ExternalVendorCode/tahoe-lafs
1
0
Fork 0
mirror of https://github.com/tahoe-lafs/tahoe-lafs.git synced 2025-02-26 11:30:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
tahoe-lafs/src/allmydata/util/hashutil.py

280 lines
8.2 KiB
Python
Raw Normal View History

Manual part of port to Python 3.
2020-07-15 14:55:56 -04:00
"""
Hashing utilities.
Finish porting to Python 3.
2020-07-15 15:00:29 -04:00
Ported to Python 3.
Manual part of port to Python 3.
2020-07-15 14:55:56 -04:00
"""
Finish porting to Python 3.
2020-07-15 15:00:29 -04:00
from __future__ import absolute_import
from __future__ import division
from __future__ import print_function
from __future__ import unicode_literals
from future.utils import PY2
if PY2:
Death to newint.
2020-08-05 11:53:23 -04:00
from builtins import filter, map, zip, ascii, chr, hex, input, next, oct, open, pow, round, super, bytes, dict, list, object, range, str, max, min # noqa: F401
Manual part of port to Python 3.
2020-07-15 14:55:56 -04:00
from past.builtins import chr as byteschr
vdrive: switch to URI:DIR and URI:DIR-RO, providing transitive readonlyness
2007-06-25 13:23:51 -07:00
import os
add hashutil.permute_server_hash which uses SHA1 to combine the file's storage index (known as "peer selection index" in this context) and each server's "server permutation seed". This is the only thing in tahoe that uses SHA1. With this change, we stop importing sha1 from anywhere else.
2016-09-26 20:42:42 -07:00
import hashlib
move netstring() and split_netstring() into a separate util.netstring module
2008-09-25 21:38:24 -07:00
from allmydata.util.netstring import netstring
hashutil: convenience methods for tagged and encoded hashes In various cases, including Merkle Trees, it is useful to tag and encode the inputs to your secure hashes to prevent security flaws due to ambiguous meanings of hash values.
2007-03-29 18:11:30 -07:00
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
# Be very very cautious when modifying this file. Almost any change will
# cause a compatibility break, invalidating all outstanding URIs and making
# any previously uploaded files become inaccessible. BE CONSERVATIVE AND TEST
# AGAINST OLD DATA!
# Various crypto values are this size: hash outputs (from SHA-256d),
rename "secret" to "lease_secret" and change its size from 16 to 32 bytes
2007-12-17 18:34:11 -07:00
# randomly-generated secrets such as the lease secret, and symmetric encryption
# keys. In the near future we will add DSA private keys, and salts of various
# kinds.
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
CRYPTO_VAL_SIZE = 32
rename "secret" to "lease_secret" and change its size from 16 to 32 bytes
2007-12-17 18:34:11 -07:00
ported old-style classes to new-style
2019-05-15 08:17:44 +02:00
class _SHA256d_Hasher(object):
hashutil: add tagged_hash_256d and tagged_hasher_256d
2008-02-06 19:36:43 -07:00
# use SHA-256d, as defined by Ferguson and Schneier: hash the output
# again to prevent length-extension attacks
def __init__(self, truncate_to=None):
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
self.h = hashlib.sha256()
hashutil: add tagged_hash_256d and tagged_hasher_256d
2008-02-06 19:36:43 -07:00
self.truncate_to = truncate_to
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
self._digest = None
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
hashutil: add tagged_hash_256d and tagged_hasher_256d
2008-02-06 19:36:43 -07:00
def update(self, data):
str -> bytes
2019-07-08 14:16:37 -06:00
assert isinstance(data, bytes) # no unicode
hashutil: add tagged_hash_256d and tagged_hasher_256d
2008-02-06 19:36:43 -07:00
self.h.update(data)
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
hashutil: add tagged_hash_256d and tagged_hasher_256d
2008-02-06 19:36:43 -07:00
def digest(self):
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
if self._digest is None:
h1 = self.h.digest()
del self.h
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
h2 = hashlib.sha256(h1).digest()
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
if self.truncate_to:
h2 = h2[:self.truncate_to]
self._digest = h2
return self._digest
def tagged_hasher(tag, truncate_to=None):
hasher = _SHA256d_Hasher(truncate_to)
hashutil: add tagged_hash_256d and tagged_hasher_256d
2008-02-06 19:36:43 -07:00
hasher.update(netstring(tag))
return hasher
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
def tagged_hash(tag, val, truncate_to=None):
hasher = tagged_hasher(tag, truncate_to)
hasher.update(val)
return hasher.digest()
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
def tagged_pair_hash(tag, val1, val2, truncate_to=None):
s = _SHA256d_Hasher(truncate_to)
hashutil: convenience methods for tagged and encoded hashes In various cases, including Merkle Trees, it is useful to tag and encode the inputs to your secure hashes to prevent security flaws due to ambiguous meanings of hash values.
2007-03-29 18:11:30 -07:00
s.update(netstring(tag))
s.update(netstring(val1))
s.update(netstring(val2))
return s.digest()
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
# specific hash tags that we use
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
# immutable
Manual part of port to Python 3.
2020-07-15 14:55:56 -04:00
STORAGE_INDEX_TAG = b"allmydata_immutable_key_to_storage_index_v1"
BLOCK_TAG = b"allmydata_encoded_subshare_v1"
UEB_TAG = b"allmydata_uri_extension_v1"
PLAINTEXT_TAG = b"allmydata_plaintext_v1"
CIPHERTEXT_TAG = b"allmydata_crypttext_v1"
CIPHERTEXT_SEGMENT_TAG = b"allmydata_crypttext_segment_v1"
PLAINTEXT_SEGMENT_TAG = b"allmydata_plaintext_segment_v1"
CONVERGENT_ENCRYPTION_TAG = b"allmydata_immutable_content_to_key_with_added_secret_v1+"
CLIENT_RENEWAL_TAG = b"allmydata_client_renewal_secret_v1"
CLIENT_CANCEL_TAG = b"allmydata_client_cancel_secret_v1"
FILE_RENEWAL_TAG = b"allmydata_file_renewal_secret_v1"
FILE_CANCEL_TAG = b"allmydata_file_cancel_secret_v1"
BUCKET_RENEWAL_TAG = b"allmydata_bucket_renewal_secret_v1"
BUCKET_CANCEL_TAG = b"allmydata_bucket_cancel_secret_v1"
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
# mutable
Manual part of port to Python 3.
2020-07-15 14:55:56 -04:00
MUTABLE_WRITEKEY_TAG = b"allmydata_mutable_privkey_to_writekey_v1"
MUTABLE_WRITE_ENABLER_MASTER_TAG = b"allmydata_mutable_writekey_to_write_enabler_master_v1"
MUTABLE_WRITE_ENABLER_TAG = b"allmydata_mutable_write_enabler_master_and_nodeid_to_write_enabler_v1"
MUTABLE_PUBKEY_TAG = b"allmydata_mutable_pubkey_to_fingerprint_v1"
MUTABLE_READKEY_TAG = b"allmydata_mutable_writekey_to_readkey_v1"
MUTABLE_DATAKEY_TAG = b"allmydata_mutable_readkey_to_datakey_v1"
MUTABLE_STORAGEINDEX_TAG = b"allmydata_mutable_readkey_to_storage_index_v1"
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
# dirnodes
Manual part of port to Python 3.
2020-07-15 14:55:56 -04:00
DIRNODE_CHILD_WRITECAP_TAG = b"allmydata_mutable_writekey_and_salt_to_dirnode_child_capkey_v1"
DIRNODE_CHILD_SALT_TAG = b"allmydata_dirnode_child_rwcap_to_salt_v1"
move almost all hashing to SHA256, consolidate into hashutil.py The only SHA-1 hash that remains is used in the permutation of nodeids, where we need to decide if we care about performance or long-term security. I suspect that we could use a much weaker hash (and faster) hash for this purpose. In the long run, we'll be doing thousands of such hashes for each file uploaded or downloaded (one per known peer).
2007-06-07 21:47:21 -07:00
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
rename storage_index_chk_hash() to storage_index_hash() and add TODO about how our use of it now includes keys that are not CHKs
2008-02-01 12:27:37 -07:00
def storage_index_hash(key):
truncate storage index to 128 bits, since it's derived from a 128 bit AES key
2007-07-22 19:48:44 -07:00
# storage index is truncated to 128 bits (16 bytes). We're only hashing a
use added secret to protect convergent encryption Now upload or encode methods take a required argument named "convergence" which can be either None, indicating no convergent encryption at all, or a string, which is the "added secret" to be mixed in to the content hash key. If you want traditional convergent encryption behavior, set the added secret to be the empty string. This patch also renames "content hash key" to "convergent encryption" in a argument names and variable names. (A different and larger renaming is needed in order to clarify that Tahoe supports immutable files which are not encrypted content-hash-key a.k.a. convergent encryption.) This patch also changes a few unit tests to use non-convergent encryption, because it doesn't matter for what they are testing and non-convergent encryption is slightly faster.
2008-03-24 09:46:06 -07:00
# 16-byte value to get it, so there's no point in using a larger value. We
# use this same tagged hash to go from encryption key to storage index for
# random-keyed immutable files and convergent-encryption immutabie
change encryption-key hash to include encoding parameters. This is a minor compatibility break: CHK files encoded (with convergence) before and after this will have different keys and ciphertexts. Also switched to SHA-256d for both the data-to-key hash and the key-to-storageindex hash
2008-02-06 19:50:47 -07:00
# files. Mutable files use ssk_storage_index_hash().
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_hash(STORAGE_INDEX_TAG, key, 16)
upload: refactor to enable streaming upload. not all tests pass yet
2007-07-19 18:21:44 -07:00
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
move almost all hashing to SHA256, consolidate into hashutil.py The only SHA-1 hash that remains is used in the permutation of nodeids, where we need to decide if we care about performance or long-term security. I suspect that we could use a much weaker hash (and faster) hash for this purpose. In the long run, we'll be doing thousands of such hashes for each file uploaded or downloaded (one per known peer).
2007-06-07 21:47:21 -07:00
def block_hash(data):
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_hash(BLOCK_TAG, data)
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
move almost all hashing to SHA256, consolidate into hashutil.py The only SHA-1 hash that remains is used in the permutation of nodeids, where we need to decide if we care about performance or long-term security. I suspect that we could use a much weaker hash (and faster) hash for this purpose. In the long run, we'll be doing thousands of such hashes for each file uploaded or downloaded (one per known peer).
2007-06-07 21:47:21 -07:00
def block_hasher():
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_hasher(BLOCK_TAG)
move almost all hashing to SHA256, consolidate into hashutil.py The only SHA-1 hash that remains is used in the permutation of nodeids, where we need to decide if we care about performance or long-term security. I suspect that we could use a much weaker hash (and faster) hash for this purpose. In the long run, we'll be doing thousands of such hashes for each file uploaded or downloaded (one per known peer).
2007-06-07 21:47:21 -07:00
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
rename thingA to 'uri extension'
2007-06-08 15:59:16 -07:00
def uri_extension_hash(data):
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_hash(UEB_TAG, data)
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
rename thingA to 'uri extension'
2007-06-08 15:59:16 -07:00
def uri_extension_hasher():
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_hasher(UEB_TAG)
move almost all hashing to SHA256, consolidate into hashutil.py The only SHA-1 hash that remains is used in the permutation of nodeids, where we need to decide if we care about performance or long-term security. I suspect that we could use a much weaker hash (and faster) hash for this purpose. In the long run, we'll be doing thousands of such hashes for each file uploaded or downloaded (one per known peer).
2007-06-07 21:47:21 -07:00
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
rename fileid/verifierid to plaintext_hash/crypttext_hash
2007-06-09 20:46:04 -07:00
def plaintext_hash(data):
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_hash(PLAINTEXT_TAG, data)
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
rename fileid/verifierid to plaintext_hash/crypttext_hash
2007-06-09 20:46:04 -07:00
def plaintext_hasher():
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_hasher(PLAINTEXT_TAG)
rename fileid/verifierid to plaintext_hash/crypttext_hash
2007-06-09 20:46:04 -07:00
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
rename fileid/verifierid to plaintext_hash/crypttext_hash
2007-06-09 20:46:04 -07:00
def crypttext_hash(data):
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_hash(CIPHERTEXT_TAG, data)
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
rename fileid/verifierid to plaintext_hash/crypttext_hash
2007-06-09 20:46:04 -07:00
def crypttext_hasher():
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_hasher(CIPHERTEXT_TAG)
move almost all hashing to SHA256, consolidate into hashutil.py The only SHA-1 hash that remains is used in the permutation of nodeids, where we need to decide if we care about performance or long-term security. I suspect that we could use a much weaker hash (and faster) hash for this purpose. In the long run, we'll be doing thousands of such hashes for each file uploaded or downloaded (one per known peer).
