[tor-commits] [stem/master] Begin deprecating pycrypto with cryptography.

atagar at torproject.org atagar at torproject.org
Mon Feb 27 00:49:11 UTC 2017 

commit 11dae77ac5fbc2b8ee5c20b4b97fb253bbcb2998
Author: Patrick O'Doherty <p at trickod.com>
Date:   Sat Feb 25 16:35:28 2017 -0800

    Begin deprecating pycrypto with cryptography.
    
    Refs: https://bugs.torproject.org/21086
    
    Deprecate the usage of pycrypto in the descriptor _digest_for_signature
    function in favour of the cryptography[0] library.
    
    [0] - https://pypi.python.org/pypi/cryptography
---
 requirements.txt            |  1 +
 stem/descriptor/__init__.py | 18 ++++++++----------
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index ce5d201..5fb3d12 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,3 +3,4 @@ pyflakes
 pycodestyle
 pycrypto
 tox
+cryptography
diff --git a/stem/descriptor/__init__.py b/stem/descriptor/__init__.py
index 7c64293..5a6ec44 100644
--- a/stem/descriptor/__init__.py
+++ b/stem/descriptor/__init__.py
@@ -565,17 +565,16 @@ class Descriptor(object):
     if not stem.prereq.is_crypto_available():
       raise ValueError('Generating the signed digest requires pycrypto')
 
-    from Crypto.Util import asn1
-    from Crypto.Util.number import bytes_to_long, long_to_bytes
+    from cryptography.hazmat.backends import default_backend
+    from cryptography.hazmat.primitives.serialization import load_der_public_key
+    from cryptography.utils import int_to_bytes, int_from_bytes
 
-    # get the ASN.1 sequence
-
-    seq = asn1.DerSequence()
-    seq.decode(_bytes_for_block(signing_key))
-    modulus, public_exponent = seq[0], seq[1]
+    key = load_der_public_key(_bytes_for_block(signing_key), default_backend())
+    modulus = key.public_numbers().n
+    public_exponent = key.public_numbers().e
 
     sig_as_bytes = _bytes_for_block(signature)
-    sig_as_long = bytes_to_long(sig_as_bytes)  # convert signature to an int
+    sig_as_long = int_from_bytes(sig_as_bytes, byteorder='big')  # convert signature to an int
     blocksize = 128  # block size will always be 128 for a 1024 bit key
 
     # use the public exponent[e] & the modulus[n] to decrypt the int
@@ -583,8 +582,7 @@ class Descriptor(object):
     decrypted_int = pow(sig_as_long, public_exponent, modulus)
 
     # convert the int to a byte array
-
-    decrypted_bytes = long_to_bytes(decrypted_int, blocksize)
+    decrypted_bytes = int_to_bytes(decrypted_int, blocksize)
 
     ############################################################################
     # The decrypted bytes should have a structure exactly along these lines.

More information about the tor-commits mailing list