[stem/master] Generate signature with PKCS1 padding - tor-commits

20 Jun 2017

commit f8f434d5cc65460de98c41672476c4b2b6707bc0
Author: Damian Johnson atagar@torproject.org
Date:   Mon Jun 19 13:12:20 2017 -0700
Generate signature with PKCS1 padding
Blindly followed the cryptography module's example to start with but turns out
    it does PKCS1 padding for us. This gets us further with validation but still
    not working just yet. Oh, and also lets us drop our manual PKCS1 padding.
---
 stem/descriptor/server_descriptor.py | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/stem/descriptor/server_descriptor.py b/stem/descriptor/server_descriptor.py
index 30599a8..a0759b1 100644
--- a/stem/descriptor/server_descriptor.py
+++ b/stem/descriptor/server_descriptor.py
@@ -52,9 +52,6 @@ from stem.util import str_type
 from stem.descriptor import (
   CRYPTO_BLOB,
   PGP_BLOCK_END,
-  DIGEST_TYPE_INFO,
-  DIGEST_PADDING,
-  DIGEST_SEPARATOR,
   Descriptor,
   _descriptor_content,
   _descriptor_components,
@@ -234,7 +231,7 @@ def _generate_signing_key():
public_key = private_key.public_key()
-  pem = '\n' + public_key.public_bytes(
+  pem = public_key.public_bytes(
     encoding = serialization.Encoding.PEM,
     format = serialization.PublicFormat.PKCS1,
   ).strip()
@@ -252,13 +249,8 @@ def _generate_signature(content, signing_key):
   from cryptography.hazmat.primitives import hashes
   from cryptography.hazmat.primitives.asymmetric import padding
-  # generate the digest with required PKCS1 padding so it's 128 bytes
-
   digest = hashlib.sha1(content).hexdigest().decode('hex_codec')
-  digest = DIGEST_TYPE_INFO + (DIGEST_PADDING * (125 - len(digest))) + DIGEST_SEPARATOR + digest
-
-  padding = padding.PSS(mgf = padding.MGF1(hashes.SHA256()), salt_length = padding.PSS.MAX_LENGTH)
-  signature = base64.b64encode(signing_key.private.sign(digest, padding, hashes.SHA256()))
+  signature = base64.b64encode(signing_key.private.sign(digest, padding.PKCS1v15(), hashes.SHA1()))
   return  '-----BEGIN SIGNATURE-----\n' + '\n'.join(stem.util.str_tools._split_by_length(signature, 64)) + '\n-----END SIGNATURE-----\n'
@@ -884,7 +876,7 @@ class RelayDescriptor(ServerDescriptor):
       # appending the content signature
signing_key = _generate_signing_key()
-      attr['signing-key'] = signing_key.descriptor_signing_key
+      attr['signing-key'] = '\n' + signing_key.descriptor_signing_key
       content = _descriptor_content(attr, exclude, sign, RELAY_SERVER_HEADER) + '\nrouter-signature\n'
return content + _generate_signature(content, signing_key)

    