public/opentimestamps
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: public:v0.0.1
Branches Tags
public:master
public:v0.5.1 public:v0.5.0 public:v0.4.0 public:v0.3.0 public:v0.2.2 public:v0.2.1 public:v0.2.0 public:v0.1.0 public:v0.0.1
...
compare: public:master
Branches Tags
public:master
public:v0.5.1 public:v0.5.0 public:v0.4.0 public:v0.3.0 public:v0.2.2 public:v0.2.1 public:v0.2.0 public:v0.1.0 public:v0.0.1

24 Commits
v0.0.1 ... master

Author SHA1 Message Date
lcoffe
01a46df1f0 move pdf generation code from command to separate package 2025-04-11 22:38:48 +02:00
lcoffe
7d577f383e add pdf command, show block time in verify command 2025-04-11 13:57:38 +02:00
lcoffe
03f30f1968 refactor 2025-04-11 13:31:02 +02:00
fiatjaf
ba1196a962 File.Human() option to print partial results. 2024-10-27 09:37:34 -03:00
fiatjaf
a0aba28a2a return bitcoin transaction from sequence computation. 2024-10-27 09:37:17 -03:00
fiatjaf
4cb1ec89c0 use stdlib "slices". 2024-02-08 16:36:18 -03:00
fiatjaf
1b0ecd993e UpgradeSequence() instead of seq.Upgrade() and correct behavior. 2023-10-02 19:45:27 -03:00
fiatjaf
57291497e6 Sequence.GetAttestation() 2023-10-02 08:45:39 -03:00
fiatjaf
4f3422212a add license so pkg.go.dev works. 2023-09-30 14:52:54 -03:00
fiatjaf
dba106fc3e a readme. 2023-09-30 14:51:20 -03:00
fiatjaf
bbc37a4a1d rename struct field from .Instructions to .Sequences 2023-09-30 14:31:11 -03:00
fiatjaf
212b1c85b1 change sorting so bitcoin-attested sequences go after their counterparts that are just pending. 2023-09-30 14:12:27 -03:00
fiatjaf
cd3d6ee1a5 fix verifier condition. 2023-09-30 13:27:18 -03:00
fiatjaf
1b3227889e rename to nbd-wtf/opentimestamps. 2023-09-30 13:15:20 -03:00
fiatjaf
402291008e upgrade .SerializeInstructionSequences() to the crazy checkpointing scheme. 2023-09-30 13:14:54 -03:00
fiatjaf
ef94324f2e implement ripemd160 just so we can validate peter todd's old examples. 2023-09-28 15:35:07 -03:00
fiatjaf
7084284622 implement verifier. 2023-09-28 14:57:03 -03:00
fiatjaf
3e702d758e calendar upgrade functionality. 2023-09-27 20:32:50 -03:00
fiatjaf
b6c735501d remove println calls. 2023-09-27 08:59:15 -03:00
fiatjaf
46a1de627a fix interpretation of 0xff: checkpoints you can pick up and store in your pocket. 2023-09-26 23:29:14 -03:00
fiatjaf
3c38206ce3 parsing from file fixes + pretty printing. 2023-09-25 06:03:35 -03:00
fiatjaf
619f2cb453 implement the basic binary parsing logic. 2023-09-21 18:09:20 -03:00
fiatjaf
a0d8e40379 delete things to start fresh. 2023-09-20 10:13:13 -03:00
fiatjaf
cd227e6986 simplify codebase. 2023-09-19 21:18:40 -03:00
64 changed files with 2631 additions and 1934 deletions
Expand all files Collapse all files

203
LICENSE
View File

@@ -1,202 +1,7 @@
This is free and unencumbered software released into the public domain.
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
Anyone is free to copy, modify, publish, use, compile, sell, or distribute this software, either in source code form or as a compiled binary, for any purpose, commercial or non-commercial, and by any means.
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
In jurisdictions that recognize copyright laws, the author or authors of this software dedicate any and all copyright interest in the software to the public domain. We make this dedication for the benefit of the public at large and to the detriment of our heirs and successors. We intend this dedication to be an overt act of relinquishment in perpetuity of all present and future rights to this software under copyright law.
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

179
README.md
View File

@@ -1,23 +1,176 @@
# opentimestamps
Go port of https://github.com/opentimestamps/python-opentimestamps.
A fork of [github.com/nbd-wtf/opentimestamps](https://github.com/nbd-wtf/opentimestamps) that lets you interact with calendar servers, create and verify OTS attestations.
Copied from https://github.com/BlockchainSource/go-opentimestamps.
# How to use
# Done
Here's an example of how to use the library to create a timestamp, attempt to upgrade it periodically, and display information about it:
* Byte-level serialization format
* Timestamp parsing
* Creating pending timestamps
* Upgrading pending timestamps
* Bitcoin Timestamp verification
```go
package main
# To do
import (
"context"
"crypto/sha256"
"fmt"
"os"
"time"
* Support for multiple timestamp servers
* Proper timestamp merging (on upgrade)
* More conformant serialization (sorting)
"git.intruders.space/public/opentimestamps"
"git.intruders.space/public/opentimestamps/ots"
)
func main() {
// Read a file to timestamp
fileData, err := os.ReadFile("document.txt")
if err != nil {
fmt.Println("Error reading file:", err)
return
}
// Calculate the digest
digest := sha256.Sum256(fileData)
fmt.Printf("File digest: %x\n", digest)
// Define calendar servers
calendars := []string{
"https://alice.btc.calendar.opentimestamps.org",
"https://bob.btc.calendar.opentimestamps.org",
"https://finney.calendar.eternitywall.com",
}
// Create a timestamp using each calendar
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
var sequences []ots.Sequence
for _, calendarURL := range calendars {
fmt.Printf("Submitting to %s...\n", calendarURL)
seq, err := opentimestamps.Stamp(ctx, calendarURL, digest)
if err != nil {
fmt.Printf("Failed to submit to %s: %v\n", calendarURL, err)
continue
}
fmt.Printf("Submission to %s successful\n", calendarURL)
sequences = append(sequences, seq)
}
if len(sequences) == 0 {
fmt.Println("Failed to create any timestamps")
return
}
// Create the timestamp file
file := &ots.File{
Digest: digest[:],
Sequences: sequences,
}
// Save the OTS file
otsData := file.SerializeToFile()
if err := os.WriteFile("document.txt.ots", otsData, 0644); err != nil {
fmt.Println("Failed to save OTS file:", err)
return
}
fmt.Println("Timestamp file created successfully")
// Display initial timestamp info
fmt.Println("\nInitial timestamp info:")
fmt.Println(file.Human(false))
// Attempt to upgrade the timestamp every 20 minutes
fmt.Println("\nWill check for upgrades every 20 minutes...")
maxAttempts := 12 // Try for about 4 hours (12 * 20 minutes)
for attempt := 0; attempt < maxAttempts; attempt++ {
if attempt > 0 {
fmt.Printf("\nWaiting 20 minutes before next upgrade attempt (%d/%d)...\n", attempt+1, maxAttempts)
time.Sleep(20 * time.Minute)
}
upgraded := false
pendingSequences := file.GetPendingSequences()
if len(pendingSequences) == 0 {
fmt.Println("No pending sequences to upgrade")
break
}
fmt.Printf("Attempting to upgrade %d pending sequences...\n", len(pendingSequences))
upgradeCtx, upgradeCancel := context.WithTimeout(context.Background(), 30*time.Second)
for _, seq := range pendingSequences {
att := seq.GetAttestation()
fmt.Printf("Trying to upgrade sequence from %s...\n", att.CalendarServerURL)
upgradedSeq, err := opentimestamps.UpgradeSequence(upgradeCtx, seq, digest[:])
if err != nil {
fmt.Printf("Failed to upgrade sequence from %s: %v\n", att.CalendarServerURL, err)
continue
}
// Replace the sequence in the file
for i, origSeq := range file.Sequences {
origAtt := origSeq.GetAttestation()
if origAtt.CalendarServerURL == att.CalendarServerURL {
file.Sequences[i] = upgradedSeq
upgraded = true
newAtt := upgradedSeq.GetAttestation()
if newAtt.BitcoinBlockHeight > 0 {
fmt.Printf("Sequence upgraded! Confirmed in Bitcoin block %d\n", newAtt.BitcoinBlockHeight)
} else {
fmt.Println("Sequence updated but still pending")
}
break
}
}
}
upgradeCancel()
if upgraded {
// Save the upgraded file
otsData = file.SerializeToFile()
if err := os.WriteFile("document.txt.ots", otsData, 0644); err != nil {
fmt.Println("Failed to save upgraded OTS file:", err)
} else {
fmt.Println("Upgraded timestamp file saved")
}
}
// If all sequences are confirmed, we're done
if len(file.GetPendingSequences()) == 0 {
fmt.Println("All sequences are now confirmed in the Bitcoin blockchain!")
break
}
}
// Final report
fmt.Println("\nFinal timestamp status:")
confirmedSeqs := file.GetBitcoinAttestedSequences()
pendingSeqs := file.GetPendingSequences()
fmt.Printf("Confirmed attestations: %d\n", len(confirmedSeqs))
for _, seq := range confirmedSeqs {
att := seq.GetAttestation()
fmt.Printf("- Confirmed in Bitcoin block %d\n", att.BitcoinBlockHeight)
}
fmt.Printf("Pending attestations: %d\n", len(pendingSeqs))
for _, seq := range pendingSeqs {
att := seq.GetAttestation()
fmt.Printf("- Still pending at %s\n", att.CalendarServerURL)
}
fmt.Println("\nDetailed timestamp info:")
fmt.Println(file.Human(true))
}
```
This repository includes an `ots` command line tool which provides a convenient interface to the core library functionality. Run it without arguments to see usage information.
You can also take a look at the original [`ots`](https://github.com/fiatjaf/ots) CLI which is another implementation based on the same concepts.
# License
Apache 2.0
Public Domain

183
attestations.go
View File

@@ -1,183 +0,0 @@
package opentimestamps
import (
"bytes"
"fmt"
)
const (
attestationTagSize = 8
attestationMaxPayloadSize = 8192
pendingAttestationMaxUriLength = 1000
)
var (
bitcoinAttestationTag = mustDecodeHex("0588960d73d71901")
pendingAttestationTag = mustDecodeHex("83dfe30d2ef90c8e")
)
type Attestation interface {
tag() []byte
decode(*deserializationContext) (Attestation, error)
encode(*serializationContext) error
}
type baseAttestation struct {
fixedTag []byte
}
func (b *baseAttestation) tag() []byte {
return b.fixedTag
}
type pendingAttestation struct {
baseAttestation
uri string
}
func newPendingAttestation() *pendingAttestation {
return &pendingAttestation{
baseAttestation: baseAttestation{
fixedTag: pendingAttestationTag,
},
}
}
func (p *pendingAttestation) decode(
ctx *deserializationContext,
) (Attestation, error) {
uri, err := ctx.readVarBytes(0, pendingAttestationMaxUriLength)
if err != nil {
return nil, err
}
// TODO utf8 checks
ret := *p
ret.uri = string(uri)
return &ret, nil
}
func (p *pendingAttestation) encode(ctx *serializationContext) error {
return ctx.writeVarBytes([]byte(p.uri))
}
func (p *pendingAttestation) String() string {
return fmt.Sprintf("VERIFY PendingAttestation(url=%s)", p.uri)
}
type BitcoinAttestation struct {
baseAttestation
Height uint64
}
func newBitcoinAttestation() *BitcoinAttestation {
return &BitcoinAttestation{
baseAttestation: baseAttestation{bitcoinAttestationTag},
}
}
func (b *BitcoinAttestation) String() string {
return fmt.Sprintf("VERIFY BitcoinAttestation(height=%d)", b.Height)
}
func (b *BitcoinAttestation) decode(
ctx *deserializationContext,
) (Attestation, error) {
height, err := ctx.readVarUint()
if err != nil {
return nil, err
}
ret := *b
ret.Height = height
return &ret, nil
}
func (b *BitcoinAttestation) encode(ctx *serializationContext) error {
return ctx.writeVarUint(uint64(b.Height))
}
const hashMerkleRootSize = 32
//
func (b *BitcoinAttestation) VerifyAgainstBlockHash(
digest, blockHash []byte,
) error {
if len(digest) != hashMerkleRootSize {
return fmt.Errorf("invalid digest size %d", len(digest))
}
if !bytes.Equal(digest, blockHash) {
return fmt.Errorf(
"hash mismatch digest=%x blockHash=%x",
digest, blockHash,
)
}
return nil
}
// This is a catch-all for when we don't know how to parse it
type unknownAttestation struct {
tagBytes []byte
bytes []byte
}
func (u unknownAttestation) tag() []byte {
return u.tagBytes
}
func (unknownAttestation) decode(*deserializationContext) (Attestation, error) {
panic("not implemented")
}
func (unknownAttestation) encode(*serializationContext) error {
panic("not implemented")
}
func (u unknownAttestation) String() string {
return fmt.Sprintf("UnknownAttestation(bytes=%q)", u.bytes)
}
var attestations []Attestation = []Attestation{
newPendingAttestation(),
newBitcoinAttestation(),
}
func encodeAttestation(ctx *serializationContext, att Attestation) error {
if err := ctx.writeBytes(att.tag()); err != nil {
return err
}
buf := &bytes.Buffer{}
if err := att.encode(&serializationContext{buf}); err != nil {
return err
}
return ctx.writeVarBytes(buf.Bytes())
}
func ParseAttestation(ctx *deserializationContext) (Attestation, error) {
tag, err := ctx.readBytes(attestationTagSize)
if err != nil {
return nil, err
}
attBytes, err := ctx.readVarBytes(
0, attestationMaxPayloadSize,
)
if err != nil {
return nil, err
}
attCtx := newDeserializationContext(
bytes.NewBuffer(attBytes),
)
for _, a := range attestations {
if bytes.Equal(tag, a.tag()) {
att, err := a.decode(attCtx)
if err != nil {
return nil, err
}
if !attCtx.assertEOF() {
return nil, fmt.Errorf("expected EOF in attCtx")
}
return att, nil
}
}
return unknownAttestation{tag, attBytes}, nil
}

99
client/bitcoin.go
View File

@@ -1,99 +0,0 @@
package client
import (
"fmt"
"math"
"time"
"github.com/fiatjaf/opentimestamps"
"github.com/btcsuite/btcd/rpcclient"
)
// A BitcoinAttestationVerifier uses a bitcoin RPC connection to verify bitcoin
// headers.
type BitcoinAttestationVerifier struct {
btcrpcClient *rpcclient.Client
}
func NewBitcoinAttestationVerifier(
c *rpcclient.Client,
) *BitcoinAttestationVerifier {
return &BitcoinAttestationVerifier{c}
}
// VerifyAttestation checks a BitcoinAttestation using a given hash digest. It
// returns the time of the block if the verification succeeds, an error
// otherwise.
func (v *BitcoinAttestationVerifier) VerifyAttestation(
digest []byte, a *opentimestamps.BitcoinAttestation,
) (*time.Time, error) {
if a.Height > math.MaxInt64 {
return nil, fmt.Errorf("illegal block height")
}
blockHash, err := v.btcrpcClient.GetBlockHash(int64(a.Height))
if err != nil {
return nil, err
}
h, err := v.btcrpcClient.GetBlockHeader(blockHash)
if err != nil {
return nil, err
}
merkleRootBytes := h.MerkleRoot[:]
err = a.VerifyAgainstBlockHash(digest, merkleRootBytes)
if err != nil {
return nil, err
}
utc := h.Timestamp.UTC()
return &utc, nil
}
// A BitcoinVerification is the result of verifying a BitcoinAttestation
type BitcoinVerification struct {
Timestamp *opentimestamps.Timestamp
Attestation *opentimestamps.BitcoinAttestation
AttestationTime *time.Time
Error error
}
// BitcoinVerifications returns the all bitcoin attestation results for the
// timestamp.
func (v *BitcoinAttestationVerifier) BitcoinVerifications(
t *opentimestamps.Timestamp,
) (res []BitcoinVerification) {
t.Walk(func(ts *opentimestamps.Timestamp) {
for _, att := range ts.Attestations {
btcAtt, ok := att.(*opentimestamps.BitcoinAttestation)
if !ok {
continue
}
attTime, err := v.VerifyAttestation(ts.Message, btcAtt)
res = append(res, BitcoinVerification{
Timestamp: ts,
Attestation: btcAtt,
AttestationTime: attTime,
Error: err,
})
}
})
return res
}
// Verify returns the earliest bitcoin-attested time, or nil if none can be
// found or verified successfully.
func (v *BitcoinAttestationVerifier) Verify(
t *opentimestamps.Timestamp,
) (ret *time.Time, err error) {
res := v.BitcoinVerifications(t)
for _, r := range res {
if r.Error != nil {
err = r.Error
continue
}
if ret == nil || r.AttestationTime.Before(*ret) {
ret = r.AttestationTime
}
}
return
}

83
client/bitcoin_test.go
View File

@@ -1,83 +0,0 @@
package client
import (
"fmt"
"net/url"
"os"
"testing"
"time"
"github.com/btcsuite/btcd/rpcclient"
"github.com/fiatjaf/opentimestamps"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
const envvarRPCURL = "GOTS_TEST_BITCOIN_RPC"
func newTestBTCConn() (*rpcclient.Client, error) {
val := os.Getenv(envvarRPCURL)
if val == "" {
return nil, fmt.Errorf("envvar %q unset", envvarRPCURL)
}
connData, err := url.Parse(val)
if err != nil {
return nil, fmt.Errorf(
"could not parse %q=%q: %v", envvarRPCURL, val, err,
)
}
host := connData.Host
if connData.User == nil {
return nil, fmt.Errorf("no Userinfo in parsed url")
}
username := connData.User.Username()
password, ok := connData.User.Password()
if !ok {
return nil, fmt.Errorf("no password given in RPC URL")
}
connCfg := &rpcclient.ConnConfig{
Host: host,
User: username,
Pass: password,
HTTPPostMode: true,
DisableTLS: true,
}
return rpcclient.New(connCfg, nil)
}
func TestVerifyHelloWorld(t *testing.T) {
if os.Getenv(envvarRPCURL) == "" {
t.Skipf("envvar %s unset, skipping", envvarRPCURL)
}
// Format RFC3339
expectedTime := "2015-05-28T15:41:18Z"
helloWorld, err := opentimestamps.NewDetachedTimestampFromPath(
"../examples/hello-world.txt.ots",
)
require.NoError(t, err)
ts := helloWorld.Timestamp
btcConn, err := newTestBTCConn()
require.NoError(t, err)
verifier := BitcoinAttestationVerifier{btcConn}
// using BitcoinVerifications()
results := verifier.BitcoinVerifications(ts)
assert.Equal(t, 1, len(results))
result0 := results[0]
require.NoError(t, result0.Error)
assert.Equal(
t, expectedTime, result0.AttestationTime.Format(time.RFC3339),
)
// using Verify()
verifiedTime, err := verifier.Verify(ts)
require.NoError(t, err)
require.NotNil(t, verifiedTime)
assert.Equal(t, expectedTime, verifiedTime.Format(time.RFC3339))
}

158
cmd/example/main.go Normal file
View File

@@ -0,0 +1,158 @@
package main
import (
"context"
"crypto/sha256"
"fmt"
"os"
"time"
"git.intruders.space/public/opentimestamps"
"git.intruders.space/public/opentimestamps/ots"
)
func main() {
// Read a file to timestamp
fileData, err := os.ReadFile("document.txt")
if err != nil {
fmt.Println("Error reading file:", err)
return
}
// Calculate the digest
digest := sha256.Sum256(fileData)
fmt.Printf("File digest: %x\n", digest)
// Define calendar servers
calendars := []string{
"https://alice.btc.calendar.opentimestamps.org",
"https://bob.btc.calendar.opentimestamps.org",
"https://finney.calendar.eternitywall.com",
}
// Create a timestamp using each calendar
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
var sequences []ots.Sequence
for _, calendarURL := range calendars {
fmt.Printf("Submitting to %s...\n", calendarURL)
seq, err := opentimestamps.Stamp(ctx, calendarURL, digest)
if err != nil {
fmt.Printf("Failed to submit to %s: %v\n", calendarURL, err)
continue
}
fmt.Printf("Submission to %s successful\n", calendarURL)
sequences = append(sequences, seq)
}
if len(sequences) == 0 {
fmt.Println("Failed to create any timestamps")
return
}
// Create the timestamp file
file := &ots.File{
Digest: digest[:],
Sequences: sequences,
}
// Save the OTS file
otsData := file.SerializeToFile()
if err := os.WriteFile("document.txt.ots", otsData, 0644); err != nil {
fmt.Println("Failed to save OTS file:", err)
return
}
fmt.Println("Timestamp file created successfully")
// Display initial timestamp info
fmt.Println("\nInitial timestamp info:")
fmt.Println(file.Human(false))
// Attempt to upgrade the timestamp every 20 minutes
fmt.Println("\nWill check for upgrades every 20 minutes...")
maxAttempts := 12 // Try for about 4 hours (12 * 20 minutes)
for attempt := 0; attempt < maxAttempts; attempt++ {
if attempt > 0 {
fmt.Printf("\nWaiting 20 minutes before next upgrade attempt (%d/%d)...\n", attempt+1, maxAttempts)
time.Sleep(20 * time.Minute)
}
upgraded := false
pendingSequences := file.GetPendingSequences()
if len(pendingSequences) == 0 {
fmt.Println("No pending sequences to upgrade")
break
}
fmt.Printf("Attempting to upgrade %d pending sequences...\n", len(pendingSequences))
upgradeCtx, upgradeCancel := context.WithTimeout(context.Background(), 30*time.Second)
for _, seq := range pendingSequences {
att := seq.GetAttestation()
fmt.Printf("Trying to upgrade sequence from %s...\n", att.CalendarServerURL)
upgradedSeq, err := opentimestamps.UpgradeSequence(upgradeCtx, seq, digest[:])
if err != nil {
fmt.Printf("Failed to upgrade sequence from %s: %v\n", att.CalendarServerURL, err)
continue
}
// Replace the sequence in the file
for i, origSeq := range file.Sequences {
origAtt := origSeq.GetAttestation()
if origAtt.CalendarServerURL == att.CalendarServerURL {
file.Sequences[i] = upgradedSeq
upgraded = true
newAtt := upgradedSeq.GetAttestation()
if newAtt.BitcoinBlockHeight > 0 {
fmt.Printf("Sequence upgraded! Confirmed in Bitcoin block %d\n", newAtt.BitcoinBlockHeight)
} else {
fmt.Println("Sequence updated but still pending")
}
break
}
}
}
upgradeCancel()
if upgraded {
// Save the upgraded file
otsData = file.SerializeToFile()
if err := os.WriteFile("document.txt.ots", otsData, 0644); err != nil {
fmt.Println("Failed to save upgraded OTS file:", err)
} else {
fmt.Println("Upgraded timestamp file saved")
}
}
// If all sequences are confirmed, we're done
if len(file.GetPendingSequences()) == 0 {
fmt.Println("All sequences are now confirmed in the Bitcoin blockchain!")
break
}
}
// Final report
fmt.Println("\nFinal timestamp status:")
confirmedSeqs := file.GetBitcoinAttestedSequences()
pendingSeqs := file.GetPendingSequences()
fmt.Printf("Confirmed attestations: %d\n", len(confirmedSeqs))
for _, seq := range confirmedSeqs {
att := seq.GetAttestation()
fmt.Printf("- Confirmed in Bitcoin block %d\n", att.BitcoinBlockHeight)
}
fmt.Printf("Pending attestations: %d\n", len(pendingSeqs))
for _, seq := range pendingSeqs {
att := seq.GetAttestation()
fmt.Printf("- Still pending at %s\n", att.CalendarServerURL)
}
fmt.Println("\nDetailed timestamp info:")
fmt.Println(file.Human(true))
}

130
cmd/ots/create.go Normal file
View File

@@ -0,0 +1,130 @@
package main
import (
"context"
"crypto/sha256"
"fmt"
"log/slog"
"os"
"strings"
"time"
"git.intruders.space/public/opentimestamps"
"git.intruders.space/public/opentimestamps/ots"
"github.com/spf13/cobra"
)
// Default calendar servers
var defaultCalendars = []string{
"https://alice.btc.calendar.opentimestamps.org",
"https://bob.btc.calendar.opentimestamps.org",
"https://finney.calendar.eternitywall.com",
}
var (
// Create command flags
createOutput string
createCalendarsStr string
createTimeout time.Duration
)
// createCmd represents the create command
var createCmd = &cobra.Command{
Use: "create [flags] <file>",
Short: "Create a timestamp for a file",
Long: `Create a timestamp for a file by submitting its digest to OpenTimestamps calendar servers.
The resulting timestamp is saved to a .ots file, which can later be verified or upgraded.`,
Args: cobra.ExactArgs(1),
Run: runCreateCmd,
}
func init() {
// Local flags for the create command
createCmd.Flags().StringVarP(&createOutput, "output", "o", "", "Output filename (default: input filename with .ots extension)")
createCmd.Flags().StringVar(&createCalendarsStr, "calendar", strings.Join(defaultCalendars, ","), "Comma-separated list of calendar server URLs")
createCmd.Flags().DurationVar(&createTimeout, "timeout", 30*time.Second, "Timeout for calendar server connections")
}
func runCreateCmd(cmd *cobra.Command, args []string) {
inputPath := args[0]
// Determine output file path
outputPath := createOutput
if outputPath == "" {
outputPath = inputPath + ".ots"
}
// Parse calendar servers
calendars := strings.Split(createCalendarsStr, ",")
if len(calendars) == 0 {
calendars = defaultCalendars
}
// Read the input file
fileData, err := os.ReadFile(inputPath)
if err != nil {
slog.Error("Failed to read input file", "file", inputPath, "error", err)
os.Exit(1)
}
// Compute the file digest
digest := sha256.Sum256(fileData)
slog.Info("Computed file digest", "digest", fmt.Sprintf("%x", digest))
// Create context with timeout
ctx, cancel := context.WithTimeout(context.Background(), createTimeout)
defer cancel()
// Create timestamps using all calendar servers
var sequences []ots.Sequence
var errors []string
for _, calendarURL := range calendars {
calendarURL = strings.TrimSpace(calendarURL)
if calendarURL == "" {
continue
}
slog.Info("Submitting to calendar", "url", calendarURL)
seq, err := opentimestamps.Stamp(ctx, calendarURL, digest)
if err != nil {
slog.Warn("Calendar submission failed", "url", calendarURL, "error", err)
errors = append(errors, fmt.Sprintf("%s: %v", calendarURL, err))
continue
}
sequences = append(sequences, seq)
slog.Info("Calendar submission successful", "url", calendarURL)
}
if len(sequences) == 0 {
slog.Error("All calendar submissions failed", "errors", errors)
os.Exit(1)
}
// Create the timestamp file
file := &ots.File{
Digest: digest[:],
Sequences: sequences,
}
// Write the OTS file
otsData := file.SerializeToFile()
err = os.WriteFile(outputPath, otsData, 0644)
if err != nil {
slog.Error("Failed to write OTS file", "file", outputPath, "error", err)
os.Exit(1)
}
slog.Info("Timestamp file created successfully",
"file", outputPath,
"timestamps", len(sequences),
"size", len(otsData))
// Print human-readable representation
slog.Debug("Timestamp details", "info", file.Human(false))
slog.Info("Timestamp creation complete",
"status", "pending",
"note", "Use 'ots upgrade' to upgrade this timestamp when it's confirmed in the Bitcoin blockchain")
}

108
cmd/ots/info.go Normal file
View File

@@ -0,0 +1,108 @@
package main
import (
"encoding/hex"
"fmt"
"log/slog"
"os"
"strings"
"git.intruders.space/public/opentimestamps"
"git.intruders.space/public/opentimestamps/ots"
"github.com/spf13/cobra"
)
// infoCmd represents the info command
var infoCmd = &cobra.Command{
Use: "info [flags] <file.ots>",
Short: "Display information about a timestamp",
Long: `Display detailed information about a timestamp file in human-readable format.
Shows the file digest and the sequence of operations and attestations.`,
Args: cobra.ExactArgs(1),
Run: runInfoCmd,
}
func init() {
// No specific flags needed for info command
}
func runInfoCmd(cmd *cobra.Command, args []string) {
otsPath := args[0]
// Read and parse the OTS file
otsData, err := os.ReadFile(otsPath)
if err != nil {
slog.Error("Failed to read OTS file", "file", otsPath, "error", err)
os.Exit(1)
}
timestampFile, err := opentimestamps.ReadFromFile(otsData)
if err != nil {
slog.Error("Failed to parse OTS file", "file", otsPath, "error", err)
os.Exit(1)
}
// Print the timestamp information in the requested format
fmt.Printf("File sha256 hash: %s\n", hex.EncodeToString(timestampFile.Digest))
fmt.Println("Timestamp:")
// Format and print each sequence
for i, seq := range timestampFile.Sequences {
if i > 0 {
// Add a separator between sequences if needed
fmt.Println()
}
printSequenceInfo(seq, 0, timestampFile.Digest)
}
}
func printSequenceInfo(seq ots.Sequence, depth int, initialDigest []byte) {
prefix := strings.Repeat(" ", depth)
// Track the current result as we apply operations
current := initialDigest
// For the first level (depth 0), don't add the arrow
arrowPrefix := ""
if depth > 0 {
arrowPrefix = " -> "
}
for _, inst := range seq {
// Skip attestation for now, we'll handle it at the end
if inst.Attestation != nil {
continue
}
// Print operation
if inst.Operation != nil {
line := fmt.Sprintf("%s%s%s", prefix, arrowPrefix, inst.Operation.Name)
if inst.Operation.Binary {
line += fmt.Sprintf(" %s", hex.EncodeToString(inst.Argument))
}
fmt.Println(line)
// Update current result
current = inst.Operation.Apply(current, inst.Argument)
// Only show arrow prefix for the first line
arrowPrefix = ""
}
}
// Check if there's an attestation at the end
if len(seq) > 0 && seq[len(seq)-1].Attestation != nil {
att := seq[len(seq)-1].Attestation
var attLine string
if att.BitcoinBlockHeight > 0 {
attLine = fmt.Sprintf("verify BitcoinAttestation(block %d)", att.BitcoinBlockHeight)
} else if att.CalendarServerURL != "" {
attLine = fmt.Sprintf("verify PendingAttestation('%s')", att.CalendarServerURL)
}
if attLine != "" {
fmt.Printf("%s%s\n", prefix, attLine)
}
}
}

13
cmd/ots/main.go Normal file
View File

@@ -0,0 +1,13 @@
package main
import (
"fmt"
"os"
)
func main() {
if err := rootCmd.Execute(); err != nil {
fmt.Println(err)
os.Exit(1)
}
}

99
cmd/ots/pdf.go Normal file
View File

@@ -0,0 +1,99 @@
package main
import (
"log/slog"
"os"
"git.intruders.space/public/opentimestamps"
"git.intruders.space/public/opentimestamps/pdf"
"github.com/spf13/cobra"
)
var (
// PDF command flags
pdfOutput string
pdfIncludeContent bool
pdfTitle string
pdfComment string
pdfEsploraURL string
)
// pdfCmd represents the pdf command
var pdfCmd = &cobra.Command{
Use: "pdf [flags] <file> <file.ots>",
Short: "Generate a PDF certificate for a timestamp",
Long: `Generate a PDF certificate that explains how to verify the timestamp.
The PDF includes all necessary information such as hashes, operations,
and instructions for manual verification.`,
Args: cobra.ExactArgs(2),
Run: runPdfCmd,
}
func init() {
// Local flags for the pdf command
pdfCmd.Flags().StringVarP(&pdfOutput, "output", "o", "", "Output PDF filename (default: original filename with .pdf extension)")
pdfCmd.Flags().BoolVar(&pdfIncludeContent, "include-content", false, "Include the original file content in the PDF (for text files only)")
pdfCmd.Flags().StringVar(&pdfTitle, "title", "OpenTimestamps Certificate", "Title for the PDF document")
pdfCmd.Flags().StringVar(&pdfComment, "comment", "", "Additional comment to include in the certificate")
pdfCmd.Flags().StringVar(&pdfEsploraURL, "esplora", "https://blockstream.info/api", "URL of Esplora API for fetching block information")
}
func runPdfCmd(cmd *cobra.Command, args []string) {
filePath := args[0]
otsPath := args[1]
// Determine output file path
outputPath := pdfOutput
if outputPath == "" {
outputPath = filePath + ".certificate.pdf"
}
// Read the original file
fileData, err := os.ReadFile(filePath)
if err != nil {
slog.Error("Failed to read file", "file", filePath, "error", err)
os.Exit(1)
}
// Read and parse the OTS file
otsData, err := os.ReadFile(otsPath)
if err != nil {
slog.Error("Failed to read OTS file", "file", otsPath, "error", err)
os.Exit(1)
}
timestampFile, err := opentimestamps.ReadFromFile(otsData)
if err != nil {
slog.Error("Failed to parse OTS file", "file", otsPath, "error", err)
os.Exit(1)
}
// Set up PDF options from command line flags
options := pdf.CertificateOptions{
Title: pdfTitle,
Comment: pdfComment,
IncludeContent: pdfIncludeContent,
EsploraURL: pdfEsploraURL,
}
// Generate the PDF
pdfBuffer, err := pdf.GenerateCertificate(
filePath,
fileData,
timestampFile,
options,
)
if err != nil {
slog.Error("Failed to generate PDF", "error", err)
os.Exit(1)
}
// Write to file
err = pdf.WriteToFile(pdfBuffer, outputPath)
if err != nil {
slog.Error("Failed to write PDF to file", "file", outputPath, "error", err)
os.Exit(1)
}
slog.Info("PDF certificate generated successfully", "file", outputPath)
}

