[tor-commits] [stem/master] Add decrypt instance method to BaseRelayCell
atagar at torproject.org
atagar at torproject.org
Sun Aug 26 20:49:21 UTC 2018
commit 5baa2e37728ab50a5132d81225070e097e6bd058
Author: Dave Rolek <dmr-x at riseup.net>
Date: Sat Aug 18 03:58:13 2018 +0000
Add decrypt instance method to BaseRelayCell
Akin to encrypt(), this takes care of decryption and all the ancillary
functionality related to it.
It composes the functionality of the building blocks added in previous
changes, namely:
* check_recognized_field()
* check_digest()
* interpret_cell() - but not automatically done by default
A consumer of this, especially in a multi-hop circuit, will only need to
manage the digest/decryptor state (in the case of a cell that cannot be
decrypted+recognized... fallback) and pay attention to the
'fully_decrypted' result.
This should make a consumer's implementation pretty readable, something
like:
# relay_1 := nearest relay in circuit
decryption_states = [
(relay_1, digest_1, decryptor_1),
(relay_2, digest_2, decryptor_2),
(relay_3, digest_3, decryptor_3),
]
new_decryption_states = copy.deepcopy(decryption_states)
from_relay = None
for i in range(len(new_decryption_states)):
relay, digest, decryptor = new_decryption_states[i]
cell, fully_decrypted, digest, decryptor = cell.decrypt(digest, decryptor)
new_decryption_states[i] = (relay, digest, decryptor)
if fully_decrypted:
from_relay = relay
break
if from_relay:
decryption_states = new_decryption_states
else:
# handle this, since the cell couldn't be decrypted
# probably raise Something()
pass
cell_and_hop = (cell, from_relay) # naming things is hard
# do something with the decrypted cell
# ^ probably feeding it into the queue/handler for the (circuit_id, relay, stream_id)
---
stem/client/cell.py | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 65 insertions(+)
diff --git a/stem/client/cell.py b/stem/client/cell.py
index a96b2f7b..48dbcf36 100644
--- a/stem/client/cell.py
+++ b/stem/client/cell.py
@@ -443,6 +443,71 @@ class BaseRelayCell(CircuitCell):
return new_cell
+ def decrypt(self, digest, decryptor, interpret = False):
+ """
+ Decrypts a cell and checks whether it is fully decrypted,
+ returning a new (Cell, fully_decrypted, digest, decryptor) tuple.
+ Optionally also interprets the cell (not generally recommended).
+
+ The method name is technically a misnomer, as it also checks whether the
+ cell has been fully decrypted (after decrypting), updating the digest if so.
+ However, these operations are defined per the spec as required for RELAY
+ cells, and ...
+ (1) it is a natural mental extension to include them here;
+ (2) it would be a bit pointless to require method consumers to manually
+ do all of that, for pedantry.
+
+ :param HASH digest: running digest held with the relay
+ :param cryptography.hazmat.primitives.ciphers.CipherContext decryptor:
+ running stream cipher decryptor held with the relay
+
+ :param bool interpret: (optional, defaults to **False**) Use **True** with
+ caution. The spec indicates that a fully decrypted cell should be
+ accounted for in digest and decryptor, independent of cell validity. Using
+ **True**, while convenient, may cause an exception for a NYI relay
+ command, a malformed cell, or some other reason. This option should only
+ be used when the consumer will consider the circuit to have a fatal error
+ in such cases, and catches/handles the exception accordingly (e.g. sending
+ a DestroyCell).
+
+ :returns: (:class:`~stem.client.cell.Cell`, bool, HASH, CipherContext) tuple
+ of object copies updated as follows:
+ * Cell: either :class:`~stem.client.cell.RawRelayCell` with a decrypted
+ payload or :class:`~stem.client.cell.RelayCell` class or subclass, if
+ **interpret** is **True** and the cell was fully decrypted
+ * fully_decrypted: **bool** indicating whether the cell is fully
+ decrypted
+ * digest: updated via digest.update(payload), if the cell was fully
+ decrypted; otherwise a copy of the original
+ * decryptor: updated via decryptor.update(payload)
+ """
+
+ new_decryptor = copy.copy(decryptor)
+
+ # actually decrypt
+ decrypted_payload = new_decryptor.update(self.payload)
+ new_cell = self.__class__(self.circ_id, decrypted_payload)
+
+ # do post-decryption checks to ascertain whether cell is fully decrypted
+ if new_cell.check_recognized_field():
+ digest_matches, new_digest = new_cell.check_digest(digest)
+ fully_decrypted = digest_matches
+ else:
+ new_digest = None
+ fully_decrypted = False
+
+ # only return the new_digest if the digest check meant that the cell has been fully decrypted
+ #
+ # furthermore, even if the digest was not updated, return a copy
+ # this allows a consumer to always assume the returned digest is a different object
+ digest_to_return = new_digest if fully_decrypted else digest.copy()
+
+ if interpret and fully_decrypted:
+ # this might raise an exception; oh well, we did warn about that
+ new_cell = new_cell.interpret_cell()
+
+ return new_cell, fully_decrypted, digest_to_return, new_decryptor
+
def __hash__(self):
return stem.util._hash_attr(self, 'circ_id', 'payload', cache = True)
More information about the tor-commits
mailing list