Add individual key derivation for trees

commonspace/object/tree/objecttree/historytree.go

@@ -45,7 +45,11 @@ func (h *historyTree) rebuildFromStorage(beforeId string, include bool) (err err
 
 	if len(ot.keys) != len(state.UserReadKeys()) {
 		for key, value := range state.UserReadKeys() {
-			ot.keys[key] = value
+			treeKey, err := deriveTreeKey(value, h.id)
+			if err != nil {
+				return err
+			}
+			ot.keys[key] = treeKey
 		}
 	}
 	return

commonspace/object/tree/objecttree/objecttree.go

@@ -640,7 +640,11 @@ func (ot *objectTree) validateTree(newChanges []*Change) error {
 	// just not to take lock many times, updating the key map from aclList
 	if len(ot.keys) != len(state.UserReadKeys()) {
 		for key, value := range state.UserReadKeys() {
-			ot.keys[key] = value
+			treeKey, err := deriveTreeKey(value, ot.id)
+			if err != nil {
+				return err
+			}
+			ot.keys[key] = treeKey
 		}
 	}
 	if len(newChanges) == 0 {

commonspace/object/tree/objecttree/util.go

@@ -1,5 +1,10 @@
 package objecttree
 
+import (
+	"fmt"
+	"github.com/anytypeio/any-sync/util/crypto"
+)
+
 func commonSnapshotForTwoPaths(ourPath []string, theirPath []string) (string, error) {
 	var i int
 	var j int
@@ -27,3 +32,11 @@ OuterLoop:
 	}
 	return ourPath[i+1], nil
 }
+
+func deriveTreeKey(key crypto.SymKey, cid string) (crypto.SymKey, error) {
+	raw, err := key.Raw()
+	if err != nil {
+		return nil, err
+	}
+	return crypto.DeriveSymmetricKey(raw, fmt.Sprintf(crypto.AnysyncTreePath, cid))
+}

util/crypto/derived.go

@@ -6,6 +6,7 @@ import (
 
 const (
 	AnytypeAccountPath   = "m/SLIP-0021/anytype/account"
+	AnysyncTreePath      = "m/SLIP-0021/anysync/tree/%s"
 	AnytypeAccountPrefix = "m/44'/607'"
 )