diff --git a/package/requirements-package.txt b/package/requirements-package.txt index 484bdc55..9ac6fba1 100644 --- a/package/requirements-package.txt +++ b/package/requirements-package.txt @@ -1,9 +1,9 @@ apscheduler==3.10.1 +cryptography==43.0.0 importlib-metadata==8.2.0 importlib-resources==6.4.0 pyinstaller==6.8.0 pyopenssl==24.2.1 -pycryptodomex==3.20.0 pyobjc-core==10.3.1; platform_system == "Darwin" pyobjc-framework-Cocoa==10.3.1; platform_system == "Darwin" diff --git a/plexpy/notifiers.py b/plexpy/notifiers.py index dbd0cccf..ea538544 100644 --- a/plexpy/notifiers.py +++ b/plexpy/notifiers.py @@ -38,20 +38,12 @@ import requests from requests.auth import HTTPBasicAuth try: - from Cryptodome.Protocol.KDF import PBKDF2 - from Cryptodome.Cipher import AES - from Cryptodome.Random import get_random_bytes - from Cryptodome.Hash import SHA256 - CRYPTODOME = True + from cryptography.hazmat.primitives import hashes + from cryptography.hazmat.primitives.ciphers.aead import AESGCM + from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC + _CRYPTOGRAPHY = True except ImportError: - try: - from Crypto.Protocol.KDF import PBKDF2 - from Crypto.Cipher import AES - from Crypto.Random import get_random_bytes - from Crypto.Hash import SHA256 - CRYPTODOME = True - except ImportError: - CRYPTODOME = False + _CRYPTOGRAPHY = False import gntp.notifier import facebook @@ -4030,21 +4022,21 @@ class TAUTULLIREMOTEAPP(Notifier): #logger.debug("Plaintext data: {}".format(plaintext_data)) - if CRYPTODOME: + if _CRYPTOGRAPHY: # Key generation - salt = get_random_bytes(16) + salt = os.urandom(16) passphrase = device['device_token'] key_length = 32 # AES256 iterations = 600000 - key = PBKDF2(passphrase, salt, dkLen=key_length, count=iterations, hmac_hash_module=SHA256) + kdf = PBKDF2HMAC(algorithm=hashes.SHA256(), length=key_length, salt=salt, iterations=iterations) + key = kdf.derive(passphrase.encode()) #logger.debug("Encryption key (base64): {}".format(base64.b64encode(key))) # Encrypt using AES GCM - nonce = get_random_bytes(16) - cipher = AES.new(key, AES.MODE_GCM, nonce) - encrypted_data, gcm_tag = cipher.encrypt_and_digest(json.dumps(plaintext_data).encode('utf-8')) - encrypted_data += gcm_tag + nonce = os.urandom(16) + cipher = AESGCM(key) + encrypted_data = cipher.encrypt(nonce, json.dumps(plaintext_data).encode('utf-8'), None) #logger.debug("Encrypted data (base64): {}".format(base64.b64encode(encrypted_data))) #logger.debug("GCM tag (base64): {}".format(base64.b64encode(gcm_tag))) @@ -4062,7 +4054,7 @@ class TAUTULLIREMOTEAPP(Notifier): 'server_id': plexpy.CONFIG.PMS_UUID} } else: - logger.warn("Tautulli Notifiers :: PyCryptodome library is missing. " + logger.warn("Tautulli Notifiers :: Cryptography library is missing. " "Tautulli Remote app notifications will be sent unecrypted. " "Install the library to encrypt the notifications.") @@ -4094,22 +4086,22 @@ class TAUTULLIREMOTEAPP(Notifier): def _return_config_options(self): config_option = [] - if not CRYPTODOME: + if not _CRYPTOGRAPHY: config_option.append({ 'label': 'Warning', - 'description': 'The PyCryptodome library is missing. ' + 'description': 'The Cryptography library is missing. ' 'The content of your notifications will be sent unencrypted!
' 'Please install the library to encrypt the notification contents. ' 'Instructions can be found in the ' 'FAQ.' , 'input_type': 'help' }) else: config_option.append({ 'label': 'Note', - 'description': 'The PyCryptodome library was found. ' + 'description': 'The Cryptography library was found. ' 'The content of your notifications will be sent encrypted!', 'input_type': 'help' })