# Storage
## High Level Components
### Database
The database package will integrate redis and expose the following interface. Every key will be namespaced using the pcr input
- **Load**: returns a value stored against the key else returns the error
```
- inputs: pcr, key // map[uint][string], string
- outputs: value, error // string, error
```
- **Store**: store/update a key value pair in the database for the given duration
```
- inputs: pcr, key, value, expiry // map[uint][string], string, []byte, duration
- outputs: error // error
```
- **Exists**: check if key exists
```
- inputs: pcr, key // map[uint][string], string
- outputs: true/false // bool
```
- **List**: get all keys matching a given prefix.
```
- inputs: pcr, prefix, recursive // map[uint][string], string, bool
- outputs: list of keys, error // []string, error
```
- **Stat**: returns information about a specific key
```
- inputs: pcr, key // map[uint][string], string
- outputs: keyInfo // {Key string, Modified time.Time, Size int64, IsTerminal bool}
```
- **Delete**: delete the key value pair from the database.
```
- inputs: pcr, key // map[uint][string], string
- outputs: error // error
```
- **Lock**: obtain a lock for a given key
```
- inputs: pcr, key // map[uint][string], string
- outputs: error // error
```
- **Unlock**: release the lock for a given key
```
- inputs: pcr, key // map[uint][string], string
- outputs: error // error
```
### Communication
The communication package will implement diffie hellman and expose the following interface. It will extract the pubkey from the attestation doc and private key from storage
- **VerifyIntegrity**: verify the message integrity using authenticated encryption
```
- inputs: message
- output: true/false // bool
```
- **GetEncrypted**: returns the data encrypted with key generated using diffie hellman
```
- inputs: attestation, data // base64, []byte
- outputs: encrypted data, error // []byte, error
```
- **GetDecrypted**: returns the data decrypted with key generated using diffie hellman
```
- inputs: attestation, data // base64, []byte
- outputs: decrypted data, error // []byte, error
```
## Router
Router implements the api calls that will be exposed by this storage server. It will implement the following api calls.
Every request will have the following **header**:
`Attestation: <base64 encoded attestation document>`
- GET /**ping**: this is a health check for the server
```
- response:
- version: "1.0.0"
```
- POST /**load**: this will return the value stored against the given key in the database
```
- request:
- data: key // string
- response:
- data: value // string
```
- POST /**store**: this will store/update the value for the given key in the database
```
- request:
- data:
- key: "key" //string
- value: "value" // string
- expiry: 0 // in nanoseconds, 0 for no expiry and -1 for kEEPTTL as previous
```
- POST /**exists**: this will check if the given key exists in the database
```
- requests:
- data: key //string
- response:
- data: true/false //string
```
- POST /**list**: this will return the list of keys matching a particular prefix
```
- requests:
- data:
- prefix // string
- isRecursive //bool
- response:
- data : keysList //[]string
```
- POST /**stat**: this will return the information stored against the given key in the database
```
- request:
- data: key //string
- response:
- data:
- key //string
- modified //Time
- size //int64
- Terminal //bool
```
- POST /**delete**: this will delete the value for the given key in the database
```
- request:
- data: key //string
- response:
- status: "Deleted"
```
- POST /**lock**: this will obtain lock for the given key in the database
```
- request:
- data: key //string
- response:
- status: "locked"
```
- POST /**unlock**: this will release lock for the given key in the database
```
- request:
- data: key //string
- response:
- status: "unlocked"
```
## Example flow for storing and loading data
![](https://i.imgur.com/hEhEvah.png)
## Pricing Model
Following parameters were identified based on the AWS and GCP pricing model
- **Storage cost**: data stored per second. If the data is deleted before its expiry, 'early delete' charges will be applied. This cost will be computed on each store call as (keysize + valuesize) * ttl.
- **Operation cost**: operations are divided into three classes. Class A(store, list, lock), Class B(load, stat, exists) and class C(delete, unlock). Each Class is charged differently with class C being free. This cost will be computed on each request
- **Network cost**: Network ingress, i.e, data coming into the server is not charged. Network egress, i.e, data going out of the server is charged. This cost will be computed only on load, stat, list request.
## Limits
some limits that may be imposed.
- size of Key
- size of Value
- number of keys under a namespace