Merge branch 'p2p-handshake-2' of https://github.com/fjl/go-ethereum into fjl-p2p-handshake-2

eth/backend.go

@@ -107,11 +107,9 @@ func (cfg *Config) nodeKey() (*ecdsa.PrivateKey, error) {
 type Ethereum struct {
 	// Channel for shutting down the ethereum
 	shutdownChan chan bool
-	quit         chan bool
 
 	// DB interface
 	db ethutil.Database
-	blacklist p2p.Blacklist
 
 	//*** SERVICES ***
 	// State manager for processing new blocks and managing the over all states
@@ -169,10 +167,8 @@ func New(config *Config) (*Ethereum, error) {
 
 	eth := &Ethereum{
 		shutdownChan: make(chan bool),
-		quit:         make(chan bool),
 		db:           db,
 		keyManager:   keyManager,
-		blacklist:    p2p.NewBlacklist(),
 		eventMux:     &event.TypeMux{},
 		logger:       ethlogger,
 	}
@@ -205,7 +201,6 @@ func New(config *Config) (*Ethereum, error) {
 		Name:           config.Name,
 		MaxPeers:       config.MaxPeers,
 		Protocols:      protocols,
-		Blacklist:      eth.blacklist,
 		NAT:            config.NAT,
 		NoDial:         !config.Dial,
 		BootstrapNodes: config.parseBootNodes(),
@@ -279,8 +274,6 @@ func (s *Ethereum) Stop() {
 	// Close the database
 	defer s.db.Close()
 
-	close(s.quit)
-
 	s.txSub.Unsubscribe()    // quits txBroadcastLoop
 	s.blockSub.Unsubscribe() // quits blockBroadcastLoop
 

eth/protocol.go

@@ -3,7 +3,6 @@ package eth
 import (
 	"bytes"
 	"fmt"
-	"io"
 	"math/big"
 
 	"github.com/ethereum/go-ethereum/core/types"
@@ -188,33 +187,37 @@ func (self *ethProtocol) handle() error {
 
 	case BlockHashesMsg:
 		msgStream := rlp.NewStream(msg.Payload)
-		var err error
+		if _, err := msgStream.List(); err != nil {
-		var i int
+			return err
+		}
 
+		var i int
 		iter := func() (hash []byte, ok bool) {
-			hash, err = msgStream.Bytes()
+			hash, err := msgStream.Bytes()
-			if err == nil {
+			if err == rlp.EOL {
-				i++
+				return nil, false
-				ok = true
+			} else if err != nil {
-			} else {
-				if err != io.EOF {
 				self.protoError(ErrDecode, "msg %v: after %v hashes : %v", msg, i, err)
+				return nil, false
 			}
+			i++
+			return hash, true
 		}
-			return
-		}
-
 		self.blockPool.AddBlockHashes(iter, self.id)
 
 	case GetBlocksMsg:
 		msgStream := rlp.NewStream(msg.Payload)
+		if _, err := msgStream.List(); err != nil {
+			return err
+		}
+
 		var blocks []interface{}
 		var i int
 		for {
 			i++
 			var hash []byte
 			if err := msgStream.Decode(&hash); err != nil {
-				if err == io.EOF {
+				if err == rlp.EOL {
 					break
 				} else {
 					return self.protoError(ErrDecode, "msg %v: %v", msg, err)
@@ -232,10 +235,13 @@ func (self *ethProtocol) handle() error {
 
 	case BlocksMsg:
 		msgStream := rlp.NewStream(msg.Payload)
+		if _, err := msgStream.List(); err != nil {
+			return err
+		}
 		for {
 			var block types.Block
 			if err := msgStream.Decode(&block); err != nil {
-				if err == io.EOF {
+				if err == rlp.EOL {
 					break
 				} else {
 					return self.protoError(ErrDecode, "msg %v: %v", msg, err)

p2p/discover/node.go

@@ -7,6 +7,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"math/big"
 	"math/rand"
 	"net"
 	"net/url"
@@ -14,6 +15,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/ethereum/go-ethereum/crypto"
 	"github.com/ethereum/go-ethereum/crypto/secp256k1"
 	"github.com/ethereum/go-ethereum/rlp"
 )
@@ -187,6 +189,19 @@ func PubkeyID(pub *ecdsa.PublicKey) NodeID {
 	return id
 }
 
+// Pubkey returns the public key represented by the node ID.
+// It returns an error if the ID is not a point on the curve.
+func (id NodeID) Pubkey() (*ecdsa.PublicKey, error) {
+	p := &ecdsa.PublicKey{Curve: crypto.S256(), X: new(big.Int), Y: new(big.Int)}
+	half := len(id) / 2
+	p.X.SetBytes(id[:half])
+	p.Y.SetBytes(id[half:])
+	if !p.Curve.IsOnCurve(p.X, p.Y) {
+		return nil, errors.New("not a point on the S256 curve")
+	}
+	return p, nil
+}
+
 // recoverNodeID computes the public key used to sign the
 // given hash from the signature.
 func recoverNodeID(hash, sig []byte) (id NodeID, err error) {

p2p/discover/node_test.go

@@ -133,6 +133,24 @@ func TestNodeID_recover(t *testing.T) {
 	if pub != recpub {
 		t.Errorf("recovered wrong pubkey:\ngot:  %v\nwant: %v", recpub, pub)
 	}
+
+	ecdsa, err := pub.Pubkey()
+	if err != nil {
+		t.Errorf("Pubkey error: %v", err)
+	}
+	if !reflect.DeepEqual(ecdsa, &prv.PublicKey) {
+		t.Errorf("Pubkey mismatch:\n  got:  %#v\n  want: %#v", ecdsa, &prv.PublicKey)
+	}
+}
+
+func TestNodeID_pubkeyBad(t *testing.T) {
+	ecdsa, err := NodeID{}.Pubkey()
+	if err == nil {
+		t.Error("expected error for zero ID")
+	}
+	if ecdsa != nil {
+		t.Error("expected nil result")
+	}
 }
 
 func TestNodeID_distcmp(t *testing.T) {

p2p/handshake.go

@@ -2,15 +2,18 @@ package p2p
 
 import (
 	"crypto/ecdsa"
+	"crypto/elliptic"
 	"crypto/rand"
 	"errors"
 	"fmt"
+	"hash"
 	"io"
 	"net"
 
 	"github.com/ethereum/go-ethereum/crypto"
 	"github.com/ethereum/go-ethereum/crypto/ecies"
 	"github.com/ethereum/go-ethereum/crypto/secp256k1"
+	"github.com/ethereum/go-ethereum/crypto/sha3"
 	"github.com/ethereum/go-ethereum/p2p/discover"
 	"github.com/ethereum/go-ethereum/rlp"
 )
@@ -25,25 +28,31 @@ const (
 	authRespLen = pubLen + shaLen + 1
 
 	eciesBytes     = 65 + 16 + 32
-	iHSLen     = authMsgLen + eciesBytes  // size of the final ECIES payload sent as initiator's handshake
+	encAuthMsgLen  = authMsgLen + eciesBytes  // size of the final ECIES payload sent as initiator's handshake
-	rHSLen     = authRespLen + eciesBytes // size of the final ECIES payload sent as receiver's handshake
+	encAuthRespLen = authRespLen + eciesBytes // size of the final ECIES payload sent as receiver's handshake
 )
 
+// conn represents a remote connection after encryption handshake
+// and protocol handshake have completed.
+//
+// The MsgReadWriter is usually layered as follows:
+//
+//     netWrapper       (I/O timeouts, thread-safe ReadMsg, WriteMsg)
+//     rlpxFrameRW      (message encoding, encryption, authentication)
+//     bufio.ReadWriter (buffering)
+//     net.Conn         (network I/O)
+//
 type conn struct {
-	*frameRW
+	MsgReadWriter
 	*protoHandshake
 }
 
-func newConn(fd net.Conn, hs *protoHandshake) *conn {
+// secrets represents the connection secrets
-	return &conn{newFrameRW(fd, msgWriteTimeout), hs}
+// which are negotiated during the encryption handshake.
-}
+type secrets struct {
-
+	RemoteID              discover.NodeID
-// encHandshake represents information about the remote end
+	AES, MAC              []byte
-// of a connection that is negotiated during the encryption handshake.
+	EgressMAC, IngressMAC hash.Hash
-type encHandshake struct {
-	ID         discover.NodeID
-	IngressMAC []byte
-	EgressMAC  []byte
 	Token                 []byte
 }
 
@@ -68,15 +77,21 @@ func setupConn(fd net.Conn, prv *ecdsa.PrivateKey, our *protoHandshake, dial *di
 }
 
 func setupInboundConn(fd net.Conn, prv *ecdsa.PrivateKey, our *protoHandshake) (*conn, error) {
-	// var remotePubkey []byte
+	secrets, err := receiverEncHandshake(fd, prv, nil)
-	// sessionToken, remotePubkey, err = inboundEncHandshake(fd, prv, nil)
+	if err != nil {
-	// copy(remoteID[:], remotePubkey)
+		return nil, fmt.Errorf("encryption handshake failed: %v", err)
+	}
 
-	rw := newFrameRW(fd, msgWriteTimeout)
+	// Run the protocol handshake using authenticated messages.
+	rw := newRlpxFrameRW(fd, secrets)
 	rhs, err := readProtocolHandshake(rw, our)
 	if err != nil {
 		return nil, err
 	}
+	if rhs.ID != secrets.RemoteID {
+		return nil, errors.New("node ID in protocol handshake does not match encryption handshake")
+	}
+	// TODO: validate that handshake node ID matches
 	if err := writeProtocolHandshake(rw, our); err != nil {
 		return nil, fmt.Errorf("protocol write error: %v", err)
 	}
@@ -84,10 +99,13 @@ func setupInboundConn(fd net.Conn, prv *ecdsa.PrivateKey, our *protoHandshake) (
 }
 
 func setupOutboundConn(fd net.Conn, prv *ecdsa.PrivateKey, our *protoHandshake, dial *discover.Node) (*conn, error) {
-	// remoteID = dial.ID
+	secrets, err := initiatorEncHandshake(fd, prv, dial.ID, nil)
-	// sessionToken, err = outboundEncHandshake(fd, prv, remoteID[:], nil)
+	if err != nil {
+		return nil, fmt.Errorf("encryption handshake failed: %v", err)
+	}
 
