mirror of
https://github.com/pyrogram/pyrogram
synced 2025-08-28 12:57:52 +00:00
Re-implement enable_cloud_password using SRP
This commit is contained in:
Dan
parent
89983b75ca
commit
e3459017ef
@ -16,34 +16,18 @@
|
|||||||
# You should have received a copy of the GNU Lesser General Public License
|
# You should have received a copy of the GNU Lesser General Public License
|
||||||
# along with Pyrogram. If not, see <http://www.gnu.org/licenses/>.
|
# along with Pyrogram. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
from hashlib import sha256, pbkdf2_hmac
|
|
||||||
import os
|
import os
|
||||||
|
|
||||||
from pyrogram.api import functions, types
|
from pyrogram.api import functions, types
|
||||||
|
from .utils import compute_hash, btoi, itob
|
||||||
from ...ext import BaseClient
|
from ...ext import BaseClient
|
||||||
|
|
||||||
|
|
||||||
def compute_hash(algo: types.PasswordKdfAlgoSHA256SHA256PBKDF2HMACSHA512iter100000SHA256ModPow, password: str):
|
|
||||||
hash1 = sha256(algo.salt1 + password.encode() + algo.salt1).digest()
|
|
||||||
hash2 = sha256(algo.salt2 + hash1 + algo.salt2).digest()
|
|
||||||
hash3 = pbkdf2_hmac("sha512", hash2, algo.salt1, 100000)
|
|
||||||
|
|
||||||
return sha256(algo.salt2 + hash3 + algo.salt2).digest()
|
|
||||||
|
|
||||||
|
|
||||||
def btoi(b: bytes):
|
|
||||||
return int.from_bytes(b, "big")
|
|
||||||
|
|
||||||
|
|
||||||
def itob(i: int):
|
|
||||||
return i.to_bytes(256, "big")
|
|
||||||
|
|
||||||
|
|
||||||
class EnableCloudPassword(BaseClient):
|
class EnableCloudPassword(BaseClient):
|
||||||
def enable_cloud_password(self, password: str, hint: str = "", email: str = ""):
|
def enable_cloud_password(self, password: str, hint: str = "", email: str = None):
|
||||||
"""Use this method to enable the Two-Step Verification security feature (Cloud Password) on your account.
|
"""Use this method to enable the Two-Step Verification security feature (Cloud Password) on your account.
|
||||||
|
|
||||||
This password will be asked when you log in on a new device in addition to the SMS code.
|
This password will be asked when you log-in on a new device in addition to the SMS code.
|
||||||
|
|
||||||
Args:
|
Args:
|
||||||
password (``str``):
|
password (``str``):
|
||||||
@ -56,92 +40,31 @@ class EnableCloudPassword(BaseClient):
|
|||||||
Recovery e-mail.
|
Recovery e-mail.
|
||||||
|
|
||||||
Returns:
|
Returns:
|
||||||
True on success, False otherwise.
|
True on success.
|
||||||
|
|
||||||
Raises:
|
Raises:
|
||||||
:class:`Error <pyrogram.Error>` in case of a Telegram RPC error.
|
:class:`Error <pyrogram.Error>` in case of a Telegram RPC error.
|
||||||
|
``ValueError`` in case there is already a cloud password enabled.
|
||||||
"""
|
"""
|
||||||
r = self.send(functions.account.GetPassword())
|
r = self.send(functions.account.GetPassword())
|
||||||
print(r)
|
|
||||||
|
|
||||||
algo = r.new_algo
|
if r.has_password:
|
||||||
|
raise ValueError("There is already a cloud password enabled")
|
||||||
|
|
||||||
p_bytes = algo.p
|
r.new_algo.salt1 += os.urandom(32)
|
||||||
p = btoi(algo.p)
|
new_hash = btoi(compute_hash(r.new_algo, password))
|
||||||
|
new_hash = itob(pow(r.new_algo.g, new_hash, btoi(r.new_algo.p)))
|
||||||
|
|
||||||
g_bytes = itob(algo.g)
|
self.send(
|
||||||
g = algo.g
|
functions.account.UpdatePasswordSettings(
|
||||||
|
password=types.InputCheckPasswordEmpty(),
|
||||||
B_bytes = r.srp_B or b""
|
new_settings=types.account.PasswordInputSettings(
|
||||||
B = btoi(B_bytes)
|
new_algo=r.new_algo,
|
||||||
|
new_password_hash=new_hash,
|
||||||
srp_id = r.srp_id or 0
|
hint=hint,
|
||||||
|
email=email
|
||||||
x_bytes = compute_hash(algo, password)
|
)
|
||||||
x = btoi(x_bytes)
|
|
||||||
|
|
||||||
g_x = pow(g, x, p)
|
|
||||||
|
|
||||||
k_bytes = sha256(p_bytes + g_bytes).digest()
|
|
||||||
k = btoi(k_bytes)
|
|
||||||
|
|
||||||
kg_x = (k * g_x) % p
|
|
||||||
|
|
||||||
while True:
|
|
||||||
a_bytes = os.urandom(256)
|
|
||||||
a = btoi(a_bytes)
|
|
||||||
|
|
||||||
A = pow(g, a, p)
|
|
||||||
A_bytes = itob(A)
|
|
||||||
|
|
||||||
u = btoi(sha256(A_bytes + B_bytes).digest())
|
|
||||||
|
|
||||||
if u > 0:
|
|
||||||
break
|
|
||||||
|
|
||||||
g_b = (B - kg_x) % p
|
|
||||||
|
|
||||||
ux = u * x
|
|
||||||
a_ux = a + ux
|
|
||||||
S = pow(g_b, a_ux, p)
|
|
||||||
S_bytes = itob(S)
|
|
||||||
|
|
||||||
K_bytes = sha256(S_bytes).digest()
|
|
||||||
M1_bytes = sha256(
|
|
||||||
b"".join([bytes([int(i) ^ int(j)]) for (i, j) in zip(sha256(p_bytes).digest(), sha256(g_bytes).digest())])
|
|
||||||
+ sha256(algo.salt1).digest()
|
|
||||||
+ sha256(algo.salt2).digest()
|
|
||||||
+ A_bytes
|
|
||||||
+ B_bytes
|
|
||||||
+ K_bytes
|
|
||||||
).digest()
|
|
||||||
|
|
||||||
input_check_password = types.InputCheckPasswordSRP(srp_id, A_bytes, M1_bytes)
|
|
||||||
|
|
||||||
r2 = self.send(functions.account.UpdatePasswordSettings(
|
|
||||||
input_check_password, types.account.PasswordInputSettings(
|
|
||||||
new_algo=algo,
|
|
||||||
new_password_hash=b"",
|
|
||||||
hint=""
|
|
||||||
)
|
)
|
||||||
))
|
)
|
||||||
|
|
||||||
print(r2)
|
return True
|
||||||
|
|
||||||
# if isinstance(r, types.account.NoPassword):
|
|
||||||
# salt = r.new_salt + os.urandom(8)
|
|
||||||
# password_hash = sha256(salt + password.encode() + salt).digest()
|
|
||||||
#
|
|
||||||
# return self.send(
|
|
||||||
# functions.account.UpdatePasswordSettings(
|
|
||||||
# current_password_hash=salt,
|
|
||||||
# new_settings=types.account.PasswordInputSettings(
|
|
||||||
# new_salt=salt,
|
|
||||||
# new_password_hash=password_hash,
|
|
||||||
# hint=hint,
|
|
||||||
# email=email
|
|
||||||
# )
|
|
||||||
# )
|
|
||||||
# )
|
|
||||||
# else:
|
|
||||||
# return False
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user