From bfa296bc1f0a6adcd228a43cd899724b50fed6b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=BCrgen=20Eckel?= <juergen@riddleandcode.com>
Date: Fri, 10 May 2024 10:32:02 +0200
Subject: [PATCH] * added go-utilsv0.1.0 * added secp256r1 machineIDSignature
 verification
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com>
---
 go.mod                                        |  1 +
 go.sum                                        |  2 +
 util/validate_signature.go                    | 53 -------------------
 x/machine/keeper/msg_server_attest_machine.go | 18 +++++--
 4 files changed, 17 insertions(+), 57 deletions(-)
 delete mode 100644 util/validate_signature.go

diff --git a/go.mod b/go.mod
index 2b4b74b..3fefe4e 100644
--- a/go.mod
+++ b/go.mod
@@ -148,6 +148,7 @@ require (
 	github.com/prometheus/procfs v0.9.0 // indirect
 	github.com/rakyll/statik v0.1.7 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
+	github.com/rddl-network/go-utils v0.1.0 // indirect
 	github.com/rogpeppe/go-internal v1.11.0 // indirect
 	github.com/rs/cors v1.8.3 // indirect
 	github.com/rs/zerolog v1.30.0 // indirect
diff --git a/go.sum b/go.sum
index 60cc8d5..80ad2ec 100644
--- a/go.sum
+++ b/go.sum
@@ -892,6 +892,8 @@ github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5X
 github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/rddl-network/elements-rpc v1.0.0 h1:geFcsaD1t2ONxRC13semPpiOwsJl0ZCfkFT9UIKPZFk=
 github.com/rddl-network/elements-rpc v1.0.0/go.mod h1:E35cJMXZqe1iEo/AvjwSWn25mHZ4+y4gV8qj0lWle5c=
+github.com/rddl-network/go-utils v0.1.0 h1:rrg0DPNRJltT5S6Ghsaz+bxkbRwjck2TIs4cKh4dWqw=
+github.com/rddl-network/go-utils v0.1.0/go.mod h1:RifhZOIhR9rPb41l9UmJmsii3G7dQyxJRzs0jvj602Q=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
diff --git a/util/validate_signature.go b/util/validate_signature.go
deleted file mode 100644
index e72d807..0000000
--- a/util/validate_signature.go
+++ /dev/null
@@ -1,53 +0,0 @@
-package util
-
-import (
-	"encoding/hex"
-	"errors"
-
-	"github.com/btcsuite/btcd/btcutil/hdkeychain"
-	"github.com/cosmos/cosmos-sdk/crypto/keys/secp256k1"
-)
-
-func ValidateSignature(message string, signature string, publicKey string) (bool, error) {
-	// Convert the message, signature, and public key from hex to bytes
-	messageBytes, err := hex.DecodeString(message)
-	if err != nil {
-		return false, errors.New("invalid message hex string")
-	}
-	return ValidateSignatureByteMsg(messageBytes, signature, publicKey)
-}
-
-func ValidateSignatureByteMsg(message []byte, signature string, publicKey string) (bool, error) {
-	// Convert  signature, and public key from hex to bytes
-	signatureBytes, err := hex.DecodeString(signature)
-	if err != nil {
-		return false, errors.New("invalid signature hex string")
-	}
-	publicKeyBytes, err := hex.DecodeString(publicKey)
-	if err != nil {
-		return false, errors.New("invalid public key hex string")
-	}
-
-	// Create a secp256k1 public key object
-	pubKey := &secp256k1.PubKey{Key: publicKeyBytes}
-
-	// Verify the signature
-	isValid := pubKey.VerifySignature(message, signatureBytes)
-	if !isValid {
-		return false, errors.New("invalid signature")
-	}
-	return isValid, nil
-}
-
-func GetHexPubKey(extPubKey string) (string, error) {
-	xpubKey, err := hdkeychain.NewKeyFromString(extPubKey)
-	if err != nil {
-		return "", err
-	}
-	pubKey, err := xpubKey.ECPubKey()
-	if err != nil {
-		return "", err
-	}
-	byteKey := pubKey.SerializeCompressed()
-	return hex.EncodeToString(byteKey), nil
-}
diff --git a/x/machine/keeper/msg_server_attest_machine.go b/x/machine/keeper/msg_server_attest_machine.go
index 21e952e..f0e3277 100644
--- a/x/machine/keeper/msg_server_attest_machine.go
+++ b/x/machine/keeper/msg_server_attest_machine.go
@@ -2,6 +2,7 @@ package keeper
 
 import (
 	"context"
+	"errors"
 	"fmt"
 
 	config "github.com/planetmint/planetmint-go/config"
@@ -13,6 +14,7 @@ import (
 
 	errorsmod "cosmossdk.io/errors"
 	sdk "github.com/cosmos/cosmos-sdk/types"
+	"github.com/rddl-network/go-utils/signature"
 )
 
 func (k msgServer) AttestMachine(goCtx context.Context, msg *types.MsgAttestMachine) (*types.MsgAttestMachineResponse, error) {
@@ -22,9 +24,17 @@ func (k msgServer) AttestMachine(goCtx context.Context, msg *types.MsgAttestMach
 	// and removed from here due to inconsistency or checking the same thing over and over again.
 	ta, _, _ := k.GetTrustAnchor(ctx, msg.Machine.MachineId)
 
-	isValidMachineID, err := util.ValidateSignature(msg.Machine.MachineId, msg.Machine.MachineIdSignature, msg.Machine.MachineId)
-	if !isValidMachineID {
-		return nil, err
+	isValidSecp256r1, errR1 := signature.ValidateSECP256R1Signature(msg.Machine.MachineId, msg.Machine.MachineIdSignature, msg.Machine.MachineId)
+	if errR1 != nil || !isValidSecp256r1 {
+		isValidSecp256k1, errK1 := signature.ValidateSignature(msg.Machine.MachineId, msg.Machine.MachineIdSignature, msg.Machine.MachineId)
+		if errK1 != nil || !isValidSecp256k1 {
+			errStr := ""
+			if errR1 != nil {
+				errStr = errR1.Error()
+			}
+			aggreatedErrorMessage := "Invalid machine signature: " + errStr + ", " + errK1.Error()
+			return nil, errors.New(aggreatedErrorMessage)
+		}
 	}
 
 	isValidIssuerPlanetmint := validateExtendedPublicKey(msg.Machine.IssuerPlanetmint, config.PlmntNetParams)
@@ -59,7 +69,7 @@ func (k msgServer) AttestMachine(goCtx context.Context, msg *types.MsgAttestMach
 
 	k.StoreMachine(ctx, *msg.Machine)
 	k.StoreMachineIndex(ctx, *msg.Machine)
-	err = k.StoreTrustAnchor(ctx, ta, true)
+	err := k.StoreTrustAnchor(ctx, ta, true)
 	if err != nil {
 		return nil, err
 	}