Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

steam: password encrypt failed #70

Open
GoogleCodeExporter opened this Issue Aug 23, 2015 · 51 comments

Comments

Projects
None yet
6 participants
(07:24:32) certificate: Successfully verified certificate for steamcommunity.com
(07:24:32) steam: post_or_get_ssl_connect_cb
(07:24:32) steam: executing callback for 
/mobilelogin/getrsakey?username=fakeName
(07:24:32) steam: password encrypt failed
(07:24:32) steam: Encrypted password is (null)
(07:24:32) connection: Connection error on 0x2d8b880 (reason: 5 description: 
Unable to RSA encrypt the password)
(07:24:32) account: Disconnecting account fakeName (0x2502ab0)
(07:24:32) connection: Disconnecting connection 0x2d8b880
(07:24:32) idle: Setting fakeName unidle

I can open https://steamcommunity.com//mobilelogin/getrsakey?username=fakeName 
and get what looks like a key. Did the format change?

{"success":true,"publickey_mod":"AF5D711900473A212C61CF8306E5841D722018DBC8FCE4B
61149036F36882AB384617CCAD1ECEF8291C43D43AF4D113F7B70C8DFA48ABD05FD1D663C2E697A8
634ADC4D522F722397987A95F82E9E0E7E224A61125390966A02F6822D2DA03E3E26A51952188596
A52072FC7632C4E7E8DA66DC18E422A0396F4D8D9A5F200B46072832D120EF60920B3C83E6DFE730
22AE55DAB32ECB40BBC1D17835245C521A0A32034A22B5AD649E70949F8156601839C2B6C9E630E9
AADD63346FF38A151C069A3017504AC0C1D1571A0DB055906780201CDCDB517350715A6EEE7822DE
9223D2D42D099B9F46DA0DD0892E010BA8F6601CEEB015DD3D40EFD4302BD0E03","publickey_ex
p":"010001","timestamp":"122461650000"}

Original issue reported on code.google.com by weedy2...@gmail.com on 15 Nov 2013 at 12:41

What operating system are you on? What version of libnss do you have installed? 

Original comment by eionrobb on 16 Nov 2013 at 2:55

I'm getting the same error, i updated the Adium plugin for OSX to use a newer 
version of pidgin-opensteamworks 
https://github.com/tripplet/Adium-Steam-IM

I'm using OSX 10.9 with nss version 13.14.1 installed with homebrew 
(https://github.com/mxcl/homebrew/blob/master/Library/Formula/nss.rb)

Original comment by tobias.t...@gmail.com on 16 Nov 2013 at 6:27

Same problem on Sabayon Linux x86-64. I also tried to compile it myself, the 
build goes well (a few warnings for unused variables), but I get the same error 
message. libnss is installed as dev-libs/nss-3.15.3.

Original comment by de...@gmx.it on 9 Dec 2013 at 2:30

Similar error on OpenSUSE 13.1 x86-64, compiled the plugin myself and tried the 
provided .so and both produce "Unable to RSA encrypt the password"

Original comment by Echtol...@gmail.com on 10 Dec 2013 at 9:54

I'm not sure what is causing the problem with nss, but in the Adium-Steam-IM 
plugin the problem seems to be completly fixed by using openssl instead of nss.

It should be fairly easy to port the modifications in steam_rsa.c back into 
opensteamworks.
https://github.com/tripplet/Adium-Steam-IM/blob/master/opensteamworks/steam-mobi
le/steam_rsa.c

Original comment by tobias.t...@gmail.com on 10 Dec 2013 at 10:37

@tobias.tangemann unfortunately the use of OpenSSL on anything other than OSX 
isn't GPL-compatible

Original comment by eionrobb on 11 Dec 2013 at 2:52

I didn't know about this issue. Could you include a exception for openssl as 
stated here: http://en.wikipedia.org/wiki/OpenSSL#Licensing, or what is the 
licensing state of my derived work "Adium-Steam-IM" which includes the GPL 
opensteamworks code?

Original comment by tobias.t...@gmail.com on 11 Dec 2013 at 8:49

@tobias, unfortunately not as the plugin is a derivative of Pidgin and must 
follow its licence (which doesn't include the exception and probably never 
will).

Original comment by eionrobb on 12 Dec 2013 at 2:19

I ported the code to polarssl to fix this possible license issue.
The new code should now be GPL compatible.
As an additional bonus polarssl is linked static so it should work under linux 
and windows too.
https://github.com/tripplet/Adium-Steam-IM/blob/master/opensteamworks/steam-mobi
le/steam_rsa.c

Hopefully everything should now be hunky-dory.

