Share Leases

A lease is a marker attached to a share indicating that some client has asked for that share to be retained for some amount of time. The intent is to allow clients and servers to collaborate to determine which data should still be retained and which can be discarded to reclaim storage space. Zero or more leases may be attached to any particular share.

Renewal Secrets

Each lease is uniquely identified by its renewal secret. This is a 32 byte string which can be used to extend the validity period of that lease.

To a storage server a renewal secret is an opaque value which is only ever compared to other renewal secrets to determine equality.

Storage clients will typically want to follow a scheme to deterministically derive the renewal secret for a particular share from information the client already holds about that share. This allows a client to maintain and renew single long-lived lease without maintaining additional local state.

The scheme in use in Tahoe-LAFS as of 1.16.0 is as follows.

  • The netstring encoding of a byte string is the concatenation of:

    • the ascii encoding of the base 10 representation of the length of the string

    • ":"

    • the string itself

    • ","

  • The sha256d digest is the sha256 digest of the sha256 digest of a string.

  • The sha256d tagged digest is the sha256d digest of the concatenation of the netstring encoding of one string with one other unmodified string.

  • The sha256d tagged pair digest the sha256d digest of the concatenation of the netstring encodings of each of three strings.

  • The bucket renewal tag is "allmydata_bucket_renewal_secret_v1".

  • The file renewal tag is "allmydata_file_renewal_secret_v1".

  • The client renewal tag is "allmydata_client_renewal_secret_v1".

  • The lease secret is a 32 byte string, typically randomly generated once and then persisted for all future uses.

  • The client renewal secret is the sha256d tagged digest of (lease secret, client renewal tag).

  • The storage index is constructed using a capability-type-specific scheme. See storage_index_hash and ssk_storage_index_hash calls in src/allmydata/

  • The file renewal secret is the sha256d tagged pair digest of (file renewal tag, client renewal secret, storage index).

  • The base32 encoding is base64.b32encode lowercased and with trailing = stripped.

  • The peer id is the base32 encoding of the SHA1 digest of the server’s x509 certificate.

  • The renewal secret is the sha256d tagged pair digest of (bucket renewal tag, file renewal secret, peer id).

A reference implementation is available.

 3This is a reference implementation of the lease renewal secret derivation
 4protocol in use by Tahoe-LAFS clients as of 1.16.0.
 7from allmydata.util.base32 import (
 8    a2b as b32decode,
 9    b2a as b32encode,
11from allmydata.util.hashutil import (
12    tagged_hash,
13    tagged_pair_hash,
17def derive_renewal_secret(lease_secret: bytes, storage_index: bytes, tubid: bytes) -> bytes:
18    assert len(lease_secret) == 32
19    assert len(storage_index) == 16
20    assert len(tubid) == 20
22    bucket_renewal_tag = b"allmydata_bucket_renewal_secret_v1"
23    file_renewal_tag = b"allmydata_file_renewal_secret_v1"
24    client_renewal_tag = b"allmydata_client_renewal_secret_v1"
26    client_renewal_secret = tagged_hash(lease_secret, client_renewal_tag)
27    file_renewal_secret = tagged_pair_hash(
28        file_renewal_tag,
29        client_renewal_secret,
30        storage_index,
31    )
32    peer_id = tubid
34    return tagged_pair_hash(bucket_renewal_tag, file_renewal_secret, peer_id)
36def demo():
37    secret = b32encode(derive_renewal_secret(
38        b"lease secretxxxxxxxxxxxxxxxxxxxx",
39        b"storage indexxxx",
40        b"tub idxxxxxxxxxxxxxx",
41    )).decode("ascii")
42    print("An example renewal secret: {}".format(secret))
44def test():
45    # These test vectors created by intrumenting Tahoe-LAFS
46    # bb57fcfb50d4e01bbc4de2e23dbbf7a60c004031 to emit `self.renew_secret` in
47    # allmydata.immutable.upload.ServerTracker.query and then uploading a
48    # couple files to a couple different storage servers.
49    test_vector = [
50        dict(lease_secret=b"boity2cdh7jvl3ltaeebuiobbspjmbuopnwbde2yeh4k6x7jioga",
51             storage_index=b"vrttmwlicrzbt7gh5qsooogr7u",
52             tubid=b"v67jiisoty6ooyxlql5fuucitqiok2ic",
53             expected=b"osd6wmc5vz4g3ukg64sitmzlfiaaordutrez7oxdp5kkze7zp5zq",
54        ),
55        dict(lease_secret=b"boity2cdh7jvl3ltaeebuiobbspjmbuopnwbde2yeh4k6x7jioga",
56             storage_index=b"75gmmfts772ww4beiewc234o5e",
57             tubid=b"v67jiisoty6ooyxlql5fuucitqiok2ic",
58             expected=b"35itmusj7qm2pfimh62snbyxp3imreofhx4djr7i2fweta75szda",
59        ),
60        dict(lease_secret=b"boity2cdh7jvl3ltaeebuiobbspjmbuopnwbde2yeh4k6x7jioga",
61             storage_index=b"75gmmfts772ww4beiewc234o5e",
62             tubid=b"lh5fhobkjrmkqjmkxhy3yaonoociggpz",
63             expected=b"srrlruge47ws3lm53vgdxprgqb6bz7cdblnuovdgtfkqrygrjm4q",
64        ),
65        dict(lease_secret=b"vacviff4xfqxsbp64tdr3frg3xnkcsuwt5jpyat2qxcm44bwu75a",
66             storage_index=b"75gmmfts772ww4beiewc234o5e",
67             tubid=b"lh5fhobkjrmkqjmkxhy3yaonoociggpz",
68             expected=b"b4jledjiqjqekbm2erekzqumqzblegxi23i5ojva7g7xmqqnl5pq",
69        ),
70    ]
72    for n, item in enumerate(test_vector):
73        derived = b32encode(derive_renewal_secret(
74            b32decode(item["lease_secret"]),
75            b32decode(item["storage_index"]),
76            b32decode(item["tubid"]),
77        ))
78        assert derived == item["expected"] , \
79            "Test vector {} failed: {} (expected) != {} (derived)".format(
80                n,
81                item["expected"],
82                derived,
83            )
84    print("{} test vectors validated".format(len(test_vector)))

Cancel Secrets

Lease cancellation is unimplemented. Nevertheless, a cancel secret is sent by storage clients to storage servers and stored in lease records.

The scheme for deriving cancel secret in use in Tahoe-LAFS as of 1.16.0 is similar to that used to derive the renewal secret.

The differences are:

  • Use of client renewal tag is replaced by use of client cancel tag.

  • Use of file renewal secret is replaced by use of file cancel tag.

  • Use of bucket renewal tag is replaced by use of bucket cancel tag.

  • client cancel tag is "allmydata_client_cancel_secret_v1".

  • file cancel tag is "allmydata_file_cancel_secret_v1".

  • bucket cancel tag is "allmydata_bucket_cancel_secret_v1".