tahoe-lafs/src/allmydata/codec.py

# -*- test-case-name: allmydata.test.test_encode_share -*-

from zope.interface import implements
from twisted.internet import defer
from allmydata.util import mathutil
from allmydata.util.assertutil import precondition
from allmydata.interfaces import ICodecEncoder, ICodecDecoder
import zfec

class CRSEncoder(object):
    implements(ICodecEncoder)
    ENCODER_TYPE = "crs"

    def set_params(self, data_size, required_shares, max_shares):
        assert required_shares <= max_shares
        self.data_size = data_size
        self.required_shares = required_shares
        self.max_shares = max_shares
        self.share_size = mathutil.div_ceil(data_size, required_shares)
        self.last_share_padding = mathutil.pad_size(self.share_size, required_shares)
        self.encoder = zfec.Encoder(required_shares, max_shares)

    def get_encoder_type(self):
        return self.ENCODER_TYPE

    def get_params(self):
        return (self.data_size, self.required_shares, self.max_shares)

    def get_serialized_params(self):
        return "%d-%d-%d" % (self.data_size, self.required_shares,
                             self.max_shares)

    def get_block_size(self):
        return self.share_size

    def encode(self, inshares, desired_share_ids=None):
        precondition(desired_share_ids is None or len(desired_share_ids) <= self.max_shares, desired_share_ids, self.max_shares)

        if desired_share_ids is None:
            desired_share_ids = range(self.max_shares)

        for inshare in inshares:
            assert len(inshare) == self.share_size, (len(inshare), self.share_size, self.data_size, self.required_shares)
        shares = self.encoder.encode(inshares, desired_share_ids)

        return defer.succeed((shares, desired_share_ids))

class CRSDecoder(object):
    implements(ICodecDecoder)

    def set_params(self, data_size, required_shares, max_shares):
        self.data_size = data_size
        self.required_shares = required_shares
        self.max_shares = max_shares

        self.chunk_size = self.required_shares
        self.num_chunks = mathutil.div_ceil(self.data_size, self.chunk_size)
        self.share_size = self.num_chunks
        self.decoder = zfec.Decoder(self.required_shares, self.max_shares)

    def get_needed_shares(self):
        return self.required_shares

    def decode(self, some_shares, their_shareids):
        precondition(len(some_shares) == len(their_shareids),
                     len(some_shares), len(their_shareids))
        precondition(len(some_shares) == self.required_shares,
                     len(some_shares), self.required_shares)
        data = self.decoder.decode(some_shares,
                                   [int(s) for s in their_shareids])
        return defer.succeed(data)

def parse_params(serializedparams):
    pieces = serializedparams.split("-")
    return int(pieces[0]), int(pieces[1]), int(pieces[2])
establish IEncoder/IDecoder, create suitable interfaces for both the simple replicating encoder and the py_ecc one, add a (failing) unit test for it 2007-01-05 04:52:51 +00:00			`# -- test-case-name: allmydata.test.test_encode_share --`

