Add decryption (and caching) of data, even when adding encryption key after data has been added

5 files changed, 69 insertions, 13 deletions

diff --git a/include/odhtdb/Database.hpp b/include/odhtdb/Database.hpp
index 9aff90e..e78bc6e 100644
--- a/include/odhtdb/Database.hpp
+++ b/include/odhtdb/Database.hpp
@@ -12,6 +12,7 @@
 #include "DatabaseNode.hpp"
 #include "Encryption.hpp"
 #include "OwnedMemory.hpp"
+#include "DatabaseOperation.hpp"
 #include <opendht/dhtrunner.h>
 #include <vector>
 #include <ntp/NtpClient.hpp>
@@ -49,12 +50,6 @@ namespace odhtdb
         DatabaseAddException(const std::string &errMsg) : std::runtime_error(errMsg) {}
     };
     
-    enum class DatabaseOperation : u8
-    {
-        ADD_DATA,
-        ADD_USER
-    };
-    
     struct DatabaseCreateNodeRequest
     {
         DISABLE_COPY(DatabaseCreateNodeRequest)
@@ -133,6 +128,7 @@ namespace odhtdb
 
     class Database
     {
+        friend class DatabaseStorage;
     public:
         Database(const char *bootstrapNodeAddr, u16 port, const boost::filesystem::path &storageDir);
         ~Database();
@@ -142,7 +138,7 @@ namespace odhtdb
         std::unique_ptr<DatabaseCreateResponse> create(const std::string &ownerName, const std::string &nodeName);
         // Throws DatabaseCreateException on failure.
         std::unique_ptr<DatabaseCreateResponse> create(const std::string &ownerName, const Signature::KeyPair &keyPair, const std::string &nodeName);
-        // Throws DatabaseAddException on failure
+        // Throws PermissionDeniedException if user @userToPerformActionWith is not allowed to add data to node
         void addData(const DatabaseNode &nodeInfo, LocalUser *userToPerformActionWith, DataView dataToAdd);
         // Throws PermissionDeniedException if user @userToPerformActionWith is not allowed to add user @userToAdd to group @groupToAddUserTo
         void addUser(const DatabaseNode &nodeInfo, LocalUser *userToPerformActionWith, const std::string &userToAddName, const Signature::PublicKey &userToAddPublicKey, Group *groupToAddUserTo);
diff --git a/include/odhtdb/DatabaseOperation.hpp b/include/odhtdb/DatabaseOperation.hpp
new file mode 100644
index 0000000..369fd09
--- /dev/null
+++ b/include/odhtdb/DatabaseOperation.hpp
@@ -0,0 +1,12 @@
+#pragma once
+
+#include "types.hpp"
+
+namespace odhtdb
+{
+    enum class DatabaseOperation : u8
+    {
+        ADD_DATA,
+        ADD_USER
+    };
+}
diff --git a/include/odhtdb/DatabaseStorage.hpp b/include/odhtdb/DatabaseStorage.hpp
index 34e523e..85a61eb 100644
--- a/include/odhtdb/DatabaseStorage.hpp
+++ b/include/odhtdb/DatabaseStorage.hpp
@@ -8,6 +8,8 @@
 #include "Group.hpp"
 #include "LocalUser.hpp"
 #include "LocalUserEncrypted.hpp"
+#include "OwnedMemory.hpp"
+#include "DatabaseOperation.hpp"
 #include <vector>
 #include <stdexcept>
 #include <boost/filesystem/path.hpp>
@@ -16,21 +18,42 @@
 
 namespace odhtdb
 {
+    class Database;
+    
+    struct DatabaseStorageObjectDecrypted
+    {
+        DatabaseOperation operation;
+        OwnedMemory data;
+    };
+    
     struct DatabaseStorageObject
     {
+        Hash requestHash;
         DataView data;
         u64 createdTimestamp; // In microseconds
         Signature::PublicKey creatorPublicKey;
+        DatabaseStorageObjectDecrypted decryptedObject;
         
-        DatabaseStorageObject(DataView &_data, u64 _timestamp, const Signature::PublicKey &_creatorPublicKey);
+        DatabaseStorageObject(const Hash &_requestHash, DataView &_data, u64 _timestamp, const Signature::PublicKey &_creatorPublicKey);
     };
     
     struct DatabaseStorageObjectList
     {
+        Signature::PublicKey creatorPublicKey;
         DataView data;
+        u32 offsetToEncryptedData;
         u64 createdTimestamp; // In microseconds
+        std::string nodeName;
+        bool isDecrypted;
         std::vector<Group*> groups;
         std::vector<DatabaseStorageObject*> objects;
+        
+        DatabaseStorageObjectList(const Signature::PublicKey &_creatorPublicKey) : 
+            creatorPublicKey(_creatorPublicKey),
+            isDecrypted(false)
+        {
+            
+        }
     };
     
     struct DatabaseStorageQuarantineObject
@@ -86,20 +109,24 @@ namespace odhtdb
     const int PASSWORD_SALT_LEN = 16;
     const int HASHED_PASSWORD_LEN = 32;
     
-    using NodeLocalUser = std::pair<Hash, LocalUser*>;
+    struct NodeLocalUser
+    {
+        Hash nodeHash;
+        LocalUser *localUser;
+    };
     
     class DatabaseStorage
     {
     public:
         // Throws DatabaseStorageCorrupt if storage is corrupted
-        DatabaseStorage(const boost::filesystem::path &storagePath);
+        DatabaseStorage(Database *database, const boost::filesystem::path &storagePath);
         