-	rw := newFrameRW(fd, msgWriteTimeout)
+	// Run the protocol handshake using authenticated messages.
+	rw := newRlpxFrameRW(fd, secrets)
 	if err := writeProtocolHandshake(rw, our); err != nil {
 		return nil, fmt.Errorf("protocol write error: %v", err)
 	}
@@ -101,273 +119,256 @@ func setupOutboundConn(fd net.Conn, prv *ecdsa.PrivateKey, our *protoHandshake,
 	return &conn{rw, rhs}, nil
 }
 
-// outboundEncHandshake negotiates a session token on conn.
+// encHandshake contains the state of the encryption handshake.
+type encHandshake struct {
+	initiator bool
+	remoteID  discover.NodeID
+
+	remotePub            *ecies.PublicKey  // remote-pubk
+	initNonce, respNonce []byte            // nonce
+	randomPrivKey        *ecies.PrivateKey // ecdhe-random
+	remoteRandomPub      *ecies.PublicKey  // ecdhe-random-pubk
+}
+
+// secrets is called after the handshake is completed.
+// It extracts the connection secrets from the handshake values.
+func (h *encHandshake) secrets(auth, authResp []byte) (secrets, error) {
+	ecdheSecret, err := h.randomPrivKey.GenerateShared(h.remoteRandomPub, sskLen, sskLen)
+	if err != nil {
+		return secrets{}, err
+	}
+
+	// derive base secrets from ephemeral key agreement
+	sharedSecret := crypto.Sha3(ecdheSecret, crypto.Sha3(h.respNonce, h.initNonce))
+	aesSecret := crypto.Sha3(ecdheSecret, sharedSecret)
+	s := secrets{
+		RemoteID: h.remoteID,
+		AES:      aesSecret,
+		MAC:      crypto.Sha3(ecdheSecret, aesSecret),
+		Token:    crypto.Sha3(sharedSecret),
+	}
+
+	// setup sha3 instances for the MACs
+	mac1 := sha3.NewKeccak256()
+	mac1.Write(xor(s.MAC, h.respNonce))
+	mac1.Write(auth)
+	mac2 := sha3.NewKeccak256()
+	mac2.Write(xor(s.MAC, h.initNonce))
+	mac2.Write(authResp)
+	if h.initiator {
+		s.EgressMAC, s.IngressMAC = mac1, mac2
+	} else {
+		s.EgressMAC, s.IngressMAC = mac2, mac1
+	}
+
+	return s, nil
+}
+
+func (h *encHandshake) ecdhShared(prv *ecdsa.PrivateKey) ([]byte, error) {
+	return ecies.ImportECDSA(prv).GenerateShared(h.remotePub, sskLen, sskLen)
+}
+
+// initiatorEncHandshake negotiates a session token on conn.
 // it should be called on the dialing side of the connection.
 //
-// privateKey is the local client's private key
+// prv is the local client's private key.
-// remotePublicKey is the remote peer's node ID
+// token is the token from a previous session with this node.
-// sessionToken is the token from a previous session with this node.
+func initiatorEncHandshake(conn io.ReadWriter, prv *ecdsa.PrivateKey, remoteID discover.NodeID, token []byte) (s secrets, err error) {
-func outboundEncHandshake(conn io.ReadWriter, prvKey *ecdsa.PrivateKey, remotePublicKey []byte, sessionToken []byte) (
+	h, err := newInitiatorHandshake(remoteID)
-	newSessionToken []byte,
-	err error,
-) {
-	auth, initNonce, randomPrivKey, err := authMsg(prvKey, remotePublicKey, sessionToken)
 	if err != nil {
-		return nil, err
+		return s, err
+	}
+	auth, err := h.authMsg(prv, token)
+	if err != nil {
+		return s, err
 	}
 	if _, err = conn.Write(auth); err != nil {
-		return nil, err
+		return s, err
 	}
 
-	response := make([]byte, rHSLen)
+	response := make([]byte, encAuthRespLen)
 	if _, err = io.ReadFull(conn, response); err != nil {
+		return s, err
+	}
+	if err := h.decodeAuthResp(response, prv); err != nil {
+		return s, err
+	}
+	return h.secrets(auth, response)
+}
+
+func newInitiatorHandshake(remoteID discover.NodeID) (*encHandshake, error) {
+	// generate random initiator nonce
+	n := make([]byte, shaLen)
+	if _, err := rand.Read(n); err != nil {
 		return nil, err
 	}
-	recNonce, remoteRandomPubKey, _, err := completeHandshake(response, prvKey)
+	// generate random keypair to use for signing
+	randpriv, err := ecies.GenerateKey(rand.Reader, crypto.S256(), nil)
 	if err != nil {
 		return nil, err
 	}
-
+	rpub, err := remoteID.Pubkey()
-	return newSession(initNonce, recNonce, randomPrivKey, remoteRandomPubKey)
-}
-
-// authMsg creates the initiator handshake.
-func authMsg(prvKey *ecdsa.PrivateKey, remotePubKeyS, sessionToken []byte) (
-	auth, initNonce []byte,
-	randomPrvKey *ecdsa.PrivateKey,
-	err error,
-) {
-	// session init, common to both parties
-	remotePubKey, err := importPublicKey(remotePubKeyS)
 	if err != nil {
-		return
+		return nil, fmt.Errorf("bad remoteID: %v", err)
+	}
+	h := &encHandshake{
+		initiator:     true,
+		remoteID:      remoteID,
+		remotePub:     ecies.ImportECDSAPublic(rpub),
+		initNonce:     n,
+		randomPrivKey: randpriv,
+	}
+	return h, nil
 }
 
-	var tokenFlag byte // = 0x00
+// authMsg creates an encrypted initiator handshake message.
-	if sessionToken == nil {
+func (h *encHandshake) authMsg(prv *ecdsa.PrivateKey, token []byte) ([]byte, error) {
+	var tokenFlag byte
+	if token == nil {
 		// no session token found means we need to generate shared secret.
 		// ecies shared secret is used as initial session token for new peers
 		// generate shared key from prv and remote pubkey
-		if sessionToken, err = ecies.ImportECDSA(prvKey).GenerateShared(ecies.ImportECDSAPublic(remotePubKey), sskLen, sskLen); err != nil {
+		var err error
-			return
+		if token, err = h.ecdhShared(prv); err != nil {
+			return nil, err
 		}
-		// tokenFlag = 0x00 // redundant
 	} else {
 		// for known peers, we use stored token from the previous session
 		tokenFlag = 0x01
 	}
 
-	//E(remote-pubk, S(ecdhe-random, ecdh-shared-secret^nonce) || H(ecdhe-random-pubk) || pubk || nonce || 0x0)
+	// sign known message:
-	// E(remote-pubk, S(ecdhe-random, token^nonce) || H(ecdhe-random-pubk) || pubk || nonce || 0x1)
-	// allocate msgLen long message,
-	var msg []byte = make([]byte, authMsgLen)
-	initNonce = msg[authMsgLen-shaLen-1 : authMsgLen-1]
-	if _, err = rand.Read(initNonce); err != nil {
-		return
-	}
-	// create known message
 	//   ecdh-shared-secret^nonce for new peers
 	//   token^nonce for old peers
-	var sharedSecret = xor(sessionToken, initNonce)
+	signed := xor(token, h.initNonce)
-
+	signature, err := crypto.Sign(signed, h.randomPrivKey.ExportECDSA())
-	// generate random keypair to use for signing
+	if err != nil {
-	if randomPrvKey, err = crypto.GenerateKey(); err != nil {
+		return nil, err
-		return
-	}
-	// sign shared secret (message known to both parties): shared-secret
-	var signature []byte
-	// signature = sign(ecdhe-random, shared-secret)
-	// uses secp256k1.Sign
-	if signature, err = crypto.Sign(sharedSecret, randomPrvKey); err != nil {
-		return
-	}
-
-	// message
-	// signed-shared-secret || H(ecdhe-random-pubk) || pubk || nonce || 0x0
-	copy(msg, signature) // copy signed-shared-secret
-	// H(ecdhe-random-pubk)
-	var randomPubKey64 []byte
-	if randomPubKey64, err = exportPublicKey(&randomPrvKey.PublicKey); err != nil {
-		return
-	}
-	var pubKey64 []byte
-	if pubKey64, err = exportPublicKey(&prvKey.PublicKey); err != nil {
-		return
-	}
-	copy(msg[sigLen:sigLen+shaLen], crypto.Sha3(randomPubKey64))
-	// pubkey copied to the correct segment.
-	copy(msg[sigLen+shaLen:sigLen+shaLen+pubLen], pubKey64)
-	// nonce is already in the slice
-	// stick tokenFlag byte to the end
-	msg[authMsgLen-1] = tokenFlag
-
-	// encrypt using remote-pubk
-	// auth = eciesEncrypt(remote-pubk, msg)
-	if auth, err = crypto.Encrypt(remotePubKey, msg); err != nil {
-		return
-	}
-	return
 	}
 
-// completeHandshake is called when the initiator receives an
+	// encode auth message
-// authentication response (aka receiver handshake). It completes the
+	// signature || sha3(ecdhe-random-pubk) || pubk || nonce || token-flag
-// handshake by reading off parameters the remote peer provides needed
+	msg := make([]byte, authMsgLen)
-// to set up the secure session.
+	n := copy(msg, signature)
-func completeHandshake(auth []byte, prvKey *ecdsa.PrivateKey) (
+	n += copy(msg[n:], crypto.Sha3(exportPubkey(&h.randomPrivKey.PublicKey)))
-	respNonce []byte,
+	n += copy(msg[n:], crypto.FromECDSAPub(&prv.PublicKey)[1:])
-	remoteRandomPubKey *ecdsa.PublicKey,
+	n += copy(msg[n:], h.initNonce)
-	tokenFlag bool,
+	msg[n] = tokenFlag
-	err error,
+
-) {
+	// encrypt auth message using remote-pubk
-	var msg []byte
+	return ecies.Encrypt(rand.Reader, h.remotePub, msg, nil, nil)
-	// they prove that msg is meant for me,
-	// I prove I possess private key if i can read it
-	if msg, err = crypto.Decrypt(prvKey, auth); err != nil {
-		return
 }
 