Original comment by tobias.t...@gmail.com on 17 Dec 2013 at 3:02

I'm getting this with spectrum2.  Got any pointers? I don't know where to start.

Original comment by sdfgste...@gmail.com on 3 May 2014 at 11:29

@tobias I don't suppose you have the .so of your fix?  The current one from 
here still doesn't seem to work, and I can't see how to extract it from the 
Adium OS X package (I need the so for libpurple directly for use with Spectrum.)

Original comment by sdfgste...@gmail.com on 24 Jul 2014 at 5:41

OSX uses a completely different format (.dylib) which you can not use under 
linux.
In addition I do not compile the complete code only the part which is needed to 
integrate it into Adium (for pidgin you need everything) and I also compile the 
pidgin-opensteamworks directly into the adium plugin, so no separate lib is 
generated.

Original comment by tobias.t...@gmail.com on 25 Jul 2014 at 2:31

@sdfgste You should start here: 
https://developer.pidgin.im/wiki/CHowTo/BasicPluginHowto and try to compile it 
yourself or ask the project maintainer  eionrobb

Original comment by tobias.t...@gmail.com on 25 Jul 2014 at 2:37

Ok, I'm on a source distro, but I had to rewrite the package to apply a patch 
to the tarball source (which it fetches) to the svn source.

Now that I've done that, and forced PolarSSL to be defined, I get the following 
when libpurple tries to load the plugin.

plugins:/usr/lib64/purple-2/libsteam.so is not loadable: undefined symbol: 
ctr_drbg_random

From what I can see, that's a polarssl function. Is there something else that's 
looking for this function? libpurple itself?

Original comment by sdfgste...@gmail.com on 25 Jul 2014 at 10:18

You need to link the polarssl library by adding -lpolarssl to the gcc command 
line in the Makefile.

Hope that helps!

Original comment by alexanderfb on 25 Jul 2014 at 10:23

What about -I/usr/include/polarssl, will I need that too?

Original comment by sdfgste...@gmail.com on 25 Jul 2014 at 10:36

Includes are only used during compilation. If you're getting undefined 
reference errors then your object code is already compiled. IOW, it shouldn't 
really make a difference either way.

Original comment by alexanderfb on 25 Jul 2014 at 10:39

I added -lpolarssl, and I'm getting the same error.  The CFLAGS line looks like 
this:

CFLAGS += -Wall -fPIC -DUSE_POLARSSL_CRYPTO -lpolarssl

The Makefile I'm using is here: http://bpaste.net/show/501489/

Any pointers would be greatly appreciated.

Original comment by sdfgste...@gmail.com on 25 Jul 2014 at 10:51

This is the Gentoo version, isn't it? Gentoo has the ebuild for 1.4 but 1.4 
doesn't have the PolarSSL code in it yet (you can check this by grepping for 
USE_POLARSSL_CRYPTO in steam_rsa.c). You need to compile the SVN version 
directly from the repo.

The simplest way to do this would be to clone the repo using the "Source" tab 
at the top of this page and then follow the instructions under "Checkout". You 
might need to emerge subversion first. Then compile it (after tweaking the 
Makefile to use -DUSE_POLARSSL_CRYPTO and -lpolarssl) and put the resulting 
libsteam.so in ~/.purple/plugins.

That should do the trick for now.

Original comment by alexanderfb on 25 Jul 2014 at 10:57

Actually, now that I think of it, if this was the straight Gentoo version, you 
wouldn't be getting as far as the undefined reference errors. Perplexing.

Original comment by alexanderfb on 25 Jul 2014 at 10:58

Oh! My bad. I just took another look at the Makefile you're using. You need to 
put -lpolarssl in LDFLAGS since it's a linker flag. Sorry I missed that.

Original comment by alexanderfb on 25 Jul 2014 at 10:59

Yes, it's the Gentoo version.  However what I spent most of the evening doing 
was writing an ebuild that patched the differences between the 1.4 and the svn 
versions.  I also incorporated the Makefile patch as well.

https://github.com/sdfg2/sdfg-overlay/tree/master/x11-plugins/pidgin-opensteamwo
rks is the ebuild in my overlay.

I moved -lpolarssl to LDFLAGS (as you can see), but I'm still getting the same 
error.

Original comment by sdfgste...@gmail.com on 25 Jul 2014 at 11:04

This might be an argument order thing with gcc. Try putting it in LIBS instead.

Original comment by alexanderfb on 25 Jul 2014 at 11:09

Same again :(

Original comment by sdfgste...@gmail.com on 25 Jul 2014 at 11:11

Can you try doing an ldd on the library you created and pasting the list of 
linked libraries?

ldd /usr/lib/pidgin/libsteam.so ?

