Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Crypto lib changes and misc fixes #423

Merged
merged 16 commits into from
Nov 15, 2023
Merged

Conversation

uzlonewolf
Copy link
Collaborator

This PR reworks AESCipher() to make it a bit easier to add additional crypto libraries. It also adds pyca/cryptography ( https://cryptography.io/en/latest/ ) which uses OpenSSL under the hood. pyca/cryptography is preferred at runtime and in setup.py, but PyCryptodome is still preferred in requirements.txt.

An issue with tinytuya.find_device() for v3.1 devices has also been fixed, as has the infinite loop in Contrib/IRRemoteControlDevice.py (Closes #403).

tinytuya/core.py Dismissed Show dismissed Hide dismissed
tinytuya/core.py Dismissed Show dismissed Hide dismissed
@uzlonewolf
Copy link
Collaborator Author

The crypto library it's using as also been added to the set_debug() message:

import tinytuya
tinytuya.set_debug()

result in:

DEBUG:TinyTuya [1.12.11]

DEBUG:Python 3.11.2 (main, Mar 13 2023, 12:18:29) [GCC 12.2.0] on linux
DEBUG:Using pyca/cryptography 38.0.4 for crypto, GCM is supported

or

DEBUG:TinyTuya [1.12.11]

DEBUG:Python 3.11.2 (main, Mar 13 2023, 12:18:29) [GCC 12.2.0] on linux
DEBUG:Using PyCryptodomex 3.11.0 for crypto, GCM is supported

or

DEBUG:TinyTuya [1.12.11]

DEBUG:Python 3.11.2 (main, Mar 13 2023, 12:18:29) [GCC 12.2.0] on linux
DEBUG:Using pyaes 1.3.0 for crypto
DEBUG:Warning: Crypto library does not support AES-GCM, v3.5 devices will not work!

or

DEBUG:TinyTuya [1.12.11]

DEBUG:Python 3.11.2 (main, Mar 13 2023, 12:18:29) [GCC 12.2.0] on linux
DEBUG:Using PyCrypto 2.x.y for crypto
DEBUG:Warning: Crypto library does not support AES-GCM, v3.5 devices will not work!

@uzlonewolf uzlonewolf mentioned this pull request Nov 14, 2023
This should not be a breaking change, but does make sense to do a minor rev version upgrade with the introduction of the new crypto library support.
]

CHOOSE_CRYPTO_LIB = [
'cryptography', # pyca/cryptography - https://cryptography.io/en/latest/
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this. It has good review, works well in my tests and is often listed above pycryptodome in ratings. However, it does not support Python 2.7. I suggest we officially remove 2.7 support with this PR.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good to me. My computer died last month and I installed Debian 12 on my new one, so I can't even test against Python 2.7 anymore without copying it to another machine first.

@jasonacox jasonacox changed the title Crypto lib chages and misc fixes Crypto lib changes and misc fixes Nov 15, 2023
tinytuya/core.py Outdated
except ImportError:
continue
if CRYPTOLIB is None:
raise ModuleNotFoundError('No crypto library found, please install one of: pyca/cryptography, PyCryptodome, or PyCrypto')
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we just message this as the pip install equivalent?

No crypto library found, please install: cryptography, pycryptodome, or pyaes

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nevermind, I'm going to leave it as is. This is similar to README.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Too late...

except ImportError:
continue
if CRYPTOLIB is None:
raise ModuleNotFoundError('No crypto library found, please "pip install" cryptography, pycryptodome, or pyaes')
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sold ❤️

@jasonacox
Copy link
Owner

I'm going to test on a few more systems (Win11 and RPi). Any other updates you are thinking about before we merge?

@uzlonewolf
Copy link
Collaborator Author

I'm sure I'll think of one 5 seconds after it's merged... But right now I think I'm done :)

@uzlonewolf
Copy link
Collaborator Author

Ugh, I broke v3.5 devices, one moment...

@uzlonewolf
Copy link
Collaborator Author

And that should fix it. Should be good to merge!

