[tor-commits] [stem/master] Generate signature with PKCS1 padding
atagar at torproject.org
atagar at torproject.org
Tue Jun 20 16:17:12 UTC 2017
commit f8f434d5cc65460de98c41672476c4b2b6707bc0
Author: Damian Johnson <atagar at torproject.org>
Date: Mon Jun 19 13:12:20 2017 -0700
Generate signature with PKCS1 padding
Blindly followed the cryptography module's example to start with but turns out
it does PKCS1 padding for us. This gets us further with validation but still
not working just yet. Oh, and also lets us drop our manual PKCS1 padding.
---
stem/descriptor/server_descriptor.py | 14 +++-----------
1 file changed, 3 insertions(+), 11 deletions(-)
diff --git a/stem/descriptor/server_descriptor.py b/stem/descriptor/server_descriptor.py
index 30599a8..a0759b1 100644
--- a/stem/descriptor/server_descriptor.py
+++ b/stem/descriptor/server_descriptor.py
@@ -52,9 +52,6 @@ from stem.util import str_type
from stem.descriptor import (
CRYPTO_BLOB,
PGP_BLOCK_END,
- DIGEST_TYPE_INFO,
- DIGEST_PADDING,
- DIGEST_SEPARATOR,
Descriptor,
_descriptor_content,
_descriptor_components,
@@ -234,7 +231,7 @@ def _generate_signing_key():
public_key = private_key.public_key()
- pem = '\n' + public_key.public_bytes(
+ pem = public_key.public_bytes(
encoding = serialization.Encoding.PEM,
format = serialization.PublicFormat.PKCS1,
).strip()
@@ -252,13 +249,8 @@ def _generate_signature(content, signing_key):
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
- # generate the digest with required PKCS1 padding so it's 128 bytes
-
digest = hashlib.sha1(content).hexdigest().decode('hex_codec')
- digest = DIGEST_TYPE_INFO + (DIGEST_PADDING * (125 - len(digest))) + DIGEST_SEPARATOR + digest
-
- padding = padding.PSS(mgf = padding.MGF1(hashes.SHA256()), salt_length = padding.PSS.MAX_LENGTH)
- signature = base64.b64encode(signing_key.private.sign(digest, padding, hashes.SHA256()))
+ signature = base64.b64encode(signing_key.private.sign(digest, padding.PKCS1v15(), hashes.SHA1()))
return '-----BEGIN SIGNATURE-----\n' + '\n'.join(stem.util.str_tools._split_by_length(signature, 64)) + '\n-----END SIGNATURE-----\n'
@@ -884,7 +876,7 @@ class RelayDescriptor(ServerDescriptor):
# appending the content signature
signing_key = _generate_signing_key()
- attr['signing-key'] = signing_key.descriptor_signing_key
+ attr['signing-key'] = '\n' + signing_key.descriptor_signing_key
content = _descriptor_content(attr, exclude, sign, RELAY_SERVER_HEADER) + '\nrouter-signature\n'
return content + _generate_signature(content, signing_key)
More information about the tor-commits
mailing list