Ton

encryptor.cpp
205 строк · 7.0 Кб
Перенос по словам
1
/*
2
    This file is part of TON Blockchain Library.
3

4
    TON Blockchain Library is free software: you can redistribute it and/or modify
5
    it under the terms of the GNU Lesser General Public License as published by
6
    the Free Software Foundation, either version 2 of the License, or
7
    (at your option) any later version.
8

9
    TON Blockchain Library is distributed in the hope that it will be useful,
10
    but WITHOUT ANY WARRANTY; without even the implied warranty of
11
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12
    GNU Lesser General Public License for more details.
13

14
    You should have received a copy of the GNU Lesser General Public License
15
    along with TON Blockchain Library.  If not, see <http://www.gnu.org/licenses/>.
16

17
    Copyright 2017-2020 Telegram Systems LLP
18
*/
19
#include "td/utils/crypto.h"
20
#include "td/utils/overloaded.h"
21

22
#include "encryptor.h"
23
#include "encryptor.hpp"
24
#include "auto/tl/ton_api.hpp"
25

26
#include "common/status.h"
27
#include "common/errorcode.h"
28
#include "keys.hpp"
29

30
namespace ton {
31

32
td::Result<std::unique_ptr<Encryptor>> Encryptor::create(const ton_api::PublicKey *id) {
33
  td::Result<std::unique_ptr<Encryptor>> res;
34
  ton_api::downcast_call(
35
      *const_cast<ton_api::PublicKey *>(id),
36
      td::overloaded([&](const ton_api::pub_unenc &obj) { res = std::make_unique<EncryptorNone>(); },
37
                     [&](const ton_api::pub_ed25519 &obj) { res = std::make_unique<EncryptorEd25519>(obj.key_); },
38
                     [&](const ton_api::pub_overlay &obj) { res = std::make_unique<EncryptorOverlay>(); },
39
                     [&](const ton_api::pub_aes &obj) { res = std::make_unique<EncryptorAES>(obj.key_); }));
40
  return res;
41
}
42

43
td::Result<std::unique_ptr<Decryptor>> Decryptor::create(const ton_api::PrivateKey *id) {
44
  td::Result<std::unique_ptr<Decryptor>> res;
45
  ton_api::downcast_call(
46
      *const_cast<ton_api::PrivateKey *>(id),
47
      td::overloaded([&](const ton_api::pk_unenc &obj) { res = std::make_unique<DecryptorNone>(); },
48
                     [&](const ton_api::pk_ed25519 &obj) { res = std::make_unique<DecryptorEd25519>(obj.key_); },
49
                     [&](const ton_api::pk_overlay &obj) { res = std::make_unique<DecryptorFail>(); },
50
                     [&](const ton_api::pk_aes &obj) { res = std::make_unique<DecryptorAES>(obj.key_); }));
51
  return res;
52
}
53

54
td::Result<td::BufferSlice> EncryptorEd25519::encrypt(td::Slice data) {
55
  TRY_RESULT_PREFIX(pk, td::Ed25519::generate_private_key(), "failed to generate private key: ");
56
  TRY_RESULT_PREFIX(pubkey, pk.get_public_key(), "failed to get public key from private: ");
57
  auto pubkey_str = pubkey.as_octet_string();
58

59
  td::BufferSlice msg(pubkey_str.size() + 32 + data.size());
60
  td::MutableSlice slice = msg.as_slice();
61
  slice.copy_from(pubkey_str);
62
  slice.remove_prefix(pubkey_str.size());
63

64
  TRY_RESULT_PREFIX(shared_secret, td::Ed25519::compute_shared_secret(pub_, pk), "failed to compute shared secret: ");
65

66
  td::MutableSlice digest = slice.substr(0, 32);
67
  slice.remove_prefix(32);
68
  td::sha256(data, digest);
69

70
  td::SecureString key(32);
71
  {
72
    auto S = key.as_mutable_slice();
73
    S.copy_from(td::Slice(shared_secret).truncate(16));
74
    S.remove_prefix(16);
75
    S.copy_from(digest.copy().remove_prefix(16).truncate(16));
76
  }
77

78
  td::SecureString iv(16);
79
  {
80
    auto S = iv.as_mutable_slice();
81
    S.copy_from(digest.copy().truncate(4));
82
    S.remove_prefix(4);
83
    S.copy_from(td::Slice(shared_secret).remove_prefix(20).truncate(12));
84
  }
85

86
  td::AesCtrState ctr;
87
  ctr.init(key, iv);
88
  ctr.encrypt(data, slice);
89

90
  return std::move(msg);
91
}
92

93
td::Status EncryptorEd25519::check_signature(td::Slice message, td::Slice signature) {
94
  return td::status_prefix(pub_.verify_signature(message, signature), "bad signature: ");
95
}
96

97
td::Result<td::BufferSlice> DecryptorEd25519::decrypt(td::Slice data) {
98
  if (data.size() < td::Ed25519::PublicKey::LENGTH + 32) {
99
    return td::Status::Error(ErrorCode::protoviolation, "message is too short");
100
  }
101

102
  td::Slice pub = data.substr(0, td::Ed25519::PublicKey::LENGTH);
103
  data.remove_prefix(td::Ed25519::PublicKey::LENGTH);
104

105
  td::Slice digest = data.substr(0, 32);
106
  data.remove_prefix(32);
107

108
  TRY_RESULT_PREFIX(shared_secret,
109
                    td::Ed25519::compute_shared_secret(td::Ed25519::PublicKey(td::SecureString(pub)), pk_),
110
                    "failed to generate shared secret: ");
111

112
  td::SecureString key(32);
113
  key.as_mutable_slice().copy_from(td::Slice(shared_secret).substr(0, 16));
114
  key.as_mutable_slice().substr(16).copy_from(digest.substr(16, 16));
115

116
  td::SecureString iv(16);
117
  iv.as_mutable_slice().copy_from(digest.substr(0, 4));
118
  iv.as_mutable_slice().substr(4).copy_from(td::Slice(shared_secret).substr(20, 12));
119

120
  td::BufferSlice res(data.size());
121

122
  td::AesCtrState ctr;
123
  ctr.init(key, iv);
124
  ctr.encrypt(data, res.as_slice());
125

126
  td::UInt256 real_digest;
127
  td::sha256(res.as_slice(), as_slice(real_digest));
128

129
  if (as_slice(real_digest) != digest) {
130
    return td::Status::Error(ErrorCode::protoviolation, "sha256 mismatch after decryption");
131
  }
132

133
  return std::move(res);
134
}
135

136
td::Result<td::BufferSlice> DecryptorEd25519::sign(td::Slice data) {
137
  TRY_RESULT_PREFIX(signature, pk_.sign(data), "failed to sign: ");
138
  return td::BufferSlice(signature);
139
}
140

141
td::Result<td::BufferSlice> EncryptorAES::encrypt(td::Slice data) {
142
  td::BufferSlice msg(32 + data.size());
143
  td::MutableSlice slice = msg.as_slice();
144

145
  td::MutableSlice digest = slice.substr(0, 32);
146
  slice.remove_prefix(32);
147
  td::sha256(data, digest);
148

149
  td::SecureString key(32);
150
  key.as_mutable_slice().copy_from(shared_secret_.as_slice().substr(0, 16));
151
  key.as_mutable_slice().substr(16).copy_from(digest.substr(16, 16));
152

153
  td::SecureString iv(16);
154
  iv.as_mutable_slice().copy_from(digest.substr(0, 4));
155
  iv.as_mutable_slice().substr(4).copy_from(shared_secret_.as_slice().substr(20, 12));
156

157
  td::AesCtrState ctr;
158
  ctr.init(key, iv);
159
  ctr.encrypt(data, slice);
160

161
  return std::move(msg);
162
}
163

164
td::Result<td::BufferSlice> DecryptorAES::decrypt(td::Slice data) {
165
  if (data.size() < 32) {
166
    return td::Status::Error(ErrorCode::protoviolation, "message is too short");
167
  }
168

169
  td::Slice digest = data.substr(0, 32);
170
  data.remove_prefix(32);
171

172
  td::SecureString key(32);
173
  key.as_mutable_slice().copy_from(shared_secret_.as_slice().substr(0, 16));
174
  key.as_mutable_slice().substr(16).copy_from(digest.substr(16, 16));
175

176
  td::SecureString iv(16);
177
  iv.as_mutable_slice().copy_from(digest.substr(0, 4));
178
  iv.as_mutable_slice().substr(4).copy_from(shared_secret_.as_slice().substr(20, 12));
179

180
  td::BufferSlice res(data.size());
181

182
  td::AesCtrState ctr;
183
  ctr.init(key, iv);
184
  ctr.encrypt(data, res.as_slice());
185

186
  td::UInt256 real_digest;
187
  td::sha256(res.as_slice(), as_slice(real_digest));
188

189
  if (as_slice(real_digest) != digest) {
190
    return td::Status::Error(ErrorCode::protoviolation, "sha256 mismatch after decryption");
191
  }
192

193
  return std::move(res);
194
}
195

196
std::vector<td::Result<td::BufferSlice>> Decryptor::sign_batch(std::vector<td::Slice> data) {
197
  std::vector<td::Result<td::BufferSlice>> r;
198
  r.resize(data.size());
199
  for (size_t i = 0; i < data.size(); i++) {
200
    r[i] = sign(data[i]);
201
  }
202
  return r;
203
}
204

205
}  // namespace ton
206
Ton

Использование cookies
