From f9c1205faa15254e0b4125eb39953211f10ad407 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone <exarkun@twistedmatrix.com> Date: Fri, 12 May 2023 14:42:01 -0400 Subject: [PATCH] add storage index derivation --- src/Tahoe/SDMF/Internal/Keys.hs | 6 ++++++ src/Tahoe/SDMF/Keys.hs | 2 ++ test/Spec.hs | 8 +++++++- test/expected_values.py | 8 +++++++- 4 files changed, 22 insertions(+), 2 deletions(-) diff --git a/src/Tahoe/SDMF/Internal/Keys.hs b/src/Tahoe/SDMF/Internal/Keys.hs index 3478225..29c017f 100644 --- a/src/Tahoe/SDMF/Internal/Keys.hs +++ b/src/Tahoe/SDMF/Internal/Keys.hs @@ -97,9 +97,15 @@ deriveDataKey (SDMF_IV iv) r = sbs = B.take keyLength . taggedPairHash keyLength mutableDataKeyTag (B.pack . ByteArray.unpack $ iv) . ByteArray.convert . readKeyBytes $ r key = maybeCryptoError . cipherInit $ sbs +-- | Compute the storage index for a given read key for an SDMF share. mutableDataKeyTag :: B.ByteString mutableDataKeyTag = "allmydata_mutable_readkey_to_datakey_v1" +deriveStorageIndex :: Read -> StorageIndex +deriveStorageIndex r = StorageIndex si + where + si = taggedHash keyLength mutableStorageIndexTag . ByteArray.convert . readKeyBytes $ r + mutableStorageIndexTag :: B.ByteString mutableStorageIndexTag = "allmydata_mutable_readkey_to_storage_index_v1" diff --git a/src/Tahoe/SDMF/Keys.hs b/src/Tahoe/SDMF/Keys.hs index f5ba4ce..75a503b 100644 --- a/src/Tahoe/SDMF/Keys.hs +++ b/src/Tahoe/SDMF/Keys.hs @@ -6,9 +6,11 @@ import Tahoe.SDMF.Internal.Keys ( Read (..), SDMF_IV (..), Signature (..), + StorageIndex (..), Write (..), deriveDataKey, deriveReadKey, + deriveStorageIndex, deriveWriteKey, toPublicKey, ) diff --git a/test/Spec.hs b/test/Spec.hs index b576ac0..cb08caa 100644 --- a/test/Spec.hs +++ b/test/Spec.hs @@ -84,12 +84,14 @@ tests = expectedWriteKey = ("v7iymuxkc5yv2fomi3xwbjdd4e" :: T.Text) expectedReadKey = ("6ir6husgx6ubro3tbimmzskqri" :: T.Text) expectedDataKey = ("bbj67exlrkfcaqutwlgwvukbfe" :: T.Text) + expectedStorageIndex = ("cmkuloz2t6fhsh7npxxteba6sq" :: T.Text) -- Derive all the keys. (Just iv) = Keys.SDMF_IV <$> makeIV (B.replicate 16 0x42) (Just w@(Keys.Write _ derivedWriteKey)) = Keys.deriveWriteKey sigKey (Just r@(Keys.Read _ derivedReadKey)) = Keys.deriveReadKey w - (Just d@(Keys.Data _ derivedDataKey)) = Keys.deriveDataKey iv r + (Just (Keys.Data _ derivedDataKey)) = Keys.deriveDataKey iv r + (Keys.StorageIndex derivedStorageIndex) = Keys.deriveStorageIndex r -- A helper to format a key as text for convenient -- comparison to expected value. @@ -112,6 +114,10 @@ tests = "expected datakey /= derived datakey" expectedDataKey (fmtKey derivedDataKey) + assertEqual + "expected storage index /= derived storage index" + expectedStorageIndex + (T.toLower . encodeBase32Unpadded $ derivedStorageIndex) , testProperty "Share round-trips through bytes" $ property $ do share <- forAll shares diff --git a/test/expected_values.py b/test/expected_values.py index c85de97..8ad03d9 100644 --- a/test/expected_values.py +++ b/test/expected_values.py @@ -4,7 +4,11 @@ from allmydata.crypto import rsa from allmydata.mutable.common import derive_mutable_keys from allmydata.util import base32 -from allmydata.util.hashutil import ssk_readkey_hash, ssk_readkey_data_hash +from allmydata.util.hashutil import ( + ssk_readkey_hash, + ssk_readkey_data_hash, + ssk_storage_index_hash, +) # Arbitrarily select an IV. iv = b"\x42" * 16 @@ -15,11 +19,13 @@ with open("data/rsa-privkey-0.der", "rb") as f: writekey, encprivkey, fingerprint = derive_mutable_keys((pub, priv)) readkey = ssk_readkey_hash(writekey) datakey = ssk_readkey_data_hash(iv, readkey) +storage_index = ssk_storage_index_hash(readkey) print("SDMF") print("writekey: ", base32.b2a(writekey)) print("readkey: ", base32.b2a(readkey)) print("datakey: ", base32.b2a(datakey)) +print("storage index: ", base32.b2a(storage_index)) print("encrypted private key: ", base32.b2a(encprivkey)) print("signature key hash: ", base32.b2a(fingerprint)) -- GitLab