lbryschema.go/claim/validator.go

package claim

import (
	"crypto/ecdsa"
	"crypto/sha256"
	"crypto/x509/pkix"
	"encoding/asn1"
	"encoding/hex"
	"errors"
	"github.com/btcsuite/btcd/btcec"
	"github.com/lbryio/lbryschema.go/address"
	"math/big"
)

type publicKeyInfo struct {
	Raw       asn1.RawContent
	Algorithm pkix.AlgorithmIdentifier
	PublicKey asn1.BitString
}

const SECP256k1 = "SECP256k1"

//const NIST256p = "NIST256p"
//const NIST384p = "NIST384p"

func GetClaimSignatureDigest(claimAddress [25]byte, certificateId [20]byte, serializedNoSig []byte) [32]byte {
	var combined []byte
	for _, c := range claimAddress {
		combined = append(combined, c)
	}
	for _, c := range serializedNoSig {
		combined = append(combined, c)
	}
	for _, c := range certificateId {
		combined = append(combined, c)
	}
	digest := sha256.Sum256(combined)
	return [32]byte(digest)
}

func (c *ClaimHelper) GetCertificatePublicKey() (*btcec.PublicKey, error) {
	derBytes := c.GetCertificate().GetPublicKey()
	pub := publicKeyInfo{}
	asn1.Unmarshal(derBytes, &pub)
	pubkeyBytes := []byte(pub.PublicKey.Bytes)
	p, err := btcec.ParsePubKey(pubkeyBytes, btcec.S256())
	if err != nil {
		return &btcec.PublicKey{}, err
	}
	return p, err
}

func (c *ClaimHelper) VerifyDigest(certificate *ClaimHelper, signature [64]byte, digest [32]byte) bool {
	publicKey, err := certificate.GetCertificatePublicKey()
	if err != nil {
		return false
	}

	if c.PublisherSignature.SignatureType.String() == SECP256k1 {
		R := &big.Int{}
		S := &big.Int{}
		R.SetBytes(signature[0:32])
		S.SetBytes(signature[32:64])
		return ecdsa.Verify(publicKey.ToECDSA(), digest[:], R, S)
	}
	return false
}

func (c *ClaimHelper) ValidateClaimSignatureBytes(certificate *ClaimHelper, claimAddress [25]byte, certificateId [20]byte, blockchainName string) (bool, error) {
	signature := c.GetPublisherSignature()
	if signature == nil {
		return false, errors.New("claim does not have a signature")
	}
	signatureSlice := signature.GetSignature()
	signatureBytes := [64]byte{}
	for i := range signatureBytes {
		signatureBytes[i] = signatureSlice[i]
	}

	claimAddress, err := address.ValidateAddress(claimAddress, blockchainName)
	if err != nil {
		return false, errors.New("invalid address")
	}

	serializedNoSig, err := c.SerializedNoSignature()
	if err != nil {
		return false, errors.New("serialization error")
	}

	claimDigest := GetClaimSignatureDigest(claimAddress, certificateId, serializedNoSig)
	return c.VerifyDigest(certificate, signatureBytes, claimDigest), nil
}

func (c *ClaimHelper) ValidateClaimSignature(certificate *ClaimHelper, claimAddress string, certificateId string, blockchainName string) (bool, error) {
	addressBytes, err := address.DecodeAddress(claimAddress, blockchainName)
	if err != nil {
		return false, err
	}
	certificateIdSlice, err := hex.DecodeString(certificateId)
	if err != nil {
		return false, err
	}
	certificateIdBytes := [20]byte{}
	for i := range certificateIdBytes {
		certificateIdBytes[i] = certificateIdSlice[i]
	}
	return c.ValidateClaimSignatureBytes(certificate, addressBytes, certificateIdBytes, blockchainName)
}
more 2017-09-12 18:02:30 +02:00			`package claim`

			`import (`
add testnet and regtest address validation 2017-11-20 19:44:19 +01:00			`"crypto/ecdsa"`
more 2017-09-12 18:02:30 +02:00			`"crypto/sha256"`
validate SECP256k1 signatures 2017-11-08 03:39:08 +01:00			`"crypto/x509/pkix"`
add testnet and regtest address validation 2017-11-20 19:44:19 +01:00			`"encoding/asn1"`
			`"encoding/hex"`
			`"errors"`
validate SECP256k1 signatures 2017-11-08 03:39:08 +01:00			`"github.com/btcsuite/btcd/btcec"`
formatting and imports 2018-02-15 20:51:51 +01:00			`"github.com/lbryio/lbryschema.go/address"`
validate SECP256k1 signatures 2017-11-08 03:39:08 +01:00			`"math/big"`
more 2017-09-12 18:02:30 +02:00			`)`

validate SECP256k1 signatures 2017-11-08 03:39:08 +01:00			`type publicKeyInfo struct {`
			`Raw asn1.RawContent`
			`Algorithm pkix.AlgorithmIdentifier`
			`PublicKey asn1.BitString`
			`}`

			`const SECP256k1 = "SECP256k1"`

formatting and imports 2018-02-15 20:51:51 +01:00			`//const NIST256p = "NIST256p"`
			`//const NIST384p = "NIST384p"`

validate SECP256k1 signatures 2017-11-08 03:39:08 +01:00			`func GetClaimSignatureDigest(claimAddress [25]byte, certificateId [20]byte, serializedNoSig []byte) [32]byte {`
add testnet and regtest address validation 2017-11-20 19:44:19 +01:00			`var combined []byte`
			`for _, c := range claimAddress {`
			`combined = append(combined, c)`
			`}`
			`for _, c := range serializedNoSig {`
			`combined = append(combined, c)`
			`}`
			`for _, c := range certificateId {`
			`combined = append(combined, c)`
			`}`
more 2017-09-12 18:02:30 +02:00			`digest := sha256.Sum256(combined)`
			`return [32]byte(digest)`
			`}`

cleanup 2017-11-27 16:22:04 +01:00			`func (c ClaimHelper) GetCertificatePublicKey() (btcec.PublicKey, error) {`
			`derBytes := c.GetCertificate().GetPublicKey()`
validate SECP256k1 signatures 2017-11-08 03:39:08 +01:00			`pub := publicKeyInfo{}`
			`asn1.Unmarshal(derBytes, &pub)`
formatting and imports 2018-02-15 20:51:51 +01:00			`pubkeyBytes := []byte(pub.PublicKey.Bytes)`
			`p, err := btcec.ParsePubKey(pubkeyBytes, btcec.S256())`
validate SECP256k1 signatures 2017-11-08 03:39:08 +01:00			`if err != nil {`
add DecodeClaimHex to python binding 2017-11-13 16:11:19 +01:00			`return &btcec.PublicKey{}, err`
validate SECP256k1 signatures 2017-11-08 03:39:08 +01:00			`}`
add DecodeClaimHex to python binding 2017-11-13 16:11:19 +01:00			`return p, err`
validate SECP256k1 signatures 2017-11-08 03:39:08 +01:00			`}`

cleanup 2017-11-27 16:22:04 +01:00			`func (c ClaimHelper) VerifyDigest(certificate ClaimHelper, signature [64]byte, digest [32]byte) bool {`
formatting and imports 2018-02-15 20:51:51 +01:00			`publicKey, err := certificate.GetCertificatePublicKey()`
validate SECP256k1 signatures 2017-11-08 03:39:08 +01:00			`if err != nil {`
			`return false`
			`}`

cleanup 2017-11-27 16:22:04 +01:00			`if c.PublisherSignature.SignatureType.String() == SECP256k1 {`
validate SECP256k1 signatures 2017-11-08 03:39:08 +01:00			`R := &big.Int{}`
			`S := &big.Int{}`
			`R.SetBytes(signature[0:32])`
			`S.SetBytes(signature[32:64])`
formatting and imports 2018-02-15 20:51:51 +01:00			`return ecdsa.Verify(publicKey.ToECDSA(), digest[:], R, S)`
validate SECP256k1 signatures 2017-11-08 03:39:08 +01:00			`}`
			`return false`
			`}`

cleanup 2017-11-27 16:22:04 +01:00			`func (c ClaimHelper) ValidateClaimSignatureBytes(certificate ClaimHelper, claimAddress [25]byte, certificateId [20]byte, blockchainName string) (bool, error) {`
			`signature := c.GetPublisherSignature()`
validate SECP256k1 signatures 2017-11-08 03:39:08 +01:00			`if signature == nil {`
			`return false, errors.New("claim does not have a signature")`
			`}`
			`signatureSlice := signature.GetSignature()`
			`signatureBytes := [64]byte{}`
			`for i := range signatureBytes {`
			`signatureBytes[i] = signatureSlice[i]`
			`}`

add testnet and regtest address validation 2017-11-20 19:44:19 +01:00			`claimAddress, err := address.ValidateAddress(claimAddress, blockchainName)`
validate SECP256k1 signatures 2017-11-08 03:39:08 +01:00			`if err != nil {`
			`return false, errors.New("invalid address")`
			`}`

cleanup 2017-11-27 16:22:04 +01:00			`serializedNoSig, err := c.SerializedNoSignature()`
validate SECP256k1 signatures 2017-11-08 03:39:08 +01:00			`if err != nil {`
			`return false, errors.New("serialization error")`
			`}`

			`claimDigest := GetClaimSignatureDigest(claimAddress, certificateId, serializedNoSig)`
cleanup 2017-11-27 16:22:04 +01:00			`return c.VerifyDigest(certificate, signatureBytes, claimDigest), nil`
more 2017-09-12 18:02:30 +02:00			`}`

cleanup 2017-11-27 16:22:04 +01:00			`func (c ClaimHelper) ValidateClaimSignature(certificate ClaimHelper, claimAddress string, certificateId string, blockchainName string) (bool, error) {`
add testnet and regtest address validation 2017-11-20 19:44:19 +01:00			`addressBytes, err := address.DecodeAddress(claimAddress, blockchainName)`
validate SECP256k1 signatures 2017-11-08 03:39:08 +01:00			`if err != nil {`
			`return false, err`
			`}`
			`certificateIdSlice, err := hex.DecodeString(certificateId)`
			`if err != nil {`
			`return false, err`
			`}`
			`certificateIdBytes := [20]byte{}`
			`for i := range certificateIdBytes {`
			`certificateIdBytes[i] = certificateIdSlice[i]`
			`}`
cleanup 2017-11-27 16:22:04 +01:00			`return c.ValidateClaimSignatureBytes(certificate, addressBytes, certificateIdBytes, blockchainName)`
more 2017-09-12 18:02:30 +02:00			`}`