tplinkrouterc6u 5.10.3__py3-none-any.whl → 5.12.0__py3-none-any.whl

tplinkrouterc6u/client/mr200.py

@@ -1,14 +1,26 @@
 import base64
-from tplinkrouterc6u.common.exception import ClientException, AuthorizeError
 from tplinkrouterc6u.client.mr import TPLinkMRClient
 from Crypto.PublicKey import RSA
-from re import search
 from binascii import hexlify
 from Crypto.Cipher import PKCS1_v1_5
+from re import search
+from tplinkrouterc6u.common.package_enum import VPN
+from tplinkrouterc6u.common.dataclass import (
+    LTEStatus,
+    VPNStatus,
+)
+from tplinkrouterc6u.common.exception import ClientException, ClientError, AuthorizeError
 
 
 class TPLinkMR200Client(TPLinkMRClient):
 
+    def supports(self) -> bool:
+        try:
+            self.__get_params()
+            return True
+        except ClientException:
+            return False
+
     def authorize(self) -> None:
         params = self.__get_params()
 
@@ -36,11 +48,76 @@ class TPLinkMR200Client(TPLinkMRClient):
         # Try to extract token
         r = self.req.get(self.host)
         try:
-            self._token = search(r'var token="(.*)";', r.text).group(1)
+            self.req.headers["TokenID"] = search(r'var token="(.*)";', r.text).group(1)
         except AttributeError:
             raise AuthorizeError()
 
+    def get_vpn_status(self) -> VPNStatus:
+        status = VPNStatus()
+        acts = [
+            self.ActItem(self.ActItem.GL, 'IPSEC_CFG'),
+        ]
+        _, values = self.req_act(acts)
+
+        status.ipsecvpn_enable = values.get('enable') == '1'
+
+        return status
+
+    def set_vpn(self, vpn: VPN, enable: bool) -> None:
+        acts = [
+            self.ActItem(
+                self.ActItem.SET,
+                'IPSEC_CFG',
+                '1,0,0,0,0,0',
+                attrs=['enable={}'.format(int(enable))]
+            )
+        ]
+
+        self.req_act(acts)
+
+    def logout(self) -> None:
+        acts = [
+            self.ActItem(self.ActItem.CGI, '/cgi/logout')
+        ]
+
+        response, _ = self.req_act(acts)
+        ret_code = self._parse_ret_val(response)
+
+        if ret_code == self.HTTP_RET_OK:
+            del self.req.headers["TokenID"]
+
+    def get_lte_status(self) -> LTEStatus:
+        status = LTEStatus()
+        acts = [
+            self.ActItem(self.ActItem.GET, 'WAN_LTE_LINK_CFG', '2,1,0,0,0,0',
+                         attrs=['enable', 'connectStatus', 'networkType', 'roamingStatus', 'simStatus']),
+            self.ActItem(self.ActItem.GET, 'WAN_LTE_INTF_CFG', '2,0,0,0,0,0',
+                         attrs=['dataLimit', 'enablePaymentDay', 'curStatistics', 'totalStatistics', 'enableDataLimit',
+                                'limitation',
+                                'curRxSpeed', 'curTxSpeed']),
+            self.ActItem(self.ActItem.GET, 'LTE_WAN_CFG', '2,1,0,0,0,0'),
+        ]
+        _, values = self.req_act(acts)
+
+        status.enable = values['0'].get('enable', 0)
+        status.connect_status = values['0'].get('connectStatus', 0)
+        status.network_type = values['0'].get('networkType', 0)
+        status.sim_status = values['0'].get('simStatus', 0)
+        status.sig_level = values['0'].get('signalStrength', 0)
+
+        status.total_statistics = values['1'].get('totalStatistics', 0)
+        status.cur_rx_speed = values['1'].get('curRxSpeed', 0)
+        status.cur_tx_speed = values['1'].get('curTxSpeed', 0)
+
+        status.isp_name = values['2'].get('profileName', '')
+
+        sms_list = self.get_sms()
+        status.sms_unread_count = sum(1 for m in sms_list if getattr(m, 'unread', False))
+
+        return status
+
     def __get_params(self, retry=False):
+        self.req.headers = {'referer': f'{self.host}/', 'origin': self.host}
         try:
             r = self.req.get(f"{self.host}/cgi/getParm", timeout=5)
             result = {}
@@ -53,5 +130,36 @@ class TPLinkMR200Client(TPLinkMRClient):
                 return self.__get_params(True)
             raise ClientException()
 
-    def _request(self, url, method='POST', data_str=None, encrypt=False, is_login=False):
-        return super()._request(url, method, data_str, False, is_login)
+    def req_act(self, acts: list):
+        '''
+        Requests ACTs via the cgi_gdpr proxy
+        '''
+        act_types = []
+        act_data = []
+
+        for act in acts:
+            act_types.append(str(act.type))
+            act_data.append('[{}#{}#{}]{},{}\r\n{}\r\n'.format(
+                act.oid,
+                act.stack,
+                act.pstack,
+                len(act_types) - 1,  # index, starts at 0
+                len(act.attrs),
+                '\r\n'.join(act.attrs)
+            ))
+
+        data = ''.join(act_data)
+        url = f"{self.host}/cgi?" + '&'.join(act_types)
+        response = self.req.post(url, data=data)
+        code = response.status_code
+
+        if code != 200:
+            error = 'TplinkRouter - MR200 -  Response with error; Request {} - Response {}'.format(data, response.text)
+            if self._logger:
+                self._logger.debug(error)
+            raise ClientError(error)
+
+        # Convert Response to string for _merge_response
+        result = self._merge_response(response.text)
+
+        return response, result.get('0') if len(result) == 1 and result.get('0') else result

tplinkrouterc6u/client/re330.py

@@ -0,0 +1,393 @@
+from dataclasses import dataclass
+from logging import Logger
+from urllib import parse
+from collections import defaultdict
+from ipaddress import IPv4Address
+import re
+from macaddress import EUI48
+import requests
+from requests import Session
+from tplinkrouterc6u.common.package_enum import Connection
+from tplinkrouterc6u.common.exception import ClientException
+from tplinkrouterc6u.common.encryption import EncryptionWrapper
+from tplinkrouterc6u.common.dataclass import Firmware, Status, IPv4Status, IPv4Reservation
+from tplinkrouterc6u.common.dataclass import IPv4DHCPLease, Device
+from tplinkrouterc6u.client_abstract import AbstractRouter
+
+
+class RouterConstants:
+    AUTH_TOKEN_INDEX1 = 3
+    AUTH_TOKEN_INDEX2 = 4
+
+    HOST_WIFI_2G_REQUEST = '33|1,1,0'
+    HOST_WIFI_5G_REQUEST = '33|2,1,0'
+
+    CONNECTION_REQUESTS_MAP = {
+        Connection.HOST_2G: HOST_WIFI_2G_REQUEST,
+        Connection.HOST_5G: HOST_WIFI_5G_REQUEST,
+    }
+
+    CONNECTION_TYPE_MAP = {
+        '0': 'Dynamic IP',
+        '1': 'Static IP',
+        '2': 'PPPoE',
+        '3': 'L2TP',
+        '4': 'PPTP'
+    }
+
+
+class RouterConfig:
+    """Configuration parameters for the router."""
+    ENCODING: str = ("yLwVl0zKqws7LgKPRQ84Mdt708T1qQ3Ha7xv3H7NyU84p21BriUWBU43odz3iP4rBL3cD02KZciXTysVXiV8"
+                     "ngg6vL48rPJyAUw0HurW20xqxv9aYb4M9wK1Ae0wlro510qXeU07kV57fQMc8L6aLgMLwygtc0F10a0Dg70T"
+                     "OoouyFhdysuRMO51yY5ZlOZZLEal1h0t9YQW0Ko7oBwmCAHoic4HYbUyVeU3sfQ1xtXcPcf1aT303wAQhv66qzW")
+    KEY: str = "RDpbLfCPsJZ7fiv"
+    PAD_CHAR: str = chr(187)
+
+
+@dataclass
+class EncryptionState:
+    """Holds encryption-related state."""
+
+    def __init__(self):
+        self.nn_rsa = ''
+        self.ee_rsa = ''
+        self.seq = ''
+        self.aes = EncryptionWrapper()
+        self.token = ''
+
+
+# Note: This router doesn't support VPN and up/down speeds per device
+class TplinkRE330Router(AbstractRouter):
+    DATA_REGEX = re.compile(r'id (\d+\|\d,\d,\d)\r\n(.*?)(?=\r\nid \d+\||$)', re.DOTALL)
+
+    def __init__(self, host: str, password: str, username: str = 'admin', logger: Logger = None,
+                 verify_ssl: bool = True, timeout: int = 30) -> None:
+        super().__init__(host, password, username, logger, verify_ssl, timeout)
+        self._session = Session()
+        if self._verify_ssl is False:
+            self._session.verify = False
+        self._encryption = EncryptionState()
+        self.host = self.host.rstrip('/')
+        # Mandatory Referer header
+        self._headers = {
+            'Referer': self.host + '/'
+        }
+
+    def _init_session(self) -> None:
+        self._session.get(self.host + "/", headers=self._headers)
+
+    def supports(self) -> bool:
+        try:
+            response = self.request(2, 0, data='50|1,0,0')
+            return response.status_code == 200 and response.text.startswith('00000')
+        except Exception:
+            return False
+
+    def authorize(self) -> None:
+        # Init session and connexion
+        self._init_session()
+        encoded_password = TplinkRE330Router._encrypt_password(self.password)
+
+        # Get token encryption strings and encrypt the password
+        response = self.request(7, 1)
+        self._encryption.token = TplinkRE330Router._encode_token(encoded_password, response)
+
+        # Get RSA exponent, modulus and sequence number
+        response = self.request(16, 0, data='get')
+
+        responseText = response.text.splitlines()
+        if len(responseText) < 4:
+            raise ClientException("Invalid response for RSA keys from router")
+        self._encryption.ee_rsa = responseText[1]
+        self._encryption.nn_rsa = responseText[2]
+        self._encryption.seq = responseText[3]
+
+        # Encrypt AES string
+        aes_string_encrypted = EncryptionWrapper.rsa_encrypt(self._encryption.aes._get_aes_string(),
+                                                             self._encryption.nn_rsa,
+                                                             self._encryption.ee_rsa)
+        # Mandatory intermediate request
+        response = self.request(7, 0, True)
+        # Register AES string for decryption on server side
+        self.request(16, 0, True, data=f'set {aes_string_encrypted}')
+
+    def logout(self) -> None:
+        self.request(11, 0, True)
+
+    def get_firmware(self) -> Firmware:
+        text = '0|1,0,0'
+
+        body = self._encrypt_body(text)
+        response = self.request(2, 1, True, data=body)
+        response_text = self._decrypt_data(response.text)
+        device_datamap = dict(line.split(" ", 1) for line in response_text.split("\r\n")[1:-1])
+
+        return Firmware(parse.unquote(device_datamap['hardVer']), parse.unquote(device_datamap['modelName']),
+                        parse.unquote(device_datamap['softVer']))
+
+    def get_status(self) -> Status:
+        mac_info_request = "1|1,0,0"
+        lan_ip_request = "4|1,0,0"
+        wan_ip_request = "23|1,0,0"
+        device_data_request = '13|1,0,0'
+        all_requests = [
+            mac_info_request, lan_ip_request, wan_ip_request, device_data_request,
+            RouterConstants.HOST_WIFI_2G_REQUEST, RouterConstants.HOST_WIFI_5G_REQUEST
+        ]
+        request_text = '#'.join(all_requests)
+        body = self._encrypt_body(request_text)
+
+        response = self.request(2, 1, True, data=body)
+        response_text = self._decrypt_data(response.text)
+
+        matches = TplinkRE330Router.DATA_REGEX.findall(response_text)
+
+        data_blocks = {match[0]: match[1].strip().split("\r\n") for match in matches}
+
+        def extract_value(response_list, prefix):
+            return next((s.split(prefix, 1)[1] for s in response_list if s.startswith(prefix)), None)
+
+        network_info = {
+            'lan_mac': extract_value(data_blocks[mac_info_request], "mac 0 "),
+            'wan_mac': extract_value(data_blocks[mac_info_request], "mac 1 "),
+            'lan_ip': extract_value(data_blocks[lan_ip_request], "ip "),
+            'wan_ip': extract_value(data_blocks[wan_ip_request], "ip "),
+            'gateway_ip': extract_value(data_blocks[wan_ip_request], "gateway "),
+            'uptime': extract_value(data_blocks[wan_ip_request], "upTime ")