2007-06-07 21:47:21 -07:00
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
move almost all hashing to SHA256, consolidate into hashutil.py The only SHA-1 hash that remains is used in the permutation of nodeids, where we need to decide if we care about performance or long-term security. I suspect that we could use a much weaker hash (and faster) hash for this purpose. In the long run, we'll be doing thousands of such hashes for each file uploaded or downloaded (one per known peer).
2007-06-07 21:47:21 -07:00
def crypttext_segment_hash(data):
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_hash(CIPHERTEXT_SEGMENT_TAG, data)
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
move almost all hashing to SHA256, consolidate into hashutil.py The only SHA-1 hash that remains is used in the permutation of nodeids, where we need to decide if we care about performance or long-term security. I suspect that we could use a much weaker hash (and faster) hash for this purpose. In the long run, we'll be doing thousands of such hashes for each file uploaded or downloaded (one per known peer).
2007-06-07 21:47:21 -07:00
def crypttext_segment_hasher():
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_hasher(CIPHERTEXT_SEGMENT_TAG)
move almost all hashing to SHA256, consolidate into hashutil.py The only SHA-1 hash that remains is used in the permutation of nodeids, where we need to decide if we care about performance or long-term security. I suspect that we could use a much weaker hash (and faster) hash for this purpose. In the long run, we'll be doing thousands of such hashes for each file uploaded or downloaded (one per known peer).
2007-06-07 21:47:21 -07:00
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
move almost all hashing to SHA256, consolidate into hashutil.py The only SHA-1 hash that remains is used in the permutation of nodeids, where we need to decide if we care about performance or long-term security. I suspect that we could use a much weaker hash (and faster) hash for this purpose. In the long run, we'll be doing thousands of such hashes for each file uploaded or downloaded (one per known peer).
2007-06-07 21:47:21 -07:00
def plaintext_segment_hash(data):
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_hash(PLAINTEXT_SEGMENT_TAG, data)
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
move almost all hashing to SHA256, consolidate into hashutil.py The only SHA-1 hash that remains is used in the permutation of nodeids, where we need to decide if we care about performance or long-term security. I suspect that we could use a much weaker hash (and faster) hash for this purpose. In the long run, we'll be doing thousands of such hashes for each file uploaded or downloaded (one per known peer).
2007-06-07 21:47:21 -07:00
def plaintext_segment_hasher():
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_hasher(PLAINTEXT_SEGMENT_TAG)
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
KEYLEN = 16
directories: make the IV for the writecaps in directory entries be computed from the secure hash of the writecap itself This makes encoding of directory entries deterministic, and it is also a tad faster on Macbook Pro than getting a random IV with os.urandom(16).
2009-07-04 19:48:15 -07:00
IVLEN = 16
move almost all hashing to SHA256, consolidate into hashutil.py The only SHA-1 hash that remains is used in the permutation of nodeids, where we need to decide if we care about performance or long-term security. I suspect that we could use a much weaker hash (and faster) hash for this purpose. In the long run, we'll be doing thousands of such hashes for each file uploaded or downloaded (one per known peer).
2007-06-07 21:47:21 -07:00
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
use added secret to protect convergent encryption Now upload or encode methods take a required argument named "convergence" which can be either None, indicating no convergent encryption at all, or a string, which is the "added secret" to be mixed in to the content hash key. If you want traditional convergent encryption behavior, set the added secret to be the empty string. This patch also renames "content hash key" to "convergent encryption" in a argument names and variable names. (A different and larger renaming is needed in order to clarify that Tahoe supports immutable files which are not encrypted content-hash-key a.k.a. convergent encryption.) This patch also changes a few unit tests to use non-convergent encryption, because it doesn't matter for what they are testing and non-convergent encryption is slightly faster.
2008-03-24 09:46:06 -07:00
def convergence_hash(k, n, segsize, data, convergence):
h = convergence_hasher(k, n, segsize, convergence)
h.update(data)
return h.digest()
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
use added secret to protect convergent encryption Now upload or encode methods take a required argument named "convergence" which can be either None, indicating no convergent encryption at all, or a string, which is the "added secret" to be mixed in to the content hash key. If you want traditional convergent encryption behavior, set the added secret to be the empty string. This patch also renames "content hash key" to "convergent encryption" in a argument names and variable names. (A different and larger renaming is needed in order to clarify that Tahoe supports immutable files which are not encrypted content-hash-key a.k.a. convergent encryption.) This patch also changes a few unit tests to use non-convergent encryption, because it doesn't matter for what they are testing and non-convergent encryption is slightly faster.
