[tor-commits] [stem/master] Replacing remaining references to pycrypto
atagar at torproject.org
atagar at torproject.org
Mon Feb 27 00:49:11 UTC 2017
commit 1551fc5e7688fc64dfb0e2f4bf91a9e841d64b37
Author: Damian Johnson <atagar at torproject.org>
Date: Sun Feb 26 16:41:51 2017 -0800
Replacing remaining references to pycrypto
Functionally was perfect. Just a few lingering pycrypto references. Also few
doc tweaks and pycodestyle ignore clauses (version I use gave some notices).
---
docs/change_log.rst | 1 +
docs/faq.rst | 22 +++++++++++++++++++---
run_tests.py | 2 +-
stem/descriptor/__init__.py | 2 +-
stem/descriptor/hidden_service_descriptor.py | 7 ++++++-
stem/descriptor/server_descriptor.py | 5 +++++
stem/prereq.py | 9 +++++----
test/mocking.py | 4 ++--
test/settings.cfg | 16 ++++++++--------
test/unit/descriptor/hidden_service_descriptor.py | 4 ++--
test/util.py | 4 ++--
11 files changed, 52 insertions(+), 24 deletions(-)
diff --git a/docs/change_log.rst b/docs/change_log.rst
index edd5fa8..eccac73 100644
--- a/docs/change_log.rst
+++ b/docs/change_log.rst
@@ -50,6 +50,7 @@ The following are only available within Stem's `git repository
* **Descriptors**
+ * Moved from the deprecated `pycrypto <https://www.dlitz.net/software/pycrypto/>`_ module to `cryptography <https://pypi.python.org/pypi/cryptography>`_ for validating signatures (:trac:`21086`)
* Sped descriptor reading by ~25% by deferring defaulting when validating
* Support for protocol descriptor fields (:spec:`eb4fb3c`)
* Shared randomness properties weren't being read in votes (:trac:`21102`)
diff --git a/docs/faq.rst b/docs/faq.rst
index a9e274c..69033d4 100644
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -52,11 +52,27 @@ Does Stem have any dependencies?
**No.** All you need in order to use Stem is Python.
-When it is available Stem will use `pycrypto
-<https://www.dlitz.net/software/pycrypto/>`_ to validate descriptor signatures.
-However, there is no need to install pycrypto unless you need this
+When it is available Stem will use `cryptography
+<https://pypi.python.org/pypi/cryptography>`_ to validate descriptor signatures.
+However, there is no need to install cryptography unless you need this
functionality.
+Note that if cryptography installation fails with...
+
+::
+
+ build/temp.linux-i686-2.7/_openssl.c:18:20: fatal error: Python.h: No such file or directory
+ compilation terminated.
+ error: command 'gcc' failed with exit status 1
+
+You need python-dev. For instance on Debian and Ubuntu you can install
+cryptography with...
+
+::
+
+ % sudo apt-get install python-dev
+ % sudo pip install cryptography
+
.. _what_python_versions_is_stem_compatible_with:
What Python versions is Stem compatible with?
diff --git a/run_tests.py b/run_tests.py
index 39c44cb..bceade3 100755
--- a/run_tests.py
+++ b/run_tests.py
@@ -160,7 +160,7 @@ def main():
Task('checking stem version', test.util.check_stem_version),
tor_version_check,
Task('checking python version', test.util.check_python_version),
- Task('checking pycrypto version', test.util.check_pycrypto_version),
+ Task('checking cryptography version', test.util.check_cryptography_version),
Task('checking mock version', test.util.check_mock_version),
Task('checking pyflakes version', test.util.check_pyflakes_version),
Task('checking pycodestyle version', test.util.check_pycodestyle_version),
diff --git a/stem/descriptor/__init__.py b/stem/descriptor/__init__.py
index 5a6ec44..6e8c5a4 100644
--- a/stem/descriptor/__init__.py
+++ b/stem/descriptor/__init__.py
@@ -563,7 +563,7 @@ class Descriptor(object):
"""
if not stem.prereq.is_crypto_available():
- raise ValueError('Generating the signed digest requires pycrypto')
+ raise ValueError('Generating the signed digest requires the cryptography module')
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.serialization import load_der_public_key
diff --git a/stem/descriptor/hidden_service_descriptor.py b/stem/descriptor/hidden_service_descriptor.py
index 30754b8..ce3a134 100644
--- a/stem/descriptor/hidden_service_descriptor.py
+++ b/stem/descriptor/hidden_service_descriptor.py
@@ -199,6 +199,11 @@ class HiddenServiceDescriptor(Descriptor):
**\*** attribute is either required when we're parsed with validation or has
a default value, others are left as **None** if undefined
+
+ .. versionchanged:: 1.6.0
+ Moved from the deprecated `pycrypto
+ <https://www.dlitz.net/software/pycrypto/>`_ module to `cryptography
+ <https://pypi.python.org/pypi/cryptography>`_ for validating signatures.
"""
ATTRIBUTES = {
@@ -270,7 +275,7 @@ class HiddenServiceDescriptor(Descriptor):
return []
elif authentication_cookie:
if not stem.prereq.is_crypto_available():
- raise DecryptionFailure('Decrypting introduction-points requires pycrypto')
+ raise DecryptionFailure('Decrypting introduction-points requires the cryptography module')
try:
missing_padding = len(authentication_cookie) % 4
diff --git a/stem/descriptor/server_descriptor.py b/stem/descriptor/server_descriptor.py
index ca6a16b..3aa5fb0 100644
--- a/stem/descriptor/server_descriptor.py
+++ b/stem/descriptor/server_descriptor.py
@@ -703,6 +703,11 @@ class RelayDescriptor(ServerDescriptor):
Added the ed25519_certificate, ed25519_master_key, ed25519_signature,
onion_key_crosscert, ntor_onion_key_crosscert, and
ntor_onion_key_crosscert_sign attributes.
+
+ .. versionchanged:: 1.6.0
+ Moved from the deprecated `pycrypto
+ <https://www.dlitz.net/software/pycrypto/>`_ module to `cryptography
+ <https://pypi.python.org/pypi/cryptography>`_ for validating signatures.
"""
ATTRIBUTES = dict(ServerDescriptor.ATTRIBUTES, **{
diff --git a/stem/prereq.py b/stem/prereq.py
index bf935b4..585b619 100644
--- a/stem/prereq.py
+++ b/stem/prereq.py
@@ -6,7 +6,7 @@ Checks for stem dependencies. We require python 2.6 or greater (including the
3.x series), but note we'll be bumping our requirements to python 2.7 in stem
2.0. Other requirements for complete functionality are...
-* pycrypto module
+* cryptography module
* validating descriptor signature integrity
@@ -14,7 +14,7 @@ Checks for stem dependencies. We require python 2.6 or greater (including the
check_requirements - checks for minimum requirements for running stem
is_python_3 - checks if python 3.0 or later is available
- is_crypto_available - checks if the pycrypto module is available
+ is_crypto_available - checks if the cryptography module is available
"""
import inspect
@@ -26,7 +26,7 @@ try:
except ImportError:
from stem.util.lru_cache import lru_cache
-CRYPTO_UNAVAILABLE = "Unable to import the pycrypto module. Because of this we'll be unable to verify descriptor signature integrity. You can get pycrypto from: https://www.dlitz.net/software/pycrypto/"
+CRYPTO_UNAVAILABLE = "Unable to import the cryptography module. Because of this we'll be unable to verify descriptor signature integrity. You can get cryptography from: https://pypi.python.org/pypi/cryptography"
def check_requirements():
@@ -88,7 +88,8 @@ def is_crypto_available():
Checks if the cryptography functions we use are available. This is used for
verifying relay descriptor signatures.
- :returns: **True** if we can use pycrypto and **False** otherwise
+ :returns: **True** if we can use the cryptography module and **False**
+ otherwise
"""
from stem.util import log
diff --git a/test/mocking.py b/test/mocking.py
index 8babe76..c293cf0 100644
--- a/test/mocking.py
+++ b/test/mocking.py
@@ -710,8 +710,8 @@ def sign_descriptor_content(desc_content):
"""
Add a valid signature to the supplied descriptor string.
- If pycrypto is available the function will generate a key pair, and use it to
- sign the descriptor string. Any existing fingerprint, signing-key or
+ If cryptography is available the function will generate a key pair, and use
+ it to sign the descriptor string. Any existing fingerprint, signing-key or
router-signature data will be overwritten. If the library's unavailable the
code will return the unaltered descriptor.
diff --git a/test/settings.cfg b/test/settings.cfg
index f9c6c62..c8172f6 100644
--- a/test/settings.cfg
+++ b/test/settings.cfg
@@ -144,14 +144,14 @@ pyflakes.ignore stem/__init__.py => undefined name 'long'
pyflakes.ignore stem/__init__.py => undefined name 'unicode'
pyflakes.ignore stem/control.py => undefined name 'controller'
pyflakes.ignore stem/manual.py => undefined name 'unichr'
-pyflakes.ignore stem/prereq.py => 'cryptography.utils.int_to_bytes' imported but unused
-pyflakes.ignore stem/prereq.py => 'cryptography.utils.int_from_bytes' imported but unused
-pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.backends.default_backend' imported but unused
-pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.primitives.serialization.load_der_public_key' imported but unused
-pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.primitives.ciphers.modes' imported but unused
-pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.primitives.ciphers.Cipher' imported but unused
-pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.primitives.ciphers.algorithms' imported but unused
-pyflakes.ignore stem/prereq.py => 'unittest.mock' imported but unused
+pyflakes.ignore stem/prereq.py => 'int_to_bytes' imported but unused
+pyflakes.ignore stem/prereq.py => 'int_from_bytes' imported but unused
+pyflakes.ignore stem/prereq.py => 'default_backend' imported but unused
+pyflakes.ignore stem/prereq.py => 'load_der_public_key' imported but unused
+pyflakes.ignore stem/prereq.py => 'modes' imported but unused
+pyflakes.ignore stem/prereq.py => 'Cipher' imported but unused
+pyflakes.ignore stem/prereq.py => 'algorithms' imported but unused
+pyflakes.ignore stem/prereq.py => 'unittest' imported but unused
pyflakes.ignore stem/interpreter/__init__.py => undefined name 'raw_input'
pyflakes.ignore stem/util/conf.py => undefined name 'unicode'
pyflakes.ignore stem/util/test_tools.py => 'pyflakes' imported but unused
diff --git a/test/unit/descriptor/hidden_service_descriptor.py b/test/unit/descriptor/hidden_service_descriptor.py
index 7b37ef0..74a0974 100644
--- a/test/unit/descriptor/hidden_service_descriptor.py
+++ b/test/unit/descriptor/hidden_service_descriptor.py
@@ -273,7 +273,7 @@ class TestHiddenServiceDescriptor(unittest.TestCase):
"""
if not stem.prereq.is_crypto_available():
- return test.runner.skip(self, 'requires pycrypto')
+ return test.runner.skip(self, 'requires cryptography')
descriptor_file = open(get_resource('hidden_service_basic_auth'), 'rb')
@@ -322,7 +322,7 @@ class TestHiddenServiceDescriptor(unittest.TestCase):
"""
if not stem.prereq.is_crypto_available():
- return test.runner.skip(self, 'requires pycrypto')
+ return test.runner.skip(self, 'requires cryptography')
descriptor_file = open(get_resource('hidden_service_stealth_auth'), 'rb')
diff --git a/test/util.py b/test/util.py
index 1b50369..ce1f8e8 100644
--- a/test/util.py
+++ b/test/util.py
@@ -22,7 +22,7 @@ Tasks are...
|- check_stem_version - checks our version of stem
|- check_tor_version - checks our version of tor
|- check_python_version - checks our version of python
- |- check_pycrypto_version - checks our version of pycrypto
+ |- check_cryptography_version - checks our version of cryptography
|- check_pyflakes_version - checks our version of pyflakes
|- check_pycodestyle_version - checks our version of pycodestyle
|- clean_orphaned_pyc - removes any *.pyc without a corresponding *.py
@@ -214,7 +214,7 @@ def check_python_version():
return '.'.join(map(str, sys.version_info[:3]))
-def check_pycrypto_version():
+def check_cryptography_version():
if stem.prereq.is_crypto_available():
import Crypto
return Crypto.__version__
More information about the tor-commits
mailing list