1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
|
// Package pow creates proof-of-work challenges and validates their solutions.
package pow
import (
"bytes"
"crypto/hmac"
"crypto/md5"
"crypto/rand"
"crypto/sha512"
"encoding/binary"
"errors"
"fmt"
"hash"
"time"
"github.com/tilinna/clock"
)
type challengeParams struct {
Target uint32
ExpiresAt int64
Random []byte
}
func (c challengeParams) MarshalBinary() ([]byte, error) {
buf := new(bytes.Buffer)
var err error
write := func(v interface{}) {
if err != nil {
return
}
err = binary.Write(buf, binary.BigEndian, v)
}
write(c.Target)
write(c.ExpiresAt)
if err != nil {
return nil, err
}
if _, err := buf.Write(c.Random); err != nil {
panic(err)
}
return buf.Bytes(), nil
}
func (c *challengeParams) UnmarshalBinary(b []byte) error {
buf := bytes.NewBuffer(b)
var err error
read := func(into interface{}) {
if err != nil {
return
}
err = binary.Read(buf, binary.BigEndian, into)
}
read(&c.Target)
read(&c.ExpiresAt)
if buf.Len() > 0 {
c.Random = buf.Bytes() // whatever is left
}
return err
}
// The seed takes the form:
//
// (version)+(signature of challengeParams)+(challengeParams)
//
// Version is currently always 0.
func newSeed(c challengeParams, secret []byte) ([]byte, error) {
buf := new(bytes.Buffer)
buf.WriteByte(0) // version
cb, err := c.MarshalBinary()
if err != nil {
return nil, err
}
h := hmac.New(md5.New, secret)
h.Write(cb)
buf.Write(h.Sum(nil))
buf.Write(cb)
return buf.Bytes(), nil
}
var errMalformedSeed = errors.New("malformed seed")
func challengeParamsFromSeed(seed, secret []byte) (challengeParams, error) {
h := hmac.New(md5.New, secret)
hSize := h.Size()
if len(seed) < hSize+1 || seed[0] != 0 {
return challengeParams{}, errMalformedSeed
}
seed = seed[1:]
sig, cb := seed[:hSize], seed[hSize:]
// check signature
h.Write(cb)
if !hmac.Equal(sig, h.Sum(nil)) {
return challengeParams{}, errMalformedSeed
}
var c challengeParams
if err := c.UnmarshalBinary(cb); err != nil {
return challengeParams{}, fmt.Errorf("unmarshaling challenge parameters: %w", err)
}
return c, nil
}
// Challenge is a set of fields presented to a client, with which they must
// generate a solution.
//
// Generating a solution is done by:
//
// - Collect up to len(Seed) random bytes. These will be the potential
// solution.
//
// - Calculate the sha512 of the concatenation of Seed and PotentialSolution.
//
// - Parse the first 4 bytes of the sha512 result as a big-endian uint32.
//
// - If the resulting number is _less_ than Target, the solution has been
// found. Otherwise go back to step 1 and try again.
//
type Challenge struct {
Seed []byte
Target uint32
}
// Errors which may be produced by a Manager.
var (
ErrInvalidSolution = errors.New("invalid solution")
ErrExpiredSeed = errors.New("expired seed")
)
// Manager is used to both produce proof-of-work challenges and check their
// solutions.
type Manager interface {
NewChallenge() Challenge
// Will produce ErrInvalidSolution if the solution is invalid, or
// ErrExpiredSeed if the seed has expired.
CheckSolution(seed, solution []byte) error
}
// ManagerParams are used to initialize a new Manager instance. All fields are
// required unless otherwise noted.
type ManagerParams struct {
Clock clock.Clock
Store Store
// Secret is used to sign each Challenge's Seed, it should _not_ be shared
// with clients.
Secret []byte
// The Target which Challenges should hit. Lower is more difficult.
//
// Defaults to 0x00FFFFFF
Target uint32
// ChallengeTimeout indicates how long before Challenges are considered
// expired and cannot be solved.
//
// Defaults to 1 minute.
ChallengeTimeout time.Duration
}
func (p ManagerParams) withDefaults() ManagerParams {
if p.Target == 0 {
p.Target = 0x00FFFFFF
}
if p.ChallengeTimeout == 0 {
p.ChallengeTimeout = 1 * time.Minute
}
return p
}
type manager struct {
params ManagerParams
}
// NewManager initializes and returns a Manager instance using the given
// parameters.
func NewManager(params ManagerParams) Manager {
params = params.withDefaults()
return &manager{
params: params,
}
}
func (m *manager) NewChallenge() Challenge {
target := m.params.Target
c := challengeParams{
Target: target,
ExpiresAt: m.params.Clock.Now().Add(m.params.ChallengeTimeout).Unix(),
Random: make([]byte, 8),
}
if _, err := rand.Read(c.Random); err != nil {
panic(err)
}
seed, err := newSeed(c, m.params.Secret)
if err != nil {
panic(err)
}
return Challenge{
Seed: seed,
Target: target,
}
}
// SolutionChecker can be used to check possible Challenge solutions. It will
// cache certain values internally to save on allocations when used in a loop
// (e.g. when generating a solution).
//
// SolutionChecker is not thread-safe.
type SolutionChecker struct {
h hash.Hash // sha512
sum []byte
}
// Check returns true if the given bytes are a solution to the given Challenge.
func (s SolutionChecker) Check(challenge Challenge, solution []byte) bool {
if s.h == nil {
s.h = sha512.New()
}
s.h.Reset()
s.h.Write(challenge.Seed)
s.h.Write(solution)
s.sum = s.h.Sum(s.sum[:0])
i := binary.BigEndian.Uint32(s.sum[:4])
return i < challenge.Target
}
func (m *manager) CheckSolution(seed, solution []byte) error {
c, err := challengeParamsFromSeed(seed, m.params.Secret)
if err != nil {
return fmt.Errorf("parsing challenge parameters from seed: %w", err)
} else if now := m.params.Clock.Now().Unix(); c.ExpiresAt <= now {
return ErrExpiredSeed
}
ok := (SolutionChecker{}).Check(
Challenge{Seed: seed, Target: c.Target}, solution,
)
if !ok {
return ErrInvalidSolution
}
expiresAt := time.Unix(c.ExpiresAt, 0)
if err := m.params.Store.MarkSolved(seed, expiresAt.Add(1*time.Minute)); err != nil {
return fmt.Errorf("marking solution as solved: %w", err)
}
return nil
}
// Solve returns a solution for the given Challenge. This may take a while.
func Solve(challenge Challenge) []byte {
chk := SolutionChecker{}
b := make([]byte, len(challenge.Seed))
for {
if _, err := rand.Read(b); err != nil {
panic(err)
} else if chk.Check(challenge, b) {
return b
}
}
}
|