2008-03-24 09:46:06 -07:00
def convergence_hasher(k, n, segsize, convergence):
Manual part of port to Python 3.
2020-07-15 14:55:56 -04:00
assert isinstance(convergence, bytes)
param_tag = netstring(b"%d,%d,%d" % (k, n, segsize))
use added secret to protect convergent encryption Now upload or encode methods take a required argument named "convergence" which can be either None, indicating no convergent encryption at all, or a string, which is the "added secret" to be mixed in to the content hash key. If you want traditional convergent encryption behavior, set the added secret to be the empty string. This patch also renames "content hash key" to "convergent encryption" in a argument names and variable names. (A different and larger renaming is needed in order to clarify that Tahoe supports immutable files which are not encrypted content-hash-key a.k.a. convergent encryption.) This patch also changes a few unit tests to use non-convergent encryption, because it doesn't matter for what they are testing and non-convergent encryption is slightly faster.
2008-03-24 09:46:06 -07:00
tag = CONVERGENT_ENCRYPTION_TAG + netstring(convergence) + param_tag
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_hasher(tag, KEYLEN)
move almost all hashing to SHA256, consolidate into hashutil.py The only SHA-1 hash that remains is used in the permutation of nodeids, where we need to decide if we care about performance or long-term security. I suspect that we could use a much weaker hash (and faster) hash for this purpose. In the long run, we'll be doing thousands of such hashes for each file uploaded or downloaded (one per known peer).
2007-06-07 21:47:21 -07:00
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
vdrive: switch to URI:DIR and URI:DIR-RO, providing transitive readonlyness
2007-06-25 13:23:51 -07:00
def random_key():
return os.urandom(KEYLEN)
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
deletion phase2a: improve creation of renew/cancel secrets. Still fake though.
2007-08-27 19:00:18 -07:00
def my_renewal_secret_hash(my_secret):
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_hash(my_secret, CLIENT_RENEWAL_TAG)
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
deletion phase2a: improve creation of renew/cancel secrets. Still fake though.
2007-08-27 19:00:18 -07:00
def my_cancel_secret_hash(my_secret):
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_hash(my_secret, CLIENT_CANCEL_TAG)
deletion phase2a: improve creation of renew/cancel secrets. Still fake though.
2007-08-27 19:00:18 -07:00
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
deletion phase2a: improve creation of renew/cancel secrets. Still fake though.
2007-08-27 19:00:18 -07:00
def file_renewal_secret_hash(client_renewal_secret, storage_index):
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_pair_hash(FILE_RENEWAL_TAG,
deletion phase2a: improve creation of renew/cancel secrets. Still fake though.
2007-08-27 19:00:18 -07:00
client_renewal_secret, storage_index)
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
deletion phase2a: improve creation of renew/cancel secrets. Still fake though.
2007-08-27 19:00:18 -07:00
def file_cancel_secret_hash(client_cancel_secret, storage_index):
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_pair_hash(FILE_CANCEL_TAG,
deletion phase2a: improve creation of renew/cancel secrets. Still fake though.
2007-08-27 19:00:18 -07:00
client_cancel_secret, storage_index)
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
deletion phase2a: improve creation of renew/cancel secrets. Still fake though.
2007-08-27 19:00:18 -07:00
def bucket_renewal_secret_hash(file_renewal_secret, peerid):
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
assert len(peerid) == 20, "%s: %r" % (len(peerid), peerid) # binary!
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_pair_hash(BUCKET_RENEWAL_TAG, file_renewal_secret, peerid)
deletion phase2a: improve creation of renew/cancel secrets. Still fake though.
2007-08-27 19:00:18 -07:00
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
deletion phase2a: improve creation of renew/cancel secrets. Still fake though.
2007-08-27 19:00:18 -07:00
def bucket_cancel_secret_hash(file_cancel_secret, peerid):
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
assert len(peerid) == 20, "%s: %r" % (len(peerid), peerid) # binary!
