diff --git a/libwhisper/Message.cpp b/libwhisper/Message.cpp
index 4375e0727..9ba67ff9c 100644
--- a/libwhisper/Message.cpp
+++ b/libwhisper/Message.cpp
@@ -35,34 +35,8 @@ Message::Message(Envelope const& _e, FullTopic const& _fk, Secret const& _s)
if (!decrypt(_s, &(_e.data()), b))
return;
else{}
- else
- {
- // public - need to get the key through combining with the topic/topicIndex we know.
- unsigned topicIndex = 0;
- Secret topicSecret;
-
- // determine topicSecret/topicIndex from knowledge of the collapsed topics (which give the order) and our full-size filter topic.
- CollapsedTopic knownTopic = collapse(_fk);
- for (unsigned ti = 0; ti < _fk.size() && !topicSecret; ++ti)
- for (unsigned i = 0; i < _e.topic().size(); ++i)
- if (_e.topic()[i] == knownTopic[ti])
- {
- topicSecret = _fk[ti];
- topicIndex = i;
- break;
- }
-
- if (_e.data().size() < _e.topic().size() * 32)
- return;
-
- // get key from decrypted topic key: just xor
- h256 tk = h256(bytesConstRef(&(_e.data())).cropped(32 * topicIndex, 32));
- bytesConstRef cipherText = bytesConstRef(&(_e.data())).cropped(32 * _e.topic().size());
-// cdebug << "Decrypting(" << topicIndex << "): " << topicSecret << tk << (topicSecret ^ tk) << toHex(cipherText);
- if (!decryptSym(topicSecret ^ tk, cipherText, b))
- return;
-// cdebug << "Got: " << toHex(b);
- }
+ else if (!openBroadcastEnvelope(_e, _fk, b))
+ return;
if (populate(b))
if (_s)
@@ -73,6 +47,34 @@ Message::Message(Envelope const& _e, FullTopic const& _fk, Secret const& _s)
}
}
+bool Message::openBroadcastEnvelope(Envelope const& _e, FullTopic const& _fk, bytes& o_b)
+{
+ // retrieve the key using the known topic and topicIndex.
+ unsigned topicIndex = 0;
+ Secret topicSecret;
+
+ // determine topicSecret/topicIndex from knowledge of the collapsed topics (which give the order) and our full-size filter topic.
+ CollapsedTopic knownTopic = collapse(_fk);
+ for (unsigned ti = 0; ti < _fk.size() && !topicSecret; ++ti)
+ for (unsigned i = 0; i < _e.topic().size(); ++i)
+ if (_e.topic()[i] == knownTopic[ti])
+ {
+ topicSecret = _fk[ti];
+ topicIndex = i;
+ break;
+ }
+
+ if (_e.data().size() < _e.topic().size() * h256::size)
+ return false;
+
+ unsigned index = topicIndex * 2;
+ h256 encryptedKey = h256(bytesConstRef(&(_e.data())).cropped(h256::size * index, h256::size));
+ h256 salt = h256(bytesConstRef(&(_e.data())).cropped(h256::size * ++index, h256::size));
+ h256 key = generateGamma(topicSecret, salt) ^ encryptedKey;
+ bytesConstRef cipherText = bytesConstRef(&(_e.data())).cropped(h256::size * 2 * _e.topic().size());
+ return decryptSym(key, cipherText, o_b);
+}
+
bool Message::populate(bytes const& _data)
{
if (!_data.size())
@@ -103,7 +105,7 @@ Envelope Message::seal(Secret _from, FullTopic const& _fullTopic, unsigned _ttl,
input[0] = 0;
memcpy(input.data() + 1, m_payload.data(), m_payload.size());
- if (_from) // needs a sig
+ if (_from) // needs a signature
{
input.resize(1 + m_payload.size() + sizeof(Signature));
input[0] |= ContainsSignature;
@@ -116,23 +118,19 @@ Envelope Message::seal(Secret _from, FullTopic const& _fullTopic, unsigned _ttl,
encrypt(m_to, &input, ret.m_data);
else
{
- // create the shared secret and encrypt
+ // this message is for broadcast (could be read by anyone who knows at least one of the topics)
+ // create the shared secret for encrypting the payload, then encrypt the shared secret with each topic
Secret s = Secret::random();
- for (h256 const& t: _fullTopic)
- ret.m_data += (t ^ s).asBytes();
+ for (h256 const& t : _fullTopic)
+ {
+ h256 salt = h256::random();
+ ret.m_data += (generateGamma(t, salt) ^ s).asBytes();
+ ret.m_data += salt.asBytes();
+ }
+
bytes d;
encryptSym(s, &input, d);
ret.m_data += d;
-
- for (unsigned i = 0; i < _fullTopic.size(); ++i)
- {
- bytes b;
- h256 tk = h256(bytesConstRef(&(ret.m_data)).cropped(32 * i, 32));
- bytesConstRef cipherText = bytesConstRef(&(ret.m_data)).cropped(32 * ret.topic().size());
- cnote << "Test decrypting(" << i << "): " << _fullTopic[i] << tk << (_fullTopic[i] ^ tk) << toHex(cipherText);
- assert(decryptSym(_fullTopic[i] ^ tk, cipherText, b));
- cnote << "Got: " << toHex(b);
- }
}
ret.proveWork(_workToProve);
diff --git a/libwhisper/Message.h b/libwhisper/Message.h
index 0735d6714..5b069f57b 100644
--- a/libwhisper/Message.h
+++ b/libwhisper/Message.h
@@ -127,6 +127,8 @@ public:
private:
bool populate(bytes const& _data);
+ bool openBroadcastEnvelope(Envelope const& _e, FullTopic const& _fk, bytes& o_b);
+ h256 generateGamma(h256 const& _key, h256 const& _salt) const { return sha3(_key ^ _salt); }
Public m_from;
Public m_to;
diff --git a/test/libwhisper/whisperMessage.cpp b/test/libwhisper/whisperMessage.cpp
new file mode 100644
index 000000000..5e4dff725
--- /dev/null
+++ b/test/libwhisper/whisperMessage.cpp
@@ -0,0 +1,100 @@
+/*
+This file is part of cpp-ethereum.
+
+cpp-ethereum is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+cpp-ethereum is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with cpp-ethereum. If not, see .
+*/
+/** @file whisperMessage.cpp
+* @author Vladislav Gluhovsky
+* @date May 2015
+*/
+
+#include
+#include
+
+using namespace std;
+using namespace dev;
+using namespace dev::shh;
+
+struct VerbosityHolder
+{
+ VerbosityHolder(int _temporaryValue) : oldLogVerbosity(g_logVerbosity) { g_logVerbosity = _temporaryValue; }
+ ~VerbosityHolder() { g_logVerbosity = oldLogVerbosity; }
+
+ int oldLogVerbosity;
+};
+
+FullTopic createRandomTopics(unsigned int i)
+{
+ FullTopic ret;
+ h256 t(i);
+
+ for (int j = 0; j < 8; ++j)
+ {
+ t = sha3(t);
+ ret.push_back(t);
+ }
+
+ return move(ret);
+}
+
+bytes createRandomPayload(unsigned int i)
+{
+ bytes ret;
+ srand(i);
+ int const sz = rand() % 1024;
+ for (int j = 0; j < sz; ++j)
+ ret.push_back(rand() % 256);
+
+ return move(ret);
+}
+
+void comparePayloads(Message const& m1, Message const& m2)
+{
+ bytes const& p1 = m1.payload();
+ bytes const& p2 = m2.payload();
+ BOOST_REQUIRE_EQUAL(p1.size(), p2.size());
+
+ for (size_t i = 0; i < p1.size(); ++i)
+ BOOST_REQUIRE_EQUAL(p1[i], p2[i]);
+}
+
+void sealAndOpenSingleMessage(unsigned int i)
+{
+ Secret zero;
+ FullTopic topics = createRandomTopics(i);
+ bytes const payload = createRandomPayload(i);
+ Message m1(payload);
+ Envelope e = m1.seal(zero, topics, 1, 1);
+
+ for (auto const& t: topics)
+ {
+ FullTopic singleTopic;
+ singleTopic.push_back(t);
+ Message m2(e, singleTopic, zero);
+ comparePayloads(m1, m2);
+ }
+}
+
+BOOST_AUTO_TEST_SUITE(whisperMessage)
+
+BOOST_AUTO_TEST_CASE(seal)
+{
+ VerbosityHolder setTemporaryLevel(10);
+ cnote << "Testing Envelope encryption...";
+
+ for (unsigned int i = 1; i < 10; ++i)
+ sealAndOpenSingleMessage(i);
+}
+
+BOOST_AUTO_TEST_SUITE_END()