[tor-commits] [stem/master] Stylistic check adjustments
atagar at torproject.org
atagar at torproject.org
Sun Oct 6 02:07:34 UTC 2019
commit 461394f2c3527d3a510d3b5cb71f041dcba98fdf
Author: Damian Johnson <atagar at torproject.org>
Date: Thu Sep 12 16:25:46 2019 -0700
Stylistic check adjustments
Quick handful of corrections so our stylistic checks once again pass...
STATIC CHECKS
* /home/atagar/Desktop/stem/test/unit/descriptor/hidden_service_v3.py
line 48 - use single rather than double quotes | onion_address="sltib6sxkuxh2scmtuvd5w2g7pahnzkovefxpo4e4ptnkzl5kkq5h2ad.onion"))
* /home/atagar/Desktop/stem/stem/descriptor/certificate.py
line 77 - use single rather than double quotes | "HS_V3_DESC_SIGNING_KEY", "HS_V3_INTRO_POINT_AUTH_KEY", "HS_V3_INTRO_POINT_ENC_KEY")
line 165 - E261 at least two spaces before inline comment | elif cert_type == 8: # see rend-spec-v3.txt appendix E for these defintions
line 172 - use single rather than double quotes | raise ValueError("Ed25519 certificate type is an unknown value %i." % cert_type)
line 311 - W391 blank line at end of file
* /home/atagar/Desktop/stem/stem/prereq.py
line 142 - 'cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey' imported but unused | from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
* /home/atagar/Desktop/stem/stem/descriptor/hsv3_crypto.py
line 19 - use single rather than double quotes | CHECKSUM_CONSTANT = b".onion checksum"
line 21 - E302 expected 2 blank lines, found 1 | def decode_address(onion_address_str):
line 38 - use single rather than double quotes | if (len(onion_address_str) != 56 + len(".onion")):
line 39 - use single rather than double quotes | raise ValueError("Wrong address length")
line 54 - use single rather than double quotes | my_checksum_body = b"%s%s%s" % (CHECKSUM_CONSTANT, pubkey, bytes([version]))
line 58 - use single rather than double quotes | raise ValueError("Bad checksum")
line 62 - E305 expected 2 blank lines after class or function definition, found 1 | """
line 81 - E302 expected 2 blank lines, found 0 | def get_subcredential(public_identity_key, blinded_key):
line 82 - use single rather than double quotes | cred_bytes_constant = "credential".encode()
line 83 - use single rather than double quotes | subcred_bytes_constant = "subcredential".encode()
line 85 - use single rather than double quotes | credential = hashlib.sha3_256(b"%s%s" % (cred_bytes_constant, public_identity_key)).digest()
line 86 - use single rather than double quotes | subcredential = hashlib.sha3_256(b"%s%s%s" % (subcred_bytes_constant, credential, blinded_key)).digest()
line 88 - use single rather than double quotes | print("public_identity_key: %s" % (public_identity_key.hex()))
line 89 - use single rather than double quotes | print("credential: %s" % (credential.hex()))
line 90 - use single rather than double quotes | print("blinded_key: %s" % (blinded_key.hex()))
line 91 - use single rather than double quotes | print("subcredential: %s" % (subcredential.hex()))
line 93 - use single rather than double quotes | print("===")
line 97 - E305 expected 2 blank lines after class or function definition, found 1 | """
line 131 - E302 expected 2 blank lines, found 1 | def _ciphertext_mac_is_valid(key, salt, ciphertext, mac):
line 142 - use single rather than double quotes | my_mac_body = b"%s%s%s%s%s" % (key_len, key, salt_len, salt, ciphertext)
line 145 - use single rather than double quotes | print("===")
line 146 - use single rather than double quotes | print("my mac: %s" % my_mac.hex())
line 147 - use single rather than double quotes | print("their mac: %s" % mac.hex())
line 152 - E302 expected 2 blank lines, found 1 | def _decrypt_descriptor_layer(ciphertext_blob_b64, revision_counter,
line 162 - use single rather than double quotes | raise ValueError("bad encrypted blob")
line 168 - use single rather than double quotes | print("encrypted blob lenth :%s" % len(ciphertext_blob))
line 169 - use single rather than double quotes | print("salt: %s" % salt.hex())
line 170 - use single rather than double quotes | print("ciphertext length: %s" % len(ciphertext))
line 171 - use single rather than double quotes | print("mac: %s" % mac.hex())
line 172 - use single rather than double quotes | print("===")
line 176 - use single rather than double quotes | secret_input = b"%s%s%s" % (secret_data, subcredential, rev_counter_int_8)
line 179 - use single rather than double quotes | print("secret_data (%d): %s" % (len(secret_data), secret_data.hex()))
line 180 - use single rather than double quotes | print("subcredential (%d): %s" % (len(subcredential), subcredential.hex()))
line 181 - use single rather than double quotes | print("rev counter int 8 (%d): %s" % (len(rev_counter_int_8), rev_counter_int_8.hex()))
line 182 - use single rather than double quotes | print("secret_input (%s): %s" % (len(secret_input), secret_input.hex()))
line 183 - use single rather than double quotes | print("===")
line 185 - use single rather than double quotes | kdf = hashlib.shake_256(b"%s%s%s" % (secret_input, salt, string_constant))
line 186 - E226 missing whitespace around arithmetic operator | keys = kdf.digest(S_KEY_LEN+S_IV_LEN+MAC_KEY_LEN)
line 189 - E226 missing whitespace around arithmetic operator | secret_iv = keys[S_KEY_LEN:S_KEY_LEN+S_IV_LEN]
line 190 - E226 missing whitespace around arithmetic operator | mac_key = keys[S_KEY_LEN+S_IV_LEN:]
line 192 - use single rather than double quotes | print("secret_key: %s" % secret_key.hex())
line 193 - use single rather than double quotes | print("secret_iv: %s" % secret_iv.hex())
line 194 - use single rather than double quotes | print("mac_key: %s" % mac_key.hex())
line 203 - use single rather than double quotes | raise ValueError("Bad MAC!!!")
line 207 - E302 expected 2 blank lines, found 1 | def decrypt_outter_layer(superencrypted_blob_b64, revision_counter,
line 208 - E128 continuation line under-indented for visual indent | public_identity_key, blinded_key, subcredential):
line 210 - use single rather than double quotes | string_constant = b"hsdir-superencrypted-data"
line 218 - use single rather than double quotes | print("====== Decrypting outter layer =======")
line 221 - E128 continuation line under-indented for visual indent | public_identity_key, subcredential,
line 222 - E128 continuation line under-indented for visual indent | secret_data, string_constant)
line 224 - E302 expected 2 blank lines, found 1 | def decrypt_inner_layer(encrypted_blob_b64, revision_counter,
line 227 - use single rather than double quotes | string_constant = b"hsdir-encrypted-data"
line 229 - use single rather than double quotes | print("====== Decrypting inner layer =======")
line 235 - E302 expected 2 blank lines, found 1 | def parse_superencrypted_plaintext(outter_layer_plaintext):
line 237 - 're' imported but unused | import re
line 248 - W391 blank line at end of file
* /home/atagar/Desktop/stem/stem/descriptor/hidden_service.py
line 563 - use single rather than double quotes | raise ValueError("Onion address is required to decrypt v3 hidden service descriptors")
line 571 - local variable 'plaintext' is assigned to but never used | plaintext = self.decrypt_descriptor(desc_signing_cert)
line 587 - E266 too many leading '#' for block comment | ####################################### Do the decryption ###################################
line 590 - E128 continuation line under-indented for visual indent | identity_public_key_bytes, blinded_key_bytes, subcredential_bytes)
line 595 - E222 multiple spaces after operator | inner_layer_plaintext = stem.descriptor.hsv3_crypto.decrypt_inner_layer(inner_layer_ciphertext, self.revision_counter,
line 596 - E128 continuation line under-indented for visual indent | identity_public_key_bytes, blinded_key_bytes, subcredential_bytes)
line 602 - E305 expected 2 blank lines after class or function definition, found 1 | HiddenServiceDescriptor = HiddenServiceDescriptorV2
---
stem/descriptor/certificate.py | 18 ++--
stem/descriptor/hidden_service.py | 13 ++-
stem/descriptor/hsv3_crypto.py | 133 +++++++++++++++---------------
test/settings.cfg | 1 +
test/unit/descriptor/hidden_service_v3.py | 2 +-
5 files changed, 87 insertions(+), 80 deletions(-)
diff --git a/stem/descriptor/certificate.py b/stem/descriptor/certificate.py
index 470fa623..cdde0c24 100644
--- a/stem/descriptor/certificate.py
+++ b/stem/descriptor/certificate.py
@@ -73,8 +73,15 @@ ED25519_HEADER_LENGTH = 40
ED25519_SIGNATURE_LENGTH = 64
ED25519_ROUTER_SIGNATURE_PREFIX = b'Tor router descriptor signature v1'
-CertType = stem.util.enum.UppercaseEnum('SIGNING', 'LINK_CERT', 'AUTH',
- "HS_V3_DESC_SIGNING_KEY", "HS_V3_INTRO_POINT_AUTH_KEY", "HS_V3_INTRO_POINT_ENC_KEY")
+CertType = stem.util.enum.UppercaseEnum(
+ 'SIGNING',
+ 'LINK_CERT',
+ 'AUTH',
+ 'HS_V3_DESC_SIGNING_KEY',
+ 'HS_V3_INTRO_POINT_AUTH_KEY',
+ 'HS_V3_INTRO_POINT_ENC_KEY',
+)
+
ExtensionType = stem.util.enum.Enum(('HAS_SIGNING_KEY', 4),)
ExtensionFlag = stem.util.enum.UppercaseEnum('AFFECTS_VALIDATION', 'UNKNOWN')
@@ -162,14 +169,15 @@ class Ed25519CertificateV1(Ed25519Certificate):
self.type = CertType.AUTH
elif cert_type == 7:
raise ValueError('Ed25519 certificate cannot have a type of 7. This is reserved for RSA identity cross-certification.')
- elif cert_type == 8: # see rend-spec-v3.txt appendix E for these defintions
+ elif cert_type == 8:
+ # see rend-spec-v3.txt appendix E for these defintions
self.type = CertType.HS_V3_DESC_SIGNING_KEY
elif cert_type == 9:
self.type = CertType.HS_V3_INTRO_POINT_AUTH_KEY
elif cert_type == 0x0B:
self.type = CertType.HS_V3_INTRO_POINT_ENC_KEY
else:
- raise ValueError("Ed25519 certificate type is an unknown value %i." % cert_type)
+ raise ValueError('Ed25519 certificate type %i is unrecognized' % cert_type)
# expiration time is in hours since epoch
try:
@@ -307,5 +315,3 @@ class Ed25519CertificateV1(Ed25519Certificate):
raise ValueError('Signing key extension has malformed key')
return signing_key_extension.data
-
-
diff --git a/stem/descriptor/hidden_service.py b/stem/descriptor/hidden_service.py
index 9e6de0d9..83aff8b8 100644
--- a/stem/descriptor/hidden_service.py
+++ b/stem/descriptor/hidden_service.py
@@ -560,7 +560,7 @@ class HiddenServiceDescriptorV3(BaseHiddenServiceDescriptor):
if not skip_crypto_validation and stem.prereq.is_crypto_available():
if self.onion_address is None:
- raise ValueError("Onion address is required to decrypt v3 hidden service descriptors")
+ raise ValueError('Onion address is required to decrypt v3 hidden service descriptors')
# ATAGAR XXX need to do this cert extraction in the parsing handler
assert(self.signing_cert)
@@ -568,7 +568,7 @@ class HiddenServiceDescriptorV3(BaseHiddenServiceDescriptor):
assert(cert_lines[0] == '-----BEGIN ED25519 CERT-----' and cert_lines[-1] == '-----END ED25519 CERT-----')
desc_signing_cert = stem.descriptor.certificate.Ed25519Certificate.parse(''.join(cert_lines[1:-1]))
- plaintext = self.decrypt_descriptor(desc_signing_cert)
+ self.plaintext = self.decrypt_descriptor(desc_signing_cert)
def decrypt_descriptor(self, desc_signing_cert):
# Get crypto material.
@@ -584,19 +584,16 @@ class HiddenServiceDescriptorV3(BaseHiddenServiceDescriptor):
subcredential_bytes = stem.descriptor.hsv3_crypto.get_subcredential(identity_public_key_bytes, blinded_key_bytes)
- ####################################### Do the decryption ###################################
-
- outter_layer_plaintext = stem.descriptor.hsv3_crypto.decrypt_outter_layer(self.superencrypted, self.revision_counter,
- identity_public_key_bytes, blinded_key_bytes, subcredential_bytes)
+ outter_layer_plaintext = stem.descriptor.hsv3_crypto.decrypt_outter_layer(self.superencrypted, self.revision_counter, identity_public_key_bytes, blinded_key_bytes, subcredential_bytes)
# ATAGAR XXX this parsing function is a hack. need to replace it with some stem parsing.
inner_layer_ciphertext = stem.descriptor.hsv3_crypto.parse_superencrypted_plaintext(outter_layer_plaintext)
- inner_layer_plaintext = stem.descriptor.hsv3_crypto.decrypt_inner_layer(inner_layer_ciphertext, self.revision_counter,
- identity_public_key_bytes, blinded_key_bytes, subcredential_bytes)
+ inner_layer_plaintext = stem.descriptor.hsv3_crypto.decrypt_inner_layer(inner_layer_ciphertext, self.revision_counter, identity_public_key_bytes, blinded_key_bytes, subcredential_bytes)
print(inner_layer_plaintext)
+
# TODO: drop this alias in stem 2.x
HiddenServiceDescriptor = HiddenServiceDescriptorV2
diff --git a/stem/descriptor/hsv3_crypto.py b/stem/descriptor/hsv3_crypto.py
index c3f1feb0..c83165ed 100644
--- a/stem/descriptor/hsv3_crypto.py
+++ b/stem/descriptor/hsv3_crypto.py
@@ -6,24 +6,25 @@ import stem.prereq
"""
Onion addresses
- onion_address = base32(PUBKEY | CHECKSUM | VERSION) + ".onion"
- CHECKSUM = H(".onion checksum" | PUBKEY | VERSION)[:2]
+ onion_address = base32(PUBKEY | CHECKSUM | VERSION) + '.onion'
+ CHECKSUM = H('.onion checksum' | PUBKEY | VERSION)[:2]
- PUBKEY is the 32 bytes ed25519 master pubkey of the hidden service.
- VERSION is an one byte version field (default value '\x03')
- - ".onion checksum" is a constant string
+ - '.onion checksum' is a constant string
- CHECKSUM is truncated to two bytes before inserting it in onion_address
"""
-CHECKSUM_CONSTANT = b".onion checksum"
+CHECKSUM_CONSTANT = b'.onion checksum'
+
def decode_address(onion_address_str):
"""
Parse onion_address_str and return the pubkey.
- onion_address = base32(PUBKEY | CHECKSUM | VERSION) + ".onion"
- CHECKSUM = H(".onion checksum" | PUBKEY | VERSION)[:2]
+ onion_address = base32(PUBKEY | CHECKSUM | VERSION) + '.onion'
+ CHECKSUM = H('.onion checksum' | PUBKEY | VERSION)[:2]
:return: Ed25519PublicKey
@@ -35,8 +36,8 @@ def decode_address(onion_address_str):
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
- if (len(onion_address_str) != 56 + len(".onion")):
- raise ValueError("Wrong address length")
+ if (len(onion_address_str) != 56 + len('.onion')):
+ raise ValueError('Wrong address length')
# drop the '.onion'
onion_address = onion_address_str[:56]
@@ -51,21 +52,22 @@ def decode_address(onion_address_str):
version = onion_address[34]
# Do checksum validation
- my_checksum_body = b"%s%s%s" % (CHECKSUM_CONSTANT, pubkey, bytes([version]))
+ my_checksum_body = b'%s%s%s' % (CHECKSUM_CONSTANT, pubkey, bytes([version]))
my_checksum = hashlib.sha3_256(my_checksum_body).digest()
if (checksum != my_checksum[:2]):
- raise ValueError("Bad checksum")
+ raise ValueError('Bad checksum')
return Ed25519PublicKey.from_public_bytes(pubkey)
+
"""
Blinded key stuff
Now wrt SRVs, if a client is in the time segment between a new time period
- and a new SRV (i.e. the segments drawn with "-") it uses the current SRV,
+ and a new SRV (i.e. the segments drawn with '-') it uses the current SRV,
else if the client is in a time segment between a new SRV and a new time
- period (i.e. the segments drawn with "="), it uses the previous SRV.
+ period (i.e. the segments drawn with '='), it uses the previous SRV.
"""
pass
@@ -73,27 +75,30 @@ pass
"""
Subcredential:
- subcredential = H("subcredential" | credential | blinded-public-key
- credential = H("credential" | public-identity-key)
+ subcredential = H('subcredential' | credential | blinded-public-key
+ credential = H('credential' | public-identity-key)
Both keys are in bytes
"""
+
+
def get_subcredential(public_identity_key, blinded_key):
- cred_bytes_constant = "credential".encode()
- subcred_bytes_constant = "subcredential".encode()
+ cred_bytes_constant = 'credential'.encode()
+ subcred_bytes_constant = 'subcredential'.encode()
- credential = hashlib.sha3_256(b"%s%s" % (cred_bytes_constant, public_identity_key)).digest()
- subcredential = hashlib.sha3_256(b"%s%s%s" % (subcred_bytes_constant, credential, blinded_key)).digest()
+ credential = hashlib.sha3_256(b'%s%s' % (cred_bytes_constant, public_identity_key)).digest()
+ subcredential = hashlib.sha3_256(b'%s%s%s' % (subcred_bytes_constant, credential, blinded_key)).digest()
- print("public_identity_key: %s" % (public_identity_key.hex()))
- print("credential: %s" % (credential.hex()))
- print("blinded_key: %s" % (blinded_key.hex()))
- print("subcredential: %s" % (subcredential.hex()))
+ print('public_identity_key: %s' % (public_identity_key.hex()))
+ print('credential: %s' % (credential.hex()))
+ print('blinded_key: %s' % (blinded_key.hex()))
+ print('subcredential: %s' % (subcredential.hex()))
- print("===")
+ print('===')
return subcredential
+
"""
Basic descriptor logic:
@@ -114,11 +119,11 @@ Layer data:
2.5.1.1. First layer encryption logic
SECRET_DATA = blinded-public-key
- STRING_CONSTANT = "hsdir-superencrypted-data"
+ STRING_CONSTANT = 'hsdir-superencrypted-data'
2.5.2.1. Second layer encryption keys
SECRET_DATA = blinded-public-key | descriptor_cookie
- STRING_CONSTANT = "hsdir-encrypted-data"
+ STRING_CONSTANT = 'hsdir-encrypted-data'
"""
SALT_LEN = 16
@@ -128,6 +133,7 @@ S_KEY_LEN = 32
S_IV_LEN = 16
MAC_KEY_LEN = 32
+
def _ciphertext_mac_is_valid(key, salt, ciphertext, mac):
"""
Instantiate MAC(key=k, message=m) with H(k_len | k | m), where k_len is
@@ -135,20 +141,22 @@ def _ciphertext_mac_is_valid(key, salt, ciphertext, mac):
XXX spec: H(mac_key_len | mac_key | salt_len | salt | encrypted)
"""
+
# Construct our own MAC first
key_len = len(key).to_bytes(8, 'big')
salt_len = len(salt).to_bytes(8, 'big')
- my_mac_body = b"%s%s%s%s%s" % (key_len, key, salt_len, salt, ciphertext)
+ my_mac_body = b'%s%s%s%s%s' % (key_len, key, salt_len, salt, ciphertext)
my_mac = hashlib.sha3_256(my_mac_body).digest()
- print("===")
- print("my mac: %s" % my_mac.hex())
- print("their mac: %s" % mac.hex())
+ print('===')
+ print('my mac: %s' % my_mac.hex())
+ print('their mac: %s' % mac.hex())
# Compare the two MACs
return my_mac == mac
+
def _decrypt_descriptor_layer(ciphertext_blob_b64, revision_counter,
public_identity_key, subcredential,
secret_data, string_constant):
@@ -159,39 +167,39 @@ def _decrypt_descriptor_layer(ciphertext_blob_b64, revision_counter,
ciphertext_blob = base64.b64decode(ciphertext_blob_b64)
if (len(ciphertext_blob) < SALT_LEN + MAC_LEN):
- raise ValueError("bad encrypted blob")
+ raise ValueError('bad encrypted blob')
salt = ciphertext_blob[:16]
ciphertext = ciphertext_blob[16:-32]
mac = ciphertext_blob[-32:]
- print("encrypted blob lenth :%s" % len(ciphertext_blob))
- print("salt: %s" % salt.hex())
- print("ciphertext length: %s" % len(ciphertext))
- print("mac: %s" % mac.hex())
- print("===")
+ print('encrypted blob lenth :%s' % len(ciphertext_blob))
+ print('salt: %s' % salt.hex())
+ print('ciphertext length: %s' % len(ciphertext))
+ print('mac: %s' % mac.hex())
+ print('===')
# INT_8(revision_counter)
rev_counter_int_8 = revision_counter.to_bytes(8, 'big')
- secret_input = b"%s%s%s" % (secret_data, subcredential, rev_counter_int_8)
+ secret_input = b'%s%s%s' % (secret_data, subcredential, rev_counter_int_8)
secret_input = secret_input
- print("secret_data (%d): %s" % (len(secret_data), secret_data.hex()))
- print("subcredential (%d): %s" % (len(subcredential), subcredential.hex()))
- print("rev counter int 8 (%d): %s" % (len(rev_counter_int_8), rev_counter_int_8.hex()))
- print("secret_input (%s): %s" % (len(secret_input), secret_input.hex()))
- print("===")
+ print('secret_data (%d): %s' % (len(secret_data), secret_data.hex()))
+ print('subcredential (%d): %s' % (len(subcredential), subcredential.hex()))
+ print('rev counter int 8 (%d): %s' % (len(rev_counter_int_8), rev_counter_int_8.hex()))
+ print('secret_input (%s): %s' % (len(secret_input), secret_input.hex()))
+ print('===')
- kdf = hashlib.shake_256(b"%s%s%s" % (secret_input, salt, string_constant))
- keys = kdf.digest(S_KEY_LEN+S_IV_LEN+MAC_KEY_LEN)
+ kdf = hashlib.shake_256(b'%s%s%s' % (secret_input, salt, string_constant))
+ keys = kdf.digest(S_KEY_LEN + S_IV_LEN + MAC_KEY_LEN)
secret_key = keys[:S_KEY_LEN]
- secret_iv = keys[S_KEY_LEN:S_KEY_LEN+S_IV_LEN]
- mac_key = keys[S_KEY_LEN+S_IV_LEN:]
+ secret_iv = keys[S_KEY_LEN:S_KEY_LEN + S_IV_LEN]
+ mac_key = keys[S_KEY_LEN + S_IV_LEN:]
- print("secret_key: %s" % secret_key.hex())
- print("secret_iv: %s" % secret_iv.hex())
- print("mac_key: %s" % mac_key.hex())
+ print('secret_key: %s' % secret_key.hex())
+ print('secret_iv: %s' % secret_iv.hex())
+ print('mac_key: %s' % mac_key.hex())
# Now time to decrypt descriptor
cipher = Cipher(algorithms.AES(secret_key), modes.CTR(secret_iv), default_backend())
@@ -200,14 +208,14 @@ def _decrypt_descriptor_layer(ciphertext_blob_b64, revision_counter,
# validate mac (the mac validates the two fields before the mac)
if not _ciphertext_mac_is_valid(mac_key, salt, ciphertext, mac):
- raise ValueError("Bad MAC!!!")
+ raise ValueError('Bad MAC!!!')
return decrypted
-def decrypt_outter_layer(superencrypted_blob_b64, revision_counter,
- public_identity_key, blinded_key, subcredential):
+
+def decrypt_outter_layer(superencrypted_blob_b64, revision_counter, public_identity_key, blinded_key, subcredential):
secret_data = blinded_key
- string_constant = b"hsdir-superencrypted-data"
+ string_constant = b'hsdir-superencrypted-data'
# XXX Remove the BEGIN MESSSAGE around the thing
superencrypted_blob_b64_lines = superencrypted_blob_b64.split('\n')
@@ -215,26 +223,22 @@ def decrypt_outter_layer(superencrypted_blob_b64, revision_counter,
assert(superencrypted_blob_b64_lines[-1] == '-----END MESSAGE-----')
superencrypted_blob_b64 = ''.join(superencrypted_blob_b64_lines[1:-1])
- print("====== Decrypting outter layer =======")
+ print('====== Decrypting outter layer =======')
- return _decrypt_descriptor_layer(superencrypted_blob_b64, revision_counter,
- public_identity_key, subcredential,
- secret_data, string_constant)
+ return _decrypt_descriptor_layer(superencrypted_blob_b64, revision_counter, public_identity_key, subcredential, secret_data, string_constant)
-def decrypt_inner_layer(encrypted_blob_b64, revision_counter,
- public_identity_key, blinded_key, subcredential):
+
+def decrypt_inner_layer(encrypted_blob_b64, revision_counter, public_identity_key, blinded_key, subcredential):
secret_data = blinded_key
- string_constant = b"hsdir-encrypted-data"
+ string_constant = b'hsdir-encrypted-data'
+
+ print('====== Decrypting inner layer =======')
- print("====== Decrypting inner layer =======")
+ return _decrypt_descriptor_layer(encrypted_blob_b64, revision_counter, public_identity_key, subcredential, secret_data, string_constant)
- return _decrypt_descriptor_layer(encrypted_blob_b64, revision_counter,
- public_identity_key, subcredential,
- secret_data, string_constant)
def parse_superencrypted_plaintext(outter_layer_plaintext):
"""Super hacky function to parse the superencrypted plaintext. This will need to be replaced by proper stem code."""
- import re
START_CONSTANT = b'-----BEGIN MESSAGE-----\n'
END_CONSTANT = b'\n-----END MESSAGE-----'
@@ -245,4 +249,3 @@ def parse_superencrypted_plaintext(outter_layer_plaintext):
start = start + len(START_CONSTANT)
return outter_layer_plaintext[start:end]
-
diff --git a/test/settings.cfg b/test/settings.cfg
index 1b971bb4..7e42b3af 100644
--- a/test/settings.cfg
+++ b/test/settings.cfg
@@ -207,6 +207,7 @@ pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.primitives.serialization.
pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.primitives.ciphers.modes' imported but unused
pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.primitives.ciphers.Cipher' imported but unused
pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.primitives.ciphers.algorithms' imported but unused
+pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey' imported but unused
pyflakes.ignore stem/prereq.py => 'lzma' imported but unused
pyflakes.ignore stem/client/datatype.py => redefinition of unused 'pop' from *
pyflakes.ignore stem/descriptor/hidden_service_descriptor.py => 'stem.descriptor.hidden_service.*' imported but unused
diff --git a/test/unit/descriptor/hidden_service_v3.py b/test/unit/descriptor/hidden_service_v3.py
index 4fdc72bd..98de246e 100644
--- a/test/unit/descriptor/hidden_service_v3.py
+++ b/test/unit/descriptor/hidden_service_v3.py
@@ -45,7 +45,7 @@ class TestHiddenServiceDescriptorV3(unittest.TestCase):
with open(get_resource('hidden_service_v3_test'), 'rb') as descriptor_file:
desc = next(stem.descriptor.parse_file(descriptor_file, 'hidden-service-descriptor-3 1.0', validate = True,
- onion_address="sltib6sxkuxh2scmtuvd5w2g7pahnzkovefxpo4e4ptnkzl5kkq5h2ad.onion"))
+ onion_address = 'sltib6sxkuxh2scmtuvd5w2g7pahnzkovefxpo4e4ptnkzl5kkq5h2ad.onion'))
self.assertEqual(3, desc.version)
self.assertEqual(180, desc.lifetime)
More information about the tor-commits
mailing list