// Contains the Whisper protocol Envelope element. For formal details please see
// the specs at https://github.com/ethereum/wiki/wiki/Whisper-PoC-1-Protocol-Spec#envelopes.
package whisper
import (
"crypto/ecdsa"
"encoding/binary"
"fmt"
"time"
"github.com/ethereum/go-ethereum/common"
"github.com/ethereum/go-ethereum/crypto"
"github.com/ethereum/go-ethereum/crypto/ecies"
"github.com/ethereum/go-ethereum/rlp"
)
// Envelope represents a clear-text data packet to transmit through the Whisper
// network. Its contents may or may not be encrypted and signed.
type Envelope struct {
Expiry uint32 // Whisper protocol specifies int32, really should be int64
TTL uint32 // ^^^^^^
Topics []Topic
Data []byte
Nonce uint32
hash common.Hash // Cached hash of the envelope to avoid rehashing every time
}
// NewEnvelope wraps a Whisper message with expiration and destination data
// included into an envelope for network forwarding.
func NewEnvelope(ttl time.Duration, topics []Topic, msg *Message) *Envelope {
return &Envelope{
Expiry: uint32(time.Now().Add(ttl).Unix()),
TTL: uint32(ttl.Seconds()),
Topics: topics,
Data: msg.bytes(),
Nonce: 0,
}
}
// Seal closes the envelope by spending the requested amount of time as a proof
// of work on hashing the data.
func (self *Envelope) Seal(pow time.Duration) {
d := make([]byte, 64)
copy(d[:32], self.rlpWithoutNonce())
finish, bestBit := time.Now().Add(pow).UnixNano(), 0
for nonce := uint32(0); time.Now().UnixNano() < finish; {
for i := 0; i < 1024; i++ {
binary.BigEndian.PutUint32(d[60:], nonce)
firstBit := common.FirstBitSet(common.BigD(crypto.Sha3(d)))
if firstBit > bestBit {
self.Nonce, bestBit = nonce, firstBit
}
nonce++
}
}
}
// rlpWithoutNonce returns the RLP encoded envelope contents, except the nonce.
func (self *Envelope) rlpWithoutNonce() []byte {
enc, _ := rlp.EncodeToBytes([]interface{}{self.Expiry, self.TTL, self.Topics, self.Data})
return enc
}
// Open extracts the message contained within a potentially encrypted envelope.
func (self *Envelope) Open(key *ecdsa.PrivateKey) (msg *Message, err error) {
// Split open the payload into a message construct
data := self.Data
message := &Message{
Flags: data[0],
Sent: int64(self.Expiry - self.TTL),
}
data = data[1:]
if message.Flags&signatureFlag == signatureFlag {
if len(data) < signatureLength {
return nil, fmt.Errorf("unable to open envelope. First bit set but len(data) < len(signature)")
}
message.Signature, data = data[:signatureLength], data[signatureLength:]
}
message.Payload = data
// Decrypt the message, if requested
if key == nil {
return message, nil
}
err = message.decrypt(key)
switch err {
case nil:
return message, nil
case ecies.ErrInvalidPublicKey: // Payload isn't encrypted
return message, err
default:
return nil, fmt.Errorf("unable to open envelope, decrypt failed: %v", err)
}
}
// Hash returns the SHA3 hash of the envelope, calculating it if not yet done.
func (self *Envelope) Hash() common.Hash {
if (self.hash == common.Hash{}) {
enc, _ := rlp.EncodeToBytes(self)
self.hash = crypto.Sha3Hash(enc)
}
return self.hash
}
// DecodeRLP decodes an Envelope from an RLP data stream.
func (self *Envelope) DecodeRLP(s *rlp.Stream) error {
raw, err := s.Raw()
if err != nil {
return err
}
// The decoding of Envelope uses the struct fields but also needs
// to compute the hash of the whole RLP-encoded envelope. This
// type has the same structure as Envelope but is not an
// rlp.Decoder so we can reuse the Envelope struct definition.
type rlpenv Envelope
if err := rlp.DecodeBytes(raw, (*rlpenv)(self)); err != nil {
return err
}
self.hash = crypto.Sha3Hash(raw)
return nil
}