|
| 1 | +# Pyrogram - Telegram MTProto API Client Library for Python |
| 2 | +# Copyright (C) 2017-2018 Dan Tès <https://github.com/delivrance> |
| 3 | +# |
| 4 | +# This file is part of Pyrogram. |
| 5 | +# |
| 6 | +# Pyrogram is free software: you can redistribute it and/or modify |
| 7 | +# it under the terms of the GNU Lesser General Public License as published |
| 8 | +# by the Free Software Foundation, either version 3 of the License, or |
| 9 | +# (at your option) any later version. |
| 10 | +# |
| 11 | +# Pyrogram is distributed in the hope that it will be useful, |
| 12 | +# but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 14 | +# GNU Lesser General Public License for more details. |
| 15 | +# |
| 16 | +# You should have received a copy of the GNU Lesser General Public License |
| 17 | +# along with Pyrogram. If not, see <http://www.gnu.org/licenses/>. |
| 18 | + |
| 19 | +import hashlib |
| 20 | +import os |
| 21 | + |
| 22 | +from pyrogram.api import types |
| 23 | + |
| 24 | + |
| 25 | +def btoi(b: bytes) -> int: |
| 26 | + return int.from_bytes(b, "big") |
| 27 | + |
| 28 | + |
| 29 | +def itob(i: int) -> bytes: |
| 30 | + return i.to_bytes(256, "big") |
| 31 | + |
| 32 | + |
| 33 | +def sha256(data: bytes) -> bytes: |
| 34 | + return hashlib.sha256(data).digest() |
| 35 | + |
| 36 | + |
| 37 | +def xor(a: bytes, b: bytes) -> bytes: |
| 38 | + return bytes(i ^ j for i, j in zip(a, b)) |
| 39 | + |
| 40 | + |
| 41 | +def compute_hash(algo: types.PasswordKdfAlgoSHA256SHA256PBKDF2HMACSHA512iter100000SHA256ModPow, password: str) -> bytes: |
| 42 | + hash1 = sha256(algo.salt1 + password.encode() + algo.salt1) |
| 43 | + hash2 = sha256(algo.salt2 + hash1 + algo.salt2) |
| 44 | + hash3 = hashlib.pbkdf2_hmac("sha512", hash2, algo.salt1, 100000) |
| 45 | + |
| 46 | + return sha256(algo.salt2 + hash3 + algo.salt2) |
| 47 | + |
| 48 | + |
| 49 | +def compute_check(r: types.account.Password, password: str) -> types.InputCheckPasswordSRP: |
| 50 | + algo = r.current_algo |
| 51 | + |
| 52 | + p_bytes = algo.p |
| 53 | + p = btoi(algo.p) |
| 54 | + |
| 55 | + g_bytes = itob(algo.g) |
| 56 | + g = algo.g |
| 57 | + |
| 58 | + B_bytes = r.srp_B |
| 59 | + B = btoi(B_bytes) |
| 60 | + |
| 61 | + srp_id = r.srp_id |
| 62 | + |
| 63 | + x_bytes = compute_hash(algo, password) |
| 64 | + x = btoi(x_bytes) |
| 65 | + |
| 66 | + g_x = pow(g, x, p) |
| 67 | + |
| 68 | + k_bytes = sha256(p_bytes + g_bytes) |
| 69 | + k = btoi(k_bytes) |
| 70 | + |
| 71 | + kg_x = (k * g_x) % p |
| 72 | + |
| 73 | + while True: |
| 74 | + a_bytes = os.urandom(256) |
| 75 | + a = btoi(a_bytes) |
| 76 | + |
| 77 | + A = pow(g, a, p) |
| 78 | + A_bytes = itob(A) |
| 79 | + |
| 80 | + u = btoi(sha256(A_bytes + B_bytes)) |
| 81 | + |
| 82 | + if u > 0: |
| 83 | + break |
| 84 | + |
| 85 | + g_b = (B - kg_x) % p |
| 86 | + |
| 87 | + ux = u * x |
| 88 | + a_ux = a + ux |
| 89 | + S = pow(g_b, a_ux, p) |
| 90 | + S_bytes = itob(S) |
| 91 | + |
| 92 | + K_bytes = sha256(S_bytes) |
| 93 | + |
| 94 | + M1_bytes = sha256( |
| 95 | + xor(sha256(p_bytes), sha256(g_bytes)) |
| 96 | + + sha256(algo.salt1) |
| 97 | + + sha256(algo.salt2) |
| 98 | + + A_bytes |
| 99 | + + B_bytes |
| 100 | + + K_bytes |
| 101 | + ) |
| 102 | + |
| 103 | + return types.InputCheckPasswordSRP(srp_id, A_bytes, M1_bytes) |
0 commit comments