Final part on compatibility layer: LOGBROKER-7215

ref:777c67aadbf705d19034a09a792b2df61ba53697

11 files changed, 522 insertions, 0 deletions

diff --git a/library/cpp/openssl/big_integer/CMakeLists.txt b/library/cpp/openssl/big_integer/CMakeLists.txt
new file mode 100644
index 0000000000..55d94de253
--- /dev/null
+++ b/library/cpp/openssl/big_integer/CMakeLists.txt
@@ -0,0 +1,19 @@
+
+# This file was gererated by the build system used internally in the Yandex monorepo.
+# Only simple modifications are allowed (adding source-files to targets, adding simple properties
+# like target_include_directories). These modifications will be ported to original
+# ya.make files by maintainers. Any complex modifications which can't be ported back to the
+# original buildsystem will not be accepted.
+
+
+find_package(OpenSSL REQUIRED)
+
+add_library(cpp-openssl-big_integer)
+target_link_libraries(cpp-openssl-big_integer PUBLIC
+  contrib-libs-cxxsupp
+  yutil
+  OpenSSL::OpenSSL
+)
+target_sources(cpp-openssl-big_integer PRIVATE
+  ${CMAKE_SOURCE_DIR}/library/cpp/openssl/big_integer/big_integer.cpp
+)
diff --git a/library/cpp/openssl/big_integer/big_integer.cpp b/library/cpp/openssl/big_integer/big_integer.cpp
new file mode 100644
index 0000000000..de59f84499
--- /dev/null
+++ b/library/cpp/openssl/big_integer/big_integer.cpp
@@ -0,0 +1,61 @@
+#include "big_integer.h"
+
+#include <util/generic/yexception.h>
+#include <util/generic/scope.h>
+#include <util/stream/output.h>
+
+#include <contrib/libs/openssl/include/openssl/bn.h>
+
+using namespace NOpenSsl;
+
+TBigInteger::~TBigInteger() noexcept {
+    BN_free(Impl_);
+}
+
+TBigInteger TBigInteger::FromULong(ui64 value) {
+    TBigInteger result(BN_new());
+
+    Y_ENSURE(result.Impl(), "BN_new() failed");
+    Y_ENSURE(BN_set_word(result.Impl(), value) == 1, "BN_set_word() failed");
+
+    return result;
+}
+
+TBigInteger TBigInteger::FromRegion(const void* ptr, size_t len) {
+    auto result = BN_bin2bn((ui8*)(ptr), len, nullptr);
+
+    Y_ENSURE(result, "BN_bin2bn() failed");
+
+    return result;
+}
+
+int TBigInteger::Compare(const TBigInteger& a, const TBigInteger& b) noexcept {
+    return BN_cmp(a.Impl(), b.Impl());
+}
+
+size_t TBigInteger::NumBytes() const noexcept {
+    return BN_num_bytes(Impl_);
+}
+
+size_t TBigInteger::ToRegion(void* to) const noexcept {
+    const auto ret = BN_bn2bin(Impl_, (unsigned char*)to);
+
+    Y_VERIFY(ret >= 0, "it happens");
+
+    return ret;
+}
+
+TString TBigInteger::ToDecimalString() const {
+    auto res = BN_bn2dec(Impl_);
+
+    Y_DEFER {
+        OPENSSL_free(res);
+    };
+
+    return res;
+}
+
+template <>
+void Out<TBigInteger>(IOutputStream& out, const TBigInteger& bi) {
+    out << bi.ToDecimalString();
+}
diff --git a/library/cpp/openssl/big_integer/big_integer.h b/library/cpp/openssl/big_integer/big_integer.h
new file mode 100644
index 0000000000..07763c5e13
--- /dev/null
+++ b/library/cpp/openssl/big_integer/big_integer.h
@@ -0,0 +1,57 @@
+#pragma once
+
+#include <util/generic/ptr.h>
+#include <util/generic/strbuf.h>
+#include <util/generic/utility.h>
+#include <util/generic/string.h>
+
+struct bignum_st;
+
+namespace NOpenSsl {
+    class TBigInteger {
+        inline TBigInteger(bignum_st* impl) noexcept
+            : Impl_(impl)
+        {
+        }
+
+        static int Compare(const TBigInteger& a, const TBigInteger& b) noexcept;
+
+    public:
+        inline TBigInteger(TBigInteger&& other) noexcept {
+            Swap(other);
+        }
+
+        ~TBigInteger() noexcept;
+
+        static TBigInteger FromULong(ui64 value);
+        static TBigInteger FromRegion(const void* ptr, size_t len);
+
+        inline const bignum_st* Impl() const noexcept {
+            return Impl_;
+        }
+
+        inline bignum_st* Impl() noexcept {
+            return Impl_;
+        }
+
+        inline void Swap(TBigInteger& other) noexcept {
+            DoSwap(Impl_, other.Impl_);
+        }
+
+        inline friend bool operator==(const TBigInteger& a, const TBigInteger& b) noexcept {
+            return Compare(a, b) == 0;
+        }
+
+        inline friend bool operator!=(const TBigInteger& a, const TBigInteger& b) noexcept {
+            return !(a == b);
+        }
+
+        size_t NumBytes() const noexcept;
+        size_t ToRegion(void* to) const noexcept;
+
+        TString ToDecimalString() const;
+
+    private:
+        bignum_st* Impl_ = nullptr;
+    };
+}
diff --git a/library/cpp/openssl/big_integer/ut/big_integer_ut.cpp b/library/cpp/openssl/big_integer/ut/big_integer_ut.cpp
new file mode 100644
index 0000000000..8a0050f531
--- /dev/null
+++ b/library/cpp/openssl/big_integer/ut/big_integer_ut.cpp
@@ -0,0 +1,43 @@
+#include "big_integer.h"
+
+#include <library/cpp/testing/unittest/registar.h>
+
+#include <util/system/byteorder.h>
+#include <util/stream/str.h>
+
+Y_UNIT_TEST_SUITE(BigInteger) {
+    using NOpenSsl::TBigInteger;
+
+    Y_UNIT_TEST(Initialization) {
+        constexpr ui64 testVal = 12345678900;
+        const auto fromULong = TBigInteger::FromULong(testVal);
+
+        const ui64 testArea = HostToInet(testVal); // transform to big-endian
+        const auto fromRegion = TBigInteger::FromRegion(&testArea, sizeof(testArea));
+        UNIT_ASSERT(fromULong == fromRegion);
+        UNIT_ASSERT_VALUES_EQUAL(fromULong, fromRegion);
+
+        const auto fromULongOther = TBigInteger::FromULong(22345678900);
+        UNIT_ASSERT(fromULong != fromULongOther);
+    }
+
+    Y_UNIT_TEST(Decimal) {
+        UNIT_ASSERT_VALUES_EQUAL(TBigInteger::FromULong(123456789).ToDecimalString(), "123456789");
+    }
+
+    Y_UNIT_TEST(Region) {
+        const auto v1 = TBigInteger::FromULong(1234567890);
+        char buf[1024];
+        const auto v2 = TBigInteger::FromRegion(buf, v1.ToRegion(buf));
+
+        UNIT_ASSERT_VALUES_EQUAL(v1, v2);
+    }
+
+    Y_UNIT_TEST(Output) {
+        TStringStream ss;
+
+        ss << TBigInteger::FromULong(123456789);
+
+        UNIT_ASSERT_VALUES_EQUAL(ss.Str(), "123456789");
+    }
+}
diff --git a/library/cpp/openssl/crypto/CMakeLists.txt b/library/cpp/openssl/crypto/CMakeLists.txt
new file mode 100644
index 0000000000..5f6664acd8
--- /dev/null
+++ b/library/cpp/openssl/crypto/CMakeLists.txt
@@ -0,0 +1,22 @@
+
+# This file was gererated by the build system used internally in the Yandex monorepo.
+# Only simple modifications are allowed (adding source-files to targets, adding simple properties
+# like target_include_directories). These modifications will be ported to original
+# ya.make files by maintainers. Any complex modifications which can't be ported back to the
+# original buildsystem will not be accepted.
+
+
+find_package(OpenSSL REQUIRED)
+
+add_library(cpp-openssl-crypto)
+target_link_libraries(cpp-openssl-crypto PUBLIC
+  contrib-libs-cxxsupp
+  yutil
+  OpenSSL::OpenSSL
+  cpp-openssl-big_integer
+  cpp-openssl-init
+)
+target_sources(cpp-openssl-crypto PRIVATE
+  ${CMAKE_SOURCE_DIR}/library/cpp/openssl/crypto/sha.cpp
+  ${CMAKE_SOURCE_DIR}/library/cpp/openssl/crypto/rsa.cpp
+)
diff --git a/library/cpp/openssl/crypto/rsa.cpp b/library/cpp/openssl/crypto/rsa.cpp
new file mode 100644
index 0000000000..350e0c0815
--- /dev/null
+++ b/library/cpp/openssl/crypto/rsa.cpp
@@ -0,0 +1,56 @@
+#include "rsa.h"
+
+#include <library/cpp/openssl/big_integer/big_integer.h>
+#include <library/cpp/openssl/init/init.h>
+
+#include <util/generic/yexception.h>
+#include <util/generic/buffer.h>
+
+#include <contrib/libs/openssl/include/openssl/bn.h>
+#include <contrib/libs/openssl/include/openssl/rsa.h>
+
+using namespace NOpenSsl;
+using namespace NOpenSsl::NRsa;
+
+namespace {
+    struct TInit {
+        inline TInit() {
+            InitOpenSSL();
+        }
+    } INIT;
+}
+
+TPublicKey::TPublicKey(const TBigInteger& e, const TBigInteger& n)
+    : Key_(RSA_new())
+{
+    Y_ENSURE(Key_, "RSA_new() failed");
+
+    RSA_set0_key(Key_, BN_dup(n.Impl()), BN_dup(e.Impl()), nullptr);
+}
+
+TPublicKey::~TPublicKey() noexcept {
+    RSA_free(Key_);
+}
+
+size_t TPublicKey::OutputLength() const noexcept {
+    return RSA_size(Key_);
+}
+
+size_t TPublicKey::EncryptNoPad(void* dst, const void* src, size_t size) const {
+    auto len = RSA_public_encrypt(size, (const ui8*)src, (ui8*)dst, Key_, RSA_NO_PADDING);
+
+    Y_ENSURE(len >= 0, "RSA_public_encrypt() failed");
+
+    return len;
+}
+
+TBigInteger TPublicKey::EncryptNoPad(const TBigInteger& src) const {
+    const auto len1 = OutputLength();
+    const auto len2 = src.NumBytes();
+    TBuffer buf(len1 + len2);
+
+    char* buf1 = (char*)buf.Data();
+    char* buf2 = buf1 + len1;
+
+    return TBigInteger::FromRegion(buf1, EncryptNoPad(buf1, buf2, src.ToRegion(buf2)));
+}
diff --git a/library/cpp/openssl/crypto/rsa.h b/library/cpp/openssl/crypto/rsa.h
new file mode 100644
index 0000000000..3bf9e4a233
--- /dev/null
+++ b/library/cpp/openssl/crypto/rsa.h
@@ -0,0 +1,34 @@
+#pragma once
+
+#include <util/generic/utility.h>
+#include <util/generic/noncopyable.h>
+
+struct rsa_st;
+
+namespace NOpenSsl {
+    class TBigInteger;
+
+    namespace NRsa {
+        class TPublicKey: public TNonCopyable {
+        public:
+            inline TPublicKey(TPublicKey&& other) noexcept {
+                Swap(other);
+            }
+
+            TPublicKey(const TBigInteger& e, const TBigInteger& n);
+            ~TPublicKey() noexcept;
+
+            size_t OutputLength() const noexcept;
+
+            TBigInteger EncryptNoPad(const TBigInteger& src) const;
+            size_t EncryptNoPad(void* dst, const void* src, size_t size) const;
+
+            inline void Swap(TPublicKey& other) noexcept {
+                DoSwap(Key_, other.Key_);
+            }
+
+        private:
+            rsa_st* Key_ = nullptr;
+        };
+    };
+}
diff --git a/library/cpp/openssl/crypto/sha.cpp b/library/cpp/openssl/crypto/sha.cpp
new file mode 100644
index 0000000000..8e7e88ccde
--- /dev/null
+++ b/library/cpp/openssl/crypto/sha.cpp
@@ -0,0 +1,62 @@
+#include "sha.h"
+
+#include <util/generic/yexception.h>
+
+#include <contrib/libs/openssl/include/openssl/sha.h>
+
+namespace NOpenSsl {
+    namespace NSha1 {
+        static_assert(DIGEST_LENGTH == SHA_DIGEST_LENGTH);
+
+        TDigest Calc(const void* data, size_t dataSize) {
+            TDigest digest;
+            Y_ENSURE(SHA1(static_cast<const ui8*>(data), dataSize, digest.data()) != nullptr);
+            return digest;
+        }
+
+        TCalcer::TCalcer()
+            : Context{new SHAstate_st} {
+            Y_ENSURE(SHA1_Init(Context.Get()) == 1);
+        }
+
+        TCalcer::~TCalcer() {
+        }
+
+        void TCalcer::Update(const void* data, size_t dataSize) {
+            Y_ENSURE(SHA1_Update(Context.Get(), data, dataSize) == 1);
+        }
+
+        TDigest TCalcer::Final() {
+            TDigest digest;
+            Y_ENSURE(SHA1_Final(digest.data(), Context.Get()) == 1);
+            return digest;
+        }
+    }
+    namespace NSha256 {
+        static_assert(DIGEST_LENGTH == SHA256_DIGEST_LENGTH);
+
+        TDigest Calc(const void* data, size_t dataSize) {
+            TDigest digest;
+            Y_ENSURE(SHA256(static_cast<const ui8*>(data), dataSize, digest.data()) != nullptr);
+            return digest;
+        }
+
+        TCalcer::TCalcer()
+            : Context{new SHA256state_st} {
+            Y_ENSURE(SHA256_Init(Context.Get()) == 1);
+        }
+
+        TCalcer::~TCalcer() {
+        }
+
+        void TCalcer::Update(const void* data, size_t dataSize) {
+            Y_ENSURE(SHA256_Update(Context.Get(), data, dataSize) == 1);
+        }
+
+        TDigest TCalcer::Final() {
+            TDigest digest;
+            Y_ENSURE(SHA256_Final(digest.data(), Context.Get()) == 1);
+            return digest;
+        }
+    }
+}
diff --git a/library/cpp/openssl/crypto/sha.h b/library/cpp/openssl/crypto/sha.h
new file mode 100644
index 0000000000..dbc2dfa526
--- /dev/null
+++ b/library/cpp/openssl/crypto/sha.h
@@ -0,0 +1,78 @@
+#pragma once
+
+#include <util/generic/ptr.h>
+#include <util/generic/strbuf.h>
+#include <util/system/types.h>
+
+#include <array>
+
+struct SHAstate_st;
+struct SHA256state_st;
+
+namespace NOpenSsl::NSha1 {
+    constexpr size_t DIGEST_LENGTH = 20;
+    using TDigest = std::array<ui8, DIGEST_LENGTH>;
+
+    // not fragmented input
+    TDigest Calc(const void* data, size_t dataSize);
+
+    inline TDigest Calc(TStringBuf s) {
+        return Calc(s.data(), s.length());
+    }
+
+    // fragmented input
+    class TCalcer {
+    public:
+        TCalcer();
+        ~TCalcer();
+        void Update(const void* data, size_t dataSize);
+
+        void Update(TStringBuf s) {
+            Update(s.data(), s.length());
+        }
+
+        template <typename T>
+        void UpdateWithPodValue(const T& value) {
+            Update(&value, sizeof(value));
+        }
+
+        TDigest Final();
+
+    private:
+        THolder<SHAstate_st> Context;
+    };
+}
+
+namespace NOpenSsl::NSha256 {
+    constexpr size_t DIGEST_LENGTH = 32;
+    using TDigest = std::array<ui8, DIGEST_LENGTH>;
+
+    // not fragmented input
+    TDigest Calc(const void* data, size_t dataSize);
+
+    inline TDigest Calc(TStringBuf s) {
+        return Calc(s.data(), s.length());
+    }
+
+    // fragmented input
+    class TCalcer {
+    public:
+        TCalcer();
+        ~TCalcer();
+        void Update(const void* data, size_t dataSize);
+
+        void Update(TStringBuf s) {
+            Update(s.data(), s.length());
+        }
+
+        template <typename T>
+        void UpdateWithPodValue(const T& value) {
+            Update(&value, sizeof(value));
+        }
+
+        TDigest Final();
+
+    private:
+        THolder<SHA256state_st> Context;
+    };
+}
diff --git a/library/cpp/openssl/crypto/sha_ut.cpp b/library/cpp/openssl/crypto/sha_ut.cpp
new file mode 100644
index 0000000000..4b6117f960
--- /dev/null
+++ b/library/cpp/openssl/crypto/sha_ut.cpp
@@ -0,0 +1,62 @@
+#include <library/cpp/testing/unittest/registar.h>
+
+#include "sha.h"
+
+constexpr TStringBuf SomeAlignedShaTestData = "some _aligned_ test data for SHA-family: align align align align";
+
+Y_UNIT_TEST_SUITE(SHA){
+    Y_UNIT_TEST(CheckOfTestDataAlignment){
+        UNIT_ASSERT_VALUES_EQUAL(SomeAlignedShaTestData.size() % sizeof(ui32), 0);
+    }
+
+    Y_UNIT_TEST(Sha1Value) {
+        // bash$ echo -n $SomeAlignedShaTestData | sha1sum
+        const TStringBuf precalculatedDigest =
+            "\xA2\x29\x8E\xE2\xEA\x06\x27\x45"
+            "\x27\xC7\x78\x87\x16\x21\x8A\xA5"
+            "\x0D\xBA\xBA\xB2"sv;
+
+        auto digest = NOpenSsl::NSha1::Calc(SomeAlignedShaTestData.data(), SomeAlignedShaTestData.size());
+
+        UNIT_ASSERT_VALUES_EQUAL(precalculatedDigest.size(), digest.size());
+        UNIT_ASSERT_VALUES_EQUAL(memcmp(precalculatedDigest.data(), digest.data(), digest.size()), 0);
+    }
+
+    Y_UNIT_TEST(Sha256Value) {
+        // bash$ echo -n $SomeAlignedShaTestData | sha256sum
+        const TStringBuf precalculatedDigest =
+            "\xED\x64\x0D\x43\xF7\x6D\x71\x98"
+            "\x39\x19\xF6\xE6\x70\x21\x82\x11"
+            "\xEF\x3B\xF0\xF4\x35\xBF\x42\xAB"
+            "\x1C\x5C\x01\xCD\x20\x33\xD2\xFA"sv;
+
+        auto digest = NOpenSsl::NSha256::Calc(SomeAlignedShaTestData.data(), SomeAlignedShaTestData.size());
+
+        UNIT_ASSERT_VALUES_EQUAL(precalculatedDigest.size(), digest.size());
+        UNIT_ASSERT_VALUES_EQUAL(memcmp(precalculatedDigest.data(), digest.data(), digest.size()), 0);
+    }
+
+    Y_UNIT_TEST(FragmentedEqualNotFragmented) {
+        const char* head = SomeAlignedShaTestData.data();
+        const char* current = head;
+        NOpenSsl::NSha1::TCalcer sha;
+        int intValue;
+        std::copy_n(current, sizeof(intValue), (char*)&intValue);
+        current += sizeof(intValue);
+        sha.UpdateWithPodValue(intValue);
+        double doubleValue;
+        std::copy_n(current, sizeof(doubleValue), (char*)&doubleValue);
+        current += sizeof(doubleValue);
+        sha.UpdateWithPodValue(doubleValue);
+        char str[7];
+        std::copy_n(current, std::size(str), str);
+        current += std::size(str);
+        sha.UpdateWithPodValue(str);
+        sha.Update(current, SomeAlignedShaTestData.size() - (current - head));
+        auto fragmentedDigest = sha.Final();
+
+        auto notFragmentedDigest = NOpenSsl::NSha1::Calc(SomeAlignedShaTestData.data(), SomeAlignedShaTestData.size());
+
+        UNIT_ASSERT_VALUES_EQUAL(memcmp(fragmentedDigest.data(), notFragmentedDigest.data(), notFragmentedDigest.size()), 0);
+    }
+}; // UNITTEST_SIMPLE_SUITE(SHA)
diff --git a/library/cpp/openssl/crypto/ut/rsa_ut.cpp b/library/cpp/openssl/crypto/ut/rsa_ut.cpp
new file mode 100644
index 0000000000..99f0377432
--- /dev/null
+++ b/library/cpp/openssl/crypto/ut/rsa_ut.cpp
@@ -0,0 +1,28 @@
+#include "rsa.h"
+
+#include <library/cpp/testing/unittest/registar.h>
+#include <library/cpp/openssl/big_integer/big_integer.h>
+
+#include <util/system/byteorder.h>
+
+using namespace NOpenSsl;
+using namespace NOpenSsl::NRsa;
+
+Y_UNIT_TEST_SUITE(Rsa) {
+    Y_UNIT_TEST(Encrypt) {
+        // example from Ru.Wikipedia
+        const auto originData = TBigInteger::FromULong(111111);
+
+        const auto n = TBigInteger::FromULong(3);
+        const auto e = TBigInteger::FromULong(9173503);
+
+        // check key reuse
+        for (size_t i = 0; i < 10; ++i) {
+            UNIT_ASSERT_VALUES_EQUAL(TBigInteger::FromULong(4051753), TPublicKey(n, e).EncryptNoPad(originData));
+        }
+
+        UNIT_ASSERT_VALUES_EQUAL(originData, TBigInteger::FromULong(111111));
+        UNIT_ASSERT_VALUES_EQUAL(n, TBigInteger::FromULong(3));
+        UNIT_ASSERT_VALUES_EQUAL(e, TBigInteger::FromULong(9173503));
+    }
+};