Fix breakage with cryptography>=42

[bryango]

This fixes the breakage for cryptography>=42. The important changes are concentrated on the last commit:

• the magical _backend workaround stops working as upstream switches to the new rust backend. To fix this, we now only validate the suffix of the digest.
• import X25519PublicKey from the updated path.

Some other changes are also added along the way, in other commits:

• clean up cryptography *_backends as they have been deprecated upstream. These are all dead code as they will be silently ignored by the cryptography module.
• add flake.{nix,lock} for easy dev env and reproducible build with the Nix package manager. If this is undesirable I can remove this commit!

[atagar]

Thanks bryango! I merged the two operative commits (skipped flake.nix since it was unrelated). Thank you!

[dotlambda]

Can we have a new release with this change?

[atagar]

For that you'd need to talk with Georg (gk@torproject.org).

[bryango]

Can we have a new release with this change?

Friendly ping @juga0 if they are interested 😉

Update: please also take a look at #152 which fixes the build for darwin. Thanks!

[juga0]

Can we have a new release with this change?

Sure, the question is when :) Is this something that is currently breaking an existing service?, could it wait ~6 months? We just created a new release, it would be great if we can wait some months before a new one and include more fixes that would appear in that time.

Thanks!

[dotlambda]

Is this something that is currently breaking an existing service?

Stem is broken in every Linux distro that ships cryptography 42.

[juga0]

Is this something that is currently breaking an existing service?

Stem is broken in every Linux distro that ships cryptography 42.

Right, but not every linux (stable) distribution ships already cryptography 42. For instance, Debian still ships 38 in stable (bookworm) and 41 in unstable.

We'll do a new release in a couple of months including the changes for cryptography 42.