Original comment by alexanderfb on 25 Jul 2014 at 11:15

linux-vdso.so.1 (0x00007ffff35ff000)
libc.so.6 => /lib64/libc.so.6 (0x00007fe1533a4000)
/lib64/ld-linux-x86-64.so.2 (0x00007fe153980000)

So it's not linked, right?

(I totally meant to go down this road earlier, sorry, should have thought of it)

Original comment by sdfgste...@gmail.com on 25 Jul 2014 at 11:17

That's it? Yeah, it's not linked. It must be something simple I'm missing since 
I'm tired and preoccupied.

For reference, here's my libsteam.so's links:

    linux-vdso.so.1 (0x00007fff781ff000)
    libjson-glib-1.0.so.0 => /usr/lib64/libjson-glib-1.0.so.0 (0x00007f66a81ba000)
    libgio-2.0.so.0 => /usr/lib64/libgio-2.0.so.0 (0x00007f66a7e54000)
    libgobject-2.0.so.0 => /usr/lib64/libgobject-2.0.so.0 (0x00007f66a7c02000)
    libpurple.so.0 => /usr/lib64/libpurple.so.0 (0x00007f66a78cd000)
    libglib-2.0.so.0 => /usr/lib64/libglib-2.0.so.0 (0x00007f66a75a1000)
    libssl3.so => /usr/lib64/libssl3.so (0x00007f66a7355000)
    libsmime3.so => /usr/lib64/libsmime3.so (0x00007f66a7127000)
    libnss3.so => /usr/lib64/libnss3.so (0x00007f66a6de8000)
    libnssutil3.so => /usr/lib64/libnssutil3.so (0x00007f66a6bbb000)
    libplds4.so => /usr/lib64/libplds4.so (0x00007f66a69b7000)
    libplc4.so => /usr/lib64/libplc4.so (0x00007f66a67b2000)
    libnspr4.so => /usr/lib64/libnspr4.so (0x00007f66a6572000)
    libpolarssl.so.0 => /usr/lib64/libpolarssl.so.0 (0x00007f66a631b000)
    libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f66a60fe000)
    libc.so.6 => /lib64/libc.so.6 (0x00007f66a5d4d000)
    libgmodule-2.0.so.0 => /usr/lib64/libgmodule-2.0.so.0 (0x00007f66a5b49000)
    libz.so.1 => /lib64/libz.so.1 (0x00007f66a5933000)
    libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f66a571b000)
    libffi.so.6 => /usr/lib64/libffi.so.6 (0x00007f66a5512000)
    libdbus-glib-1.so.2 => /usr/lib64/libdbus-glib-1.so.2 (0x00007f66a52ea000)
    libdbus-1.so.3 => /usr/lib64/libdbus-1.so.3 (0x00007f66a50ac000)
    libgstfarsight-0.10.so.0 => /usr/lib64/libgstfarsight-0.10.so.0 (0x00007f66a4e97000)
    libgstinterfaces-0.10.so.0 => /usr/lib64/libgstinterfaces-0.10.so.0 (0x00007f66a4c84000)
    libgstreamer-0.10.so.0 => /usr/lib64/libgstreamer-0.10.so.0 (0x00007f66a4999000)
    libxml2.so.2 => /usr/lib64/libxml2.so.2 (0x00007f66a4631000)
    libm.so.6 => /lib64/libm.so.6 (0x00007f66a4333000)
    libdl.so.2 => /lib64/libdl.so.2 (0x00007f66a412e000)
    librt.so.1 => /lib64/librt.so.1 (0x00007f66a3f26000)
    /lib64/ld-linux-x86-64.so.2 (0x00000034c8200000)
    libgstbase-0.10.so.0 => /usr/lib64/libgstbase-0.10.so.0 (0x00007f66a3ccf000)
    libgthread-2.0.so.0 => /usr/lib64/libgthread-2.0.so.0 (0x00007f66a3acd000)
    libicuuc.so.52 => /usr/lib64/libicuuc.so.52 (0x00007f66a3753000)
    liblzma.so.5 => /lib64/liblzma.so.5 (0x00007f66a3530000)
    libicudata.so.52 => /usr/lib64/libicudata.so.52 (0x00007f66a1cc2000)
    libstdc++.so.6 => /usr/lib/gcc/x86_64-pc-linux-gnu/4.7.3/libstdc++.so.6 (0x00007f66a19bb000)
    libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f66a17a5000)

Original comment by alexanderfb on 25 Jul 2014 at 11:22

So it's not even linked to the other normal stuff, never mind polarssl :(

No idea how to fix this.

