[bridgedb/master] Move HMAC and HMACfunction creators to bridgedb.crypto module. - tor-commits

16 Mar 2014

commit 437f816fea14565a34cb9377e665c599d01b4a53
Author: Isis Lovecruft isis@torproject.org
Date:   Tue Mar 11 20:18:25 2014 +0000
Move HMAC and HMACfunction creators to bridgedb.crypto module.
* MOVE bridgedb.Bridges.get_hmac()    → bridgedb.crypto.getHMAC()
     * MOVE bridgedb.Bridges.get_hmac_fn() → bridgedb.crypto.getHMACFunc()
     * CHANGE all other modules which use these functions to use the newer
       ones.
---
 lib/bridgedb/Bridges.py |   37 ++++++-------------------------------
 lib/bridgedb/Dist.py    |   45 +++++++++++++++++++++------------------------
 lib/bridgedb/Main.py    |    6 +++---
 lib/bridgedb/crypto.py  |   27 +++++++++++++++++++++++++++
 4 files changed, 57 insertions(+), 58 deletions(-)

diff --git a/lib/bridgedb/Bridges.py b/lib/bridgedb/Bridges.py
index cd77911..2293c78 100644
--- a/lib/bridgedb/Bridges.py
+++ b/lib/bridgedb/Bridges.py
@@ -7,7 +7,6 @@ them in rings.
import binascii
 import bisect
-import hmac
 import logging
 import re
 import hashlib
@@ -15,12 +14,12 @@ import socket
 import time
 import ipaddr
 import random
-import hashlib
import bridgedb.Storage
 import bridgedb.Bucket
 import bridgedb.Util as Util
+from bridgedb.crypto import getHMACFunc
 from bridgedb.parse import addr
 from bridgedb.parse import networkstatus
@@ -32,8 +31,6 @@ except ImportError:
HEX_FP_LEN = 40
 ID_LEN = 20
-
-DIGESTMOD = hashlib.sha1
 HEX_DIGEST_LEN = 40
 DIGEST_LEN = 20
 PORTSPEC_LEN = 16
@@ -87,28 +84,6 @@ def is_valid_fingerprint(fp):
 toHex = binascii.b2a_hex
 fromHex = binascii.a2b_hex
-def get_hmac(key, value):
-    """Return the hmac of **value** using the **key**."""
-    h = hmac.new(key, value, digestmod=DIGESTMOD)
-    return h.digest()
-
-def get_hmac_fn(key, hex=True):
-    """Return a function that computes the hmac of its input using the key k.
-
-    :param bool hex: If True, the output of the function will be hex-encoded.
-    :rtype: callable
-    :returns: A function which can be uses to generate HMACs.
-    """
-    h = hmac.new(key, digestmod=DIGESTMOD)
-    def hmac_fn(value):
-        h_tmp = h.copy()
-        h_tmp.update(value)
-        if hex:
-            return h_tmp.hexdigest()
-        else:
-            return h_tmp.digest()
-    return hmac_fn
-
 def chopString(s, size):
     """Generator. Given a string and a length, divide the string into pieces
        of no more than that length.
@@ -216,7 +191,7 @@ class Bridge(object):
         """
if not request: request = 'default'
-        digest = get_hmac_fn('Order-Or-Addresses')(request)
+        digest = getHMACFunc('Order-Or-Addresses')(request)
         pos = long(digest[:8], 16) # lower 8 bytes -> long
# default address type
@@ -847,7 +822,7 @@ class BridgeRing(BridgeHolder):
         """
         self.bridges = {}
         self.bridgesByID = {}
-        self.hmac = get_hmac_fn(key, hex=False)
+        self.hmac = getHMACFunc(key, hex=False)
         self.isSorted = False
         self.sortedKeys = []
         if answerParameters is None:
@@ -1045,7 +1020,7 @@ class FixedBridgeSplitter(BridgeHolder):
        them to several sub-bridgeholders with equal probability.
     """
     def __init__(self, key, rings):
-        self.hmac = get_hmac_fn(key, hex=True)
+        self.hmac = getHMACFunc(key, hex=True)
         self.rings = rings[:]
         for r in self.rings:
             assert(isinstance(r, BridgeHolder))
@@ -1123,7 +1098,7 @@ class BridgeSplitter(BridgeHolder):
        Bridge-to-bridgeholder associations are recorded in a store.
