dirnode.py/_encrypt_rwcap: rename IV to "salt", which is more accurate

diff --git a/src/allmydata/dirnode.py b/src/allmydata/dirnode.py
index d4a6b3b33bd20ab403394d1923b36bfa33c4b2a8..d181cd7f9753bd93372eda3af00a71d65e669456 100644 (file)
--- a/src/allmydata/dirnode.py
+++ b/src/allmydata/dirnode.py
@@ -195,19 +195,20 @@ class NewDirectoryNode:
 
     def _encrypt_rwcap(self, rwcap):
         assert isinstance(rwcap, str)
-        IV = hashutil.mutable_rwcap_iv_hash(rwcap)
-        key = hashutil.mutable_rwcap_key_hash(IV, self._node.get_writekey())
+        salt = hashutil.mutable_rwcap_iv_hash(rwcap)
+        key = hashutil.mutable_rwcap_key_hash(salt, self._node.get_writekey())
         cryptor = AES(key)
         crypttext = cryptor.process(rwcap)
-        mac = hashutil.hmac(key, IV + crypttext)
+        mac = hashutil.hmac(key, salt + crypttext)
         assert len(mac) == 32
-        return IV + crypttext + mac
-        # The MAC is not checked by readers in Tahoe >= 1.3.0, but we still produce it for the sake of older readers.
+        return salt + crypttext + mac
+        # The MAC is not checked by readers in Tahoe >= 1.3.0, but we still
+        # produce it for the sake of older readers.
 
     def _decrypt_rwcapdata(self, encwrcap):
-        IV = encwrcap[:16]
+        salt = encwrcap[:16]
         crypttext = encwrcap[16:-32]
-        key = hashutil.mutable_rwcap_key_hash(IV, self._node.get_writekey())
+        key = hashutil.mutable_rwcap_key_hash(salt, self._node.get_writekey())
         cryptor = AES(key)
         plaintext = cryptor.process(crypttext)
         return plaintext