[tor-commits] [stem/master] Replace pycrypto in hidden_service_descriptor

[atagar at torproject.org]

commit 5ab96033f09f7c3c711910ac6fe12c6dbf00f612
Author: Patrick O'Doherty <p at trickod.com>
Date:   Sat Feb 25 17:47:49 2017 -0800

    Replace pycrypto in hidden_service_descriptor
    
    Deprecate all use of pycrypto in hidden_service_descriptor module and
    replace with the cryptography library.
---
 stem/descriptor/hidden_service_descriptor.py | 29 +++++++++++++---------------
 1 file changed, 13 insertions(+), 16 deletions(-)

diff --git a/stem/descriptor/hidden_service_descriptor.py b/stem/descriptor/hidden_service_descriptor.py
index 97cd19e..30754b8 100644
--- a/stem/descriptor/hidden_service_descriptor.py
+++ b/stem/descriptor/hidden_service_descriptor.py
@@ -296,9 +296,8 @@ class HiddenServiceDescriptor(Descriptor):
 
   @staticmethod
   def _decrypt_basic_auth(content, authentication_cookie):
-    from Crypto.Cipher import AES
-    from Crypto.Util import Counter
-    from Crypto.Util.number import bytes_to_long
+    from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+    from cryptography.hazmat.backends import default_backend
 
     try:
       client_blocks = int(binascii.hexlify(content[1:2]), 16)
@@ -322,15 +321,15 @@ class HiddenServiceDescriptor(Descriptor):
 
       # try decrypting the session key
 
-      counter = Counter.new(128, initial_value = 0)
-      cipher = AES.new(authentication_cookie, AES.MODE_CTR, counter = counter)
-      session_key = cipher.decrypt(encrypted_session_key)
+      cipher = Cipher(algorithms.AES(authentication_cookie), modes.CTR('\x00' * len(iv)), default_backend())
+      decryptor = cipher.decryptor()
+      session_key = decryptor.update(encrypted_session_key) + decryptor.finalize()
 
       # attempt to decrypt the intro points with the session key
 
-      counter = Counter.new(128, initial_value = bytes_to_long(iv))
-      cipher = AES.new(session_key, AES.MODE_CTR, counter = counter)
-      decrypted = cipher.decrypt(encrypted)
+      cipher = Cipher(algorithms.AES(session_key), modes.CTR(iv), default_backend())
+      decryptor = cipher.decryptor()
+      decrypted = decryptor.update(encrypted) + decryptor.finalize()
 
       # check if the decryption looks correct
 
@@ -341,17 +340,15 @@ class HiddenServiceDescriptor(Descriptor):
 
   @staticmethod
   def _decrypt_stealth_auth(content, authentication_cookie):
-    from Crypto.Cipher import AES
-    from Crypto.Util import Counter
-    from Crypto.Util.number import bytes_to_long
+    from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+    from cryptography.hazmat.backends import default_backend
 
     # byte 1 = authentication type, 2-17 = input vector, 18 on = encrypted content
-
     iv, encrypted = content[1:17], content[17:]
-    counter = Counter.new(128, initial_value = bytes_to_long(iv))
-    cipher = AES.new(authentication_cookie, AES.MODE_CTR, counter = counter)
+    cipher = Cipher(algorithms.AES(authentication_cookie), modes.CTR(iv), default_backend())
+    decryptor = cipher.decryptor()
 
-    return cipher.decrypt(encrypted)
+    return decryptor.update(encrypted) + decryptor.finalize()
 
   @staticmethod
   def _parse_introduction_points(content):