Verify the files downloaded from CDNs and raise on sha256 mismatch

2025-08-08 04:52:30 +00:00 · 2017-08-28 14:17:31 +02:00
parent 00b5b5021b
commit b504ce14bc
6 changed files with 65 additions and 8 deletions
--- a/telethon/crypto/init.py
+++ b/telethon/crypto/init.py
@@ -1,3 +1,4 @@
 from .aes import AES
 from .auth_key import AuthKey
 from .factorization import Factorization
+from .hash_checker import HashChecker
--- a/telethon/crypto/hash_checker.py
+++ b/telethon/crypto/hash_checker.py
@@ -0,0 +1,39 @@
+from hashlib import sha256
+from ..errors import CdnFileTamperedError
+
+
+class HashChecker:
+    def __init__(self, cdn_file_hashes):
+        self.cdn_file_hashes = cdn_file_hashes
+        self.shaes = [sha256() for _ in range(len(cdn_file_hashes))]
+
+    def check(self, offset, data):
+        for cdn_hash, sha in zip(self.cdn_file_hashes, self.shaes):
+            inter = self.intersect(
+                cdn_hash.offset, cdn_hash.offset + cdn_hash.limit,
+                offset, offset + len(data)
+            )
+            if inter:
+                x1, x2 = inter[0] - offset, inter[1] - offset
+                sha.update(data[x1:x2])
+            elif offset > cdn_hash.offset:
+                if cdn_hash.hash == sha.digest():
+                    self.cdn_file_hashes.remove(cdn_hash)
+                    self.shaes.remove(sha)
+                else:
+                    raise CdnFileTamperedError()
+
+    def finish_check(self):
+        for cdn_hash, sha in zip(self.cdn_file_hashes, self.shaes):
+            if cdn_hash.hash != sha.digest():
+                raise CdnFileTamperedError()
+
+        self.cdn_file_hashes.clear()
+        self.shaes.clear()
+
+    @staticmethod
+    def intersect(x1, x2, z1, z2):
+        if x1 > z1:
+            return None if x1 > z2 else (x1, min(x2, z2))
+        else:
+            return (z1, min(x2, z2)) if x2 > z1 else None