added secp256r1 machine ID Sig verification (#395)

* added secp256r1 machineIDSignature verification * to go-utils v0.1.1 --------- Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com>
2025-03-30 15:08:28 +00:00 · 2024-05-10 10:57:55 +02:00 · 2024-05-10 10:57:55 +02:00 · af1483a8ec
commit af1483a8ec
parent 066c1a7667
4 changed files with 17 additions and 57 deletions
--- a/go.mod
+++ b/go.mod
@ -25,6 +25,7 @@ require (
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.15.2
 	github.com/planetmint/planetmint-go/lib v0.5.0
 	github.com/rddl-network/elements-rpc v1.0.0
+	github.com/rddl-network/go-utils v0.1.1
 	github.com/spf13/cast v1.6.0
 	github.com/spf13/cobra v1.6.1
 	github.com/spf13/pflag v1.0.5
--- a/go.sum
+++ b/go.sum
@ -892,6 +892,8 @@ github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5X
 github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/rddl-network/elements-rpc v1.0.0 h1:geFcsaD1t2ONxRC13semPpiOwsJl0ZCfkFT9UIKPZFk=
 github.com/rddl-network/elements-rpc v1.0.0/go.mod h1:E35cJMXZqe1iEo/AvjwSWn25mHZ4+y4gV8qj0lWle5c=
+github.com/rddl-network/go-utils v0.1.1 h1:41ZrDMM2ree7/OfhKYK4j/SQnyVvms4YirTKneibeyk=
+github.com/rddl-network/go-utils v0.1.1/go.mod h1:xKO/ZSAEHwcYe8bNUZjcQCIX+6OMXzEXu1WQ1HqXqZA=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
--- a/util/validate_signature.go
+++ b/util/validate_signature.go
@ -1,53 +0,0 @@
-package util
-
-import (
-	"encoding/hex"
-	"errors"
-
-	"github.com/btcsuite/btcd/btcutil/hdkeychain"
-	"github.com/cosmos/cosmos-sdk/crypto/keys/secp256k1"
-)
-
-func ValidateSignature(message string, signature string, publicKey string) (bool, error) {
-	// Convert the message, signature, and public key from hex to bytes
-	messageBytes, err := hex.DecodeString(message)
-	if err != nil {
-		return false, errors.New("invalid message hex string")
-	}
-	return ValidateSignatureByteMsg(messageBytes, signature, publicKey)
-}
-
-func ValidateSignatureByteMsg(message []byte, signature string, publicKey string) (bool, error) {
-	// Convert  signature, and public key from hex to bytes
-	signatureBytes, err := hex.DecodeString(signature)
-	if err != nil {
-		return false, errors.New("invalid signature hex string")
-	}
-	publicKeyBytes, err := hex.DecodeString(publicKey)
-	if err != nil {
-		return false, errors.New("invalid public key hex string")
-	}
-
-	// Create a secp256k1 public key object
-	pubKey := &secp256k1.PubKey{Key: publicKeyBytes}
-
-	// Verify the signature
-	isValid := pubKey.VerifySignature(message, signatureBytes)
-	if !isValid {
-		return false, errors.New("invalid signature")
-	}
-	return isValid, nil
-}
-
-func GetHexPubKey(extPubKey string) (string, error) {
-	xpubKey, err := hdkeychain.NewKeyFromString(extPubKey)
-	if err != nil {
-		return "", err
-	}
-	pubKey, err := xpubKey.ECPubKey()
-	if err != nil {
-		return "", err
-	}
-	byteKey := pubKey.SerializeCompressed()
-	return hex.EncodeToString(byteKey), nil
-}
--- a/x/machine/keeper/msg_server_attest_machine.go
+++ b/x/machine/keeper/msg_server_attest_machine.go
@ -2,6 +2,7 @@ package keeper

 import (
 	"context"
+	"errors"
 	"fmt"

 	config "github.com/planetmint/planetmint-go/config"
@ -13,6 +14,7 @@ import (

 	errorsmod "cosmossdk.io/errors"
 	sdk "github.com/cosmos/cosmos-sdk/types"
+	"github.com/rddl-network/go-utils/signature"
 )

 func (k msgServer) AttestMachine(goCtx context.Context, msg *types.MsgAttestMachine) (*types.MsgAttestMachineResponse, error) {
@ -22,9 +24,17 @@ func (k msgServer) AttestMachine(goCtx context.Context, msg *types.MsgAttestMach
 	// and removed from here due to inconsistency or checking the same thing over and over again.
 	ta, _, _ := k.GetTrustAnchor(ctx, msg.Machine.MachineId)

-	isValidMachineID, err := util.ValidateSignature(msg.Machine.MachineId, msg.Machine.MachineIdSignature, msg.Machine.MachineId)
-	if !isValidMachineID {
-		return nil, err
+	isValidSecp256r1, errR1 := signature.ValidateSECP256R1Signature(msg.Machine.MachineId, msg.Machine.MachineIdSignature, msg.Machine.MachineId)
+	if errR1 != nil || !isValidSecp256r1 {
+		isValidSecp256k1, errK1 := signature.ValidateSignature(msg.Machine.MachineId, msg.Machine.MachineIdSignature, msg.Machine.MachineId)
+		if errK1 != nil || !isValidSecp256k1 {
+			errStr := ""
+			if errR1 != nil {
+				errStr = errR1.Error()
+			}
+			aggreatedErrorMessage := "Invalid machine signature: " + errStr + ", " + errK1.Error()
+			return nil, errors.New(aggreatedErrorMessage)
+		}
 	}

 	isValidIssuerPlanetmint := validateExtendedPublicKey(msg.Machine.IssuerPlanetmint, config.PlmntNetParams)
@ -59,7 +69,7 @@ func (k msgServer) AttestMachine(goCtx context.Context, msg *types.MsgAttestMach

 	k.StoreMachine(ctx, *msg.Machine)
 	k.StoreMachineIndex(ctx, *msg.Machine)
-	err = k.StoreTrustAnchor(ctx, ta, true)
+	err := k.StoreTrustAnchor(ctx, ta, true)
 	if err != nil {
 		return nil, err
 	}