ton-blockchain
diff --git a/‎CMakeLists.txt‎
Lines changed: 4 additions & 2 deletions b/‎CMakeLists.txt‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎crypto/Ed25519.cpp‎
Lines changed: 134 additions & 19 deletions b/‎crypto/Ed25519.cpp‎
Lines changed: 134 additions & 19 deletions
@@ -424,9 +424,12 @@ add_subdirectory(tolk)
 add_subdirectory(tonlib)
 #END tonlib
 
+# Temporary (?) move those two targets in TONLIB targets
+add_subdirectory(common)
+add_subdirectory(http)
+
 #BEGIN internal
 if (NOT TON_ONLY_TONLIB)
-add_subdirectory(common)
 add_subdirectory(tdfec)
 add_subdirectory(keyring)
 add_subdirectory(fec)
@@ -444,7 +447,6 @@ add_subdirectory(validator-engine-console)
 add_subdirectory(create-hardfork)
 add_subdirectory(dht-server)
 add_subdirectory(utils)
-add_subdirectory(http)
 add_subdirectory(rldp-http-proxy)
 endif()
 #END internal
 
@@ -16,19 +16,23 @@
 
     Copyright 2017-2020 Telegram Systems LLP
 */
-#include <openssl/evp.h>
 #include <openssl/opensslv.h>
-#include <openssl/pem.h>
-#include <openssl/x509.h>
 
 #include "crypto/Ed25519.h"
 #include "td/utils/BigNum.h"
 #include "td/utils/ScopeGuard.h"
 #include "td/utils/base64.h"
-#include "td/utils/format.h"
-#include "td/utils/logging.h"
 #include "td/utils/misc.h"
 
+#if TD_HAVE_OPENSSL
+
+#include <openssl/evp.h>
+#include <openssl/opensslv.h>
+#include <openssl/pem.h>
+#include <openssl/x509.h>
+
+#include "td/utils/ThreadSafeCounter.h"
+
 namespace td {
 
 Ed25519::PublicKey::PublicKey(SecureString octet_string) : octet_string_(std::move(octet_string)) {
@@ -45,6 +49,7 @@ SecureString Ed25519::PrivateKey::as_octet_string() const {
   return octet_string_.copy();
 }
 
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
 namespace detail {
 
 static Result<SecureString> X25519_key_from_PKEY(EVP_PKEY *pkey, bool is_private) {
@@ -67,14 +72,17 @@ static EVP_PKEY *X25519_key_to_PKEY(Slice key, bool is_private) {
   return func(EVP_PKEY_ED25519, nullptr, key.ubegin(), key.size());
 }
 
-static Result<SecureString> X25519_pem_from_PKEY(EVP_PKEY *pkey, bool is_private, Slice password) {
+static Result<SecureString> X25519_pem_from_PKEY(EVP_PKEY *pkey, bool is_private, std::optional<Slice> o_password) {
   BIO *mem_bio = BIO_new(BIO_s_mem());
   SCOPE_EXIT {
     BIO_vfree(mem_bio);
   };
   if (is_private) {
-    PEM_write_bio_PrivateKey(mem_bio, pkey, EVP_aes_256_cbc(), const_cast<unsigned char *>(password.ubegin()),
-                             narrow_cast<int>(password.size()), nullptr, nullptr);
+    auto *chipher = o_password ? EVP_aes_256_cbc() : nullptr;
+    const unsigned char *password = o_password ? o_password->ubegin() : nullptr;
+    size_t password_size = o_password ? o_password->size() : 0;
+    PEM_write_bio_PrivateKey(mem_bio, pkey, chipher, const_cast<unsigned char *>(password),
+                             narrow_cast<int>(password_size), nullptr, nullptr);
   } else {
     PEM_write_bio_PUBKEY(mem_bio, pkey);
   }
@@ -105,8 +113,10 @@ static EVP_PKEY *X25519_pem_to_PKEY(Slice pem, Slice password) {
 }
 
 }  // namespace detail
+#endif
 
 Result<Ed25519::PrivateKey> Ed25519::generate_private_key() {
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
   EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(NID_ED25519, nullptr);
   if (pctx == nullptr) {
     return Status::Error("Can't create EVP_PKEY_CTX");
@@ -129,9 +139,13 @@ Result<Ed25519::PrivateKey> Ed25519::generate_private_key() {
 
   TRY_RESULT(private_key, detail::X25519_key_from_PKEY(pkey, true));
   return std::move(private_key);
+#else
+  return Status::Error("Unsupported");
+#endif
 }
 
 Result<Ed25519::PublicKey> Ed25519::PrivateKey::get_public_key() const {
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
   auto pkey = detail::X25519_key_to_PKEY(octet_string_, true);
   if (pkey == nullptr) {
     return Status::Error("Can't import private key");
@@ -142,9 +156,19 @@ Result<Ed25519::PublicKey> Ed25519::PrivateKey::get_public_key() const {
 
   TRY_RESULT(key, detail::X25519_key_from_PKEY(pkey, false));
   return Ed25519::PublicKey(std::move(key));
+#else
+  return Status::Error("Unsupported");
+#endif
 }
 
 Result<SecureString> Ed25519::PrivateKey::as_pem(Slice password) const {
+  return as_pem(std::optional<td::Slice>(password));
+}
+Result<SecureString> Ed25519::PrivateKey::as_pem() const {
+  return as_pem(std::nullopt);
+}
+Result<SecureString> Ed25519::PrivateKey::as_pem(std::optional<td::Slice> o_password) const {
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
   auto pkey = detail::X25519_key_to_PKEY(octet_string_, true);
   if (pkey == nullptr) {
     return Status::Error("Can't import private key");
@@ -153,27 +177,58 @@ Result<SecureString> Ed25519::PrivateKey::as_pem(Slice password) const {
     EVP_PKEY_free(pkey);
   };
 
-  return detail::X25519_pem_from_PKEY(pkey, true, password);
+  return detail::X25519_pem_from_PKEY(pkey, true, o_password);
+#else
+  return Status::Error("Unsupported");
+#endif
 }
 
 Result<Ed25519::PrivateKey> Ed25519::PrivateKey::from_pem(Slice pem, Slice password) {
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
   auto pkey = detail::X25519_pem_to_PKEY(pem, password);
   if (pkey == nullptr) {
     return Status::Error("Can't import private key from pem");
   }
   TRY_RESULT(key, detail::X25519_key_from_PKEY(pkey, true));
   return Ed25519::PrivateKey(std::move(key));
+#else
+  return Status::Error("Unsupported");
+#endif
 }
 
-Result<SecureString> Ed25519::PrivateKey::sign(Slice data) const {
+struct Ed25519::PreparedPrivateKey {
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+  explicit PreparedPrivateKey(EVP_PKEY *pkey) : pkey_(pkey) {
+  }
+  EVP_PKEY *pkey_ = nullptr;
+  PreparedPrivateKey(const PreparedPrivateKey &) = delete;
+  PreparedPrivateKey(const PreparedPrivateKey &&) = delete;
+  PreparedPrivateKey &operator=(const PreparedPrivateKey &) = delete;
+  PreparedPrivateKey &operator=(const PreparedPrivateKey &&) = delete;
+  ~PreparedPrivateKey() {
+    if (pkey_ != nullptr) {
+      EVP_PKEY_free(pkey_);
+      pkey_ = nullptr;
+    }
+  }
+#endif
+};
+
+Result<std::shared_ptr<const Ed25519::PreparedPrivateKey>> Ed25519::PrivateKey::prepare() const {
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
   auto pkey = detail::X25519_key_to_PKEY(octet_string_, true);
   if (pkey == nullptr) {
     return Status::Error("Can't import private key");
   }
-  SCOPE_EXIT {
-    EVP_PKEY_free(pkey);
-  };
+  return std::make_shared<Ed25519::PreparedPrivateKey>(pkey);
+#else
+  return Status::Error("Unsupported");
+#endif
+}
 
+Result<SecureString> Ed25519::PrivateKey::sign(const PreparedPrivateKey &prepared_private_key, Slice data) {
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+  CHECK(prepared_private_key.pkey_ != nullptr);
   EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
   if (md_ctx == nullptr) {
     return Status::Error("Can't create EVP_MD_CTX");
@@ -182,7 +237,7 @@ Result<SecureString> Ed25519::PrivateKey::sign(Slice data) const {
     EVP_MD_CTX_free(md_ctx);
   };
 
-  if (EVP_DigestSignInit(md_ctx, nullptr, nullptr, nullptr, pkey) <= 0) {
+  if (EVP_DigestSignInit(md_ctx, nullptr, nullptr, nullptr, prepared_private_key.pkey_) <= 0) {
     return Status::Error("Can't init DigestSign");
   }
 
@@ -192,9 +247,26 @@ Result<SecureString> Ed25519::PrivateKey::sign(Slice data) const {
     return Status::Error("Can't sign data");
   }
   return std::move(res);
+#else
+  return Status::Error("Unsupported");
+#endif
+}
+
+Result<SecureString> Ed25519::PrivateKey::sign(Slice data) const {
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+  auto pkey = detail::X25519_key_to_PKEY(octet_string_, true);
+  if (pkey == nullptr) {
+    return Status::Error("Can't import private key");
+  }
+  return sign(PreparedPrivateKey(pkey), data);
+#else
+  return Status::Error("Unsupported");
+#endif
 }
 
 Status Ed25519::PublicKey::verify_signature(Slice data, Slice signature) const {
+  TD_PERF_COUNTER(Ed25519_verify_signature);
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
   auto pkey = detail::X25519_key_to_PKEY(octet_string_, false);
   if (pkey == nullptr) {
     return Status::Error("Can't import public key");
@@ -219,12 +291,20 @@ Status Ed25519::PublicKey::verify_signature(Slice data, Slice signature) const {
     return Status::OK();
   }
   return Status::Error("Wrong signature");
+#else
+  return Status::Error("Unsupported");
+#endif
 }
 
 Result<SecureString> Ed25519::compute_shared_secret(const PublicKey &public_key, const PrivateKey &private_key) {
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
   BigNum p = BigNum::from_hex("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed").move_as_ok();
   auto public_y = public_key.as_octet_string();
-  public_y.as_mutable_slice()[31] = static_cast<char>(public_y[31] & 127);
+  MutableSlice pub_slc = public_y.as_mutable_slice();
+  if (pub_slc.size() != PublicKey::LENGTH) {
+    return Status::Error("Wrong public key");
+  }
+  pub_slc[31] = static_cast<char>(public_y[31] & 127);
   BigNum y = BigNum::from_le_binary(public_y);
   BigNum y2 = y.clone();
   y += 1;
@@ -241,8 +321,11 @@ Result<SecureString> Ed25519::compute_shared_secret(const PublicKey &public_key,
   BigNum::mod_mul(u, y, inverse_y_plus_1, p, context);
 
   auto pr_key = private_key.as_octet_string();
+  if (pr_key.size() != PrivateKey::LENGTH) {
+    return Status::Error("Wrong private key");
+  }
   unsigned char buf[64];
-  SHA512(Slice(pr_key).ubegin(), 32, buf);
+  SHA512(Slice(pr_key).ubegin(), pr_key.size(), buf);
   buf[0] &= 248;
   buf[31] &= 127;
   buf[31] |= 64;
@@ -254,17 +337,15 @@ Result<SecureString> Ed25519::compute_shared_secret(const PublicKey &public_key,
   SCOPE_EXIT {
     EVP_PKEY_free(pkey_private);
   };
-  // LOG(ERROR) << buffer_to_hex(Slice(buf, 32));
 
-  auto pub_key = u.to_le_binary(32);
+  auto pub_key = u.to_le_binary(PublicKey::LENGTH);
   auto pkey_public = EVP_PKEY_new_raw_public_key(EVP_PKEY_X25519, nullptr, Slice(pub_key).ubegin(), pub_key.size());
   if (pkey_public == nullptr) {
     return Status::Error("Can't import public key");
   }
   SCOPE_EXIT {
     EVP_PKEY_free(pkey_public);
   };
-  // LOG(ERROR) << buffer_to_hex(pub_key);
 
   EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(pkey_private, nullptr);
   if (ctx == nullptr) {
@@ -294,10 +375,44 @@ Result<SecureString> Ed25519::compute_shared_secret(const PublicKey &public_key,
     return Status::Error("Failed to compute shared secret");
   }
   return std::move(result);
+#else
+  return Status::Error("Unsupported");
+#endif
+}
+
+Result<SecureString> Ed25519::get_public_key(Slice private_key) {
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+  if (private_key.size() != PrivateKey::LENGTH) {
+    return Status::Error("Invalid X25519 private key");
+  }
+  auto pkey_private = EVP_PKEY_new_raw_private_key(EVP_PKEY_X25519, nullptr, private_key.ubegin(), private_key.size());
+  if (pkey_private == nullptr) {
+    return Status::Error("Invalid X25519 private key");
+  }
+  SCOPE_EXIT {
+    EVP_PKEY_free(pkey_private);
+  };
+
+  size_t len = 0;
+  if (EVP_PKEY_get_raw_public_key(pkey_private, nullptr, &len) == 0) {
+    return Status::Error("Failed to get raw key length");
+  }
+  CHECK(len == PublicKey::LENGTH);
+
+  SecureString result(len);
+  if (EVP_PKEY_get_raw_public_key(pkey_private, result.as_mutable_slice().ubegin(), &len) == 0) {
+    return Status::Error("Failed to get raw key");
+  }
+  return std::move(result);
+#else
+  return Status::Error("Unsupported");
+#endif
 }
 
 int Ed25519::version() {
   return OPENSSL_VERSION_NUMBER;
 }
 
 }  // namespace td
+
+#endif