aboutsummaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authordec05eba <0xdec05eba@gmail.com>2018-04-28 10:44:11 +0200
committerdec05eba <0xdec05eba@gmail.com>2018-04-28 10:44:22 +0200
commit54d8ae4c335c21290dc41e5ba4701b3c19bba601 (patch)
treef381e10e071e1800e8e5ca69701fe25e58dbd837 /include
parent166e132873fccf62327d2190fe1d827d89a5db63 (diff)
Add decryption (and caching) of data, even when adding encryption key after data has been added
Diffstat (limited to 'include')
-rw-r--r--include/odhtdb/Database.hpp10
-rw-r--r--include/odhtdb/DatabaseOperation.hpp12
-rw-r--r--include/odhtdb/DatabaseStorage.hpp53
-rw-r--r--include/odhtdb/Signature.hpp2
-rw-r--r--include/odhtdb/User.hpp5
5 files changed, 69 insertions, 13 deletions
diff --git a/include/odhtdb/Database.hpp b/include/odhtdb/Database.hpp
index 9aff90e..e78bc6e 100644
--- a/include/odhtdb/Database.hpp
+++ b/include/odhtdb/Database.hpp
@@ -12,6 +12,7 @@
#include "DatabaseNode.hpp"
#include "Encryption.hpp"
#include "OwnedMemory.hpp"
+#include "DatabaseOperation.hpp"
#include <opendht/dhtrunner.h>
#include <vector>
#include <ntp/NtpClient.hpp>
@@ -49,12 +50,6 @@ namespace odhtdb
DatabaseAddException(const std::string &errMsg) : std::runtime_error(errMsg) {}
};
- enum class DatabaseOperation : u8
- {
- ADD_DATA,
- ADD_USER
- };
-
struct DatabaseCreateNodeRequest
{
DISABLE_COPY(DatabaseCreateNodeRequest)
@@ -133,6 +128,7 @@ namespace odhtdb
class Database
{
+ friend class DatabaseStorage;
public:
Database(const char *bootstrapNodeAddr, u16 port, const boost::filesystem::path &storageDir);
~Database();
@@ -142,7 +138,7 @@ namespace odhtdb
std::unique_ptr<DatabaseCreateResponse> create(const std::string &ownerName, const std::string &nodeName);
// Throws DatabaseCreateException on failure.
std::unique_ptr<DatabaseCreateResponse> create(const std::string &ownerName, const Signature::KeyPair &keyPair, const std::string &nodeName);
- // Throws DatabaseAddException on failure
+ // Throws PermissionDeniedException if user @userToPerformActionWith is not allowed to add data to node
void addData(const DatabaseNode &nodeInfo, LocalUser *userToPerformActionWith, DataView dataToAdd);
// Throws PermissionDeniedException if user @userToPerformActionWith is not allowed to add user @userToAdd to group @groupToAddUserTo
void addUser(const DatabaseNode &nodeInfo, LocalUser *userToPerformActionWith, const std::string &userToAddName, const Signature::PublicKey &userToAddPublicKey, Group *groupToAddUserTo);
diff --git a/include/odhtdb/DatabaseOperation.hpp b/include/odhtdb/DatabaseOperation.hpp
new file mode 100644
index 0000000..369fd09
--- /dev/null
+++ b/include/odhtdb/DatabaseOperation.hpp
@@ -0,0 +1,12 @@
+#pragma once
+
+#include "types.hpp"
+
+namespace odhtdb
+{
+ enum class DatabaseOperation : u8
+ {
+ ADD_DATA,
+ ADD_USER
+ };
+}
diff --git a/include/odhtdb/DatabaseStorage.hpp b/include/odhtdb/DatabaseStorage.hpp
index 34e523e..85a61eb 100644
--- a/include/odhtdb/DatabaseStorage.hpp
