From b31354f53ab08aa7b5267c53a23146fbba94584e Mon Sep 17 00:00:00 2001 From: Rossen Georgiev Date: Sun, 25 Nov 2018 00:13:11 +0000 Subject: [PATCH] replace cryptography with pycryptodomex --- README.rst | 4 ++-- Vagrantfile | 3 ++- docs/install.rst | 23 ------------------- docs/intro.rst | 4 ++-- requirements.txt | 2 +- setup.py | 3 ++- steam/core/crypto.py | 47 +++++++++++++++++---------------------- steam/webauth.py | 29 ++++++++++-------------- tests/test_core_crypto.py | 10 +++++---- 9 files changed, 48 insertions(+), 77 deletions(-) diff --git a/README.rst b/README.rst index 9631c2e..cf901cd 100644 --- a/README.rst +++ b/README.rst @@ -16,14 +16,14 @@ Key features * `WebAuth `_ - authentication for access to ``store.steampowered.com`` and ``steamcommunity.com`` Checkout the `User guide `_ for examples, -or the `API Reference `_ for details. +or the `API Reference `_ for details. For questions, issues or general curiosity visit the repo at `https://github.com/ValvePython/steam `_. Quick install ------------- -For details on require system packages, see `Full Installation `_. +For system specific details, see `Install Details `_. Install latest version from PYPI diff --git a/Vagrantfile b/Vagrantfile index e04a2e4..2ebf63d 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -15,12 +15,13 @@ Vagrant.configure("2") do |config| # box.vm.synced_folder "../csgo-python/csgo/", "/home/vagrant/csgo" box.vm.provision "shell", inline: <<-SHELL + set -x apt-get update - apt-get -y install build-essential libssl-dev libffi-dev python-dev apt-get -y install python-pip python-virtualenv SHELL box.vm.provision "shell", privileged: false, inline: <<-SHELL + set -x virtualenv -p python2 venv2 source venv2/bin/activate pip install -r /vagrant/requirements.txt ipython diff --git a/docs/install.rst b/docs/install.rst index 62ea6b8..69c5c7d 100644 --- a/docs/install.rst +++ b/docs/install.rst @@ -14,23 +14,6 @@ Steps assume that ``python`` and ``pip`` are already installed. in order to keep you system packages untouched. -Ubuntu/Debian -^^^^^^^^^^^^^ - -Replace ``python-dev`` with ``python3-dev`` for Python 3. - -.. code-block:: console - - $ sudo apt-get install build-essential libssl-dev libffi-dev python-dev - -RHEL-based -^^^^^^^^^^ - -.. code-block:: console - - $ sudo yum install gcc libffi-devel python-devel openssl-devel - - Windows ------- @@ -41,13 +24,7 @@ Cygwin 2. During the setup select these additional packages - ``python3`` - - ``python3-devel`` - ``python3-setuptools`` - - ``gcc-core`` - - ``gcc-g++`` - - ``libffi6`` - - ``libffi-devel`` - - ``openssl-devel`` 4. Install pip - Open cygwin terminal diff --git a/docs/intro.rst b/docs/intro.rst index f695c7b..9d616f8 100644 --- a/docs/intro.rst +++ b/docs/intro.rst @@ -20,14 +20,14 @@ Key features * :doc:`WebAPI ` - simple API for Steam's Web API with automatic population of interfaces * :doc:`WebAuth ` - authentication for access to ``store.steampowered.com`` and ``steamcommunity.com`` -Checkout the :doc:`user_guide` for examples, or the :doc:`api/index` for details. +Checkout the :doc:`user_guide` for examples, or the :doc:`api/steam` for details. For questions, issues, or general curiosity, visit the repo at `https://github.com/ValvePython/steam `_. Quick install ============= -For details on require system packages, see :doc:`install`. +For system specific details, see :doc:`install`. Install latest version from PYPI:: diff --git a/requirements.txt b/requirements.txt