github.hscsec.cn/scroll-tech/go-ethereum@v1.9.7/whisper/whisperv6/envelope.go (about)

     1  // Copyright 2016 The go-ethereum Authors
     2  // This file is part of the go-ethereum library.
     3  //
     4  // The go-ethereum library is free software: you can redistribute it and/or modify
     5  // it under the terms of the GNU Lesser General Public License as published by
     6  // the Free Software Foundation, either version 3 of the License, or
     7  // (at your option) any later version.
     8  //
     9  // The go-ethereum library is distributed in the hope that it will be useful,
    10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    12  // GNU Lesser General Public License for more details.
    13  //
    14  // You should have received a copy of the GNU Lesser General Public License
    15  // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
    16  
    17  // Contains the Whisper protocol Envelope element.
    18  
    19  package whisperv6
    20  
    21  import (
    22  	"crypto/ecdsa"
    23  	"encoding/binary"
    24  	"fmt"
    25  	gmath "math"
    26  	"math/big"
    27  	"time"
    28  
    29  	"github.com/ethereum/go-ethereum/common"
    30  	"github.com/ethereum/go-ethereum/crypto"
    31  	"github.com/ethereum/go-ethereum/crypto/ecies"
    32  	"github.com/ethereum/go-ethereum/rlp"
    33  )
    34  
    35  // Envelope represents a clear-text data packet to transmit through the Whisper
    36  // network. Its contents may or may not be encrypted and signed.
    37  type Envelope struct {
    38  	Expiry uint32
    39  	TTL    uint32
    40  	Topic  TopicType
    41  	Data   []byte
    42  	Nonce  uint64
    43  
    44  	pow float64 // Message-specific PoW as described in the Whisper specification.
    45  
    46  	// the following variables should not be accessed directly, use the corresponding function instead: Hash(), Bloom()
    47  	hash  common.Hash // Cached hash of the envelope to avoid rehashing every time.
    48  	bloom []byte
    49  }
    50  
    51  // size returns the size of envelope as it is sent (i.e. public fields only)
    52  func (e *Envelope) size() int {
    53  	return EnvelopeHeaderLength + len(e.Data)
    54  }
    55  
    56  // rlpWithoutNonce returns the RLP encoded envelope contents, except the nonce.
    57  func (e *Envelope) rlpWithoutNonce() []byte {
    58  	res, _ := rlp.EncodeToBytes([]interface{}{e.Expiry, e.TTL, e.Topic, e.Data})
    59  	return res
    60  }
    61  
    62  // NewEnvelope wraps a Whisper message with expiration and destination data
    63  // included into an envelope for network forwarding.
    64  func NewEnvelope(ttl uint32, topic TopicType, msg *sentMessage) *Envelope {
    65  	env := Envelope{
    66  		Expiry: uint32(time.Now().Add(time.Second * time.Duration(ttl)).Unix()),
    67  		TTL:    ttl,
    68  		Topic:  topic,
    69  		Data:   msg.Raw,
    70  		Nonce:  0,
    71  	}
    72  
    73  	return &env
    74  }
    75  
    76  // Seal closes the envelope by spending the requested amount of time as a proof
    77  // of work on hashing the data.
    78  func (e *Envelope) Seal(options *MessageParams) error {
    79  	if options.PoW == 0 {
    80  		// PoW is not required
    81  		return nil
    82  	}
    83  
    84  	var target, bestLeadingZeros int
    85  	if options.PoW < 0 {
    86  		// target is not set - the function should run for a period
    87  		// of time specified in WorkTime param. Since we can predict
    88  		// the execution time, we can also adjust Expiry.
