[tor-commits] [stem/master] Replace pycrypto in hidden_service_descriptor
atagar at torproject.org
atagar at torproject.org
Mon Feb 27 00:49:11 UTC 2017
commit 5ab96033f09f7c3c711910ac6fe12c6dbf00f612
Author: Patrick O'Doherty <p at trickod.com>
Date: Sat Feb 25 17:47:49 2017 -0800
Replace pycrypto in hidden_service_descriptor
Deprecate all use of pycrypto in hidden_service_descriptor module and
replace with the cryptography library.
---
stem/descriptor/hidden_service_descriptor.py | 29 +++++++++++++---------------
1 file changed, 13 insertions(+), 16 deletions(-)
diff --git a/stem/descriptor/hidden_service_descriptor.py b/stem/descriptor/hidden_service_descriptor.py
index 97cd19e..30754b8 100644
--- a/stem/descriptor/hidden_service_descriptor.py
+++ b/stem/descriptor/hidden_service_descriptor.py
@@ -296,9 +296,8 @@ class HiddenServiceDescriptor(Descriptor):
@staticmethod
def _decrypt_basic_auth(content, authentication_cookie):
- from Crypto.Cipher import AES
- from Crypto.Util import Counter
- from Crypto.Util.number import bytes_to_long
+ from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+ from cryptography.hazmat.backends import default_backend
try:
client_blocks = int(binascii.hexlify(content[1:2]), 16)
@@ -322,15 +321,15 @@ class HiddenServiceDescriptor(Descriptor):
# try decrypting the session key
- counter = Counter.new(128, initial_value = 0)
- cipher = AES.new(authentication_cookie, AES.MODE_CTR, counter = counter)
- session_key = cipher.decrypt(encrypted_session_key)
+ cipher = Cipher(algorithms.AES(authentication_cookie), modes.CTR('\x00' * len(iv)), default_backend())
+ decryptor = cipher.decryptor()
+ session_key = decryptor.update(encrypted_session_key) + decryptor.finalize()
# attempt to decrypt the intro points with the session key
- counter = Counter.new(128, initial_value = bytes_to_long(iv))
- cipher = AES.new(session_key, AES.MODE_CTR, counter = counter)
- decrypted = cipher.decrypt(encrypted)
+ cipher = Cipher(algorithms.AES(session_key), modes.CTR(iv), default_backend())
+ decryptor = cipher.decryptor()
+ decrypted = decryptor.update(encrypted) + decryptor.finalize()
# check if the decryption looks correct
@@ -341,17 +340,15 @@ class HiddenServiceDescriptor(Descriptor):
@staticmethod
def _decrypt_stealth_auth(content, authentication_cookie):
- from Crypto.Cipher import AES
- from Crypto.Util import Counter
- from Crypto.Util.number import bytes_to_long
+ from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+ from cryptography.hazmat.backends import default_backend
# byte 1 = authentication type, 2-17 = input vector, 18 on = encrypted content
-
iv, encrypted = content[1:17], content[17:]
- counter = Counter.new(128, initial_value = bytes_to_long(iv))
- cipher = AES.new(authentication_cookie, AES.MODE_CTR, counter = counter)
+ cipher = Cipher(algorithms.AES(authentication_cookie), modes.CTR(iv), default_backend())
+ decryptor = cipher.decryptor()
- return cipher.decrypt(encrypted)
+ return decryptor.update(encrypted) + decryptor.finalize()
@staticmethod
def _parse_introduction_points(content):
More information about the tor-commits
mailing list