def hybrid_encrypt(data, rsa_key_der):
"""
Hybrid encryption scheme.
Encrypt the entire contents of the byte array "data" with the given "TorPublicKey" according to
the "hybrid encryption" scheme described in the main Tor specification (tor-spec.txt).
"""
rsa_key = rsa_load_der(rsa_key_der)
if len(data) < PK_DATA_LEN:
return rsa_encrypt(rsa_key, data)
aes_key_bytes = os.urandom(KEY_LEN)
# RSA(K | M1) --> C1
m1 = data[:PK_DATA_LEN_WITH_KEY]
c1 = rsa_encrypt(rsa_key, aes_key_bytes + m1)
# AES_CTR(M2) --> C2
m2 = data[PK_DATA_LEN_WITH_KEY:]
aes_key = aes_ctr_encryptor(aes_key_bytes)
c2 = aes_update(aes_key, m2)
return c1 + c2
def _get_pubkey(self, identity):
if self._certs:
cert = self._certs.find(identity)
if cert:
return rsa_load_der(cert.dir_signing_key)
def _get_pubkey(self, identity, signing_key_digest):
key_certificate = self._authorities.download_fp_sk(
identity, signing_key_digest)
certs = DirKeyCertificate(key_certificate)
return rsa_load_der(certs.dir_signing_key)