+        }
+
+        wifi_status = {}
+        for key, request in RouterConstants.CONNECTION_REQUESTS_MAP.items():
+            value = data_blocks.get(request)
+            wifi_status[key] = extract_value(data_blocks.get(request), "bEnable ") == '1' if value else None
+
+        device_data_response = data_blocks[device_data_request]
+
+        mapped_devices = self._parse_devices(device_data_response)
+
+        status = Status()
+        status._wan_macaddr = EUI48(network_info['wan_mac'])
+        status._lan_macaddr = EUI48(network_info['lan_mac'])
+        status._lan_ipv4_addr = IPv4Address(network_info['lan_ip'])
+        status._wan_ipv4_addr = IPv4Address(network_info['wan_ip'])
+        status._wan_ipv4_gateway = IPv4Address(network_info['gateway_ip'])
+        status.wan_ipv4_uptime = int(network_info['uptime']) // 100
+
+        status.wifi_2g_enable = wifi_status[Connection.HOST_2G]
+        status.wifi_5g_enable = wifi_status[Connection.HOST_5G]
+
+        status.wired_total = sum(1 for device in mapped_devices if device.type == Connection.WIRED)
+        status.wifi_clients_total = sum(1 for device in mapped_devices
+                                        if device.type in (Connection.HOST_2G, Connection.HOST_5G))
+        status.guest_clients_total = sum(1 for device in mapped_devices
+                                         if device.type in (Connection.GUEST_2G, Connection.GUEST_5G))
+        status.iot_clients_total = sum(1 for device in mapped_devices
+                                       if device.type in (Connection.IOT_2G, Connection.IOT_5G))
+        status.clients_total = (status.wired_total + status.wifi_clients_total +
+                                status.guest_clients_total + status.iot_clients_total)
+
+        status.devices = mapped_devices
+        return status
+
+    def set_led_status(self, status: bool) -> None:
+        text = f'id 112|1,0,0\r\nenable {1 if status else 0}\r\n'
+        body = self._encrypt_body(text)
+        self.request(1, 0, True, data=body)
+
+    def get_led_status(self) -> bool:
+        text = '112|1,0,0'
+        body = self._encrypt_body(text)
+        response = self.request(2, 0, True, data=body)
+
+        response_text = self._decrypt_data(response.text)
+        response_text = response_text.splitlines()
+        if len(response_text) < 3:
+            raise ClientException("Invalid response for LED status from router")
+
+        return response_text[2][-1:] == '1'
+
+    def reboot(self) -> None:
+        self.request(6, 1, True)
+
+    def set_wifi(self, wifi: Connection, enable: bool) -> None:
+        enable_string = f'bEnable {int(enable)}'
+        text = f'id {RouterConstants.CONNECTION_REQUESTS_MAP[wifi]}\r\n{enable_string}'
+        body = self._encrypt_body(text)
+        self.request(1, 0, True, data=body)
+
+    def get_ipv4_status(self) -> IPv4Status:
+        mac_info_request = "1|1,0,0"
+        lan_ip_request = "4|1,0,0"
+        dhcp_request = "8|1,0,0"
+        link_type_request = "22|1,0,0"
+        wan_ip_request = "23|1,0,0"
+        static_ip_request = "24|1,0,0"
+        all_requests = [
+            mac_info_request, lan_ip_request, dhcp_request, link_type_request, wan_ip_request, static_ip_request]
+        request_text = '#'.join(all_requests)
+        body = self._encrypt_body(request_text)
+
+        response = self.request(2, 1, True, data=body)
+        response_text = self._decrypt_data(response.text)
+
+        matches = TplinkRE330Router.DATA_REGEX.findall(response_text)
+
+        data_blocks = {match[0]: match[1].strip().split("\r\n") for match in matches}
+
+        network_info = {
+            'lan_mac': self._extract_value(data_blocks[mac_info_request], "mac 0 "),
+            'wan_mac': self._extract_value(data_blocks[mac_info_request], "mac 1 "),
