[tor-commits] [stem/master] Generate defaults in introduction point creation

atagar at torproject.org atagar at torproject.org
Sun Nov 17 23:40:39 UTC 2019 

commit 61f5a97ad2016b7f1f043a0e0c551fedcf1ad2e1
Author: Damian Johnson <atagar at torproject.org>
Date:   Wed Nov 6 16:24:37 2019 -0800

    Generate defaults in introduction point creation
    
    Making all the arguments except address/port optional so callers can opt to
    skip them.
---
 stem/descriptor/certificate.py    |  2 ++
 stem/descriptor/hidden_service.py | 57 ++++++++++++++++++++++-----------------
 2 files changed, 34 insertions(+), 25 deletions(-)

diff --git a/stem/descriptor/certificate.py b/stem/descriptor/certificate.py
index 760287d8..f9ab8f80 100644
--- a/stem/descriptor/certificate.py
+++ b/stem/descriptor/certificate.py
@@ -100,6 +100,8 @@ ED25519_SIGNATURE_LENGTH = 64
 SIG_PREFIX_SERVER_DESC = b'Tor router descriptor signature v1'
 SIG_PREFIX_HS_V3 = b'Tor onion service descriptor sig v3'
 
+DEFAULT_EXPIRATION_HOURS = 54  # HSv3 certificate expiration of tor
+
 CertType = stem.util.enum.UppercaseEnum(
   'SIGNING',
   'LINK_CERT',
diff --git a/stem/descriptor/hidden_service.py b/stem/descriptor/hidden_service.py
index ce8af246..a052d965 100644
--- a/stem/descriptor/hidden_service.py
+++ b/stem/descriptor/hidden_service.py
@@ -205,7 +205,7 @@ class IntroductionPointV3(collections.namedtuple('IntroductionPointV3', ['link_s
     return IntroductionPointV3(link_specifiers, onion_key, auth_key_cert, enc_key, enc_key_cert, legacy_key, legacy_key_cert)
 
   @staticmethod
-  def create(address, port, expiration, onion_key, enc_key, auth_key, signing_key):
+  def create(address, port, expiration = None, onion_key = None, enc_key = None, auth_key = None, signing_key = None):
     """
     Simplified constructor. For more sophisticated use cases you can use this
     as a template for how introduction points are properly created.
@@ -223,26 +223,8 @@ class IntroductionPointV3(collections.namedtuple('IntroductionPointV3', ['link_s
     :raises: **ValueError** if the address, port, or keys are malformed
     """
 
-    def _key_bytes(key):
-      class_name = type(key).__name__
-
-      if isinstance(key, str):
-        return key
-      elif not class_name.endswith('PublicKey') and not class_name.endswith('PrivateKey'):
-        raise ValueError('Key must be a string or cryptographic public/private key (was %s)' % class_name)
-      elif not stem.prereq.is_crypto_available():
-        raise ImportError('Serializing keys requires the cryptography module')
-
-      from cryptography.hazmat.primitives import serialization
-
-      if class_name.endswith('PrivateKey'):
-        key = key.public_key()
-
-      return key.public_bytes(
-        encoding = serialization.Encoding.Raw,
-        format = serialization.PublicFormat.Raw,
-      )
-
+    if not stem.prereq.is_crypto_available(ed25519 = True):
+      raise ImportError('Introduction point creation requires the cryptography module ed25519 support')
     if not stem.util.connection.is_valid_port(port):
       raise ValueError("'%s' is an invalid port" % port)
 
@@ -253,12 +235,37 @@ class IntroductionPointV3(collections.namedtuple('IntroductionPointV3', ['link_s
     else:
       raise ValueError("'%s' is not a valid IPv4 or IPv6 address" % address)
 
-    onion_key = base64.b64encode(_key_bytes(onion_key))
-    enc_key = base64.b64encode(_key_bytes(enc_key))
+    from cryptography.hazmat.primitives import serialization
+    from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey, Ed25519PublicKey
+    from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey, X25519PublicKey
+
+    def _key_bytes(key):
+      if isinstance(key, str):
+        return key
+      elif isinstance(key, (X25519PrivateKey, Ed25519PrivateKey)):
+        return key.public_key().public_bytes(
+          encoding = serialization.Encoding.Raw,
+          format = serialization.PublicFormat.Raw,
+        )
+      elif isinstance(key, (X25519PublicKey, Ed25519PublicKey)):
+        return key.public_bytes(
+          encoding = serialization.Encoding.Raw,
+          format = serialization.PublicFormat.Raw,
+        )
+      else:
+        raise ValueError('Key must be a string or cryptographic public/private key (was %s)' % type(key).__name__)
+
+    if expiration is None:
+      expiration = datetime.datetime.utcnow() + datetime.timedelta(hours = stem.descriptor.certificate.DEFAULT_EXPIRATION_HOURS)
+
+    onion_key = base64.b64encode(_key_bytes(onion_key if onion_key else X25519PrivateKey.generate()))
+    enc_key = base64.b64encode(_key_bytes(enc_key if enc_key else X25519PrivateKey.generate()))
+    auth_key = _key_bytes(auth_key if auth_key else Ed25519PrivateKey.generate())
+    signing_key = signing_key if signing_key else Ed25519PrivateKey.generate()
 
     extensions = [Ed25519Extension(ExtensionType.HAS_SIGNING_KEY, None, _key_bytes(signing_key))]
-    auth_key_cert = Ed25519CertificateV1(CertType.HS_V3_INTRO_AUTH, expiration, 1, _key_bytes(auth_key), extensions, signing_key = signing_key)
-    enc_key_cert = Ed25519CertificateV1(CertType.HS_V3_NTOR_ENC, expiration, 1, _key_bytes(auth_key), extensions, signing_key = signing_key)
+    auth_key_cert = Ed25519CertificateV1(CertType.HS_V3_INTRO_AUTH, expiration, 1, auth_key, extensions, signing_key = signing_key)
+    enc_key_cert = Ed25519CertificateV1(CertType.HS_V3_NTOR_ENC, expiration, 1, auth_key, extensions, signing_key = signing_key)
 
     return IntroductionPointV3(link_specifiers, onion_key, auth_key_cert, enc_key, enc_key_cert, None, None)

More information about the tor-commits mailing list