validate canons without yatest_common

6 files changed, 348 insertions, 0 deletions

diff --git a/library/cpp/openssl/big_integer/big_integer.cpp b/library/cpp/openssl/big_integer/big_integer.cpp
new file mode 100644
index 0000000000..9b6802369a
--- /dev/null
+++ b/library/cpp/openssl/big_integer/big_integer.cpp
@@ -0,0 +1,61 @@
+#include "big_integer.h"
+
+#include <util/generic/yexception.h>
+#include <util/generic/scope.h>
+#include <util/stream/output.h>
+
+#include <openssl/bn.h>
+
+using namespace NOpenSsl;
+
+TBigInteger::~TBigInteger() noexcept {
+    BN_free(Impl_);
+}
+
+TBigInteger TBigInteger::FromULong(ui64 value) {
+    TBigInteger result(BN_new());
+
+    Y_ENSURE(result.Impl(), "BN_new() failed");
+    Y_ENSURE(BN_set_word(result.Impl(), value) == 1, "BN_set_word() failed");
+
+    return result;
+}
+
+TBigInteger TBigInteger::FromRegion(const void* ptr, size_t len) {
+    auto result = BN_bin2bn((ui8*)(ptr), len, nullptr);
+
+    Y_ENSURE(result, "BN_bin2bn() failed");
+
+    return result;
+}
+
+int TBigInteger::Compare(const TBigInteger& a, const TBigInteger& b) noexcept {
+    return BN_cmp(a.Impl(), b.Impl());
+}
+
+size_t TBigInteger::NumBytes() const noexcept {
+    return BN_num_bytes(Impl_);
+}
+
+size_t TBigInteger::ToRegion(void* to) const noexcept {
+    const auto ret = BN_bn2bin(Impl_, (unsigned char*)to);
+
+    Y_VERIFY(ret >= 0, "it happens");
+
+    return ret;
+}
+
+TString TBigInteger::ToDecimalString() const {
+    auto res = BN_bn2dec(Impl_);
+
+    Y_DEFER {
+        OPENSSL_free(res);
+    };
+
+    return res;
+}
+
+template <>
+void Out<TBigInteger>(IOutputStream& out, const TBigInteger& bi) {
+    out << bi.ToDecimalString();
+}
diff --git a/library/cpp/openssl/big_integer/big_integer.h b/library/cpp/openssl/big_integer/big_integer.h
new file mode 100644
index 0000000000..07763c5e13
--- /dev/null
+++ b/library/cpp/openssl/big_integer/big_integer.h
@@ -0,0 +1,57 @@
+#pragma once
+
+#include <util/generic/ptr.h>
+#include <util/generic/strbuf.h>
+#include <util/generic/utility.h>
+#include <util/generic/string.h>
+
+struct bignum_st;
+
+namespace NOpenSsl {
+    class TBigInteger {
+        inline TBigInteger(bignum_st* impl) noexcept
+            : Impl_(impl)
+        {
+        }
+
+        static int Compare(const TBigInteger& a, const TBigInteger& b) noexcept;
+
+    public:
+        inline TBigInteger(TBigInteger&& other) noexcept {
+            Swap(other);
+        }
+
+        ~TBigInteger() noexcept;
+
+        static TBigInteger FromULong(ui64 value);
+        static TBigInteger FromRegion(const void* ptr, size_t len);
+
+        inline const bignum_st* Impl() const noexcept {
+            return Impl_;
+        }
+
+        inline bignum_st* Impl() noexcept {
+            return Impl_;
+        }
+
+        inline void Swap(TBigInteger& other) noexcept {
+            DoSwap(Impl_, other.Impl_);
+        }
+
+        inline friend bool operator==(const TBigInteger& a, const TBigInteger& b) noexcept {
+            return Compare(a, b) == 0;
+        }
+
+        inline friend bool operator!=(const TBigInteger& a, const TBigInteger& b) noexcept {
+            return !(a == b);
+        }
+
+        size_t NumBytes() const noexcept;
+        size_t ToRegion(void* to) const noexcept;
+
+        TString ToDecimalString() const;
+
+    private:
+        bignum_st* Impl_ = nullptr;
+    };
+}
diff --git a/library/cpp/openssl/crypto/rsa.cpp b/library/cpp/openssl/crypto/rsa.cpp
new file mode 100644
index 0000000000..4b1d664826
--- /dev/null
+++ b/library/cpp/openssl/crypto/rsa.cpp
@@ -0,0 +1,56 @@
+#include "rsa.h"
+
+#include <library/cpp/openssl/big_integer/big_integer.h>
+#include <library/cpp/openssl/init/init.h>
+
+#include <util/generic/yexception.h>
+#include <util/generic/buffer.h>
+
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+
+using namespace NOpenSsl;
+using namespace NOpenSsl::NRsa;
+
+namespace {
+    struct TInit {
+        inline TInit() {
+            InitOpenSSL();
+        }
+    } INIT;
+}
+
+TPublicKey::TPublicKey(const TBigInteger& e, const TBigInteger& n)
+    : Key_(RSA_new())
+{
+    Y_ENSURE(Key_, "RSA_new() failed");
+
+    RSA_set0_key(Key_, BN_dup(n.Impl()), BN_dup(e.Impl()), nullptr);
+}
+
+TPublicKey::~TPublicKey() noexcept {
+    RSA_free(Key_);
+}
+
+size_t TPublicKey::OutputLength() const noexcept {
+    return RSA_size(Key_);
+}
+
+size_t TPublicKey::EncryptNoPad(void* dst, const void* src, size_t size) const {
+    auto len = RSA_public_encrypt(size, (const ui8*)src, (ui8*)dst, Key_, RSA_NO_PADDING);
+
+    Y_ENSURE(len >= 0, "RSA_public_encrypt() failed");
+
+    return len;
+}
+
+TBigInteger TPublicKey::EncryptNoPad(const TBigInteger& src) const {
+    const auto len1 = OutputLength();
+    const auto len2 = src.NumBytes();
+    TBuffer buf(len1 + len2);
+
+    char* buf1 = (char*)buf.Data();
+    char* buf2 = buf1 + len1;
+
+    return TBigInteger::FromRegion(buf1, EncryptNoPad(buf1, buf2, src.ToRegion(buf2)));
+}
diff --git a/library/cpp/openssl/crypto/rsa.h b/library/cpp/openssl/crypto/rsa.h
new file mode 100644
index 0000000000..3bf9e4a233
--- /dev/null
+++ b/library/cpp/openssl/crypto/rsa.h
@@ -0,0 +1,34 @@
+#pragma once
+
+#include <util/generic/utility.h>
+#include <util/generic/noncopyable.h>
+
+struct rsa_st;
+
+namespace NOpenSsl {
+    class TBigInteger;
+
+    namespace NRsa {
+        class TPublicKey: public TNonCopyable {
+        public:
+            inline TPublicKey(TPublicKey&& other) noexcept {
+                Swap(other);
+            }
+
+            TPublicKey(const TBigInteger& e, const TBigInteger& n);
+            ~TPublicKey() noexcept;
+
+            size_t OutputLength() const noexcept;
+
+            TBigInteger EncryptNoPad(const TBigInteger& src) const;
+            size_t EncryptNoPad(void* dst, const void* src, size_t size) const;
+
+            inline void Swap(TPublicKey& other) noexcept {
+                DoSwap(Key_, other.Key_);
+            }
+
+        private:
+            rsa_st* Key_ = nullptr;
+        };
+    };
+}
diff --git a/library/cpp/openssl/crypto/sha.cpp b/library/cpp/openssl/crypto/sha.cpp
new file mode 100644
index 0000000000..c142b6635e
--- /dev/null
+++ b/library/cpp/openssl/crypto/sha.cpp
@@ -0,0 +1,62 @@
+#include "sha.h"
+
+#include <util/generic/yexception.h>
+
+#include <openssl/sha.h>
+
+namespace NOpenSsl {
+    namespace NSha1 {
+        static_assert(DIGEST_LENGTH == SHA_DIGEST_LENGTH);
+
+        TDigest Calc(const void* data, size_t dataSize) {
+            TDigest digest;
+            Y_ENSURE(SHA1(static_cast<const ui8*>(data), dataSize, digest.data()) != nullptr);
+            return digest;
+        }
+
+        TCalcer::TCalcer()
+            : Context{new SHAstate_st} {
+            Y_ENSURE(SHA1_Init(Context.Get()) == 1);
+        }
+
+        TCalcer::~TCalcer() {
+        }
+
+        void TCalcer::Update(const void* data, size_t dataSize) {
+            Y_ENSURE(SHA1_Update(Context.Get(), data, dataSize) == 1);
+        }
+
+        TDigest TCalcer::Final() {
+            TDigest digest;
+            Y_ENSURE(SHA1_Final(digest.data(), Context.Get()) == 1);
+            return digest;
+        }
+    }
+    namespace NSha256 {
+        static_assert(DIGEST_LENGTH == SHA256_DIGEST_LENGTH);
+
+        TDigest Calc(const void* data, size_t dataSize) {
+            TDigest digest;
+            Y_ENSURE(SHA256(static_cast<const ui8*>(data), dataSize, digest.data()) != nullptr);
+            return digest;
+        }
+
+        TCalcer::TCalcer()
+            : Context{new SHA256state_st} {
+            Y_ENSURE(SHA256_Init(Context.Get()) == 1);
+        }
+
+        TCalcer::~TCalcer() {
+        }
+
+        void TCalcer::Update(const void* data, size_t dataSize) {
+            Y_ENSURE(SHA256_Update(Context.Get(), data, dataSize) == 1);
+        }
+
+        TDigest TCalcer::Final() {
+            TDigest digest;
+            Y_ENSURE(SHA256_Final(digest.data(), Context.Get()) == 1);
+            return digest;
+        }
+    }
+}
diff --git a/library/cpp/openssl/crypto/sha.h b/library/cpp/openssl/crypto/sha.h
new file mode 100644
index 0000000000..dbc2dfa526
--- /dev/null
+++ b/library/cpp/openssl/crypto/sha.h
@@ -0,0 +1,78 @@
+#pragma once
+
+#include <util/generic/ptr.h>
+#include <util/generic/strbuf.h>
+#include <util/system/types.h>
+
+#include <array>
+
+struct SHAstate_st;
+struct SHA256state_st;
+
+namespace NOpenSsl::NSha1 {
+    constexpr size_t DIGEST_LENGTH = 20;
+    using TDigest = std::array<ui8, DIGEST_LENGTH>;
+
+    // not fragmented input
+    TDigest Calc(const void* data, size_t dataSize);
+
+    inline TDigest Calc(TStringBuf s) {
+        return Calc(s.data(), s.length());
+    }
+
+    // fragmented input
+    class TCalcer {
+    public:
+        TCalcer();
+        ~TCalcer();
+        void Update(const void* data, size_t dataSize);
+
+        void Update(TStringBuf s) {
+            Update(s.data(), s.length());
+        }
+
+        template <typename T>
+        void UpdateWithPodValue(const T& value) {
+            Update(&value, sizeof(value));
+        }
+
+        TDigest Final();
+
+    private:
+        THolder<SHAstate_st> Context;
+    };
+}
+
+namespace NOpenSsl::NSha256 {
+    constexpr size_t DIGEST_LENGTH = 32;
+    using TDigest = std::array<ui8, DIGEST_LENGTH>;
+
+    // not fragmented input
+    TDigest Calc(const void* data, size_t dataSize);
+
+    inline TDigest Calc(TStringBuf s) {
+        return Calc(s.data(), s.length());
+    }
+
+    // fragmented input
+    class TCalcer {
+    public:
+        TCalcer();
+        ~TCalcer();
+        void Update(const void* data, size_t dataSize);
+
+        void Update(TStringBuf s) {
+            Update(s.data(), s.length());
+        }
+
+        template <typename T>
+        void UpdateWithPodValue(const T& value) {
+            Update(&value, sizeof(value));
+        }
+
+        TDigest Final();
+
+    private:
+        THolder<SHA256state_st> Context;
+    };
+}