         // Throws DatabaseStorageAlreadyExists if data with hash already exists
-        void createStorage(const Hash &hash, Group *creatorGroup, u64 timestamp, const u8 *data, usize dataSize);
+        void createStorage(const Hash &hash, Group *creatorGroup, u64 timestamp, const u8 *data, usize dataSize, u32 offsetToEncryptedData);
         
         // Throws DatabaseStorageNotFound if data with @nodeHash hash has not been created yet.
         // Throws DatabaseStorageAlreadyExists if same data has been added before (hash of @data, in @dataHash)
-        void appendStorage(const Hash &nodeHash, const Hash &dataHash, const User *creatorUser, u64 timestamp, const u8 *data, usize dataSize);
+        void appendStorage(const Hash &nodeHash, const Hash &dataHash, DatabaseOperation operation, const User *creatorUser, u64 timestamp, const u8 *data, usize dataSize, const DataView &encryptedDataView);
         
         // Throws DatabaseStorageAlreadyExists if same data has been added before (hash of @data, in @dataHash)
         void addToQuarantine(const Hash &dataHash, const Signature::PublicKey &creatorPublicKey, u64 timestamp, const u8 *data, usize dataSize);
@@ -132,6 +159,8 @@ namespace odhtdb
         // Safe to call multiple times.
         std::vector<NodeLocalUser> getLocalNodeUsers(const Signature::KeyPair &keyPair);
         
+        void setNodeDecryptionKey(const Hash &nodeHash, const DataView &decryptionKey);
+        
         const dht::crypto::Identity& getIdentity() const;
         
         // Update storage state (remove quarantine objects if they are too old, etc)
@@ -141,21 +170,33 @@ namespace odhtdb
         void loadUsersFromFile();
         void loadDataFromFile();
         void loadLocalUsersFromFile();
+        void loadNodeDecryptionKeysFromFile();
+        void loadDecryptedDataFromFile();
         void loadMetadataFromFile();
         void loadStorageCreate(sibs::SafeDeserializer &deserializer);
         void loadStorageAppend(sibs::SafeDeserializer &deserializer);
+        void loadDecryptedStorageCreate(sibs::SafeDeserializer &deserializer);
+        void loadDecryptedStorageAddData(sibs::SafeDeserializer &deserializer);
+        void loadDecryptedStorageAddUser(sibs::SafeDeserializer &deserializer);
+        
+        bool decryptNodeData(const Hash &nodeHash, DatabaseStorageObjectList *databaseCreateObject, const std::shared_ptr<OwnedMemory> decryptionKey);
+        bool decryptNodeAppendedData(const Hash &nodeHash, DatabaseStorageObject *databaseAppendObject, const std::shared_ptr<OwnedMemory> decryptionKey);
     private:
+        Database *database;
         DatabaseStorageMap storageMap;
         DatabaseStorageQuarantineMap quarantineStorageMap;
-        SetHash storedDataHash; // Prevent duplicate data from being added
+        MapHash<DatabaseStorageObject*> storedDataHash; // Prevent duplicate data from being added
         MapHash<Signature::MapPublicKey<User*>*> nodePublicKeyUserDataMap;
         MapHash<DataViewMap<Group*>*> nodeGroupByIdMap;
+        MapHash<std::shared_ptr<OwnedMemory>> nodeDecryptionKeyMap;
         std::unordered_map<std::string, LocalUserEncrypted*> nameLocalUsersMap;
         boost::filesystem::path groupsFilePath;
         boost::filesystem::path usersFilePath;
         boost::filesystem::path dataFilePath;
         boost::filesystem::path metadataFilePath;
         boost::filesystem::path localUsersFilePath;
+        boost::filesystem::path nodeDecryptionKeysFilePath;
+        boost::filesystem::path decryptedDataFilePath;
         u8 passwordSalt[PASSWORD_SALT_LEN];
         std::pair<std::shared_ptr<dht::crypto::PrivateKey>, std::shared_ptr<dht::crypto::Certificate>> identity;
     };
diff --git a/include/odhtdb/Signature.hpp b/include/odhtdb/Signature.hpp
index db434ac..270b099 100644
--- a/include/odhtdb/Signature.hpp
+++ b/include/odhtdb/Signature.hpp
@@ -121,6 +121,8 @@ namespace odhtdb
             // Create a key pair from existing public and private key
             KeyPair(const PublicKey &publicKey, const PrivateKey &privateKey);
             
+            KeyPair(const KeyPair &other);
+            
             const PublicKey& getPublicKey() const { return publicKey; }
             const PrivateKey& getPrivateKey() const { return privateKey; }
         private:
diff --git a/include/odhtdb/User.hpp b/include/odhtdb/User.hpp
index beb8974..4d6d9b3 100644
--- a/include/odhtdb/User.hpp
+++ b/include/odhtdb/User.hpp
@@ -2,6 +2,7 @@
 
 #include "Signature.hpp"
 #include "types.hpp"
+#include "Permission.hpp"
 #include <string>
 #include <stdexcept>
 #include <vector>
@@ -9,6 +10,7 @@
 namespace odhtdb
 {
     class Group;
+    class DatabaseStorage;
     
     class UserNameTooLongException : public std::runtime_error
     {
@@ -22,6 +24,7 @@ namespace odhtdb
 
     class User
     {
+        friend class DatabaseStorage;
     public:
         enum class Type : u8
         {
@@ -37,6 +40,8 @@ namespace odhtdb
         const std::string& getName() const { return name; }
         virtual const std::vector<Group*>& getGroups() const { return groups; }
         virtual const Signature::PublicKey& getPublicKey() const = 0;
+        
+        virtual bool isAllowedToPerformAction(PermissionType action) const;
     protected:
         User(Type type, const std::string &name, Group *group);
     protected: