commit 11dae77ac5fbc2b8ee5c20b4b97fb253bbcb2998 Author: Patrick O'Doherty p@trickod.com Date: Sat Feb 25 16:35:28 2017 -0800
Begin deprecating pycrypto with cryptography.
Refs: https://bugs.torproject.org/21086
Deprecate the usage of pycrypto in the descriptor _digest_for_signature function in favour of the cryptography[0] library.
[0] - https://pypi.python.org/pypi/cryptography --- requirements.txt | 1 + stem/descriptor/__init__.py | 18 ++++++++---------- 2 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/requirements.txt b/requirements.txt index ce5d201..5fb3d12 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,3 +3,4 @@ pyflakes pycodestyle pycrypto tox +cryptography diff --git a/stem/descriptor/__init__.py b/stem/descriptor/__init__.py index 7c64293..5a6ec44 100644 --- a/stem/descriptor/__init__.py +++ b/stem/descriptor/__init__.py @@ -565,17 +565,16 @@ class Descriptor(object): if not stem.prereq.is_crypto_available(): raise ValueError('Generating the signed digest requires pycrypto')
- from Crypto.Util import asn1 - from Crypto.Util.number import bytes_to_long, long_to_bytes + from cryptography.hazmat.backends import default_backend + from cryptography.hazmat.primitives.serialization import load_der_public_key + from cryptography.utils import int_to_bytes, int_from_bytes
- # get the ASN.1 sequence - - seq = asn1.DerSequence() - seq.decode(_bytes_for_block(signing_key)) - modulus, public_exponent = seq[0], seq[1] + key = load_der_public_key(_bytes_for_block(signing_key), default_backend()) + modulus = key.public_numbers().n + public_exponent = key.public_numbers().e
sig_as_bytes = _bytes_for_block(signature) - sig_as_long = bytes_to_long(sig_as_bytes) # convert signature to an int + sig_as_long = int_from_bytes(sig_as_bytes, byteorder='big') # convert signature to an int blocksize = 128 # block size will always be 128 for a 1024 bit key
# use the public exponent[e] & the modulus[n] to decrypt the int @@ -583,8 +582,7 @@ class Descriptor(object): decrypted_int = pow(sig_as_long, public_exponent, modulus)
# convert the int to a byte array - - decrypted_bytes = long_to_bytes(decrypted_int, blocksize) + decrypted_bytes = int_to_bytes(decrypted_int, blocksize)
############################################################################ # The decrypted bytes should have a structure exactly along these lines.