			`from zope.interface import implements`
prototype encoder 2006-12-03 00:31:26 +00:00			`from twisted.internet import defer`
hush pyflakes warnings in codec and test_codec 2007-03-28 22:31:51 +00:00			`from allmydata.util import mathutil`
hush pyflakes warnings 2007-02-02 00:13:01 +00:00			`from allmydata.util.assertutil import precondition`
change IEncoder to ICodecEncoder, to match the previous change 2007-01-12 03:57:14 +00:00			`from allmydata.interfaces import ICodecEncoder, ICodecDecoder`
finish renaminf "fec" to "zfec" in tahoe 2007-04-19 00:25:16 +00:00			`import zfec`
implement/test download, modify Storage to match 2006-12-03 10:01:43 +00:00
use pyfec instead of py_ecc for erasure coding and update API to codec 2007-02-01 23:07:00 +00:00			`class CRSEncoder(object):`
change IEncoder to ICodecEncoder, to match the previous change 2007-01-12 03:57:14 +00:00			`implements(ICodecEncoder)`
switch to pyfec 2007-03-28 07:05:16 +00:00			`ENCODER_TYPE = "crs"`
only run a single (short) py_ecc test on slave3, since it is so slow the tests timeout 2007-01-05 07:42:52 +00:00
rearrange encode/upload, add URIs, switch to ReplicatingEncoder Added metadata to the bucket store, which is used to hold the share number (but the bucket doesn't know that, it just gets a string). Modified the codec interfaces a bit. Try to pass around URIs to/from download/upload instead of verifierids. URI format is still in flux. Change the current (primitive) file encoder to use a ReplicatingEncoder because it provides ICodecEncoder. We will be moving to the (less primitive) file encoder (currently in allmydata.encode_new) eventually, but for now this change lets us test out PyRS or zooko's upcoming C-based RS codec in something larger than a single unit test. This primitive file encoder only uses a single segment, and has no merkle trees. Also added allmydata.util.deferredutil for a DeferredList wrapper that errbacks (but only when all component Deferreds have fired) if there were any errors, which unfortunately is not a behavior available from the standard DeferredList. 2007-01-16 04:22:22 +00:00			`def set_params(self, data_size, required_shares, max_shares):`
			`assert required_shares <= max_shares`
establish IEncoder/IDecoder, create suitable interfaces for both the simple replicating encoder and the py_ecc one, add a (failing) unit test for it 2007-01-05 04:52:51 +00:00			`self.data_size = data_size`
			`self.required_shares = required_shares`
rearrange encode/upload, add URIs, switch to ReplicatingEncoder Added metadata to the bucket store, which is used to hold the share number (but the bucket doesn't know that, it just gets a string). Modified the codec interfaces a bit. Try to pass around URIs to/from download/upload instead of verifierids. URI format is still in flux. Change the current (primitive) file encoder to use a ReplicatingEncoder because it provides ICodecEncoder. We will be moving to the (less primitive) file encoder (currently in allmydata.encode_new) eventually, but for now this change lets us test out PyRS or zooko's upcoming C-based RS codec in something larger than a single unit test. This primitive file encoder only uses a single segment, and has no merkle trees. Also added allmydata.util.deferredutil for a DeferredList wrapper that errbacks (but only when all component Deferreds have fired) if there were any errors, which unfortunately is not a behavior available from the standard DeferredList. 2007-01-16 04:22:22 +00:00			`self.max_shares = max_shares`
use pyfec instead of py_ecc for erasure coding and update API to codec 2007-02-01 23:07:00 +00:00			`self.share_size = mathutil.div_ceil(data_size, required_shares)`
			`self.last_share_padding = mathutil.pad_size(self.share_size, required_shares)`
finish renaminf "fec" to "zfec" in tahoe 2007-04-19 00:25:16 +00:00			`self.encoder = zfec.Encoder(required_shares, max_shares)`
establish IEncoder/IDecoder, create suitable interfaces for both the simple replicating encoder and the py_ecc one, add a (failing) unit test for it 2007-01-05 04:52:51 +00:00
			`def get_encoder_type(self):`
			`return self.ENCODER_TYPE`

