From df3b340252d2676592f4db6168b6c987b10aecf9 Mon Sep 17 00:00:00 2001 From: Elias Rodrigues Date: Fri, 3 Jul 2020 16:09:38 -0300 Subject: [PATCH 1/5] Add checksum validation for Ethereum address --- baked_in.go | 28 ++++++++++++++++++++++++++-- doc.go | 3 +-- go.mod | 1 + go.sum | 7 +++++++ validator_test.go | 26 ++++++++++++++++++++++---- 5 files changed, 57 insertions(+), 8 deletions(-) diff --git a/baked_in.go b/baked_in.go index 36e80572b..dbc80e877 100644 --- a/baked_in.go +++ b/baked_in.go @@ -4,6 +4,7 @@ import ( "bytes" "context" "crypto/sha256" + "encoding/hex" "encoding/json" "fmt" "net" @@ -16,6 +17,8 @@ import ( "time" "unicode/utf8" + "golang.org/x/crypto/sha3" + urn "github.com/leodido/go-urn" ) @@ -515,7 +518,7 @@ func isISBN10(fl FieldLevel) bool { return checksum%11 == 0 } -// IsEthereumAddress is the validation function for validating if the field's value is a valid ethereum address based currently only on the format +// IsEthereumAddress is the validation function for validating if the field's value is a valid Ethereum address. func isEthereumAddress(fl FieldLevel) bool { address := fl.Field().String() @@ -527,7 +530,28 @@ func isEthereumAddress(fl FieldLevel) bool { return true } - // checksum validation is blocked by https://github.com/golang/crypto/pull/28 + // Checksum validation. Reference: https://github.com/ethereum/EIPs/blob/master/EIPS/eip-55.md + digitValue := map[byte]int{ + '0': 0, '1': 1, '2': 2, '3': 3, '4': 4, + '5': 5, '6': 6, '7': 7, '8': 8, '9': 9, + 'a': 10, 'b': 11, 'c': 12, + 'd': 13, 'e': 14, 'f': 15, + } + address = address[2:] + h := sha3.NewLegacyKeccak256() + h.Write([]byte(strings.ToLower(address))) + hash := hex.EncodeToString(h.Sum(nil)) + + for i := 0; i < len(address); i++ { + if address[i] <= '9' { + continue + } + nibble := digitValue[hash[i]] + + if nibble > 7 && address[i] >= 'a' || nibble <= 7 && address[i] < 'a' { + return false + } + } return true } diff --git a/doc.go b/doc.go index 4aba75f02..10b231f0a 100644 --- a/doc.go +++ b/doc.go @@ -766,8 +766,7 @@ Special thanks to Pieter Wuille for providng reference implementations. Ethereum Address This validates that a string value contains a valid ethereum address. -The format of the string is checked to ensure it matches the standard Ethereum address format -Full validation is blocked by https://github.com/golang/crypto/pull/28 +The format of the string is checked to ensure it matches the standard Ethereum address format. Usage: eth_addr diff --git a/go.mod b/go.mod index 21316b3ab..d457100ea 100644 --- a/go.mod +++ b/go.mod @@ -7,4 +7,5 @@ require ( github.com/go-playground/locales v0.13.0 github.com/go-playground/universal-translator v0.17.0 github.com/leodido/go-urn v1.2.0 + golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 ) diff --git a/go.sum b/go.sum index dc7dec4de..015264273 100644 --- a/go.sum +++ b/go.sum @@ -13,6 +13,13 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= diff --git a/validator_test.go b/validator_test.go index e76a3cd95..728669781 100644 --- a/validator_test.go +++ b/validator_test.go @@ -4653,11 +4653,29 @@ func TestEthereumAddressValidation(t *testing.T) { param string expected bool }{ - {"", false}, - {"0x02F9AE5f22EA3fA88F05780B30385bEC", false}, - {"123f681646d4a755815f9cb19e1acc8565a0c2ac", false}, - {"0x02F9AE5f22EA3fA88F05780B30385bECFacbf130", true}, + // All caps. + {"0x52908400098527886E0F7030069857D2E4169EE7", true}, + {"0x8617E340B3D01FA5F11F306F4090FD50E238070D", true}, + + // All lower. + {"0xde709f2102306220921060314715629080e2fb77", true}, + {"0x27b1fdb04752bbc536007a920d24acb045561c26", true}, {"0x123f681646d4a755815f9cb19e1acc8565a0c2ac", true}, + + // Mixed case: runs checksum validation. + {"0x02F9AE5f22EA3fA88F05780B30385bECFacbf130", true}, + {"0x5aAeb6053F3E94C9b9A09f33669435E7Ef1BeAed", true}, + {"0xfB6916095ca1df60bB79Ce92cE3Ea74c37c5d359", true}, + {"0xdbF03B407c01E7cD3CBea99509d93f8DDDC8C6FB", true}, + {"0xD1220A0cf47c7B9Be7A2E6BA89F429762e7b9aDb", true}, + {"0xD1220A0cf47c7B9Be7A2E6BA89F429762e7b9aDB", false}, // Invalid checksum. + + // Other. + {"", false}, + {"D1220A0cf47c7B9Be7A2E6BA89F429762e7b9aDb", false}, // Missing "0x" prefix. + {"0xD1220A0cf47c7B9Be7A2E6BA89F429762e7b9aDbc", false}, // More than 40 hex digits. + {"0xD1220A0cf47c7B9Be7A2E6BA89F429762e7b9aD", false}, // Less than 40 hex digits. + {"0xD1220A0cf47c7B9Be7A2E6BA89F429762e7b9aDw", false}, // Invalid hex digit "w". } for i, test := range tests { From d730897e014c05ee105b6513169dfa32ec4a4deb Mon Sep 17 00:00:00 2001 From: Elias Rodrigues Date: Fri, 3 Jul 2020 23:58:12 -0300 Subject: [PATCH 2/5] digitValue var isn't needed --- baked_in.go | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/baked_in.go b/baked_in.go index dbc80e877..d3884a9ce 100644 --- a/baked_in.go +++ b/baked_in.go @@ -531,12 +531,6 @@ func isEthereumAddress(fl FieldLevel) bool { } // Checksum validation. Reference: https://github.com/ethereum/EIPs/blob/master/EIPS/eip-55.md - digitValue := map[byte]int{ - '0': 0, '1': 1, '2': 2, '3': 3, '4': 4, - '5': 5, '6': 6, '7': 7, '8': 8, '9': 9, - 'a': 10, 'b': 11, 'c': 12, - 'd': 13, 'e': 14, 'f': 15, - } address = address[2:] h := sha3.NewLegacyKeccak256() h.Write([]byte(strings.ToLower(address))) @@ -546,9 +540,8 @@ func isEthereumAddress(fl FieldLevel) bool { if address[i] <= '9' { continue } - nibble := digitValue[hash[i]] - if nibble > 7 && address[i] >= 'a' || nibble <= 7 && address[i] < 'a' { + if hash[i] > '7' && address[i] >= 'a' || hash[i] <= '7' && address[i] < 'a' { return false } } From dda0a55df2f69c0d80af5fa8f8c571fd95555b10 Mon Sep 17 00:00:00 2001 From: Elias Rodrigues Date: Sat, 4 Jul 2020 00:03:23 -0300 Subject: [PATCH 3/5] Add some comments and minor change for readability --- baked_in.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/baked_in.go b/baked_in.go index d3884a9ce..fab18d970 100644 --- a/baked_in.go +++ b/baked_in.go @@ -531,17 +531,16 @@ func isEthereumAddress(fl FieldLevel) bool { } // Checksum validation. Reference: https://github.com/ethereum/EIPs/blob/master/EIPS/eip-55.md - address = address[2:] + address = address[2:] // Skip "0x" prefix. h := sha3.NewLegacyKeccak256() h.Write([]byte(strings.ToLower(address))) hash := hex.EncodeToString(h.Sum(nil)) for i := 0; i < len(address); i++ { - if address[i] <= '9' { + if address[i] <= '9' { // Skip 0-9 digits: they don't have upper/lower-case. continue } - - if hash[i] > '7' && address[i] >= 'a' || hash[i] <= '7' && address[i] < 'a' { + if hash[i] > '7' && address[i] >= 'a' || hash[i] <= '7' && address[i] <= 'F' { return false } } From 6738ba7a94cd0120a92f543d236e900c792a691f Mon Sep 17 00:00:00 2001 From: Elias Rodrigues Date: Tue, 7 Jul 2020 10:45:05 -0300 Subject: [PATCH 4/5] Update baked_in.go Explicitly indicate we are ignoring errors from hash.Hash's io.Writer implementation Co-authored-by: Dean Karn --- baked_in.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/baked_in.go b/baked_in.go index fab18d970..4bd7f0351 100644 --- a/baked_in.go +++ b/baked_in.go @@ -533,7 +533,8 @@ func isEthereumAddress(fl FieldLevel) bool { // Checksum validation. Reference: https://github.com/ethereum/EIPs/blob/master/EIPS/eip-55.md address = address[2:] // Skip "0x" prefix. h := sha3.NewLegacyKeccak256() - h.Write([]byte(strings.ToLower(address))) + // hash.Hash's io.Writer implementation says it never returns an error. https://golang.org/pkg/hash/#Hash + _ , _ = h.Write([]byte(strings.ToLower(address))) hash := hex.EncodeToString(h.Sum(nil)) for i := 0; i < len(address); i++ { From 36e5791d1319cddc796b78a579033234b692dada Mon Sep 17 00:00:00 2001 From: Elias Rodrigues Date: Tue, 7 Jul 2020 11:08:06 -0300 Subject: [PATCH 5/5] Fix formatting --- baked_in.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/baked_in.go b/baked_in.go index 4bd7f0351..52e6bf56f 100644 --- a/baked_in.go +++ b/baked_in.go @@ -533,8 +533,8 @@ func isEthereumAddress(fl FieldLevel) bool { // Checksum validation. Reference: https://github.com/ethereum/EIPs/blob/master/EIPS/eip-55.md address = address[2:] // Skip "0x" prefix. h := sha3.NewLegacyKeccak256() - // hash.Hash's io.Writer implementation says it never returns an error. https://golang.org/pkg/hash/#Hash - _ , _ = h.Write([]byte(strings.ToLower(address))) + // hash.Hash's io.Writer implementation says it never returns an error. https://golang.org/pkg/hash/#Hash + _, _ = h.Write([]byte(strings.ToLower(address))) hash := hex.EncodeToString(h.Sum(nil)) for i := 0; i < len(address); i++ {