futu_net/

encrypt.rs

// AES-128 ECB 加解密
//
// FutuOpenD 协议使用 AES-128 ECB 模式加密 body：
// - InitConnect 成功后，服务端返回 16 字节 AES key（hex 字符串）
// - 后续所有请求/响应的 body 使用此 key 加解密
// - SHA1 校验基于明文（加密前计算、解密后验证）
//
// 注意：AES-ECB 模式不使用 IV，相同明文始终产生相同密文。
// 这是 FutuOpenD 协议的设计，Rust 侧需保持兼容。

use futu_core::error::FutuError;

/// AES-128 ECB 加密
///
/// key 必须是 16 字节。data 会被 PKCS7 填充到 16 字节的倍数。
pub fn aes_ecb_encrypt(key: &[u8; 16], data: &[u8]) -> Vec<u8> {
    use aes::cipher::{BlockEncrypt, KeyInit};
    use std::iter;

    // PKCS7 padding
    let block_size = 16;
    let padding_len = block_size - (data.len() % block_size);
    let mut padded: Vec<u8> = data.to_vec();
    padded.extend(iter::repeat_n(padding_len as u8, padding_len));

    // AES-128 ECB: 逐块加密
    let encryptor = aes::Aes128::new(key.into());
    for chunk in padded.chunks_mut(block_size) {
        let block = aes::cipher::generic_array::GenericArray::from_mut_slice(chunk);
        encryptor.encrypt_block(block);
    }

    padded
}

/// AES-128 ECB 解密（PKCS7 padding）
///
/// key 必须是 16 字节。返回去除 PKCS7 padding 后的明文。
pub fn aes_ecb_decrypt(
    key: &[u8; 16],
    data: &[u8],
) -> Result<Vec<u8>, futu_core::error::FutuError> {
    use aes::cipher::{BlockDecrypt, KeyInit};

    if data.is_empty() || !data.len().is_multiple_of(16) {
        return Err(futu_core::error::FutuError::Encryption(
            "ciphertext length must be a multiple of 16".into(),
        ));
    }

    let block_size = 16;
    let mut output = data.to_vec();
    let decryptor = aes::Aes128::new(key.into());
    for chunk in output.chunks_mut(block_size) {
        let block = aes::cipher::generic_array::GenericArray::from_mut_slice(chunk);
        decryptor.decrypt_block(block);
    }

    // Remove PKCS7 padding
    let padding_len = output
        .last()
        .copied()
        .ok_or_else(|| futu_core::error::FutuError::Encryption("empty decrypted body".into()))?
        as usize;
    if padding_len == 0 || padding_len > block_size {
        return Err(futu_core::error::FutuError::Encryption(
            "invalid PKCS7 padding".into(),
        ));
    }
    if output[output.len() - padding_len..]
        .iter()
        .any(|&b| b as usize != padding_len)
    {
        return Err(futu_core::error::FutuError::Encryption(
            "invalid PKCS7 padding bytes".into(),
        ));
    }
    output.truncate(output.len() - padding_len);

    Ok(output)
}

/// AES 加密单块 —— 支持 16 / 24 / 32 字节 key（对应 AES-128/192/256）。
/// 对齐 C++ `OMCrypt_FTAES_MD5_Encrypt` 的可变 key 长度支持（auth_cryptor.cpp 里
/// S3 是 32 字节，走 AES-256）。
fn aes_encrypt_block_var(key: &[u8], block: &[u8]) -> Result<[u8; 16], FutuError> {
    use aes::cipher::{BlockEncrypt, KeyInit};
    let mut out = [0u8; 16];
    out.copy_from_slice(block);
    let ga = aes::cipher::generic_array::GenericArray::from_mut_slice(&mut out);
    match key.len() {
        16 => {
            aes::Aes128::new(aes::cipher::generic_array::GenericArray::from_slice(key))
                .encrypt_block(ga);
        }
        24 => {
            aes::Aes192::new(aes::cipher::generic_array::GenericArray::from_slice(key))
                .encrypt_block(ga);
        }
        32 => {
            aes::Aes256::new(aes::cipher::generic_array::GenericArray::from_slice(key))
                .encrypt_block(ga);
        }
        _ => {
            return Err(unsupported_aes_var_key_len(
                "aes_encrypt_block_var",
                key.len(),
            ));
        }
    }
    Ok(out)
}

/// AES 解密单块 —— 可变 key 长度（16/24/32 字节）
fn aes_decrypt_block_var(key: &[u8], block: &[u8]) -> Result<[u8; 16], FutuError> {
    use aes::cipher::{BlockDecrypt, KeyInit};
    let mut out = [0u8; 16];
    out.copy_from_slice(block);
    let ga = aes::cipher::generic_array::GenericArray::from_mut_slice(&mut out);
    match key.len() {
        16 => {
            aes::Aes128::new(aes::cipher::generic_array::GenericArray::from_slice(key))
                .decrypt_block(ga);
        }
        24 => {
            aes::Aes192::new(aes::cipher::generic_array::GenericArray::from_slice(key))
                .decrypt_block(ga);
        }
        32 => {
            aes::Aes256::new(aes::cipher::generic_array::GenericArray::from_slice(key))
                .decrypt_block(ga);
        }
        _ => {
            return Err(unsupported_aes_var_key_len(
                "aes_decrypt_block_var",
                key.len(),
            ));
        }
    }
    Ok(out)
}

fn unsupported_aes_var_key_len(context: &str, len: usize) -> FutuError {
    FutuError::Encryption(format!("{context}: unsupported key length {len}"))
}

fn constant_time_eq(left: &[u8], right: &[u8]) -> bool {
    if left.len() != right.len() {
        return false;
    }

    let mut diff = 0u8;
    for (&l, &r) in left.iter().zip(right.iter()) {
        diff |= l ^ r;
    }
    diff == 0
}

// ===== AES-128 CBC + MD5 校验 (自定义格式) =====
// 用于 tgtgt 加密和内部通信的 OMCrypt_AES_Encrypt/Decrypt
// 格式: [CBC加密的数据块] + [padding块(标记最后块大小)] + [MD5(明文所有16字节块)]

/// AES-128 CBC + MD5 加密 (对应 C++ om_aes_encrypt_cbc_md5)
pub fn aes_cbc_md5_encrypt(key: &[u8; 16], data: &[u8]) -> Result<Vec<u8>, FutuError> {
    aes_cbc_md5_encrypt_var(key, data)
}

/// AES-128/192/256 CBC + MD5 加密（可变 key 长度版，对齐 C++
/// `OMCrypt_FTAES_MD5_Encrypt` 接受任意 16/24/32 字节 key）
///
/// 用途：登录流程的 `CreateNewTgtgt` 在 salt32 存在时用 S3（32 字节）作 key
/// 做 AES-256 加密 tgtgt。
pub fn aes_cbc_md5_encrypt_var(key: &[u8], data: &[u8]) -> Result<Vec<u8>, FutuError> {
    let input_len = data.len();
    let modv = input_len % 16;
    let last_block_size = if modv == 0 { 0u8 } else { modv as u8 };

    let data_blocks = if modv == 0 {
        input_len
    } else {
        input_len - modv + 16
    };
    let total_size = data_blocks + 16 + 16;
    let mut output = vec![0u8; total_size];

    let mut md5_ctx = md5::Context::new();
    let mut encrypt_pos = 0usize;
    let aligned_end = input_len - modv;

    while encrypt_pos < aligned_end {
        let block = &data[encrypt_pos..encrypt_pos + 16];
        md5_ctx.consume(block);
        if encrypt_pos == 0 {
            let enc = aes_encrypt_block_var(key, block)?;
            output[..16].copy_from_slice(&enc);
        } else {
            let mut xor_block = [0u8; 16];
            for i in 0..16 {
                xor_block[i] = output[encrypt_pos - 16 + i] ^ block[i];
            }
            let enc = aes_encrypt_block_var(key, &xor_block)?;
            output[encrypt_pos..encrypt_pos + 16].copy_from_slice(&enc);
        }
        encrypt_pos += 16;
    }

    if modv != 0 {
        let mut tmp = [0u8; 16];
        tmp[..last_block_size as usize].copy_from_slice(&data[encrypt_pos..encrypt_pos + modv]);
        md5_ctx.consume(tmp);
        if encrypt_pos > 0 {
            for i in 0..16 {
                tmp[i] ^= output[encrypt_pos - 16 + i];
            }
        }
        let enc = aes_encrypt_block_var(key, &tmp)?;
        output[encrypt_pos..encrypt_pos + 16].copy_from_slice(&enc);
        encrypt_pos += 16;
    }

    let mut padding = [0u8; 16];
    padding[15] = last_block_size;
    let enc_pad = aes_encrypt_block_var(key, &padding)?;
    output[encrypt_pos..encrypt_pos + 16].copy_from_slice(&enc_pad);
    encrypt_pos += 16;

    let md5_hash = md5_ctx.compute();
    output[encrypt_pos..encrypt_pos + 16].copy_from_slice(&md5_hash.0);

    Ok(output)
}

/// AES-128/192/256 CBC + MD5 解密（可变 key 长度版）
pub fn aes_cbc_md5_decrypt_var(
    key: &[u8],
    data: &[u8],
) -> std::result::Result<Vec<u8>, futu_core::error::FutuError> {
    let input_len = data.len();
    if input_len < 32 || !input_len.is_multiple_of(16) {
        return Err(futu_core::error::FutuError::Encryption(format!(
            "cbc_md5_var: invalid ciphertext length {input_len}"
        )));
    }

    let padding_block = aes_decrypt_block_var(key, &data[input_len - 32..input_len - 16])?;
    let last_block_size = padding_block[15] as usize;
    if last_block_size > 15 {
        return Err(futu_core::error::FutuError::Encryption(format!(
            "cbc_md5_var: last_block_size {last_block_size} > 15"
        )));
    }

    let data_blocks_end = input_len - 32;
    let plaintext_len = if last_block_size == 0 {
        data_blocks_end
    } else {
        data_blocks_end - 16 + last_block_size
    };

    let mut output = vec![0u8; plaintext_len];
    let mut md5_ctx = md5::Context::new();
    let mut pos = 0usize;
    while pos < data_blocks_end {
        let block = &data[pos..pos + 16];
        let decrypted = aes_decrypt_block_var(key, block)?;
        let mut plain_block = [0u8; 16];
        if pos == 0 {
            plain_block.copy_from_slice(&decrypted);
        } else {
            for i in 0..16 {
                plain_block[i] = decrypted[i] ^ data[pos - 16 + i];
            }
        }
        md5_ctx.consume(plain_block);

        let is_last_block = pos + 16 == data_blocks_end;
        let effective_len = if is_last_block && last_block_size != 0 {
            last_block_size
        } else {
            16
        };
        output[pos..pos + effective_len].copy_from_slice(&plain_block[..effective_len]);
        pos += 16;
    }

    let computed_md5 = md5_ctx.compute();
    if !constant_time_eq(&computed_md5.0, &data[input_len - 16..]) {
        return Err(futu_core::error::FutuError::Encryption(
            "cbc_md5_var: MD5 checksum mismatch".into(),
        ));
    }

    Ok(output)
}

/// AES-128 CBC + MD5 解密 (对应 C++ om_aes_decrypt_cbc_md5)
pub fn aes_cbc_md5_decrypt(
    key: &[u8; 16],
    data: &[u8],
) -> std::result::Result<Vec<u8>, futu_core::error::FutuError> {
    aes_cbc_md5_decrypt_var(key, data)
}

// ===== RSA 加解密 =====
// FutuOpenD 使用 RSA PKCS#1 v1.5 加解密。
// 客户端和服务端共享同一个 RSA 私钥文件（PEM 格式）。
// 从私钥中提取公钥用于加密，私钥用于解密。

/// 从 PEM 格式加载 RSA 私钥（支持 PKCS#8 和 PKCS#1 格式）
fn load_rsa_private_key(
    pem_private_key: &str,
) -> Result<rsa::RsaPrivateKey, futu_core::error::FutuError> {
    use rsa::pkcs8::DecodePrivateKey;

    rsa::RsaPrivateKey::from_pkcs8_pem(pem_private_key)
        .or_else(|_| {
            use rsa::pkcs1::DecodeRsaPrivateKey;
            rsa::RsaPrivateKey::from_pkcs1_pem(pem_private_key)
        })
        .map_err(|e| {
            futu_core::error::FutuError::Encryption(format!("invalid RSA private key: {e}"))
        })
}

/// 使用 RSA 公钥加密（从私钥中提取公钥）
///
/// `pem_private_key`: PEM 格式的 RSA 私钥
pub fn rsa_public_encrypt(
    pem_private_key: &str,
    data: &[u8],
) -> Result<Vec<u8>, futu_core::error::FutuError> {
    use rsa::Pkcs1v15Encrypt;

    let private_key = load_rsa_private_key(pem_private_key)?;
    let public_key = rsa::RsaPublicKey::from(&private_key);
    let mut rng = rand::thread_rng();

    public_key
        .encrypt(&mut rng, Pkcs1v15Encrypt, data)
        .map_err(|e| futu_core::error::FutuError::Encryption(format!("RSA encrypt failed: {e}")))
}

/// 使用 RSA 私钥解密
pub fn rsa_private_decrypt(
    pem_private_key: &str,
    data: &[u8],
) -> Result<Vec<u8>, futu_core::error::FutuError> {
    use rsa::Pkcs1v15Encrypt;

    let private_key = load_rsa_private_key(pem_private_key)?;

    private_key
        .decrypt(Pkcs1v15Encrypt, data)
        .map_err(|e| futu_core::error::FutuError::Encryption(format!("RSA decrypt failed: {e}")))
}

/// 使用 RSA 公钥分块加密（支持任意长度数据）
///
/// RSA 1024-bit: 每块最多 117 字节明文 → 128 字节密文
/// RSA 2048-bit: 每块最多 245 字节明文 → 256 字节密文
/// 对应 C++ FutuOpenD 的 RSA 分块加密逻辑
pub fn rsa_public_encrypt_blocks(
    pem_private_key: &str,
    data: &[u8],
) -> Result<Vec<u8>, futu_core::error::FutuError> {
    use rsa::Pkcs1v15Encrypt;
    use rsa::traits::PublicKeyParts;

    let private_key = load_rsa_private_key(pem_private_key)?;
    let public_key = rsa::RsaPublicKey::from(&private_key);

    // PKCS1v15 padding 需要 11 字节开销
    let key_len = public_key.size();
    let max_block = key_len - 11;

    let mut result = Vec::with_capacity((data.len() / max_block + 1) * key_len);
    let mut rng = rand::thread_rng();

    for chunk in data.chunks(max_block) {
        let encrypted = public_key
            .encrypt(&mut rng, Pkcs1v15Encrypt, chunk)
            .map_err(|e| {
                futu_core::error::FutuError::Encryption(format!("RSA block encrypt failed: {e}"))
            })?;
        result.extend_from_slice(&encrypted);
    }

    Ok(result)
}

/// 使用 RSA 私钥分块解密（支持任意长度数据）
///
/// 密文按 key_size（128 或 256 字节）分块解密
pub fn rsa_private_decrypt_blocks(
    pem_private_key: &str,
    data: &[u8],
) -> Result<Vec<u8>, futu_core::error::FutuError> {
    use rsa::Pkcs1v15Encrypt;
    use rsa::traits::PublicKeyParts;

    let private_key = load_rsa_private_key(pem_private_key)?;
    let key_len = private_key.size();

    if !data.len().is_multiple_of(key_len) {
        return Err(futu_core::error::FutuError::Encryption(format!(
            "RSA ciphertext length {} is not a multiple of key size {}",
            data.len(),
            key_len
        )));
    }

    let mut result = Vec::with_capacity(data.len());

    for chunk in data.chunks(key_len) {
        let decrypted = private_key.decrypt(Pkcs1v15Encrypt, chunk).map_err(|e| {
            futu_core::error::FutuError::Encryption(format!("RSA block decrypt failed: {e}"))
        })?;
        result.extend_from_slice(&decrypted);
    }

    Ok(result)
}

#[cfg(test)]
mod tests;