@uzlonewolf
Copy link
Collaborator Author

One of these days I'll polish up my "fake v3.5 device" script and add it to tools/. Not going to be for this PR though.

@jasonacox
Copy link
Owner

jasonacox commented Nov 15, 2023

✅ MacOS
✅ Linux
✅ RPi
✅ Win11 - One traceback run but not fatal

During one snapshot scan test, Win11 is producing some errors but still worked and occasionally occurs in v1.12.11 as well.

DEBUG:TinyTuya [1.13.0]

DEBUG:Python 3.9.13 (tags/v3.9.13:6de2ca5, May 17 2022, 16:36:42) [MSC v.1929 64 bit (AMD64)] on win32
DEBUG:Using PyCryptodome 3.12.0 for crypto, GCM is supported
TinyTuya [1.13.0]

...
Traceback (most recent call last):
  File "C:\Users\jason\tinytuya\tinytuya\scanner.py", line 802, in write_data
    self.sock.sendall( self.device._encode_message( self.device.generate_payload(tinytuya.DP_QUERY) ) )
ConnectionResetError: [WinError 10054] An existing connection was forcibly closed by the remote host

I also tested pyca/cryptography on Win11 - successfully:

DEBUG:TinyTuya [1.13.0]

DEBUG:Python 3.9.13 (tags/v3.9.13:6de2ca5, May 17 2022, 16:36:42) [MSC v.1929 64 bit (AMD64)] on win32
DEBUG:Using pyca/cryptography 41.0.5 for crypto, GCM is supported
TinyTuya [1.13.0]

@jasonacox jasonacox merged commit 9953f39 into jasonacox:master Nov 15, 2023
11 checks passed
@jasonacox
Copy link
Owner

jasonacox commented Nov 15, 2023

Python version warning for cryptography (Python 3.6 support):

CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography will remove support for Python 3.6.
  from cryptography.hazmat.primitives.ciphers import Cipher as Crypto

@jasonacox
Copy link
Owner

Issue I just discovered... on an Linux box using Python 3.7, the pyca/cryptography library of v3.0 or less will NOT work, so you will see something like this with scans:

  • Unexpected payload from '10.1.1.1' to port 6667: b'' (b"\x00\x00U\xaa\x00\x00\x00\x00\x00\x00\x00\x13\x00\x00\x00\x9c\x00\x00\x00\x00!#t\xad\xe9\xb1\xf3\xc9\xd8\xdb\xcd\xa2\x88Q,\xc0p:\xa6:\xf1\xdc\x8c\x955\xe1}\x08__p++S+\x88P\xa1K#\x92\xf3\xd2\xd4a\xe9\x1a\xa0\xcf\xc91\xab\x14\xd7\x01c\x98\xc6E\xb4ofA\x8e\x10\xfd\x0f]\xd8\xdetP7\xde\x9f\x96n\xb6\x04OM\xc7\xfe\x82>0y'\xfb\nD\xb0\xdf\xae,\x8dK\x98\xc9l\xfe\x15\\xec\x0b\xb9\x83\xdaL/^\xae \xb2N\xd4\x1c\x85\xdc\xde1\x8b\xb9\x88&\x12\x1a\xe1\xee\xdd\\x95;\xb97u`\xae\x90\xdf\xbcE\xdb\xe2y}d\r\x00\x00\xaaU")

Upgrading to cryptography>=3.1 fixes this (anything below that is broken).

We should push a patch to include that in the requirements.

@uzlonewolf
Copy link
Collaborator Author

Looking at the backtrace it looks like <=3.0 require a backend= argument that was removed for 3.1 https://cryptography.io/en/latest/faq/#what-happened-to-the-backend-argument . In addition to the requirements.txt update I also added some logic to the import routine to fallback to PyCryptodome if cryptography is <=3.0. 7d94c80 . I'll submit a PR once I finish adding my fake v3.5 device script.

@jasonacox
Copy link
Owner

I like it! Thanks @uzlonewolf

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

IRRemoteControlDevice constructor stuck in forever loop if can't connect to device
2 participants