/*

This file is part of cpp-ethereum.

cpp-ethereum is free software: you can redistribute it and/or modify

it under the terms of the GNU General Public License as published by

the Free Software Foundation, either version 3 of the License, or

(at your option) any later version.

cpp-ethereum is distributed in the hope that it will be useful,

but WITHOUT ANY WARRANTY; without even the implied warranty of

MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

GNU General Public License for more details.

You should have received a copy of the GNU General Public License

along with cpp-ethereum. If not, see <http://www.gnu.org/licenses/>.

*/

/** @file Message.cpp

* @author Gav Wood <i@gavwood.com>

* @date 2014

*/

#include "Message.h"

using namespace std;

using namespace dev;

using namespace dev::p2p;

using namespace dev::shh;

Message::Message(Envelope const& _e, FullTopic const& _fk, Secret const& _s)

{

try

{

bytes b;

if (_s)

if (!decrypt(_s, &(_e.data()), b))

return;

else{}

else

{

// public - need to get the key through combining with the topic/topicIndex we know.

unsigned topicIndex = 0;

Secret topicSecret;

// determine topicSecret/topicIndex from knowledge of the collapsed topics (which give the order) and our full-size filter topic.

CollapsedTopic knownTopic = collapse(_fk);

for (unsigned ti = 0; ti < _fk.size() && !topicSecret; ++ti)

for (unsigned i = 0; i < _e.topic().size(); ++i)

if (_e.topic()[i] == knownTopic[ti])

{

topicSecret = _fk[ti];

topicIndex = i;

break;

}

if (_e.data().size() < _e.topic().size() * 32)

return;

// get key from decrypted topic key: just xor

h256 tk = h256(bytesConstRef(&(_e.data())).cropped(32 * topicIndex, 32));

bytesConstRef cipherText = bytesConstRef(&(_e.data())).cropped(32 * _e.topic().size());

// cdebug << "Decrypting(" << topicIndex << "): " << topicSecret << tk << (topicSecret ^ tk) << toHex(cipherText);

if (!decryptSym(topicSecret ^ tk, cipherText, b))

return;

// cdebug << "Got: " << toHex(b);

}

if (populate(b))

if (_s)

m_to = KeyPair(_s).pub();

}

catch (...) // Invalid secret? TODO: replace ... with InvalidSecret

{

}

}

bool Message::populate(bytes const& _data)

{

if (!_data.size())

return false;

byte flags = _data[0];

if (!!(flags & ContainsSignature) && _data.size() >= sizeof(Signature) + 1) // has a signature

{

bytesConstRef payload = bytesConstRef(&_data).cropped(1, _data.size() - sizeof(Signature) - 1);

h256 h = sha3(payload);

Signature const& sig = *(Signature const*)&(_data[1 + payload.size()]);

m_from = recover(sig, h);

if (!m_from)

return false;

m_payload = payload.toBytes();

}

else

m_payload = bytesConstRef(&_data).cropped(1).toBytes();

return true;

}

Envelope Message::seal(Secret _from, FullTopic const& _fullTopic, unsigned _ttl, unsigned _workToProve) const

{

CollapsedTopic topic = collapse(_fullTopic);

Envelope ret(time(0) + _ttl, _ttl, topic);

bytes input(1 + m_payload.size());

input[0] = 0;

memcpy(input.data() + 1, m_payload.data(), m_payload.size());

if (_from) // needs a sig

{

input.resize(1 + m_payload.size() + sizeof(Signature));

input[0] |= ContainsSignature;

*(Signature*)&(input[1 + m_payload.size()]) = sign(_from, sha3(m_payload));

// If this fails, the something is wrong with the sign-recover round-trip.

assert(recover(*(Signature*)&(input[1 + m_payload.size()]), sha3(m_payload)) == KeyPair(_from).pub());

}

if (m_to)

encrypt(m_to, &input, ret.m_data);

else

{

// create the shared secret and encrypt

Secret s = Secret::random();

for (h256 const& t: _fullTopic)

ret.m_data += (t ^ s).asBytes();

bytes d;

encryptSym(s, &input, d);

ret.m_data += d;

for (unsigned i = 0; i < _fullTopic.size(); ++i)

{

bytes b;

h256 tk = h256(bytesConstRef(&(ret.m_data)).cropped(32 * i, 32));

bytesConstRef cipherText = bytesConstRef(&(ret.m_data)).cropped(32 * ret.topic().size());

cnote << "Test decrypting(" << i << "): " << _fullTopic[i] << tk << (_fullTopic[i] ^ tk) << toHex(cipherText);

assert(decryptSym(_fullTopic[i] ^ tk, cipherText, b));

cnote << "Got: " << toHex(b);

}

}

ret.proveWork(_workToProve);

return ret;

}

Envelope::Envelope(RLP const& _m)

{

m_expiry = _m[0].toInt<unsigned>();

m_ttl = _m[1].toInt<unsigned>();

m_topic = _m[2].toVector<FixedHash<4>>();

m_data = _m[3].toBytes();

m_nonce = _m[4].toInt<u256>();

}

Message Envelope::open(FullTopic const& _ft, Secret const& _s) const

{

return Message(*this, _ft, _s);

}

unsigned Envelope::workProved() const

{

h256 d[2];

d[0] = sha3(WithoutNonce);

d[1] = m_nonce;

return dev::sha3(bytesConstRef(d[0].data(), 64)).firstBitSet();

}

void Envelope::proveWork(unsigned _ms)

{

// PoW

h256 d[2];

d[0] = sha3(WithoutNonce);

uint32_t& n = *(uint32_t*)&(d[1][28]);

unsigned bestBitSet = 0;

bytesConstRef chuck(d[0].data(), 64);

chrono::high_resolution_clock::time_point then = chrono::high_resolution_clock::now() + chrono::milliseconds(_ms);

for (n = 0; chrono::high_resolution_clock::now() < then; )

// do it rounds of 1024 for efficiency

for (unsigned i = 0; i < 1024; ++i, ++n)

{

auto fbs = dev::sha3(chuck).firstBitSet();

if (fbs > bestBitSet)

{

bestBitSet = fbs;

m_nonce = n;

}

}

}