From 62e0e18030c84fa19f54373ebdf25f7adbc64793 Mon Sep 17 00:00:00 2001 From: obscuren Date: Wed, 14 Jan 2015 18:12:18 +0100 Subject: [PATCH] Changed public whisper api not to reveal temporary private keys --- cmd/mist/assets/qml/browser.qml | 837 +++++++++++++++++--------------- ui/qt/qwhisper/message.go | 4 +- ui/qt/qwhisper/whisper.go | 45 +- whisper/whisper.go | 19 +- 4 files changed, 474 insertions(+), 431 deletions(-) diff --git a/cmd/mist/assets/qml/browser.qml b/cmd/mist/assets/qml/browser.qml index 34a58f9354..7f0417d463 100644 --- a/cmd/mist/assets/qml/browser.qml +++ b/cmd/mist/assets/qml/browser.qml @@ -1,4 +1,4 @@ -import QtQuick 2.0 +import QtQuick 2.1 import QtWebKit 3.0 import QtWebKit.experimental 1.0 import QtQuick.Controls 1.0; @@ -8,441 +8,474 @@ import QtQuick.Window 2.1; import Ethereum 1.0 Rectangle { - id: window - property var title: "Browser" - property var iconSource: "../browser.png" - property var menuItem - - property alias url: webview.url - property alias webView: webview - - property var cleanPath: false - property var open: function(url) { - if(!window.cleanPath) { - var uri = url; - if(!/.*\:\/\/.*/.test(uri)) { - uri = "http://" + uri; - } - - var reg = /(^https?\:\/\/(?:www\.)?)([a-zA-Z0-9_\-]*\.eth)(.*)/ - - if(reg.test(uri)) { - uri.replace(reg, function(match, pre, domain, path) { - uri = pre; - - var lookup = eth.lookupDomain(domain.substring(0, domain.length - 4)); - var ip = []; - for(var i = 0, l = lookup.length; i < l; i++) { - ip.push(lookup.charCodeAt(i)) - } - - if(ip.length != 0) { - uri += lookup; - } else { - uri += domain; - } - - uri += path; - }); - } - - window.cleanPath = true; - - webview.url = uri; - - //uriNav.text = uri.text.replace(/(^https?\:\/\/(?:www\.)?)([a-zA-Z0-9_\-]*\.\w{2,3})(.*)/, "$1$2$3"); - uriNav.text = uri; - } else { - // Prevent inf loop. - window.cleanPath = false; - } - } - - Component.onCompleted: { - webview.url = "http://etherian.io" - } - - signal messages(var messages, int id); - onMessages: { - // Bit of a cheat to get proper JSON - var m = JSON.parse(JSON.parse(JSON.stringify(messages))) - webview.postEvent("eth_changed", id, m); - } - - function onShhMessage(message, id) { - webview.postEvent("shh_changed", id, message) - } - - Item { - objectName: "root" - id: root - anchors.fill: parent - state: "inspectorShown" - - RowLayout { - id: navBar - height: 40 - anchors { - left: parent.left - right: parent.right - leftMargin: 7 - } - - Button { - id: back - onClicked: { - webview.goBack() - } - style: ButtonStyle { - background: Image { - source: "../back.png" - width: 30 - height: 30 - } - } - } - - TextField { - anchors { - left: back.right - right: toggleInspector.left - leftMargin: 5 - rightMargin: 5 - } - //text: "http://etherian.io" - text: webview.url; - id: uriNav - y: parent.height / 2 - this.height / 2 - - Keys.onReturnPressed: { - webview.url = this.text; - } - } - - Button { - id: toggleInspector - anchors { - right: parent.right - } - iconSource: "../bug.png" - onClicked: { - if(inspector.visible == true){ - inspector.visible = false - }else{ - inspector.visible = true - inspector.url = webview.experimental.remoteInspectorUrl - } - } - } - } - - - WebView { - objectName: "webView" - id: webview - anchors { - left: parent.left - right: parent.right - bottom: parent.bottom - top: navBar.bottom - } - - //property var cleanPath: false - onNavigationRequested: { - window.open(request.url.toString()); - } - - function injectJs(js) { - webview.experimental.navigatorQtObjectEnabled = true; - webview.experimental.evaluateJavaScript(js) - webview.experimental.javascriptEnabled = true; - } - - function