[tor-commits] [stem/master] Making several stem.util.connection functions private

Sun Mar 10 07:16:29 UTC 2013

commit f8b538b00bd16fece4d368c892a7977dd0f8260b
Author: Damian Johnson <atagar at torproject.org>
Date:   Sat Mar 9 22:29:37 2013 -0800

    Making several stem.util.connection functions private
    
    The connection module has several functions that I'd rather not vend. Marking
    them as private to discourage their use.
---
 stem/connection.py           |    6 +++---
 stem/exit_policy.py          |    8 ++++----
 stem/util/connection.py      |   30 ++++++++++++------------------
 test/unit/util/connection.py |   22 +++++++++++-----------
 4 files changed, 30 insertions(+), 36 deletions(-)

diff --git a/stem/connection.py b/stem/connection.py
index 952c17f..dc70bce 100644
--- a/stem/connection.py
+++ b/stem/connection.py
@@ -732,15 +732,15 @@ def authenticate_safecookie(controller, cookie_path, suppress_ctl_errors = True)
     else:
       raise AuthChallengeFailed("Unable to parse AUTHCHALLENGE response: %s" % exc, cookie_path)
 
-  expected_server_hash = stem.util.connection.hmac_sha256(
+  expected_server_hash = stem.util.connection._hmac_sha256(
     SERVER_HASH_CONSTANT,
     cookie_data + client_nonce + authchallenge_response.server_nonce)
 
-  if not stem.util.connection.cryptovariables_equal(authchallenge_response.server_hash, expected_server_hash):
+  if not stem.util.connection._cryptovariables_equal(authchallenge_response.server_hash, expected_server_hash):
     raise AuthSecurityFailure("Tor provided the wrong server nonce", cookie_path)
 
   try:
-    client_hash = stem.util.connection.hmac_sha256(
+    client_hash = stem.util.connection._hmac_sha256(
       CLIENT_HASH_CONSTANT,
       cookie_data + client_nonce + authchallenge_response.server_nonce)
 
diff --git a/stem/exit_policy.py b/stem/exit_policy.py
index 6b31f73..48dc28a 100644
--- a/stem/exit_policy.py
+++ b/stem/exit_policy.py
@@ -568,7 +568,7 @@ class ExitPolicyRule(object):
       if address is None:
         return False
       else:
-        comparison_addr_bin = int(stem.util.connection.get_address_binary(address), 2)
+        comparison_addr_bin = int(stem.util.connection._get_address_binary(address), 2)
         comparison_addr_bin &= self._get_mask_bin()
 
         if self._get_address_bin() != comparison_addr_bin:
@@ -681,7 +681,7 @@ class ExitPolicyRule(object):
     # provides an integer representation of our mask
 
     if self._mask_bin is None:
-      self._mask_bin = int(stem.util.connection.get_address_binary(self.get_mask(False)), 2)
+      self._mask_bin = int(stem.util.connection._get_address_binary(self.get_mask(False)), 2)
 
     return self._mask_bin
 
@@ -689,7 +689,7 @@ class ExitPolicyRule(object):
     # provides an integer representation of our address
 
     if self._addr_bin is None:
-      self._addr_bin = int(stem.util.connection.get_address_binary(self.address), 2) & self._mask_bin
+      self._addr_bin = int(stem.util.connection._get_address_binary(self.address), 2) & self._mask_bin
 
     return self._addr_bin
 
@@ -718,7 +718,7 @@ class ExitPolicyRule(object):
       elif stem.util.connection.is_valid_ipv4_address(addr_extra):
         # provided with an ip4mask
         try:
-          self._masked_bits = stem.util.connection.get_masked_bits(addr_extra)
+          self._masked_bits = stem.util.connection._get_masked_bits(addr_extra)
         except ValueError:
           # mask can't be represented as a number of bits (ex. "255.255.0.255")
           self._mask = addr_extra
diff --git a/stem/util/connection.py b/stem/util/connection.py
index 92776f5..b1a292d 100644
--- a/stem/util/connection.py
+++ b/stem/util/connection.py
@@ -15,12 +15,6 @@ but for now just moving the parts we need.
   expand_ipv6_address - provides an IPv6 address with its collapsed portions expanded
   get_mask_ipv4 - provides the mask representation for a given number of bits
   get_mask_ipv6 - provides the IPv6 mask representation for a given number of bits
-  get_masked_bits - provides the number of bits represented by a mask
-  get_binary - provides the binary representation for an integer with padding
-  get_address_binary - provides the binary representation for an address
-
-  hmac_sha256 - provides a sha256 digest
-  cryptovariables_equal - string comparison for cryptographic operations
 """
 
 import hashlib
@@ -181,7 +175,7 @@ def get_mask_ipv4(bits):
     return FULL_IPv4_MASK
 
   # get the binary representation of the mask
-  mask_bin = get_binary(2 ** bits - 1, 32)[::-1]
+  mask_bin = _get_binary(2 ** bits - 1, 32)[::-1]
 
   # breaks it into eight character groupings
   octets = [mask_bin[8 * i:8 * (i + 1)] for i in xrange(4)]
@@ -208,7 +202,7 @@ def get_mask_ipv6(bits):
     return FULL_IPv6_MASK
 
   # get the binary representation of the mask
-  mask_bin = get_binary(2 ** bits - 1, 128)[::-1]
+  mask_bin = _get_binary(2 ** bits - 1, 128)[::-1]
 
   # breaks it into sixteen character groupings
   groupings = [mask_bin[16 * i:16 * (i + 1)] for i in xrange(8)]
@@ -217,7 +211,7 @@ def get_mask_ipv6(bits):
   return ":".join(["%04x" % int(group, 2) for group in groupings]).upper()
 
 
-def get_masked_bits(mask):
+def _get_masked_bits(mask):
   """
   Provides the number of bits that an IPv4 subnet mask represents. Note that
   not all masks can be represented by a bit count.
@@ -233,7 +227,7 @@ def get_masked_bits(mask):
     raise ValueError("'%s' is an invalid subnet mask" % mask)
 
   # converts octets to binary representation
-  mask_bin = get_address_binary(mask)
+  mask_bin = _get_address_binary(mask)
   mask_match = re.match("^(1*)(0*)$", mask_bin)
 
   if mask_match:
@@ -242,7 +236,7 @@ def get_masked_bits(mask):
     raise ValueError("Unable to convert mask to a bit count: %s" % mask)
 
 
-def get_binary(value, bits):
+def _get_binary(value, bits):
   """
   Provides the given value as a binary string, padded with zeros to the given
   number of bits.
@@ -255,7 +249,7 @@ def get_binary(value, bits):
   return "".join([str((value >> y) & 1) for y in range(bits - 1, -1, -1)])
 
 
-def get_address_binary(address):
+def _get_address_binary(address):
   """
   Provides the binary value for an IPv4 or IPv6 address.
 
@@ -265,15 +259,15 @@ def get_address_binary(address):
   """
 
   if is_valid_ipv4_address(address):
-    return "".join([get_binary(int(octet), 8) for octet in address.split(".")])
+    return "".join([_get_binary(int(octet), 8) for octet in address.split(".")])
   elif is_valid_ipv6_address(address):
     address = expand_ipv6_address(address)
-    return "".join([get_binary(int(grouping, 16), 16) for grouping in address.split(":")])
+    return "".join([_get_binary(int(grouping, 16), 16) for grouping in address.split(":")])
   else:
     raise ValueError("'%s' is neither an IPv4 or IPv6 address" % address)
 
 
-def hmac_sha256(key, msg):
+def _hmac_sha256(key, msg):
   """
   Generates a sha256 digest using the given key and message.
 
@@ -286,7 +280,7 @@ def hmac_sha256(key, msg):
   return hmac.new(key, msg, hashlib.sha256).digest()
 
 
-def cryptovariables_equal(x, y):
+def _cryptovariables_equal(x, y):
   """
   Compares two strings for equality securely.
 
@@ -297,5 +291,5 @@ def cryptovariables_equal(x, y):
   """
 
   return (
-    hmac_sha256(CRYPTOVARIABLE_EQUALITY_COMPARISON_NONCE, x) ==
-    hmac_sha256(CRYPTOVARIABLE_EQUALITY_COMPARISON_NONCE, y))
+    _hmac_sha256(CRYPTOVARIABLE_EQUALITY_COMPARISON_NONCE, x) ==
+    _hmac_sha256(CRYPTOVARIABLE_EQUALITY_COMPARISON_NONCE, y))
diff --git a/test/unit/util/connection.py b/test/unit/util/connection.py
index ecbe04a..99ee050 100644
--- a/test/unit/util/connection.py
+++ b/test/unit/util/connection.py
@@ -123,20 +123,20 @@ class TestConnection(unittest.TestCase):
 
   def test_get_masked_bits(self):
     """
-    Checks the get_masked_bits function.
+    Checks the _get_masked_bits function.
     """
 
-    self.assertEquals(32, stem.util.connection.get_masked_bits("255.255.255.255"))
-    self.assertEquals(29, stem.util.connection.get_masked_bits("255.255.255.248"))
-    self.assertEquals(23, stem.util.connection.get_masked_bits("255.255.254.0"))
-    self.assertEquals(0, stem.util.connection.get_masked_bits("0.0.0.0"))
+    self.assertEquals(32, stem.util.connection._get_masked_bits("255.255.255.255"))
+    self.assertEquals(29, stem.util.connection._get_masked_bits("255.255.255.248"))
+    self.assertEquals(23, stem.util.connection._get_masked_bits("255.255.254.0"))
+    self.assertEquals(0, stem.util.connection._get_masked_bits("0.0.0.0"))
 
-    self.assertRaises(ValueError, stem.util.connection.get_masked_bits, "blarg")
-    self.assertRaises(ValueError, stem.util.connection.get_masked_bits, "255.255.0.255")
+    self.assertRaises(ValueError, stem.util.connection._get_masked_bits, "blarg")
+    self.assertRaises(ValueError, stem.util.connection._get_masked_bits, "255.255.0.255")
 
   def test_get_address_binary(self):
     """
-    Checks the get_address_binary function.
+    Checks the _get_address_binary function.
     """
 
     test_values = {
@@ -151,7 +151,7 @@ class TestConnection(unittest.TestCase):
     }
 
     for test_arg, expected in test_values.items():
-      self.assertEquals(expected, stem.util.connection.get_address_binary(test_arg))
+      self.assertEquals(expected, stem.util.connection._get_address_binary(test_arg))
 
-    self.assertRaises(ValueError, stem.util.connection.get_address_binary, "")
-    self.assertRaises(ValueError, stem.util.connection.get_address_binary, "blarg")
+    self.assertRaises(ValueError, stem.util.connection._get_address_binary, "")
+    self.assertRaises(ValueError, stem.util.connection._get_address_binary, "blarg")



