server_keys global _server_keys
key = rsa.PublicKey.load_pkcs1(pub) key = rsa.PublicKey.load_pkcs1(pub)
_server_keys[_compute_fingerprint(key)] = key _server_keys[_compute_fingerprint(key)] = (key, old)
def encrypt(fingerprint, data): def encrypt(fingerprint, data, *, use_old=False):
""" """
Encrypts the given data known the fingerprint to be used Encrypts the given data known the fingerprint to be used
in the way Telegram requires us to do so (sha1(data) + data + padding) in the way Telegram requires us to do so (sha1(data) + data + padding)
:param fingerprint: the fingerprint of the RSA key. :param fingerprint: the fingerprint of the RSA key.
:param data: the data to be encrypted. :param data: the data to be encrypted.
:param use_old: whether old keys should be used.
:return: :return:
the cipher text, or None if no key matching this fingerprint is found. the cipher text, or None if no key matching this fingerprint is found.
""" """
global _server_keys global _server_keys
key = _server_keys.get(fingerprint, None) key, old = _server_keys.get(fingerprint, None)
if not key: if (not key) or (old and not use_old):
return None return None
# len(sha1.digest) is always 20, so we're left with 255 - 20 - x padding # len(sha1.digest) is always 20, so we're left with 255 - 20 - x padding
@ -82,6 +83,48 @@ def encrypt(fingerprint, data):
# Add default keys # Add default keys
# https://github.com/DrKLO/Telegram/blob/a724d96e9c008b609fe188d122aa2922e40de5fc/TMessagesProj/jni/tgnet/Handshake.cpp#L356-L436
for pub in (
'''-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAruw2yP/BCcsJliRoW5eBVBVle9dtjJw+OYED160Wybum9SXtBBLX
riwt4rROd9csv0t0OHCaTmRqBcQ0J8fxhN6/cpR1GWgOZRUAiQxoMnlt0R93LCX/
j1dnVa/gVbCjdSxpbrfY2g2L4frzjJvdl84Kd9ORYjDEAyFnEA7dD556OptgLQQ2
e2iVNq8NZLYTzLp5YpOdO1doK+ttrltggTCy5SrKeLoCPPbOgGsdxJxyz5KKcZnS
Lj16yE5HvJQn0CNpRdENvRUXe6tBP78O39oJ8BTHp9oIjd6XWXAsp2CvK45Ol8wF
XGF710w9lwCGNbmNxNYhtIkdqfsEcwR5JwIDAQAB
-----END RSA PUBLIC KEY-----''',
'''-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvfLHfYH2r9R70w8prHblWt/nDkh+XkgpflqQVcnAfSuTtO05lNPs
pQmL8Y2XjVT4t8cT6xAkdgfmmvnvRPOOKPi0OfJXoRVylFzAQG/j83u5K3kRLbae
7fLccVhKZhY46lvsueI1hQdLgNV9n1cQ3TDS2pQOCtovG4eDl9wacrXOJTG2990V
jgnIKNA0UMoP+KF03qzryqIt3oTvZq03DyWdGK+AZjgBLaDKSnC6qD2cFY81UryR
WOab8zKkWAnhw2kFpcqhI0jdV5QaSCExvnsjVaX0Y1N0870931/5Jb9ICe4nweZ9
kSDF/gip3kWLG0o8XQpChDfyvsqB9OLV/wIDAQAB
-----END RSA PUBLIC KEY-----''',
'''-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAs/ditzm+mPND6xkhzwFIz6J/968CtkcSE/7Z2qAJiXbmZ3UDJPGr
zqTDHkO30R8VeRM/Kz2f4nR05GIFiITl4bEjvpy7xqRDspJcCFIOcyXm8abVDhF+
th6knSU0yLtNKuQVP6voMrnt9MV1X92LGZQLgdHZbPQz0Z5qIpaKhdyA8DEvWWvS
Uwwc+yi1/gGaybwlzZwqXYoPOhwMebzKUk0xW14htcJrRrq+PXXQbRzTMynseCoP
Ioke0dtCodbA3qQxQovE16q9zz4Otv2k4j63cz53J+mhkVWAeWxVGI0lltJmWtEY
K6er8VqqWot3nqmWMXogrgRLggv/NbbooQIDAQAB
-----END RSA PUBLIC KEY-----''',
'''-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAvmpxVY7ld/8DAjz6F6q05shjg8/4p6047bn6/m8yPy1RBsvIyvuD
uGnP/RzPEhzXQ9UJ5Ynmh2XJZgHoE9xbnfxL5BXHplJhMtADXKM9bWB11PU1Eioc
3+AXBB8QiNFBn2XI5UkO5hPhbb9mJpjA9Uhw8EdfqJP8QetVsI/xrCEbwEXe0xvi
fRLJbY08/Gp66KpQvy7g8w7VB8wlgePexW3pT13Ap6vuC+mQuJPyiHvSxjEKHgqe
Pji9NP3tJUFQjcECqcm0yV7/2d0t/pbCm+ZH1sadZspQCEPPrtbkQBlvHb4OLiIW
PGHKSMeRFvp3IWcmdJqXahxLCUS1Eh6MAQIDAQAB
-----END RSA PUBLIC KEY-----''',
):
add_key(pub, old=False)
for pub in ( for pub in (
'''-----BEGIN RSA PUBLIC KEY----- '''-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAwVACPi9w23mF3tBkdZz+zwrzKOaaQdr01vAbU4E1pvkfj4sqDsm6 MIIBCgKCAQEAwVACPi9w23mF3tBkdZz+zwrzKOaaQdr01vAbU4E1pvkfj4sqDsm6
@ -117,6 +160,6 @@ qAqBdmI1iBGdQv/OQCBcbXIWCGDY2AsiqLhlGQfPOI7/vvKc188rTriocgUtoTUc
/n/sIUzkgwTqRyvWYynWARWzQg0I9olLBBC2q5RQJJlnYXZwyTL3y9tdb7zOHkks /n/sIUzkgwTqRyvWYynWARWzQg0I9olLBBC2q5RQJJlnYXZwyTL3y9tdb7zOHkks
WV9IMQmZmyZh/N7sMbGWQpt4NMchGpPGeJ2e5gHBjDnlIf2p1yZOYeUYrdbwcS0t WV9IMQmZmyZh/N7sMbGWQpt4NMchGpPGeJ2e5gHBjDnlIf2p1yZOYeUYrdbwcS0t
UiggS4UeE8TzIuXFQxw7fzEIlmhIaq3FnwIDAQAB UiggS4UeE8TzIuXFQxw7fzEIlmhIaq3FnwIDAQAB
-----END RSA PUBLIC KEY-----''' -----END RSA PUBLIC KEY-----''',
): ):
add_key(pub) add_key(pub, old=True)

8
telethon/network/authenticator.py
View File

@ -56,6 +56,14 @@ async def do_authentication(sender):
target_fingerprint = fingerprint target_fingerprint = fingerprint
break break
if cipher_text is None:
# Second attempt, but now we're allowed to use old keys
for fingerprint in res_pq.server_public_key_fingerprints:
cipher_text = rsa.encrypt(fingerprint, pq_inner_data, use_old=True)
if cipher_text is not None:
target_fingerprint = fingerprint
break
if cipher_text is None: if cipher_text is None:
raise SecurityError( raise SecurityError(
'Step 2 could not find a valid key for fingerprints: {}' 'Step 2 could not find a valid key for fingerprints: {}'