rename "secret" to "lease_secret" and change its size from 16 to 32 bytes

src/allmydata/client.py

@@ -40,7 +40,7 @@ class Client(node.Node, Referenceable, testutil.PollMixin):
         self.logSource="Client"
         self.my_furl = None
         self.introducer_client = None
-        self.init_secret()
+        self.init_lease_secret()
         self.init_storage()
         self.init_options()
         self.add_service(Uploader())
@@ -79,11 +79,11 @@ class Client(node.Node, Referenceable, testutil.PollMixin):
             d.addErrback(log.err)
         return self._start_page_observers.when_fired()
 
-    def init_secret(self):
+    def init_lease_secret(self):
         def make_secret():
-            return idlib.b2a(os.urandom(16)) + "\n"
+            return idlib.b2a(os.urandom(hashutil.CRYPTO_VAL_SIZE)) + "\n"
         secret_s = self.get_or_create_private_config("secret", make_secret)
-        self._secret = idlib.a2b(secret_s)
+        self._lease_secret = idlib.a2b(secret_s)
 
     def init_storage(self):
         storedir = os.path.join(self.basedir, self.STOREDIR)
@@ -252,10 +252,10 @@ class Client(node.Node, Referenceable, testutil.PollMixin):
         return False
 
     def get_renewal_secret(self):
-        return hashutil.my_renewal_secret_hash(self._secret)
+        return hashutil.my_renewal_secret_hash(self._lease_secret)
 
     def get_cancel_secret(self):
-        return hashutil.my_cancel_secret_hash(self._secret)
+        return hashutil.my_cancel_secret_hash(self._lease_secret)
 
     def debug_wait_for_client_connections(self, num_clients):
         """Return a Deferred that fires (with None) when we have connections

src/allmydata/test/test_storage.py

@@ -179,7 +179,7 @@ class Server(unittest.TestCase):
 
     def setUp(self):
         self.sparent = service.MultiService()
-        self._secret = itertools.count()
+        self._lease_secret = itertools.count()
     def tearDown(self):
         return self.sparent.stopService()
 
@@ -197,8 +197,8 @@ class Server(unittest.TestCase):
         ss = self.create("test_create")
 
     def allocate(self, ss, storage_index, sharenums, size):
-        renew_secret = hashutil.tagged_hash("blah", "%d" % self._secret.next())
+        renew_secret = hashutil.tagged_hash("blah", "%d" % self._lease_secret.next())
-        cancel_secret = hashutil.tagged_hash("blah", "%d" % self._secret.next())
+        cancel_secret = hashutil.tagged_hash("blah", "%d" % self._lease_secret.next())
         return ss.remote_allocate_buckets(storage_index,
                                           renew_secret, cancel_secret,
                                           sharenums, size, Referenceable())
@@ -340,8 +340,8 @@ class Server(unittest.TestCase):
         sharenums = range(5)
         size = 100
 
-        rs0,cs0 = (hashutil.tagged_hash("blah", "%d" % self._secret.next()),
+        rs0,cs0 = (hashutil.tagged_hash("blah", "%d" % self._lease_secret.next()),
-                   hashutil.tagged_hash("blah", "%d" % self._secret.next()))
+                   hashutil.tagged_hash("blah", "%d" % self._lease_secret.next()))
         already,writers = ss.remote_allocate_buckets("si0", rs0, cs0,
                                                      sharenums, size, canary)
         self.failUnlessEqual(len(already), 0)
@@ -353,16 +353,16 @@ class Server(unittest.TestCase):
         self.failUnlessEqual(len(leases), 1)
         self.failUnlessEqual(set([l[1] for l in leases]), set([rs0]))
 
-        rs1,cs1 = (hashutil.tagged_hash("blah", "%d" % self._secret.next()),
+        rs1,cs1 = (hashutil.tagged_hash("blah", "%d" % self._lease_secret.next()),
-                   hashutil.tagged_hash("blah", "%d" % self._secret.next()))
+                   hashutil.tagged_hash("blah", "%d" % self._lease_secret.next()))
         already,writers = ss.remote_allocate_buckets("si1", rs1, cs1,
                                                      sharenums, size, canary)
         for wb in writers.values():
             wb.remote_close()
 
         # take out a second lease on si1
-        rs2,cs2 = (hashutil.tagged_hash("blah", "%d" % self._secret.next()),
+        rs2,cs2 = (hashutil.tagged_hash("blah", "%d" % self._lease_secret.next()),
-                   hashutil.tagged_hash("blah", "%d" % self._secret.next()))
+                   hashutil.tagged_hash("blah", "%d" % self._lease_secret.next()))
         already,writers = ss.remote_allocate_buckets("si1", rs2, cs2,
                                                      sharenums, size, canary)
         self.failUnlessEqual(len(already), 5)
@@ -421,10 +421,10 @@ class Server(unittest.TestCase):
 
 
         # test overlapping uploads
-        rs3,cs3 = (hashutil.tagged_hash("blah", "%d" % self._secret.next()),
+        rs3,cs3 = (hashutil.tagged_hash("blah", "%d" % self._lease_secret.next()),
-                   hashutil.tagged_hash("blah", "%d" % self._secret.next()))
+                   hashutil.tagged_hash("blah", "%d" % self._lease_secret.next()))
-        rs4,cs4 = (hashutil.tagged_hash("blah", "%d" % self._secret.next()),
+        rs4,cs4 = (hashutil.tagged_hash("blah", "%d" % self._lease_secret.next()),
-                   hashutil.tagged_hash("blah", "%d" % self._secret.next()))
+                   hashutil.tagged_hash("blah", "%d" % self._lease_secret.next()))
         already,writers = ss.remote_allocate_buckets("si3", rs3, cs3,
                                                      sharenums, size, canary)
         self.failUnlessEqual(len(already), 0)
@@ -445,7 +445,7 @@ class MutableServer(unittest.TestCase):
 
     def setUp(self):
         self.sparent = service.MultiService()
-        self._secret = itertools.count()
+        self._lease_secret = itertools.count()
     def tearDown(self):
         return self.sparent.stopService()
 
@@ -491,7 +491,7 @@ class MutableServer(unittest.TestCase):
 
     def test_allocate(self):
         ss = self.create("test_allocate")
-        self.allocate(ss, "si1", "we1", self._secret.next(),
+        self.allocate(ss, "si1", "we1", self._lease_secret.next(),
                                set([0,1,2]), 100)
 
         read = ss.remote_slot_readv

src/allmydata/util/hashutil.py

@@ -1,6 +1,12 @@
 from pycryptopp.hash.sha256 import SHA256
 import os
 
+# Various crypto values are this size: hash outputs (from SHA-256),
+# randomly-generated secrets such as the lease secret, and symmetric encryption
+# keys.  In the near future we will add DSA private keys, and salts of various
+# kinds.
+CRYPTO_VAL_SIZE=32
+
 class IntegrityCheckError(Exception):
     pass