index 88f8121..fce9076 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ six>=1.10.0 -cryptography>=1.3 +pycryptodomex>=3.7.0 requests>=2.9.1 vdf>=2.0 gevent>=1.2.0 diff --git a/setup.py b/setup.py index 545f113..55daaa4 100644 --- a/setup.py +++ b/setup.py @@ -16,7 +16,7 @@ with open(path.join(here, 'steam/__init__.py'), encoding='utf-8') as f: install_requires = [ 'six>=1.10', - 'cryptography>=1.3', + 'pycryptodomex>=3.7.0', 'requests>=2.9.1', 'vdf>=2.0', 'gevent>=1.2.0', @@ -50,6 +50,7 @@ setup( 'Programming Language :: Python :: 3.4', 'Programming Language :: Python :: 3.5', 'Programming Language :: Python :: 3.6', + 'Programming Language :: Python :: Implementation :: PyPy', ], keywords='valve steam steamid api webapi steamcommunity', packages=['steam'] + ['steam.'+x for x in find_packages(where='steam')], diff --git a/steam/core/crypto.py b/steam/core/crypto.py index 886735e..07f83f4 100644 --- a/steam/core/crypto.py +++ b/steam/core/crypto.py @@ -5,20 +5,17 @@ import sys from os import urandom as random_bytes from struct import pack from base64 import b64decode -from cryptography.hazmat.primitives.hmac import HMAC -from cryptography.hazmat.primitives.hashes import Hash, SHA1 -from cryptography.hazmat.primitives.asymmetric.padding import PSS, OAEP, MGF1 -from cryptography.hazmat.primitives.ciphers import Cipher -from cryptography.hazmat.primitives.ciphers.algorithms import AES -from cryptography.hazmat.primitives.ciphers.modes import CBC, ECB -import cryptography.hazmat.backends -backend = cryptography.hazmat.backends.default_backend() + +from Cryptodome.Hash import SHA1, HMAC +from Cryptodome.PublicKey.RSA import import_key as rsa_import_key, construct as rsa_construct +from Cryptodome.Cipher import PKCS1_OAEP, PKCS1_v1_5 +from Cryptodome.Cipher import AES as AES class UniverseKey(object): """Public keys for Universes""" - Public = backend.load_der_public_key(b64decode(""" + Public = rsa_import_key(b64decode(""" MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDf7BrWLBBmLBc1OhSwfFkRf53T 2Ct64+AVzRkeRuh7h3SiGEYxqQMUeYKO6UWiSRKpI2hzic9pobFhRr3Bvr/WARvY gdTckPv+T1JzZsuVcNfFjrocejN1oWI0Rrtgt4Bo+hOneoo3S57G9F1fOpn5nsQ6 @@ -42,9 +39,9 @@ def generate_session_key(hmac_secret=b''): :rtype: :class:`tuple` """ session_key = random_bytes(32) - encrypted_session_key = UniverseKey.Public.encrypt(session_key + hmac_secret, - OAEP(MGF1(SHA1()), SHA1(), None) - ) + encrypted_session_key = PKCS1_OAEP.new(UniverseKey.Public, SHA1)\ + .encrypt(session_key + hmac_secret) + return (session_key, encrypted_session_key) def symmetric_encrypt(message, key): @@ -58,13 +55,11 @@ def symmetric_encrypt_HMAC(message, key, hmac_secret): return symmetric_encrypt_with_iv(message, key, iv) def symmetric_encrypt_iv(iv, key): - encryptor = Cipher(AES(key), ECB(), backend).encryptor() - return encryptor.update(iv) + encryptor.finalize() + return AES.new(key, AES.MODE_ECB).encrypt(iv) def symmetric_encrypt_with_iv(message, key, iv): encrypted_iv = symmetric_encrypt_iv(iv, key) - encryptor = Cipher(AES(key), CBC(iv), backend).encryptor() - cyphertext = encryptor.update(pad(message)) + encryptor.finalize() + cyphertext = AES.new(key, AES.MODE_CBC, iv).encrypt(pad(message)) return encrypted_iv + cyphertext def symmetric_decrypt(cyphertext, key): @@ -84,19 +79,19 @@ def symmetric_decrypt_HMAC(cyphertext, key, hmac_secret): return message def symmetric_decrypt_iv(cyphertext, key): - decryptor = Cipher(AES(key), ECB(), backend).decryptor() - return decryptor.update(cyphertext[:BS]) + decryptor.finalize() + return AES.new(key, AES.MODE_ECB).decrypt(cyphertext[:BS]) def symmetric_decrypt_with_iv(cyphertext, key, iv): - decryptor = Cipher(AES(key), CBC(iv), backend).decryptor() - return unpad(decryptor.update(cyphertext[BS:]) + decryptor.finalize()) + return unpad(AES.new(key, AES.MODE_CBC, iv).decrypt(cyphertext[BS:])) def hmac_sha1(secret, data): - hmac = HMAC(secret, SHA1(), backend) - hmac.update(data) - return hmac.finalize() + return HMAC.new(secret, data, SHA1).digest() def sha1_hash(data): - sha = Hash(SHA1(), backend) - sha.update(data) - return sha.finalize() + return SHA1.new(data).digest() + +def rsa_publickey(mod, exp): + return rsa_construct((mod, exp)) + +def pkcs1v15_encrypt(key, message): + return PKCS1_v1_5.new(key).encrypt(message) diff --git a/steam/webauth.py b/steam/webauth.py index 2dca88c..15f0382 100644 --- a/steam/webauth.py +++ b/steam/webauth.py @@ -60,12 +60,9 @@ from time import time from base64 import b64encode import requests -from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicNumbers -from cryptography.hazmat.primitives.asymmetric.padding import PKCS1v15 -from steam.core.crypto import backend - from steam import SteamID, webapi from steam.util.web import make_requests_session, generate_session_id +from steam.core.crypto import rsa_publickey, pkcs1v15_encrypt if sys.version_info < (3,): intBase = long @@ -108,12 +105,12 @@ class WebAuth(object): """ try: resp = self.session.post('https://steamcommunity.com/login/getrsakey/', - timeout=15, - data={ - 'username': username, - 'donotchache': int(time() * 1000), - }, - ).json() + timeout=15, + data={ + 'username': username, + 'donotchache': int(time() * 1000), + }, + ).json() except requests.exceptions.RequestException as e: raise HTTPError(str(e)) @@ -123,17 +120,15 @@ class WebAuth(object): if not self.key: resp = self.get_rsa_key(self.username) - nums = RSAPublicNumbers(intBase(resp['publickey_exp'], 16), - intBase(resp['publickey_mod'], 16), - ) - - self.key = backend.load_rsa_public_numbers(nums) + self.key = rsa_publickey(intBase(resp['publickey_mod'], 16), + intBase(resp['publickey_exp'], 16), + ) self.timestamp = resp['timestamp'] def _send_login(self, captcha='', email_code='', twofactor_code=''): data = { - 'username' : self.username, - "password": b64encode(self.key.encrypt(self.password.encode('ascii'), PKCS1v15())), + 'username': self.username, + "password": b64encode(pkcs1v15_encrypt(self.key, self.password.encode('ascii'))), "emailauth": email_code, "emailsteamid": str(self.steam_id) if email_code else '', "twofactorcode": twofactor_code, diff --git a/tests/test_core_crypto.py b/tests/test_core_crypto.py index c2916ac..b2fd27a 100644 --- a/tests/test_core_crypto.py +++ b/tests/test_core_crypto.py @@ -45,18 +45,20 @@ class crypto_testcase(unittest.TestCase): # self.assertEqual(key, expected_key) # self.assertEqual(ekey, expected_ekey) - def test_encryption(self): + def test_encryption_legacy(self): message = b'My secret message' key = b'9' * 32 - hmac = b'3' * 16 - # legacy cyphertext = crypto.symmetric_encrypt(message, key) dmessage = crypto.symmetric_decrypt(cyphertext, key) self.assertEqual(message, dmessage) - # with HMAC + def test_encryption_hmac(self): + message = b'My secret message' + key = b'9' * 32 + hmac = b'3' * 16 + cyphertext = crypto.symmetric_encrypt_HMAC(message, key, hmac) dmessage = crypto.symmetric_decrypt_HMAC(cyphertext, key, hmac)