     """
     def __init__(self, key):
-        self.hmac = get_hmac_fn(key, hex=True)
+        self.hmac = getHMACFunc(key, hex=True)
         self.ringsByName = {}
         self.totalP = 0
         self.pValues = []
@@ -1230,7 +1205,7 @@ class FilteredBridgeSplitter(BridgeHolder):
         """
         self.key = key
         self.filterRings = {}
-        self.hmac = get_hmac_fn(key, hex=True)
+        self.hmac = getHMACFunc(key, hex=True)
         self.bridges = []
         self.distributorName = ''
diff --git a/lib/bridgedb/Dist.py b/lib/bridgedb/Dist.py
index 6e9c436..9d3b06e 100644
--- a/lib/bridgedb/Dist.py
+++ b/lib/bridgedb/Dist.py
@@ -15,11 +15,14 @@ import re
 import time
 from ipaddr import IPv6Address, IPAddress
+from bridgedb.crypto import getHMAC
+from bridgedb.crypto import getHMACFunc
 from bridgedb.Filters import filterAssignBridgesToRing
 from bridgedb.Filters import filterBridgesByRules
 from bridgedb.Filters import filterBridgesByIP4
 from bridgedb.Filters import filterBridgesByIP6
+
 def uniformMap(ip):
     """Map an IP to an arbitrary 'area' string, such that any two /24 addresses
     get the same string.
@@ -137,11 +140,11 @@ class IPBasedDistributor(Distributor):
         for c in ipCategories:
             self.categories.append(c)
-        key2 = bridgedb.Bridges.get_hmac(key, "Assign-Bridges-To-Rings")
-        key3 = bridgedb.Bridges.get_hmac(key, "Order-Areas-In-Rings")
-        self.areaOrderHmac = bridgedb.Bridges.get_hmac_fn(key3, hex=False)
-        key4 = bridgedb.Bridges.get_hmac(key, "Assign-Areas-To-Rings")
-        self.areaClusterHmac = bridgedb.Bridges.get_hmac_fn(key4, hex=True)
+        key2 = getHMAC(key, "Assign-Bridges-To-Rings")
+        key3 = getHMAC(key, "Order-Areas-In-Rings")
+        self.areaOrderHmac = getHMACFunc(key3, hex=False)
+        key4 = getHMAC(key, "Assign-Areas-To-Rings")
+        self.areaClusterHmac = getHMACFunc(key4, hex=True)
# add splitter and cache the default rings
         # plus leave room for dynamic filters
@@ -170,9 +173,8 @@ class IPBasedDistributor(Distributor):
                 if filterFn:
                     bridgeFilterRules.append(filterFn)
                 ruleset = frozenset(bridgeFilterRules)
-                key1 = bridgedb.Bridges.get_hmac(self.splitter.key,
-                                                 "Order-Bridges-In-Ring-%d"
-                                                 % n)
+                key1 = getHMAC(self.splitter.key,
+                               "Order-Bridges-In-Ring-%d" % n)
                 n += 1
                 ring = bridgedb.Bridges.BridgeRing(key1, self.answerParameters)
                 ring.setName('{0} Ring'.format(self.name))
@@ -192,9 +194,8 @@ class IPBasedDistributor(Distributor):
                 if filterFn:
                     bridgeFilterRules.append(filterFn)
                 ruleset = frozenset(bridgeFilterRules)
-                key1 = bridgedb.Bridges.get_hmac(self.splitter.key,
-                                                 "Order-Bridges-In-Ring-%d"
-                                                 % clusterNum)
+                key1 = getHMAC(self.splitter.key,
+                               "Order-Bridges-In-Ring-%d" % clusterNum)
                 ring = bridgedb.Bridges.BridgeRing(key1, self.answerParameters)
                 self.splitter.addRing(ring,
                                       ruleset,
@@ -262,9 +263,8 @@ class IPBasedDistributor(Distributor):
                 bridgeFilterRules.append(g)
                 logging.info("category<%s>%s", epoch, Util.logSafely(area))
                 pos = self.areaOrderHmac("category<%s>%s" % (epoch, area))
-                key1 = bridgedb.Bridges.get_hmac(self.splitter.key,
-                                                 "Order-Bridges-In-Ring-%d"
-                                                 % n)
+                key1 = getHMAC(self.splitter.key,
+                               "Order-Bridges-In-Ring-%d" % n)
                 break
             n += 1
@@ -281,9 +281,8 @@ class IPBasedDistributor(Distributor):
                                           clusterNum)
             bridgeFilterRules.append(g)
             pos = self.areaOrderHmac("<%s>%s" % (epoch, area))
-            key1 = bridgedb.Bridges.get_hmac(self.splitter.key,
-                                             "Order-Bridges-In-Ring-%d"
-                                             % clusterNum)
+            key1 = getHMAC(self.splitter.key,
+                           "Order-Bridges-In-Ring-%d" % clusterNum)
# try to find a cached copy
         ruleset = frozenset(bridgeFilterRules)
@@ -425,10 +424,10 @@ class EmailBasedDistributor(Distributor):
