2017-11-03 15:29:49 -05:00
|
|
|
// Copyright 2016 The go-ethereum Authors
|
|
|
|
// This file is part of the go-ethereum library.
|
|
|
|
//
|
|
|
|
// The go-ethereum library is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU Lesser General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// The go-ethereum library is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU Lesser General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU Lesser General Public License
|
|
|
|
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
// Contains the Whisper protocol Envelope element.
|
|
|
|
|
|
|
|
package whisperv6
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/ecdsa"
|
|
|
|
"encoding/binary"
|
|
|
|
"fmt"
|
|
|
|
gmath "math"
|
|
|
|
"math/big"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/ethereum/go-ethereum/common"
|
|
|
|
"github.com/ethereum/go-ethereum/crypto"
|
|
|
|
"github.com/ethereum/go-ethereum/crypto/ecies"
|
|
|
|
"github.com/ethereum/go-ethereum/rlp"
|
|
|
|
)
|
|
|
|
|
|
|
|
// Envelope represents a clear-text data packet to transmit through the Whisper
|
|
|
|
// network. Its contents may or may not be encrypted and signed.
|
|
|
|
type Envelope struct {
|
2017-12-08 09:08:56 -06:00
|
|
|
Expiry uint32
|
|
|
|
TTL uint32
|
|
|
|
Topic TopicType
|
|
|
|
Data []byte
|
|
|
|
Nonce uint64
|
2017-11-03 15:29:49 -05:00
|
|
|
|
2018-01-12 05:11:22 -06:00
|
|
|
pow float64 // Message-specific PoW as described in the Whisper specification.
|
|
|
|
|
|
|
|
// the following variables should not be accessed directly, use the corresponding function instead: Hash(), Bloom()
|
|
|
|
hash common.Hash // Cached hash of the envelope to avoid rehashing every time.
|
|
|
|
bloom []byte
|
2017-11-03 15:29:49 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
// size returns the size of envelope as it is sent (i.e. public fields only)
|
|
|
|
func (e *Envelope) size() int {
|
2017-12-08 09:08:56 -06:00
|
|
|
return EnvelopeHeaderLength + len(e.Data)
|
2017-11-03 15:29:49 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
// rlpWithoutNonce returns the RLP encoded envelope contents, except the nonce.
|
|
|
|
func (e *Envelope) rlpWithoutNonce() []byte {
|
2017-12-08 09:08:56 -06:00
|
|
|
res, _ := rlp.EncodeToBytes([]interface{}{e.Expiry, e.TTL, e.Topic, e.Data})
|
2017-11-03 15:29:49 -05:00
|
|
|
return res
|
|
|
|
}
|
|
|
|
|
|
|
|
// NewEnvelope wraps a Whisper message with expiration and destination data
|
|
|
|
// included into an envelope for network forwarding.
|
2017-12-08 04:40:59 -06:00
|
|
|
func NewEnvelope(ttl uint32, topic TopicType, msg *sentMessage) *Envelope {
|
2017-11-03 15:29:49 -05:00
|
|
|
env := Envelope{
|
2017-12-08 09:08:56 -06:00
|
|
|
Expiry: uint32(time.Now().Add(time.Second * time.Duration(ttl)).Unix()),
|
|
|
|
TTL: ttl,
|
|
|
|
Topic: topic,
|
|
|
|
Data: msg.Raw,
|
|
|
|
Nonce: 0,
|
2017-11-03 15:29:49 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
return &env
|
|
|
|
}
|
|
|
|
|
|
|
|
// Seal closes the envelope by spending the requested amount of time as a proof
|
|
|
|
// of work on hashing the data.
|
|
|
|
func (e *Envelope) Seal(options *MessageParams) error {
|
|
|
|
if options.PoW == 0 {
|
2018-02-09 09:25:03 -06:00
|
|
|
// PoW is not required
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2019-03-26 04:23:59 -05:00
|
|
|
var target, bestLeadingZeros int
|
2018-02-09 09:25:03 -06:00
|
|
|
if options.PoW < 0 {
|
|
|
|
// target is not set - the function should run for a period
|
|
|
|
// of time specified in WorkTime param. Since we can predict
|
|
|
|
// the execution time, we can also adjust Expiry.
