* whisper skeleton * basic message store * rallying and message logic * pass host info to network protocol handlers * choose who starts rally based on node key * module reshuffling * mining messages * prune messages by low PoW until below size target * associated error type for ethkey generators and `OsRng` generator * beginnings of RPC * generic message handler for whisper * reshuffle code order * standard payload encoding and decoding * basic crypto * minor restructuring of net code * implement shh_post * merge? * implement filters * rand trait for hash types * filter RPCs for whisper * symmetric encryption of payload * pub-sub * filter tests * use only secure random IDs * attach arbitrary protocols to network * basic integration of whisper into Parity * eagerly prune low PoW entries * broadcast messages with salted topics * node info RPC * fix import * fix leading zeros calculation * address minor grumbles
358 lines
9.0 KiB
358 lines
9.0 KiB
// Copyright 2015-2017 Parity Technologies (UK) Ltd.
// This file is part of Parity.
// Parity is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// Parity is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with Parity. If not, see <http://www.gnu.org/licenses/>.
//! Common payload format definition, construction, and decoding.
//! Format:
//! flags: 1 byte
//! payload size: 0..4 bytes, BE, determined by flags.
//! optional padding: byte array up to 2^24 bytes in length. encoded in payload size.
//! optional signature: 65 bytes (r, s, v)
//! payload: byte array of length of arbitrary size.
//! flag bits used:
//! 0, 1 => how many bytes indicate padding length (up to 3)
//! 2 => whether signature is present
//! padding is used to mask information about size of message.
//! AES-256-GCM will append 12 bytes of metadata to the front of the message.
use bigint::hash::H256;
use byteorder::{BigEndian, ByteOrder, WriteBytesExt};
use ethkey::{Public, Secret};
use tiny_keccak::keccak256;
const SIGNATURE_LEN: usize = 65;
bitflags! {
struct Flags: u8 {
const FLAG_PAD_LEN_HIGH = 0b10000000;
const FLAG_PAD_LEN_LOW = 0b01000000;
const FLAG_SIGNED = 0b00100000;
// number of bytes of padding length (in the range 0..4)
fn padding_length_bytes(flags: Flags) -> usize {
match (flags & FLAG_PAD_LEN_HIGH, flags & FLAG_PAD_LEN_LOW) {
(FLAG_PAD_LEN_HIGH, _) => 2,
(_, FLAG_PAD_LEN_LOW) => 1,
(_, _) => 0,
// how many bytes are necessary to encode the given length. Range 0..4.
// `None` if too large.
fn num_padding_length_bytes(padding_len: usize) -> Option<usize> {
let bits = 64 - (padding_len as u64).leading_zeros();
match bits {
0 => Some(0),
0 ... 8 => Some(1),
0 ... 16 => Some(2),
0 ... 24 => Some(3),
_ => None,
/// Parameters for encoding a standard payload.
pub struct EncodeParams<'a> {
/// Message to encode.
pub message: &'a [u8],
/// Padding bytes. Maximum padding allowed is 65536 bytes.
pub padding: Option<&'a [u8]>,
/// Private key to sign with.
pub sign_with: Option<&'a Secret>,
impl<'a> Default for EncodeParams<'a> {
fn default() -> Self {
EncodeParams {
message: &[],
padding: None,
sign_with: None,
/// Parameters for decoding a standard payload.
pub struct Decoded<'a> {
/// Decoded message.
pub message: &'a [u8],
/// optional padding.
pub padding: Option<&'a [u8]>,
/// Recovered signature.
pub from: Option<Public>,
/// Encode using provided parameters.
pub fn encode(params: EncodeParams) -> Result<Vec<u8>, &'static str> {
const VEC_WRITE_INFALLIBLE: &'static str = "writing to a Vec<u8> can never fail; qed";
let padding_len = params.padding.map_or(0, |x| x.len());
let padding_len_bytes = num_padding_length_bytes(padding_len)
.ok_or_else(|| "padding size too long")?;
let signature = params.sign_with.map(|secret| {
let hash = H256(keccak256(params.message));
::ethkey::sign(secret, &hash)
let signature = match signature {
Some(Ok(sig)) => Some(sig),
Some(Err(_)) => return Err("invalid signing key provided"),
None => None,
let (flags, plaintext_size) = {
let mut flags = Flags::empty();
// 1 byte each for flags and version.
let mut plaintext_size = 2
+ padding_len_bytes
+ padding_len
+ params.message.len();
flags.bits = (padding_len_bytes << 6) as u8;
debug_assert_eq!(padding_length_bytes(flags), padding_len_bytes);
if let Some(ref sig) = signature {
plaintext_size += sig.len();
flags |= FLAG_SIGNED;
(flags, plaintext_size)
let mut plaintext = Vec::with_capacity(plaintext_size);
if let Some(padding) = params.padding {
plaintext.write_uint::<BigEndian>(padding_len as u64, padding_len_bytes)
if let Some(signature) = signature {
/// Decode using provided parameters
pub fn decode(payload: &[u8]) -> Result<Decoded, &'static str> {
let mut offset = 0;
let (padding, signature) = {
// use a closure for reading slices since std::io::Read would require
// us to copy.
let mut next_slice = |len| {
let end = offset + len;
if payload.len() >= end {
let slice = &payload[offset .. end];
offset = end;
} else {
return Err("unexpected end of payload")
if next_slice(1)?[0] != STANDARD_PAYLOAD_VERSION {
return Err("unknown payload version.");
let flags = Flags::from_bits_truncate(next_slice(1)?[0]);
let padding_len_bytes = padding_length_bytes(flags);
let padding = if padding_len_bytes != 0 {
let padding_len = BigEndian::read_uint(
Some(next_slice(padding_len as usize)?)
} else {
let signature = if flags & FLAG_SIGNED == FLAG_SIGNED {
let slice = next_slice(SIGNATURE_LEN)?;
let mut arr = [0; SIGNATURE_LEN];
let signature = ::ethkey::Signature::from(arr);
let not_rsv = signature.r() != &slice[..32]
|| signature.s() != &slice[32..64]
|| signature.v() != slice[64];
if not_rsv {
return Err("signature not in RSV format");
} else {
} else {
(padding, signature)
// remaining data is the message.
let message = &payload[offset..];
let from = match signature {
None => None,
Some(sig) => {
let hash = H256(keccak256(message));
Some(::ethkey::recover(&sig, &hash).map_err(|_| "invalid signature")?)
Ok(Decoded {
message: message,
padding: padding,
from: from,
mod tests {
use ethkey::{Generator, Random};
use super::*;
fn padding_len_bytes_sanity() {
const U24_MAX: usize = (1 << 24) - 1;
assert_eq!(padding_length_bytes(FLAG_PAD_LEN_HIGH | FLAG_PAD_LEN_LOW), 3);
assert_eq!(padding_length_bytes(FLAG_PAD_LEN_HIGH), 2);
assert_eq!(padding_length_bytes(FLAG_PAD_LEN_LOW), 1);
assert_eq!(padding_length_bytes(Flags::empty()), 0);
assert!(num_padding_length_bytes(u32::max_value() as _).is_none());
assert!(num_padding_length_bytes(U24_MAX + 1).is_none());
assert_eq!(num_padding_length_bytes(U24_MAX), Some(3));
assert_eq!(num_padding_length_bytes(u16::max_value() as usize + 1), Some(3));
assert_eq!(num_padding_length_bytes(u16::max_value() as usize), Some(2));
assert_eq!(num_padding_length_bytes(u8::max_value() as usize + 1), Some(2));
assert_eq!(num_padding_length_bytes(u8::max_value() as usize), Some(1));
assert_eq!(num_padding_length_bytes(1), Some(1));
assert_eq!(num_padding_length_bytes(0), Some(0));
fn encode_decode_roundtrip() {
let message = [1, 2, 3, 4, 5];
let encoded = encode(EncodeParams {
message: &message,
padding: None,
sign_with: None,
let decoded = decode(&encoded).unwrap();
assert_eq!(message, decoded.message);
fn encode_empty() {
let encoded = encode(EncodeParams {
message: &[],
padding: None,
sign_with: None,
let decoded = decode(&encoded).unwrap();
fn encode_with_signature() {
let key_pair = Random.generate().unwrap();
let message = [1, 3, 5, 7, 9];
let encoded = encode(EncodeParams {
message: &message,
padding: None,
sign_with: Some(key_pair.secret()),
let decoded = decode(&encoded).unwrap();
assert_eq!(decoded.message, message);
assert_eq!(decoded.from, Some(key_pair.public().clone()));
fn encode_with_padding() {
let message = [1, 3, 5, 7, 9];
let padding = [0xff; 1024 - 5];
let encoded = encode(EncodeParams {
message: &message,
padding: Some(&padding),
sign_with: None,
let decoded = decode(&encoded).unwrap();
assert_eq!(decoded.message, message);
assert_eq!(decoded.padding, Some(&padding[..]));
fn encode_with_padding_and_signature() {
let key_pair = Random.generate().unwrap();
let message = [1, 3, 5, 7, 9];
let padding = [0xff; 1024 - 5];
let encoded = encode(EncodeParams {
message: &message,
padding: Some(&padding),
sign_with: Some(key_pair.secret()),
let decoded = decode(&encoded).unwrap();
assert_eq!(decoded.message, message);
assert_eq!(decoded.padding, Some(&padding[..]));
assert_eq!(decoded.from, Some(key_pair.public().clone()));