Original comment by sdfgste...@gmail.com on 26 Jul 2014 at 11:47

Now that I'm more awake, I took another look at your patch 
(https://github.com/sdfg2/sdfg-overlay/blob/master/x11-plugins/pidgin-opensteamw
orks/files/pidgin-opensteamworks-1.4-r1.patch).

On line 36, the -lpolarssl is *inside* the parentheses defining the shell call 
to pkg-config. This passes -lpolarssl to pkg-config as a shell argument which 
probably confuses it as it's not a valid pkg-config argument. Try putting the 
-lpolarssl *outside* the closing paren:

! LIBS += $(shell $(PKG_CONFIG) --libs glib-2.0 json-glib-1.0 purple nss 
polarssl) -lpolarssl

Original comment by alexanderfb on 26 Jul 2014 at 1:19

Well, progress, of some description.  Now it's undefined symbol: 
json_object_get_boolean_member.  ldd says it's now got libpolarssl and libz 
linked, along with the first three.  So I'm guessing there's a lot else that's 
not linked.

I don't get why it's not linked to the other things though, none of the 
Makefiles I've looked at have a huge list of -l statements.  Is it a wider 
configuration issue due to emerge?

Original comment by sdfgste...@gmail.com on 26 Jul 2014 at 1:26

You could try seeing what you get from pkg-config --libs glib-2.0 json-glib-1.0 
purple nss polarssl

Original comment by alexanderfb on 26 Jul 2014 at 1:28

Ah, got it now.  polarssl isn't a library in pkg-config, so the pkg-config 
returned an error.  I would have expected it to return what it could, but meh.

All works now!  Thank you for those pointers, they will come in handy in other 
ebuilds I just know I'll be faced with :-D

Now to tidy up the package.

Original comment by sdfgste...@gmail.com on 26 Jul 2014 at 1:37

Glad to help. And hopefully this exchange on the tracker will exhaust 
solutions/outline a process for future searchers trying to solve the same issue.

Original comment by alexanderfb on 26 Jul 2014 at 1:41

I'm getting the same error on openSUSE Tumbleweed, always in KTP or empathy and only sometimes in Pidgin.

Owner

EionRobb commented Dec 14, 2015

@gasinvein What version of the plugin?

@EionRobb, tried 1.6 and 1.6.1 releases and current from master.

Owner

EionRobb commented Dec 14, 2015

Are you compiling it yourself? If so, can you try with one of the other methods of rsa crypto, either with -DUSE_POLARSSL_CRYPTO or -DUSE_GCRYPT_CRYPTO

Sorry for stupid question, but how do I add this options? Setting STEAM_CRYPT_BACKEND ?= gcrypt in Makefile seems like changes nothing, libsteam.so is still linked with libssl3.so (and same error at runtime).

Sorry, I edited a wrong file. Works fine with gcrypt!

Spanguole commented May 19, 2016 edited

I am affected by this problem. After working fine for quite a while the plugin stopped working for me nearly a year ago, with that "Unable to RSA encrypt the password" error message.
I am on funtoo; tried 1.4, 1.6, 1.6.1 versions of the plugin and now, also git head. Same thing, on every version.
I tried building with -DUSE_POLARSSL_CRYPTO, but that makes the plugin non-loadable.

(17:18:45) plugins: probing /usr/lib64/purple-2/libsteam.so
(17:18:45) plugins: /usr/lib64/purple-2/libsteam.so is not loadable: undefined symbol: ctr_drbg_random

(I did install polarssl prior rebuilding it, of course)

Meanwhile -DUSE_GCRYPT_CRYPTO just plain doesn't help and results with the same error message.

Owner

EionRobb commented May 20, 2016

@Spanguole that's really weird :( are there any other errors in the Help->Debug Window error log when you connect that might hint as to what the problem is?