sendMessage(data) { - webview.experimental.postMessage(JSON.stringify(data)) - } - - - experimental.preferences.javascriptEnabled: true - experimental.preferences.navigatorQtObjectEnabled: true - experimental.preferences.developerExtrasEnabled: true - experimental.userScripts: ["../ext/q.js", "../ext/ethereum.js/lib/web3.js", "../ext/ethereum.js/lib/qt.js", "../ext/setup.js"] - experimental.onMessageReceived: { - console.log("[onMessageReceived]: ", message.data) - // TODO move to messaging.js - var data = JSON.parse(message.data) - - try { - switch(data.call) { - case "eth_compile": - postData(data._id, eth.compile(data.args[0])) - break - - case "eth_coinbase": - postData(data._id, eth.coinBase()) - - case "eth_account": - postData(data._id, eth.key().address); - - case "eth_istening": - postData(data._id, eth.isListening()) - - break - - case "eth_mining": - postData(data._id, eth.isMining()) - - break - - case "eth_peerCount": - postData(data._id, eth.peerCount()) - - break - - case "eth_countAt": - require(1) - postData(data._id, eth.txCountAt(data.args[0])) - - break - - case "eth_codeAt": - require(1) - var code = eth.codeAt(data.args[0]) - postData(data._id, code); - - break - - case "eth_blockByNumber": - require(1) - var block = eth.blockByNumber(data.args[0]) - postData(data._id, block) - break + id: window + property var title: "Browser" + property var iconSource: "../browser.png" + property var menuItem + + property alias url: webview.url + property alias webView: webview + + property var cleanPath: false + property var open: function(url) { + if(!window.cleanPath) { + var uri = url; + if(!/.*\:\/\/.*/.test(uri)) { + uri = "http://" + uri; + } + + var reg = /(^https?\:\/\/(?:www\.)?)([a-zA-Z0-9_\-]*\.eth)(.*)/ + + if(reg.test(uri)) { + uri.replace(reg, function(match, pre, domain, path) { + uri = pre; + + var lookup = eth.lookupDomain(domain.substring(0, domain.length - 4)); + var ip = []; + for(var i = 0, l = lookup.length; i < l; i++) { + ip.push(lookup.charCodeAt(i)) + } + + if(ip.length != 0) { + uri += lookup; + } else { + uri += domain; + } + + uri += path; + }); + } + + window.cleanPath = true; + + webview.url = uri; + + //uriNav.text = uri.text.replace(/(^https?\:\/\/(?:www\.)?)([a-zA-Z0-9_\-]*\.\w{2,3})(.*)/, "$1$2$3"); + uriNav.text = uri; + } else { + // Prevent inf loop. + window.cleanPath = false; + } + } + + Component.onCompleted: { + webview.url = "http://etherian.io" + } + + signal messages(var messages, int id); + onMessages: { + // Bit of a cheat to get proper JSON + var m = JSON.parse(JSON.parse(JSON.stringify(messages))) + webview.postEvent("eth_changed", id, m); + } + + function onShhMessage(message, id) { + webview.postEvent("shh_changed", id, message) + } + + Item { + objectName: "root" + id: root + anchors.fill: parent + state: "inspectorShown" + + RowLayout { + id: navBar + height: 40 + anchors { + left: parent.left + right: parent.right + leftMargin: 7 + } + + Button { + id: back + onClicked: { + webview.goBack() + } + style: ButtonStyle { + background: Image { + source: "../back.png" + width: 30 + height: 30 + } + } + } + + TextField { + anchors { + left: back.right + right: toggleInspector.left + leftMargin: 5 + rightMargin: 5 + } + //text: "http://etherian.io" + text: webview.url; + id: uriNav + y: parent.height / 2 - this.height / 2 + + Keys.onReturnPressed: { + webview.url = this.text; + } + } + + Button { + id: toggleInspector + anchors { + right: parent.right + } + iconSource: "../bug.png" + onClicked: { + if(inspector.visible == true){ + inspector.visible = false + }else{ + inspector.visible = true + inspector.url = webview.experimental.remoteInspectorUrl + } + } + } + } + + + WebView { + objectName: "webView" + id: webview + anchors { + left: parent.left + right: parent.right + bottom: parent.bottom + top: navBar.bottom + } + + //property var cleanPath: false + onNavigationRequested: { + window.open(request.url.toString()); + } + + function injectJs(js) { + webview.experimental.navigatorQtObjectEnabled = true; + webview.experimental.evaluateJavaScript(js) + webview.experimental.javascriptEnabled = true; + } + + function sendMessage(data) { + webview.experimental.postMessage(JSON.stringify(data)) + } + + + experimental.preferences.javascriptEnabled: true + experimental.preferences.webGLEnabled: true + experimental.itemSelector: MouseArea { + // To avoid conflicting with ListView.model when inside Initiator context. + property QtObject selectorModel: model + anchors.fill: parent + onClicked: selectorModel.reject() + + Menu { + visible: true + id: itemSelector + + Instantiator { + model: selectorModel.items + delegate: MenuItem { + text: model.text + onTriggered: { + selectorModel.accept(index) + } + } + onObjectAdded: itemSelector.insertItem(index, object) + onObjectRemoved: itemSelector.removeItem(object) + } + } + + Component.onCompleted: { + itemSelector.popup() + } + } + experimental.preferences.webAudioEnabled: true + experimental.preferences.navigatorQtObjectEnabled: true + experimental.preferences.developerExtrasEnabled: true + experimental.userScripts: ["../ext/q.js", "../ext/ethereum.js/lib/web3.js", "../ext/ethereum.js/lib/qt.js", "../ext/setup.js"] + experimental.onMessageReceived: { + console.log("[onMessageReceived]: ", message.data) + // TODO move to messaging.js + var data = JSON.parse(message.data) + + try { + switch(data.call) { + case "eth_compile": + postData(data._id, eth.compile(data.args[0])) + break + + case "eth_coinbase": + postData(data._id, eth.coinBase()) + + case "eth_account": + postData(data._id, eth.key().address); + + case "eth_istening": + postData(data._id, eth.isListening()) + + break + + case "eth_mining": + postData(data._id, eth.isMining()) + + break + + case "eth_peerCount": + postData(data._id, eth.peerCount()) - case "eth_blockByHash": - require(1) - var block = eth.blockByHash(data.args[0]) - postData(data._id, block) - break + break - require(2) - var block = eth.blockByHash(data.args[0]) - postData(data._id, block.transactions[data.args[1]]) - break + case "eth_countAt": + require(1) + postData(data._id, eth.txCountAt(data.args[0])) - case "eth_transactionByHash": - case "eth_transactionByNumber": - require(2) + break - var block; - if (data.call === "transactionByHash") - block = eth.blockByHash(data.args[0]) - else - block = eth.blockByNumber(data.args[0]) + case "eth_codeAt": + require(1) + var code = eth.codeAt(data.args[0]) + postData(data._id, code); - var tx = block.transactions.get(data.args[1]) + break - postData(data._id, tx) - break + case "eth_blockByNumber": + require(1) + var block = eth.blockByNumber(data.args[0]) + postData(data._id, block) + break - case "eth_uncleByHash": - case "eth_uncleByNumber": - require(2) + case "eth_blockByHash": + require(1) + var block = eth.blockByHash(data.args[0]) + postData(data._id, block) + break - var block; - if (data.call === "uncleByHash") - block = eth.blockByHash(data.args[0]) - else - block = eth.blockByNumber(data.args[0]) + require(2) + var block = eth.blockByHash(data.args[0]) + postData(data._id, block.transactions[data.args[1]]) + break - var uncle = block.uncles.get(data.args[1]) + case "eth_transactionByHash": + case "eth_transactionByNumber": + require(2) - postData(data._id, uncle) + var block; + if (data.call === "transactionByHash") + block = eth.blockByHash(data.args[0]) + else + block = eth.blockByNumber(data.args[0]) - break + var tx = block.transactions.get(data.args[1]) - case "transact": - require(5) + postData(data._id, tx) + break - var tx = eth.transact(data.args) - postData(data._id, tx) + case "eth_uncleByHash": + case "eth_uncleByNumber": + require(2) - break + var block; + if (data.call === "uncleByHash") + block = eth.blockByHash(data.args[0]) + else + block = eth.blockByNumber(data.args[0]) - case "eth_stateAt": - require(2); + var uncle = block.uncles.get(data.args[1]) - var storage = eth.storageAt(data.args[0], data.args[1]); - postData(data._id, storage) + postData(data._id, uncle) - break + break - case "eth_call": - require(1); - var ret = eth.call(data.args) - postData(data._id, ret) - break + case "transact": + require(5) - case "eth_balanceAt": - require(1); + var tx = eth.transact(data.args) + postData(data._id, tx) - postData(data._id, eth.balanceAt(data.args[0])); - break + break - case "eth_watch": - require(2) - eth.watch(data.args[0], data.args[1]) + case "eth_stateAt": + require(2); - case "eth_disconnect": - require(1) - postData(data._id, null) - break; + var storage = eth.storageAt(data.args[0], data.args[1]); + postData(data._id, storage) - case "eth_newFilterString": - require(1) - var id = eth.newFilterString(data.args[0]) - postData(data._id, id); - break; + break - case "eth_newFilter": - require(1) - var id = eth.newFilter(data.args[0]) + case "eth_call": + require(1); + var ret = eth.call(data.args) + postData(data._id, ret) + break - postData(data._id, id); - break; + case "eth_balanceAt": + require(1); - case "eth_filterLogs": - require(1); + postData(data._id, eth.balanceAt(data.args[0])); + break - var messages = eth.messages(data.args[0]); - var m = JSON.parse(JSON.parse(JSON.stringify(messages))) - postData(data._id, m); + case "eth_watch": + require(2) + eth.watch(data.args[0], data.args[1]) - break; + case "eth_disconnect": + require(1) + postData(data._id, null) + break; - case "eth_deleteFilter": - require(1); - eth.uninstallFilter(data.args[0]) - break; + case "eth_newFilterString": + require(1) + var id = eth.newFilterString(data.args[0]) + postData(data._id, id); + break; + case "eth_newFilter": + require(1) + var id = eth.newFilter(data.args[0]) - case "shh_newFilter": - require(1); - var id = shh.watch(data.args[0], window); - postData(data._id, id); - break; + postData(data._id, id); + break; - case "shh_newIdentity": - var id = shh.newIdentity() - postData(data._id, id) + case "eth_filterLogs": + require(1); - break + var messages = eth.messages(data.args[0]); + var m = JSON.parse(JSON.parse(JSON.stringify(messages))) + postData(data._id, m); - case "shh_post": - require(1); + break; - var params = data.args[0]; - var fields = ["payload", "to", "from"]; - for(var i = 0; i < fields.length; i++) { - params[fields[i]] = params[fields[i]] || ""; + case "eth_deleteFilter": + require(1); + eth.uninstallFilter(data.args[0]) + break; + + + case "shh_newFilter": + require(1); + var id = shh.watch(data.args[0], window); + postData(data._id, id); + break; + + case "shh_newIdentity": + var id = shh.newIdentity() + postData(data._id, id) + + break + + case "shh_post": + require(1); + + var params = data.args[0]; + var fields = ["payload", "to", "from"]; + for(var i = 0; i < fields.length; i++) { + params[fields[i]] = params[fields[i]] || ""; + } + if(typeof params.payload !== "object") { params.payload = [params.payload]; } //params.payload = params.payload.join(""); } + params.topics = params.topics || []; + params.priority = params.priority || 1000; + params.ttl = params.ttl || 100; + + shh.post(params.payload, params.to, params.from, params.topics, params.priority, params.ttl); + + break; + + case "shh_getMessages": + require(1); + + var m = shh.messages(data.args[0]); + var messages = JSON.parse(JSON.parse(JSON.stringify(m))); + postData(data._id, messages); + + break; + + case "ssh_newGroup": + postData(data._id, ""); + break; + } + } catch(e) { + console.log(data.call + ": " + e) + + postData(data._id, null); + } + } + + + function post(seed, data) { + postData(data._id, data) + } + + function require(args, num) { + if(args.length < num) { + throw("required argument count of "+num+" got "+args.length); + } + } + function postData(seed, data) { + webview.experimental.postMessage(JSON.stringify({data: data, _id: seed})) + } + function postEvent(event, id, data) { + webview.experimental.postMessage(JSON.stringify({data: data, _id: id, _event: event})) + } + + function onWatchedCb(data, id) { + var messages = JSON.parse(data) + postEvent("watched:"+id, messages) + } + + function onNewBlockCb(block) { + postEvent("block:new", block) + } + function onObjectChangeCb(stateObject) { + postEvent("object:"+stateObject.address(), stateObject) + } + function onStorageChangeCb(storageObject) { + var ev = ["storage", storageObject.stateAddress, storageObject.address].join(":"); + postEvent(ev, [storageObject.address, storageObject.value]) + } + } + + + Rectangle { + id: sizeGrip + color: "gray" + visible: false + height: 10 + anchors { + left: root.left + right: root.right + } + y: Math.round(root.height * 2 / 3) + + MouseArea { + anchors.fill: parent + drag.target: sizeGrip + drag.minimumY: 0 + drag.maximumY: root.height + drag.axis: Drag.YAxis + } + } + + WebView { + id: inspector + visible: false + anchors { + left: root.left + right: root.right + top: sizeGrip.bottom + bottom: root.bottom + } + } + + states: [ + State { + name: "inspectorShown" + PropertyChanges { + target: inspector } - if(typeof params.payload !== "object") { params.payload = [params.payload]; } //params.payload = params.payload.join(""); } - params.topics = params.topics || []; - params.priority = params.priority || 1000; - params.ttl = params.ttl || 100; - - shh.post(params.payload, params.to, params.from, params.topics, params.priority, params.ttl); - - break; - - case "shh_getMessages": - require(1); - - var m = shh.messages(data.args[0]); - var messages = JSON.parse(JSON.parse(JSON.stringify(m))); - postData(data._id, messages); - - break; - } - } catch(e) { - console.log(data.call + ": " + e) - - postData(data._id, null); - } - } - - - function post(seed, data) { - postData(data._id, data) - } - - function require(args, num) { - if(args.length < num) { - throw("required argument count of "+num+" got "+args.length); - } - } - function postData(seed, data) { - webview.experimental.postMessage(JSON.stringify({data: data, _id: seed})) - } - function postEvent(event, id, data) { - webview.experimental.postMessage(JSON.stringify({data: data, _id: id, _event: event})) - } - - function onWatchedCb(data, id) { - var messages = JSON.parse(data) - postEvent("watched:"+id, messages) - } - - function onNewBlockCb(block) { - postEvent("block:new", block) - } - function onObjectChangeCb(stateObject) { - postEvent("object:"+stateObject.address(), stateObject) - } - function onStorageChangeCb(storageObject) { - var ev = ["storage", storageObject.stateAddress, storageObject.address].join(":"); - postEvent(ev, [storageObject.address, storageObject.value]) - } - } - - - Rectangle { - id: sizeGrip - color: "gray" - visible: false - height: 10 - anchors { - left: root.left - right: root.right - } - y: Math.round(root.height * 2 / 3) - - MouseArea { - anchors.fill: parent - drag.target: sizeGrip - drag.minimumY: 0 - drag.maximumY: root.height - drag.axis: Drag.YAxis - } - } - - WebView { - id: inspector - visible: false - anchors { - left: root.left - right: root.right - top: sizeGrip.bottom - bottom: root.bottom - } - } - - states: [ - State { - name: "inspectorShown" - PropertyChanges { - target: inspector - } - } - ] - } + } + ] + } } diff --git a/ui/qt/qwhisper/message.go b/ui/qt/qwhisper/message.go index 3a80381ff9..26e72ac932 100644 --- a/ui/qt/qwhisper/message.go +++ b/ui/qt/qwhisper/message.go @@ -17,7 +17,7 @@ func ToQMessage(msg *whisper.Message) *Message { return &Message{ ref: msg, Flags: int32(msg.Flags), - Payload: ethutil.Bytes2Hex(msg.Payload), - From: ethutil.Bytes2Hex(crypto.FromECDSAPub(msg.Recover())), + Payload: "0x" + ethutil.Bytes2Hex(msg.Payload), + From: "0x" + ethutil.Bytes2Hex(crypto.FromECDSAPub(msg.Recover())), } } diff --git a/ui/qt/qwhisper/whisper.go b/ui/qt/qwhisper/whisper.go index b904678f40..644c147b7b 100644 --- a/ui/qt/qwhisper/whisper.go +++ b/ui/qt/qwhisper/whisper.go @@ -41,32 +41,41 @@ func (self *Whisper) Post(payload []string, to, from string, topics []string, pr data = append(data, fromHex(d)...) } - msg := whisper.NewMessage(data) - envelope, err := msg.Seal(time.Duration(priority*100000), whisper.Opts{ - Ttl: time.Duration(ttl) * time.Second, - To: crypto.ToECDSAPub(fromHex(to)), - From: crypto.ToECDSA(fromHex(from)), - Topics: whisper.TopicsFromString(topics...), - }) - if err != nil { - qlogger.Infoln(err) - // handle error - return - } + pk := crypto.ToECDSAPub(fromHex(from)) + if key := self.Whisper.GetIdentity(pk); key != nil { + msg := whisper.NewMessage(data) + envelope, err := msg.Seal(time.Duration(priority*100000), whisper.Opts{ + Ttl: time.Duration(ttl) * time.Second, + To: crypto.ToECDSAPub(fromHex(to)), + From: key, + Topics: whisper.TopicsFromString(topics...), + }) + + if err != nil { + qlogger.Infoln(err) + // handle error + return + } - if err := self.Whisper.Send(envelope); err != nil { - qlogger.Infoln(err) - // handle error - return + if err := self.Whisper.Send(envelope); err != nil { + qlogger.Infoln(err) + // handle error + return + } + } else { + qlogger.Infoln("unmatched pub / priv for seal") } + } func (self *Whisper) NewIdentity() string { - return toHex(self.Whisper.NewIdentity().D.Bytes()) + key := self.Whisper.NewIdentity() + + return toHex(crypto.FromECDSAPub(&key.PublicKey)) } func (self *Whisper) HasIdentity(key string) bool { - return self.Whisper.HasIdentity(crypto.ToECDSA(fromHex(key))) + return self.Whisper.HasIdentity(crypto.ToECDSAPub(fromHex(key))) } func (self *Whisper) Watch(opts map[string]interface{}, view *qml.Common) int { diff --git a/whisper/whisper.go b/whisper/whisper.go index ece2dd6d40..76cfe34a47 100644 --- a/whisper/whisper.go +++ b/whisper/whisper.go @@ -60,7 +60,7 @@ type Whisper struct { quit chan struct{} - keys []*ecdsa.PrivateKey + keys map[string]*ecdsa.PrivateKey } func New() *Whisper { @@ -69,6 +69,7 @@ func New() *Whisper { filters: filter.New(), expiry: make(map[uint32]*set.SetNonTS), quit: make(chan struct{}), + keys: make(map[string]*ecdsa.PrivateKey), } whisper.filters.Start() @@ -101,18 +102,18 @@ func (self *Whisper) NewIdentity() *ecdsa.PrivateKey { if err != nil { panic(err) } - self.keys = append(self.keys, key) + + self.keys[string(crypto.FromECDSAPub(&key.PublicKey))] = key return key } -func (self *Whisper) HasIdentity(key *ecdsa.PrivateKey) bool { - for _, key := range self.keys { - if key.D.Cmp(key.D) == 0 { - return true - } - } - return false +func (self *Whisper) HasIdentity(key *ecdsa.PublicKey) bool { + return self.keys[string(crypto.FromECDSAPub(key))] != nil +} + +func (self *Whisper) GetIdentity(key *ecdsa.PublicKey) *ecdsa.PrivateKey { + return self.keys[string(crypto.FromECDSAPub(key))] } func (self *Whisper) Watch(opts Filter) int {