commit 7f6bbf7398fe1a9f8df00721fd09b7918e7be578 Author: Damian Johnson atagar@torproject.org Date: Mon Jun 19 13:36:29 2017 -0700

Digest hashed twice

Oops, we generated the sha1 hash of our digest but then cryptography it's hashed with sha1. Probably means we hash this twice. --- stem/descriptor/__init__.py | 2 +- stem/descriptor/server_descriptor.py | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/stem/descriptor/__init__.py b/stem/descriptor/__init__.py index e18dfd2..be28c7a 100644 --- a/stem/descriptor/__init__.py +++ b/stem/descriptor/__init__.py @@ -374,7 +374,7 @@ def _descriptor_content(attr = None, exclude = (), sign = False, header_template :param tuple header_template: key/value pairs for mandatory fields before unrecognized content :param tuple footer_template: key/value pairs for mandatory fields after unrecognized content

- :returns: str with the requested descriptor content + :returns: bytes with the requested descriptor content

:raises: **ImportError** if cryptography is unavailable and sign is True """ diff --git a/stem/descriptor/server_descriptor.py b/stem/descriptor/server_descriptor.py index a0759b1..8204c44 100644 --- a/stem/descriptor/server_descriptor.py +++ b/stem/descriptor/server_descriptor.py @@ -249,8 +249,7 @@ def _generate_signature(content, signing_key): from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import padding

- digest = hashlib.sha1(content).hexdigest().decode('hex_codec') - signature = base64.b64encode(signing_key.private.sign(digest, padding.PKCS1v15(), hashes.SHA1())) + signature = base64.b64encode(signing_key.private.sign(content, padding.PKCS1v15(), hashes.SHA1())) return '-----BEGIN SIGNATURE-----\n' + '\n'.join(stem.util.str_tools._split_by_length(signature, 64)) + '\n-----END SIGNATURE-----\n'