#include "../include/odhtdb/Database.hpp" #include "../include/odhtdb/Group.hpp" #include "../include/odhtdb/LocalUser.hpp" #include "../include/odhtdb/RemoteUser.hpp" #include "../include/odhtdb/Encryption.hpp" #include "../include/odhtdb/DhtKey.hpp" #include "../include/odhtdb/bin2hex.hpp" #include "../include/odhtdb/Log.hpp" #include #include #include #include #include #include #include #include #include using namespace dht; using namespace std; using namespace chrono_literals; static int databaseCount = 0; // TODO: Verify time_t is always signed static time_t timeOffset = 0; // Updated by comparing local time with ntp server static odhtdb::u64 timeOffsetFraction = 0; static thread *ntpThread = nullptr; static bool timestampSynced = false; static InfoHash CREATE_DATA_HASH = InfoHash::get("__odhtdb__.create_data"); static InfoHash ADD_DATA_HASH = InfoHash::get("__odhtdb__.add_data"); const int OPENDHT_INFOHASH_LEN = 20; namespace odhtdb { const u16 DATABASE_CREATE_PACKET_STRUCTURE_VERSION = 1; const u16 DATABASE_ADD_PACKET_STRUCTURE_VERSION = 1; class RequestQuarantineException : public runtime_error { public: RequestQuarantineException() : runtime_error("Request quarantine, will be processed later (can be real of fake request)") {} }; DataView combine(sibs::SafeSerializer &headerSerializer, const Encryption &encryptedData) { usize allocationSize = headerSerializer.getBuffer().size() + encryptedData.getNonce().size + encryptedData.getCipherText().size; char *result = new char[allocationSize]; memcpy(result, headerSerializer.getBuffer().data(), headerSerializer.getBuffer().size()); memcpy(result + headerSerializer.getBuffer().size(), encryptedData.getNonce().data, encryptedData.getNonce().size); memcpy(result + headerSerializer.getBuffer().size() + encryptedData.getNonce().size, encryptedData.getCipherText().data, encryptedData.getCipherText().size); return DataView(result, allocationSize); } DataView combine(const Signature::PublicKey &publicKey, const string &signedEncryptedData) { usize allocationSize = publicKey.getSize() + signedEncryptedData.size(); char *result = new char[allocationSize]; memcpy(result, publicKey.getData(), publicKey.getSize()); memcpy(result + publicKey.getSize(), signedEncryptedData.data(), signedEncryptedData.size()); return DataView(result, allocationSize); } DatabaseCreateResponse::DatabaseCreateResponse(LocalUser *_nodeAdminUser, shared_ptr _key, shared_ptr _hash) : nodeAdminUser(_nodeAdminUser), key(_key), hash(_hash) { } const LocalUser* DatabaseCreateResponse::getNodeAdminUser() const { return nodeAdminUser; } const shared_ptr DatabaseCreateResponse::getNodeEncryptionKey() const { return key; } const shared_ptr DatabaseCreateResponse::getRequestHash() const { return hash; } Database::Database(const char *bootstrapNodeAddr, u16 port, const boost::filesystem::path &storageDir, DatabaseCallbackFuncs callbackFuncs) : onCreateNodeCallbackFunc(callbackFuncs.createNodeCallbackFunc), onAddNodeCallbackFunc(callbackFuncs.addNodeCallbackFunc), onAddUserCallbackFunc(callbackFuncs.addUserCallbackFunc), databaseStorage(this, storageDir) { node.run(port , { /*.dht_config = */{ /*.node_config = */{ /*.node_id = */{}, /*.network = */0, /*.is_bootstrap = */false, /*.maintain_storage*/false }, /*.id = */databaseStorage.getIdentity() }, /*.threaded = */true, /*.proxy_server = */"", /*.push_node_id = */"" }); auto portStr = to_string(port); node.bootstrap(bootstrapNodeAddr, portStr.c_str()); // TODO: Make this work for multiple threads initializing database at same time ++databaseCount; if(databaseCount == 1) { if(ntpThread) delete ntpThread; const int ntpFetchTimestampRetries = 5; ntpThread = new thread([]() { ntp::NtpClient ntpClient("pool.ntp.org", 10); while(databaseCount > 