+            'lan_ip': self._extract_value(data_blocks[lan_ip_request], "ip "),
+            'wan_ip': self._extract_value(data_blocks[wan_ip_request], "ip "),
+            'gateway_ip': self._extract_value(data_blocks[wan_ip_request], "gateway "),
+            'uptime': self._extract_value(data_blocks[wan_ip_request], "upTime "),
+            'wan_mask': self._extract_value(data_blocks[wan_ip_request], "mask "),
+            'lan_mask': self._extract_value(data_blocks[lan_ip_request], "mask "),
+            'dns_1': self._extract_value(data_blocks[wan_ip_request], "dns 0 "),
+            'dns_2': self._extract_value(data_blocks[wan_ip_request], "dns 1 "),
+            'dhcp_enabled': self._extract_value(data_blocks[dhcp_request], "enable "),
+            'link_type': self._extract_value(data_blocks[link_type_request], "linkType "),
+        }
+
+        ipv4status = IPv4Status()
+        ipv4status._wan_macaddr = EUI48(network_info['wan_mac'])
+        ipv4status._wan_ipv4_ipaddr = IPv4Address(network_info['wan_ip'])
+        ipv4status._wan_ipv4_gateway = IPv4Address(network_info['gateway_ip'])
+        ipv4status._wan_ipv4_conntype = RouterConstants.CONNECTION_TYPE_MAP[network_info['link_type']]
+        ipv4status._wan_ipv4_netmask = IPv4Address(network_info['wan_mask'])
+        ipv4status._wan_ipv4_pridns = IPv4Address(network_info['dns_1'])
+        ipv4status._wan_ipv4_snddns = IPv4Address(network_info['dns_2'])
+        ipv4status._lan_macaddr = EUI48(network_info['lan_mac'])
+        ipv4status._lan_ipv4_ipaddr = IPv4Address(network_info['lan_ip'])
+        ipv4status.lan_ipv4_dhcp_enable = network_info['dhcp_enabled'] == '1'
+        ipv4status._lan_ipv4_netmask = IPv4Address(network_info['lan_mask'])
+        return ipv4status
+
+    def get_ipv4_reservations(self) -> list[IPv4Reservation]:
+        body = self._encrypt_body('12|1,0,0')
+
+        response = self.request(2, 1, True, data=body)
+        response_text = self._decrypt_data(response.text)
+        matches = TplinkRE330Router.DATA_REGEX.findall(response_text)
+
+        data_blocks = {match[0]: match[1].strip().split("\r\n") for match in matches}
+        filtered_reservations = self._parse_response_to_dict(data_blocks['12|1,0,0'])
+
+        mapped_reservations: list[IPv4Reservation] = []
+        for reservation in filtered_reservations:
+            reservation_to_add = IPv4Reservation(EUI48(reservation['mac']), IPv4Address(reservation['ip']),
+                                                 reservation['name'], reservation['dhcpsEnable'] == '1')
+            mapped_reservations.append(reservation_to_add)
+        return mapped_reservations
+
+    def get_dhcp_leases(self) -> list[IPv4DHCPLease]:
+        body = self._encrypt_body('9|1,0,0')
+
+        response = self.request(2, 1, True, data=body)
+        response_text = self._decrypt_data(response.text)
+        matches = TplinkRE330Router.DATA_REGEX.findall(response_text)
+
+        data_blocks = {match[0]: match[1].strip().split("\r\n") for match in matches}
+
+        filtered_leases = self._parse_response_to_dict(data_blocks['9|1,0,0'])
+
+        mapped_leases: list[IPv4DHCPLease] = []
+        for lease in filtered_leases:
+            lease_to_add = IPv4DHCPLease(EUI48(lease['mac']), IPv4Address(lease['ip']),
+                                         lease['hostName'], f'expires {lease["expires"]}')
+            mapped_leases.append(lease_to_add)
+
+        return mapped_leases
+
+    def _parse_devices(self, device_data_response: list[str]) -> list[Device]:
+        filtered_devices = self._parse_response_to_dict(device_data_response)
+
+        device_type_to_connection = {
+            0: Connection.WIRED,
+            1: Connection.HOST_2G, 2: Connection.GUEST_2G,
+            3: Connection.HOST_5G, 4: Connection.GUEST_5G,
+            13: Connection.IOT_2G, 14: Connection.IOT_5G
+        }
+
+        mapped_devices = []
+        for device in filtered_devices:
+            if device['online'] == '1':
+                device_type = int(device['type'])
+                connection_type = device_type_to_connection.get(device_type, Connection.UNKNOWN)
+            else:
+                connection_type = Connection.UNKNOWN
+
+            device_to_add = Device(connection_type, EUI48(device['mac']), IPv4Address(device['ip']), device['name'])
+            device_to_add.up_speed = 0  # Not supported by the router
+            device_to_add.down_speed = 0  # Not supported by the router
+            device_to_add.active = device['online'] == '1'
+            mapped_devices.append(device_to_add)
+        return mapped_devices
+
+    def _parse_response_to_dict(self, response_data: list[str]) -> list[dict]:
+        result_dict = defaultdict(dict)
+        for entry in response_data:
+            parts = entry.split(' ', 2)
+            key, id_str = parts[0], parts[1]
+            value = parts[2] if len(parts) == 3 else ''
+            result_dict[int(id_str)][key] = value
+
+        return [v for _, v in result_dict.items() if v.get("ip") != "0.0.0.0"]
+
+    @staticmethod
+    def _encrypt_password(pwd: str, key: str = RouterConfig.KEY, encoding: str = RouterConfig.ENCODING) -> str:
+        max_len = max(len(key), len(pwd))
+        pwd = pwd.ljust(max_len, RouterConfig.PAD_CHAR)
+        key = key.ljust(max_len, RouterConfig.PAD_CHAR)
+
+        result = []
+        for i in range(max_len):
+            result.append(encoding[(ord(pwd[i]) ^ ord(key[i])) % len(encoding)])
+
+        return "".join(result)
+
+    @staticmethod
+    def _encode_token(encoded_password: str, response: requests.Response) -> str:
+        response_text = response.text.splitlines()
+        auth_info1 = response_text[RouterConstants.AUTH_TOKEN_INDEX1]
+        auth_info2 = response_text[RouterConstants.AUTH_TOKEN_INDEX2]
+
+        encoded_token = TplinkRE330Router._encrypt_password(encoded_password, auth_info1, auth_info2)
+        return parse.quote(encoded_token, safe='!()*')
+
+    def _get_signature(self, datalen: int) -> str:
+        encryption = self._encryption
+        r = f'{encryption.aes._get_aes_string()}&s={str(int(encryption.seq) + datalen)}'
+        e = ''
+        n = 0
+        while n < len(r):
+            e += EncryptionWrapper.rsa_encrypt(r[n:53], encryption.nn_rsa, encryption.ee_rsa)
+            n += 53
+        return e
+
+    def _encrypt_body(self, text: str) -> str:
+        data = self._encryption.aes.aes_encrypt(text)
+        sign = self._get_signature(len(data))
+        return f'sign={sign}\r\ndata={data}'
+
+    def _decrypt_data(self, encrypted_text: str) -> str:
+        return self._encryption.aes.aes_decrypt(encrypted_text)
+
+    def _extract_value(self, response_list, prefix):
+        return next((s.split(prefix, 1)[1] for s in response_list if s.startswith(prefix)), None)
+
+    def request(self, code: int, asyn: int, use_token: bool = False, data: str = None):
+        url = f"{self.host}/?code={code}&asyn={asyn}"
+        if use_token:
+            url += f"&id={self._encryption.token}"
+        try:
+            response = self._session.post(url, data=data, timeout=self.timeout,
+                                          verify=self._verify_ssl, headers=self._headers)
+            # Raises exception for 4XX/5XX status codes for all requests except 1st in authorize
+            if not (code == 7 and asyn == 1 and use_token is False and data is None):
+                response.raise_for_status()
+            return response
+        except requests.exceptions.RequestException as e:
+            self._logger.error(f"Network error: {e}")
+            raise ClientException(f"Network error: {str(e)}") from e

tplinkrouterc6u/client/xdr.py

@@ -116,6 +116,8 @@ class TPLinkXDRClient(AbstractRouter):
             dev = Device(conn_type, get_mac(item['mac']), get_ip(item['ip']), unquote(item['hostname']))
             dev.up_speed = item['up_speed']
             dev.down_speed = item['down_speed']
+            if 'online' in item:
+                dev.active = item['online'] == '1'
             status.devices.append(dev)
         return status
 

tplinkrouterc6u/common/dataclass.py

@@ -310,5 +310,6 @@ class LTEStatus:
 class VPNStatus:
     openvpn_enable: bool | None = None
     pptpvpn_enable: bool | None = None
+    ipsecvpn_enable: bool | None = None
     openvpn_clients_total: int = 0
     pptpvpn_clients_total: int = 0

tplinkrouterc6u/common/encryption.py

@@ -189,3 +189,116 @@ class EncryptionWrapperMR:
         n = int('0x' + nn, 16)
         e = int('0x' + ee, 16)
         return RSA.construct((n, e))
+
+
+class EncryptionWrapperMRGCM:
+    RSA_USE_PKCS_V1_5 = False
+    AES_KEY_LEN = 128 // 8
+    AES_IV_LEN = 12  # previously 16
+
+    def __init__(self) -> None:
+        ts = str(round(time() * 1000))
+
+        key = (ts + str(randint(100000000, 1000000000 - 1)))[:self.AES_KEY_LEN]
+        iv = (ts + str(randint(100000000, 1000000000 - 1)))[:self.AES_IV_LEN]
+
+        assert len(key) == self.AES_KEY_LEN
+        assert len(iv) == self.AES_IV_LEN
+
+        self._key = key
+        self._iv = iv
+
+    def aes_encrypt(self, raw: str) -> tuple[str, str]:
+        # not sure what the padding was for here:
+        # data_padded = pad(raw.encode('utf8'), 16, 'pkcs7')
+
+        # encrypt the body
+        aes_encryptor = self._make_aes_cipher()
+        encrypted_data_bytes, tag = aes_encryptor.encrypt_and_digest(raw.encode('utf-8'))
+        return (
+            b64encode(encrypted_data_bytes).decode(),  # router expects b64 ciphertext
+            b64encode(tag).decode()  # router expects b64 tag (this is new)
+        )
+
+    def aes_decrypt(self, data: str):
+        # decode base64 string
+        tag = b64decode(data[-24:])  # last 24 characters are the tag
+        encrypted_response_data = b64decode(data[:-24])
+        # decrypt the response using our AES key
+        aes_decryptor = self._make_aes_cipher()
+        response = aes_decryptor.decrypt_and_verify(encrypted_response_data, tag)
+
+        # not sure what unpad did here before:
+        # return unpad(response, 16, 'pkcs7').decode('utf8')
+        return response.decode('utf8')
+
+    def get_signature(self, seq: int, is_login: bool, hash: str, nn: str, ee: str) -> str:
+        if is_login:
+            # on login we also send our AES key, which is subsequently
+            # used for E2E encrypted communication
+            # key and iv now base64 not like before
+            key = b64encode(self._key.encode('utf-8')).decode()
+            iv = b64encode(self._iv.encode('utf-8')).decode()
+            sign_data = 'key={}&iv={}&h={}&s={}'.format(key, iv, hash, seq)
+        else:
+            sign_data = 'h={}&s={}'.format(hash, seq)
+
+        # set step based on whether PKCS padding is used
+        rsa_byte_len = len(nn) // 2  # hexlen / 2 * 8 / 8
+        step = (rsa_byte_len - 11) if self.RSA_USE_PKCS_V1_5 else rsa_byte_len
+
+        # encrypt the signature using the RSA public key
+        rsa_key = self._make_rsa_pub_key(nn, ee)
+
+        # make the PKCS#1 v1.5 cipher
+        if self.RSA_USE_PKCS_V1_5:
+            rsa = PKCS1_v1_5.new(rsa_key)
+
+        signature = ''
+        pos = 0
+
+        while pos < len(sign_data):
+            sign_data_bin = sign_data[pos: pos + step].encode('utf8')
+
+            if self.RSA_USE_PKCS_V1_5:
+                # encrypt using the PKCS#1 v1.5 padding
+                enc = rsa.encrypt(sign_data_bin)
+            else:
+                # encrypt using NOPADDING
+                # ... pad the end with zero bytes
+                while len(sign_data_bin) < step:
+                    sign_data_bin = sign_data_bin + b'\0'
+
+                # step 3a (OS2IP)
+                em_int = bytes_to_long(sign_data_bin)
+
+                # step 3b (RSAEP)
+                m_int = rsa_key._encrypt(em_int)
+
+                # step 3c (I2OSP)
+                enc = long_to_bytes(m_int, 1)
+
+            # hexlify to string
+            enc_str = hexlify(enc).decode('utf8')
+
+            # pad the start with '0' hex char
+            while len(enc_str) < rsa_byte_len * 2:
+                enc_str = '0' + enc_str
+
+            signature += enc_str
+            pos = pos + step
+
+        return signature
+
+    def _make_aes_cipher(self) -> AES:
+        # consider renaming _iv to _nonce
+        return AES.new(self._key.encode('utf-8'), AES.MODE_GCM, nonce=self._iv.encode('utf-8'))
+
+    @staticmethod
+    def _make_rsa_pub_key(nn: str, ee: str):
+        '''
+        Makes a new RSA pub key from tuple (n, e)
+        '''
+        n = int('0x' + nn, 16)
+        e = int('0x' + ee, 16)
+        return RSA.construct((n, e))

tplinkrouterc6u/common/package_enum.py

@@ -49,6 +49,7 @@ class Connection(Enum):
 class VPN(Enum):
     OPEN_VPN = 'OPENVPN'
     PPTP_VPN = 'PPTPVPN'
+    IPSEC = 'IPSEC'
 
     @property
     def lowercase(self) -> str: