external/ton
1
0
Fork 0
mirror of https://github.com/ton-blockchain/ton synced 2025-03-09 15:40:10 +00:00
Code Issues Releases Wiki Activity

Improve creating channels in adnl (#1108)

Browse source 
* Improve creating channels in adnl

* Improve handling of cryptographic keys
This commit is contained in:
SpyCheese 2024-08-15 15:25:16 +03:00 committed by EmelyanenkoK
parent f7e189f272
commit 6515136061
9 changed files with 109 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

22
adnl/adnl-peer.cpp
View file

@ -269,7 +269,11 @@ void AdnlPeerPairImpl::send_messages_in(std::vector<OutboundAdnlMessage> message
size_t ptr = 0;
bool first = true;
do {
respond_with_nop_after_ = td::Timestamp::in(td::Random::fast(1.0, 2.0));
bool try_reinit = try_reinit_at_ && try_reinit_at_.is_in_past();
if (try_reinit) {
try_reinit_at_ = td::Timestamp::in(td::Random::fast(0.5, 1.5));
}
bool via_channel = channel_ready_ && !try_reinit;
size_t s = (via_channel ? channel_packet_header_max_size() : packet_header_max_size());
if (first) {
@ -504,12 +508,6 @@ void AdnlPeerPairImpl::create_channel(pubkeys::Ed25519 pub, td::uint32 date) {
void AdnlPeerPairImpl::process_message(const adnlmessage::AdnlMessageCreateChannel &message) {
create_channel(message.key(), message.date());
if (respond_to_channel_create_after_.is_in_past()) {
respond_to_channel_create_after_ = td::Timestamp::in(td::Random::fast(1.0, 2.0));
std::vector<OutboundAdnlMessage> messages;
messages.emplace_back(adnlmessage::AdnlMessageNop{}, 0);
send_messages(std::move(messages));
}
}
void AdnlPeerPairImpl::process_message(const adnlmessage::AdnlMessageConfirmChannel &message) {
@ -526,6 +524,7 @@ void AdnlPeerPairImpl::process_message(const adnlmessage::AdnlMessageConfirmChan
}
void AdnlPeerPairImpl::process_message(const adnlmessage::AdnlMessageCustom &message) {
respond_with_nop();
td::actor::send_closure(local_actor_, &AdnlLocalId::deliver, peer_id_short_, message.data());
}
@ -538,6 +537,7 @@ void AdnlPeerPairImpl::process_message(const adnlmessage::AdnlMessageReinit &mes
}
void AdnlPeerPairImpl::process_message(const adnlmessage::AdnlMessageQuery &message) {
respond_with_nop();
auto P = td::PromiseCreator::lambda([SelfId = actor_id(this), query_id = message.query_id(),
flags = static_cast<td::uint32>(0)](td::Result<td::BufferSlice> R) {
if (R.is_error()) {
@ -556,6 +556,7 @@ void AdnlPeerPairImpl::process_message(const adnlmessage::AdnlMessageQuery &mess
}
void AdnlPeerPairImpl::process_message(const adnlmessage::AdnlMessageAnswer &message) {
respond_with_nop();
auto Q = out_queries_.find(message.query_id());
if (Q == out_queries_.end()) {
@ -573,6 +574,7 @@ void AdnlPeerPairImpl::process_message(const adnlmessage::AdnlMessageAnswer &mes
}
void AdnlPeerPairImpl::process_message(const adnlmessage::AdnlMessagePart &message) {
respond_with_nop();
auto size = message.total_size();
if (size > huge_packet_max_size()) {
VLOG(ADNL_WARNING) << this << ": dropping too big huge message: size=" << size;
@ -635,6 +637,14 @@ void AdnlPeerPairImpl::delete_query(AdnlQueryId id) {
}
}
void AdnlPeerPairImpl::respond_with_nop() {
if (respond_with_nop_after_.is_in_past()) {
std::vector<OutboundAdnlMessage> messages;
messages.emplace_back(adnlmessage::AdnlMessageNop{}, 0);
send_messages(std::move(messages));
}
}
void AdnlPeerPairImpl::reinit(td::int32 date) {
if (reinit_date_ == 0) {
reinit_date_ = date;

3
adnl/adnl-peer.hpp
View file

@ -122,6 +122,7 @@ class AdnlPeerPairImpl : public AdnlPeerPair {
}
private:
void respond_with_nop();
void reinit(td::int32 date);
td::Result<std::pair<td::actor::ActorId<AdnlNetworkConnection>, bool>> get_conn(bool direct_only);
void create_channel(pubkeys::Ed25519 pub, td::uint32 date);
@ -214,7 +215,7 @@ class AdnlPeerPairImpl : public AdnlPeerPair {
pubkeys::Ed25519 channel_pub_;
td::int32 channel_pk_date_;
td::actor::ActorOwn<AdnlChannel> channel_;
td::Timestamp respond_to_channel_create_after_;
td::Timestamp respond_with_nop_after_;
td::uint64 in_seqno_ = 0;
td::uint64 out_seqno_ = 0;

38
keyring/keyring.cpp
View file

@ -27,6 +27,16 @@ namespace ton {
namespace keyring {
KeyringImpl::PrivateKeyDescr::PrivateKeyDescr(PrivateKey private_key, bool is_temp)
: public_key(private_key.compute_public_key()), is_temp(is_temp) {
auto D = private_key.create_decryptor_async();
D.ensure();
decryptor_sign = D.move_as_ok();
D = private_key.create_decryptor_async();
D.ensure();
decryptor_decrypt = D.move_as_ok();
}
void KeyringImpl::start_up() {
if (db_root_.size() > 0) {
td::mkdir(db_root_).ensure();
@ -45,23 +55,19 @@ td::Result<KeyringImpl::PrivateKeyDescr *> KeyringImpl::load_key(PublicKeyHash k
auto name = db_root_ + "/" + key_hash.bits256_value().to_hex();
auto R = td::read_file(td::CSlice{name});
auto R = td::read_file_secure(td::CSlice{name});
if (R.is_error()) {
return R.move_as_error_prefix("key not in db: ");
}
auto data = R.move_as_ok();
auto R2 = PrivateKey::import(td::SecureString(data));
auto R2 = PrivateKey::import(data);
R2.ensure();
auto key = R2.move_as_ok();
auto pub = key.compute_public_key();
auto short_id = pub.compute_short_id();
auto desc = std::make_unique<PrivateKeyDescr>(key, false);
auto short_id = desc->public_key.compute_short_id();
CHECK(short_id == key_hash);
auto D = key.create_decryptor_async();
D.ensure();
return map_.emplace(short_id, std::make_unique<PrivateKeyDescr>(D.move_as_ok(), pub, false)).first->second.get();
return map_.emplace(short_id, std::move(desc)).first->second.get();
}
void KeyringImpl::add_key(PrivateKey key, bool is_temp, td::Promise<td::Unit> promise) {
@ -76,10 +82,7 @@ void KeyringImpl::add_key(PrivateKey key, bool is_temp, td::Promise<td::Unit> pr
if (db_root_.size() == 0) {
CHECK(is_temp);
}
auto D = key.create_decryptor_async();
D.ensure();
map_.emplace(short_id, std::make_unique<PrivateKeyDescr>(D.move_as_ok(), pub, is_temp));
map_.emplace(short_id, std::make_unique<PrivateKeyDescr>(key, is_temp));
if (!is_temp && key.exportable()) {
auto S = key.export_as_slice();
@ -139,7 +142,7 @@ void KeyringImpl::sign_message(PublicKeyHash key_hash, td::BufferSlice data, td:
if (S.is_error()) {
promise.set_error(S.move_as_error());
} else {
td::actor::send_closure(S.move_as_ok()->decryptor, &DecryptorAsync::sign, std::move(data), std::move(promise));
td::actor::send_closure(S.move_as_ok()->decryptor_sign, &DecryptorAsync::sign, std::move(data), std::move(promise));
}
}
@ -161,7 +164,7 @@ void KeyringImpl::sign_add_get_public_key(PublicKeyHash key_hash, td::BufferSlic
}
promise.set_value(std::pair<td::BufferSlice, PublicKey>{R.move_as_ok(), id});
});
td::actor::send_closure(D->decryptor, &DecryptorAsync::sign, std::move(data), std::move(P));
td::actor::send_closure(D->decryptor_sign, &DecryptorAsync::sign, std::move(data), std::move(P));
}
void KeyringImpl::sign_messages(PublicKeyHash key_hash, std::vector<td::BufferSlice> data,
@ -171,7 +174,7 @@ void KeyringImpl::sign_messages(PublicKeyHash key_hash, std::vector<td::BufferSl
if (S.is_error()) {
promise.set_error(S.move_as_error());
} else {
td::actor::send_closure(S.move_as_ok()->decryptor, &DecryptorAsync::sign_batch, std::move(data),
td::actor::send_closure(S.move_as_ok()->decryptor_sign, &DecryptorAsync::sign_batch, std::move(data),
std::move(promise));
}
}
@ -182,7 +185,8 @@ void KeyringImpl::decrypt_message(PublicKeyHash key_hash, td::BufferSlice data,
if (S.is_error()) {
promise.set_error(S.move_as_error());
} else {
td::actor::send_closure(S.move_as_ok()->decryptor, &DecryptorAsync::decrypt, std::move(data), std::move(promise));
td::actor::send_closure(S.move_as_ok()->decryptor_decrypt, &DecryptorAsync::decrypt, std::move(data),
std::move(promise));
}
}

7
keyring/keyring.hpp
View file

@ -30,12 +30,11 @@ namespace keyring {
class KeyringImpl : public Keyring {
private:
struct PrivateKeyDescr {
td::actor::ActorOwn<DecryptorAsync> decryptor;
td::actor::ActorOwn<DecryptorAsync> decryptor_sign;
td::actor::ActorOwn<DecryptorAsync> decryptor_decrypt;
PublicKey public_key;
bool is_temp;
PrivateKeyDescr(td::actor::ActorOwn<DecryptorAsync> decryptor, PublicKey public_key, bool is_temp)
: decryptor(std::move(decryptor)), public_key(public_key), is_temp(is_temp) {
}
PrivateKeyDescr(PrivateKey private_key, bool is_temp);
};
public:

22
keys/encryptor.cpp
View file

@ -29,28 +29,6 @@
namespace ton {
td::Result<std::unique_ptr<Encryptor>> Encryptor::create(const ton_api::PublicKey *id) {
td::Result<std::unique_ptr<Encryptor>> res;
ton_api::downcast_call(
*const_cast<ton_api::PublicKey *>(id),
td::overloaded([&](const ton_api::pub_unenc &obj) { res = std::make_unique<EncryptorNone>(); },
[&](const ton_api::pub_ed25519 &obj) { res = std::make_unique<EncryptorEd25519>(obj.key_); },
[&](const ton_api::pub_overlay &obj) { res = std::make_unique<EncryptorOverlay>(); },
[&](const ton_api::pub_aes &obj) { res = std::make_unique<EncryptorAES>(obj.key_); }));
return res;
}
td::Result<std::unique_ptr<Decryptor>> Decryptor::create(const ton_api::PrivateKey *id) {
td::Result<std::unique_ptr<Decryptor>> res;
ton_api::downcast_call(
*const_cast<ton_api::PrivateKey *>(id),
td::overloaded([&](const ton_api::pk_unenc &obj) { res = std::make_unique<DecryptorNone>(); },
[&](const ton_api::pk_ed25519 &obj) { res = std::make_unique<DecryptorEd25519>(obj.key_); },
[&](const ton_api::pk_overlay &obj) { res = std::make_unique<DecryptorFail>(); },
[&](const ton_api::pk_aes &obj) { res = std::make_unique<DecryptorAES>(obj.key_); }));
return res;
}
td::Result<td::BufferSlice> EncryptorEd25519::encrypt(td::Slice data) {
TRY_RESULT_PREFIX(pk, td::Ed25519::generate_private_key(), "failed to generate private key: ");
TRY_RESULT_PREFIX(pubkey, pk.get_public_key(), "failed to get public key from private: ");

22
keys/encryptor.h
View file

@ -31,7 +31,6 @@ class Encryptor {
virtual td::Result<td::BufferSlice> encrypt(td::Slice data) = 0;
virtual td::Status check_signature(td::Slice message, td::Slice signature) = 0;
virtual ~Encryptor() = default;
static td::Result<std::unique_ptr<Encryptor>> create(const ton_api::PublicKey *id);
};
class Decryptor {
@ -40,7 +39,6 @@ class Decryptor {
virtual td::Result<td::BufferSlice> sign(td::Slice data) = 0;
virtual std::vector<td::Result<td::BufferSlice>> sign_batch(std::vector<td::Slice> data);
virtual ~Decryptor() = default;
static td::Result<std::unique_ptr<Decryptor>> create(const ton_api::PrivateKey *id);
};
class EncryptorAsync : public td::actor::Actor {
@ -61,16 +59,6 @@ class EncryptorAsync : public td::actor::Actor {
void encrypt(td::BufferSlice data, td::Promise<td::BufferSlice> promise) {
promise.set_result(encryptor_->encrypt(data.as_slice()));
}
template <class T>
static td::Result<td::actor::ActorOwn<EncryptorAsync>> create(T &id) {
TRY_RESULT(d, Encryptor::create(id));
return td::actor::create_actor<EncryptorAsync>("encryptor", std::move(d));
}
template <class T>
static td::Result<td::actor::ActorOwn<EncryptorAsync>> create(T *id) {
TRY_RESULT(d, Encryptor::create(id));
return td::actor::create_actor<EncryptorAsync>("encryptor", std::move(d));
}
};
class DecryptorAsync : public td::actor::Actor {
@ -94,16 +82,6 @@ class DecryptorAsync : public td::actor::Actor {
}
return decryptor_->sign_batch(v);
}
template <class T>
static td::Result<td::actor::ActorOwn<DecryptorAsync>> create(T &id) {
TRY_RESULT(d, Decryptor::create(id));
return td::actor::create_actor<DecryptorAsync>("decryptor", std::move(d));
}
template <class T>
static td::Result<td::actor::ActorOwn<DecryptorAsync>> create(T *id) {
TRY_RESULT(d, Decryptor::create(id));
return td::actor::create_actor<DecryptorAsync>("decryptor", std::move(d));
}
};
} // namespace ton

14
keys/encryptor.hpp
View file

@ -83,7 +83,7 @@ class EncryptorEd25519 : public Encryptor {
td::Result<td::BufferSlice> encrypt(td::Slice data) override;
td::Status check_signature(td::Slice message, td::Slice signature) override;
EncryptorEd25519(td::Bits256 key) : pub_(td::SecureString(as_slice(key))) {
EncryptorEd25519(const td::Bits256& key) : pub_(td::SecureString(as_slice(key))) {
}
};
@ -94,7 +94,7 @@ class DecryptorEd25519 : public Decryptor {
public:
td::Result<td::BufferSlice> decrypt(td::Slice data) override;
td::Result<td::BufferSlice> sign(td::Slice data) override;
DecryptorEd25519(td::Bits256 key) : pk_(td::SecureString(as_slice(key))) {
DecryptorEd25519(const td::Bits256& key) : pk_(td::SecureString(as_slice(key))) {
}
};
@ -129,12 +129,15 @@ class EncryptorAES : public Encryptor {
td::Bits256 shared_secret_;
public:
~EncryptorAES() override {
shared_secret_.set_zero_s();
}
td::Result<td::BufferSlice> encrypt(td::Slice data) override;
td::Status check_signature(td::Slice message, td::Slice signature) override {
return td::Status::Error("can no sign channel messages");
}
EncryptorAES(td::Bits256 shared_secret) : shared_secret_(shared_secret) {
EncryptorAES(const td::Bits256& shared_secret) : shared_secret_(shared_secret) {
}
};
@ -143,11 +146,14 @@ class DecryptorAES : public Decryptor {
td::Bits256 shared_secret_;
public:
~DecryptorAES() override {
shared_secret_.set_zero_s();
}
td::Result<td::BufferSlice> decrypt(td::Slice data) override;
td::Result<td::BufferSlice> sign(td::Slice data) override {
return td::Status::Error("can no sign channel messages");
}
DecryptorAES(td::Bits256 shared_secret) : shared_secret_(shared_secret) {
DecryptorAES(const td::Bits256& shared_secret) : shared_secret_(shared_secret) {
}
};

47
keys/keys.cpp
View file

@ -21,6 +21,7 @@
#include "td/utils/overloaded.h"
#include "tl-utils/tl-utils.hpp"
#include "encryptor.h"
#include "encryptor.hpp"
#include "crypto/Ed25519.h"
namespace ton {
@ -63,12 +64,31 @@ td::Result<PublicKey> PublicKey::import(td::Slice s) {
return PublicKey{x};
}
td::Result<std::unique_ptr<Encryptor>> pubkeys::Ed25519::create_encryptor() const {
return std::make_unique<EncryptorEd25519>(data_);
}
td::Result<std::unique_ptr<Encryptor>> pubkeys::AES::create_encryptor() const {
return std::make_unique<EncryptorAES>(data_);
}
td::Result<std::unique_ptr<Encryptor>> pubkeys::Unenc::create_encryptor() const {
return std::make_unique<EncryptorNone>();
}
td::Result<std::unique_ptr<Encryptor>> pubkeys::Overlay::create_encryptor() const {
return std::make_unique<EncryptorOverlay>();
}
td::Result<std::unique_ptr<Encryptor>> PublicKey::create_encryptor() const {
return Encryptor::create(tl().get());
td::Result<std::unique_ptr<Encryptor>> res;
pub_key_.visit([&](auto &obj) { res = obj.create_encryptor(); });
return res;
}
td::Result<td::actor::ActorOwn<EncryptorAsync>> PublicKey::create_encryptor_async() const {
return EncryptorAsync::create(tl().get());
TRY_RESULT(encryptor, create_encryptor());
return td::actor::create_actor<EncryptorAsync>("encryptor", std::move(encryptor));
}
bool PublicKey::empty() const {
@ -109,6 +129,22 @@ privkeys::Ed25519::Ed25519(td::Ed25519::PrivateKey key) {
data_.as_slice().copy_from(td::Slice(s));
}
td::Result<std::unique_ptr<Decryptor>> privkeys::Ed25519::create_decryptor() const {
return std::make_unique<DecryptorEd25519>(data_);
}
td::Result<std::unique_ptr<Decryptor>> privkeys::AES::create_decryptor() const {
return std::make_unique<DecryptorAES>(data_);
}
td::Result<std::unique_ptr<Decryptor>> privkeys::Unenc::create_decryptor() const {
return std::make_unique<DecryptorNone>();
}
td::Result<std::unique_ptr<Decryptor>> privkeys::Overlay::create_decryptor() const {
return std::make_unique<DecryptorFail>();
}
pubkeys::Ed25519::Ed25519(td::Ed25519::PublicKey key) {
auto s = key.as_octet_string();
CHECK(s.length() == 32);
@ -188,11 +224,14 @@ tl_object_ptr<ton_api::PrivateKey> PrivateKey::tl() const {
}
td::Result<std::unique_ptr<Decryptor>> PrivateKey::create_decryptor() const {
return Decryptor::create(tl().get());
td::Result<std::unique_ptr<Decryptor>> res;
priv_key_.visit([&](auto &obj) { res = obj.create_decryptor(); });
return res;
}
td::Result<td::actor::ActorOwn<DecryptorAsync>> PrivateKey::create_decryptor_async() const {
return DecryptorAsync::create(tl().get());
TRY_RESULT(decryptor, create_decryptor());
return td::actor::create_actor<DecryptorAsync>("decryptor", std::move(decryptor));
}
} // namespace ton

14
keys/keys.hpp
View file

@ -110,6 +110,7 @@ class Ed25519 {
tl_object_ptr<ton_api::pub_ed25519> tl() const {
return create_tl_object<ton_api::pub_ed25519>(data_);
}
td::Result<std::unique_ptr<Encryptor>> create_encryptor() const;
bool operator==(const Ed25519 &with) const {
return data_ == with.data_;
}
@ -141,6 +142,7 @@ class AES {
tl_object_ptr<ton_api::pub_aes> tl() const {
return create_tl_object<ton_api::pub_aes>(data_);
}
td::Result<std::unique_ptr<Encryptor>> create_encryptor() const;
bool operator==(const AES &with) const {
return data_ == with.data_;
}
@ -172,6 +174,7 @@ class Unenc {
tl_object_ptr<ton_api::pub_unenc> tl() const {
return create_tl_object<ton_api::pub_unenc>(data_.clone_as_buffer_slice());
}
td::Result<std::unique_ptr<Encryptor>> create_encryptor() const;
bool operator==(const Unenc &with) const {
return data_.as_slice() == with.data_.as_slice();
}
@ -203,6 +206,7 @@ class Overlay {
tl_object_ptr<ton_api::pub_overlay> tl() const {
return create_tl_object<ton_api::pub_overlay>(data_.clone_as_buffer_slice());
}
td::Result<std::unique_ptr<Encryptor>> create_encryptor() const;
bool operator==(const Overlay &with) const {
return data_.as_slice() == with.data_.as_slice();
}
@ -223,6 +227,9 @@ class PublicKey {
td::uint32 serialized_size() const {
UNREACHABLE();
}
td::Result<std::unique_ptr<Encryptor>> create_encryptor() const {
UNREACHABLE();
}
bool operator==(const Empty &with) const {
return false;
}
@ -316,6 +323,7 @@ class Ed25519 {
}
tl_object_ptr<ton_api::PublicKey> pub_tl() const;
pubkeys::Ed25519 pub() const;
td::Result<std::unique_ptr<Decryptor>> create_decryptor() const;
static Ed25519 random();
};
@ -359,6 +367,7 @@ class AES {
pubkeys::AES pub() const {
return pubkeys::AES{data_};
}
td::Result<std::unique_ptr<Decryptor>> create_decryptor() const;
};
class Unenc {
@ -393,6 +402,7 @@ class Unenc {
pubkeys::Unenc pub() const {
return pubkeys::Unenc{data_.clone()};
}
td::Result<std::unique_ptr<Decryptor>> create_decryptor() const;
};
class Overlay {
@ -427,6 +437,7 @@ class Overlay {
pubkeys::Overlay pub() const {
return pubkeys::Overlay{data_.clone()};
}
td::Result<std::unique_ptr<Decryptor>> create_decryptor() const;
};
} // namespace privkeys
@ -450,6 +461,9 @@ class PrivateKey {
PublicKey pub() const {
UNREACHABLE();
}
td::Result<std::unique_ptr<Decryptor>> create_decryptor() const {
UNREACHABLE();
}
};
td::Variant<Empty, privkeys::Ed25519, privkeys::AES, privkeys::Unenc, privkeys::Overlay> priv_key_{Empty{}};