download: refactor handling of URI Extension Block and crypttext hash tree, simplify things Refactor into a class the logic of asking each server in turn until one of them gives an answer that validates. It is called ValidatedThingObtainer. Refactor the downloading and verification of the URI Extension Block into a class named ValidatedExtendedURIProxy. The new logic of validating UEBs is minimalist: it doesn't require the UEB to contain any unncessary information, but of course it still accepts such information for backwards compatibility (so that this new download code is able to download files uploaded with old, and for that matter with current, upload code). The new logic of validating UEBs follows the practice of doing all validation up front. This practice advises one to isolate the validation of incoming data into one place, so that all of the rest of the code can assume only valid data. If any redundant information is present in the UEB+URI, the new code cross-checks and asserts that it is all fully consistent. This closes some issues where the uploader could have uploaded inconsistent redundant data, which would probably have caused the old downloader to simply reject that download after getting a Python exception, but perhaps could have caused greater harm to the old downloader. I removed the notion of selecting an erasure codec from codec.py based on the string that was passed in the UEB. Currently "crs" is the only such string that works, so "_assert(codec_name == 'crs')" is simpler and more explicit. This is also in keeping with the "validate up front" strategy -- now if someone sets a different string than "crs" in their UEB, the downloader will reject the download in the "validate this UEB" function instead of in a separate "select the codec instance" function. I removed the code to check plaintext hashes and plaintext Merkle Trees. Uploaders do not produce this information any more (since it potentially exposes confidential information about the file), and the unit tests for it were disabled. The downloader before this patch would check that plaintext hash or plaintext merkle tree if they were present, but not complain if they were absent. The new downloader in this patch complains if they are present and doesn't check them. (We might in the future re-introduce such hashes over the plaintext, but encrypt the hashes which are stored in the UEB to preserve confidentiality. This would be a double- check on the correctness of our own source code -- the current Merkle Tree over the ciphertext is already sufficient to guarantee the integrity of the download unless there is a bug in our Merkle Tree or AES implementation.) This patch increases the lines-of-code count by 8 (from 17,770 to 17,778), and reduces the uncovered-by-tests lines-of-code count by 24 (from 1408 to 1384). Those numbers would be more meaningful if we omitted src/allmydata/util/ from the test-coverage statistics. 2008-12-05 15:17:54 +00:00			`def get_params(self):`
			`return (self.data_size, self.required_shares, self.max_shares)`

establish IEncoder/IDecoder, create suitable interfaces for both the simple replicating encoder and the py_ecc one, add a (failing) unit test for it 2007-01-05 04:52:51 +00:00			`def get_serialized_params(self):`
switch to pyfec 2007-03-28 07:05:16 +00:00			`return "%d-%d-%d" % (self.data_size, self.required_shares,`
rearrange encode/upload, add URIs, switch to ReplicatingEncoder Added metadata to the bucket store, which is used to hold the share number (but the bucket doesn't know that, it just gets a string). Modified the codec interfaces a bit. Try to pass around URIs to/from download/upload instead of verifierids. URI format is still in flux. Change the current (primitive) file encoder to use a ReplicatingEncoder because it provides ICodecEncoder. We will be moving to the (less primitive) file encoder (currently in allmydata.encode_new) eventually, but for now this change lets us test out PyRS or zooko's upcoming C-based RS codec in something larger than a single unit test. This primitive file encoder only uses a single segment, and has no merkle trees. Also added allmydata.util.deferredutil for a DeferredList wrapper that errbacks (but only when all component Deferreds have fired) if there were any errors, which unfortunately is not a behavior available from the standard DeferredList. 2007-01-16 04:22:22 +00:00			`self.max_shares)`
establish IEncoder/IDecoder, create suitable interfaces for both the simple replicating encoder and the py_ecc one, add a (failing) unit test for it 2007-01-05 04:52:51 +00:00
finish storage server and write new download 2007-03-30 17:52:19 +00:00			`def get_block_size(self):`
			`return self.share_size`

use pyfec instead of py_ecc for erasure coding and update API to codec 2007-02-01 23:07:00 +00:00			`def encode(self, inshares, desired_share_ids=None):`
			`precondition(desired_share_ids is None or len(desired_share_ids) <= self.max_shares, desired_share_ids, self.max_shares)`

			`if desired_share_ids is None:`
			`desired_share_ids = range(self.max_shares)`

			`for inshare in inshares:`
			`assert len(inshare) == self.share_size, (len(inshare), self.share_size, self.data_size, self.required_shares)`
			`shares = self.encoder.encode(inshares, desired_share_ids)`

			`return defer.succeed((shares, desired_share_ids))`

			`class CRSDecoder(object):`
change IEncoder to ICodecEncoder, to match the previous change 2007-01-12 03:57:14 +00:00			`implements(ICodecDecoder)`
establish IEncoder/IDecoder, create suitable interfaces for both the simple replicating encoder and the py_ecc one, add a (failing) unit test for it 2007-01-05 04:52:51 +00:00
download: refactor handling of URI Extension Block and crypttext hash tree, simplify things Refactor into a class the logic of asking each server in turn until one of them gives an answer that validates. It is called ValidatedThingObtainer. Refactor the downloading and verification of the URI Extension Block into a class named ValidatedExtendedURIProxy. The new logic of validating UEBs is minimalist: it doesn't require the UEB to contain any unncessary information, but of course it still accepts such information for backwards compatibility (so that this new download code is able to download files uploaded with old, and for that matter with current, upload code). The new logic of validating UEBs follows the practice of doing all validation up front. This practice advises one to isolate the validation of incoming data into one place, so that all of the rest of the code can assume only valid data. If any redundant information is present in the UEB+URI, the new code cross-checks and asserts that it is all fully consistent. This closes some issues where the uploader could have uploaded inconsistent redundant data, which would probably have caused the old downloader to simply reject that download after getting a Python exception, but perhaps could have caused greater harm to the old downloader. I removed the notion of selecting an erasure codec from codec.py based on the string that was passed in the UEB. Currently "crs" is the only such string that works, so "_assert(codec_name == 'crs')" is simpler and more explicit. This is also in keeping with the "validate up front" strategy -- now if someone sets a different string than "crs" in their UEB, the downloader will reject the download in the "validate this UEB" function instead of in a separate "select the codec instance" function. I removed the code to check plaintext hashes and plaintext Merkle Trees. Uploaders do not produce this information any more (since it potentially exposes confidential information about the file), and the unit tests for it were disabled. The downloader before this patch would check that plaintext hash or plaintext merkle tree if they were present, but not complain if they were absent. The new downloader in this patch complains if they are present and doesn't check them. (We might in the future re-introduce such hashes over the plaintext, but encrypt the hashes which are stored in the UEB to preserve confidentiality. This would be a double- check on the correctness of our own source code -- the current Merkle Tree over the ciphertext is already sufficient to guarantee the integrity of the download unless there is a bug in our Merkle Tree or AES implementation.) This patch increases the lines-of-code count by 8 (from 17,770 to 17,778), and reduces the uncovered-by-tests lines-of-code count by 24 (from 1408 to 1384). Those numbers would be more meaningful if we omitted src/allmydata/util/ from the test-coverage statistics. 2008-12-05 15:17:54 +00:00			`def set_params(self, data_size, required_shares, max_shares):`
			`self.data_size = data_size`
			`self.required_shares = required_shares`
			`self.max_shares = max_shares`
establish IEncoder/IDecoder, create suitable interfaces for both the simple replicating encoder and the py_ecc one, add a (failing) unit test for it 2007-01-05 04:52:51 +00:00
			`self.chunk_size = self.required_shares`
			`self.num_chunks = mathutil.div_ceil(self.data_size, self.chunk_size)`
			`self.share_size = self.num_chunks`
finish renaminf "fec" to "zfec" in tahoe 2007-04-19 00:25:16 +00:00			`self.decoder = zfec.Decoder(self.required_shares, self.max_shares)`
establish IEncoder/IDecoder, create suitable interfaces for both the simple replicating encoder and the py_ecc one, add a (failing) unit test for it 2007-01-05 04:52:51 +00:00
finish storage server and write new download 2007-03-30 17:52:19 +00:00			`def get_needed_shares(self):`
rearrange encode/upload, add URIs, switch to ReplicatingEncoder Added metadata to the bucket store, which is used to hold the share number (but the bucket doesn't know that, it just gets a string). Modified the codec interfaces a bit. Try to pass around URIs to/from download/upload instead of verifierids. URI format is still in flux. Change the current (primitive) file encoder to use a ReplicatingEncoder because it provides ICodecEncoder. We will be moving to the (less primitive) file encoder (currently in allmydata.encode_new) eventually, but for now this change lets us test out PyRS or zooko's upcoming C-based RS codec in something larger than a single unit test. This primitive file encoder only uses a single segment, and has no merkle trees. Also added allmydata.util.deferredutil for a DeferredList wrapper that errbacks (but only when all component Deferreds have fired) if there were any errors, which unfortunately is not a behavior available from the standard DeferredList. 2007-01-16 04:22:22 +00:00			`return self.required_shares`

