external/ton
1
0
Fork 0
mirror of https://github.com/ton-blockchain/ton synced 2025-03-09 15:40:10 +00:00
Code Issues Releases Wiki Activity

Merge branch 'testnet' into accelerator

Browse source
This commit is contained in:
SpyCheese 2024-12-03 20:46:55 +03:00
commit 4826f7665f
20 changed files with 234 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

52
.github/workflows/create-release.yml vendored
View file

@ -12,7 +12,7 @@ jobs:
- uses: actions/checkout@v3
- name: Download Linux x86-64 artifacts
uses: dawidd6/action-download-artifact@v2
uses: dawidd6/action-download-artifact@v6
with:
workflow: ton-x86-64-linux.yml
path: artifacts
@ -20,7 +20,7 @@ jobs:
skip_unpack: true
- name: Download and unzip Linux x86-64 artifacts
uses: dawidd6/action-download-artifact@v2
uses: dawidd6/action-download-artifact@v6
with:
workflow: ton-x86-64-linux.yml
path: artifacts
@ -28,7 +28,7 @@ jobs:
skip_unpack: false
- name: Download Mac x86-64 artifacts
uses: dawidd6/action-download-artifact@v2
uses: dawidd6/action-download-artifact@v6
with:
workflow: ton-x86-64-macos.yml
path: artifacts
@ -36,7 +36,7 @@ jobs:
skip_unpack: true
- name: Download Mac arm64 artifacts
uses: dawidd6/action-download-artifact@v2
uses: dawidd6/action-download-artifact@v6
with:
workflow: ton-arm64-macos.yml
path: artifacts
@ -44,7 +44,7 @@ jobs:
skip_unpack: true
- name: Download and unzip Mac x86-64 artifacts
uses: dawidd6/action-download-artifact@v2
uses: dawidd6/action-download-artifact@v6
with:
workflow: ton-x86-64-macos.yml
path: artifacts
@ -52,7 +52,7 @@ jobs:
skip_unpack: false
- name: Download and unzip arm64 artifacts
uses: dawidd6/action-download-artifact@v2
uses: dawidd6/action-download-artifact@v6
with:
workflow: ton-arm64-macos.yml
path: artifacts
@ -60,7 +60,7 @@ jobs:
skip_unpack: false
- name: Download Windows artifacts
uses: dawidd6/action-download-artifact@v2
uses: dawidd6/action-download-artifact@v6
with:
workflow: ton-x86-64-windows.yml
path: artifacts
@ -68,7 +68,7 @@ jobs:
skip_unpack: true
- name: Download and unzip Windows artifacts
uses: dawidd6/action-download-artifact@v2
uses: dawidd6/action-download-artifact@v6
with:
workflow: ton-x86-64-windows.yml
path: artifacts
@ -76,7 +76,7 @@ jobs:
skip_unpack: false
- name: Download WASM artifacts
uses: dawidd6/action-download-artifact@v2
uses: dawidd6/action-download-artifact@v6
with:
workflow: build-ton-wasm-emscripten.yml
path: artifacts
@ -84,7 +84,7 @@ jobs:
skip_unpack: true
- name: Download Android Tonlib artifacts
uses: dawidd6/action-download-artifact@v2
uses: dawidd6/action-download-artifact@v6
with:
workflow: build-ton-linux-android-tonlib.yml
path: artifacts
@ -183,6 +183,14 @@ jobs:
asset_name: lite-client.exe
tag: ${{ steps.tag.outputs.TAG }}
- name: Upload Windows 2019 single artifact - proxy-liteserver
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: artifacts/ton-win-binaries/proxy-liteserver.exe
asset_name: proxy-liteserver.exe
tag: ${{ steps.tag.outputs.TAG }}
- name: Upload Windows 2019 single artifact - rldp-http-proxy
uses: svenstaro/upload-release-action@v2
with:
@ -281,6 +289,14 @@ jobs:
asset_name: lite-client-mac-x86-64
tag: ${{ steps.tag.outputs.TAG }}
- name: Upload Mac x86-64 single artifact - proxy-liteserver
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: artifacts/ton-x86_64-macos-binaries/proxy-liteserver
asset_name: proxy-liteserver-mac-x86-64
tag: ${{ steps.tag.outputs.TAG }}
- name: Upload Mac x86-64 single artifact - rldp-http-proxy
uses: svenstaro/upload-release-action@v2
with:
@ -380,6 +396,14 @@ jobs:
asset_name: lite-client-mac-arm64
tag: ${{ steps.tag.outputs.TAG }}
- name: Upload Mac arm64 single artifact - proxy-liteserver
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: artifacts/ton-arm64-macos-binaries/proxy-liteserver
asset_name: proxy-liteserver-mac-arm64
tag: ${{ steps.tag.outputs.TAG }}
- name: Upload Mac arm64 single artifact - rldp-http-proxy
uses: svenstaro/upload-release-action@v2
with:
@ -478,6 +502,14 @@ jobs:
asset_name: lite-client-linux-x86_64
tag: ${{ steps.tag.outputs.TAG }}
- name: Upload Linux x86-64 single artifact - proxy-liteserver
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: artifacts/ton-x86_64-linux-binaries/proxy-liteserver
asset_name: proxy-liteserver-linux-x86_64
tag: ${{ steps.tag.outputs.TAG }}
- name: Upload Linux x86-64 single artifact - rldp-http-proxy
uses: svenstaro/upload-release-action@v2
with:

5
assembly/native/build-macos-portable.sh
View file

@ -140,13 +140,13 @@ if [ "$with_tests" = true ]; then
http-proxy rldp-http-proxy adnl-proxy create-state create-hardfork tlbc emulator \
test-ed25519 test-ed25519-crypto test-bigint test-vm test-fift test-cells test-smartcont \
test-net test-tdactor test-tdutils test-tonlib-offline test-adnl test-dht test-rldp \
test-rldp2 test-catchain test-fec test-tddb test-db test-validator-session-state test-emulator
test-rldp2 test-catchain test-fec test-tddb test-db test-validator-session-state test-emulator proxy-liteserver
test $? -eq 0 || { echo "Can't compile ton"; exit 1; }
else
ninja storage-daemon storage-daemon-cli blockchain-explorer \
tonlib tonlibjson tonlib-cli validator-engine func tolk fift \
lite-client pow-miner validator-engine-console generate-random-id json2tlo dht-server \
http-proxy rldp-http-proxy adnl-proxy create-state create-hardfork tlbc emulator
http-proxy rldp-http-proxy adnl-proxy create-state create-hardfork tlbc emulator proxy-liteserver
test $? -eq 0 || { echo "Can't compile ton"; exit 1; }
fi
@ -174,6 +174,7 @@ if [ "$with_artifacts" = true ]; then
cp build/validator-engine/validator-engine artifacts/
cp build/utils/generate-random-id artifacts/
cp build/utils/json2tlo artifacts/
cp build/utils/proxy-liteserver artifacts/
cp build/adnl/adnl-proxy artifacts/
cp build/emulator/libemulator.dylib artifacts/
rsync -r crypto/smartcont artifacts/

5
assembly/native/build-macos-shared.sh
View file

@ -68,13 +68,13 @@ if [ "$with_tests" = true ]; then
http-proxy rldp-http-proxy adnl-proxy create-state create-hardfork tlbc emulator \
test-ed25519 test-ed25519-crypto test-bigint test-vm test-fift test-cells test-smartcont \
test-net test-tdactor test-tdutils test-tonlib-offline test-adnl test-dht test-rldp \
test-rldp2 test-catchain test-fec test-tddb test-db test-validator-session-state test-emulator
test-rldp2 test-catchain test-fec test-tddb test-db test-validator-session-state test-emulator proxy-liteserver
test $? -eq 0 || { echo "Can't compile ton"; exit 1; }
else
ninja storage-daemon storage-daemon-cli blockchain-explorer \
tonlib tonlibjson tonlib-cli validator-engine func tolk fift \
lite-client pow-miner validator-engine-console generate-random-id json2tlo dht-server \
http-proxy rldp-http-proxy adnl-proxy create-state create-hardfork tlbc emulator
http-proxy rldp-http-proxy adnl-proxy create-state create-hardfork tlbc emulator proxy-liteserver
test $? -eq 0 || { echo "Can't compile ton"; exit 1; }
fi
@ -102,6 +102,7 @@ if [ "$with_artifacts" = true ]; then
cp build/validator-engine/validator-engine artifacts/
cp build/utils/generate-random-id artifacts/
cp build/utils/json2tlo artifacts/
cp build/utils/proxy-liteserver artifacts/
cp build/adnl/adnl-proxy artifacts/
cp build/emulator/libemulator.dylib artifacts/
cp -R crypto/smartcont artifacts/

6
assembly/native/build-ubuntu-portable.sh
View file

@ -130,13 +130,13 @@ ninja storage-daemon storage-daemon-cli fift func tolk tonlib tonlibjson tonlib-
adnl-proxy create-state emulator test-ed25519 test-ed25519-crypto test-bigint \
test-vm test-fift test-cells test-smartcont test-net test-tdactor test-tdutils \
test-tonlib-offline test-adnl test-dht test-rldp test-rldp2 test-catchain \
test-fec test-tddb test-db test-validator-session-state test-emulator
test-fec test-tddb test-db test-validator-session-state test-emulator proxy-liteserver
test $? -eq 0 || { echo "Can't compile ton"; exit 1; }
else
ninja storage-daemon storage-daemon-cli fift func tolk tonlib tonlibjson tonlib-cli \
validator-engine lite-client pow-miner validator-engine-console blockchain-explorer \
generate-random-id json2tlo dht-server http-proxy rldp-http-proxy \
adnl-proxy create-state emulator
adnl-proxy create-state emulator proxy-liteserver
test $? -eq 0 || { echo "Can't compile ton"; exit 1; }
fi
@ -154,7 +154,7 @@ if [ "$with_artifacts" = true ]; then
mv build/tonlib/libtonlibjson.so.0.5 build/tonlib/libtonlibjson.so
cp build/storage/storage-daemon/storage-daemon build/storage/storage-daemon/storage-daemon-cli \
build/crypto/fift build/crypto/tlbc build/crypto/func build/tolk/tolk build/crypto/create-state build/blockchain-explorer/blockchain-explorer \
build/validator-engine-console/validator-engine-console build/tonlib/tonlib-cli \
build/validator-engine-console/validator-engine-console build/tonlib/tonlib-cli build/utils/proxy-liteserver \
build/tonlib/libtonlibjson.so build/http/http-proxy build/rldp-http-proxy/rldp-http-proxy \
build/dht-server/dht-server build/lite-client/lite-client build/validator-engine/validator-engine \
build/utils/generate-random-id build/utils/json2tlo build/adnl/adnl-proxy build/emulator/libemulator.so \

6
assembly/native/build-ubuntu-shared.sh
View file

@ -58,13 +58,13 @@ ninja storage-daemon storage-daemon-cli fift func tolk tonlib tonlibjson tonlib-
adnl-proxy create-state emulator test-ed25519 test-ed25519-crypto test-bigint \
test-vm test-fift test-cells test-smartcont test-net test-tdactor test-tdutils \
test-tonlib-offline test-adnl test-dht test-rldp test-rldp2 test-catchain \
test-fec test-tddb test-db test-validator-session-state test-emulator
test-fec test-tddb test-db test-validator-session-state test-emulator proxy-liteserver
test $? -eq 0 || { echo "Can't compile ton"; exit 1; }
else
ninja storage-daemon storage-daemon-cli fift func tolk tonlib tonlibjson tonlib-cli \
validator-engine lite-client pow-miner validator-engine-console blockchain-explorer \
generate-random-id json2tlo dht-server http-proxy rldp-http-proxy \
adnl-proxy create-state emulator
adnl-proxy create-state emulator proxy-liteserver
test $? -eq 0 || { echo "Can't compile ton"; exit 1; }
fi
@ -84,7 +84,7 @@ if [ "$with_artifacts" = true ]; then
mv build/tonlib/libtonlibjson.so.0.5 build/tonlib/libtonlibjson.so
cp build/storage/storage-daemon/storage-daemon build/storage/storage-daemon/storage-daemon-cli \
build/crypto/fift build/crypto/tlbc build/crypto/func build/tolk/tolk build/crypto/create-state build/blockchain-explorer/blockchain-explorer \
build/validator-engine-console/validator-engine-console build/tonlib/tonlib-cli \
build/validator-engine-console/validator-engine-console build/tonlib/tonlib-cli build/utils/proxy-liteserver \
build/tonlib/libtonlibjson.so build/http/http-proxy build/rldp-http-proxy/rldp-http-proxy \
build/dht-server/dht-server build/lite-client/lite-client build/validator-engine/validator-engine \
build/utils/generate-random-id build/utils/json2tlo build/adnl/adnl-proxy build/emulator/libemulator.so \

5
assembly/native/build-windows-2019.bat
View file

@ -137,7 +137,7 @@ tonlib-cli validator-engine lite-client pow-miner validator-engine-console gener
json2tlo dht-server http-proxy rldp-http-proxy adnl-proxy create-state create-hardfork emulator ^
test-ed25519 test-ed25519-crypto test-bigint test-vm test-fift test-cells test-smartcont test-net ^
test-tdactor test-tdutils test-tonlib-offline test-adnl test-dht test-rldp test-rldp2 test-catchain ^
test-fec test-tddb test-db test-validator-session-state test-emulator
test-fec test-tddb test-db test-validator-session-state test-emulator proxy-liteserver
IF %errorlevel% NEQ 0 (
echo Can't compile TON
exit /b %errorlevel%
@ -145,7 +145,7 @@ IF %errorlevel% NEQ 0 (
) else (
ninja storage-daemon storage-daemon-cli blockchain-explorer fift func tolk tonlib tonlibjson ^
tonlib-cli validator-engine lite-client pow-miner validator-engine-console generate-random-id ^
json2tlo dht-server http-proxy rldp-http-proxy adnl-proxy create-state create-hardfork emulator
json2tlo dht-server http-proxy rldp-http-proxy adnl-proxy create-state create-hardfork emulator proxy-liteserver
IF %errorlevel% NEQ 0 (
echo Can't compile TON
exit /b %errorlevel%
@ -193,6 +193,7 @@ build\lite-client\lite-client.exe ^
build\validator-engine\validator-engine.exe ^
build\utils\generate-random-id.exe ^
build\utils\json2tlo.exe ^
build\utils\proxy-liteserver.exe ^
build\adnl\adnl-proxy.exe ^
build\emulator\emulator.dll) do (strip -s %%I & copy %%I artifacts\)
xcopy /e /k /h /i crypto\smartcont artifacts\smartcont

4
assembly/native/build-windows.bat
View file

@ -140,7 +140,7 @@ tonlib-cli validator-engine lite-client pow-miner validator-engine-console gener
json2tlo dht-server http-proxy rldp-http-proxy adnl-proxy create-state create-hardfork emulator ^
test-ed25519 test-ed25519-crypto test-bigint test-vm test-fift test-cells test-smartcont test-net ^
test-tdactor test-tdutils test-tonlib-offline test-adnl test-dht test-rldp test-rldp2 test-catchain ^
test-fec test-tddb test-db test-validator-session-state test-emulator
test-fec test-tddb test-db test-validator-session-state test-emulator proxy-liteserver
IF %errorlevel% NEQ 0 (
echo Can't compile TON
exit /b %errorlevel%
@ -148,7 +148,7 @@ IF %errorlevel% NEQ 0 (
) else (
ninja storage-daemon storage-daemon-cli blockchain-explorer fift func tolk tonlib tonlibjson ^
tonlib-cli validator-engine lite-client pow-miner validator-engine-console generate-random-id ^
json2tlo dht-server http-proxy rldp-http-proxy adnl-proxy create-state create-hardfork emulator
json2tlo dht-server http-proxy rldp-http-proxy adnl-proxy create-state create-hardfork emulator proxy-liteserver
IF %errorlevel% NEQ 0 (
echo Can't compile TON
exit /b %errorlevel%

6
crypto/common/bitstring.h
View file

@ -554,11 +554,7 @@ class BitArray {
set_same(0);
}
void set_zero_s() {
volatile uint8* p = data();
auto x = m;
while (x--) {
*p++ = 0;
}
as_slice().fill_zero_secure();
}
void set_ones() {
set_same(1);

12
keyring/keyring.cpp
View file

@ -28,7 +28,7 @@ namespace ton {
namespace keyring {
KeyringImpl::PrivateKeyDescr::PrivateKeyDescr(PrivateKey private_key, bool is_temp)
: public_key(private_key.compute_public_key()), is_temp(is_temp) {
: public_key(private_key.compute_public_key()), private_key(private_key), is_temp(is_temp) {
auto D = private_key.create_decryptor_async();
D.ensure();
decryptor_sign = D.move_as_ok();
@ -190,6 +190,16 @@ void KeyringImpl::decrypt_message(PublicKeyHash key_hash, td::BufferSlice data,
}
}
void KeyringImpl::export_all_private_keys(td::Promise<std::vector<PrivateKey>> promise) {
std::vector<PrivateKey> keys;
for (auto& [_, descr] : map_) {
if (!descr->is_temp && descr->private_key.exportable()) {
keys.push_back(descr->private_key);
}
}
promise.set_value(std::move(keys));
}
td::actor::ActorOwn<Keyring> Keyring::create(std::string db_root) {
return td::actor::create_actor<KeyringImpl>("keyring", db_root);
}

2
keyring/keyring.h
View file

@ -44,6 +44,8 @@ class Keyring : public td::actor::Actor {
virtual void decrypt_message(PublicKeyHash key_hash, td::BufferSlice data, td::Promise<td::BufferSlice> promise) = 0;
virtual void export_all_private_keys(td::Promise<std::vector<PrivateKey>> promise) = 0;
static td::actor::ActorOwn<Keyring> create(std::string db_root);
};

3
keyring/keyring.hpp
View file

@ -33,6 +33,7 @@ class KeyringImpl : public Keyring {
td::actor::ActorOwn<DecryptorAsync> decryptor_sign;
td::actor::ActorOwn<DecryptorAsync> decryptor_decrypt;
PublicKey public_key;
PrivateKey private_key;
bool is_temp;
PrivateKeyDescr(PrivateKey private_key, bool is_temp);
};
@ -56,6 +57,8 @@ class KeyringImpl : public Keyring {
void decrypt_message(PublicKeyHash key_hash, td::BufferSlice data, td::Promise<td::BufferSlice> promise) override;
void export_all_private_keys(td::Promise<std::vector<PrivateKey>> promise) override;
KeyringImpl(std::string db_root) : db_root_(db_root) {
}

2
lite-client/query-utils.cpp
View file

@ -181,9 +181,9 @@ QueryInfo get_query_info(const lite_api::Function& f) {
[&](const lite_api::liteServer_getBlockProof& q) {
info.shard_id = ShardIdFull{masterchainId};
BlockIdExt from = create_block_id(q.known_block_);
BlockIdExt to = create_block_id(q.target_block_);
// See LiteQuery::perform_getBlockProof
if ((q.mode_ & 1) && (q.mode_ & 0x1000)) {
BlockIdExt to = create_block_id(q.target_block_); // target_block is non-null if (mode & 1)
info.type = QueryInfo::t_seqno;
info.value = std::max(from.seqno(), to.seqno());
} else {

3
tl/generate/scheme/ton_api.tl
View file

@ -749,6 +749,8 @@ engine.validator.perfTimerStats stats:(vector engine.validator.PerfTimerStatsByN
engine.validator.shardOutQueueSize size:long = engine.validator.ShardOutQueueSize;
engine.validator.exportedPrivateKeys encrypted_data:bytes = engine.validator.ExportedPrivateKeys;
engine.validator.collationManagerStats.shard shard_id:tonNode.shardId self_collate:Bool select_mode:string active:Bool collators:(vector int256) = engine.validator.collationManagerStats.Shard;
engine.validator.collationManagerStats.collator adnl_id:int256 active:Bool alive:Bool ping_in:double last_ping_ago:double last_ping_status:string = engine.validator.collationManagerStats.Collator;
engine.validator.collationManagerStats.localId adnl_id:int256 shards:(vector engine.validator.collationManagerStats.shard)
@ -784,6 +786,7 @@ engine.validator.delListeningPort ip:int port:int categories:(vector int) priori
engine.validator.delProxy out_ip:int out_port:int categories:(vector int) priority_categories:(vector int) = engine.validator.Success;
engine.validator.sign key_hash:int256 data:bytes = engine.validator.Signature;
engine.validator.exportAllPrivateKeys encryption_key:PublicKey = engine.validator.ExportedPrivateKeys;
engine.validator.getStats = engine.validator.Stats;
engine.validator.getConfig = engine.validator.JsonConfig;

BIN
tl/generate/scheme/ton_api.tlo
View file

Binary file not shown.

2
utils/CMakeLists.txt
View file

@ -24,4 +24,4 @@ target_include_directories(pack-viewer PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_
add_executable(proxy-liteserver proxy-liteserver.cpp)
target_link_libraries(proxy-liteserver tdutils tdactor adnl dht tl_api ton_crypto git lite-client-common)
install(TARGETS generate-random-id RUNTIME DESTINATION bin)
install(TARGETS generate-random-id proxy-liteserver RUNTIME DESTINATION bin)

62
validator-engine-console/validator-engine-console-query.cpp
View file

@ -35,6 +35,8 @@
#include "ton/ton-tl.hpp"
#include "td/utils/JsonBuilder.h"
#include "auto/tl/ton_api_json.h"
#include "keys/encryptor.h"
#include "td/utils/port/path.h"
#include "tl/tl_json.h"
#include <cctype>
@ -283,6 +285,66 @@ td::Status SignFileQuery::receive(td::BufferSlice data) {
return td::Status::OK();
}
td::Status ExportAllPrivateKeysQuery::run() {
TRY_RESULT_ASSIGN(directory_, tokenizer_.get_token<std::string>());
TRY_STATUS(tokenizer_.check_endl());
client_pk_ = ton::privkeys::Ed25519::random();
return td::Status::OK();
}
td::Status ExportAllPrivateKeysQuery::send() {
auto b = ton::create_serialize_tl_object<ton::ton_api::engine_validator_exportAllPrivateKeys>(
client_pk_.compute_public_key().tl());
td::actor::send_closure(console_, &ValidatorEngineConsole::envelope_send_query, std::move(b), create_promise());
return td::Status::OK();
}
td::Status ExportAllPrivateKeysQuery::receive(td::BufferSlice data) {
TRY_RESULT_PREFIX(f, ton::fetch_tl_object<ton::ton_api::engine_validator_exportedPrivateKeys>(data.as_slice(), true),
"received incorrect answer: ");
// Private keys are encrypted using client-provided public key to avoid storing them in
// non-secure buffers (not td::SecureString)
TRY_RESULT_PREFIX(decryptor, client_pk_.create_decryptor(), "cannot create decryptor: ");
TRY_RESULT_PREFIX(keys_data, decryptor->decrypt(f->encrypted_data_.as_slice()), "cannot decrypt data: ");
SCOPE_EXIT {
keys_data.as_slice().fill_zero_secure();
};
td::Slice slice = keys_data.as_slice();
if (slice.size() < 32) {
return td::Status::Error("data is too small");
}
slice.remove_suffix(32);
std::vector<ton::PrivateKey> private_keys;
while (!slice.empty()) {
if (slice.size() < 4) {
return td::Status::Error("unexpected end of data");
}
td::uint32 size;
td::MutableSlice{reinterpret_cast<char *>(&size), 4}.copy_from(slice.substr(0, 4));
if (size > slice.size()) {
return td::Status::Error("unexpected end of data");
}
slice.remove_prefix(4);
TRY_RESULT_PREFIX(private_key, ton::PrivateKey::import(slice.substr(0, size)), "cannot parse private key: ");
if (!private_key.exportable()) {
return td::Status::Error("private key is not exportable");
}
private_keys.push_back(std::move(private_key));
slice.remove_prefix(size);
}
TRY_STATUS_PREFIX(td::mkpath(directory_ + "/"), "cannot create directory " + directory_ + ": ");
td::TerminalIO::out() << "exported " << private_keys.size() << " private keys" << "\n";
for (const ton::PrivateKey &private_key : private_keys) {
std::string hash_hex = private_key.compute_short_id().bits256_value().to_hex();
TRY_STATUS_PREFIX(td::write_file(directory_ + "/" + hash_hex, private_key.export_as_slice()),
"failed to write file: ");
td::TerminalIO::out() << "pubkey_hash " << hash_hex << "\n";
}
td::TerminalIO::out() << "written all files to " << directory_ << "\n";
return td::Status::OK();
}
td::Status AddAdnlAddrQuery::run() {
TRY_RESULT_ASSIGN(key_hash_, tokenizer_.get_token<ton::PublicKeyHash>());
TRY_RESULT_ASSIGN(category_, tokenizer_.get_token<td::uint32>());

24
validator-engine-console/validator-engine-console-query.h
View file

@ -413,6 +413,30 @@ class SignFileQuery : public Query {
std::string out_file_;
};
class ExportAllPrivateKeysQuery : public Query {
public:
ExportAllPrivateKeysQuery(td::actor::ActorId<ValidatorEngineConsole> console, Tokenizer tokenizer)
: Query(console, std::move(tokenizer)) {
}
td::Status run() override;
td::Status send() override;
td::Status receive(td::BufferSlice R) override;
static std::string get_name() {
return "exportallprivatekeys";
}
static std::string get_help() {
return "exportallprivatekeys <directory>\texports all private keys from validator engine and stores them to "
"<directory>";
}
std::string name() const override {
return get_name();
}
private:
std::string directory_;
ton::PrivateKey client_pk_;
};
class AddAdnlAddrQuery : public Query {
public:
AddAdnlAddrQuery(td::actor::ActorId<ValidatorEngineConsole> console, Tokenizer tokenizer)

1
validator-engine-console/validator-engine-console.cpp
View file

@ -112,6 +112,7 @@ void ValidatorEngineConsole::run() {
add_query_runner(std::make_unique<QueryRunnerImpl<ExportPublicKeyFileQuery>>());
add_query_runner(std::make_unique<QueryRunnerImpl<SignQuery>>());
add_query_runner(std::make_unique<QueryRunnerImpl<SignFileQuery>>());
add_query_runner(std::make_unique<QueryRunnerImpl<ExportAllPrivateKeysQuery>>());
add_query_runner(std::make_unique<QueryRunnerImpl<AddAdnlAddrQuery>>());
add_query_runner(std::make_unique<QueryRunnerImpl<AddDhtIdQuery>>());
add_query_runner(std::make_unique<QueryRunnerImpl<AddValidatorPermanentKeyQuery>>());

64
validator-engine/validator-engine.cpp
View file

@ -3466,6 +3466,70 @@ void ValidatorEngine::run_control_query(ton::ton_api::engine_validator_sign &que
std::move(query.data_), std::move(P));
}
void ValidatorEngine::run_control_query(ton::ton_api::engine_validator_exportAllPrivateKeys &query,
td::BufferSlice data, ton::PublicKeyHash src, td::uint32 perm,
td::Promise<td::BufferSlice> promise) {
if (!(perm & ValidatorEnginePermissions::vep_unsafe)) {
promise.set_value(create_control_query_error(td::Status::Error(ton::ErrorCode::error, "not authorized")));
return;
}
if (keyring_.empty()) {
promise.set_value(create_control_query_error(td::Status::Error(ton::ErrorCode::notready, "not started keyring")));
return;
}
ton::PublicKey client_pubkey = ton::PublicKey{query.encryption_key_};
if (!client_pubkey.is_ed25519()) {
promise.set_value(
create_control_query_error(td::Status::Error(ton::ErrorCode::protoviolation, "encryption key is not Ed25519")));
return;
}
td::actor::send_closure(
keyring_, &ton::keyring::Keyring::export_all_private_keys,
[promise = std::move(promise),
client_pubkey = std::move(client_pubkey)](td::Result<std::vector<ton::PrivateKey>> R) mutable {
if (R.is_error()) {
promise.set_value(create_control_query_error(R.move_as_error()));
return;
}
// Private keys are encrypted using client-provided public key to avoid storing them in
// non-secure buffers (not td::SecureString)
std::vector<td::SecureString> serialized_keys;
size_t data_size = 32;
for (const ton::PrivateKey &key : R.ok()) {
serialized_keys.push_back(key.export_as_slice());
data_size += serialized_keys.back().size() + 4;
}
td::SecureString data{data_size};
td::MutableSlice slice = data.as_mutable_slice();
for (const td::SecureString &s : serialized_keys) {
td::uint32 size = td::narrow_cast_safe<td::uint32>(s.size()).move_as_ok();
CHECK(slice.size() >= size + 4);
slice.copy_from(td::Slice{reinterpret_cast<const td::uint8 *>(&size), 4});
slice.remove_prefix(4);
slice.copy_from(s.as_slice());
slice.remove_prefix(s.size());
}
CHECK(slice.size() == 32);
td::Random::secure_bytes(slice);
auto r_encryptor = client_pubkey.create_encryptor();
if (r_encryptor.is_error()) {
promise.set_value(create_control_query_error(r_encryptor.move_as_error_prefix("cannot create encryptor: ")));
return;
}
auto encryptor = r_encryptor.move_as_ok();
auto r_encrypted = encryptor->encrypt(data.as_slice());
if (r_encryptor.is_error()) {
promise.set_value(create_control_query_error(r_encrypted.move_as_error_prefix("cannot encrypt data: ")));
return;
}
promise.set_value(ton::create_serialize_tl_object<ton::ton_api::engine_validator_exportedPrivateKeys>(
r_encrypted.move_as_ok()));
});
}
void ValidatorEngine::run_control_query(ton::ton_api::engine_validator_setVerbosity &query, td::BufferSlice data,
ton::PublicKeyHash src, td::uint32 perm, td::Promise<td::BufferSlice> promise) {
if (!(perm & ValidatorEnginePermissions::vep_default)) {

2
validator-engine/validator-engine.hpp
View file

@ -489,6 +489,8 @@ class ValidatorEngine : public td::actor::Actor {
td::uint32 perm, td::Promise<td::BufferSlice> promise);
void run_control_query(ton::ton_api::engine_validator_sign &query, td::BufferSlice data, ton::PublicKeyHash src,
td::uint32 perm, td::Promise<td::BufferSlice> promise);
void run_control_query(ton::ton_api::engine_validator_exportAllPrivateKeys &query, td::BufferSlice data,
ton::PublicKeyHash src, td::uint32 perm, td::Promise<td::BufferSlice> promise);
void run_control_query(ton::ton_api::engine_validator_setVerbosity &query, td::BufferSlice data,
ton::PublicKeyHash src, td::uint32 perm, td::Promise<td::BufferSlice> promise);
void run_control_query(ton::ton_api::engine_validator_getStats &query, td::BufferSlice data, ton::PublicKeyHash src,