[tor-commits] [stem/master] Drop get_signing_key() helper
atagar at torproject.org
atagar at torproject.org
Sun Oct 6 02:07:34 UTC 2019
commit 051870fc669e37e1954fc3bbd9a878ad02099ae5
Author: Damian Johnson <atagar at torproject.org>
Date: Sun Sep 22 13:33:40 2019 -0700
Drop get_signing_key() helper
Our validate() method already does this, but can't share the helper due to
differing exception messages.
This helper was tiny and did not need to check signing key size because our
constructor already does so.
---
stem/descriptor/certificate.py | 31 +++++--------------------------
stem/descriptor/hidden_service.py | 12 ++++++++++--
2 files changed, 15 insertions(+), 28 deletions(-)
diff --git a/stem/descriptor/certificate.py b/stem/descriptor/certificate.py
index 5895790f..f1f7483e 100644
--- a/stem/descriptor/certificate.py
+++ b/stem/descriptor/certificate.py
@@ -4,7 +4,11 @@
"""
Parsing for `Tor Ed25519 certificates
<https://gitweb.torproject.org/torspec.git/tree/cert-spec.txt>`_, which are
-used to validate the key used to sign server descriptors.
+used to for a variety of purposes...
+
+ * validating the key used to sign server descriptors
+ * validating the key used to sign hidden service v3 descriptors
+ * signing and encrypting hidden service v3 indroductory points
.. versionadded:: 1.6.0
@@ -295,28 +299,3 @@ class Ed25519CertificateV1(Ed25519Certificate):
verify_key.verify(signature_bytes, descriptor_sha256_digest)
except InvalidSignature:
raise ValueError('Descriptor Ed25519 certificate signature invalid (Signature was forged or corrupt)')
-
- def get_signing_key(self):
- """
- Get the signing key for this certificate. This is included in the extensions.
- WARNING: This is the key that signed the certificate, not the key that got
- certified.
-
- :returns: Raw bytes of an ed25519 key.
-
- :raises: **ValueError** if the signing key cannot be found.
- """
- signing_key_extension = None
-
- for extension in self.extensions:
- if extension.type == ExtensionType.HAS_SIGNING_KEY:
- signing_key_extension = extension
- break
-
- if not signing_key_extension:
- raise ValueError('Signing key extension could not be found')
-
- if (len(signing_key_extension.data) != 32):
- raise ValueError('Signing key extension has malformed key')
-
- return signing_key_extension.data
diff --git a/stem/descriptor/hidden_service.py b/stem/descriptor/hidden_service.py
index 83aff8b8..fc898f93 100644
--- a/stem/descriptor/hidden_service.py
+++ b/stem/descriptor/hidden_service.py
@@ -53,6 +53,8 @@ from stem.descriptor import (
_random_crypto_blob,
)
+from stem.descriptor.certificate import ExtensionType
+
if stem.prereq._is_lru_cache_available():
from functools import lru_cache
else:
@@ -575,12 +577,18 @@ class HiddenServiceDescriptorV3(BaseHiddenServiceDescriptor):
# ASN XXX Extract to its own function and assign them to class variables
from cryptography.hazmat.primitives import serialization
- blinded_key_bytes = desc_signing_cert.get_signing_key()
+ for extension in desc_signing_cert.extensions:
+ if extension.type == ExtensionType.HAS_SIGNING_KEY:
+ blinded_key_bytes = extension.data
+ break
+
+ if not blinded_key_bytes:
+ raise ValueError('No signing key extension present')
+
identity_public_key = stem.descriptor.hsv3_crypto.decode_address(self.onion_address)
identity_public_key_bytes = identity_public_key.public_bytes(encoding=serialization.Encoding.Raw,
format=serialization.PublicFormat.Raw)
assert(len(identity_public_key_bytes) == 32)
- assert(len(blinded_key_bytes) == 32)
subcredential_bytes = stem.descriptor.hsv3_crypto.get_subcredential(identity_public_key_bytes, blinded_key_bytes)
More information about the tor-commits
mailing list