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_pair_hash(BUCKET_CANCEL_TAG, file_cancel_secret, peerid)
vdrive: protect dirnode contents with an HMAC
2007-06-26 12:36:21 -07:00
def _xor(a, b):
Manual part of port to Python 3.
2020-07-15 14:55:56 -04:00
return b"".join([byteschr(c ^ b) for c in a])
vdrive: protect dirnode contents with an HMAC
2007-06-26 12:36:21 -07:00
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
vdrive: protect dirnode contents with an HMAC
2007-06-26 12:36:21 -07:00
def hmac(tag, data):
Manual part of port to Python 3.
2020-07-15 14:55:56 -04:00
tag = bytes(tag) # Make sure it matches Python 3 behavior
ikey = _xor(tag, 0x36)
okey = _xor(tag, 0x5c)
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
h1 = hashlib.sha256(ikey + data).digest()
h2 = hashlib.sha256(okey + h1).digest()
vdrive: protect dirnode contents with an HMAC
2007-06-26 12:36:21 -07:00
return h2
mutable: first pass at dirnodes, filenodes, new URIs. Some test coverage. The URI typenames need revision, and only a few dirnode methods are implemented. Filenodes are non-functional, but URI/key-management is in place. There are a lot of classes with names like "NewDirectoryNode" that will need to be rename once we decide what (if any) backwards compatibility want to retain.
2007-11-01 15:15:29 -07:00
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
mutable: first pass at dirnodes, filenodes, new URIs. Some test coverage. The URI typenames need revision, and only a few dirnode methods are implemented. Filenodes are non-functional, but URI/key-management is in place. There are a lot of classes with names like "NewDirectoryNode" that will need to be rename once we decide what (if any) backwards compatibility want to retain.
2007-11-01 15:15:29 -07:00
def mutable_rwcap_key_hash(iv, writekey):
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_pair_hash(DIRNODE_CHILD_WRITECAP_TAG, iv, writekey, KEYLEN)
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
dirnode: finish renaming "iv" to "salt" in the code and the hash tag
2009-07-12 17:13:20 -07:00
def mutable_rwcap_salt_hash(writekey):
return tagged_hash(DIRNODE_CHILD_SALT_TAG, writekey, IVLEN)
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
mutable: first pass at dirnodes, filenodes, new URIs. Some test coverage. The URI typenames need revision, and only a few dirnode methods are implemented. Filenodes are non-functional, but URI/key-management is in place. There are a lot of classes with names like "NewDirectoryNode" that will need to be rename once we decide what (if any) backwards compatibility want to retain.
2007-11-01 15:15:29 -07:00
def ssk_writekey_hash(privkey):
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_hash(MUTABLE_WRITEKEY_TAG, privkey, KEYLEN)
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
mutable: use proper enable/renew/cancel secrets
2007-11-05 21:51:08 -07:00
def ssk_write_enabler_master_hash(writekey):
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_hash(MUTABLE_WRITE_ENABLER_MASTER_TAG, writekey)
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
stabilize on 20-byte nodeids everywhere, printed with foolscap's base32
2007-11-06 18:49:59 -07:00
def ssk_write_enabler_hash(writekey, peerid):
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
assert len(peerid) == 20, "%s: %r" % (len(peerid), peerid) # binary!
mutable: use proper enable/renew/cancel secrets
2007-11-05 21:51:08 -07:00
wem = ssk_write_enabler_master_hash(writekey)
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_pair_hash(MUTABLE_WRITE_ENABLER_TAG, wem, peerid)
mutable: use proper enable/renew/cancel secrets
2007-11-05 21:51:08 -07:00
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
mutable: first pass at dirnodes, filenodes, new URIs. Some test coverage. The URI typenames need revision, and only a few dirnode methods are implemented. Filenodes are non-functional, but URI/key-management is in place. There are a lot of classes with names like "NewDirectoryNode" that will need to be rename once we decide what (if any) backwards compatibility want to retain.
2007-11-01 15:15:29 -07:00
def ssk_pubkey_fingerprint_hash(pubkey):
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_hash(MUTABLE_PUBKEY_TAG, pubkey)
mutable: first pass at dirnodes, filenodes, new URIs. Some test coverage. The URI typenames need revision, and only a few dirnode methods are implemented. Filenodes are non-functional, but URI/key-management is in place. There are a lot of classes with names like "NewDirectoryNode" that will need to be rename once we decide what (if any) backwards compatibility want to retain.
2007-11-01 15:15:29 -07:00
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
mutable: first pass at dirnodes, filenodes, new URIs. Some test coverage. The URI typenames need revision, and only a few dirnode methods are implemented. Filenodes are non-functional, but URI/key-management is in place. There are a lot of classes with names like "NewDirectoryNode" that will need to be rename once we decide what (if any) backwards compatibility want to retain.
2007-11-01 15:15:29 -07:00
def ssk_readkey_hash(writekey):
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_hash(MUTABLE_READKEY_TAG, writekey, KEYLEN)
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
mutable: implement filenode share-packing, still pretty rough
2007-11-02 20:51:39 -07:00
def ssk_readkey_data_hash(IV, readkey):
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_pair_hash(MUTABLE_DATAKEY_TAG, IV, readkey, KEYLEN)
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
mutable: first pass at dirnodes, filenodes, new URIs. Some test coverage. The URI typenames need revision, and only a few dirnode methods are implemented. Filenodes are non-functional, but URI/key-management is in place. There are a lot of classes with names like "NewDirectoryNode" that will need to be rename once we decide what (if any) backwards compatibility want to retain.
2007-11-01 15:15:29 -07:00
def ssk_storage_index_hash(readkey):
BIG COMPATIBILITY BREAK: update hash tags, switch to SHA-256d everywhere
2008-02-14 19:58:01 -07:00
return tagged_hash(MUTABLE_STORAGEINDEX_TAG, readkey, KEYLEN)
hashutil: add constant-time comparison function, to avoid timing attacks when python's short-circuiting data-dependent == operator is used to, say, check a write-enabler
2009-03-22 20:20:55 -07:00
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
Rename 'constant_time_compare' to 'timing_safe_compare'. refs #2165 Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2014-02-24 20:21:24 +00:00
def timing_safe_compare(a, b):
Use bigger random one-time keys in timing_safe_compare. fixes #2165 Follows this advice from Marsh Ray and Solar Designer: https://twitter.com/zooko/status/431105294777597952 Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2014-02-24 20:23:39 +00:00
n = os.urandom(32)
hashutil: add constant-time comparison function, to avoid timing attacks when python's short-circuiting data-dependent == operator is used to, say, check a write-enabler
2009-03-22 20:20:55 -07:00
return bool(tagged_hash(n, a) == tagged_hash(n, b))
Add dirnodes to backupdb and "tahoe backup", closes #606. * backups now share dirnodes with any previous backup, in any location, so renames and moves are handled very efficiently * "tahoe backup" no longer bothers reading the previous snapshot * if you switch grids, you should delete ~/.tahoe/private/backupdb.sqlite, to force new uploads of all files and directories
2009-11-26 15:42:57 -08:00
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
Manual part of port to Python 3.
2020-07-15 14:55:56 -04:00
BACKUPDB_DIRHASH_TAG = b"allmydata_backupdb_dirhash_v1"
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
Add dirnodes to backupdb and "tahoe backup", closes #606. * backups now share dirnodes with any previous backup, in any location, so renames and moves are handled very efficiently * "tahoe backup" no longer bothers reading the previous snapshot * if you switch grids, you should delete ~/.tahoe/private/backupdb.sqlite, to force new uploads of all files and directories
2009-11-26 15:42:57 -08:00
def backupdb_dirhash(contents):
return tagged_hash(BACKUPDB_DIRHASH_TAG, contents)
add hashutil.permute_server_hash which uses SHA1 to combine the file's storage index (known as "peer selection index" in this context) and each server's "server permutation seed". This is the only thing in tahoe that uses SHA1. With this change, we stop importing sha1 from anywhere else.
2016-09-26 20:42:42 -07:00
autopep8 on hashutil to make it more readable
2019-05-24 15:10:18 +02:00
add hashutil.permute_server_hash which uses SHA1 to combine the file's storage index (known as "peer selection index" in this context) and each server's "server permutation seed". This is the only thing in tahoe that uses SHA1. With this change, we stop importing sha1 from anywhere else.
2016-09-26 20:42:42 -07:00
def permute_server_hash(peer_selection_index, server_permutation_seed):
return hashlib.sha1(peer_selection_index + server_permutation_seed).digest()
Reference in New Issue Copy Permalink