     ##       to their canonical forms.
     def __init__(self, key, domainmap, domainrules,
                  answerParameters=None):
-        key1 = bridgedb.Bridges.get_hmac(key, "Map-Addresses-To-Ring")
-        self.emailHmac = bridgedb.Bridges.get_hmac_fn(key1, hex=False)
+        key1 = getHMAC(key, "Map-Addresses-To-Ring")
+        self.emailHmac = getHMACFunc(key1, hex=False)
-        key2 = bridgedb.Bridges.get_hmac(key, "Order-Bridges-In-Ring")
+        key2 = getHMAC(key, "Order-Bridges-In-Ring")
         # XXXX clear the store when the period rolls over!
         self.domainmap = domainmap
         self.domainrules = domainrules
@@ -506,8 +505,7 @@ class EmailBasedDistributor(Distributor):
             logging.debug("Cache miss %s" % ruleset)
# add new ring
-            key1 = bridgedb.Bridges.get_hmac(self.splitter.key,
-                                             "Order-Bridges-In-Ring")
+            key1 = getHMAC(self.splitter.key, "Order-Bridges-In-Ring")
             ring = bridgedb.Bridges.BridgeRing(key1, self.answerParameters)
             # debug log: cache miss
             self.splitter.addRing(ring, ruleset,
@@ -544,8 +542,7 @@ class EmailBasedDistributor(Distributor):
         # populate all rings (for dumping assignments and testing)
         for filterFn in [filterBridgesByIP4, filterBridgesByIP6]:
             ruleset = frozenset([filterFn])
-            key1 = bridgedb.Bridges.get_hmac(self.splitter.key,
-                                             "Order-Bridges-In-Ring")
+            key1 = getHMAC(self.splitter.key, "Order-Bridges-In-Ring")
             ring = bridgedb.Bridges.BridgeRing(key1, self.answerParameters)
             self.splitter.addRing(ring, ruleset,
                                   filterBridgesByRules([filterFn]),
diff --git a/lib/bridgedb/Main.py b/lib/bridgedb/Main.py
index be8b1b0..e7dc153 100644
--- a/lib/bridgedb/Main.py
+++ b/lib/bridgedb/Main.py
@@ -410,7 +410,7 @@ def startup(options):
# Create a BridgeSplitter to assign the bridges to the different
     # distributors.
-    splitter = Bridges.BridgeSplitter(Bridges.get_hmac(key, "Splitter-Key"))
+    splitter = Bridges.BridgeSplitter(crypto.getHMAC(key, "Splitter-Key"))
     logging.debug("Created splitter: %r" % splitter)
# Create ring parameters.
@@ -431,7 +431,7 @@ def startup(options):
         ipDistributor = Dist.IPBasedDistributor(
             Dist.uniformMap,
             config.N_IP_CLUSTERS,
-            Bridges.get_hmac(key, "HTTPS-IP-Dist-Key"),
+            crypto.getHMAC(key, "HTTPS-IP-Dist-Key"),
             categories,
             answerParameters=ringParams)
         splitter.addRing(ipDistributor, "https", config.HTTPS_SHARE)
@@ -442,7 +442,7 @@ def startup(options):
     if config.EMAIL_DIST and config.EMAIL_SHARE:
         logging.debug("Setting up Email Distributor...")
         emailDistributor = Dist.EmailBasedDistributor(
-            Bridges.get_hmac(key, "Email-Dist-Key"),
+            crypto.getHMAC(key, "Email-Dist-Key"),
             config.EMAIL_DOMAIN_MAP.copy(),
             config.EMAIL_DOMAIN_RULES.copy(),
             answerParameters=ringParams)
diff --git a/lib/bridgedb/crypto.py b/lib/bridgedb/crypto.py
index d615489..054ec11 100644
--- a/lib/bridgedb/crypto.py
+++ b/lib/bridgedb/crypto.py
@@ -29,12 +29,17 @@
 from __future__ import absolute_import
 from __future__ import unicode_literals
+import hashlib
+import hmac
 import logging
 import os
import OpenSSL.rand
+#: The hash digest to use for HMACs.
+DIGESTMOD = hashlib.sha1
+
 def getKey(filename):
     """Load the key stored in ``filename``, or create a new key.
@@ -74,3 +79,25 @@ def getKey(filename):
         key = fh.read()
         fh.close()
     return key
+
+def getHMAC(key, value):
+    """Return the HMAC of **value** using the **key**."""
+    h = hmac.new(key, value, digestmod=DIGESTMOD)
+    return h.digest()
+
+def getHMACFunc(key, hex=True):
+    """Return a function that computes the HMAC of its input using the **key**.
+
+    :param bool hex: If True, the output of the function will be hex-encoded.
+    :rtype: callable
+    :returns: A function which can be uses to generate HMACs.
+    """
+    h = hmac.new(key, digestmod=DIGESTMOD)
+    def hmac_fn(value):
+        h_tmp = h.copy()
+        h_tmp.update(value)
+        if hex:
+            return h_tmp.hexdigest()
+        else:
+            return h_tmp.digest()
+    return hmac_fn

    