@EionRobb Doesn't appear to be any more informative than the output in the OP

(11:46:29) certificate/x509/tls_cached: Starting verify for steamcommunity.com
(11:46:29) certificate/x509/tls_cached: Checking for cached cert...
(11:46:29) certificate/x509/tls_cached: ...Found cached cert
(11:46:29) gnutls: Attempting to load X.509 certificate from /home/[REDACTED]/.purple/certificates/x509/tls_peers/steamcommunity.com
(11:46:29) certificate/x509/tls_cached: Peer cert matched cached
(11:46:29) util: Writing file /home/[REDACTED]/.purple/certificates/x509/tls_peers/steamcommunity.com
(11:46:29) certificate: Successfully verified certificate for steamcommunity.com
(11:46:29) steam: post_or_get_ssl_connect_cb
(11:46:30) steam: executing callback for /mobilelogin/getrsakey?username=[REDACTED]
(11:46:30) steam: password encrypt failed
(11:46:30) connection: Connection error on 0x561a8b805170 (reason: 5 description: Unable to RSA encrypt the password)
(11:46:30) account: Disconnecting account [REDACTED] (0x561a8ae10fc0)
(11:46:30) connection: Disconnecting connection 0x561a8b805170
(11:46:30) g_log: purple_url_encode: assertion 'str != NULL' failed
(11:46:30) steam: getting url /ISteamWebUserPresenceOAuth/Logoff/v0001
(11:46:30) dnsquery: Performing DNS lookup for api.steampowered.com
(11:46:30) GLib: g_source_remove: assertion 'tag > 0' failed
(11:46:30) GLib: g_source_remove: assertion 'tag > 0' failed
(11:46:30) steam: destroying 0 waiting connections
(11:46:30) steam: destroying 1 incomplete connections
(11:46:30) connection: Destroying connection 0x561a8b805170

I shall try tossing it under a debugger later today. Maybe if I can pin-point where it falls flat, this can be fixed.

Spanguole commented May 28, 2016 edited

Note: using the default nss for the crypto backend for this
Okay, so I tossed it under gdb just now and this is what I found:
line 121 of steam_rsa.c, PK11_PubEncryptRaw() gets called.
it just wraps the internal pk11_PubEncryptRaw(), which then promptly gets called.
The very first thing it does is try to get a slot with PK11_GetBestSlotWithAttributes(), which trivially wraps PK11_GetBestSlotMultipleWithAttributes().
It first tries to get a slot list with PK11_GetSlotList(), with the slot type argument CKM_RSA_X_509
It locates the slot in the list (the slot itself being NULL) and returns it.
When this slot being NULL gets returned, It all crumbles down from there on forth.

Any ideas?

Owner

EionRobb commented May 28, 2016

Wow, awesome GDB sleuthing :)

I don't know enough about NSS to be able to comment on this, but I might share it around with some mozilla-loving friends and see if they have any ideas

a lil' later I'll take a look at what happens with the gcrypt backend, too, since the symptoms are the same.

Err... with some deeper digging I found that it was actually a failure on my end, not pidgin's or this plugin's fault. I sorted it out.
It also does mean there's a bug in Gentoo. I'll make sure that gets dealt with.

Owner

EionRobb commented May 30, 2016

@Spanguole can you explain a bit more what the problem was, to help others if they run into the same thing? Also, can you link to the Gentoo bug report?

My attempts to build it with a non-default crypto backend were botched, as I just tried to use -DUSE_GCRYPT_CRYPTO and -DUSE_POLARSSL_CRYPTO to build with different crypto backends, while it now uses STEAM_CRYPT_BACKEND environment variable to do it properly.
So, I was testing with a botched up builds. I sorted that out when I noticed it.
For reference, the aforementioned gentoo bug can be found at https://bugs.gentoo.org/show_bug.cgi?id=571324

Penaz91 commented Jan 26, 2017 edited

I had the same issue, seems that installing the Pidgin-encryption plugin solved the issue for me

sdfg2 commented Apr 22, 2017 edited

Hello, me again. Sods law, found this problem again, found a handy bug that someone posted, only to see it was me -.-

I'm on gentoo as before, using 1.6.1, same problem as before. I tried pidgin-encryption, no change. I tried adding the python flag to pidgin, no change. I tried jm-overlay 1.6.1-r1 which has the polar-ssl use flag, no change.

EDIT: after doing some ldd, even with the polarssl use flag set on jm-overlay's 1.6.1-r1, it still builds with nss. No idea why. I applied the changes to the Makefile in the source to build myself, and that seems to work.

Penaz91 commented Apr 22, 2017 edited

It's really weird, I'm on gentoo too, with the same overlay and it works fine.
If it's of any help, this is what I have:

  • Gentoo Linux 4.10.10
  • dev-libs/nss-3.30.1 with only the "nss-pem" flag enabled
  • app-misc/ca-certificates-20161130.3.30.1 (no additional flags enabled)
  • x11-plugins/pidgin-encryption-3.1 (nls use flag enabled)
  • net-im/pidgin-2.12.0 (dbus, gstreamer, gtk, idn, ncurses, perl, prediction, python, sasl, spell, tcl, tk, xscreensaver, zeroconf flags on)
  • x11-plugins/pidgin-opensteamworks-1.6.1-r1 (polarssl use flag disabled)

I think I remember I enabled the encryption plugin and generated the key pair as requested. Then it started working.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment