19
#include "td/utils/crypto.h"
20
#include "td/utils/overloaded.h"
23
#include "encryptor.hpp"
24
#include "auto/tl/ton_api.hpp"
26
#include "common/status.h"
27
#include "common/errorcode.h"
32
td::Result<std::unique_ptr<Encryptor>> Encryptor::create(const ton_api::PublicKey *id) {
33
td::Result<std::unique_ptr<Encryptor>> res;
34
ton_api::downcast_call(
35
*const_cast<ton_api::PublicKey *>(id),
36
td::overloaded([&](const ton_api::pub_unenc &obj) { res = std::make_unique<EncryptorNone>(); },
37
[&](const ton_api::pub_ed25519 &obj) { res = std::make_unique<EncryptorEd25519>(obj.key_); },
38
[&](const ton_api::pub_overlay &obj) { res = std::make_unique<EncryptorOverlay>(); },
39
[&](const ton_api::pub_aes &obj) { res = std::make_unique<EncryptorAES>(obj.key_); }));
43
td::Result<std::unique_ptr<Decryptor>> Decryptor::create(const ton_api::PrivateKey *id) {
44
td::Result<std::unique_ptr<Decryptor>> res;
45
ton_api::downcast_call(
46
*const_cast<ton_api::PrivateKey *>(id),
47
td::overloaded([&](const ton_api::pk_unenc &obj) { res = std::make_unique<DecryptorNone>(); },
48
[&](const ton_api::pk_ed25519 &obj) { res = std::make_unique<DecryptorEd25519>(obj.key_); },
49
[&](const ton_api::pk_overlay &obj) { res = std::make_unique<DecryptorFail>(); },
50
[&](const ton_api::pk_aes &obj) { res = std::make_unique<DecryptorAES>(obj.key_); }));
54
td::Result<td::BufferSlice> EncryptorEd25519::encrypt(td::Slice data) {
55
TRY_RESULT_PREFIX(pk, td::Ed25519::generate_private_key(), "failed to generate private key: ");
56
TRY_RESULT_PREFIX(pubkey, pk.get_public_key(), "failed to get public key from private: ");
57
auto pubkey_str = pubkey.as_octet_string();
59
td::BufferSlice msg(pubkey_str.size() + 32 + data.size());
60
td::MutableSlice slice = msg.as_slice();
61
slice.copy_from(pubkey_str);
62
slice.remove_prefix(pubkey_str.size());
64
TRY_RESULT_PREFIX(shared_secret, td::Ed25519::compute_shared_secret(pub_, pk), "failed to compute shared secret: ");
66
td::MutableSlice digest = slice.substr(0, 32);
67
slice.remove_prefix(32);
68
td::sha256(data, digest);
70
td::SecureString key(32);
72
auto S = key.as_mutable_slice();
73
S.copy_from(td::Slice(shared_secret).truncate(16));
75
S.copy_from(digest.copy().remove_prefix(16).truncate(16));
78
td::SecureString iv(16);
80
auto S = iv.as_mutable_slice();
81
S.copy_from(digest.copy().truncate(4));
83
S.copy_from(td::Slice(shared_secret).remove_prefix(20).truncate(12));
88
ctr.encrypt(data, slice);
90
return std::move(msg);
93
td::Status EncryptorEd25519::check_signature(td::Slice message, td::Slice signature) {
94
return td::status_prefix(pub_.verify_signature(message, signature), "bad signature: ");
97
td::Result<td::BufferSlice> DecryptorEd25519::decrypt(td::Slice data) {
98
if (data.size() < td::Ed25519::PublicKey::LENGTH + 32) {
99
return td::Status::Error(ErrorCode::protoviolation, "message is too short");
102
td::Slice pub = data.substr(0, td::Ed25519::PublicKey::LENGTH);
103
data.remove_prefix(td::Ed25519::PublicKey::LENGTH);
105
td::Slice digest = data.substr(0, 32);
106
data.remove_prefix(32);
108
TRY_RESULT_PREFIX(shared_secret,
109
td::Ed25519::compute_shared_secret(td::Ed25519::PublicKey(td::SecureString(pub)), pk_),
110
"failed to generate shared secret: ");
112
td::SecureString key(32);
113
key.as_mutable_slice().copy_from(td::Slice(shared_secret).substr(0, 16));
114
key.as_mutable_slice().substr(16).copy_from(digest.substr(16, 16));
116
td::SecureString iv(16);
117
iv.as_mutable_slice().copy_from(digest.substr(0, 4));
118
iv.as_mutable_slice().substr(4).copy_from(td::Slice(shared_secret).substr(20, 12));
120
td::BufferSlice res(data.size());
124
ctr.encrypt(data, res.as_slice());
126
td::UInt256 real_digest;
127
td::sha256(res.as_slice(), as_slice(real_digest));
129
if (as_slice(real_digest) != digest) {
130
return td::Status::Error(ErrorCode::protoviolation, "sha256 mismatch after decryption");
133
return std::move(res);
136
td::Result<td::BufferSlice> DecryptorEd25519::sign(td::Slice data) {
137
TRY_RESULT_PREFIX(signature, pk_.sign(data), "failed to sign: ");
138
return td::BufferSlice(signature);
141
td::Result<td::BufferSlice> EncryptorAES::encrypt(td::Slice data) {
142
td::BufferSlice msg(32 + data.size());
143
td::MutableSlice slice = msg.as_slice();
145
td::MutableSlice digest = slice.substr(0, 32);
146
slice.remove_prefix(32);
147
td::sha256(data, digest);
149
td::SecureString key(32);
150
key.as_mutable_slice().copy_from(shared_secret_.as_slice().substr(0, 16));
151
key.as_mutable_slice().substr(16).copy_from(digest.substr(16, 16));
153
td::SecureString iv(16);
154
iv.as_mutable_slice().copy_from(digest.substr(0, 4));
155
iv.as_mutable_slice().substr(4).copy_from(shared_secret_.as_slice().substr(20, 12));
159
ctr.encrypt(data, slice);
161
return std::move(msg);
164
td::Result<td::BufferSlice> DecryptorAES::decrypt(td::Slice data) {
165
if (data.size() < 32) {
166
return td::Status::Error(ErrorCode::protoviolation, "message is too short");
169
td::Slice digest = data.substr(0, 32);
170
data.remove_prefix(32);
172
td::SecureString key(32);
173
key.as_mutable_slice().copy_from(shared_secret_.as_slice().substr(0, 16));
174
key.as_mutable_slice().substr(16).copy_from(digest.substr(16, 16));
176
td::SecureString iv(16);
177
iv.as_mutable_slice().copy_from(digest.substr(0, 4));
178
iv.as_mutable_slice().substr(4).copy_from(shared_secret_.as_slice().substr(20, 12));
180
td::BufferSlice res(data.size());
184
ctr.encrypt(data, res.as_slice());
186
td::UInt256 real_digest;
187
td::sha256(res.as_slice(), as_slice(real_digest));
189
if (as_slice(real_digest) != digest) {
190
return td::Status::Error(ErrorCode::protoviolation, "sha256 mismatch after decryption");
193
return std::move(res);
196
std::vector<td::Result<td::BufferSlice>> Decryptor::sign_batch(std::vector<td::Slice> data) {
197
std::vector<td::Result<td::BufferSlice>> r;
198
r.resize(data.size());
199
for (size_t i = 0; i < data.size(); i++) {
200
r[i] = sign(data[i]);