|
2017-11-03 15:29:49 -05:00
|
|
|
e.Expiry += options.WorkTime
|
|
|
|
} else {
|
|
|
|
target = e.powToFirstBit(options.PoW)
|
|
|
|
}
|
|
|
|
|
2019-06-25 05:01:34 -05:00
|
|
|
rlp := e.rlpWithoutNonce()
|
|
|
|
buf := make([]byte, len(rlp)+8)
|
|
|
|
copy(buf, rlp)
|
|
|
|
asAnInt := new(big.Int)
|
2017-11-03 15:29:49 -05:00
|
|
|
|
|
|
|
finish := time.Now().Add(time.Duration(options.WorkTime) * time.Second).UnixNano()
|
|
|
|
for nonce := uint64(0); time.Now().UnixNano() < finish; {
|
|
|
|
for i := 0; i < 1024; i++ {
|
2019-06-25 05:01:34 -05:00
|
|
|
binary.BigEndian.PutUint64(buf[len(rlp):], nonce)
|
|
|
|
h := crypto.Keccak256(buf)
|
|
|
|
asAnInt.SetBytes(h)
|
|
|
|
leadingZeros := 256 - asAnInt.BitLen()
|
2019-03-26 04:23:59 -05:00
|
|
|
if leadingZeros > bestLeadingZeros {
|
|
|
|
e.Nonce, bestLeadingZeros = nonce, leadingZeros
|
|
|
|
if target > 0 && bestLeadingZeros >= target {
|
2017-11-03 15:29:49 -05:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
nonce++
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-03-26 04:23:59 -05:00
|
|
|
if target > 0 && bestLeadingZeros < target {
|
2017-11-03 15:29:49 -05:00
|
|
|
return fmt.Errorf("failed to reach the PoW target, specified pow time (%d seconds) was insufficient", options.WorkTime)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-01-26 05:45:10 -06:00
|
|
|
// PoW computes (if necessary) and returns the proof of work target
|
|
|
|
// of the envelope.
|
2017-11-03 15:29:49 -05:00
|
|
|
func (e *Envelope) PoW() float64 {
|
|
|
|
if e.pow == 0 {
|
|
|
|
e.calculatePoW(0)
|
|
|
|
}
|
|
|
|
return e.pow
|
|
|
|
}
|
|
|
|
|
|
|
|
func (e *Envelope) calculatePoW(diff uint32) {
|
2019-03-26 04:23:59 -05:00
|
|
|
rlp := e.rlpWithoutNonce()
|
2019-06-25 05:01:34 -05:00
|
|
|
buf := make([]byte, len(rlp)+8)
|
|
|
|
copy(buf, rlp)
|
|
|
|
binary.BigEndian.PutUint64(buf[len(rlp):], e.Nonce)
|
2019-03-26 04:23:59 -05:00
|
|
|
powHash := new(big.Int).SetBytes(crypto.Keccak256(buf))
|
|
|
|
leadingZeroes := 256 - powHash.BitLen()
|
|
|
|
x := gmath.Pow(2, float64(leadingZeroes))
|
|
|
|
x /= float64(len(rlp))
|
2017-11-03 15:29:49 -05:00
|
|
|
x /= float64(e.TTL + diff)
|
|
|
|
e.pow = x
|
|
|
|
}
|
|
|
|
|
|
|
|
func (e *Envelope) powToFirstBit(pow float64) int {
|
|
|
|
x := pow
|
|
|
|
x *= float64(e.size())
|
|
|
|
x *= float64(e.TTL)
|
|
|
|
bits := gmath.Log2(x)
|
|
|
|
bits = gmath.Ceil(bits)
|
2018-02-09 09:25:03 -06:00
|
|
|
res := int(bits)
|
|
|
|
if res < 1 {
|
|
|
|
res = 1
|
|
|
|
}
|
|
|
|
return res
|
2017-11-03 15:29:49 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
// Hash returns the SHA3 hash of the envelope, calculating it if not yet done.
|
|
|
|
func (e *Envelope) Hash() common.Hash {
|
|
|
|
if (e.hash == common.Hash{}) {
|
|
|
|
encoded, _ := rlp.EncodeToBytes(e)
|
|
|
|
e.hash = crypto.Keccak256Hash(encoded)
|
|
|
|
}
|
|
|
|
return e.hash
|
|
|
|
}
|
|
|
|
|
|
|
|
// DecodeRLP decodes an Envelope from an RLP data stream.
|
|
|
|
func (e *Envelope) DecodeRLP(s *rlp.Stream) error {
|
|
|
|
raw, err := s.Raw()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
// The decoding of Envelope uses the struct fields but also needs
|
|
|
|
// to compute the hash of the whole RLP-encoded envelope. This
|
|
|
|
// type has the same structure as Envelope but is not an
|
|
|
|
// rlp.Decoder (does not implement DecodeRLP function).
|
|
|
|
// Only public members will be encoded.
|
|
|
|
type rlpenv Envelope
|
|
|
|
if err := rlp.DecodeBytes(raw, (*rlpenv)(e)); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
e.hash = crypto.Keccak256Hash(raw)
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// OpenAsymmetric tries to decrypt an envelope, potentially encrypted with a particular key.
|
|
|
|
func (e *Envelope) OpenAsymmetric(key *ecdsa.PrivateKey) (*ReceivedMessage, error) {
|
|
|
|
message := &ReceivedMessage{Raw: e.Data}
|
|
|
|
err := message.decryptAsymmetric(key)
|
|
|
|
switch err {
|
|
|
|
case nil:
|
|
|
|
return message, nil
|
|
|
|
case ecies.ErrInvalidPublicKey: // addressed to somebody else
|
|
|
|
return nil, err
|
|
|
|
default:
|
|
|
|
return nil, fmt.Errorf("unable to open envelope, decrypt failed: %v", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// OpenSymmetric tries to decrypt an envelope, potentially encrypted with a particular key.
|
|
|
|
func (e *Envelope) OpenSymmetric(key []byte) (msg *ReceivedMessage, err error) {
|
|
|
|
msg = &ReceivedMessage{Raw: e.Data}
|
2017-12-08 04:40:59 -06:00
|
|
|
err = msg.decryptSymmetric(key)
|
2017-11-03 15:29:49 -05:00
|
|
|
if err != nil {
|
|
|
|
msg = nil
|
|
|
|
}
|
|
|
|
return msg, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Open tries to decrypt an envelope, and populates the message fields in case of success.
|
|
|
|
func (e *Envelope) Open(watcher *Filter) (msg *ReceivedMessage) {
|
2018-03-02 07:54:54 -06:00
|
|
|
if watcher == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-01-30 02:55:08 -06:00
|
|
|
// The API interface forbids filters doing both symmetric and asymmetric encryption.
|
2017-12-08 04:40:59 -06:00
|
|
|
if watcher.expectsAsymmetricEncryption() && watcher.expectsSymmetricEncryption() {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
if watcher.expectsAsymmetricEncryption() {
|
2017-11-03 15:29:49 -05:00
|
|
|
msg, _ = e.OpenAsymmetric(watcher.KeyAsym)
|
|
|
|
if msg != nil {
|
|
|
|
msg.Dst = &watcher.KeyAsym.PublicKey
|
|
|
|
}
|
2017-12-08 04:40:59 -06:00
|
|
|
} else if watcher.expectsSymmetricEncryption() {
|
2017-11-03 15:29:49 -05:00
|
|
|
msg, _ = e.OpenSymmetric(watcher.KeySym)
|
|
|
|
if msg != nil {
|
|
|
|
msg.SymKeyHash = crypto.Keccak256Hash(watcher.KeySym)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if msg != nil {
|
2018-01-30 02:55:08 -06:00
|
|
|
ok := msg.ValidateAndParse()
|
2017-11-03 15:29:49 -05:00
|
|
|
if !ok {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
msg.Topic = e.Topic
|
|
|
|
msg.PoW = e.PoW()
|
|
|
|
msg.TTL = e.TTL
|
|
|
|
msg.Sent = e.Expiry - e.TTL
|
|
|
|
msg.EnvelopeHash = e.Hash()
|
|
|
|
}
|
|
|
|
return msg
|
|
|
|
}
|
2018-01-12 05:11:22 -06:00
|
|
|
|
|
|
|
// Bloom maps 4-bytes Topic into 64-byte bloom filter with 3 bits set (at most).
|
|
|
|
func (e *Envelope) Bloom() []byte {
|
|
|
|
if e.bloom == nil {
|
|
|
|
e.bloom = TopicToBloom(e.Topic)
|
|
|
|
}
|
|
|
|
return e.bloom
|
|
|
|
}
|
|
|
|
|
|
|
|
// TopicToBloom converts the topic (4 bytes) to the bloom filter (64 bytes)
|
|
|
|
func TopicToBloom(topic TopicType) []byte {
|
2018-03-01 09:04:09 -06:00
|
|
|
b := make([]byte, BloomFilterSize)
|
2018-01-12 05:11:22 -06:00
|
|
|
var index [3]int
|
|
|
|
for j := 0; j < 3; j++ {
|
|
|
|
index[j] = int(topic[j])
|
|
|
|
if (topic[3] & (1 << uint(j))) != 0 {
|
|
|
|
index[j] += 256
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
for j := 0; j < 3; j++ {
|
|
|
|
byteIndex := index[j] / 8
|
|
|
|
bitIndex := index[j] % 8
|
|
|
|
b[byteIndex] = (1 << uint(bitIndex))
|
|
|
|
}
|
|
|
|
return b
|
|
|
|
}
|
2018-03-06 16:37:43 -06:00
|
|
|
|
|
|
|
// GetEnvelope retrieves an envelope from the message queue by its hash.
|
|
|
|
// It returns nil if the envelope can not be found.
|
|
|
|
func (w *Whisper) GetEnvelope(hash common.Hash) *Envelope {
|
|
|
|
w.poolMu.RLock()
|
|
|
|
defer w.poolMu.RUnlock()
|
|
|
|
return w.envelopes[hash]
|
|
|
|
}
|