[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [stem/master] Note ed25519 improvement in the changelog
commit f8c830205feaf0868ab3d563abe79e1aafcf4604
Author: Damian Johnson <atagar@xxxxxxxxxxxxxx>
Date: Wed Apr 10 10:59:49 2019 -0700
Note ed25519 improvement in the changelog
Yikes. Illia's patch is phenominal, really the only really worth adding is the
changelog entry.
---
docs/change_log.rst | 1 +
stem/descriptor/certificate.py | 5 +++--
stem/prereq.py | 12 +++++++-----
test/settings.cfg | 1 +
4 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/docs/change_log.rst b/docs/change_log.rst
index f188c885..c647c001 100644
--- a/docs/change_log.rst
+++ b/docs/change_log.rst
@@ -56,6 +56,7 @@ The following are only available within Stem's `git repository
* **Descriptors**
* `Bandwidth file support <api/descriptor/bandwidth_file.html>`_ (:trac:`29056`)
+ * Ed25519 validity checks are now done though the cryptography module rather than PyNaCl (:trac:`22022`)
* Download compressed descriptors by default (:trac:`29186`)
* Added :func:`stem.descriptor.remote.get_microdescriptors`
* Added :class:`~stem.descriptor.networkstatus.DetachedSignature` parsing (:trac:`28495`)
diff --git a/stem/descriptor/certificate.py b/stem/descriptor/certificate.py
index 2f62e889..449e106c 100644
--- a/stem/descriptor/certificate.py
+++ b/stem/descriptor/certificate.py
@@ -224,11 +224,12 @@ class Ed25519CertificateV1(Ed25519Certificate):
:raises:
* **ValueError** if signing key or descriptor are invalid
- * **ImportError** if cryptography module is unavailable or ed25519 is not supported
+ * **ImportError** if cryptography module is unavailable or ed25519 is
+ unsupported
"""
if not stem.prereq._is_crypto_ed25519_supported():
- raise ImportError('Certificate validation requires the cryptography module and support of ed25519')
+ raise ImportError('Certificate validation requires the cryptography module and ed25519 support')
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
from cryptography.exceptions import InvalidSignature
diff --git a/stem/prereq.py b/stem/prereq.py
index c2b546dc..1e4450c7 100644
--- a/stem/prereq.py
+++ b/stem/prereq.py
@@ -29,7 +29,7 @@ import sys
CRYPTO_UNAVAILABLE = "Unable to import the cryptography module. Because of this we'll be unable to verify descriptor signature integrity. You can get cryptography from: https://pypi.python.org/pypi/cryptography"
ZSTD_UNAVAILABLE = 'ZSTD compression requires the zstandard module (https://pypi.python.org/pypi/zstandard)'
LZMA_UNAVAILABLE = 'LZMA compression requires the lzma module (https://docs.python.org/3/library/lzma.html)'
-ED25519_UNSUPPORTED = "Unable to verify descriptor ed25519 certificate integrity. ed25519 is not supported by installed versions of OpenSSL and/or cryptography"
+ED25519_UNSUPPORTED = 'Unable to verify descriptor ed25519 certificate integrity. ed25519 is not supported by installed versions of OpenSSL and/or cryptography'
def check_requirements():
@@ -248,13 +248,15 @@ def _is_crypto_ed25519_supported():
:returns: **True** if ed25519 is supported and **False** otherwise
"""
- from stem.util import log
if not is_crypto_available():
return False
+ from stem.util import log
from cryptography.hazmat.backends.openssl.backend import backend
- supported = hasattr(backend, 'ed25519_supported') and backend.ed25519_supported()
- if not supported:
+
+ if hasattr(backend, 'ed25519_supported') and backend.ed25519_supported():
+ return True
+ else:
log.log_once('stem.prereq._is_crypto_ed25519_supported', log.INFO, ED25519_UNSUPPORTED)
- return supported
+ return False
diff --git a/test/settings.cfg b/test/settings.cfg
index 6bdf9394..944428e2 100644
--- a/test/settings.cfg
+++ b/test/settings.cfg
@@ -172,6 +172,7 @@ pyflakes.ignore stem/prereq.py => 'sqlite3' imported but unused
pyflakes.ignore stem/prereq.py => 'cryptography.utils.int_to_bytes' imported but unused
pyflakes.ignore stem/prereq.py => 'cryptography.utils.int_from_bytes' imported but unused
pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.backends.default_backend' imported but unused
+pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.backends.openssl.backend.backend' imported but unused
pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.primitives.serialization.load_der_public_key' imported but unused
pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.primitives.ciphers.modes' imported but unused
pyflakes.ignore stem/prereq.py => 'cryptography.hazmat.primitives.ciphers.Cipher' imported but unused
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits