diff options
author | dec05eba <0xdec05eba@gmail.com> | 2018-04-28 10:44:11 +0200 |
---|---|---|
committer | dec05eba <0xdec05eba@gmail.com> | 2018-04-28 10:44:22 +0200 |
commit | 54d8ae4c335c21290dc41e5ba4701b3c19bba601 (patch) | |
tree | f381e10e071e1800e8e5ca69701fe25e58dbd837 /include | |
parent | 166e132873fccf62327d2190fe1d827d89a5db63 (diff) |
Add decryption (and caching) of data, even when adding encryption key after data has been added
Diffstat (limited to 'include')
-rw-r--r-- | include/odhtdb/Database.hpp | 10 | ||||
-rw-r--r-- | include/odhtdb/DatabaseOperation.hpp | 12 | ||||
-rw-r--r-- | include/odhtdb/DatabaseStorage.hpp | 53 | ||||
-rw-r--r-- | include/odhtdb/Signature.hpp | 2 | ||||
-rw-r--r-- | include/odhtdb/User.hpp | 5 |
5 files changed, 69 insertions, 13 deletions
diff --git a/include/odhtdb/Database.hpp b/include/odhtdb/Database.hpp index 9aff90e..e78bc6e 100644 --- a/include/odhtdb/Database.hpp +++ b/include/odhtdb/Database.hpp @@ -12,6 +12,7 @@ #include "DatabaseNode.hpp" #include "Encryption.hpp" #include "OwnedMemory.hpp" +#include "DatabaseOperation.hpp" #include <opendht/dhtrunner.h> #include <vector> #include <ntp/NtpClient.hpp> @@ -49,12 +50,6 @@ namespace odhtdb DatabaseAddException(const std::string &errMsg) : std::runtime_error(errMsg) {} }; - enum class DatabaseOperation : u8 - { - ADD_DATA, - ADD_USER - }; - struct DatabaseCreateNodeRequest { DISABLE_COPY(DatabaseCreateNodeRequest) @@ -133,6 +128,7 @@ namespace odhtdb class Database { + friend class DatabaseStorage; public: Database(const char *bootstrapNodeAddr, u16 port, const boost::filesystem::path &storageDir); ~Database(); @@ -142,7 +138,7 @@ namespace odhtdb std::unique_ptr<DatabaseCreateResponse> create(const std::string &ownerName, const std::string &nodeName); // Throws DatabaseCreateException on failure. std::unique_ptr<DatabaseCreateResponse> create(const std::string &ownerName, const Signature::KeyPair &keyPair, const std::string &nodeName); - // Throws DatabaseAddException on failure + // Throws PermissionDeniedException if user @userToPerformActionWith is not allowed to add data to node void addData(const DatabaseNode &nodeInfo, LocalUser *userToPerformActionWith, DataView dataToAdd); // Throws PermissionDeniedException if user @userToPerformActionWith is not allowed to add user @userToAdd to group @groupToAddUserTo void addUser(const DatabaseNode &nodeInfo, LocalUser *userToPerformActionWith, const std::string &userToAddName, const Signature::PublicKey &userToAddPublicKey, Group *groupToAddUserTo); diff --git a/include/odhtdb/DatabaseOperation.hpp b/include/odhtdb/DatabaseOperation.hpp new file mode 100644 index 0000000..369fd09 --- /dev/null +++ b/include/odhtdb/DatabaseOperation.hpp @@ -0,0 +1,12 @@ +#pragma once + +#include "types.hpp" + +namespace odhtdb +{ + enum class DatabaseOperation : u8 + { + ADD_DATA, + ADD_USER + }; +} diff --git a/include/odhtdb/DatabaseStorage.hpp b/include/odhtdb/DatabaseStorage.hpp index 34e523e..85a61eb 100644 --- a/include/odhtdb/DatabaseStorage.hpp +++ b/include/odhtdb/DatabaseStorage.hpp @@ -8,6 +8,8 @@ #include "Group.hpp" #include "LocalUser.hpp" #include "LocalUserEncrypted.hpp" +#include "OwnedMemory.hpp" +#include "DatabaseOperation.hpp" #include <vector> #include <stdexcept> #include <boost/filesystem/path.hpp> @@ -16,21 +18,42 @@ namespace odhtdb { + class Database; + + struct DatabaseStorageObjectDecrypted + { + DatabaseOperation operation; + OwnedMemory data; + }; + struct DatabaseStorageObject { + Hash requestHash; DataView data; u64 createdTimestamp; // In microseconds Signature::PublicKey creatorPublicKey; + DatabaseStorageObjectDecrypted decryptedObject; - DatabaseStorageObject(DataView &_data, u64 _timestamp, const Signature::PublicKey &_creatorPublicKey); + DatabaseStorageObject(const Hash &_requestHash, DataView &_data, u64 _timestamp, const Signature::PublicKey &_creatorPublicKey); }; struct DatabaseStorageObjectList { + Signature::PublicKey creatorPublicKey; DataView data; + u32 offsetToEncryptedData; u64 createdTimestamp; // In microseconds + std::string nodeName; + bool isDecrypted; std::vector<Group*> groups; std::vector<DatabaseStorageObject*> objects; + + DatabaseStorageObjectList(const Signature::PublicKey &_creatorPublicKey) : + creatorPublicKey(_creatorPublicKey), + isDecrypted(false) + { + + } }; struct DatabaseStorageQuarantineObject @@ -86,20 +109,24 @@ namespace odhtdb const int PASSWORD_SALT_LEN = 16; const int HASHED_PASSWORD_LEN = 32; - using NodeLocalUser = std::pair<Hash, LocalUser*>; + struct NodeLocalUser + { + Hash nodeHash; + LocalUser *localUser; + }; class DatabaseStorage { public: // Throws DatabaseStorageCorrupt if storage is corrupted - DatabaseStorage(const boost::filesystem::path &storagePath); + DatabaseStorage(Database *database, const boost::filesystem::path &storagePath); // Throws DatabaseStorageAlreadyExists if data with hash already exists - void createStorage(const Hash &hash, Group *creatorGroup, u64 timestamp, const u8 *data, usize dataSize); + void createStorage(const Hash &hash, Group *creatorGroup, u64 timestamp, const u8 *data, usize dataSize, u32 offsetToEncryptedData); // Throws DatabaseStorageNotFound if data with @nodeHash hash has not been created yet. // Throws DatabaseStorageAlreadyExists if same data has been added before (hash of @data, in @dataHash) - void appendStorage(const Hash &nodeHash, const Hash &dataHash, const User *creatorUser, u64 timestamp, const u8 *data, usize dataSize); + void appendStorage(const Hash &nodeHash, const Hash &dataHash, DatabaseOperation operation, const User *creatorUser, u64 timestamp, const u8 *data, usize dataSize, const DataView &encryptedDataView); // Throws DatabaseStorageAlreadyExists if same data has been added before (hash of @data, in @dataHash) void addToQuarantine(const Hash &dataHash, const Signature::PublicKey &creatorPublicKey, u64 timestamp, const u8 *data, usize dataSize); @@ -132,6 +159,8 @@ namespace odhtdb // Safe to call multiple times. std::vector<NodeLocalUser> getLocalNodeUsers(const Signature::KeyPair &keyPair); + void setNodeDecryptionKey(const Hash &nodeHash, const DataView &decryptionKey); + const dht::crypto::Identity& getIdentity() const; // Update storage state (remove quarantine objects if they are too old, etc) @@ -141,21 +170,33 @@ namespace odhtdb void loadUsersFromFile(); void loadDataFromFile(); void loadLocalUsersFromFile(); + void loadNodeDecryptionKeysFromFile(); + void loadDecryptedDataFromFile(); void loadMetadataFromFile(); void loadStorageCreate(sibs::SafeDeserializer &deserializer); void loadStorageAppend(sibs::SafeDeserializer &deserializer); + void loadDecryptedStorageCreate(sibs::SafeDeserializer &deserializer); + void loadDecryptedStorageAddData(sibs::SafeDeserializer &deserializer); + void loadDecryptedStorageAddUser(sibs::SafeDeserializer &deserializer); + + bool decryptNodeData(const Hash &nodeHash, DatabaseStorageObjectList *databaseCreateObject, const std::shared_ptr<OwnedMemory> decryptionKey); + bool decryptNodeAppendedData(const Hash &nodeHash, DatabaseStorageObject *databaseAppendObject, const std::shared_ptr<OwnedMemory> decryptionKey); private: + Database *database; DatabaseStorageMap storageMap; DatabaseStorageQuarantineMap quarantineStorageMap; - SetHash storedDataHash; // Prevent duplicate data from being added + MapHash<DatabaseStorageObject*> storedDataHash; // Prevent duplicate data from being added MapHash<Signature::MapPublicKey<User*>*> nodePublicKeyUserDataMap; MapHash<DataViewMap<Group*>*> nodeGroupByIdMap; + MapHash<std::shared_ptr<OwnedMemory>> nodeDecryptionKeyMap; std::unordered_map<std::string, LocalUserEncrypted*> nameLocalUsersMap; boost::filesystem::path groupsFilePath; boost::filesystem::path usersFilePath; boost::filesystem::path dataFilePath; boost::filesystem::path metadataFilePath; boost::filesystem::path localUsersFilePath; + boost::filesystem::path nodeDecryptionKeysFilePath; + boost::filesystem::path decryptedDataFilePath; u8 passwordSalt[PASSWORD_SALT_LEN]; std::pair<std::shared_ptr<dht::crypto::PrivateKey>, std::shared_ptr<dht::crypto::Certificate>> identity; }; diff --git a/include/odhtdb/Signature.hpp b/include/odhtdb/Signature.hpp index db434ac..270b099 100644 --- a/include/odhtdb/Signature.hpp +++ b/include/odhtdb/Signature.hpp @@ -121,6 +121,8 @@ namespace odhtdb // Create a key pair from existing public and private key KeyPair(const PublicKey &publicKey, const PrivateKey &privateKey); + KeyPair(const KeyPair &other); + const PublicKey& getPublicKey() const { return publicKey; } const PrivateKey& getPrivateKey() const { return privateKey; } private: diff --git a/include/odhtdb/User.hpp b/include/odhtdb/User.hpp index beb8974..4d6d9b3 100644 --- a/include/odhtdb/User.hpp +++ b/include/odhtdb/User.hpp @@ -2,6 +2,7 @@ #include "Signature.hpp" #include "types.hpp" +#include "Permission.hpp" #include <string> #include <stdexcept> #include <vector> @@ -9,6 +10,7 @@ namespace odhtdb { class Group; + class DatabaseStorage; class UserNameTooLongException : public std::runtime_error { @@ -22,6 +24,7 @@ namespace odhtdb class User { + friend class DatabaseStorage; public: enum class Type : u8 { @@ -37,6 +40,8 @@ namespace odhtdb const std::string& getName() const { return name; } virtual const std::vector<Group*>& getGroups() const { return groups; } virtual const Signature::PublicKey& getPublicKey() const = 0; + + virtual bool isAllowedToPerformAction(PermissionType action) const; protected: User(Type type, const std::string &name, Group *group); protected: |