use pyfec instead of py_ecc for erasure coding and update API to codec 2007-02-01 23:07:00 +00:00			`def decode(self, some_shares, their_shareids):`
allow the introducer to set default encoding parameters. Closes #84. By writing something like "25 75 100" into a file named 'encoding_parameters' in the central Introducer's base directory, all clients which use that introducer will be advised to use 25-out-of-100 encoding for files (i.e. 100 shares will be produced, 25 are required to reconstruct, and the upload process will be happy if it can find homes for at least 75 shares). The default values are "3 7 10". For small meshes, the defaults are probably good, but for larger ones it may be appropriate to increase the number of shares. 2007-07-12 22:33:30 +00:00			`precondition(len(some_shares) == len(their_shareids),`
			`len(some_shares), len(their_shareids))`
			`precondition(len(some_shares) == self.required_shares,`
			`len(some_shares), self.required_shares)`
			`data = self.decoder.decode(some_shares,`
			`[int(s) for s in their_shareids])`
			`return defer.succeed(data)`
establish IEncoder/IDecoder, create suitable interfaces for both the simple replicating encoder and the py_ecc one, add a (failing) unit test for it 2007-01-05 04:52:51 +00:00
download: refactor handling of URI Extension Block and crypttext hash tree, simplify things Refactor into a class the logic of asking each server in turn until one of them gives an answer that validates. It is called ValidatedThingObtainer. Refactor the downloading and verification of the URI Extension Block into a class named ValidatedExtendedURIProxy. The new logic of validating UEBs is minimalist: it doesn't require the UEB to contain any unncessary information, but of course it still accepts such information for backwards compatibility (so that this new download code is able to download files uploaded with old, and for that matter with current, upload code). The new logic of validating UEBs follows the practice of doing all validation up front. This practice advises one to isolate the validation of incoming data into one place, so that all of the rest of the code can assume only valid data. If any redundant information is present in the UEB+URI, the new code cross-checks and asserts that it is all fully consistent. This closes some issues where the uploader could have uploaded inconsistent redundant data, which would probably have caused the old downloader to simply reject that download after getting a Python exception, but perhaps could have caused greater harm to the old downloader. I removed the notion of selecting an erasure codec from codec.py based on the string that was passed in the UEB. Currently "crs" is the only such string that works, so "_assert(codec_name == 'crs')" is simpler and more explicit. This is also in keeping with the "validate up front" strategy -- now if someone sets a different string than "crs" in their UEB, the downloader will reject the download in the "validate this UEB" function instead of in a separate "select the codec instance" function. I removed the code to check plaintext hashes and plaintext Merkle Trees. Uploaders do not produce this information any more (since it potentially exposes confidential information about the file), and the unit tests for it were disabled. The downloader before this patch would check that plaintext hash or plaintext merkle tree if they were present, but not complain if they were absent. The new downloader in this patch complains if they are present and doesn't check them. (We might in the future re-introduce such hashes over the plaintext, but encrypt the hashes which are stored in the UEB to preserve confidentiality. This would be a double- check on the correctness of our own source code -- the current Merkle Tree over the ciphertext is already sufficient to guarantee the integrity of the download unless there is a bug in our Merkle Tree or AES implementation.) This patch increases the lines-of-code count by 8 (from 17,770 to 17,778), and reduces the uncovered-by-tests lines-of-code count by 24 (from 1408 to 1384). Those numbers would be more meaningful if we omitted src/allmydata/util/ from the test-coverage statistics. 2008-12-05 15:17:54 +00:00			`def parse_params(serializedparams):`
			`pieces = serializedparams.split("-")`
			`return int(pieces[0]), int(pieces[1]), int(pieces[2])`