-	respNonce = msg[pubLen : pubLen+shaLen]
+// decodeAuthResp decode an encrypted authentication response message.
-	var remoteRandomPubKeyS = msg[:pubLen]
+func (h *encHandshake) decodeAuthResp(auth []byte, prv *ecdsa.PrivateKey) error {
-	if remoteRandomPubKey, err = importPublicKey(remoteRandomPubKeyS); err != nil {
+	msg, err := crypto.Decrypt(prv, auth)
-		return
+	if err != nil {
+		return fmt.Errorf("could not decrypt auth response (%v)", err)
 	}
-	if msg[authRespLen-1] == 0x01 {
+	h.respNonce = msg[pubLen : pubLen+shaLen]
-		tokenFlag = true
+	h.remoteRandomPub, err = importPublicKey(msg[:pubLen])
+	if err != nil {
+		return err
 	}
-	return
+	// ignore token flag for now
+	return nil
 }
 
-// inboundEncHandshake negotiates a session token on conn.
+// receiverEncHandshake negotiates a session token on conn.
 // it should be called on the listening side of the connection.
 //
-// privateKey is the local client's private key
+// prv is the local client's private key.
-// sessionToken is the token from a previous session with this node.
+// token is the token from a previous session with this node.
-func inboundEncHandshake(conn io.ReadWriter, prvKey *ecdsa.PrivateKey, sessionToken []byte) (
+func receiverEncHandshake(conn io.ReadWriter, prv *ecdsa.PrivateKey, token []byte) (s secrets, err error) {
-	token, remotePubKey []byte,
+	// read remote auth sent by initiator.
-	err error,
+	auth := make([]byte, encAuthMsgLen)
-) {
-	// we are listening connection. we are responders in the
-	// handshake. Extract info from the authentication. The initiator
-	// starts by sending us a handshake that we need to respond to. so
-	// we read auth message first, then respond.
-	auth := make([]byte, iHSLen)
 	if _, err := io.ReadFull(conn, auth); err != nil {
-		return nil, nil, err
+		return s, err
 	}
-	response, recNonce, initNonce, remotePubKey, randomPrivKey, remoteRandomPubKey, err := authResp(auth, sessionToken, prvKey)
+	h, err := decodeAuthMsg(prv, token, auth)
 	if err != nil {
-		return nil, nil, err
+		return s, err
-	}
-	if _, err = conn.Write(response); err != nil {
-		return nil, nil, err
-	}
-	token, err = newSession(initNonce, recNonce, randomPrivKey, remoteRandomPubKey)
-	return token, remotePubKey, err
 	}
 
-// authResp is called by peer if it accepted (but not
+	// send auth response
-// initiated) the connection from the remote. It is passed the initiator
+	resp, err := h.authResp(prv, token)
-// handshake received and the session token belonging to the
-// remote initiator.
-//
-// The first return value is the authentication response (aka receiver
-// handshake) that is to be sent to the remote initiator.
-func authResp(auth, sessionToken []byte, prvKey *ecdsa.PrivateKey) (
-	authResp, respNonce, initNonce, remotePubKeyS []byte,
-	randomPrivKey *ecdsa.PrivateKey,
-	remoteRandomPubKey *ecdsa.PublicKey,
-	err error,
-) {
-	// they prove that msg is meant for me,
-	// I prove I possess private key if i can read it
-	msg, err := crypto.Decrypt(prvKey, auth)
 	if err != nil {
-		return
+		return s, err
+	}
+	if _, err = conn.Write(resp); err != nil {
+		return s, err
 	}
 
-	remotePubKeyS = msg[sigLen+shaLen : sigLen+shaLen+pubLen]
+	return h.secrets(auth, resp)
-	remotePubKey, _ := importPublicKey(remotePubKeyS)
+}
 
-	var tokenFlag byte
+func decodeAuthMsg(prv *ecdsa.PrivateKey, token []byte, auth []byte) (*encHandshake, error) {
-	if sessionToken == nil {
+	var err error
-		// no session token found means we need to generate shared secret.
+	h := new(encHandshake)
-		// ecies shared secret is used as initial session token for new peers
+	// generate random keypair for session
-		// generate shared key from prv and remote pubkey
+	h.randomPrivKey, err = ecies.GenerateKey(rand.Reader, crypto.S256(), nil)
-		if sessionToken, err = ecies.ImportECDSA(prvKey).GenerateShared(ecies.ImportECDSAPublic(remotePubKey), sskLen, sskLen); err != nil {
+	if err != nil {
-			return
+		return nil, err
 	}
-		// tokenFlag = 0x00 // redundant
+	// generate random nonce
-	} else {
+	h.respNonce = make([]byte, shaLen)
-		// for known peers, we use stored token from the previous session
+	if _, err = rand.Read(h.respNonce); err != nil {
-		tokenFlag = 0x01
+		return nil, err
 	}
 
-	// the initiator nonce is read off the end of the message
+	msg, err := crypto.Decrypt(prv, auth)
-	initNonce = msg[authMsgLen-shaLen-1 : authMsgLen-1]
+	if err != nil {
-	// I prove that i own prv key (to derive shared secret, and read
+		return nil, fmt.Errorf("could not decrypt auth message (%v)", err)
-	// nonce off encrypted msg) and that I own shared secret they
-	// prove they own the private key belonging to ecdhe-random-pubk
-	// we can now reconstruct the signed message and recover the peers
-	// pubkey
-	var signedMsg = xor(sessionToken, initNonce)
-	var remoteRandomPubKeyS []byte
-	if remoteRandomPubKeyS, err = secp256k1.RecoverPubkey(signedMsg, msg[:sigLen]); err != nil {
-		return
 	}
-	// convert to ECDSA standard
+
-	if remoteRandomPubKey, err = importPublicKey(remoteRandomPubKeyS); err != nil {
+	// decode message parameters
-		return
+	// signature || sha3(ecdhe-random-pubk) || pubk || nonce || token-flag
+	h.initNonce = msg[authMsgLen-shaLen-1 : authMsgLen-1]
+	copy(h.remoteID[:], msg[sigLen+shaLen:sigLen+shaLen+pubLen])
+	rpub, err := h.remoteID.Pubkey()
+	if err != nil {
+		return nil, fmt.Errorf("bad remoteID: %#v", err)
 	}
+	h.remotePub = ecies.ImportECDSAPublic(rpub)
+
+	// recover remote random pubkey from signed message.
+	if token == nil {
+		// TODO: it is an error if the initiator has a token and we don't. check that.
 
-	// now we find ourselves a long task too, fill it random
+		// no session token means we need to generate shared secret.
-	var resp = make([]byte, authRespLen)
+		// ecies shared secret is used as initial session token for new peers.
-	// generate shaLen long nonce
+		// generate shared key from prv and remote pubkey.
-	respNonce = resp[pubLen : pubLen+shaLen]
+		if token, err = h.ecdhShared(prv); err != nil {
-	if _, err = rand.Read(respNonce); err != nil {
+			return nil, err
-		return
 		}
-	// generate random keypair for session
-	if randomPrivKey, err = crypto.GenerateKey(); err != nil {
-		return
 	}
+	signedMsg := xor(token, h.initNonce)
+	remoteRandomPub, err := secp256k1.RecoverPubkey(signedMsg, msg[:sigLen])
+	if err != nil {
+		return nil, err
+	}
+	h.remoteRandomPub, _ = importPublicKey(remoteRandomPub)
+	return h, nil
+}
+
+// authResp generates the encrypted authentication response message.
+func (h *encHandshake) authResp(prv *ecdsa.PrivateKey, token []byte) ([]byte, error) {
 	// responder auth message
 	// E(remote-pubk, ecdhe-random-pubk || nonce || 0x0)
-	var randomPubKeyS []byte
+	resp := make([]byte, authRespLen)
-	if randomPubKeyS, err = exportPublicKey(&randomPrivKey.PublicKey); err != nil {
+	n := copy(resp, exportPubkey(&h.randomPrivKey.PublicKey))
-		return
+	n += copy(resp[n:], h.respNonce)
+	if token == nil {
+		resp[n] = 0
+	} else {
+		resp[n] = 1
 	}
-	copy(resp[:pubLen], randomPubKeyS)
-	// nonce is already in the slice
-	resp[authRespLen-1] = tokenFlag
-
 	// encrypt using remote-pubk
-	// auth = eciesEncrypt(remote-pubk, msg)
+	return ecies.Encrypt(rand.Reader, h.remotePub, resp, nil, nil)
-	// why not encrypt with ecdhe-random-remote
-	if authResp, err = crypto.Encrypt(remotePubKey, resp); err != nil {
-		return
-	}
-	return
-}
-
-// newSession is called after the handshake is completed. The
-// arguments are values negotiated in the handshake. The return value
-// is a new session Token to be remembered for the next time we
-// connect with this peer.
-func newSession(initNonce, respNonce []byte, privKey *ecdsa.PrivateKey, remoteRandomPubKey *ecdsa.PublicKey) ([]byte, error) {
-	// 3) Now we can trust ecdhe-random-pubk to derive new keys
-	//ecdhe-shared-secret = ecdh.agree(ecdhe-random, remote-ecdhe-random-pubk)
-	pubKey := ecies.ImportECDSAPublic(remoteRandomPubKey)
-	dhSharedSecret, err := ecies.ImportECDSA(privKey).GenerateShared(pubKey, sskLen, sskLen)
-	if err != nil {
-		return nil, err
-	}
-	sharedSecret := crypto.Sha3(dhSharedSecret, crypto.Sha3(respNonce, initNonce))
-	sessionToken := crypto.Sha3(sharedSecret)
-	return sessionToken, nil
 }
 
 // importPublicKey unmarshals 512 bit public keys.
-func importPublicKey(pubKey []byte) (pubKeyEC *ecdsa.PublicKey, err error) {
+func importPublicKey(pubKey []byte) (*ecies.PublicKey, error) {
 	var pubKey65 []byte
 	switch len(pubKey) {
 	case 64:
@@ -378,14 +379,15 @@ func importPublicKey(pubKey []byte) (pubKeyEC *ecdsa.PublicKey, err error) {
 	default:
 		return nil, fmt.Errorf("invalid public key length %v (expect 64/65)", len(pubKey))
 	}
-	return crypto.ToECDSAPub(pubKey65), nil
+	// TODO: fewer pointless conversions
+	return ecies.ImportECDSAPublic(crypto.ToECDSAPub(pubKey65)), nil
 }
 
-func exportPublicKey(pubKeyEC *ecdsa.PublicKey) (pubKey []byte, err error) {
+func exportPubkey(pub *ecies.PublicKey) []byte {
-	if pubKeyEC == nil {
+	if pub == nil {
-		return nil, fmt.Errorf("no ECDSA public key given")
+		panic("nil pubkey")
 	}
-	return crypto.FromECDSAPub(pubKeyEC)[1:], nil
+	return elliptic.Marshal(pub.Curve, pub.X, pub.Y)[1:]
 }
 
 func xor(one, other []byte) (xor []byte) {

p2p/handshake_test.go

@@ -2,53 +2,18 @@ package p2p
 
 import (
 	"bytes"
-	"crypto/ecdsa"
 	"crypto/rand"
+	"fmt"
 	"net"
 	"reflect"
 	"testing"
+	"time"
 
 	"github.com/ethereum/go-ethereum/crypto"
 	"github.com/ethereum/go-ethereum/crypto/ecies"
 	"github.com/ethereum/go-ethereum/p2p/discover"
 )
 
-func TestPublicKeyEncoding(t *testing.T) {
-	prv0, _ := crypto.GenerateKey() // = ecdsa.GenerateKey(crypto.S256(), rand.Reader)
-	pub0 := &prv0.PublicKey
-	pub0s := crypto.FromECDSAPub(pub0)
-	pub1, err := importPublicKey(pub0s)
-	if err != nil {
-		t.Errorf("%v", err)
-	}
-	eciesPub1 := ecies.ImportECDSAPublic(pub1)
-	if eciesPub1 == nil {
-		t.Errorf("invalid ecdsa public key")
-	}
-	pub1s, err := exportPublicKey(pub1)
-	if err != nil {
-		t.Errorf("%v", err)
-	}
-	if len(pub1s) != 64 {
-		t.Errorf("wrong length expect 64, got", len(pub1s))
-	}
-	pub2, err := importPublicKey(pub1s)
-	if err != nil {
-		t.Errorf("%v", err)
-	}
-	pub2s, err := exportPublicKey(pub2)
-	if err != nil {
-		t.Errorf("%v", err)
-	}
-	if !bytes.Equal(pub1s, pub2s) {
-		t.Errorf("exports dont match")
-	}
-	pub2sEC := crypto.FromECDSAPub(pub2)
-	if !bytes.Equal(pub0s, pub2sEC) {
-		t.Errorf("exports dont match")
-	}
-}
-
 func TestSharedSecret(t *testing.T) {
 	prv0, _ := crypto.GenerateKey() // = ecdsa.GenerateKey(crypto.S256(), rand.Reader)
 	pub0 := &prv0.PublicKey
@@ -69,103 +34,85 @@ func TestSharedSecret(t *testing.T) {
 	}
 }
 
-func TestCryptoHandshake(t *testing.T) {
+func TestEncHandshake(t *testing.T) {
-	testCryptoHandshake(newkey(), newkey(), nil, t)
+	for i := 0; i < 20; i++ {
+		start := time.Now()
+		if err := testEncHandshake(nil); err != nil {
+			t.Fatalf("i=%d %v", i, err)
 		}
-
+		t.Logf("(without token) %d %v\n", i+1, time.Since(start))
-func TestCryptoHandshakeWithToken(t *testing.T) {
-	sessionToken := make([]byte, shaLen)
-	rand.Read(sessionToken)
-	testCryptoHandshake(newkey(), newkey(), sessionToken, t)
 	}
 
-func testCryptoHandshake(prv0, prv1 *ecdsa.PrivateKey, sessionToken []byte, t *testing.T) {
+	for i := 0; i < 20; i++ {
-	var err error
+		tok := make([]byte, shaLen)
-	// pub0 := &prv0.PublicKey
+		rand.Reader.Read(tok)
-	pub1 := &prv1.PublicKey
+		start := time.Now()
-
+		if err := testEncHandshake(tok); err != nil {
-	// pub0s := crypto.FromECDSAPub(pub0)
+			t.Fatalf("i=%d %v", i, err)
-	pub1s := crypto.FromECDSAPub(pub1)
-
-	// simulate handshake by feeding output to input
-	// initiator sends handshake 'auth'
-	auth, initNonce, randomPrivKey, err := authMsg(prv0, pub1s, sessionToken)
-	if err != nil {
-		t.Errorf("%v", err)
 		}
-	// t.Logf("-> %v", hexkey(auth))
+		t.Logf("(with token) %d %v\n", i+1, time.Since(start))
-
-	// receiver reads auth and responds with response
-	response, remoteRecNonce, remoteInitNonce, _, remoteRandomPrivKey, remoteInitRandomPubKey, err := authResp(auth, sessionToken, prv1)
-	if err != nil {
-		t.Errorf("%v", err)
 	}
-	// t.Logf("<- %v\n", hexkey(response))
-
-	// initiator reads receiver's response and the key exchange completes
-	recNonce, remoteRandomPubKey, _, err := completeHandshake(response, prv0)
-	if err != nil {
-		t.Errorf("completeHandshake error: %v", err)
 }
 
-	// now both parties should have the same session parameters
+func testEncHandshake(token []byte) error {
-	initSessionToken, err := newSession(initNonce, recNonce, randomPrivKey, remoteRandomPubKey)
+	type result struct {
-	if err != nil {
+		side string
-		t.Errorf("newSession error: %v", err)
+		s    secrets
-	}
+		err  error
-
-	recSessionToken, err := newSession(remoteInitNonce, remoteRecNonce, remoteRandomPrivKey, remoteInitRandomPubKey)
-	if err != nil {
-		t.Errorf("newSession error: %v", err)
 	}
+	var (
+		prv0, _  = crypto.GenerateKey()
+		prv1, _  = crypto.GenerateKey()
+		rw0, rw1 = net.Pipe()
+		output   = make(chan result)
+	)
 
-	// fmt.Printf("\nauth (%v) %x\n\nresp (%v) %x\n\n", len(auth), auth, len(response), response)
+	go func() {
-
+		r := result{side: "initiator"}
-	// fmt.Printf("\nauth %x\ninitNonce %x\nresponse%x\nremoteRecNonce %x\nremoteInitNonce %x\nremoteRandomPubKey %x\nrecNonce %x\nremoteInitRandomPubKey %x\ninitSessionToken %x\n\n", auth, initNonce, response, remoteRecNonce, remoteInitNonce, remoteRandomPubKey, recNonce, remoteInitRandomPubKey, initSessionToken)
+		defer func() { output <- r }()
 
-	if !bytes.Equal(initNonce, remoteInitNonce) {
+		pub1s := discover.PubkeyID(&prv1.PublicKey)
-		t.Errorf("nonces do not match")
+		r.s, r.err = initiatorEncHandshake(rw0, prv0, pub1s, token)
+		if r.err != nil {
+			return
 		}
-	if !bytes.Equal(recNonce, remoteRecNonce) {
+		id1 := discover.PubkeyID(&prv1.PublicKey)
-		t.Errorf("receiver nonces do not match")
+		if r.s.RemoteID != id1 {
+			r.err = fmt.Errorf("remote ID mismatch: got %v, want: %v", r.s.RemoteID, id1)
 		}
-	if !bytes.Equal(initSessionToken, recSessionToken) {
+	}()
-		t.Errorf("session tokens do not match")
+	go func() {
+		r := result{side: "receiver"}
+		defer func() { output <- r }()
+
+		r.s, r.err = receiverEncHandshake(rw1, prv1, token)
+		if r.err != nil {
+			return
 		}
+		id0 := discover.PubkeyID(&prv0.PublicKey)
+		if r.s.RemoteID != id0 {
+			r.err = fmt.Errorf("remote ID mismatch: got %v, want: %v", r.s.RemoteID, id0)
 		}
+	}()
 
-func TestEncHandshake(t *testing.T) {
+	// wait for results from both sides
-	defer testlog(t).detach()
+	r1, r2 := <-output, <-output
-
-	prv0, _ := crypto.GenerateKey()
-	prv1, _ := crypto.GenerateKey()
-	pub0s, _ := exportPublicKey(&prv0.PublicKey)
-	pub1s, _ := exportPublicKey(&prv1.PublicKey)
-	rw0, rw1 := net.Pipe()
-	tokens := make(chan []byte)
 
-	go func() {
+	if r1.err != nil {
-		token, err := outboundEncHandshake(rw0, prv0, pub1s, nil)
+		return fmt.Errorf("%s side error: %v", r1.side, r1.err)
-		if err != nil {
-			t.Errorf("outbound side error: %v", err)
-		}
-		tokens <- token
-	}()
-	go func() {
-		token, remotePubkey, err := inboundEncHandshake(rw1, prv1, nil)
-		if err != nil {
-			t.Errorf("inbound side error: %v", err)
 	}
-		if !bytes.Equal(remotePubkey, pub0s) {
+	if r2.err != nil {
-			t.Errorf("inbound side returned wrong remote pubkey\n  got:  %x\n  want: %x", remotePubkey, pub0s)
+		return fmt.Errorf("%s side error: %v", r2.side, r2.err)
 	}
-		tokens <- token
-	}()
 
-	t1, t2 := <-tokens, <-tokens
+	// don't compare remote node IDs
-	if !bytes.Equal(t1, t2) {
+	r1.s.RemoteID, r2.s.RemoteID = discover.NodeID{}, discover.NodeID{}
-		t.Error("session token mismatch")
+	// flip MACs on one of them so they compare equal
+	r1.s.EgressMAC, r1.s.IngressMAC = r1.s.IngressMAC, r1.s.EgressMAC
+	if !reflect.DeepEqual(r1.s, r2.s) {
+		return fmt.Errorf("secrets mismatch:\n t1: %#v\n t2: %#v", r1.s, r2.s)
 	}
+	return nil
 }
 
 func TestSetupConn(t *testing.T) {

p2p/message.go

@@ -1,14 +1,11 @@
 package p2p
 
 import (
-	"bufio"
 	"bytes"
-	"encoding/binary"
 	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
-	"math/big"
 	"net"
 	"sync"
 	"sync/atomic"
@@ -18,28 +15,6 @@ import (
 	"github.com/ethereum/go-ethereum/rlp"
 )
 
-// parameters for frameRW
-const (
-	// maximum time allowed for reading a message header.
-	// this is effectively the amount of time a connection can be idle.
-	frameReadTimeout = 1 * time.Minute
-
-	// maximum time allowed for reading the payload data of a message.
-	// this is shorter than (and distinct from) frameReadTimeout because
-	// the connection is not considered idle while a message is transferred.
-	// this also limits the payload size of messages to how much the connection
-	// can transfer within the timeout.
-	payloadReadTimeout = 5 * time.Second
-
-	// maximum amount of time allowed for writing a complete message.
-	msgWriteTimeout = 5 * time.Second
-
-	// messages smaller than this many bytes will be read at
-	// once before passing them to a protocol. this increases
-	// concurrency in the processing.
-	wholePayloadSize = 64 * 1024
-)
-
 // Msg defines the structure of a p2p message.
 //
 // Note that a Msg can only be sent once since the Payload reader is
@@ -55,19 +30,8 @@ type Msg struct {
 
