From 07f658a96fff15cece138fac86c3b85112b2e270 Mon Sep 17 00:00:00 2001
From: mcrakhman <rakhmanov.m@gmail.com>
Date: Mon, 27 Mar 2023 13:01:35 +0200
Subject: [PATCH] Add individual key derivation for trees

---
 commonspace/object/tree/objecttree/historytree.go |  6 +++++-
 commonspace/object/tree/objecttree/objecttree.go  |  6 +++++-
 commonspace/object/tree/objecttree/util.go        | 13 +++++++++++++
 util/crypto/derived.go                            |  1 +
 4 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/commonspace/object/tree/objecttree/historytree.go b/commonspace/object/tree/objecttree/historytree.go
index c81143fc..e8de9520 100644
--- a/commonspace/object/tree/objecttree/historytree.go
+++ b/commonspace/object/tree/objecttree/historytree.go
@@ -45,7 +45,11 @@ func (h *historyTree) rebuildFromStorage(beforeId string, include bool) (err err
 
 	if len(ot.keys) != len(state.UserReadKeys()) {
 		for key, value := range state.UserReadKeys() {
-			ot.keys[key] = value
+			treeKey, err := deriveTreeKey(value, h.id)
+			if err != nil {
+				return err
+			}
+			ot.keys[key] = treeKey
 		}
 	}
 	return
diff --git a/commonspace/object/tree/objecttree/objecttree.go b/commonspace/object/tree/objecttree/objecttree.go
index a1129375..7ba9c2e5 100644
--- a/commonspace/object/tree/objecttree/objecttree.go
+++ b/commonspace/object/tree/objecttree/objecttree.go
@@ -640,7 +640,11 @@ func (ot *objectTree) validateTree(newChanges []*Change) error {
 	// just not to take lock many times, updating the key map from aclList
 	if len(ot.keys) != len(state.UserReadKeys()) {
 		for key, value := range state.UserReadKeys() {
-			ot.keys[key] = value
+			treeKey, err := deriveTreeKey(value, ot.id)
+			if err != nil {
+				return err
+			}
+			ot.keys[key] = treeKey
 		}
 	}
 	if len(newChanges) == 0 {
diff --git a/commonspace/object/tree/objecttree/util.go b/commonspace/object/tree/objecttree/util.go
index ad577194..2e960233 100644
--- a/commonspace/object/tree/objecttree/util.go
+++ b/commonspace/object/tree/objecttree/util.go
@@ -1,5 +1,10 @@
 package objecttree
 
+import (
+	"fmt"
+	"github.com/anytypeio/any-sync/util/crypto"
+)
+
 func commonSnapshotForTwoPaths(ourPath []string, theirPath []string) (string, error) {
 	var i int
 	var j int
@@ -27,3 +32,11 @@ OuterLoop:
 	}
 	return ourPath[i+1], nil
 }
+
+func deriveTreeKey(key crypto.SymKey, cid string) (crypto.SymKey, error) {
+	raw, err := key.Raw()
+	if err != nil {
+		return nil, err
+	}
+	return crypto.DeriveSymmetricKey(raw, fmt.Sprintf(crypto.AnysyncTreePath, cid))
+}
diff --git a/util/crypto/derived.go b/util/crypto/derived.go
index 62851296..596e4560 100644
--- a/util/crypto/derived.go
+++ b/util/crypto/derived.go
@@ -6,6 +6,7 @@ import (
 
 const (
 	AnytypeAccountPath   = "m/SLIP-0021/anytype/account"
+	AnysyncTreePath      = "m/SLIP-0021/anysync/tree/%s"
 	AnytypeAccountPrefix = "m/44'/607'"
 )