[tor-commits] [stem/master] Note ed25519 improvement in the changelog

atagar at torproject.org atagar at torproject.org
Wed Apr 10 18:03:33 UTC 2019 

commit f8c830205feaf0868ab3d563abe79e1aafcf4604
Author: Damian Johnson <atagar at torproject.org>
Date:   Wed Apr 10 10:59:49 2019 -0700

    Note ed25519 improvement in the changelog
    
    Yikes. Illia's patch is phenominal, really the only really worth adding is the
    changelog entry.
---
 docs/change_log.rst            |  1 +
 stem/descriptor/certificate.py |  5 +++--
 stem/prereq.py                 | 12 +++++++-----
 test/settings.cfg              |  1 +
 4 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/docs/change_log.rst b/docs/change_log.rst
index f188c885..c647c001 100644
--- a/docs/change_log.rst
+++ b/docs/change_log.rst
@@ -56,6 +56,7 @@ The following are only available within Stem's `git repository
  * **Descriptors**
 
   * `Bandwidth file support <api/descriptor/bandwidth_file.html>`_ (:trac:`29056`)
+  * Ed25519 validity checks are now done though the cryptography module rather than PyNaCl (:trac:`22022`)
   * Download compressed descriptors by default (:trac:`29186`)
   * Added :func:`stem.descriptor.remote.get_microdescriptors`
   * Added :class:`~stem.descriptor.networkstatus.DetachedSignature` parsing (:trac:`28495`)
diff --git a/stem/descriptor/certificate.py b/stem/descriptor/certificate.py
index 2f62e889..449e106c 100644
--- a/stem/descriptor/certificate.py
+++ b/stem/descriptor/certificate.py
@@ -224,11 +224,12 @@ class Ed25519CertificateV1(Ed25519Certificate):
 
     :raises:
       * **ValueError** if signing key or descriptor are invalid
-      * **ImportError** if cryptography module is unavailable or ed25519 is not supported
+      * **ImportError** if cryptography module is unavailable or ed25519 is
+        unsupported
     """
 
     if not stem.prereq._is_crypto_ed25519_supported():
-      raise ImportError('Certificate validation requires the cryptography module and support of ed25519')
+      raise ImportError('Certificate validation requires the cryptography module and ed25519 support')
 
     from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
     from cryptography.exceptions import InvalidSignature
diff --git a/stem/prereq.py b/stem/prereq.py
index c2b546dc..1e4450c7 100644
--- a/stem/prereq.py
+++ b/stem/prereq.py
@@ -29,7 +29,7 @@ import sys
 CRYPTO_UNAVAILABLE = "Unable to import the cryptography module. Because of this we'll be unable to verify descriptor signature integrity. You can get cryptography from: https://pypi.python.org/pypi/cryptography"
 ZSTD_UNAVAILABLE = 'ZSTD compression requires the zstandard module (https://pypi.python.org/pypi/zstandard)'
 LZMA_UNAVAILABLE = 'LZMA compression requires the lzma module (https://docs.python.org/3/library/lzma.html)'
-ED25519_UNSUPPORTED = "Unable to verify descriptor ed25519 certificate integrity. ed25519 is not supported by installed versions of OpenSSL and/or cryptography"
+ED25519_UNSUPPORTED = 'Unable to verify descriptor ed25519 certificate integrity. ed25519 is not supported by installed versions of OpenSSL and/or cryptography'
 
 
 def check_requirements():
@@ -248,13 +248,15 @@ def _is_crypto_ed25519_supported():
 
   :returns: **True** if ed25519 is supported and **False** otherwise
   """
-  from stem.util import log
 
   if not is_crypto_available():
     return False
 
+  from stem.util import log
   from cryptography.hazmat.backends.openssl.backend import backend
-  supported = hasattr(backend, 'ed25519_supported') and backend.ed25519_supported()
-  if not supported:
+
+  if hasattr(backend, 'ed25519_supported') and backend.ed25519_supported():
+    return True
+  else:
     log.log_once('stem.prereq._is_crypto_ed25519_supported', log.INFO, ED25519_UNSUPPORTED)
-  return supported
+    return False
diff --git a/test/settings.cfg b/test/settings.cfg
index 6bdf9394..944428e2 100644
--- a/test/settings.cfg
+++ b/test/settings.cfg
@@ -172,6 +172,7 @@ pyflakes.ignore stem/prereq.py => 'sqlite3' imported but unused
 pyflakes.ignore stem/prereq.py => 'cryptography.utils.int_to_bytes' imported but unused
 pyflakes.ignore stem/prereq.py => 'cryptography.utils.int_from_bytes' imported but unused
 pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.backends.default_backend' imported but unused
+pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.backends.openssl.backend.backend' imported but unused
 pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.primitives.serialization.load_der_public_key' imported but unused
 pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.primitives.ciphers.modes' imported but unused
 pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.primitives.ciphers.Cipher' imported but unused

More information about the tor-commits mailing list