0) { int fetchRetryCounter = 0; while(fetchRetryCounter < ntpFetchTimestampRetries) { try { ntp::NtpTimestamp ntpTimestamp = ntpClient.getTimestamp(); struct timeval currentLocalTime; gettimeofday(¤tLocalTime, NULL); timeOffset = currentLocalTime.tv_sec - ntpTimestamp.seconds; timeOffsetFraction = currentLocalTime.tv_usec - ntpTimestamp.fractions; timestampSynced = true; break; } catch(ntp::NtpClientException &e) { Log::warn("Failed to sync clock with ntp server, reason: %s. Try #%d", e.what(), fetchRetryCounter); this_thread::sleep_for(500ms); } ++fetchRetryCounter; } if(fetchRetryCounter == ntpFetchTimestampRetries) throw ntp::NtpClientException("Failed to retrieve ntp timestamp after several retries"); this_thread::sleep_for(60s); } timestampSynced = false; }); ntpThread->detach(); } } Database::~Database() { // TODO: Make this work for multiple threads removing database object at same time --databaseCount; node.join(); } void Database::seed(const DatabaseNode &nodeToSeed) { if(seedInfoMap.find(*nodeToSeed.getRequestHash()) != seedInfoMap.end()) { Log::warn("You are already seeding node %s, ignoring...", nodeToSeed.getRequestHash()->toString().c_str()); return; } DatabaseSeedInfo newSeedInfo; // TODO: Use cached files and seed those. If none exists, request new files to seed. // If nobody requests my cached files in a long time, request new files to seed and remove cached files // (only if there are plenty of other seeders for the cached files. This could also cause race issue // where all nodes with a cached file delete it at same time). databaseStorage.setNodeDecryptionKey(*nodeToSeed.getRequestHash(), DataView(nodeToSeed.getNodeEncryptionKey()->data, nodeToSeed.getNodeEncryptionKey()->size)); Log::debug("Seeding key: %s", nodeToSeed.getRequestHash()->toString().c_str()); DhtKey dhtKey(*nodeToSeed.getRequestHash()); auto newDataListenerFuture = node.listen(dhtKey.getNewDataListenerKey(), [this, nodeToSeed](const shared_ptr &value) { Log::debug("Seed: New data listener received data..."); const Hash requestHash(value->data.data(), value->data.size()); if(requestHash == *nodeToSeed.getRequestHash()) return true; //return listenCreateData(value, requestHash, encryptionKey); else return listenAddData(value, requestHash, nodeToSeed.getRequestHash(), nodeToSeed.getNodeEncryptionKey()); }); newSeedInfo.newDataListenerFuture = make_shared>(move(newDataListenerFuture)); u8 responseKey[OPENDHT_INFOHASH_LEN]; randombytes_buf(responseKey, OPENDHT_INFOHASH_LEN); newSeedInfo.reponseKeyInfoHash = make_shared(responseKey, OPENDHT_INFOHASH_LEN); // TODO: If this response key is spammed, generate a new one. auto responseKeyFuture = node.listen(*newSeedInfo.reponseKeyInfoHash, [this, nodeToSeed](const shared_ptr &value) { const Hash requestHash(value->data.data(), value->data.size()); if(requestHash == *nodeToSeed.getRequestHash()) return listenCreateData(value, requestHash, nodeToSeed.getNodeEncryptionKey()); else return listenAddData(value, requestHash, nodeToSeed.getRequestHash(), nodeToSeed.getNodeEncryptionKey()); }); newSeedInfo.responseKeyFuture = make_shared>(move(responseKeyFuture)); // TODO: Before listening on this key, we should check how many remote peers are also providing this data. // This is to prevent too many peers from responding to a request to get old data. auto requestOldDataListenerFuture = node.listen(dhtKey.getRequestOldDataKey(), [this, nodeToSeed](const shared_ptr &value) { Log::debug("Request: Got request to send old data"); try { sibs::SafeDeserializer deserializer(value->data.data(), value->data.size()); u64 dataStartTimestamp = deserializer.extract(); u8 requestResponseKey[OPENDHT_INFOHASH_LEN]; deserializer.extract(requestResponseKey, OPENDHT_INFOHASH_LEN); InfoHash requestResponseInfoHash(requestResponseKey, OPENDHT_INFOHASH_LEN); if(dataStartTimestamp == 0) { databaseStorage.fetchNodeRaw(*nodeToSeed.getRequestHash(), [this, requestResponseInfoHash](const DataView rawData) { Log::debug("Request: Sent create packet to requesting peer"); Value value((u8*)rawData.data, rawData.size); node.put(requestResponseInfoHash, move(value), [](bool ok) { if(!ok) Log::error("Failed to put response for old data for 'create' data"); }); }); } databaseStorage.fetchNodeAddDataRaw(*nodeToSeed.getRequestHash(), [this, requestResponseInfoHash](const DataView rawData) { Value value((u8*)rawData.data, rawData.size); node.put(requestResponseInfoHash, move(value), [](bool ok) { if(!ok) Log::error("Failed to put response for old data for 'add' data"); }); }); } catch (std::exception &e) { Log::warn("Failed while serving peer, error: %s", e.what()); } return true; }); newSeedInfo.requestOldDataListenerFuture = make_shared>(move(requestOldDataListenerFuture)); seedInfoMap[*nodeToSeed.getRequestHash()] = newSeedInfo; sibs::SafeSerializer serializer; serializer.add((u64)0); // Timestamp in microseconds, fetch data newer than this. // TODO: Get timestamp from database storage serializer.add(responseKey, OPENDHT_INFOHASH_LEN); node.put(dhtKey.getRequestOldDataKey(), Value(serializer.getBuffer().data(), serializer.getBuffer().size()), [](bool ok) { if(!ok) Log::warn("Failed to put request to get old data"); }); //node.listen(CREATE_DATA_HASH, bind(&Database::listenCreateData, this, _1)); //node.listen(ADD_DATA_HASH, bind(&Database::listenAddData, this, _1)); } void Database::stopSeeding(const Hash &nodeHash) { auto seedInfoIt = seedInfoMap.find(nodeHash); if(seedInfoIt != seedInfoMap.end()) { // TODO: Verify if doing get on listener future stalls program forever... Opendht documentation is not clear on this DhtKey dhtKey(nodeHash); node.cancelListen(dhtKey.getNewDataListenerKey(), seedInfoIt->second.newDataListenerFuture->get()); node.cancelListen(dhtKey.getRequestOldDataKey(), seedInfoIt->second.requestOldDataListenerFuture->get()); node.cancelListen(*seedInfoIt->second.reponseKeyInfoHash, seedInfoIt->second.responseKeyFuture->get()); seedInfoMap.erase(seedInfoIt); } } void Database::loadNode(const Hash &nodeHash) { databaseStorage.loadNode(nodeHash); } unique_ptr Database::create() { return create(Signature::KeyPair()); } unique_ptr Database::create(const Signature::KeyPair &creatorKeyPair) { // TODO: Should this be declared static? is there any difference in behavior/performance? boost::uuids::random_generator uuidGen; auto adminGroupId = uuidGen(); assert(adminGroupId.size() == GROUP_ID_LENGTH); auto adminGroup = new Group(adminGroupId.data, ADMIN_PERMISSION); LocalUser *nodeAdminUser = LocalUser::create(creatorKeyPair, adminGroup); // Header sibs::SafeSerializer serializer; serializer.add(DATABASE_CREATE_PACKET_STRUCTURE_VERSION); // Packet structure version u64 timestampCombined = getSyncedTimestampUtc().getCombined(); serializer.add(timestampCombined); serializer.add((u8*)nodeAdminUser->getPublicKey().getData(), PUBLIC_KEY_NUM_BYTES); serializer.add(adminGroupId.data, adminGroupId.size()); try { unsigned char *encryptionKeyRaw = new unsigned char[ENCRYPTION_KEY_BYTE_SIZE]; Encryption::generateKey(encryptionKeyRaw); shared_ptr encryptionKey = make_shared(encryptionKeyRaw, ENCRYPTION_KEY_BYTE_SIZE); shared_ptr hashRequestKey = make_shared(serializer.getBuffer().data(), serializer.getBuffer().size()); databaseStorage.setNodeDecryptionKey(*hashRequestKey, DataView(encryptionKey->data, encryptionKey->size)); databaseStorage.createStorage(*hashRequestKey, adminGroup, timestampCombined, (const u8*)serializer.getBuffer().data(), serializer.getBuffer().size()); DhtKey dhtKey(*hashRequestKey); Value createDataValue(move(serializer.getBuffer())); node.put(dhtKey.getNewDataListenerKey(), move(createDataValue), [](bool ok) { // TODO: Handle failure to put data if(!ok) Log::warn("Failed to put: %s, what to do?", "Database::create"); }); return make_unique(nodeAdminUser, encryptionKey, hashRequestKey); } catch (EncryptionException &e) { throw DatabaseCreateException("Failed to encrypt data for 'create' request"); } } void Database::addData(const DatabaseNode &nodeInfo, const LocalUser *userToPerformActionWith, DataView dataToAdd) { if(!userToPerformActionWith->isAllowedToPerformAction(PermissionType::ADD_DATA)) { // TODO: User might have permission to perform operation, but we haven't got the packet that adds user to the group with the permission, // or we haven't received the packet that modifies group with the permission to perform the operation. // This also means that an user can be in a group that has permission to perform the operation and then later be removed from it, // and remote peers would accept our request to perform operation if they haven't received the operation that removes the user from the group. // How to handle this? string errMsg = "User "; errMsg += userToPerformActionWith->getPublicKey().toString(); errMsg += " is not allowed to perform the operation: ADD_USER"; throw PermissionDeniedException(errMsg); } sibs::SafeSerializer serializer; serializer.add(DATABASE_ADD_PACKET_STRUCTURE_VERSION); u64 timestampCombined = getSyncedTimestampUtc().getCombined(); serializer.add(timestampCombined); serializer.add(DatabaseOperation::ADD_DATA); DataView encryptionKey(nodeInfo.getNodeEncryptionKey()->data, ENCRYPTION_KEY_BYTE_SIZE); Encryption encryptedBody(dataToAdd, DataView(), encryptionKey); DataView requestData = combine(serializer, encryptedBody); string signedRequestData = userToPerformActionWith->getPrivateKey().sign(requestData); DataView stagedAddObject = combine(userToPerformActionWith->getPublicKey(), signedRequestData); Hash requestDataHash(stagedAddObject.data, stagedAddObject.size); DataView encryptedDataView((char*)requestData.data + serializer.getBuffer().size(), requestData.size - serializer.getBuffer().size()); databaseStorage.appendStorage(*nodeInfo.getRequestHash(), requestDataHash, DatabaseOperation::ADD_DATA, userToPerformActionWith->getPublicKey(), timestampCombined, (u8*)stagedAddObject.data, stagedAddObject.size, encryptedDataView); delete[] (char*)requestData.data; DhtKey dhtKey(requestDataHash); Value addDataValue((u8*)stagedAddObject.data, stagedAddObject.size); delete[] (char*)stagedAddObject.data; node.put(dhtKey.getNewDataListenerKey(), move(addDataValue), [](bool ok) { // TODO: Handle failure to put data if(!ok) Log::warn("Failed to put: %s, what to do?", "Database::addData"); }); } Group* getGroupWithRightsToAddUserToGroup(const vector &groups, Group *groupToAddUserTo) { for(auto group : groups) { const auto &groupPermission = group->getPermission(); if(groupPermission.getFlag(PermissionType::ADD_USER_HIGHER_LEVEL) && groupPermission.getPermissionLevel() < groupToAddUserTo->getPermission().getPermissionLevel()) { return group; } else if(groupPermission.getFlag(PermissionType::ADD_USER_SAME_LEVEL) && groupPermission.getPermissionLevel() == groupToAddUserTo->getPermission().getPermissionLevel()) { return group; } } return nullptr; } void Database::addUser(const DatabaseNode &nodeInfo, const LocalUser *userToPerformActionWith, const Signature::PublicKey &userToAddPublicKey, Group *groupToAddUserTo) { auto groupWithAddUserRights = getGroupWithRightsToAddUserToGroup(userToPerformActionWith->getGroups(), groupToAddUserTo); if(!groupWithAddUserRights) { string errMsg = "The user "; errMsg += userToPerformActionWith->getPublicKey().toString(); errMsg += " does not belong to any group that is allowed to add an user to the group "; errMsg += bin2hex((const char*)groupToAddUserTo->getId().data, groupToAddUserTo->getId().size).c_str(); throw PermissionDeniedException(errMsg); } sibs::SafeSerializer serializer; serializer.add(DATABASE_ADD_PACKET_STRUCTURE_VERSION); u64 timestampCombined = getSyncedTimestampUtc().getCombined(); serializer.add(timestampCombined); serializer.add(DatabaseOperation::ADD_USER); usize additionalDataOffset = serializer.getBuffer().size(); serializer.add((u8*)userToAddPublicKey.getData(), PUBLIC_KEY_NUM_BYTES); serializer.add((uint8_t*)groupToAddUserTo->getId().data, groupToAddUserTo->getId().size); // TODO: Should this be declared static? is there any difference in behavior/performance? boost::uuids::random_generator uuidGen; auto padding = uuidGen(); assert(padding.size() == 16); serializer.add(padding.data, padding.size()); DataView requestData { serializer.getBuffer().data(), serializer.getBuffer().size() }; string signedRequestData = userToPerformActionWith->getPrivateKey().sign(requestData); DataView stagedAddObject = combine(userToPerformActionWith->getPublicKey(), signedRequestData); Hash requestDataHash(stagedAddObject.data, stagedAddObject.size); DataView additionalDataView((void*)(static_cast(requestData.data) + additionalDataOffset), requestData.size - additionalDataOffset); databaseStorage.appendStorage(*nodeInfo.getRequestHash(), requestDataHash, DatabaseOperation::ADD_USER, userToPerformActionWith->getPublicKey(), timestampCombined, (u8*)stagedAddObject.data, stagedAddObject.size, additionalDataView); DhtKey dhtKey(requestDataHash); Value addDataValue((u8*)stagedAddObject.data, stagedAddObject.size); delete[] (char*)stagedAddObject.data; node.put(dhtKey.getNewDataListenerKey(), move(addDataValue), [](bool ok) { // TODO: Handle failure to put data if(!ok) Log::warn("Failed to put: %s, what to do?", "Database::addUser"); }); } ntp::NtpTimestamp Database::getSyncedTimestampUtc() const { while(!timestampSynced) { this_thread::sleep_for(10ms); } struct timeval currentLocalTime; gettimeofday(¤tLocalTime, NULL); ntp::NtpTimestamp timestamp; timestamp.seconds = currentLocalTime.tv_sec - timeOffset; timestamp.fractions = currentLocalTime.tv_usec - timeOffsetFraction; return timestamp; } void Database::deserializeCreateRequest(const shared_ptr &value, const Hash &hash, const shared_ptr encryptionKey) { sibs::SafeDeserializer deserializer(value->data.data(), value->data.size()); u16 packetStructureVersion = deserializer.extract(); if(packetStructureVersion != DATABASE_CREATE_PACKET_STRUCTURE_VERSION) { string errMsg = "Received 'create' request with packet structure version "; errMsg += to_string(packetStructureVersion); errMsg += ", but our packet structure version is "; errMsg += to_string(DATABASE_CREATE_PACKET_STRUCTURE_VERSION); throw sibs::DeserializeException(errMsg); } u64 creationDate = deserializer.extract(); /* // TODO: This doesn't seem to work right now, fix it auto currentTimestamp = getSyncedTimestampUtc(); if(creationDate > currentTimestamp.getCombined()) { auto creationDateTimestamp = ntp::NtpTimestamp::fromCombined(creationDate); string errMsg = "Packet is from the future. Packet creation time: "; errMsg += to_string((double)creationDateTimestamp.seconds + creationDateTimestamp.getFractionAsSeconds()); errMsg += ", current time: "; errMsg += to_string((double)currentTimestamp.seconds + currentTimestamp.getFractionAsSeconds()); throw sibs::DeserializeException(errMsg); } */ char creatorPublicKeyRaw[PUBLIC_KEY_NUM_BYTES]; deserializer.extract((u8*)creatorPublicKeyRaw, PUBLIC_KEY_NUM_BYTES); Signature::PublicKey userPublicKey(creatorPublicKeyRaw, PUBLIC_KEY_NUM_BYTES); uint8_t adminGroupId[GROUP_ID_LENGTH]; deserializer.extract(adminGroupId, GROUP_ID_LENGTH); if(deserializer.getSize() < ENCRYPTION_NONCE_BYTE_SIZE) throw sibs::DeserializeException("Unsigned encrypted body is too small (unable to extract nonce)"); auto adminGroup = new Group(adminGroupId, ADMIN_PERMISSION); // TODO: Username is encrypted, we dont know it... unless we have encryption key, in which case we should modify the user name and set it auto creatorUser = RemoteUser::create(userPublicKey, adminGroup); databaseStorage.createStorage(hash, adminGroup, creationDate, value->data.data(), value->data.size()); } void Database::deserializeAddRequest(const shared_ptr &value, const Hash &requestDataHash, const std::shared_ptr &nodeHash, const shared_ptr encryptionKey) { sibs::SafeDeserializer deserializer(value->data.data(), value->data.size()); char creatorPublicKeyRaw[PUBLIC_KEY_NUM_BYTES]; deserializer.extract((u8*)creatorPublicKeyRaw, PUBLIC_KEY_NUM_BYTES); Signature::PublicKey creatorPublicKey(creatorPublicKeyRaw, PUBLIC_KEY_NUM_BYTES); DataView signedData((void*)deserializer.getBuffer(), deserializer.getSize()); string unsignedData = creatorPublicKey.unsign(signedData); sibs::SafeDeserializer deserializerUnsigned((u8*)unsignedData.data(), unsignedData.size()); u16 packetStructureVersion = deserializerUnsigned.extract(); if(packetStructureVersion != DATABASE_CREATE_PACKET_STRUCTURE_VERSION) { string errMsg = "Received 'create' request with packet structure version "; errMsg += to_string(packetStructureVersion); errMsg += ", but our packet structure version is "; errMsg += to_string(DATABASE_CREATE_PACKET_STRUCTURE_VERSION); throw sibs::DeserializeException(errMsg); } u64 creationDate = deserializerUnsigned.extract(); auto currentTimestamp = getSyncedTimestampUtc(); /* // TODO: This doesn't seem to work right now, fix it if(creationDate > currentTimestamp.getCombined()) { auto creationDateTimestamp = ntp::NtpTimestamp::fromCombined(creationDate); string errMsg = "Packet is from the future. Packet creation time: "; errMsg += to_string((double)creationDateTimestamp.seconds + creationDateTimestamp.getFractionAsSeconds()); errMsg += ", current time: "; errMsg += to_string((double)currentTimestamp.seconds + currentTimestamp.getFractionAsSeconds()); throw sibs::DeserializeException(errMsg); } */ DatabaseOperation operation = deserializerUnsigned.extract(); DataView additionalDataView((void*)deserializerUnsigned.getBuffer(), deserializerUnsigned.getSize()); databaseStorage.appendStorage(*nodeHash, requestDataHash, operation, creatorPublicKey, creationDate, value->data.data(), value->data.size(), additionalDataView); } bool Database::listenCreateData(shared_ptr value, const Hash &hash, const shared_ptr encryptionKey) { Log::debug("Got create data"); try { if(databaseStorage.doesNodeExist(hash)) throw DatabaseStorageAlreadyExists("Create request hash is equal to hash already in storage (duplicate data?)"); deserializeCreateRequest(value, hash, encryptionKey); } catch (exception &e) { Log::warn("Failed to deserialize 'create' request: %s", e.what()); } return true; } bool Database::listenAddData(shared_ptr value, const Hash &requestDataHash, const std::shared_ptr nodeHash, const shared_ptr encryptionKey) { Log::debug("Got add data"); try { if(databaseStorage.doesDataExist(requestDataHash)) throw DatabaseStorageAlreadyExists("Add data request hash is equal to hash already in storage (duplicate data?)"); deserializeAddRequest(value, requestDataHash, nodeHash, encryptionKey); //Log::debug("Got add object, timestamp: %zu", addObject.timestamp); } catch (RequestQuarantineException &e) { Log::warn("Request was put in quarantine, will be processed later"); } catch (exception &e) { Log::warn("Failed to deserialize 'add' request: %s", e.what()); } return true; } }