[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [stem/master] Narrow cryptography imports



commit fc747a4ec73c1b10c1c8ba158320b5b898927732
Author: Damian Johnson <atagar@xxxxxxxxxxxxxx>
Date:   Fri Oct 18 14:02:59 2019 -0700

    Narrow cryptography imports
    
    Cryptography imports must be localized to where we use it. Otherwise this
    completely breaks stem when cryptography is unavilable.
---
 stem/descriptor/hidden_service.py         | 12 ++++++++----
 stem/descriptor/hsv3_crypto.py            | 11 +++++++----
 test/unit/descriptor/hidden_service_v3.py | 12 ++++++++----
 3 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/stem/descriptor/hidden_service.py b/stem/descriptor/hidden_service.py
index 2037cc0e..8ecc0eb7 100644
--- a/stem/descriptor/hidden_service.py
+++ b/stem/descriptor/hidden_service.py
@@ -49,10 +49,6 @@ from stem.client.datatype import CertType
 from stem.descriptor import hsv3_crypto
 from stem.descriptor.certificate import Ed25519Certificate
 
-from cryptography.hazmat.primitives import serialization
-from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
-from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey
-
 
 from stem.descriptor import (
   PGP_BLOCK_END,
@@ -235,6 +231,8 @@ class IntroductionPointV3(object):
     if not descriptor_signing_privkey:
       raise ValueError('Cannot encode: Descriptor signing key not provided')
 
+    from cryptography.hazmat.primitives import serialization
+
     cert_expiration_date = datetime.datetime.utcnow() + datetime.timedelta(hours=54)
 
     body = b''
@@ -870,6 +868,9 @@ def _get_middle_descriptor_layer_body(encrypted):
   (It's just fake client auth data since client auth is disabled)
   """
 
+  from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey
+  from cryptography.hazmat.primitives import serialization
+
   fake_pub_key = X25519PrivateKey.generate().public_key()
   fake_pub_key_bytes = fake_pub_key.public_bytes(encoding = serialization.Encoding.Raw, format = serialization.PublicFormat.Raw)
   fake_pub_key_bytes_b64 = base64.b64encode(fake_pub_key_bytes)
@@ -957,6 +958,9 @@ class HiddenServiceDescriptorV3(BaseHiddenServiceDescriptor):
     the blinded key from the identity key
     """
 
+    from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
+    from cryptography.hazmat.primitives import serialization
+
     if sign:
       raise NotImplementedError('Signing of %s not implemented' % cls.__name__)
 
diff --git a/stem/descriptor/hsv3_crypto.py b/stem/descriptor/hsv3_crypto.py
index 2b99f030..8dd769c9 100644
--- a/stem/descriptor/hsv3_crypto.py
+++ b/stem/descriptor/hsv3_crypto.py
@@ -9,16 +9,14 @@ import stem.prereq
 from stem.descriptor import ed25519_exts_ref
 from stem.descriptor import slow_ed25519
 
-from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import serialization
-
 
 def pubkeys_are_equal(pubkey1, pubkey2):
   """
   Compare the raw bytes of the two pubkeys and return True if they are the same
   """
 
+  from cryptography.hazmat.primitives import serialization
+
   pubkey1_bytes = pubkey1.public_bytes(encoding = serialization.Encoding.Raw, format = serialization.PublicFormat.Raw)
   pubkey2_bytes = pubkey2.public_bytes(encoding = serialization.Encoding.Raw, format = serialization.PublicFormat.Raw)
 
@@ -42,6 +40,8 @@ certificate module.
 
 class HSv3PrivateBlindedKey(object):
   def __init__(self, hazmat_private_key, blinding_param):
+    from cryptography.hazmat.primitives import serialization
+
     secret_seed = hazmat_private_key.private_bytes(encoding = serialization.Encoding.Raw, format = serialization.PrivateFormat.Raw, encryption_algorithm = serialization.NoEncryption())
     assert(len(secret_seed) == 32)
 
@@ -195,6 +195,9 @@ def _encrypt_descriptor_layer(plaintext, revision_counter, subcredential, secret
   Encrypt descriptor layer at 'plaintext'
   """
 
+  from cryptography.hazmat.backends import default_backend
+  from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+
   salt = os.urandom(16)
 
   secret_key, secret_iv, mac_key = get_desc_keys(secret_data, string_constant, subcredential, revision_counter, salt)
diff --git a/test/unit/descriptor/hidden_service_v3.py b/test/unit/descriptor/hidden_service_v3.py
index e668b04f..1f61b23b 100644
--- a/test/unit/descriptor/hidden_service_v3.py
+++ b/test/unit/descriptor/hidden_service_v3.py
@@ -5,10 +5,6 @@ Unit tests for stem.descriptor.hidden_service for version 3.
 import functools
 import unittest
 
-from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
-from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey
-from cryptography.hazmat.primitives import serialization
-
 import stem.client.datatype
 import stem.descriptor
 import stem.prereq
@@ -151,6 +147,8 @@ class TestHiddenServiceDescriptorV3(unittest.TestCase):
       self.skipTest('(requires cryptography ed25519 support)')
       return
 
+    from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
+
     line_to_attr = {
       'hs-descriptor': 'version',
       'descriptor-lifetime': 'lifetime',
@@ -221,6 +219,9 @@ class TestHiddenServiceDescriptorV3(unittest.TestCase):
     self.assertRaisesWith(ValueError, 'Bad checksum (expected def7 but was 842e)', HiddenServiceDescriptorV3._public_key_from_address, '5' * 56)
 
   def _helper_get_intro(self):
+    from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
+    from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey
+
     link_specifiers = []
 
     link1, _ = stem.client.datatype.LinkSpecifier.pop(b'\x03\x20CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC')
@@ -252,6 +253,9 @@ class TestHiddenServiceDescriptorV3(unittest.TestCase):
       self.skipTest('(requires cryptography ed25519 support)')
       return
 
+    from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
+    from cryptography.hazmat.primitives import serialization
+
     # Build the service
     private_identity_key = Ed25519PrivateKey.from_private_bytes(b'a' * 32)
     public_identity_key = private_identity_key.public_key()



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits