Add MAC authentication to encrypted docs.

* Fix review comments:
    * Use of literal string instead of self.STORAGE_SECRETS_KEY
    * Add mac_method param to mac_doc()
    * Verify mac_method in mac_doc() and raise in there if unknown method
* Use different parts of storage_secret for generating doc passphrase and mac key.
* Add changes file.

1 files changed, 5 insertions, 2 deletions

diff --git a/src/leap/soledad/__init__.py b/src/leap/soledad/__init__.py
index 70ff146d..e3313ffe 100644
--- a/src/leap/soledad/__init__.py
+++ b/src/leap/soledad/__init__.py
@@ -373,7 +373,6 @@ class Soledad(object):
         This method will also replace the secret in the crypto object.
         """
         self._secret_id = secret_id
-        self._crypto.secret = self._get_storage_secret()
 
     def _load_secrets(self):
         """
@@ -942,7 +941,7 @@ class Soledad(object):
         # set uuid
         self._uuid = data[self.UUID_KEY]
         # choose first secret to use
-        self._set_secret_id(self._secrets.items()[0][0])
+        self._set_secret_id(data[self.STORAGE_SECRETS_KEY].items()[0][0])
 
     #
     # Setters/getters
@@ -974,6 +973,10 @@ class Soledad(object):
         _get_server_url,
         doc='The URL of the Soledad server.')
 
+    storage_secret = property(
+        _get_storage_secret,
+        doc='The secret used for symmetric encryption.')
+
 
 #-----------------------------------------------------------------------------
 # Monkey patching u1db to be able to provide a custom SSL cert