mac = hashutil.hmac(key, IV + crypttext)
assert len(mac) == 32
return IV + crypttext + mac
+ # The MAC is not checked by readers in Tahoe >= 1.3.0, but we still produce it for the sake of older readers.
def _decrypt_rwcapdata(self, encwrcap):
IV = encwrcap[:16]
crypttext = encwrcap[16:-32]
- mac = encwrcap[-32:]
key = hashutil.mutable_rwcap_key_hash(IV, self._node.get_writekey())
- if mac != hashutil.hmac(key, IV+crypttext):
- raise hashutil.IntegrityCheckError("HMAC does not match, crypttext is corrupted")
cryptor = AES(key)
plaintext = cryptor.process(crypttext)
return plaintext
filenode = dn._node
si = IURI(filenode.get_uri()).storage_index
old_contents = filenode.all_contents[si]
- # we happen to know that the writecap is encrypted near the
- # end of the string. Flip one of its bits and make sure we
- # detect the corruption.
+ # We happen to know that the writecap MAC is near the end of the string. Flip
+ # one of its bits and make sure we ignore the corruption.
new_contents = testutil.flip_bit(old_contents, -10)
# TODO: also test flipping bits in the other portions
filenode.all_contents[si] = new_contents
d.addCallback(_corrupt)
def _check2(res):
- self.shouldFail(hashutil.IntegrityCheckError, "corrupt",
- "HMAC does not match, crypttext is corrupted",
- dn.list)
+ d = dn.list()
+ def _c3(res):
+ self.failUnless(res.has_key('child'))
+ d.addCallback(_c3)
d.addCallback(_check2)
return d
d.addCallback(_created)
# kinds.
CRYPTO_VAL_SIZE=32
-class IntegrityCheckError(Exception):
- pass
-
class _SHA256d_Hasher:
# use SHA-256d, as defined by Ferguson and Schneier: hash the output
# again to prevent length-extension attacks
projects / tahoe-lafs / tahoe-lafs.git / commitdiff