From: Zooko O'Whielacronx Date: Tue, 18 Dec 2007 01:34:11 +0000 (-0700) Subject: rename "secret" to "lease_secret" and change its size from 16 to 32 bytes X-Git-Url: https://git.rkrishnan.org/pf/content/en/(%5B%5E?a=commitdiff_plain;h=08a64c3a2b9d99d98308c55068d07de53c1bece3;p=tahoe-lafs%2Ftahoe-lafs.git rename "secret" to "lease_secret" and change its size from 16 to 32 bytes --- diff --git a/src/allmydata/client.py b/src/allmydata/client.py index 61c7983f..7bf9bf3f 100644 --- a/src/allmydata/client.py +++ b/src/allmydata/client.py @@ -40,7 +40,7 @@ class Client(node.Node, Referenceable, testutil.PollMixin): self.logSource="Client" self.my_furl = None self.introducer_client = None - self.init_secret() + self.init_lease_secret() self.init_storage() self.init_options() self.add_service(Uploader()) @@ -79,11 +79,11 @@ class Client(node.Node, Referenceable, testutil.PollMixin): d.addErrback(log.err) return self._start_page_observers.when_fired() - def init_secret(self): + def init_lease_secret(self): def make_secret(): - return idlib.b2a(os.urandom(16)) + "\n" + return idlib.b2a(os.urandom(hashutil.CRYPTO_VAL_SIZE)) + "\n" secret_s = self.get_or_create_private_config("secret", make_secret) - self._secret = idlib.a2b(secret_s) + self._lease_secret = idlib.a2b(secret_s) def init_storage(self): storedir = os.path.join(self.basedir, self.STOREDIR) @@ -252,10 +252,10 @@ class Client(node.Node, Referenceable, testutil.PollMixin): return False def get_renewal_secret(self): - return hashutil.my_renewal_secret_hash(self._secret) + return hashutil.my_renewal_secret_hash(self._lease_secret) def get_cancel_secret(self): - return hashutil.my_cancel_secret_hash(self._secret) + return hashutil.my_cancel_secret_hash(self._lease_secret) def debug_wait_for_client_connections(self, num_clients): """Return a Deferred that fires (with None) when we have connections diff --git a/src/allmydata/test/test_storage.py b/src/allmydata/test/test_storage.py index 6e734390..3571bbe8 100644 --- a/src/allmydata/test/test_storage.py +++ b/src/allmydata/test/test_storage.py @@ -179,7 +179,7 @@ class Server(unittest.TestCase): def setUp(self): self.sparent = service.MultiService() - self._secret = itertools.count() + self._lease_secret = itertools.count() def tearDown(self): return self.sparent.stopService() @@ -197,8 +197,8 @@ class Server(unittest.TestCase): ss = self.create("test_create") def allocate(self, ss, storage_index, sharenums, size): - renew_secret = hashutil.tagged_hash("blah", "%d" % self._secret.next()) - cancel_secret = hashutil.tagged_hash("blah", "%d" % self._secret.next()) + renew_secret = hashutil.tagged_hash("blah", "%d" % self._lease_secret.next()) + cancel_secret = hashutil.tagged_hash("blah", "%d" % self._lease_secret.next()) return ss.remote_allocate_buckets(storage_index, renew_secret, cancel_secret, sharenums, size, Referenceable()) @@ -340,8 +340,8 @@ class Server(unittest.TestCase): sharenums = range(5) size = 100 - rs0,cs0 = (hashutil.tagged_hash("blah", "%d" % self._secret.next()), - hashutil.tagged_hash("blah", "%d" % self._secret.next())) + rs0,cs0 = (hashutil.tagged_hash("blah", "%d" % self._lease_secret.next()), + hashutil.tagged_hash("blah", "%d" % self._lease_secret.next())) already,writers = ss.remote_allocate_buckets("si0", rs0, cs0, sharenums, size, canary) self.failUnlessEqual(len(already), 0) @@ -353,16 +353,16 @@ class Server(unittest.TestCase): self.failUnlessEqual(len(leases), 1) self.failUnlessEqual(set([l[1] for l in leases]), set([rs0])) - rs1,cs1 = (hashutil.tagged_hash("blah", "%d" % self._secret.next()), - hashutil.tagged_hash("blah", "%d" % self._secret.next())) + rs1,cs1 = (hashutil.tagged_hash("blah", "%d" % self._lease_secret.next()), + hashutil.tagged_hash("blah", "%d" % self._lease_secret.next())) already,writers = ss.remote_allocate_buckets("si1", rs1, cs1, sharenums, size, canary) for wb in writers.values(): wb.remote_close() # take out a second lease on si1 - rs2,cs2 = (hashutil.tagged_hash("blah", "%d" % self._secret.next()), - hashutil.tagged_hash("blah", "%d" % self._secret.next())) + rs2,cs2 = (hashutil.tagged_hash("blah", "%d" % self._lease_secret.next()), + hashutil.tagged_hash("blah", "%d" % self._lease_secret.next())) already,writers = ss.remote_allocate_buckets("si1", rs2, cs2, sharenums, size, canary) self.failUnlessEqual(len(already), 5) @@ -421,10 +421,10 @@ class Server(unittest.TestCase): # test overlapping uploads - rs3,cs3 = (hashutil.tagged_hash("blah", "%d" % self._secret.next()), - hashutil.tagged_hash("blah", "%d" % self._secret.next())) - rs4,cs4 = (hashutil.tagged_hash("blah", "%d" % self._secret.next()), - hashutil.tagged_hash("blah", "%d" % self._secret.next())) + rs3,cs3 = (hashutil.tagged_hash("blah", "%d" % self._lease_secret.next()), + hashutil.tagged_hash("blah", "%d" % self._lease_secret.next())) + rs4,cs4 = (hashutil.tagged_hash("blah", "%d" % self._lease_secret.next()), + hashutil.tagged_hash("blah", "%d" % self._lease_secret.next())) already,writers = ss.remote_allocate_buckets("si3", rs3, cs3, sharenums, size, canary) self.failUnlessEqual(len(already), 0) @@ -445,7 +445,7 @@ class MutableServer(unittest.TestCase): def setUp(self): self.sparent = service.MultiService() - self._secret = itertools.count() + self._lease_secret = itertools.count() def tearDown(self): return self.sparent.stopService() @@ -491,7 +491,7 @@ class MutableServer(unittest.TestCase): def test_allocate(self): ss = self.create("test_allocate") - self.allocate(ss, "si1", "we1", self._secret.next(), + self.allocate(ss, "si1", "we1", self._lease_secret.next(), set([0,1,2]), 100) read = ss.remote_slot_readv diff --git a/src/allmydata/util/hashutil.py b/src/allmydata/util/hashutil.py index 98d5f151..218be2ed 100644 --- a/src/allmydata/util/hashutil.py +++ b/src/allmydata/util/hashutil.py @@ -1,6 +1,12 @@ from pycryptopp.hash.sha256 import SHA256 import os +# Various crypto values are this size: hash outputs (from SHA-256), +# randomly-generated secrets such as the lease secret, and symmetric encryption +# keys. In the near future we will add DSA private keys, and salts of various +# kinds. +CRYPTO_VAL_SIZE=32 + class IntegrityCheckError(Exception): pass