 // NewMsg creates an RLP-encoded message with the given code.
 func NewMsg(code uint64, params ...interface{}) Msg {
-	buf := new(bytes.Buffer)
+	p := bytes.NewReader(ethutil.Encode(params))
-	for _, p := range params {
+	return Msg{Code: code, Size: uint32(p.Len()), Payload: p}
-		buf.Write(ethutil.Encode(p))
-	}
-	return Msg{Code: code, Size: uint32(buf.Len()), Payload: buf}
-}
-
-func encodePayload(params ...interface{}) []byte {
-	buf := new(bytes.Buffer)
-	for _, p := range params {
-		buf.Write(ethutil.Encode(p))
-	}
-	return buf.Bytes()
 }
 
 // Decode parse the RLP content of a message into
@@ -75,8 +39,7 @@ func encodePayload(params ...interface{}) []byte {
 //
 // For the decoding rules, please see package rlp.
 func (msg Msg) Decode(val interface{}) error {
-	s := rlp.NewListStream(msg.Payload, uint64(msg.Size))
+	if err := rlp.Decode(msg.Payload, val); err != nil {
-	if err := s.Decode(val); err != nil {
 		return newPeerError(errInvalidMsg, "(code %#x) (size %d) %v", msg.Code, msg.Size, err)
 	}
 	return nil
@@ -119,138 +82,28 @@ func EncodeMsg(w MsgWriter, code uint64, data ...interface{}) error {
 	return w.WriteMsg(NewMsg(code, data...))
 }
 
-// frameRW is a MsgReadWriter that reads and writes devp2p message frames.
+// netWrapper wrapsa MsgReadWriter with locks around
-// As required by the interface, ReadMsg and WriteMsg can be called from
+// ReadMsg/WriteMsg and applies read/write deadlines.
-// multiple goroutines.
+type netWrapper struct {
-type frameRW struct {
+	rmu, wmu sync.Mutex
-	net.Conn // make Conn methods available. be careful.
-	bufconn  *bufio.ReadWriter
-
-	// this channel is used to 'lend' bufconn to a caller of ReadMsg
-	// until the message payload has been consumed. the channel
-	// receives a value when EOF is reached on the payload, unblocking
-	// a pending call to ReadMsg.
-	rsync chan struct{}
-
-	// this mutex guards writes to bufconn.
-	writeMu sync.Mutex
-}
-
-func newFrameRW(conn net.Conn, timeout time.Duration) *frameRW {
-	rsync := make(chan struct{}, 1)
-	rsync <- struct{}{}
-	return &frameRW{
-		Conn:    conn,
-		bufconn: bufio.NewReadWriter(bufio.NewReader(conn), bufio.NewWriter(conn)),
-		rsync:   rsync,
-	}
-}
-
-var magicToken = []byte{34, 64, 8, 145}
 
-func (rw *frameRW) WriteMsg(msg Msg) error {
+	rtimeout, wtimeout time.Duration
-	rw.writeMu.Lock()
+	conn               net.Conn
-	defer rw.writeMu.Unlock()
+	wrapped            MsgReadWriter
-	rw.SetWriteDeadline(time.Now().Add(msgWriteTimeout))
-	if err := writeMsg(rw.bufconn, msg); err != nil {
-		return err
-	}
-	return rw.bufconn.Flush()
 }
 
-func writeMsg(w io.Writer, msg Msg) error {
+func (rw *netWrapper) ReadMsg() (Msg, error) {
-	// TODO: handle case when Size + len(code) + len(listhdr) overflows uint32
+	rw.rmu.Lock()
-	code := ethutil.Encode(uint32(msg.Code))
+	defer rw.rmu.Unlock()
-	listhdr := makeListHeader(msg.Size + uint32(len(code)))
+	rw.conn.SetReadDeadline(time.Now().Add(rw.rtimeout))
-	payloadLen := uint32(len(listhdr)) + uint32(len(code)) + msg.Size
+	return rw.wrapped.ReadMsg()
-
-	start := make([]byte, 8)
-	copy(start, magicToken)
-	binary.BigEndian.PutUint32(start[4:], payloadLen)
-
-	for _, b := range [][]byte{start, listhdr, code} {
-		if _, err := w.Write(b); err != nil {
-			return err
-		}
-	}
-	_, err := io.CopyN(w, msg.Payload, int64(msg.Size))
-	return err
 }
 
-func makeListHeader(length uint32) []byte {
+func (rw *netWrapper) WriteMsg(msg Msg) error {
-	if length < 56 {
+	rw.wmu.Lock()
-		return []byte{byte(length + 0xc0)}
+	defer rw.wmu.Unlock()
-	}
+	rw.conn.SetWriteDeadline(time.Now().Add(rw.wtimeout))
-	enc := big.NewInt(int64(length)).Bytes()
+	return rw.wrapped.WriteMsg(msg)
-	lenb := byte(len(enc)) + 0xf7
-	return append([]byte{lenb}, enc...)
-}
-
-func (rw *frameRW) ReadMsg() (msg Msg, err error) {
-	<-rw.rsync // wait until bufconn is ours
-
-	rw.SetReadDeadline(time.Now().Add(frameReadTimeout))
-
-	// read magic and payload size
-	start := make([]byte, 8)
-	if _, err = io.ReadFull(rw.bufconn, start); err != nil {
-		return msg, err
-	}
-	if !bytes.HasPrefix(start, magicToken) {
-		return msg, fmt.Errorf("bad magic token %x", start[:4])
-	}
-	size := binary.BigEndian.Uint32(start[4:])
-
-	// decode start of RLP message to get the message code
-	posr := &postrack{rw.bufconn, 0}
-	s := rlp.NewStream(posr)
-	if _, err := s.List(); err != nil {
-		return msg, err
-	}
-	msg.Code, err = s.Uint()
-	if err != nil {
-		return msg, err
-	}
-	msg.Size = size - posr.p
-
-	rw.SetReadDeadline(time.Now().Add(payloadReadTimeout))
-
-	if msg.Size <= wholePayloadSize {
-		// msg is small, read all of it and move on to the next message.
-		pbuf := make([]byte, msg.Size)
-		if _, err := io.ReadFull(rw.bufconn, pbuf); err != nil {
-			return msg, err
-		}
-		rw.rsync <- struct{}{} // bufconn is available again
-		msg.Payload = bytes.NewReader(pbuf)
-	} else {
-		// lend bufconn to the caller until it has
-		// consumed the payload. eofSignal will send a value
-		// on rw.rsync when EOF is reached.
-		pr := &eofSignal{rw.bufconn, msg.Size, rw.rsync}
-		msg.Payload = pr
-	}
-	return msg, nil
-}
-
-// postrack wraps an rlp.ByteReader with a position counter.
-type postrack struct {
-	r rlp.ByteReader
-	p uint32
-}
-
-func (r *postrack) Read(buf []byte) (int, error) {
-	n, err := r.r.Read(buf)
-	r.p += uint32(n)
-	return n, err
-}
-
-func (r *postrack) ReadByte() (byte, error) {
-	b, err := r.r.ReadByte()
-	if err == nil {
-		r.p++
-	}
-	return b, err
 }
 
 // eofSignal wraps a reader with eof signaling. the eof channel is

p2p/message_test.go

@@ -2,10 +2,12 @@ package p2p
 
 import (
 	"bytes"
+	"encoding/hex"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"runtime"
+	"strings"
 	"testing"
 	"time"
 )
@@ -15,62 +17,16 @@ func TestNewMsg(t *testing.T) {
 	if msg.Code != 3 {
 		t.Errorf("incorrect code %d, want %d", msg.Code)
 	}
-	if msg.Size != 5 {
+	expect := unhex("c50183303030")
-		t.Errorf("incorrect size %d, want %d", msg.Size, 5)
+	if msg.Size != uint32(len(expect)) {
+		t.Errorf("incorrect size %d, want %d", msg.Size, len(expect))
 	}
 	pl, _ := ioutil.ReadAll(msg.Payload)
-	expect := []byte{0x01, 0x83, 0x30, 0x30, 0x30}
 	if !bytes.Equal(pl, expect) {
 		t.Errorf("incorrect payload content, got %x, want %x", pl, expect)
 	}
 }
 
-// func TestEncodeDecodeMsg(t *testing.T) {
-// 	msg := NewMsg(3, 1, "000")
-// 	buf := new(bytes.Buffer)
-// 	if err := writeMsg(buf, msg); err != nil {
-// 		t.Fatalf("encodeMsg error: %v", err)
-// 	}
-// 	// t.Logf("encoded: %x", buf.Bytes())
-
-// 	decmsg, err := readMsg(buf)
-// 	if err != nil {
-// 		t.Fatalf("readMsg error: %v", err)
-// 	}
-// 	if decmsg.Code != 3 {
-// 		t.Errorf("incorrect code %d, want %d", decmsg.Code, 3)
-// 	}
-// 	if decmsg.Size != 5 {
-// 		t.Errorf("incorrect size %d, want %d", decmsg.Size, 5)
-// 	}
-
-// 	var data struct {
-// 		I uint
-// 		S string
-// 	}
-// 	if err := decmsg.Decode(&data); err != nil {
-// 		t.Fatalf("Decode error: %v", err)
-// 	}
-// 	if data.I != 1 {
-// 		t.Errorf("incorrect data.I: got %v, expected %d", data.I, 1)
-// 	}
-// 	if data.S != "000" {
-// 		t.Errorf("incorrect data.S: got %q, expected %q", data.S, "000")
-// 	}
-// }
-
-// func TestDecodeRealMsg(t *testing.T) {
-// 	data := ethutil.Hex2Bytes("2240089100000080f87e8002b5457468657265756d282b2b292f5065657220536572766572204f6e652f76302e372e382f52656c656173652f4c696e75782f672b2bc082765fb84086dd80b7aefd6a6d2e3b93f4f300a86bfb6ef7bdc97cb03f793db6bb")
-// 	msg, err := readMsg(bytes.NewReader(data))
-// 	if err != nil {
-// 		t.Fatalf("unexpected error: %v", err)
-// 	}
-
-// 	if msg.Code != 0 {
-// 		t.Errorf("incorrect code %d, want %d", msg.Code, 0)
-// 	}
-// }
-
 func ExampleMsgPipe() {
 	rw1, rw2 := MsgPipe()
 	go func() {
@@ -185,3 +141,11 @@ func TestEOFSignal(t *testing.T) {
 	default:
 	}
 }
+
+func unhex(str string) []byte {
+	b, err := hex.DecodeString(strings.Replace(str, "\n", "", -1))
+	if err != nil {
+		panic(fmt.Sprintf("invalid hex string: %q", str))
+	}
+	return b
+}

p2p/peer.go

@@ -20,8 +20,8 @@ const (
 	baseProtocolLength     = uint64(16)
 	baseProtocolMaxMsgSize = 10 * 1024 * 1024
 
-	disconnectGracePeriod = 2 * time.Second
 	pingInterval          = 15 * time.Second
+	disconnectGracePeriod = 2 * time.Second
 )
 
 const (
@@ -40,6 +40,7 @@ type Peer struct {
 	// Use them to display messages related to the peer.
 	*logger.Logger
 
+	conn    net.Conn
 	rw      *conn
 	running map[string]*protoRW
 
@@ -52,8 +53,9 @@ type Peer struct {
 // NewPeer returns a peer for testing purposes.
 func NewPeer(id discover.NodeID, name string, caps []Cap) *Peer {
 	pipe, _ := net.Pipe()
-	conn := newConn(pipe, &protoHandshake{ID: id, Name: name, Caps: caps})
+	msgpipe, _ := MsgPipe()
-	peer := newPeer(conn, nil)
+	conn := &conn{msgpipe, &protoHandshake{ID: id, Name: name, Caps: caps}}
+	peer := newPeer(pipe, conn, nil)
 	close(peer.closed) // ensures Disconnect doesn't block
 	return peer
 }
@@ -76,12 +78,12 @@ func (p *Peer) Caps() []Cap {
 
 // RemoteAddr returns the remote address of the network connection.
 func (p *Peer) RemoteAddr() net.Addr {
-	return p.rw.RemoteAddr()
+	return p.conn.RemoteAddr()
 }
 
 // LocalAddr returns the local address of the network connection.
 func (p *Peer) LocalAddr() net.Addr {
-	return p.rw.LocalAddr()
+	return p.conn.LocalAddr()
 }
 
 // Disconnect terminates the peer connection with the given reason.
@@ -98,10 +100,11 @@ func (p *Peer) String() string {
 	return fmt.Sprintf("Peer %.8x %v", p.rw.ID[:], p.RemoteAddr())
 }
 
-func newPeer(conn *conn, protocols []Protocol) *Peer {
+func newPeer(fd net.Conn, conn *conn, protocols []Protocol) *Peer {
-	logtag := fmt.Sprintf("Peer %.8x %v", conn.ID[:], conn.RemoteAddr())
+	logtag := fmt.Sprintf("Peer %.8x %v", conn.ID[:], fd.RemoteAddr())
 	p := &Peer{
 		Logger:   logger.NewLogger(logtag),
+		conn:     fd,
 		rw:       conn,
 		running:  matchProtocols(protocols, conn.Caps, conn),
 		disc:     make(chan DiscReason),
@@ -138,7 +141,7 @@ loop:
 			// We rely on protocols to abort if there is a write error. It
 			// might be more robust to handle them here as well.
 			p.DebugDetailf("Read error: %v\n", err)
-			p.rw.Close()
+			p.conn.Close()
 			return DiscNetworkError
 		case err := <-p.protoErr:
 			reason = discReasonForError(err)
@@ -161,18 +164,19 @@ func (p *Peer) politeDisconnect(reason DiscReason) {
 		EncodeMsg(p.rw, discMsg, uint(reason))
 		// Wait for the other side to close the connection.
 		// Discard any data that they send until then.
-		io.Copy(ioutil.Discard, p.rw)
+		io.Copy(ioutil.Discard, p.conn)
 		close(done)
 	}()
 	select {
 	case <-done:
 	case <-time.After(disconnectGracePeriod):
 	}
-	p.rw.Close()
+	p.conn.Close()
 }
 
 func (p *Peer) readLoop() error {
 	for {
+		p.conn.SetDeadline(time.Now().Add(frameReadTimeout))
 		msg, err := p.rw.ReadMsg()
 		if err != nil {
 			return err
@@ -190,12 +194,12 @@ func (p *Peer) handle(msg Msg) error {
 		msg.Discard()
 		go EncodeMsg(p.rw, pongMsg)
 	case msg.Code == discMsg:
-		var reason DiscReason
+		var reason [1]DiscReason
 		// no need to discard or for error checking, we'll close the
 		// connection after this.
 		rlp.Decode(msg.Payload, &reason)
 		p.Disconnect(DiscRequested)
-		return discRequestedError(reason)
+		return discRequestedError(reason[0])
 	case msg.Code < baseProtocolLength:
 		// ignore other base protocol messages
 		return msg.Discard()

p2p/peer_test.go

@@ -3,6 +3,7 @@ package p2p
 import (
 	"bytes"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"net"
 	"reflect"
@@ -29,8 +30,8 @@ var discard = Protocol{
 	},
 }
 
-func testPeer(protos []Protocol) (*conn, *Peer, <-chan DiscReason) {
+func testPeer(protos []Protocol) (io.Closer, *conn, *Peer, <-chan DiscReason) {
-	fd1, fd2 := net.Pipe()
+	fd1, _ := net.Pipe()
 	hs1 := &protoHandshake{ID: randomID(), Version: baseProtocolVersion}
 	hs2 := &protoHandshake{ID: randomID(), Version: baseProtocolVersion}
 	for _, p := range protos {
@@ -38,11 +39,12 @@ func testPeer(protos []Protocol) (*conn, *Peer, <-chan DiscReason) {
 		hs2.Caps = append(hs2.Caps, p.cap())
 	}
 
-	peer := newPeer(newConn(fd1, hs1), protos)
+	p1, p2 := MsgPipe()
+	peer := newPeer(fd1, &conn{p1, hs1}, protos)
 	errc := make(chan DiscReason, 1)
 	go func() { errc <- peer.run() }()
 
-	return newConn(fd2, hs2), peer, errc
+	return p1, &conn{p2, hs2}, peer, errc
 }
 
 func TestPeerProtoReadMsg(t *testing.T) {
@@ -67,8 +69,8 @@ func TestPeerProtoReadMsg(t *testing.T) {
 		},
 	}
 
-	rw, _, errc := testPeer([]Protocol{proto})
+	closer, rw, _, errc := testPeer([]Protocol{proto})
-	defer rw.Close()
+	defer closer.Close()
 
 	EncodeMsg(rw, baseProtocolLength+2, 1)
 	EncodeMsg(rw, baseProtocolLength+3, 2)
@@ -83,41 +85,6 @@ func TestPeerProtoReadMsg(t *testing.T) {
 	}
 }
 
-func TestPeerProtoReadLargeMsg(t *testing.T) {
-	defer testlog(t).detach()
-
-	msgsize := uint32(10 * 1024 * 1024)
-	done := make(chan struct{})
-	proto := Protocol{
-		Name:   "a",
-		Length: 5,
-		Run: func(peer *Peer, rw MsgReadWriter) error {
-			msg, err := rw.ReadMsg()
-			if err != nil {
-				t.Errorf("read error: %v", err)
-			}
-			if msg.Size != msgsize+4 {
-				t.Errorf("incorrect msg.Size, got %d, expected %d", msg.Size, msgsize)
-			}
-			msg.Discard()
-			close(done)
-			return nil
-		},
-	}
-
-	rw, _, errc := testPeer([]Protocol{proto})
-	defer rw.Close()
-
-	EncodeMsg(rw, 18, make([]byte, msgsize))
-	select {
-	case <-done:
-	case err := <-errc:
-		t.Errorf("peer returned: %v", err)
-	case <-time.After(2 * time.Second):
-		t.Errorf("receive timeout")
-	}
-}
-
 func TestPeerProtoEncodeMsg(t *testing.T) {
 	defer testlog(t).detach()
 
@@ -134,8 +101,8 @@ func TestPeerProtoEncodeMsg(t *testing.T) {
 			return nil
 		},
 	}
-	rw, _, _ := testPeer([]Protocol{proto})
+	closer, rw, _, _ := testPeer([]Protocol{proto})
-	defer rw.Close()
+	defer closer.Close()
 
 	if err := expectMsg(rw, 17, []string{"foo", "bar"}); err != nil {
 		t.Error(err)
@@ -145,8 +112,8 @@ func TestPeerProtoEncodeMsg(t *testing.T) {
 func TestPeerWriteForBroadcast(t *testing.T) {
 	defer testlog(t).detach()
 
-	rw, peer, peerErr := testPeer([]Protocol{discard})
+	closer, rw, peer, peerErr := testPeer([]Protocol{discard})
-	defer rw.Close()
+	defer closer.Close()
 
 	// test write errors
 	if err := peer.writeProtoMsg("b", NewMsg(3)); err == nil {
@@ -181,8 +148,8 @@ func TestPeerWriteForBroadcast(t *testing.T) {
 func TestPeerPing(t *testing.T) {
 	defer testlog(t).detach()
 
-	rw, _, _ := testPeer(nil)
+	closer, rw, _, _ := testPeer(nil)
-	defer rw.Close()
+	defer closer.Close()
 	if err := EncodeMsg(rw, pingMsg); err != nil {
 		t.Fatal(err)
 	}
@@ -194,15 +161,15 @@ func TestPeerPing(t *testing.T) {
 func TestPeerDisconnect(t *testing.T) {
 	defer testlog(t).detach()
 
-	rw, _, disc := testPeer(nil)
+	closer, rw, _, disc := testPeer(nil)
-	defer rw.Close()
+	defer closer.Close()
 	if err := EncodeMsg(rw, discMsg, DiscQuitting); err != nil {
 		t.Fatal(err)
 	}
 	if err := expectMsg(rw, discMsg, []interface{}{DiscRequested}); err != nil {
 		t.Error(err)
 	}
-	rw.Close() // make test end faster
+	closer.Close() // make test end faster
 	if reason := <-disc; reason != DiscRequested {
 		t.Errorf("run returned wrong reason: got %v, want %v", reason, DiscRequested)
 	}
@@ -244,13 +211,9 @@ func expectMsg(r MsgReader, code uint64, content interface{}) error {
 		if err != nil {
 			panic("content encode error: " + err.Error())
 		}
-		// skip over list header in encoded value. this is temporary.
+		if int(msg.Size) != len(contentEnc) {
-		contentEncR := bytes.NewReader(contentEnc)
+			return fmt.Errorf("message size mismatch: got %d, want %d", msg.Size, len(contentEnc))
-		if k, _, err := rlp.NewStream(contentEncR).Kind(); k != rlp.List || err != nil {
-			panic("content must encode as RLP list")
 		}
-		contentEnc = contentEnc[len(contentEnc)-contentEncR.Len():]
-
 		actualContent, err := ioutil.ReadAll(msg.Payload)
 		if err != nil {
 			return err

p2p/rlpx.go

@@ -0,0 +1,174 @@
+package p2p
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/hmac"
+	"errors"
+	"hash"
+	"io"
+
+	"github.com/ethereum/go-ethereum/rlp"
+)
+
+var (
+	// this is used in place of actual frame header data.
+	// TODO: replace this when Msg contains the protocol type code.
+	zeroHeader = []byte{0xC2, 0x80, 0x80}
+
+	// sixteen zero bytes
+	zero16 = make([]byte, 16)
+
+	maxUint24 = ^uint32(0) >> 8
+)
+
+// rlpxFrameRW implements a simplified version of RLPx framing.
+// chunked messages are not supported and all headers are equal to
+// zeroHeader.
+//
+// rlpxFrameRW is not safe for concurrent use from multiple goroutines.
+type rlpxFrameRW struct {
+	conn io.ReadWriter
+	enc  cipher.Stream
+	dec  cipher.Stream
+
+	macCipher  cipher.Block
+	egressMAC  hash.Hash
+	ingressMAC hash.Hash
+}
+
+func newRlpxFrameRW(conn io.ReadWriter, s secrets) *rlpxFrameRW {
+	macc, err := aes.NewCipher(s.MAC)
+	if err != nil {
+		panic("invalid MAC secret: " + err.Error())
+	}
+	encc, err := aes.NewCipher(s.AES)
+	if err != nil {
+		panic("invalid AES secret: " + err.Error())
+	}
+	// we use an all-zeroes IV for AES because the key used
+	// for encryption is ephemeral.
+	iv := make([]byte, encc.BlockSize())
+	return &rlpxFrameRW{
+		conn:       conn,
+		enc:        cipher.NewCTR(encc, iv),
+		dec:        cipher.NewCTR(encc, iv),
+		macCipher:  macc,
+		egressMAC:  s.EgressMAC,
+		ingressMAC: s.IngressMAC,
+	}
+}
+
+func (rw *rlpxFrameRW) WriteMsg(msg Msg) error {
+	ptype, _ := rlp.EncodeToBytes(msg.Code)
+
+	// write header
+	headbuf := make([]byte, 32)
+	fsize := uint32(len(ptype)) + msg.Size
+	if fsize > maxUint24 {
+		return errors.New("message size overflows uint24")
+	}
+	putInt24(fsize, headbuf) // TODO: check overflow
+	copy(headbuf[3:], zeroHeader)
+	rw.enc.XORKeyStream(headbuf[:16], headbuf[:16]) // first half is now encrypted
+
+	// write header MAC
+	copy(headbuf[16:], updateMAC(rw.egressMAC, rw.macCipher, headbuf[:16]))
+	if _, err := rw.conn.Write(headbuf); err != nil {
+		return err
+	}
+
+	// write encrypted frame, updating the egress MAC hash with
+	// the data written to conn.
+	tee := cipher.StreamWriter{S: rw.enc, W: io.MultiWriter(rw.conn, rw.egressMAC)}
+	if _, err := tee.Write(ptype); err != nil {
+		return err
+	}
+	if _, err := io.Copy(tee, msg.Payload); err != nil {
+		return err
+	}
+	if padding := fsize % 16; padding > 0 {
+		if _, err := tee.Write(zero16[:16-padding]); err != nil {
+			return err
+		}
+	}
+
+	// write frame MAC. egress MAC hash is up to date because
+	// frame content was written to it as well.
+	fmacseed := rw.egressMAC.Sum(nil)
+	mac := updateMAC(rw.egressMAC, rw.macCipher, fmacseed)
+	_, err := rw.conn.Write(mac)
+	return err
+}
+
+func (rw *rlpxFrameRW) ReadMsg() (msg Msg, err error) {
+	// read the header
+	headbuf := make([]byte, 32)
+	if _, err := io.ReadFull(rw.conn, headbuf); err != nil {
+		return msg, err
+	}
+	// verify header mac
+	shouldMAC := updateMAC(rw.ingressMAC, rw.macCipher, headbuf[:16])
+	if !hmac.Equal(shouldMAC, headbuf[16:]) {
+		return msg, errors.New("bad header MAC")
+	}
+	rw.dec.XORKeyStream(headbuf[:16], headbuf[:16]) // first half is now decrypted
+	fsize := readInt24(headbuf)
+	// ignore protocol type for now
+
+	// read the frame content
+	var rsize = fsize // frame size rounded up to 16 byte boundary
+	if padding := fsize % 16; padding > 0 {
+		rsize += 16 - padding
+	}
+	framebuf := make([]byte, rsize)
+	if _, err := io.ReadFull(rw.conn, framebuf); err != nil {
+		return msg, err
+	}
+
+	// read and validate frame MAC. we can re-use headbuf for that.
+	rw.ingressMAC.Write(framebuf)
+	fmacseed := rw.ingressMAC.Sum(nil)
+	if _, err := io.ReadFull(rw.conn, headbuf[:16]); err != nil {
+		return msg, err
+	}
+	shouldMAC = updateMAC(rw.ingressMAC, rw.macCipher, fmacseed)
+	if !hmac.Equal(shouldMAC, headbuf[:16]) {
+		return msg, errors.New("bad frame MAC")
+	}
+
+	// decrypt frame content
+	rw.dec.XORKeyStream(framebuf, framebuf)
+
+	// decode message code
+	content := bytes.NewReader(framebuf[:fsize])
+	if err := rlp.Decode(content, &msg.Code); err != nil {
+		return msg, err
+	}
+	msg.Size = uint32(content.Len())
+	msg.Payload = content
+	return msg, nil
+}
+
+// updateMAC reseeds the given hash with encrypted seed.
+// it returns the first 16 bytes of the hash sum after seeding.
+func updateMAC(mac hash.Hash, block cipher.Block, seed []byte) []byte {
+	aesbuf := make([]byte, aes.BlockSize)
+	block.Encrypt(aesbuf, mac.Sum(nil))
+	for i := range aesbuf {
+		aesbuf[i] ^= seed[i]
+	}
+	mac.Write(aesbuf)
+	return mac.Sum(nil)[:16]
+}
+
+func readInt24(b []byte) uint32 {
+	return uint32(b[2]) | uint32(b[1])<<8 | uint32(b[0])<<16
+}
+
+func putInt24(v uint32, b []byte) {
+	b[0] = byte(v >> 16)
+	b[1] = byte(v >> 8)
+	b[2] = byte(v)
+}

p2p/rlpx_test.go

@@ -0,0 +1,124 @@
+package p2p
+
+import (
+	"bytes"
+	"crypto/rand"
+	"io/ioutil"
+	"strings"
+	"testing"
+
+	"github.com/ethereum/go-ethereum/crypto"
+	"github.com/ethereum/go-ethereum/crypto/sha3"
+	"github.com/ethereum/go-ethereum/rlp"
+)
+
+func TestRlpxFrameFake(t *testing.T) {
+	buf := new(bytes.Buffer)
+	hash := fakeHash([]byte{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1})
+	rw := newRlpxFrameRW(buf, secrets{
+		AES:        crypto.Sha3(),
+		MAC:        crypto.Sha3(),
+		IngressMAC: hash,
+		EgressMAC:  hash,
+	})
+
+	golden := unhex(`
+00828ddae471818bb0bfa6b551d1cb42
+01010101010101010101010101010101
+ba628a4ba590cb43f7848f41c4382885
+01010101010101010101010101010101
+`)
+
+	// Check WriteMsg. This puts a message into the buffer.
+	if err := EncodeMsg(rw, 8, 1, 2, 3, 4); err != nil {
+		t.Fatalf("WriteMsg error: %v", err)
+	}
+	written := buf.Bytes()
+	if !bytes.Equal(written, golden) {
+		t.Fatalf("output mismatch:\n  got:  %x\n  want: %x", written, golden)
+	}
+
+	// Check ReadMsg. It reads the message encoded by WriteMsg, which
+	// is equivalent to the golden message above.
+	msg, err := rw.ReadMsg()
+	if err != nil {
+		t.Fatalf("ReadMsg error: %v", err)
+	}
+	if msg.Size != 5 {
+		t.Errorf("msg size mismatch: got %d, want %d", msg.Size, 5)
+	}
+	if msg.Code != 8 {
+		t.Errorf("msg code mismatch: got %d, want %d", msg.Code, 8)
+	}
+	payload, _ := ioutil.ReadAll(msg.Payload)
+	wantPayload := unhex("C401020304")
+	if !bytes.Equal(payload, wantPayload) {
+		t.Errorf("msg payload mismatch:\ngot  %x\nwant %x", payload, wantPayload)
+	}
+}
+
+type fakeHash []byte
+
+func (fakeHash) Write(p []byte) (int, error) { return len(p), nil }
+func (fakeHash) Reset()                      {}
+func (fakeHash) BlockSize() int              { return 0 }
+
+func (h fakeHash) Size() int           { return len(h) }
+func (h fakeHash) Sum(b []byte) []byte { return append(b, h...) }
+
+func TestRlpxFrameRW(t *testing.T) {
+	var (
+		aesSecret      = make([]byte, 16)
+		macSecret      = make([]byte, 16)
+		egressMACinit  = make([]byte, 32)
+		ingressMACinit = make([]byte, 32)
+	)
+	for _, s := range [][]byte{aesSecret, macSecret, egressMACinit, ingressMACinit} {
+		rand.Read(s)
+	}
+	conn := new(bytes.Buffer)
+
+	s1 := secrets{
+		AES:        aesSecret,
+		MAC:        macSecret,
+		EgressMAC:  sha3.NewKeccak256(),
+		IngressMAC: sha3.NewKeccak256(),
+	}
+	s1.EgressMAC.Write(egressMACinit)
+	s1.IngressMAC.Write(ingressMACinit)
+	rw1 := newRlpxFrameRW(conn, s1)
+
+	s2 := secrets{
+		AES:        aesSecret,
+		MAC:        macSecret,
+		EgressMAC:  sha3.NewKeccak256(),
+		IngressMAC: sha3.NewKeccak256(),
+	}
+	s2.EgressMAC.Write(ingressMACinit)
+	s2.IngressMAC.Write(egressMACinit)
+	rw2 := newRlpxFrameRW(conn, s2)
+
+	// send some messages
+	for i := 0; i < 10; i++ {
+		// write message into conn buffer
+		wmsg := []interface{}{"foo", "bar", strings.Repeat("test", i)}
+		err := EncodeMsg(rw1, uint64(i), wmsg...)
+		if err != nil {
+			t.Fatalf("WriteMsg error (i=%d): %v", i, err)
+		}
+
+		// read message that rw1 just wrote
+		msg, err := rw2.ReadMsg()
+		if err != nil {
+			t.Fatalf("ReadMsg error (i=%d): %v", i, err)
+		}
+		if msg.Code != uint64(i) {
+			t.Fatalf("msg code mismatch: got %d, want %d", msg.Code, i)
+		}
+		payload, _ := ioutil.ReadAll(msg.Payload)
+		wantPayload, _ := rlp.EncodeToBytes(wmsg)
+		if !bytes.Equal(payload, wantPayload) {
+			t.Fatalf("msg payload mismatch:\ngot  %x\nwant %x", payload, wantPayload)
+		}
+	}
+}

p2p/server.go

@@ -10,15 +10,24 @@ import (
 	"sync"
 	"time"
 
+	"github.com/ethereum/go-ethereum/ethutil"
 	"github.com/ethereum/go-ethereum/logger"
 	"github.com/ethereum/go-ethereum/p2p/discover"
 	"github.com/ethereum/go-ethereum/p2p/nat"
 )
 
 const (
-	handshakeTimeout     = 5 * time.Second
 	defaultDialTimeout   = 10 * time.Second
 	refreshPeersInterval = 30 * time.Second
+
+	// total timeout for encryption handshake and protocol
+	// handshake in both directions.
+	handshakeTimeout = 5 * time.Second
+	// maximum time allowed for reading a complete message.
+	// this is effectively the amount of time a connection can be idle.
+	frameReadTimeout = 1 * time.Minute
+	// maximum amount of time allowed for writing a complete message.
+	frameWriteTimeout = 5 * time.Second
 )
 
 var srvlog = logger.NewLogger("P2P Server")
@@ -57,10 +66,6 @@ type Server struct {
 	// each peer.
 	Protocols []Protocol
 
-	// If Blacklist is set to a non-nil value, the given Blacklist
-	// is used to verify peer connections.
-	Blacklist Blacklist
-
 	// If ListenAddr is set to a non-nil address, the server
 	// will listen for incoming connections.
 	//
@@ -135,7 +140,7 @@ func (srv *Server) SuggestPeer(n *discover.Node) {
 func (srv *Server) Broadcast(protocol string, code uint64, data ...interface{}) {
 	var payload []byte
 	if data != nil {
-		payload = encodePayload(data...)
+		payload = ethutil.Encode(data)
 	}
 	srv.lock.RLock()
 	defer srv.lock.RUnlock()
@@ -174,9 +179,6 @@ func (srv *Server) Start() (err error) {
 	if srv.setupFunc == nil {
 		srv.setupFunc = setupConn
 	}
-	if srv.Blacklist == nil {
-		srv.Blacklist = NewBlacklist()
-	}
 
 	// node table
 	ntab, err := discover.ListenUDP(srv.PrivateKey, srv.ListenAddr, srv.NAT)
@@ -365,7 +367,12 @@ func (srv *Server) startPeer(fd net.Conn, dest *discover.Node) {
 		srvlog.Debugf("Handshake with %v failed: %v", fd.RemoteAddr(), err)
 		return
 	}
-	p := newPeer(conn, srv.Protocols)
+
+	conn.MsgReadWriter = &netWrapper{
+		wrapped: conn.MsgReadWriter,
+		conn:    fd, rtimeout: frameReadTimeout, wtimeout: frameWriteTimeout,
+	}
+	p := newPeer(fd, conn, srv.Protocols)
 	if ok, reason := srv.addPeer(conn.ID, p); !ok {
 		srvlog.DebugDetailf("Not adding %v (%v)\n", p, reason)
 		p.politeDisconnect(reason)
@@ -375,7 +382,7 @@ func (srv *Server) startPeer(fd net.Conn, dest *discover.Node) {
 	srvlog.Debugf("Added %v\n", p)
 	srvjslog.LogJson(&logger.P2PConnected{
 		RemoteId:            fmt.Sprintf("%x", conn.ID[:]),
-		RemoteAddress:       conn.RemoteAddr().String(),
+		RemoteAddress:       fd.RemoteAddr().String(),
 		RemoteVersionString: conn.Name,
 		NumConnections:      srv.PeerCount(),
 	})
@@ -403,8 +410,6 @@ func (srv *Server) addPeer(id discover.NodeID, p *Peer) (bool, DiscReason) {
 		return false, DiscTooManyPeers
 	case srv.peers[id] != nil:
 		return false, DiscAlreadyConnected
-	case srv.Blacklist.Exists(id[:]):
-		return false, DiscUselessPeer
 	case id == srv.ntab.Self():
 		return false, DiscSelf
 	}
@@ -418,53 +423,3 @@ func (srv *Server) removePeer(p *Peer) {
 	srv.lock.Unlock()
 	srv.peerWG.Done()
 }
-
-type Blacklist interface {
-	Get([]byte) (bool, error)
-	Put([]byte) error
-	Delete([]byte) error
-	Exists(pubkey []byte) (ok bool)
-}
-
-type BlacklistMap struct {
-	blacklist map[string]bool
-	lock      sync.RWMutex
-}
-
-func NewBlacklist() *BlacklistMap {
-	return &BlacklistMap{
-		blacklist: make(map[string]bool),
-	}
-}
-
-func (self *BlacklistMap) Get(pubkey []byte) (bool, error) {
-	self.lock.RLock()
-	defer self.lock.RUnlock()
-	v, ok := self.blacklist[string(pubkey)]
-	var err error
-	if !ok {
-		err = fmt.Errorf("not found")
-	}
-	return v, err
-}
-
-func (self *BlacklistMap) Exists(pubkey []byte) (ok bool) {
-	self.lock.RLock()
-	defer self.lock.RUnlock()
-	_, ok = self.blacklist[string(pubkey)]
-	return
-}
-
-func (self *BlacklistMap) Put(pubkey []byte) error {
-	self.lock.Lock()
-	defer self.lock.Unlock()
-	self.blacklist[string(pubkey)] = true
-	return nil
-}
-
-func (self *BlacklistMap) Delete(pubkey []byte) error {
-	self.lock.Lock()
-	defer self.lock.Unlock()
-	delete(self.blacklist, string(pubkey))
-	return nil
-}

p2p/server_test.go

@@ -11,6 +11,7 @@ import (
 	"time"
 
 	"github.com/ethereum/go-ethereum/crypto"
+	"github.com/ethereum/go-ethereum/crypto/sha3"
 	"github.com/ethereum/go-ethereum/p2p/discover"
 )
 
@@ -23,8 +24,14 @@ func startTestServer(t *testing.T, pf newPeerHook) *Server {
 		newPeerHook: pf,
 		setupFunc: func(fd net.Conn, prv *ecdsa.PrivateKey, our *protoHandshake, dial *discover.Node) (*conn, error) {
 			id := randomID()
+			rw := newRlpxFrameRW(fd, secrets{
+				MAC:        zero16,
+				AES:        zero16,
+				IngressMAC: sha3.NewKeccak256(),
+				EgressMAC:  sha3.NewKeccak256(),
+			})
 			return &conn{
-				frameRW:        newFrameRW(fd, msgWriteTimeout),
+				MsgReadWriter:  rw,
 				protoHandshake: &protoHandshake{ID: id, Version: baseProtocolVersion},
 			}, nil
 		},
@@ -143,9 +150,7 @@ func TestServerBroadcast(t *testing.T) {
 
 	// broadcast one message
 	srv.Broadcast("discard", 0, "foo")
-	goldbuf := new(bytes.Buffer)
+	golden := unhex("66e94d166f0a2c3b884cfa59ca34")
-	writeMsg(goldbuf, NewMsg(16, "foo"))
-	golden := goldbuf.Bytes()
 
 	// check that the message has been written everywhere
 	for i, conn := range conns {

whisper/peer.go

@@ -2,10 +2,10 @@ package whisper
 
 import (
 	"fmt"
-	"io/ioutil"
 	"time"
 
 	"github.com/ethereum/go-ethereum/p2p"
+	"github.com/ethereum/go-ethereum/rlp"
 	"gopkg.in/fatih/set.v0"
 )
 
@@ -77,8 +77,7 @@ func (self *peer) broadcast(envelopes []*Envelope) error {
 	}
 
 	if i > 0 {
-		msg := p2p.NewMsg(envelopesMsg, envs[:i]...)
+		if err := p2p.EncodeMsg(self.ws, envelopesMsg, envs[:i]...); err != nil {
-		if err := self.ws.WriteMsg(msg); err != nil {
 			return err
 		}
 		self.peer.DebugDetailln("broadcasted", i, "message(s)")
@@ -93,34 +92,28 @@ func (self *peer) addKnown(envelope *Envelope) {
 
 func (self *peer) handleStatus() error {
 	ws := self.ws
-
 	if err := ws.WriteMsg(self.statusMsg()); err != nil {
 		return err
 	}
-
 	msg, err := ws.ReadMsg()
 	if err != nil {
 		return err
 	}
-
 	if msg.Code != statusMsg {
 		return fmt.Errorf("peer send %x before status msg", msg.Code)
 	}
-
+	s := rlp.NewStream(msg.Payload)
-	data, err := ioutil.ReadAll(msg.Payload)
+	if _, err := s.List(); err != nil {
-	if err != nil {
+		return fmt.Errorf("bad status message: %v", err)
-		return err
 	}
-
+	pv, err := s.Uint()
-	if len(data) == 0 {
+	if err != nil {
-		return fmt.Errorf("malformed status. data len = 0")
+		return fmt.Errorf("bad status message: %v", err)
 	}
-
+	if pv != protocolVersion {
-	if pv := data[0]; pv != protocolVersion {
 		return fmt.Errorf("protocol version mismatch %d != %d", pv, protocolVersion)
 	}
-
+	return msg.Discard() // ignore anything after protocol version
-	return nil
 }
 
 func (self *peer) statusMsg() p2p.Msg {