+++ b/include/odhtdb/DatabaseStorage.hpp
@@ -8,6 +8,8 @@
#include "Group.hpp"
#include "LocalUser.hpp"
#include "LocalUserEncrypted.hpp"
+#include "OwnedMemory.hpp"
+#include "DatabaseOperation.hpp"
#include <vector>
#include <stdexcept>
#include <boost/filesystem/path.hpp>
@@ -16,21 +18,42 @@
namespace odhtdb
{
+ class Database;
+
+ struct DatabaseStorageObjectDecrypted
+ {
+ DatabaseOperation operation;
+ OwnedMemory data;
+ };
+
struct DatabaseStorageObject
{
+ Hash requestHash;
DataView data;
u64 createdTimestamp; // In microseconds
Signature::PublicKey creatorPublicKey;
+ DatabaseStorageObjectDecrypted decryptedObject;
- DatabaseStorageObject(DataView &_data, u64 _timestamp, const Signature::PublicKey &_creatorPublicKey);
+ DatabaseStorageObject(const Hash &_requestHash, DataView &_data, u64 _timestamp, const Signature::PublicKey &_creatorPublicKey);
};
struct DatabaseStorageObjectList
{
+ Signature::PublicKey creatorPublicKey;
DataView data;
+ u32 offsetToEncryptedData;
u64 createdTimestamp; // In microseconds
+ std::string nodeName;
+ bool isDecrypted;
std::vector<Group*> groups;
std::vector<DatabaseStorageObject*> objects;
+
+ DatabaseStorageObjectList(const Signature::PublicKey &_creatorPublicKey) :
+ creatorPublicKey(_creatorPublicKey),
+ isDecrypted(false)
+ {
+
+ }
};
struct DatabaseStorageQuarantineObject
@@ -86,20 +109,24 @@ namespace odhtdb
const int PASSWORD_SALT_LEN = 16;
const int HASHED_PASSWORD_LEN = 32;
- using NodeLocalUser = std::pair<Hash, LocalUser*>;
+ struct NodeLocalUser
+ {
+ Hash nodeHash;
+ LocalUser *localUser;
+ };
class DatabaseStorage
{
public:
// Throws DatabaseStorageCorrupt if storage is corrupted
- DatabaseStorage(const boost::filesystem::path &storagePath);
+ DatabaseStorage(Database *database, const boost::filesystem::path &storagePath);
// Throws DatabaseStorageAlreadyExists if data with hash already exists
- void createStorage(const Hash &hash, Group *creatorGroup, u64 timestamp, const u8 *data, usize dataSize);
+ void createStorage(const Hash &hash, Group *creatorGroup, u64 timestamp, const u8 *data, usize dataSize, u32 offsetToEncryptedData);
// Throws DatabaseStorageNotFound if data with @nodeHash hash has not been created yet.
// Throws DatabaseStorageAlreadyExists if same data has been added before (hash of @data, in @dataHash)
- void appendStorage(const Hash &nodeHash, const Hash &dataHash, const User *creatorUser, u64 timestamp, const u8 *data, usize dataSize);
+ void appendStorage(const Hash &nodeHash, const Hash &dataHash, DatabaseOperation operation, const User *creatorUser, u64 timestamp, const u8 *data, usize dataSize, const DataView &encryptedDataView);
// Throws DatabaseStorageAlreadyExists if same data has been added before (hash of @data, in @dataHash)
void addToQuarantine(const Hash &dataHash, const Signature::PublicKey &creatorPublicKey, u64 timestamp, const u8 *data, usize dataSize);
@@ -132,6 +159,8 @@ namespace odhtdb
// Safe to call multiple times.
std::vector<NodeLocalUser> getLocalNodeUsers(const Signature::KeyPair &keyPair);
+ void setNodeDecryptionKey(const Hash &nodeHash, const DataView &decryptionKey);
+
const dht::crypto::Identity& getIdentity() const;
// Update storage state (remove quarantine objects if they are too old, etc)
@@ -141,21 +170,33 @@ namespace odhtdb
void loadUsersFromFile();
void loadDataFromFile();
void loadLocalUsersFromFile();
+ void loadNodeDecryptionKeysFromFile();
+ void loadDecryptedDataFromFile();
void loadMetadataFromFile();
void loadStorageCreate(sibs::SafeDeserializer &deserializer);
void loadStorageAppend(sibs::SafeDeserializer &deserializer);
+ void loadDecryptedStorageCreate(sibs::SafeDeserializer &deserializer);
+ void loadDecryptedStorageAddData(sibs::SafeDeserializer &deserializer);
+ void loadDecryptedStorageAddUser(sibs::SafeDeserializer &deserializer);
+
+ bool decryptNodeData(const Hash &nodeHash, DatabaseStorageObjectList *databaseCreateObject, const std::shared_ptr<OwnedMemory> decryptionKey);
+ bool decryptNodeAppendedData(const Hash &nodeHash, DatabaseStorageObject *databaseAppendObject, const std::shared_ptr<OwnedMemory> decryptionKey);
private:
+ Database *database;
DatabaseStorageMap storageMap;
DatabaseStorageQuarantineMap quarantineStorageMap;
- SetHash storedDataHash; // Prevent duplicate data from being added
+ MapHash<DatabaseStorageObject*> storedDataHash; // Prevent duplicate data from being added
MapHash<Signature::MapPublicKey<User*>*> nodePublicKeyUserDataMap;
MapHash<DataViewMap<Group*>*> nodeGroupByIdMap;
+ MapHash<std::shared_ptr<OwnedMemory>> nodeDecryptionKeyMap;
std::unordered_map<std::string, LocalUserEncrypted*> nameLocalUsersMap;
boost::filesystem::path groupsFilePath;
boost::filesystem::path usersFilePath;
boost::filesystem::path dataFilePath;
boost::filesystem::path metadataFilePath;
boost::filesystem::path localUsersFilePath;
+ boost::filesystem::path nodeDecryptionKeysFilePath;
+ boost::filesystem::path decryptedDataFilePath;
u8 passwordSalt[PASSWORD_SALT_LEN];
std::pair<std::shared_ptr<dht::crypto::PrivateKey>, std::shared_ptr<dht::crypto::Certificate>> identity;
};
diff --git a/include/odhtdb/Signature.hpp b/include/odhtdb/Signature.hpp
index db434ac..270b099 100644
--- a/include/odhtdb/Signature.hpp
+++ b/include/odhtdb/Signature.hpp
@@ -121,6 +121,8 @@ namespace odhtdb
// Create a key pair from existing public and private key
KeyPair(const PublicKey &publicKey, const PrivateKey &privateKey);
+ KeyPair(const KeyPair &other);
+
const PublicKey& getPublicKey() const { return publicKey; }
const PrivateKey& getPrivateKey() const { return privateKey; }
private:
diff --git a/include/odhtdb/User.hpp b/include/odhtdb/User.hpp
index beb8974..4d6d9b3 100644
--- a/include/odhtdb/User.hpp
+++ b/include/odhtdb/User.hpp
@@ -2,6 +2,7 @@
#include "Signature.hpp"
#include "types.hpp"
+#include "Permission.hpp"
#include <string>
#include <stdexcept>
#include <vector>
@@ -9,6 +10,7 @@
namespace odhtdb
{
class Group;
+ class DatabaseStorage;
class UserNameTooLongException : public std::runtime_error
{
@@ -22,6 +24,7 @@ namespace odhtdb
class User
{
+ friend class DatabaseStorage;
public:
enum class Type : u8
{
@@ -37,6 +40,8 @@ namespace odhtdb
const std::string& getName() const { return name; }
virtual const std::vector<Group*>& getGroups() const { return groups; }
virtual const Signature::PublicKey& getPublicKey() const = 0;
+
+ virtual bool isAllowedToPerformAction(PermissionType action) const;
protected:
User(Type type, const std::string &name, Group *group);
protected: