Increase storage secret size and use half of it to get the local storage passphrase.

author: drebs <drebs@leap.se> 2013-05-21 17:02:54 -0300
committer: drebs <drebs@leap.se> 2013-05-21 17:43:22 -0300
commit: b86442d9ae23b91e81bcfa2d82ed90638f849578 (patch)
tree: 05811108f78caf96c1ed52b15c10b429452f7ef5 /src/leap/soledad/crypto.py
parent: e048f0e7e6a56e289188b02e1205fbb025cb38a6 (diff)
1 files changed, 7 insertions, 4 deletions
diff --git a/src/leap/soledad/crypto.py b/src/leap/soledad/crypto.py
index 0a459293..e020eee6 100644
--- a/src/leap/soledad/crypto.py
+++ b/src/leap/soledad/crypto.py
@@ -95,9 +95,10 @@ class SoledadCrypto(object):
         Generate a passphrase for symmetric encryption of document's contents.
 
         The password is derived using HMAC having sha256 as underlying hash
-        function. The key used for HMAC is Soledad's storage secret stripped
-        from the first MAC_KEY_LENGTH characters. The HMAC message is
-        C{doc_id}.
+        function. The key used for HMAC are the first
+        C{soledad.REMOTE_STORAGE_SECRET_KENGTH} bytes of Soledad's storage
+        secret stripped from the first MAC_KEY_LENGTH characters. The HMAC
+        message is C{doc_id}.
 
         @param doc_id: The id of the document that will be encrypted using
             this passphrase.
@@ -111,7 +112,9 @@ class SoledadCrypto(object):
         if self.secret is None:
             raise NoSymmetricSecret()
         return hmac.new(
-            self.secret[self.MAC_KEY_LENGTH:],
+            self.secret[
+                self.MAC_KEY_LENGTH:
+                self._soledad.REMOTE_STORAGE_SECRET_LENGTH],
             doc_id,
             hashlib.sha256).digest()
author	drebs <drebs@leap.se>	2013-05-21 17:02:54 -0300
committer	drebs <drebs@leap.se>	2013-05-21 17:43:22 -0300
commit	b86442d9ae23b91e81bcfa2d82ed90638f849578 (patch)
tree	05811108f78caf96c1ed52b15c10b429452f7ef5 /src/leap/soledad/crypto.py
parent	e048f0e7e6a56e289188b02e1205fbb025cb38a6 (diff)