    89  		e.Expiry += options.WorkTime
    90  	} else {
    91  		target = e.powToFirstBit(options.PoW)
    92  	}
    93  
    94  	rlp := e.rlpWithoutNonce()
    95  	buf := make([]byte, len(rlp)+8)
    96  	copy(buf, rlp)
    97  	asAnInt := new(big.Int)
    98  
    99  	finish := time.Now().Add(time.Duration(options.WorkTime) * time.Second).UnixNano()
   100  	for nonce := uint64(0); time.Now().UnixNano() < finish; {
   101  		for i := 0; i < 1024; i++ {
   102  			binary.BigEndian.PutUint64(buf[len(rlp):], nonce)
   103  			h := crypto.Keccak256(buf)
   104  			asAnInt.SetBytes(h)
   105  			leadingZeros := 256 - asAnInt.BitLen()
   106  			if leadingZeros > bestLeadingZeros {
   107  				e.Nonce, bestLeadingZeros = nonce, leadingZeros
   108  				if target > 0 && bestLeadingZeros >= target {
   109  					return nil
   110  				}
   111  			}
   112  			nonce++
   113  		}
   114  	}
   115  
   116  	if target > 0 && bestLeadingZeros < target {
   117  		return fmt.Errorf("failed to reach the PoW target, specified pow time (%d seconds) was insufficient", options.WorkTime)
   118  	}
   119  
   120  	return nil
   121  }
   122  
   123  // PoW computes (if necessary) and returns the proof of work target
   124  // of the envelope.
   125  func (e *Envelope) PoW() float64 {
   126  	if e.pow == 0 {
   127  		e.calculatePoW(0)
   128  	}
   129  	return e.pow
   130  }
   131  
   132  func (e *Envelope) calculatePoW(diff uint32) {
   133  	rlp := e.rlpWithoutNonce()
   134  	buf := make([]byte, len(rlp)+8)
   135  	copy(buf, rlp)
   136  	binary.BigEndian.PutUint64(buf[len(rlp):], e.Nonce)
   137  	powHash := new(big.Int).SetBytes(crypto.Keccak256(buf))
   138  	leadingZeroes := 256 - powHash.BitLen()
   139  	x := gmath.Pow(2, float64(leadingZeroes))
   140  	x /= float64(len(rlp))
   141  	x /= float64(e.TTL + diff)
   142  	e.pow = x
   143  }
   144  
   145  func (e *Envelope) powToFirstBit(pow float64) int {
   146  	x := pow
   147  	x *= float64(e.size())
   148  	x *= float64(e.TTL)
   149  	bits := gmath.Log2(x)
   150  	bits = gmath.Ceil(bits)
   151  	res := int(bits)
   152  	if res < 1 {
   153  		res = 1
   154  	}
   155  	return res
   156  }
   157  
   158  // Hash returns the SHA3 hash of the envelope, calculating it if not yet done.
   159  func (e *Envelope) Hash() common.Hash {
   160  	if (e.hash == common.Hash{}) {
   161  		encoded, _ := rlp.EncodeToBytes(e)
   162  		e.hash = crypto.Keccak256Hash(encoded)
   163  	}
   164  	return e.hash
   165  }
   166  
   167  // DecodeRLP decodes an Envelope from an RLP data stream.
   168  func (e *Envelope) DecodeRLP(s *rlp.Stream) error {
   169  	raw, err := s.Raw()
   170  	if err != nil {
   171  		return err
   172  	}
   173  	// The decoding of Envelope uses the struct fields but also needs
   174  	// to compute the hash of the whole RLP-encoded envelope. This
   175  	// type has the same structure as Envelope but is not an
   176  	// rlp.Decoder (does not implement DecodeRLP function).
   177  	// Only public members will be encoded.
   178  	type rlpenv Envelope
   179  	if err := rlp.DecodeBytes(raw, (*rlpenv)(e)); err != nil {
   180  		return err
   181  	}
   182  	e.hash = crypto.Keccak256Hash(raw)
   183  	return nil
   184  }
   185  
   186  // OpenAsymmetric tries to decrypt an envelope, potentially encrypted with a particular key.
   187  func (e *Envelope) OpenAsymmetric(key *ecdsa.PrivateKey) (*ReceivedMessage, error) {
   188  	message := &ReceivedMessage{Raw: e.Data}
   189  	err := message.decryptAsymmetric(key)
   190  	switch err {
   191  	case nil:
   192  		return message, nil
   193  	case ecies.ErrInvalidPublicKey: // addressed to somebody else
   194  		return nil, err
   195  	default:
   196  		return nil, fmt.Errorf("unable to open envelope, decrypt failed: %v", err)
   197  	}
   198  }
   199  
   200  // OpenSymmetric tries to decrypt an envelope, potentially encrypted with a particular key.
   201  func (e *Envelope) OpenSymmetric(key []byte) (msg *ReceivedMessage, err error) {
   202  	msg = &ReceivedMessage{Raw: e.Data}
   203  	err = msg.decryptSymmetric(key)
   204  	if err != nil {
   205  		msg = nil
   206  	}
   207  	return msg, err
   208  }
   209  
   210  // Open tries to decrypt an envelope, and populates the message fields in case of success.
   211  func (e *Envelope) Open(watcher *Filter) (msg *ReceivedMessage) {
   212  	if watcher == nil {
   213  		return nil
   214  	}
   215  
   216  	// The API interface forbids filters doing both symmetric and asymmetric encryption.
   217  	if watcher.expectsAsymmetricEncryption() && watcher.expectsSymmetricEncryption() {
   218  		return nil
   219  	}
   220  
   221  	if watcher.expectsAsymmetricEncryption() {
   222  		msg, _ = e.OpenAsymmetric(watcher.KeyAsym)
   223  		if msg != nil {
   224  			msg.Dst = &watcher.KeyAsym.PublicKey
   225  		}
   226  	} else if watcher.expectsSymmetricEncryption() {
   227  		msg, _ = e.OpenSymmetric(watcher.KeySym)
   228  		if msg != nil {
   229  			msg.SymKeyHash = crypto.Keccak256Hash(watcher.KeySym)
   230  		}
   231  	}
   232  
   233  	if msg != nil {
   234  		ok := msg.ValidateAndParse()
   235  		if !ok {
   236  			return nil
   237  		}
   238  		msg.Topic = e.Topic
   239  		msg.PoW = e.PoW()
   240  		msg.TTL = e.TTL
   241  		msg.Sent = e.Expiry - e.TTL
   242  		msg.EnvelopeHash = e.Hash()
   243  	}
   244  	return msg
   245  }
   246  
   247  // Bloom maps 4-bytes Topic into 64-byte bloom filter with 3 bits set (at most).
   248  func (e *Envelope) Bloom() []byte {
   249  	if e.bloom == nil {
   250  		e.bloom = TopicToBloom(e.Topic)
   251  	}
   252  	return e.bloom
   253  }
   254  
   255  // TopicToBloom converts the topic (4 bytes) to the bloom filter (64 bytes)
   256  func TopicToBloom(topic TopicType) []byte {
   257  	b := make([]byte, BloomFilterSize)
   258  	var index [3]int
   259  	for j := 0; j < 3; j++ {
   260  		index[j] = int(topic[j])
   261  		if (topic[3] & (1 << uint(j))) != 0 {
   262  			index[j] += 256
   263  		}
   264  	}
   265  
   266  	for j := 0; j < 3; j++ {
   267  		byteIndex := index[j] / 8
   268  		bitIndex := index[j] % 8
   269  		b[byteIndex] = (1 << uint(bitIndex))
   270  	}
   271  	return b
   272  }
   273  
   274  // GetEnvelope retrieves an envelope from the message queue by its hash.
   275  // It returns nil if the envelope can not be found.
   276  func (w *Whisper) GetEnvelope(hash common.Hash) *Envelope {
   277  	w.poolMu.RLock()
   278  	defer w.poolMu.RUnlock()
   279  	return w.envelopes[hash]
   280  }