commit 808ff48c972e829d48232d393143acf41de9707d Author: Isis Lovecruft isis@torproject.org Date: Sat Oct 26 12:48:54 2013 +0000
Move getKey() to crypto module. --- lib/bridgedb/Main.py | 33 ++---------------------------- lib/bridgedb/crypto.py | 53 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 31 deletions(-)
diff --git a/lib/bridgedb/Main.py b/lib/bridgedb/Main.py index 2b8e4f8..5701681 100644 --- a/lib/bridgedb/Main.py +++ b/lib/bridgedb/Main.py @@ -18,6 +18,7 @@ from twisted.internet import reactor
from bridgedb.parse import options
+import bridgedb.crypto import bridgedb.Bridges as Bridges import bridgedb.Dist as Dist import bridgedb.Time as Time @@ -148,36 +149,6 @@ def configureLogging(cfg): logging.warn("Safe Logging: Disabled")
-def getKey(fname): - """Load the key stored in fname, or create a new 32-byte key and store - it in fname. - - >>> name = os.tmpnam() - >>> os.path.exists(name) - False - >>> k1 = getKey(name) - >>> os.path.exists(name) - True - >>> open(name).read() == k1 - True - >>> k2 = getKey(name) - >>> k1 == k2 - True - """ - try: - f = open(fname, 'rb') - except IOError: - k = os.urandom(32) - flags = os.O_WRONLY|os.O_TRUNC|os.O_CREAT|getattr(os, "O_BIN", 0) - fd = os.open(fname, flags, 0400) - os.write(fd, k) - os.close(fd) - else: - k = f.read() - f.close() - - return k - def load(cfg, splitter, clear=False): """Read all the bridge files from cfg, and pass them into a splitter object. @@ -329,7 +300,7 @@ def startup(cfg, options): from bridgedb import HTTPServer
# Load the master key, or create a new one. - key = getKey(cfg.MASTER_KEY_FILE) + key = bridgedb.crypto.getKey(cfg.MASTER_KEY_FILE)
# Initialize our DB file. db = bridgedb.Storage.Database(cfg.DB_FILE+".sqlite", diff --git a/lib/bridgedb/crypto.py b/lib/bridgedb/crypto.py new file mode 100644 index 0000000..ea00733 --- /dev/null +++ b/lib/bridgedb/crypto.py @@ -0,0 +1,53 @@ +# -*- coding: utf-8 -*- +# +# This file is part of BridgeDB, a Tor bridge distribution system. +# +# :authors: Isis Lovecruft 0xA3ADB67A2CDB8B35 isis@torproject.org +# please also see AUTHORS file +# :copyright: (c) 2007-2013, The Tor Project, Inc. +# (c) 2007-2013, all entities within the AUTHORS file +# :license: 3-clause BSD, see included LICENSE for information + + +from __future__ import absolute_import +from __future__ import unicode_literals + +import os + +import OpenSSL.rand + + +def getKey(filename): + """Load the key stored in ``filename``, or create a new key. + + If ``filename`` does not exist, create a new 32-byte key and store it in + ``filename``. + + >>> name = os.tmpnam() + >>> os.path.exists(name) + False + >>> k1 = getKey(name) + >>> os.path.exists(name) + True + >>> open(name).read() == k1 + True + >>> k2 = getKey(name) + >>> k1 == k2 + True + + :param string filename: The filename to store the secret key in. + :rtype: bytes + :returns: A byte string containing the secret key. + """ + try: + fh = open(filename, 'rb') + except IOError: + key = OpenSSL.rand.bytes(32) + flags = os.O_WRONLY | os.O_TRUNC | os.O_CREAT | getattr(os, "O_BIN", 0) + with os.open(filename, flags, 0400) as fd: + os.write(fd, key) + os.fsync(fd) + else: + key = fh.read() + fh.close() + return key