commit 78eaa445c9344b878e55c3e114f73358faa8d008 Author: Damian Johnson <atagar@torproject.org> Date: Wed Jun 21 08:51:24 2017 -0700 Python3 support for server descriptor signing While writing it I consciously didn't invest effort into making it compatible. Now that we've got it working fixing that. Most interesting issue was... ====================================================================== ERROR: test_descriptor_signing ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/atagar/Desktop/stem/test/require.py", line 58, in wrapped return func(self, *args, **kwargs) File "/home/atagar/Desktop/stem/test/unit/descriptor/server_descriptor.py", line 260, in test_descriptor_signing RelayDescriptor.create(sign = True) File "/home/atagar/Desktop/stem/stem/descriptor/server_descriptor.py", line 873, in create return cls(cls.content(attr, exclude, sign, private_signing_key), validate = validate, skip_crypto_validation = not sign) File "/home/atagar/Desktop/stem/stem/descriptor/server_descriptor.py", line 865, in content signature = base64.b64encode(private_signing_key.sign(content, padding.PKCS1v15(), hashes.SHA1())) File "/usr/local/lib/python3.2/dist-packages/cryptography/hazmat/backends/openssl/rsa.py", line 463, in sign algorithm, self, data File "/usr/local/lib/python3.2/dist-packages/cryptography/hazmat/backends/openssl/rsa.py", line 199, in _rsa_sig_sign backend.openssl_assert(res > 0) TypeError: unorderable types: NoneType() > int() ---------------------------------------------------------------------- This was due to one of our no_op mocks. --- stem/descriptor/__init__.py | 2 +- stem/descriptor/server_descriptor.py | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stem/descriptor/__init__.py b/stem/descriptor/__init__.py index 96cf0b4..bf336fb 100644 --- a/stem/descriptor/__init__.py +++ b/stem/descriptor/__init__.py @@ -391,7 +391,7 @@ def _descriptor_content(attr = None, exclude = (), sign = False, header_template if keyword in exclude: continue - value = attr.pop(keyword, value) + value = stem.util.str_tools._to_unicode(attr.pop(keyword, value)) if value is None: continue diff --git a/stem/descriptor/server_descriptor.py b/stem/descriptor/server_descriptor.py index 4e55ee2..2c7258a 100644 --- a/stem/descriptor/server_descriptor.py +++ b/stem/descriptor/server_descriptor.py @@ -847,7 +847,7 @@ class RelayDescriptor(ServerDescriptor): # ewww. def no_op(*args, **kwargs): - pass + return 1 private_signing_key._backend._lib.EVP_PKEY_CTX_set_signature_md = no_op private_signing_key._backend.openssl_assert = no_op @@ -855,15 +855,15 @@ class RelayDescriptor(ServerDescriptor): # create descriptor content without the router-signature, then # appending the content signature - attr['signing-key'] = '\n' + private_signing_key.public_key().public_bytes( + attr['signing-key'] = b'\n' + private_signing_key.public_key().public_bytes( encoding = serialization.Encoding.PEM, format = serialization.PublicFormat.PKCS1, ).strip() - content = _descriptor_content(attr, exclude, sign, RELAY_SERVER_HEADER) + '\nrouter-signature\n' + content = _descriptor_content(attr, exclude, sign, RELAY_SERVER_HEADER) + b'\nrouter-signature\n' signature = base64.b64encode(private_signing_key.sign(content, padding.PKCS1v15(), hashes.SHA1())) - return content + '\n'.join(['-----BEGIN SIGNATURE-----'] + stem.util.str_tools._split_by_length(signature, 64) + ['-----END SIGNATURE-----\n']) + return content + b'\n'.join([b'-----BEGIN SIGNATURE-----'] + stem.util.str_tools._split_by_length(signature, 64) + [b'-----END SIGNATURE-----\n']) else: return _descriptor_content(attr, exclude, sign, RELAY_SERVER_HEADER, RELAY_SERVER_FOOTER)