65
cmd/ots/root.go Normal file
View File

@@ -0,0 +1,65 @@
package main
import (
"log/slog"
"os"
"strings"
"github.com/spf13/cobra"
)
var (
// Global flags
jsonLog bool
logLevel string
)
// rootCmd represents the base command when called without any subcommands
var rootCmd = &cobra.Command{
Use: "ots",
Short: "OpenTimestamps CLI tool",
Long: `A command-line interface for OpenTimestamps operations.
It allows creating, verifying and upgrading timestamps for files.`,
PersistentPreRun: setupLogging,
}
func init() {
// Global flags for all commands
rootCmd.PersistentFlags().BoolVar(&jsonLog, "json", false, "Use JSON format for logging")
rootCmd.PersistentFlags().StringVar(&logLevel, "log-level", "info", "Log level: debug, info, warn, error")
// Add subcommands
rootCmd.AddCommand(createCmd)
rootCmd.AddCommand(verifyCmd)
rootCmd.AddCommand(upgradeCmd)
rootCmd.AddCommand(infoCmd)
rootCmd.AddCommand(pdfCmd)
}
// setupLogging configures the global logger based on the flags
func setupLogging(cmd *cobra.Command, args []string) {
loggerOptions := slog.HandlerOptions{}
switch strings.ToLower(logLevel) {
case "debug":
loggerOptions.Level = slog.LevelDebug
case "info":
loggerOptions.Level = slog.LevelInfo
case "warn":
loggerOptions.Level = slog.LevelWarn
case "error":
loggerOptions.Level = slog.LevelError
default:
loggerOptions.Level = slog.LevelInfo
}
var logHandler slog.Handler
if jsonLog {
logHandler = slog.NewJSONHandler(os.Stdout, &loggerOptions)
} else {
logHandler = slog.NewTextHandler(os.Stdout, &loggerOptions)
}
logger := slog.New(logHandler)
slog.SetDefault(logger)
}

138
cmd/ots/upgrade.go Normal file
View File

@@ -0,0 +1,138 @@
package main
import (
"context"
"log/slog"
"os"
"time"
"git.intruders.space/public/opentimestamps"
"github.com/spf13/cobra"
)
var (
// Upgrade command flags
upgradeOutput string
upgradeTimeout time.Duration
upgradeDryRun bool
)
// upgradeCmd represents the upgrade command
var upgradeCmd = &cobra.Command{
Use: "upgrade [flags] <file.ots>",
Short: "Upgrade a timestamp",
Long: `Upgrade a timestamp by checking if pending attestations have been confirmed in the Bitcoin blockchain.
If confirmed, the timestamp will be updated with the Bitcoin block information.`,
Args: cobra.ExactArgs(1),
Run: runUpgradeCmd,
}
func init() {
// Local flags for the upgrade command
upgradeCmd.Flags().StringVarP(&upgradeOutput, "output", "o", "", "Output filename (default: overwrites the input file)")
upgradeCmd.Flags().DurationVar(&upgradeTimeout, "timeout", 30*time.Second, "Timeout for calendar server connections")
upgradeCmd.Flags().BoolVar(&upgradeDryRun, "dry-run", false, "Don't write output file, just check if upgrade is possible")
}
func runUpgradeCmd(cmd *cobra.Command, args []string) {
inputPath := args[0]
// Determine output file path
outputPath := upgradeOutput
if outputPath == "" {
outputPath = inputPath
}
// Read and parse the OTS file
otsData, err := os.ReadFile(inputPath)
if err != nil {
slog.Error("Failed to read OTS file", "file", inputPath, "error", err)
os.Exit(1)
}
timestampFile, err := opentimestamps.ReadFromFile(otsData)
if err != nil {
slog.Error("Failed to parse OTS file", "file", inputPath, "error", err)
os.Exit(1)
}
// Get pending sequences to upgrade
pendingSequences := timestampFile.GetPendingSequences()
if len(pendingSequences) == 0 {
slog.Info("No pending timestamps found, file is already fully upgraded", "file", inputPath)
os.Exit(0)
}
slog.Info("Found pending timestamps", "count", len(pendingSequences))
// Create context with timeout
ctx, cancel := context.WithTimeout(context.Background(), upgradeTimeout)
defer cancel()
// Try to upgrade each pending sequence
upgradedCount := 0
for i, seq := range pendingSequences {
att := seq.GetAttestation()
slog.Info("Attempting to upgrade timestamp",
"index", i+1,
"calendar", att.CalendarServerURL)
upgraded, err := opentimestamps.UpgradeSequence(ctx, seq, timestampFile.Digest)
if err != nil {
slog.Warn("Upgrade failed",
"calendar", att.CalendarServerURL,
"error", err)
continue
}
// Replace the pending sequence with the upgraded one
for j, origSeq := range timestampFile.Sequences {
if origSeq[len(origSeq)-1].Attestation != nil &&
origSeq[len(origSeq)-1].Attestation.CalendarServerURL == att.CalendarServerURL {
timestampFile.Sequences[j] = upgraded
break
}
}
upgradedCount++
newAtt := upgraded.GetAttestation()
if newAtt.BitcoinBlockHeight > 0 {
slog.Info("Timestamp upgraded successfully",
"calendar", att.CalendarServerURL,
"block", newAtt.BitcoinBlockHeight)
} else {
slog.Info("Timestamp replaced but still pending", "calendar", att.CalendarServerURL)
}
}
if upgradedCount == 0 {
slog.Warn("No timestamps could be upgraded at this time. Try again later.", "file", inputPath)
if !upgradeDryRun {
os.Exit(1)
}
os.Exit(0)
}
// In dry run mode, don't write the file
if upgradeDryRun {
slog.Info("Dry run completed", "upgraded", upgradedCount, "total", len(pendingSequences))
os.Exit(0)
}
// Write the updated OTS file
newOtsData := timestampFile.SerializeToFile()
err = os.WriteFile(outputPath, newOtsData, 0644)
if err != nil {
slog.Error("Failed to write updated OTS file", "file", outputPath, "error", err)
os.Exit(1)
}
slog.Info("Timestamp file upgraded successfully",
"file", outputPath,
"upgraded", upgradedCount,
"total", len(pendingSequences))
// Print human-readable representation
slog.Debug("Updated timestamp details", "info", timestampFile.Human(false))
}

170
cmd/ots/verify.go Normal file
View File

@@ -0,0 +1,170 @@
package main
import (
"crypto/sha256"
"fmt"
"log/slog"
"os"
"strings"
"time"
"git.intruders.space/public/opentimestamps"
"git.intruders.space/public/opentimestamps/verifyer"
"github.com/btcsuite/btcd/rpcclient"
"github.com/spf13/cobra"
)
var (
// Verify command flags
verifyEsploraURL string
verifyBitcoindHost string
verifyBitcoindUser string
verifyBitcoindPass string
verifyTimeout time.Duration
)
// verifyCmd represents the verify command
var verifyCmd = &cobra.Command{
Use: "verify [flags] <file> <file.ots>",
Short: "Verify a timestamp",
Long: `Verify a timestamp against the Bitcoin blockchain.
It computes the file digest, checks it against the timestamp,
and verifies the timestamp against Bitcoin using either Esplora API or bitcoind.`,
Args: cobra.ExactArgs(2),
Run: runVerifyCmd,
}
func init() {
// Local flags for the verify command
verifyCmd.Flags().StringVar(&verifyEsploraURL, "esplora", "https://blockstream.info/api", "URL of Esplora API")
verifyCmd.Flags().StringVar(&verifyBitcoindHost, "bitcoind", "", "Host:port of bitcoind RPC (e.g. localhost:8332)")
verifyCmd.Flags().StringVar(&verifyBitcoindUser, "rpcuser", "", "Bitcoin RPC username")
verifyCmd.Flags().StringVar(&verifyBitcoindPass, "rpcpass", "", "Bitcoin RPC password")
verifyCmd.Flags().DurationVar(&verifyTimeout, "timeout", 30*time.Second, "Connection timeout")
}
func runVerifyCmd(cmd *cobra.Command, args []string) {
filePath := args[0]
otsPath := args[1]
// Read the original file
fileData, err := os.ReadFile(filePath)
if err != nil {
slog.Error("Failed to read file", "file", filePath, "error", err)
os.Exit(1)
}
// Compute the file digest
digest := sha256.Sum256(fileData)
slog.Debug("Computed file digest", "digest", digest)
// Read and parse the OTS file
otsData, err := os.ReadFile(otsPath)
if err != nil {
slog.Error("Failed to read OTS file", "file", otsPath, "error", err)
os.Exit(1)
}
timestampFile, err := opentimestamps.ReadFromFile(otsData)
if err != nil {
slog.Error("Failed to parse OTS file", "file", otsPath, "error", err)
os.Exit(1)
}
// Setup Bitcoin connection
var bitcoin verifyer.Bitcoin
if verifyBitcoindHost != "" {
if verifyBitcoindUser == "" || verifyBitcoindPass == "" {
slog.Error("Bitcoind RPC credentials required with --bitcoind")
os.Exit(1)
}
// Create bitcoind connection config
config := rpcclient.ConnConfig{
Host: verifyBitcoindHost,
User: verifyBitcoindUser,
Pass: verifyBitcoindPass,
HTTPPostMode: true,
DisableTLS: true,
}
btc, err := verifyer.NewBitcoindInterface(config)
if err != nil {
slog.Error("Failed to connect to bitcoind", "error", err)
os.Exit(1)
}
bitcoin = btc
slog.Info("Using bitcoind", "host", verifyBitcoindHost)
} else {
// Use Esplora API
bitcoin = verifyer.NewEsploraClient(verifyEsploraURL, verifyTimeout)
slog.Info("Using Esplora API", "url", verifyEsploraURL)
}
// Check if digests match
if string(digest[:]) != string(timestampFile.Digest) {
slog.Warn("File digest doesn't match timestamp digest",
"file_digest", digest,
"timestamp_digest", timestampFile.Digest)
}
// Get Bitcoin-attested sequences
bitcoinSequences := timestampFile.GetBitcoinAttestedSequences()
if len(bitcoinSequences) == 0 {
// If no Bitcoin sequences, check if there are pending sequences
pendingSequences := timestampFile.GetPendingSequences()
if len(pendingSequences) > 0 {
slog.Info("Timestamp is pending confirmation in the Bitcoin blockchain")
slog.Info("Use 'ots upgrade <file.ots>' to try upgrading it")
for _, seq := range pendingSequences {
att := seq.GetAttestation()
slog.Info("Pending at calendar", "url", att.CalendarServerURL)
}
} else {
slog.Error("No valid attestations found in this timestamp")
}
os.Exit(1)
}
// Verify each Bitcoin-attested sequence
verificationSuccess := false
for i, seq := range bitcoinSequences {
slog.Info("Verifying sequence", "index", i+1, "total", len(bitcoinSequences))
tx, err := seq.Verify(bitcoin, timestampFile.Digest)
if err != nil {
slog.Warn("Verification failed", "error", err)
continue
}
att := seq.GetAttestation()
// Get the block time
blockHash, err := bitcoin.GetBlockHash(int64(att.BitcoinBlockHeight))
blockTime := ""
if err == nil {
blockHeader, err := bitcoin.GetBlockHeader(blockHash)
if err == nil {
// Format the block time
blockTime = fmt.Sprintf(" (%s)", blockHeader.Timestamp.Format(time.RFC3339))
}
}
slog.Info("Verification successful",
"block_height", att.BitcoinBlockHeight,
"block_time", strings.TrimPrefix(blockTime, " "))
if tx != nil {
slog.Info("Bitcoin transaction", "txid", tx.TxHash().String())
}
verificationSuccess = true
}
if !verificationSuccess {
slog.Error("All verification attempts failed")
os.Exit(1)
}
slog.Info("Timestamp successfully verified")
}

26
commands.go
View File

@@ -1,26 +0,0 @@
package opentimestamps
import (
"crypto/sha256"
"io"
"os"
)
func CreateDetachedTimestampForFile(
path string, cal *RemoteCalendar,
) (*DetachedTimestamp, error) {
f, err := os.Open(path)
if err != nil {
return nil, err
}
hasher := sha256.New()
if _, err := io.Copy(hasher, f); err != nil {
return nil, err
}
digest := hasher.Sum([]byte{})
ts, err := cal.Submit(digest)
if err != nil {
return nil, err
}
return NewDetachedTimestamp(*opSHA256, digest, ts)
}

100
detached_timestamp.go
View File

@@ -1,100 +0,0 @@
package opentimestamps
import (
"bytes"
"fmt"
"io"
"os"
)
var fileHeaderMagic = []byte(
"\x00OpenTimestamps\x00\x00Proof\x00\xbf\x89\xe2\xe8\x84\xe8\x92\x94",
)
const (
minFileDigestLength = 20
maxFileDigestLength = 32
fileMajorVersion = 1
)
type DetachedTimestamp struct {
HashOp cryptOp
FileHash []byte
Timestamp *Timestamp
}
func (d *DetachedTimestamp) Dump() string {
w := &bytes.Buffer{}
fmt.Fprintf(
w, "File %s hash: %x\n", d.HashOp.name, d.Timestamp.Message,
)
fmt.Fprint(w, d.Timestamp.Dump())
return w.String()
}
func (d *DetachedTimestamp) encode(ctx *serializationContext) error {
if err := ctx.writeBytes(fileHeaderMagic); err != nil {
return err
}
if err := ctx.writeVarUint(fileMajorVersion); err != nil {
return err
}
if err := d.HashOp.encode(ctx); err != nil {
return err
}
if err := ctx.writeBytes(d.FileHash); err != nil {
return err
}
return d.Timestamp.encode(ctx)
}
func (d *DetachedTimestamp) WriteToStream(w io.Writer) error {
return d.encode(&serializationContext{w})
}
func NewDetachedTimestamp(
hashOp cryptOp, fileHash []byte, ts *Timestamp,
) (*DetachedTimestamp, error) {
if len(fileHash) != hashOp.digestLength {
return nil, fmt.Errorf(
"op %v expects %d byte digest, got %d",
hashOp, hashOp.digestLength, len(fileHash),
)
}
return &DetachedTimestamp{hashOp, fileHash, ts}, nil
}
func NewDetachedTimestampFromReader(r io.Reader) (*DetachedTimestamp, error) {
ctx := newDeserializationContext(r)
if err := ctx.assertMagic([]byte(fileHeaderMagic)); err != nil {
return nil, err
}
major, err := ctx.readVarUint()
if err != nil {
return nil, err
}
if major != uint64(fileMajorVersion) {
return nil, fmt.Errorf("unexpected major version %d", major)
}
fileHashOp, err := parseCryptOp(ctx)
if err != nil {
return nil, err
}
fileHash, err := ctx.readBytes(fileHashOp.digestLength)
if err != nil {
return nil, err
}
ts, err := newTimestampFromContext(ctx, fileHash)
if err != nil {
return nil, err
}
return &DetachedTimestamp{*fileHashOp, fileHash, ts}, nil
}
func NewDetachedTimestampFromPath(p string) (*DetachedTimestamp, error) {
f, err := os.Open(p)
if err != nil {
return nil, err
}
return NewDetachedTimestampFromReader(f)
}

110
detached_timestamp_test.go
View File

@@ -1,110 +0,0 @@
package opentimestamps
import (
"bytes"
"encoding/hex"
"io/ioutil"
"path/filepath"
"testing"
"github.com/stretchr/testify/assert"
)
func examplePaths() []string {
matches, err := filepath.Glob("./examples/*ots")
if err != nil {
panic(err)
}
return matches
}
func containsUnknownAttestation(ts *Timestamp) (res bool) {
ts.Walk(func(subTs *Timestamp) {
for _, att := range subTs.Attestations {
if _, ok := att.(unknownAttestation); ok {
res = true
}
}
})
return
}
func TestDecodeHelloWorld(t *testing.T) {
dts, err := NewDetachedTimestampFromPath(
"./examples/hello-world.txt.ots",
)
assert.NoError(t, err)
attCount := 0
checkAttestation := func(ts *Timestamp, att Attestation) {
assert.Equal(t, 0, attCount)
expectedAtt := newBitcoinAttestation()
expectedAtt.Height = 358391
assert.Equal(t, expectedAtt, att)
// If ts.Message is correct, opcode parsing and execution should
// have succeeded.
assert.Equal(t,
"007ee445d23ad061af4a36b809501fab1ac4f2d7e7a739817dd0cbb7ec661b8a",
hex.EncodeToString(ts.Message),
)
attCount += 1
}
dts.Timestamp.Walk(func(ts *Timestamp) {
for _, att := range ts.Attestations {
// this should be called exactly once
checkAttestation(ts, att)
}
})
assert.Equal(t, 1, attCount)
}
func TestDecodeEncodeAll(t *testing.T) {
for _, path := range examplePaths() {
t.Log(path)
dts, err := NewDetachedTimestampFromPath(path)
assert.NoError(t, err, path)
if containsUnknownAttestation(dts.Timestamp) {
t.Logf("skipping encode cycle: unknownAttestation")
continue
}
buf := &bytes.Buffer{}
err = dts.Timestamp.encode(&serializationContext{buf})
if !assert.NoError(t, err, path) {
continue
}
buf = bytes.NewBuffer(buf.Bytes())
ts1, err := NewTimestampFromReader(buf, dts.Timestamp.Message)
if !assert.NoError(t, err, path) {
continue
}
dts1, err := NewDetachedTimestamp(
dts.HashOp, dts.FileHash, ts1,
)
if !assert.NoError(t, err) {
continue
}
dts1Target := &bytes.Buffer{}
err = dts1.WriteToStream(dts1Target)
if !assert.NoError(t, err) {
continue
}
orgBytes, err := ioutil.ReadFile(path)
if !assert.NoError(t, err) {
continue
}
assert.Equal(t, orgBytes, dts1Target.Bytes())
t.Log("encode cycle success")
}
}

2
examples/bad-stamp.txt
View File

@@ -1,2 +0,0 @@
The timestamp on this file is well-formatted, but will fail Bitcoin block
header validation.

BIN
examples/bad-stamp.txt.ots
View File

Binary file not shown.

0
examples/empty
View File

BIN
examples/empty.ots
View File

Binary file not shown.

1
examples/hello-world.txt
View File

@@ -1 +0,0 @@
Hello World!

BIN
examples/hello-world.txt.ots
View File

Binary file not shown.

1
examples/incomplete.txt
View File

@@ -1 +0,0 @@
The timestamp on this file is incomplete, and can be upgraded.

BIN
examples/incomplete.txt.ots
View File

Binary file not shown.

2
examples/known-and-unknown-notary.txt
View File

@@ -1,2 +0,0 @@
This file's timestamp has two attestations, one from a known notary, and one
from an unknown notary.

BIN
examples/known-and-unknown-notary.txt.ots
View File

Binary file not shown.

2
examples/merkle1.txt
View File

@@ -1,2 +0,0 @@
This file is one of three different files that have been timestamped together
with a single merkle tree. (1/3)

BIN
examples/merkle1.txt.ots
View File

Binary file not shown.

2
examples/merkle2.txt
View File

@@ -1,2 +0,0 @@
This file is one of three different files that have been timestamped together
with a single merkle tree. (2/3)

BIN
examples/merkle2.txt.ots
View File

Binary file not shown.

2
examples/merkle3.txt
View File

@@ -1,2 +0,0 @@
This file is one of three different files that have been timestamped together
with a single merkle tree. (3/3)

BIN
examples/merkle3.txt.ots
View File

Binary file not shown.

1
examples/two-calendars.txt
View File

@@ -1 +0,0 @@
This file has an (incomplete) timestamp with two different calendars.

BIN
examples/two-calendars.txt.ots
View File

Binary file not shown.

1
examples/unknown-notary.txt
View File

@@ -1 +0,0 @@
This file's timestamp has a single attestation from an unknown notary.

BIN
examples/unknown-notary.txt.ots
View File

Binary file not shown.

1
fixtures/flatearthers-united.txt Normal file
View File

@@ -0,0 +1 @@
earth is flat

BIN
fixtures/flatearthers-united.txt.certificate.pdf Normal file
View File

Binary file not shown.

BIN
fixtures/flatearthers-united.txt.ots Normal file
View File

Binary file not shown.

29
go.mod
View File

@@ -1,25 +1,28 @@
module github.com/fiatjaf/opentimestamps
module git.intruders.space/public/opentimestamps
go 1.21
go 1.24.2
require (
github.com/btcsuite/btcd v0.23.4
github.com/sirupsen/logrus v1.9.3
github.com/stretchr/testify v1.8.4
golang.org/x/crypto v0.13.0
github.com/btcsuite/btcd v0.24.2
github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0
github.com/jung-kurt/gofpdf v1.16.2
github.com/spf13/cobra v1.9.1
github.com/stretchr/testify v1.10.0
golang.org/x/crypto v0.36.0
)
require (
github.com/btcsuite/btcd/btcec/v2 v2.1.3 // indirect
github.com/btcsuite/btcd/btcutil v1.1.0 // indirect
github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1 // indirect
github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f // indirect
github.com/btcsuite/btcd/btcec/v2 v2.3.4 // indirect
github.com/btcsuite/btcd/btcutil v1.1.6 // indirect
github.com/btcsuite/btclog v1.0.0 // indirect
github.com/btcsuite/go-socks v0.0.0-20170105172521-4720035b7bfd // indirect
github.com/btcsuite/websocket v0.0.0-20150119174127-31079b680792 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/decred/dcrd/crypto/blake256 v1.0.0 // indirect
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 // indirect
github.com/decred/dcrd/crypto/blake256 v1.1.0 // indirect
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
golang.org/x/sys v0.12.0 // indirect
github.com/spf13/pflag v1.0.6 // indirect
golang.org/x/sys v0.32.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)

64
go.sum
View File

@@ -1,18 +1,26 @@
github.com/aead/siphash v1.0.1/go.mod h1:Nywa3cDsYNNK3gaciGTWPwHt0wlpNV15vwmswBAUSII=
github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
github.com/btcsuite/btcd v0.20.1-beta/go.mod h1:wVuoA8VJLEcwgqHBwHmzLRazpKxTv13Px/pDuV7OomQ=
github.com/btcsuite/btcd v0.22.0-beta.0.20220111032746-97732e52810c/go.mod h1:tjmYdS6MLJ5/s0Fj4DbLgSbDHbEqLJrtnHecBFkdz5M=
github.com/btcsuite/btcd v0.23.4 h1:IzV6qqkfwbItOS/sg/aDfPDsjPP8twrCOE2R93hxMlQ=
github.com/btcsuite/btcd v0.23.4/go.mod h1:0QJIIN1wwIXF/3G/m87gIwGniDMDQqjVn4SZgnFpsYY=
github.com/btcsuite/btcd v0.23.5-0.20231215221805-96c9fd8078fd/go.mod h1:nm3Bko6zh6bWP60UxwoT5LzdGJsQJaPo6HjduXq9p6A=
github.com/btcsuite/btcd v0.24.2 h1:aLmxPguqxza+4ag8R1I2nnJjSu2iFn/kqtHTIImswcY=
github.com/btcsuite/btcd v0.24.2/go.mod h1:5C8ChTkl5ejr3WHj8tkQSCmydiMEPB0ZhQhehpq7Dgg=
github.com/btcsuite/btcd/btcec/v2 v2.1.0/go.mod h1:2VzYrv4Gm4apmbVVsSq5bqf1Ec8v56E48Vt0Y/umPgA=
github.com/btcsuite/btcd/btcec/v2 v2.1.3 h1:xM/n3yIhHAhHy04z4i43C8p4ehixJZMsnrVJkgl+MTE=
github.com/btcsuite/btcd/btcec/v2 v2.1.3/go.mod h1:ctjw4H1kknNJmRN4iP1R7bTQ+v3GJkZBd6mui8ZsAZE=
github.com/btcsuite/btcd/btcec/v2 v2.3.4 h1:3EJjcN70HCu/mwqlUsGK8GcNVyLVxFDlWurTXGPFfiQ=
github.com/btcsuite/btcd/btcec/v2 v2.3.4/go.mod h1:zYzJ8etWJQIv1Ogk7OzpWjowwOdXY1W/17j2MW85J04=
github.com/btcsuite/btcd/btcutil v1.0.0/go.mod h1:Uoxwv0pqYWhD//tfTiipkxNfdhG9UrLwaeswfjfdF0A=
github.com/btcsuite/btcd/btcutil v1.1.0 h1:MO4klnGY+EWJdoWF12Wkuf4AWDBPMpZNeN/jRLrklUU=
github.com/btcsuite/btcd/btcutil v1.1.0/go.mod h1:5OapHB7A2hBBWLm48mmw4MOHNJCcUBTwmWH/0Jn8VHE=
github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1 h1:q0rUy8C/TYNBQS1+CGKw68tLOFYSNEs0TFnxxnS9+4U=
github.com/btcsuite/btcd/btcutil v1.1.5/go.mod h1:PSZZ4UitpLBWzxGd5VGOrLnmOjtPP/a6HaFo12zMs00=
github.com/btcsuite/btcd/btcutil v1.1.6 h1:zFL2+c3Lb9gEgqKNzowKUPQNb8jV7v5Oaodi/AYFd6c=
github.com/btcsuite/btcd/btcutil v1.1.6/go.mod h1:9dFymx8HpuLqBnsPELrImQeTQfKBQqzqGbbV3jK55aE=
github.com/btcsuite/btcd/chaincfg/chainhash v1.0.0/go.mod h1:7SFka0XMvUgj3hfZtydOrQY2mwhPclbT2snogU7SQQc=
github.com/btcsuite/btcd/chaincfg/chainhash v1.0.1/go.mod h1:7SFka0XMvUgj3hfZtydOrQY2mwhPclbT2snogU7SQQc=
github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f h1:bAs4lUbRJpnnkd9VhRV3jjAVU7DJVjMaK+IsvSeZvFo=
github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0 h1:59Kx4K6lzOW5w6nFlA0v5+lk/6sjybR934QNHSJZPTQ=
github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0/go.mod h1:7SFka0XMvUgj3hfZtydOrQY2mwhPclbT2snogU7SQQc=
github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f/go.mod h1:TdznJufoqS23FtqVCzL0ZqgP5MqXbb4fg/WgDys70nA=
github.com/btcsuite/btclog v1.0.0 h1:sEkpKJMmfGiyZjADwEIgB1NSwMyfdD1FB8v6+w1T0Ns=
github.com/btcsuite/btclog v1.0.0/go.mod h1:w7xnGOhwT3lmrS4H3b/D1XAXxvh+tbhUm8xeHN2y3TQ=
github.com/btcsuite/btcutil v0.0.0-20190425235716-9e5f4b9a998d/go.mod h1:+5NJ2+qvTyV9exUAL/rxXi3DcLg2Ts+ymUAY5y4NvMg=
github.com/btcsuite/go-socks v0.0.0-20170105172521-4720035b7bfd h1:R/opQEbFEy9JGkIguV40SvRY1uliPX8ifOvi6ICsFCw=
github.com/btcsuite/go-socks v0.0.0-20170105172521-4720035b7bfd/go.mod h1:HHNXQzUsZCxOoE+CPiyCTO6x34Zs86zZUiwtpXoGdtg=
@@ -23,14 +31,17 @@ github.com/btcsuite/snappy-go v1.0.0/go.mod h1:8woku9dyThutzjeg+3xrA5iCpBRH8XEEg
github.com/btcsuite/websocket v0.0.0-20150119174127-31079b680792 h1:R8vQdOQdZ9Y3SkEwmHoWBmX1DNXhXZqlTpq6s4tyJGc=
github.com/btcsuite/websocket v0.0.0-20150119174127-31079b680792/go.mod h1:ghJtEyQwv5/p4Mg4C0fgbePVuGr935/5ddU9Z3TmDRY=
github.com/btcsuite/winsvc v1.0.0/go.mod h1:jsenWakMcC0zFBFurPLEAyrnc/teJEM1O46fmI40EZs=
github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
github.com/davecgh/go-spew v0.0.0-20171005155431-ecdeabc65495/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/decred/dcrd/crypto/blake256 v1.0.0 h1:/8DMNYp9SGi5f0w7uCm6d6M4OU2rGFK09Y2A4Xv7EE0=
github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 h1:YLtO71vCjJRCBcrPMtQ9nqBsqpA1m5sE92cU+pd5Mcc=
github.com/decred/dcrd/crypto/blake256 v1.1.0 h1:zPMNGQCm0g4QTY27fOCorQW7EryeQ/U0x++OzVrdms8=
github.com/decred/dcrd/crypto/blake256 v1.1.0/go.mod h1:2OfgNZ5wDpcsFmHmCK5gZTPcCXqlm2ArzUIkw9czNJo=
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1/go.mod h1:hyedUtir6IdtD/7lIxGeCxkaw7y45JueMRL4DIyJDKs=
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 h1:NMZiJj8QnKe1LgsbDayM4UoHwbvwDRwnI3hwNaAHRnc=
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0/go.mod h1:ZXNYxsqcloTdSy/rNShjYzMhyjf0LaoftYK0p+A3h40=
github.com/decred/dcrd/lru v1.0.0/go.mod h1:mxKOwFd7lFjN2GZYsiz/ecgqR6kkYAl+0pz0tEMk218=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
@@ -41,13 +52,21 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU
github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
github.com/jessevdk/go-flags v0.0.0-20141203071132-1679536dcc89/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
github.com/jrick/logrotate v1.0.0/go.mod h1:LNinyqDIJnpAur+b8yyulnQw/wDuN1+BYKlTRt3OuAQ=
github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
github.com/jung-kurt/gofpdf v1.16.2 h1:jgbatWHfRlPYiK85qgevsZTHviWXKwB1TTiKdz5PtRc=
github.com/jung-kurt/gofpdf v1.16.2/go.mod h1:1hl7y57EsiPAkLbOwzpzqgx1A30nQCk/YmFV8S2vmK0=
github.com/kkdai/bstream v0.0.0-20161212061736-f391b8402d23/go.mod h1:J+Gs4SYgM6CZQHDETBtE9HaSEkGmuNXF86RwHhHUvq4=
github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
@@ -58,19 +77,33 @@ github.com/onsi/gomega v1.4.1/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5
github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
github.com/phpdave11/gofpdi v1.0.7/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w=
github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7/go.mod h1:q4W45IWZaF22tdD+VEXcAWRA037jwmWEB5VWYORlTpc=
golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck=
golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
golang.org/x/image v0.0.0-20190910094157-69e4b8554b2a/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/net v0.0.0-20180719180050-a680a1efc54d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -86,9 +119,8 @@ golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=

220
operations.go
View File

@@ -1,220 +0,0 @@
package opentimestamps
import (
"crypto/sha1"
"crypto/sha256"
"encoding/hex"
"fmt"
"golang.org/x/crypto/ripemd160"
)
const maxResultLength = 4096
type (
unaryMsgOp func(message []byte) ([]byte, error)
binaryMsgOp func(message, argument []byte) ([]byte, error)
)
// msgAppend returns the concatenation of msg and arg
func msgAppend(msg, arg []byte) (res []byte, err error) {
res = append(res, msg...)
res = append(res, arg...)
return
}
// msgPrepend returns the concatenation of arg and msg
func msgPrepend(msg, arg []byte) (res []byte, err error) {
res = append(res, arg...)
res = append(res, msg...)
return
}
// msgReverse returns the reversed msg. Deprecated.
func msgReverse(msg []byte) ([]byte, error) {
if len(msg) == 0 {
return nil, fmt.Errorf("empty input invalid for msgReverse")
}
res := make([]byte, len(msg))
for i, b := range msg {
res[len(res)-i-1] = b
}
return res, nil
}
func msgHexlify(msg []byte) ([]byte, error) {
if len(msg) == 0 {
return nil, fmt.Errorf("empty input invalid for msgHexlify")
}
return []byte(hex.EncodeToString(msg)), nil
}
func msgSHA1(msg []byte) ([]byte, error) {
res := sha1.Sum(msg)
return res[:], nil
}
func msgRIPEMD160(msg []byte) ([]byte, error) {
h := ripemd160.New()
_, err := h.Write(msg)
if err != nil {
return nil, err
}
return h.Sum([]byte{}), nil
}
func msgSHA256(msg []byte) ([]byte, error) {
res := sha256.Sum256(msg)
return res[:], nil
}
type opCode interface {
match(byte) bool
decode(*deserializationContext) (opCode, error)
encode(*serializationContext) error
apply(message []byte) ([]byte, error)
}
type op struct {
tag byte
name string
}
func (o op) match(tag byte) bool {
return o.tag == tag
}
type unaryOp struct {
op
msgOp unaryMsgOp
}
func newUnaryOp(tag byte, name string, msgOp unaryMsgOp) *unaryOp {
return &unaryOp{op{tag: tag, name: name}, msgOp}
}
func (u *unaryOp) String() string {
return u.name
}
func (u *unaryOp) decode(ctx *deserializationContext) (opCode, error) {
ret := *u
return &ret, nil
}
func (u *unaryOp) encode(ctx *serializationContext) error {
return ctx.writeByte(u.tag)
}
func (u *unaryOp) apply(message []byte) ([]byte, error) {
return u.msgOp(message)
}
// Crypto operations
// These are hash ops that define a digest length
type cryptOp struct {
unaryOp
digestLength int
}
func newCryptOp(
tag byte, name string, msgOp unaryMsgOp, digestLength int,
) *cryptOp {
return &cryptOp{
unaryOp: *newUnaryOp(tag, name, msgOp),
digestLength: digestLength,
}
}
func (c *cryptOp) decode(ctx *deserializationContext) (opCode, error) {
u, err := c.unaryOp.decode(ctx)
if err != nil {
return nil, err
}
return &cryptOp{*u.(*unaryOp), c.digestLength}, nil
}
// Binary operations
// We decode an extra varbyte argument and use it in apply()
type binaryOp struct {
op
msgOp binaryMsgOp
argument []byte
}
func newBinaryOp(tag byte, name string, msgOp binaryMsgOp) *binaryOp {
return &binaryOp{
op: op{tag: tag, name: name},
msgOp: msgOp,
argument: nil,
}
}
func (b *binaryOp) decode(ctx *deserializationContext) (opCode, error) {
arg, err := ctx.readVarBytes(0, maxResultLength)
if err != nil {
return nil, err
}
if len(arg) == 0 {
return nil, fmt.Errorf("empty argument invalid for binaryOp")
}
ret := *b
ret.argument = arg
return &ret, nil
}
func (b *binaryOp) encode(ctx *serializationContext) error {
if err := ctx.writeByte(b.tag); err != nil {
return err
}
return ctx.writeVarBytes(b.argument)
}
func (b *binaryOp) apply(message []byte) ([]byte, error) {
return b.msgOp(message, b.argument)
}
func (b *binaryOp) String() string {
return fmt.Sprintf("%s %x", b.name, b.argument)
}
var (
opAppend = newBinaryOp(0xf0, "APPEND", msgAppend)
opPrepend = newBinaryOp(0xf1, "PREPEND", msgPrepend)
opReverse = newUnaryOp(0xf2, "REVERSE", msgReverse)
opHexlify = newUnaryOp(0xf3, "HEXLIFY", msgHexlify)
opSHA1 = newCryptOp(0x02, "SHA1", msgSHA1, 20)
opRIPEMD160 = newCryptOp(0x03, "RIPEMD160", msgRIPEMD160, 20)
opSHA256 = newCryptOp(0x08, "SHA256", msgSHA256, 32)
)
var opCodes []opCode = []opCode{
opAppend, opPrepend, opReverse, opHexlify, opSHA1, opRIPEMD160,
opSHA256,
}
func parseOp(ctx *deserializationContext, tag byte) (opCode, error) {
for _, op := range opCodes {
if op.match(tag) {
return op.decode(ctx)
}
}
return nil, fmt.Errorf("could not decode tag %02x", tag)
}
func parseCryptOp(ctx *deserializationContext) (*cryptOp, error) {
tag, err := ctx.readByte()
if err != nil {
return nil, err
}
op, err := parseOp(ctx, tag)
if err != nil {
return nil, err
}
if cryptOp, ok := op.(*cryptOp); ok {
return cryptOp, nil
} else {
return nil, fmt.Errorf("expected cryptOp, got %#v", op)
}
}

78
operations_test.go
View File

@@ -1,78 +0,0 @@
package opentimestamps
import (
"encoding/hex"
"testing"
"github.com/stretchr/testify/assert"
)
func TestMsgAppend(t *testing.T) {
msg := []byte("123")
res, err := msgAppend(msg, []byte("456"))
assert.NoError(t, err)
assert.Equal(t, "123456", string(res))
// make sure changes to input msg don't affect output
msg[0] = byte('0')
assert.Equal(t, "123456", string(res))
}
func TestMsgPrepend(t *testing.T) {
msg := []byte("123")
res, err := msgPrepend(msg, []byte("abc"))
assert.NoError(t, err)
assert.Equal(t, "abc123", string(res))
// make sure changes to input msg don't affect output
msg[0] = byte('0')
assert.Equal(t, "abc123", string(res))
}
func TestMsgReverse(t *testing.T) {
_, err := msgReverse([]byte{})
assert.Error(t, err)
res, err := msgReverse([]byte{1, 2, 3})
assert.NoError(t, err)
assert.Equal(t, []byte{3, 2, 1}, res)
}
func TestMsgHexlify(t *testing.T) {
_, err := msgHexlify([]byte{})
assert.Error(t, err)
res, err := msgHexlify([]byte{1, 2, 3, 0xff})
assert.NoError(t, err)
assert.Equal(t, []byte("010203ff"), res)
}
func TestMsgSHA1(t *testing.T) {
out, err := msgSHA1([]byte{})
assert.NoError(t, err)
assert.Equal(t,
"da39a3ee5e6b4b0d3255bfef95601890afd80709",
hex.EncodeToString(out),
)
}
func TestMsgSHA256(t *testing.T) {
out, err := msgSHA256([]byte{})
assert.NoError(t, err)
assert.Equal(t,
"e3b0c44298fc1c149afbf4c8996fb924"+
"27ae41e4649b934ca495991b7852b855",
hex.EncodeToString(out),
)
}
func TestRIPEMD160(t *testing.T) {
out, err := msgRIPEMD160([]byte{})
assert.Equal(t,
"9c1185a5c5e9fc54612808977ee8f548b2258d31",
hex.EncodeToString(out),
)
out, err = msgRIPEMD160(out)
assert.NoError(t, err)
assert.Equal(t,
"38bbc57e4cbe8b6a1d2c999ef62503e0a6e58109",
hex.EncodeToString(out),
)
}

28
ots/attestation.go Normal file
View File

@@ -0,0 +1,28 @@
package ots
import "fmt"
type Attestation struct {
BitcoinBlockHeight uint64
CalendarServerURL string
}
func (att Attestation) Name() string {
if att.BitcoinBlockHeight != 0 {
return "bitcoin"
} else if att.CalendarServerURL != "" {
return "pending"
} else {
return "unknown/broken"
}
}
func (att Attestation) Human() string {
if att.BitcoinBlockHeight != 0 {
return fmt.Sprintf("bitcoin(%d)", att.BitcoinBlockHeight)
} else if att.CalendarServerURL != "" {
return fmt.Sprintf("pending(%s)", att.CalendarServerURL)
} else {
return "unknown/broken"
}
}

9
ots/crypto.go Normal file
View File

@@ -0,0 +1,9 @@
package ots
import (
deprecated_ripemd160 "golang.org/x/crypto/ripemd160"
)
func ripemd160(curr []byte, arg []byte) []byte {
return deprecated_ripemd160.New().Sum(curr)
}

222
ots/file.go Normal file
View File

@@ -0,0 +1,222 @@
package ots
import (
"encoding/hex"
"fmt"
"slices"
"strings"
"git.intruders.space/public/opentimestamps/varn"
)
// Header magic bytes
// Designed to be give the user some information in a hexdump, while being identified as 'data' by the file utility.
// \x00OpenTimestamps\x00\x00Proof\x00\xbf\x89\xe2\xe8\x84\xe8\x92\x94
var (
HeaderMagic = []byte{0x00, 0x4f, 0x70, 0x65, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x73, 0x00, 0x00, 0x50, 0x72, 0x6f, 0x6f, 0x66, 0x00, 0xbf, 0x89, 0xe2, 0xe8, 0x84, 0xe8, 0x92, 0x94}
PendingMagic = []byte{0x83, 0xdf, 0xe3, 0x0d, 0x2e, 0xf9, 0x0c, 0x8e}
BitcoinMagic = []byte{0x05, 0x88, 0x96, 0x0d, 0x73, 0xd7, 0x19, 0x01}
)
// A File represents the parsed content of an .ots file: it has an initial digest and
// a series of sequences of instructions. Each sequence must be evaluated separately, applying the operations
// on top of each other, starting with the .Digest until they end on an attestation.
type File struct {
Digest []byte
Sequences []Sequence
}
func (ts File) GetPendingSequences() []Sequence {
bitcoin := ts.GetBitcoinAttestedSequences()
results := make([]Sequence, 0, len(ts.Sequences))
for _, seq := range ts.Sequences {
if len(seq) > 0 && seq[len(seq)-1].Attestation != nil && seq[len(seq)-1].Attestation.CalendarServerURL != "" {
// this is a calendar sequence, fine
// now we check if this same sequence isn't contained in a bigger one that contains a bitcoin attestation
cseq := seq
for _, bseq := range bitcoin {
if len(bseq) < len(cseq) {
continue
}
if slices.EqualFunc(bseq[0:len(cseq)], cseq, func(a, b Instruction) bool { return CompareInstructions(a, b) == 0 }) {
goto thisSequenceIsAlreadyConfirmed
}
}
// sequence not confirmed, so add it to pending result
results = append(results, seq)
thisSequenceIsAlreadyConfirmed:
// skip this
continue
}
}
return results
}
func (ts File) GetBitcoinAttestedSequences() []Sequence {
results := make([]Sequence, 0, len(ts.Sequences))
for _, seq := range ts.Sequences {
if len(seq) > 0 && seq[len(seq)-1].Attestation != nil && seq[len(seq)-1].Attestation.BitcoinBlockHeight > 0 {
results = append(results, seq)
}
}
return results
}
func (ts File) Human(withPartials bool) string {
strs := make([]string, 0, 100)
strs = append(strs, fmt.Sprintf("file digest: %x", ts.Digest))
strs = append(strs, fmt.Sprintf("hashed with: sha256"))
strs = append(strs, "instruction sequences:")
for _, seq := range ts.Sequences {
curr := ts.Digest
strs = append(strs, "~>")
strs = append(strs, " start "+hex.EncodeToString(curr))
for _, inst := range seq {
line := " "
if inst.Operation != nil {
line += inst.Operation.Name
curr = inst.Operation.Apply(curr, inst.Argument)
if inst.Operation.Binary {
line += " " + hex.EncodeToString(inst.Argument)
}
if withPartials {
line += " = " + hex.EncodeToString(curr)
}
} else if inst.Attestation != nil {
line += inst.Attestation.Human()
} else {
panic(fmt.Sprintf("invalid instruction timestamp: %v", inst))
}
strs = append(strs, line)
}
}
return strings.Join(strs, "\n")
}
func (ts File) SerializeToFile() []byte {
data := make([]byte, 0, 5050)
data = append(data, HeaderMagic...)
data = varn.AppendVarUint(data, 1)
data = append(data, 0x08) // sha256
data = append(data, ts.Digest...)
data = append(data, ts.SerializeInstructionSequences()...)
return data
}
func (ts File) SerializeInstructionSequences() []byte {
sequences := make([]Sequence, len(ts.Sequences))
copy(sequences, ts.Sequences)
// first we sort everything so the checkpoint stuff makes sense
slices.SortFunc(sequences, func(a, b Sequence) int { return slices.CompareFunc(a, b, CompareInstructions) })
// checkpoints we may leave to the next people
sequenceCheckpoints := make([][]int, len(sequences))
for s1 := range sequences {
// keep an ordered slice of all the checkpoints we will potentially leave during our write journey for this sequence
checkpoints := make([]int, 0, len(sequences[s1]))
for s2 := s1 + 1; s2 < len(sequences); s2++ {
chp := GetCommonPrefixIndex(sequences[s1], sequences[s2])
if pos, found := slices.BinarySearch(checkpoints, chp); !found {
checkpoints = append(checkpoints, -1) // make room
copy(checkpoints[pos+1:], checkpoints[pos:]) // move elements to the right
checkpoints[pos] = chp // insert this
}
}
sequenceCheckpoints[s1] = checkpoints
}
// now actually go through the sequences writing them
result := make([]byte, 0, 500)
for s, seq := range sequences {
startingAt := 0
if s > 0 {
// we will always start at the last checkpoint left by the previous sequence
startingAt = sequenceCheckpoints[s-1][len(sequenceCheckpoints[s-1])-1]
}
for i := startingAt; i < len(seq); i++ {
// before writing anything, decide if we wanna leave a checkpoint here
for _, chk := range sequenceCheckpoints[s] {
if chk == i {
// leave a checkpoint
result = append(result, 0xff)
}
}
inst := seq[i]
if inst.Operation != nil {
// write normal operation
result = append(result, inst.Operation.Tag)
if inst.Operation.Binary {
result = varn.AppendVarBytes(result, inst.Argument)
}
} else if inst.Attestation != nil {
// write attestation record
result = append(result, 0x00)
{
// will use a new buffer for the actual attestation result
abuf := make([]byte, 0, 100)
if inst.BitcoinBlockHeight != 0 {
result = append(result, BitcoinMagic...) // this goes in the main result buffer
abuf = varn.AppendVarUint(abuf, inst.BitcoinBlockHeight)
} else if inst.CalendarServerURL != "" {
result = append(result, PendingMagic...) // this goes in the main result buffer
abuf = varn.AppendVarBytes(abuf, []byte(inst.CalendarServerURL))
} else {
panic(fmt.Sprintf("invalid attestation: %v", inst))
}
result = varn.AppendVarBytes(result, abuf) // we append that result as varbytes
}
} else {
panic(fmt.Sprintf("invalid instruction: %v", inst))
}
}
}
return result
}
func ParseOTSFile(buf varn.Buffer) (*File, error) {
// read magic
// read version [1 byte]
// read crypto operation for file digest [1 byte]
// read file digest [32 byte (depends)]
if magic, err := buf.ReadBytes(len(HeaderMagic)); err != nil || !slices.Equal(HeaderMagic, magic) {
return nil, fmt.Errorf("invalid ots file header '%s': %w", magic, err)
}
if version, err := buf.ReadVarUint(); err != nil || version != 1 {
return nil, fmt.Errorf("invalid ots file version '%v': %w", version, err)
}
tag, err := buf.ReadByte()
if err != nil {
return nil, fmt.Errorf("failed to read operation byte: %w", err)
}
if op, err := ReadInstruction(buf, tag); err != nil || op.Operation.Name != "sha256" {
return nil, fmt.Errorf("invalid crypto operation '%v', only sha256 supported: %w", op, err)
}
// if we got here assume the digest is sha256
digest, err := buf.ReadBytes(32)
if err != nil {
return nil, fmt.Errorf("failed to read 32-byte digest: %w", err)
}
ts := &File{
Digest: digest,
}
if seqs, err := ParseTimestamp(buf); err != nil {
return nil, err
} else {
ts.Sequences = seqs
}
return ts, nil
}

94
ots/instruction.go Normal file
View File

@@ -0,0 +1,94 @@
package ots
import (
"fmt"
"slices"
"strings"
"git.intruders.space/public/opentimestamps/varn"
)
// a Instruction can be an operation like "append" or "prepend" (this will be the case when .Operation != nil)
// or an attestation (when .Attestation != nil).
// It will have a non-nil .Argument whenever the operation requires an argument.
type Instruction struct {
*Operation
Argument []byte
*Attestation
}
func GetCommonPrefixIndex(s1 []Instruction, s2 []Instruction) int {
n := min(len(s1), len(s2))
for i := 0; i < n; i++ {
if CompareInstructions(s1[i], s2[i]) != 0 {
return i
}
}
return n
}
// CompareInstructions returns negative if a<b, 0 if a=b and positive if a>b.
// It considers an operation smaller than an attestation, a pending attestation smaller than a Bitcoin attestation.
// It orders operations by their tag byte and then by their argument.
func CompareInstructions(a, b Instruction) int {
if a.Operation != nil {
if b.Attestation != nil {
// a is an operation but b is an attestation, a is bigger
return +1
}
if a.Operation == b.Operation {
// if both are the same operation sort by the argument
return slices.Compare(a.Argument, b.Argument)
}
// sort by the operation
if a.Operation.Tag < b.Operation.Tag {
return -1
} else if a.Operation.Tag > b.Operation.Tag {
return 1
} else {
return 0
}
} else if a.Attestation != nil && b.Attestation == nil {
// a is an attestation but b is not, b is bigger
return -1
} else if a.Attestation != nil && b.Attestation != nil {
// both are attestations
if a.Attestation.BitcoinBlockHeight == 0 && b.Attestation.BitcoinBlockHeight == 0 {
// none are bitcoin attestations
return strings.Compare(a.Attestation.CalendarServerURL, b.Attestation.CalendarServerURL)
}
if a.Attestation.BitcoinBlockHeight != 0 && b.Attestation.BitcoinBlockHeight != 0 {
// both are bitcoin attestations
return int(b.Attestation.BitcoinBlockHeight - a.Attestation.BitcoinBlockHeight)
}
// one is bitcoin and the other is not -- compare by bitcoin block,
// but reverse the result since the one with 0 should not be considered bigger
return -1 * int(b.Attestation.BitcoinBlockHeight-a.Attestation.BitcoinBlockHeight)
} else {
// this shouldn't happen
return 0
}
}
func ReadInstruction(buf varn.Buffer, tag byte) (*Instruction, error) {
op, ok := Tags[tag]
if !ok {
return nil, fmt.Errorf("unknown tag %v", tag)
}
inst := Instruction{
Operation: op,
}
if op.Binary {
val, err := buf.ReadVarBytes()
if err != nil {
return nil, fmt.Errorf("error reading argument: %w", err)
}
inst.Argument = val
}
return &inst, nil
}

34
ots/operation.go Normal file
View File

@@ -0,0 +1,34 @@
package ots
import "crypto/sha256"
type Operation struct {
Name string
Tag byte
Binary bool // it's an operation that takes one argument, otherwise takes none
Apply func(curr []byte, arg []byte) []byte
}
var Tags = map[byte]*Operation{
0xf0: {"append", 0xf0, true, func(curr []byte, arg []byte) []byte {
result := make([]byte, len(curr)+len(arg))
copy(result[0:], curr)
copy(result[len(curr):], arg)
return result
}},
0xf1: {"prepend", 0xf1, true, func(curr []byte, arg []byte) []byte {
result := make([]byte, len(curr)+len(arg))
copy(result[0:], arg)
copy(result[len(arg):], curr)
return result
}},
0xf2: {"reverse", 0xf2, false, func(curr []byte, arg []byte) []byte { panic("reverse not implemented") }},
0xf3: {"hexlify", 0xf3, false, func(curr []byte, arg []byte) []byte { panic("hexlify not implemented") }},
0x02: {"sha1", 0x02, false, func(curr []byte, arg []byte) []byte { panic("sha1 not implemented") }},
0x03: {"ripemd160", 0x03, false, ripemd160},
0x08: {"sha256", 0x08, false, func(curr []byte, arg []byte) []byte {
v := sha256.Sum256(curr)
return v[:]
}},
0x67: {"keccak256", 0x67, false, func(curr []byte, arg []byte) []byte { panic("keccak256 not implemented") }},
}

176
ots/sequence.go Normal file
View File

@@ -0,0 +1,176 @@
package ots
import (
"bytes"
"fmt"
"io"
"slices"
"git.intruders.space/public/opentimestamps/varn"
"git.intruders.space/public/opentimestamps/verifyer"
"github.com/btcsuite/btcd/wire"
)
type Sequence []Instruction
func (seq Sequence) GetAttestation() Attestation {
if len(seq) == 0 {
return Attestation{}
}
att := seq[len(seq)-1]
if att.Attestation == nil {
return Attestation{}
}
return *att.Attestation
}
// Compute runs a sequence of operations on top of an initial digest and returns the result, which is often a
// Bitcoin block merkle root. It also tries to identify the point in the sequence in which an actual Bitcoin
// transaction is formed and parse that.
func (seq Sequence) Compute(initial []byte) (merkleRoot []byte, bitcoinTx *wire.MsgTx) {
current := initial
for i, inst := range seq {
if inst.Operation == nil {
break
}
// the first time we do a double-sha256 that is likely a bitcoin transaction
if bitcoinTx == nil &&
inst.Operation.Name == "sha256" &&
len(seq) > i+1 && seq[i+1].Operation != nil &&
seq[i+1].Operation.Name == "sha256" {
tx := &wire.MsgTx{}
tx.Deserialize(bytes.NewReader(current))
bitcoinTx = tx
}
current = inst.Operation.Apply(current, inst.Argument)
}
return current, bitcoinTx
}
// Verify validates sequence of operations that starts with digest and ends on a Bitcoin attestation against
// an actual Bitcoin block, as given by the provided Bitcoin interface.
func (seq Sequence) Verify(bitcoin verifyer.Bitcoin, digest []byte) (*wire.MsgTx, error) {
if len(seq) == 0 {
return nil, fmt.Errorf("empty sequence")
}
att := seq[len(seq)-1]
if att.Attestation == nil || att.BitcoinBlockHeight == 0 {
return nil, fmt.Errorf("sequence doesn't include a bitcoin attestation")
}
blockHash, err := bitcoin.GetBlockHash(int64(att.BitcoinBlockHeight))
if err != nil {
return nil, fmt.Errorf("failed to get block %d hash: %w", att.BitcoinBlockHeight, err)
}
blockHeader, err := bitcoin.GetBlockHeader(blockHash)
if err != nil {
return nil, fmt.Errorf("failed to get block %s header: %w", blockHash, err)
}
merkleRoot := blockHeader.MerkleRoot[:]
result, tx := seq.Compute(digest)
if !bytes.Equal(result, merkleRoot) {
return nil, fmt.Errorf("sequence result '%x' doesn't match the bitcoin merkle root for block %d: %x",
result, att.BitcoinBlockHeight, merkleRoot)
}
return tx, nil
}
func ParseTimestamp(buf varn.Buffer) ([]Sequence, error) {
// read instructions
// if operation = push
// if 0x00 = attestation
// read tag [8 bytes]
// readvarbytes
// interpret these depending on the type of attestation
// if bitcoin: readvaruint as the block height
// if pending from calendar: readvarbytes as the utf-8 calendar url
// end or go back to last continuation byte
// if 0xff = pick up a continuation byte (checkpoint) and add it to stack
currInstructionsBlock := 0
seqs := make([]Sequence, 0, 10)
// we will store checkpoints here
checkpoints := make([][]Instruction, 0, 4)
// start first instruction block
seqs = append(seqs, make([]Instruction, 0, 30))
// go read these tags
for {
tag, err := buf.ReadByte()
if err != nil {
if err == io.EOF {
return seqs, nil
}
return nil, fmt.Errorf("failed to read operation byte: %w", err)
}
if tag == 0x00 {
// enter an attestation context
magic, err := buf.ReadBytes(8)
if err != nil {
return nil, fmt.Errorf("failed to read attestion magic bytes: %w", err)
}
this, err := buf.ReadVarBytes()
if err != nil {
return nil, fmt.Errorf("failed to read attestation bytes: %w", err)
}
abuf := varn.NewBuffer(this)
switch {
case slices.Equal(magic, PendingMagic):
val, err := abuf.ReadVarBytes()
if err != nil {
return nil, fmt.Errorf("failed reading calendar server url: %w", err)
}
seqs[currInstructionsBlock] = append(
seqs[currInstructionsBlock],
Instruction{Attestation: &Attestation{CalendarServerURL: string(val)}},
)
case slices.Equal(magic, BitcoinMagic):
val, err := abuf.ReadVarUint()
if err != nil {
return nil, fmt.Errorf("failed reading bitcoin block number: %w", err)
}
seqs[currInstructionsBlock] = append(
seqs[currInstructionsBlock],
Instruction{Attestation: &Attestation{BitcoinBlockHeight: val}},
)
default:
return nil, fmt.Errorf("unsupported attestation type '%x': %x", magic, this)
}
// check if we have checkpoints and, if yes, copy them in a new block of instructions
ncheckpoints := len(checkpoints)
if ncheckpoints > 0 {
// use this checkpoint as the starting point for the next block
chp := checkpoints[ncheckpoints-1]
checkpoints = checkpoints[0 : ncheckpoints-1] // remove this from the stack
seqs = append(seqs, chp)
currInstructionsBlock++
}
} else if tag == 0xff {
// pick up a checkpoint to be used later
currentBlock := seqs[currInstructionsBlock]
chp := make([]Instruction, len(currentBlock))
copy(chp, currentBlock)
checkpoints = append(checkpoints, chp)
} else {
// a new operation in this block
inst, err := ReadInstruction(buf, tag)
if err != nil {
return nil, fmt.Errorf("failed to read instruction: %w", err)
}
seqs[currInstructionsBlock] = append(seqs[currInstructionsBlock], *inst)
}
}
}

343
pdf/certificate.go Normal file
View File

@@ -0,0 +1,343 @@
package pdf
import (
"bytes"
"crypto/sha256"
"encoding/hex"
"fmt"
"io"
"os"
"path/filepath"
"strings"
"time"
"git.intruders.space/public/opentimestamps/ots"
"git.intruders.space/public/opentimestamps/verifyer"
"github.com/jung-kurt/gofpdf"
)
// CertificateOptions contains options for generating a PDF certificate
type CertificateOptions struct {
// Title for the PDF document
Title string
// Additional comment to include in the certificate
Comment string
// Whether to include the original file content in the PDF (for text files only)
IncludeContent bool
// URL of Esplora API for fetching block information
EsploraURL string
}
// DefaultOptions returns the default certificate options
func DefaultOptions() CertificateOptions {
return CertificateOptions{
Title: "OpenTimestamps Certificate",
Comment: "",
IncludeContent: false,
EsploraURL: "https://blockstream.info/api",
}
}
// GenerateCertificate generates a PDF certificate for an OpenTimestamps timestamp
// It returns a bytes.Buffer containing the PDF data
func GenerateCertificate(
filename string,
fileData []byte,
timestampFile *ots.File,
options CertificateOptions,
) (*bytes.Buffer, error) {
// Compute the file digest
fileDigest := sha256.Sum256(fileData)
// Extract Bitcoin attestations
bitcoinSeqs := timestampFile.GetBitcoinAttestedSequences()
// Create Bitcoin interface for block time lookup
bitcoin := verifyer.NewEsploraClient(options.EsploraURL, 30*time.Second)
// Create a buffer to store the PDF
var buf bytes.Buffer
// Generate the PDF into the buffer
err := generateVerificationPDF(
&buf,
filename,
fileData,
fileDigest[:],
timestampFile,
bitcoinSeqs,
bitcoin,
options,
)
if err != nil {
return nil, err
}
return &buf, nil
}
// WriteToFile writes the certificate buffer to a file
func WriteToFile(buf *bytes.Buffer, outputPath string) error {
return os.WriteFile(outputPath, buf.Bytes(), 0644)
}
func generateVerificationPDF(
output io.Writer,
filePath string,
fileData []byte,
fileDigest []byte,
timestamp *ots.File,
bitcoinSeqs []ots.Sequence,
bitcoin verifyer.Bitcoin,
options CertificateOptions,
) error {
// Create a new PDF
pdf := gofpdf.New("P", "mm", "A4", "")
pdf.SetTitle(options.Title, true)
pdf.SetAuthor("OpenTimestamps", true)
pdf.SetCreator("OpenTimestamps CLI", true)
// Set margins
pdf.SetMargins(25, 25, 25)
pdf.SetAutoPageBreak(true, 25)
// Add first page - Certificate
pdf.AddPage()
// Title
pdf.SetFont("Helvetica", "B", 24)
pdf.CellFormat(0, 12, options.Title, "", 1, "C", false, 0, "")
pdf.Ln(10)
// Timestamp information section
pdf.SetFont("Helvetica", "B", 18)
pdf.CellFormat(0, 10, "Timestamp Information", "", 1, "L", false, 0, "")
pdf.Ln(5)
pdf.SetFont("Helvetica", "B", 12)
pdf.CellFormat(0, 8, "Filename:", "", 1, "L", false, 0, "")
pdf.SetFont("Helvetica", "", 12)
pdf.CellFormat(0, 8, filepath.Base(filePath), "", 1, "L", false, 0, "")
pdf.Ln(2)
// Timestamp date
pdf.SetFont("Helvetica", "B", 12)
if len(bitcoinSeqs) > 0 {
// Find the earliest Bitcoin attestation
var earliestHeight uint64
var earliestBlockTime time.Time
for _, seq := range bitcoinSeqs {
att := seq.GetAttestation()
if earliestHeight == 0 || att.BitcoinBlockHeight < earliestHeight {
earliestHeight = att.BitcoinBlockHeight
// Fetch the block time from the blockchain
blockHash, err := bitcoin.GetBlockHash(int64(att.BitcoinBlockHeight))
if err == nil {
blockHeader, err := bitcoin.GetBlockHeader(blockHash)
if err == nil {
earliestBlockTime = time.Unix(int64(blockHeader.Timestamp.Unix()), 0)
}
}
}
}
// Show Bitcoin timestamp
pdf.CellFormat(0, 8, "Timestamp Created:", "", 1, "L", false, 0, "")
pdf.SetFont("Helvetica", "", 12)
if !earliestBlockTime.IsZero() {
// If we successfully retrieved the block time, display it
pdf.CellFormat(0, 8, fmt.Sprintf("Bitcoin Block #%d (%s)",
earliestHeight, earliestBlockTime.Format("Jan 02, 2006 15:04:05 UTC")),
"", 1, "L", false, 0, "")
} else {
// Fallback to just showing the block height
pdf.CellFormat(0, 8, fmt.Sprintf("Bitcoin Block #%d", earliestHeight), "", 1, "L", false, 0, "")
}
} else {
// Pending attestation
pdf.CellFormat(0, 8, "Status:", "", 1, "L", false, 0, "")
pdf.SetFont("Helvetica", "", 12)
pdf.CellFormat(0, 8, "Pending confirmation in the Bitcoin blockchain", "", 1, "L", false, 0, "")
}
pdf.Ln(2)
// File hash
pdf.SetFont("Helvetica", "B", 12)
pdf.CellFormat(0, 8, "File SHA-256 Digest:", "", 1, "L", false, 0, "")
pdf.SetFont("Courier", "", 10)
pdf.CellFormat(0, 8, hex.EncodeToString(fileDigest), "", 1, "L", false, 0, "")
pdf.Ln(5)
// Include comment if provided
if options.Comment != "" {
pdf.SetFont("Helvetica", "B", 12)
pdf.CellFormat(0, 8, "Comment:", "", 1, "L", false, 0, "")
pdf.SetFont("Helvetica", "", 12)
pdf.MultiCell(0, 8, options.Comment, "", "L", false)
pdf.Ln(5)
}
// Include file content if requested and looks like text
if options.IncludeContent && isTextFile(fileData) && len(fileData) < 5000 {
pdf.SetFont("Helvetica", "B", 12)
pdf.CellFormat(0, 8, "File Content:", "", 1, "L", false, 0, "")
pdf.SetFont("Courier", "", 10)
content := string(fileData)
content = strings.ReplaceAll(content, "\r\n", "\n")
pdf.MultiCell(0, 5, content, "", "L", false)
pdf.Ln(5)
}
// Add Bitcoin transaction information for each attestation
if len(bitcoinSeqs) > 0 {
pdf.SetFont("Helvetica", "B", 18)
pdf.CellFormat(0, 10, "Bitcoin Attestations", "", 1, "L", false, 0, "")
pdf.Ln(5)
for i, seq := range bitcoinSeqs {
att := seq.GetAttestation()
pdf.SetFont("Helvetica", "B", 14)
pdf.CellFormat(0, 8, fmt.Sprintf("Attestation #%d", i+1), "", 1, "L", false, 0, "")
pdf.Ln(2)
// Get block details
blockHash, err := bitcoin.GetBlockHash(int64(att.BitcoinBlockHeight))
blockTime := "Unknown"
if err == nil {
blockHeader, err := bitcoin.GetBlockHeader(blockHash)
if err == nil {
blockTime = blockHeader.Timestamp.Format("Jan 02, 2006 15:04:05 UTC")
}
}
pdf.SetFont("Helvetica", "B", 12)
pdf.CellFormat(0, 8, "Bitcoin Block Height:", "", 1, "L", false, 0, "")
pdf.SetFont("Helvetica", "", 12)
pdf.CellFormat(0, 8, fmt.Sprintf("%d", att.BitcoinBlockHeight), "", 1, "L", false, 0, "")
pdf.SetFont("Helvetica", "B", 12)
pdf.CellFormat(0, 8, "Block Time:", "", 1, "L", false, 0, "")
pdf.SetFont("Helvetica", "", 12)
pdf.CellFormat(0, 8, blockTime, "", 1, "L", false, 0, "")
pdf.SetFont("Helvetica", "B", 12)
pdf.CellFormat(0, 8, "Block Hash:", "", 1, "L", false, 0, "")
pdf.SetFont("Courier", "", 10)
if blockHash != nil {
pdf.CellFormat(0, 8, blockHash.String(), "", 1, "L", false, 0, "")
} else {
pdf.CellFormat(0, 8, "Unable to retrieve", "", 1, "L", false, 0, "")
}
// Show operations sequence
pdf.SetFont("Helvetica", "B", 12)
pdf.CellFormat(0, 8, "Verification Operations:", "", 1, "L", false, 0, "")
pdf.SetFont("Courier", "", 10)
// Format the operations
var operationsText string
merkleRoot, _ := seq.Compute(timestamp.Digest)
operationsText += fmt.Sprintf("Starting with digest: %s\n", hex.EncodeToString(timestamp.Digest))
for j, inst := range seq {
if inst.Operation != nil {
if inst.Operation.Binary {
operationsText += fmt.Sprintf("%d. %s %s\n", j+1, inst.Operation.Name, hex.EncodeToString(inst.Argument))
} else {
operationsText += fmt.Sprintf("%d. %s\n", j+1, inst.Operation.Name)
}
}
}
operationsText += fmt.Sprintf("\nResulting merkle root: %s\n", hex.EncodeToString(merkleRoot))
pdf.MultiCell(0, 5, operationsText, "", "L", false)
pdf.Ln(5)
}
}
// Add second page - Verification Instructions
pdf.AddPage()
pdf.SetFont("Helvetica", "B", 18)
pdf.CellFormat(0, 10, "Verification Instructions", "", 1, "L", false, 0, "")
pdf.Ln(5)
// Instructions
addVerificationInstructions(pdf)
// Save the PDF to the writer
return pdf.Output(output)
}
func addVerificationInstructions(pdf *gofpdf.Fpdf) {
pdf.SetFont("Helvetica", "B", 14)
pdf.CellFormat(0, 8, "1. Compute the SHA-256 digest of your file", "", 1, "L", false, 0, "")
pdf.SetFont("Helvetica", "", 12)
pdf.MultiCell(0, 6, `To verify this timestamp, first compute the SHA-256 digest of your original file. You can use various tools for this:
- On Linux/macOS: Use the command "shasum -a 256 filename"
- On Windows: Use tools like PowerShell's "Get-FileHash" or third-party tools
- Online: Various websites can calculate file hashes, but only use trusted sources for sensitive files
Verify that the digest matches the one shown in this certificate.`, "", "L", false)
pdf.Ln(5)
pdf.SetFont("Helvetica", "B", 14)
pdf.CellFormat(0, 8, "2. Verify the operations sequence", "", 1, "L", false, 0, "")
pdf.SetFont("Helvetica", "", 12)
pdf.MultiCell(0, 6, `The operations sequence shown in this certificate transforms the file digest into a value that was stored in the Bitcoin blockchain. To verify manually:
- Start with the file's SHA-256 digest
- Apply each operation in sequence as shown in the certificate
- For "append" operations, add the shown bytes to the end of the current value
- For "prepend" operations, add the shown bytes to the beginning of the current value
- For "sha256" operations, compute the SHA-256 hash of the current value
- The final result should match the merkle root shown in the certificate`, "", "L", false)
pdf.Ln(5)
pdf.SetFont("Helvetica", "B", 14)
pdf.CellFormat(0, 8, "3. Verify the Bitcoin attestation", "", 1, "L", false, 0, "")
pdf.SetFont("Helvetica", "", 12)
pdf.MultiCell(0, 6, `For full verification, check that the merkle root was recorded in the Bitcoin blockchain:
- Find the Bitcoin block at the height shown in the certificate
- The block's merkle root or transaction should contain the computed value
- You can use block explorers like blockstream.info or blockchain.com
- The timestamp is confirmed when the merkle root appears in the blockchain`, "", "L", false)
pdf.Ln(5)
pdf.SetFont("Helvetica", "B", 14)
pdf.CellFormat(0, 8, "4. Use the OpenTimestamps verifier", "", 1, "L", false, 0, "")
pdf.SetFont("Helvetica", "", 12)
pdf.MultiCell(0, 6, `For easier verification, use the OpenTimestamps verification tools:
- Command line: Use "ots verify <file> <file.ots>"
- Online: Visit https://opentimestamps.org and upload your file and .ots timestamp
- The tools will perform all verification steps automatically`, "", "L", false)
// Add footer with generation time
pdf.Ln(10)
pdf.SetFont("Helvetica", "I", 10)
pdf.CellFormat(0, 6, fmt.Sprintf("Certificate generated at: %s", time.Now().Format(time.RFC3339)), "", 1, "C", false, 0, "")
pdf.CellFormat(0, 6, "OpenTimestamps - https://opentimestamps.org", "", 1, "C", false, 0, "")
}
// isTextFile tries to determine if a file is likely to be text
func isTextFile(data []byte) bool {
// Simple heuristic: if the file doesn't contain too many non-printable characters,
// it's probably text
nonPrintable := 0
for _, b := range data {
if (b < 32 || b > 126) && b != 9 && b != 10 && b != 13 {
nonPrintable++
}
}
// Allow up to 1% non-printable characters
return nonPrintable <= len(data)/100
}

146
remote_calendar.go
View File

@@ -1,146 +0,0 @@
package opentimestamps
import (
"bytes"
"encoding/hex"
"fmt"
"io/ioutil"
"net/http"
"net/http/httputil"
"strings"
"github.com/sirupsen/logrus"
)
const userAgent = "go-opentimestamps"
const dumpResponse = false
type RemoteCalendar struct {
baseURL string
client *http.Client
log *logrus.Logger
}
func NewRemoteCalendar(baseURL string) (*RemoteCalendar, error) {
// FIXME remove this
if baseURL == "localhost" {
baseURL = "http://localhost:14788"
}
// TODO validate url
if !strings.HasSuffix(baseURL, "/") {
baseURL += "/"
}
return &RemoteCalendar{
baseURL,
http.DefaultClient,
logrus.New(),
}, nil
}
// Check response status, return informational error message if
// status is not `200 OK`.
func checkStatusOK(resp *http.Response) error {
if resp.StatusCode == http.StatusOK {
return nil
}
errMsg := fmt.Sprintf("unexpected response: %q", resp.Status)
if resp.Body == nil {
return fmt.Errorf("%s (body=nil)", errMsg)
}
defer resp.Body.Close()
bodyBytes, err := ioutil.ReadAll(resp.Body)
if err != nil {
return fmt.Errorf("%s (bodyErr=%v)", errMsg, err)
} else {
return fmt.Errorf("%s (body=%q)", errMsg, bodyBytes)
}
}
func (c *RemoteCalendar) do(r *http.Request) (*http.Response, error) {
r.Header.Add("Accept", "application/vnd.opentimestamps.v1")
r.Header.Add("User-Agent", userAgent)
c.log.Debugf("> %s %s", r.Method, r.URL)
resp, err := c.client.Do(r)
if err != nil {
c.log.Errorf("> %s %s error: %v", r.Method, r.URL, err)
return resp, err
}
c.log.Debugf("< %s %s - %v", r.Method, r.URL, resp.Status)
if dumpResponse {
bytes, err := httputil.DumpResponse(resp, true)
if err == nil {
c.log.Debugf("response dump:%s ", bytes)
}
}
return resp, err
}
func (c *RemoteCalendar) url(path string) string {
return c.baseURL + path
}
func (c *RemoteCalendar) Submit(digest []byte) (*Timestamp, error) {
body := bytes.NewBuffer(digest)
req, err := http.NewRequest("POST", c.url("digest"), body)
if err != nil {
return nil, err
}
resp, err := c.do(req)
if err != nil {
return nil, err
}
if resp.Body != nil {
defer resp.Body.Close()
}
if resp.StatusCode != http.StatusOK {
return nil, fmt.Errorf("expected 200, got %v", resp.Status)
}
return NewTimestampFromReader(resp.Body, digest)
}
func (c *RemoteCalendar) GetTimestamp(commitment []byte) (*Timestamp, error) {
url := c.url("timestamp/" + hex.EncodeToString(commitment))
req, err := http.NewRequest("GET", url, nil)
if err != nil {
return nil, err
}
resp, err := c.do(req)
if err != nil {
return nil, err
}
if err := checkStatusOK(resp); err != nil {
return nil, err
}
if resp.Body != nil {
defer resp.Body.Close()
}
return NewTimestampFromReader(resp.Body, commitment)
}
type PendingTimestamp struct {
Timestamp *Timestamp
PendingAttestation *pendingAttestation
}
func (p PendingTimestamp) Upgrade() (*Timestamp, error) {
cal, err := NewRemoteCalendar(p.PendingAttestation.uri)
if err != nil {
return nil, err
}
return cal.GetTimestamp(p.Timestamp.Message)
}
func PendingTimestamps(ts *Timestamp) (res []PendingTimestamp) {
ts.Walk(func(ts *Timestamp) {
for _, att := range ts.Attestations {
p, ok := att.(*pendingAttestation)
if !ok {
continue
}
attCopy := *p
res = append(res, PendingTimestamp{ts, &attCopy})
}
})
return
}

71
remote_calendar_test.go
View File

@@ -1,71 +0,0 @@
package opentimestamps
import (
"crypto/sha256"
"fmt"
"os"
"testing"
"time"
"github.com/sirupsen/logrus"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
const (
calendarServerEnvvar = "GOTS_TEST_CALENDAR_SERVER"
bitcoinRegtestEnvvar = "GOTS_TEST_BITCOIN_REGTEST_SERVER"
)
func newTestCalendar(url string) *RemoteCalendar {
logrus.SetLevel(logrus.DebugLevel)
cal, err := NewRemoteCalendar(url)
if err != nil {
panic("could not create test calendar")
}
cal.log.Level = logrus.DebugLevel
return cal
}
func newTestDigest(in string) []byte {
hash := sha256.Sum256([]byte(in))
return hash[:]
}
func TestRemoteCalendarExample(t *testing.T) {
dts, err := NewDetachedTimestampFromPath(
"./examples/two-calendars.txt.ots",
)
require.NoError(t, err)
pts := PendingTimestamps(dts.Timestamp)
assert.Equal(t, 2, len(pts))
for _, pt := range pts {
ts, err := pt.Upgrade()
assert.NoError(t, err)
fmt.Print(ts.Dump())
}
}
func TestRemoteCalendarRoundTrip(t *testing.T) {
calendarServer := os.Getenv(calendarServerEnvvar)
if calendarServer == "" {
t.Skipf("%q not set, skipping test", calendarServerEnvvar)
}
cal := newTestCalendar(calendarServer)
ts, err := cal.Submit(newTestDigest("Hello, World!"))
require.NoError(t, err)
require.NotNil(t, ts)
// TODO call rpcclient generateblock 100
// FIXME possible opentimestamps-server bug?
// wait until attestation has been aggregated
time.Sleep(2 * time.Second)
for _, pts := range PendingTimestamps(ts) {
ts, err := pts.Upgrade()
assert.NoError(t, err)
_ = ts
}
}

206
serialize.go
View File

@@ -1,206 +0,0 @@
package opentimestamps
import (
"bufio"
"bytes"
"fmt"
"io"
"math"
)
// serializationContext helps encoding values in the ots format
type serializationContext struct {
w io.Writer
}
// newSerializationContext returns a serializationContext for a writer
func newSerializationContext(w io.Writer) *serializationContext {
return &serializationContext{w}
}
// writeBytes writes the raw bytes to the underlying writer
func (s serializationContext) writeBytes(b []byte) error {
// number of bytes can be ignored
// if it is equal len(b) then err is nil
_, err := s.w.Write(b)
if err != nil {
return err
}
return nil
}
// writeByte writes a single byte
func (s serializationContext) writeByte(b byte) error {
return s.writeBytes([]byte{b})
}
// writeBool encodes and writes a boolean value
func (s serializationContext) writeBool(b bool) error {
if b {
return s.writeByte(0xff)
} else {
return s.writeByte(0x00)
}
}
// writeVarUint encodes and writes writes a variable-length integer
func (s serializationContext) writeVarUint(v uint64) error {
if v == 0 {
s.writeByte(0x00)
}
for v > 0 {
b := byte(v & 0x7f)
if v > uint64(0x7f) {
b |= 0x80
}
if err := s.writeByte(b); err != nil {
return err
}
if v <= 0x7f {
break
}
v >>= 7
}
return nil
}
// writeVarBytes encodes and writes a variable-length array
func (s serializationContext) writeVarBytes(arr []byte) error {
if err := s.writeVarUint(uint64(len(arr))); err != nil {
return err
}
return s.writeBytes(arr)
}
// deserializationContext helps decoding values from the ots format
type deserializationContext struct {
r io.Reader
}
// safety boundary for readBytes
// allocation limit for arrays
const maxReadSize = (1 << 12)
func (d deserializationContext) dump() string {
arr, _ := d.r.(*bufio.Reader).Peek(512)
return fmt.Sprintf("% x", arr)
}
// readBytes reads n bytes.
func (d deserializationContext) readBytes(n int) ([]byte, error) {
if n > maxReadSize {
return nil, fmt.Errorf("over maxReadSize: %d", maxReadSize)
}
b := make([]byte, n)
m, err := d.r.Read(b)
if err != nil {
return b, err
}
if n != m {
return b, fmt.Errorf("expected %d bytes, got %d", n, m)
}
return b[:], nil
}
// readByte reads a single byte.
func (d deserializationContext) readByte() (byte, error) {
arr, err := d.readBytes(1)
if err != nil {
return 0, err
}
return arr[0], nil
}
// readBool reads a boolean.
func (d deserializationContext) readBool() (bool, error) {
arr, err := d.readBytes(1)
if err != nil {
return false, err
}
switch v := arr[0]; v {
case 0x00:
return false, nil
case 0xff:
return true, nil
default:
return false, fmt.Errorf("unexpected value %x", v)
}
}
// readVarUint reads a variable-length uint64.
func (d deserializationContext) readVarUint() (uint64, error) {
// NOTE
// the original python implementation has no uint64 limit, but I
// don't think we'll ever need more that that.
val := uint64(0)
shift := uint(0)
for {
b, err := d.readByte()
if err != nil {
return 0, err
}
shifted := uint64(b&0x7f) << shift
// ghetto overflow check
if (shifted >> shift) != uint64(b&0x7f) {
return 0, fmt.Errorf("uint64 overflow")
}
val |= shifted
if b&0x80 == 0 {
return val, nil
}
shift += 7
}
}
// readVarBytes reads variable-length number of bytes.
func (d deserializationContext) readVarBytes(minLen, maxLen int) ([]byte, error) {
v, err := d.readVarUint()
if err != nil {
return nil, err
}
if v > math.MaxInt32 {
return nil, fmt.Errorf("int overflow")
}
vint := int(v)
if maxLen < vint || vint < minLen {
return nil, fmt.Errorf(
"varbytes length %d outside range (%d, %d)",
vint, minLen, maxLen,
)
}
return d.readBytes(vint)
}
// assertMagic removes reads the expected bytes from the stream. Returns an
// error if the bytes are unexpected.
func (d deserializationContext) assertMagic(expected []byte) error {
arr, err := d.readBytes(len(expected))
if err != nil {
return err
}
if !bytes.Equal(expected, arr) {
return fmt.Errorf(
"magic bytes mismatch, expected % x got % x",
expected, arr,
)
}
return nil
}
// assertEOF reads a byte and returns true if the end of the reader is reached.
// Careful: the read operation is a side-effect.
func (d deserializationContext) assertEOF() bool {
// Unfortunately we can't always do a zero-byte read here, since some
// reader implementations fail to return EOF. This means assertEOF
_, err := d.readByte()
return err == io.EOF
}
// newDeserializationContext returns a deserializationContext for a reader
func newDeserializationContext(r io.Reader) *deserializationContext {
// TODO
// bufio is used here to allow debugging via d.dump()
// once this code here is robust enough we can just pass r
return &deserializationContext{bufio.NewReader(r)}
}

153
serialize_test.go
View File

@@ -1,153 +0,0 @@
package opentimestamps
import (
"bytes"
"math"
"testing"
"github.com/stretchr/testify/assert"
)
func newDeserializationContextFromBytes(in []byte) *deserializationContext {
return newDeserializationContext(bytes.NewBuffer(in))
}
func TestReadWrite(t *testing.T) {
magic := []byte("magic")
buf := &bytes.Buffer{}
s := newSerializationContext(buf)
assert.NoError(t, s.writeBytes([]byte{0x00, 0x01}))
assert.NoError(t, s.writeByte(0x02))
assert.NoError(t, s.writeBool(true))
assert.NoError(t, s.writeBool(false))
assert.NoError(t, s.writeByte(0x03))
assert.NoError(t, s.writeVarUint(1))
assert.NoError(t, s.writeBytes([]byte{0x81, 0x00}))
assert.NoError(t, s.writeBytes([]byte{0x81, 0x01}))
assert.NoError(t, s.writeVarUint(0x100))
assert.NoError(t, s.writeVarUint(uint64(math.MaxUint32)+1))
assert.NoError(t, s.writeVarUint(math.MaxUint64))
assert.NoError(t, s.writeBytes([]byte{
// varunit excess MaxUint64
0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0x01,
}))
assert.NoError(t, s.writeBytes(magic))
assert.NoError(t, s.writeByte(0))
assert.NoError(t, s.writeBytes(magic))
data := buf.Bytes()
expectedData := []byte{
0x00, 0x01, // bytes [0x00, 0x01]
0x02, // byte 0x02
0xff, // bool true
0x00, // bool false
0x03, // bool error
0x01, // varuint 1
0x81, 0x00, // varuint 1
0x81, 0x01, // varuint 1 (alternative)
0x80, 0x02, // varuint 0x100
// varunit math.MaxUint32 + 1
0x80, 0x80, 0x80, 0x80, 0x10,
// varunit math.MaxUint64
0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff,
0xff, 0x01,
// varunit excess math.MaxUint64
0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0x01,
// "magic"
0x6d, 0x61, 0x67, 0x69, 0x63,
// zero
0x00,
// "magic"
0x6d, 0x61, 0x67, 0x69, 0x63,
}
assert.Equal(t, expectedData, data)
d := newDeserializationContextFromBytes(data)
{
v, err := d.readBytes(2)
assert.NoError(t, err)
assert.Equal(t, []byte{0x00, 0x01}, v)
}
{
v, err := d.readByte()
assert.NoError(t, err)
assert.Equal(t, byte(0x02), v)
}
{
v, err := d.readBool()
assert.NoError(t, err)
assert.Equal(t, true, v)
}
{
v, err := d.readBool()
assert.NoError(t, err)
assert.Equal(t, false, v)
}
{
_, err := d.readBool()
assert.Error(t, err)
}
{
v, err := d.readVarUint()
assert.NoError(t, err)
assert.Equal(t, uint64(1), v)
}
{
v, err := d.readVarUint()
assert.NoError(t, err)
assert.Equal(t, uint64(1), v)
}
{
v, err := d.readVarUint()
assert.NoError(t, err)
assert.Equal(t, uint64(0x81), v)
}
{
v, err := d.readVarUint()
assert.NoError(t, err)
assert.Equal(t, uint64(0x100), v)
}
{
v, err := d.readVarUint()
assert.NoError(t, err)
assert.Equal(t, uint64(math.MaxUint32)+uint64(1), v)
}
{
v, err := d.readVarUint()
assert.NoError(t, err)
assert.Equal(t, uint64(math.MaxUint64), uint64(v))
}
{
_, err := d.readVarUint()
assert.Error(t, err)
// read leftover 0x02
b, err := d.readByte()
assert.NoError(t, err)
assert.Equal(t, byte(0x01), b)
}
{
assert.NoError(t, d.assertMagic(magic))
// fails because of in-between 0x00
assert.Error(t, d.assertMagic(magic))
}
{
// read leftover byte
_, err := d.readByte()
assert.NoError(t, err)
assert.True(t, d.assertEOF())
}
}

110
stamp.go Normal file
View File

@@ -0,0 +1,110 @@
package opentimestamps
import (
"bytes"
"context"
"fmt"
"io"
"net/http"
"strings"
"git.intruders.space/public/opentimestamps/ots"
"git.intruders.space/public/opentimestamps/varn"
)
var httpClient = &http.Client{}
func Stamp(ctx context.Context, calendarUrl string, digest [32]byte) (ots.Sequence, error) {
body := bytes.NewBuffer(digest[:])
req, err := http.NewRequestWithContext(ctx, "POST", normalizeUrl(calendarUrl)+"/digest", body)
if err != nil {
return nil, err
}
req.Header.Add("User-Agent", "github.com/fiatjaf/opentimestamps")
req.Header.Add("Accept", "application/vnd.opentimestamps.v1")
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
resp, err := httpClient.Do(req)
if err != nil {
return nil, fmt.Errorf("'%s' request failed: %w", calendarUrl, err)
}
full, err := io.ReadAll(resp.Body)
if err != nil {
return nil, fmt.Errorf("failed to read response from '%s': %w", calendarUrl, err)
}
resp.Body.Close()
seq, err := parseCalendarServerResponse(varn.NewBuffer(full))
if err != nil {
return nil, fmt.Errorf("failed to parse response from '%s': %w", calendarUrl, err)
}
return seq, nil
}
func ReadFromFile(data []byte) (*ots.File, error) {
return ots.ParseOTSFile(varn.NewBuffer(data))
}
func UpgradeSequence(ctx context.Context, seq ots.Sequence, initial []byte) (ots.Sequence, error) {
result, _ := seq.Compute(initial)
attestation := seq.GetAttestation()
url := fmt.Sprintf("%s/timestamp/%x", normalizeUrl(attestation.CalendarServerURL), result)
req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
if err != nil {
return nil, err
}
req.Header.Add("User-Agent", "github.com/fiatjaf/opentimestamps")
req.Header.Add("Accept", "application/vnd.opentimestamps.v1")
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
resp, err := httpClient.Do(req)
if err != nil {
return nil, fmt.Errorf("'%s' request failed: %w", attestation.CalendarServerURL, err)
}
if resp.StatusCode >= 300 {
return nil, fmt.Errorf("'%s' returned %d", attestation.CalendarServerURL, resp.StatusCode)
}
body, err := io.ReadAll(resp.Body)
if err != nil {
return nil, fmt.Errorf("failed to read response from '%s': %w", attestation.CalendarServerURL, err)
}
resp.Body.Close()
tail, err := parseCalendarServerResponse(varn.NewBuffer(body))
if err != nil {
return nil, fmt.Errorf("failed to parse response from '%s': %w", attestation.CalendarServerURL, err)
}
newSeq := make(ots.Sequence, len(seq)+len(tail)-1)
copy(newSeq, seq[0:len(seq)-1])
copy(newSeq[len(seq)-1:], tail)
return newSeq, nil
}
func parseCalendarServerResponse(buf varn.Buffer) (ots.Sequence, error) {
seqs, err := ots.ParseTimestamp(buf)
if err != nil {
return nil, err
}
if len(seqs) != 1 {
return nil, fmt.Errorf("invalid number of sequences obtained: %d", len(seqs))
}
return seqs[0], nil
}
func normalizeUrl(u string) string {
u = strings.TrimSuffix(u, "/")
if !strings.HasPrefix(u, "https://") && !strings.HasPrefix(u, "http://") {
u = "http://" + u
}
return u
}

193
timestamp.go
View File

@@ -1,193 +0,0 @@
package opentimestamps
import (
"bytes"
"fmt"
"io"
"strings"
)
type dumpConfig struct {
showMessage bool
showFlat bool
}
var defaultDumpConfig dumpConfig = dumpConfig{
showMessage: true,
showFlat: false,
}
// A timestampLink with the opCode being the link edge. The reference
// implementation uses a map, but the implementation is a bit complex. A list
// should work as well.
type tsLink struct {
opCode opCode
timestamp *Timestamp
}
// A Timestamp can contain many attestations and operations.
type Timestamp struct {
Message []byte
Attestations []Attestation
ops []tsLink
}
// Walk calls the passed function f for this timestamp and all
// downstream timestamps that are chained via operations.
func (t *Timestamp) Walk(f func(t *Timestamp)) {
f(t)
for _, l := range t.ops {
l.timestamp.Walk(f)
}
}
func (t *Timestamp) encode(ctx *serializationContext) error {
n := len(t.Attestations) + len(t.ops)
if n == 0 {
return fmt.Errorf("cannot encode empty timestamp")
}
prefixAtt := []byte{0x00}
prefixOp := []byte{}
nextNode := func(prefix []byte) error {
n -= 1
if n > 0 {
return ctx.writeByte(0xff)
}
if len(prefix) > 0 {
return ctx.writeBytes(prefix)
}
return nil
}
// FIXME attestations should be sorted
for _, att := range t.Attestations {
if err := nextNode(prefixAtt); err != nil {
return err
}
if err := encodeAttestation(ctx, att); err != nil {
return err
}
}
// FIXME ops should be sorted
for _, op := range t.ops {
if err := nextNode(prefixOp); err != nil {
return err
}
if err := op.opCode.encode(ctx); err != nil {
return err
}
if err := op.timestamp.encode(ctx); err != nil {
return err
}
}
return nil
}
func (t *Timestamp) DumpIndent(w io.Writer, indent int, cfg dumpConfig) {
if cfg.showMessage {
fmt.Fprintf(w, strings.Repeat(" ", indent))
fmt.Fprintf(w, "message %x\n", t.Message)
}
for _, att := range t.Attestations {
fmt.Fprint(w, strings.Repeat(" ", indent))
fmt.Fprintln(w, att)
}
for _, tsLink := range t.ops {
fmt.Fprint(w, strings.Repeat(" ", indent))
fmt.Fprintln(w, tsLink.opCode)
// fmt.Fprint(w, strings.Repeat(" ", indent))
// if the timestamp is indeed tree-shaped, show it like that
if !cfg.showFlat || len(t.ops) > 1 {
indent += 1
}
tsLink.timestamp.DumpIndent(w, indent, cfg)
}
}
func (t *Timestamp) DumpWithConfig(cfg dumpConfig) string {
b := &bytes.Buffer{}
t.DumpIndent(b, 0, cfg)
return b.String()
}
func (t *Timestamp) Dump() string {
return t.DumpWithConfig(defaultDumpConfig)
}
func parseTagOrAttestation(
ts *Timestamp,
ctx *deserializationContext,
tag byte,
message []byte,
limit int,
) error {
if tag == 0x00 {
a, err := ParseAttestation(ctx)
if err != nil {
return err
}
ts.Attestations = append(ts.Attestations, a)
} else {
op, err := parseOp(ctx, tag)
if err != nil {
return err
}
newMessage, err := op.apply(message)
if err != nil {
return err
}
nextTs := &Timestamp{Message: newMessage}
err = parse(nextTs, ctx, newMessage, limit-1)
if err != nil {
return err
}
ts.ops = append(ts.ops, tsLink{op, nextTs})
}
return nil
}
func parse(
ts *Timestamp, ctx *deserializationContext, message []byte, limit int,
) error {
if limit == 0 {
return fmt.Errorf("recursion limit")
}
var tag byte
var err error
for {
tag, err = ctx.readByte()
if err != nil {
return err
}
if tag == 0xff {
tag, err = ctx.readByte()
if err != nil {
return err
}
err := parseTagOrAttestation(ts, ctx, tag, message, limit)
if err != nil {
return err
}
} else {
break
}
}
return parseTagOrAttestation(ts, ctx, tag, message, limit)
}
func newTimestampFromContext(
ctx *deserializationContext, message []byte,
) (*Timestamp, error) {
recursionLimit := 1000
ts := &Timestamp{Message: message}
err := parse(ts, ctx, message, recursionLimit)
if err != nil {
return nil, err
}
return ts, nil
}
func NewTimestampFromReader(r io.Reader, message []byte) (*Timestamp, error) {
return newTimestampFromContext(newDeserializationContext(r), message)
}

11
util.go
View File

@@ -1,11 +0,0 @@
package opentimestamps
import "encoding/hex"
func mustDecodeHex(in string) []byte {
out, err := hex.DecodeString(in)
if err != nil {
panic(err)
}
return out
}

81
varn/buffer.go Normal file
View File

@@ -0,0 +1,81 @@
package varn
import "io"
// Buffer is a simple buffer reader that allows reading bytes and
// variable-length integers. It is not thread-safe and should not be used
// concurrently.
type Buffer struct {
pos *int
buf []byte
}
// NewBuffer creates a new Buffer instance.
func NewBuffer(buf []byte) Buffer {
zero := 0
return Buffer{&zero, buf}
}
// ReadBytes reads n bytes from the buffer.
func (buf Buffer) ReadBytes(n int) ([]byte, error) {
if *buf.pos >= len(buf.buf) {
return nil, io.EOF
}
if *buf.pos+n > len(buf.buf) {
return nil, io.ErrUnexpectedEOF
}
res := buf.buf[*buf.pos : *buf.pos+n]
*buf.pos = *buf.pos + n
return res, nil
}
func (buf Buffer) ReadByte() (byte, error) {
b, err := buf.ReadBytes(1)
if err != nil {
return 0, err
}
return b[0], nil
}
// ReadVarUint reads a variable-length unsigned integer from the buffer.
// Returns io.EOF if the end of the buffer is reached before a complete integer
// is read.
func (buf Buffer) ReadVarUint() (uint64, error) {
var value uint64 = 0
var shift uint64 = 0
for {
b, err := buf.ReadByte()
if err != nil {
return 0, err
}
value |= (uint64(b) & 0b01111111) << shift
shift += 7
if b&0b10000000 == 0 {
break
}
}
return value, nil
}
// ReadVarBytes reads a variable-length byte array from the buffer.
// It first reads a variable-length unsigned integer to determine the length
// of the byte array, and then reads that many bytes from the buffer.
// Returns the byte array and an error if any occurs during reading.
// The function will return io.EOF if the end of the buffer is reached before
// the specified number of bytes is read.
// If the length of the byte array is 0, it will return an empty byte slice.
// If the length is greater than the remaining bytes in the buffer, it will
// return io.EOF.
func (buf Buffer) ReadVarBytes() ([]byte, error) {
v, err := buf.ReadVarUint()
if err != nil {
return nil, err
}
b, err := buf.ReadBytes(int(v))
if err != nil {
return nil, err
}
return b, nil
}

155
varn/buffer_test.go Normal file
View File

@@ -0,0 +1,155 @@
package varn_test
import (
"io"
"testing"
"github.com/stretchr/testify/assert"
"git.intruders.space/public/opentimestamps/varn"
)
func TestNewBuffer(t *testing.T) {
data := []byte{0x01, 0x02, 0x03}
buf := varn.NewBuffer(data)
// Test the first byte to verify initialization
b, err := buf.ReadByte()
assert.NoError(t, err)
assert.Equal(t, byte(0x01), b)
// Test reading the second byte
b, err = buf.ReadByte()
assert.NoError(t, err)
assert.Equal(t, byte(0x02), b)
// Test reading the third byte
b, err = buf.ReadByte()
assert.NoError(t, err)
assert.Equal(t, byte(0x03), b)
// Test reading beyond the buffer
_, err = buf.ReadByte()
assert.ErrorIs(t, err, io.EOF)
// Test reading from an empty buffer
emptyBuf := varn.NewBuffer([]byte{})
_, err = emptyBuf.ReadByte()
assert.ErrorIs(t, err, io.EOF)
// Test reading from a nil buffer
nilBuf := varn.NewBuffer(nil)
_, err = nilBuf.ReadByte()
assert.ErrorIs(t, err, io.EOF)
// Test reading from a buffer with a single byte
singleByteBuf := varn.NewBuffer([]byte{0xFF})
b, err = singleByteBuf.ReadByte()
assert.NoError(t, err)
assert.Equal(t, byte(0xFF), b)
}
func TestReadBytes(t *testing.T) {
data := []byte{0x01, 0x02, 0x03, 0x04, 0x05}
buf := varn.NewBuffer(data)
// Read 3 bytes
bytes, err := buf.ReadBytes(3)
assert.NoError(t, err)
assert.Equal(t, []byte{0x01, 0x02, 0x03}, bytes)
// Read 2 more bytes
bytes, err = buf.ReadBytes(2)
assert.NoError(t, err)
assert.Equal(t, []byte{0x04, 0x05}, bytes)
// Try to read beyond the buffer
_, err = buf.ReadBytes(1)
assert.ErrorIs(t, err, io.EOF)
}
func TestReadByte(t *testing.T) {
data := []byte{0x0A, 0x0B}
buf := varn.NewBuffer(data)
// Read first byte
b, err := buf.ReadByte()
assert.NoError(t, err)
assert.Equal(t, byte(0x0A), b)
// Read second byte
b, err = buf.ReadByte()
assert.NoError(t, err)
assert.Equal(t, byte(0x0B), b)
// Try to read beyond the buffer
_, err = buf.ReadByte()
assert.ErrorIs(t, err, io.EOF)
}
func TestReadVarUint(t *testing.T) {
testCases := []struct {
name string
input []byte
expected uint64
}{
{
name: "Single byte",
input: []byte{0x01},
expected: 1,
},
{
name: "Two bytes",
input: []byte{0x81, 0x01}, // 129 in varint encoding
expected: 129,
},
{
name: "Large number",
input: []byte{0xFF, 0xFF, 0xFF, 0xFF, 0x01}, // 536870911 in varint encoding
expected: 536870911,
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
buf := varn.NewBuffer(tc.input)
val, err := buf.ReadVarUint()
assert.NoError(t, err)
assert.Equal(t, tc.expected, val)
})
}
// Test EOF
buf := varn.NewBuffer([]byte{0x81}) // Incomplete varint
_, err := buf.ReadVarUint()
assert.ErrorIs(t, err, io.EOF)
}
func TestReadVarBytes(t *testing.T) {
// Test normal case: length followed by data
data := []byte{0x03, 0x0A, 0x0B, 0x0C, 0x0D}
buf := varn.NewBuffer(data)
bytes, err := buf.ReadVarBytes()
assert.NoError(t, err)
assert.Equal(t, []byte{0x0A, 0x0B, 0x0C}, bytes)
// Test empty array
data = []byte{0x00, 0x01}
buf = varn.NewBuffer(data)
bytes, err = buf.ReadVarBytes()
assert.NoError(t, err)
assert.Equal(t, []byte{}, bytes)
// Test EOF during length read
buf = varn.NewBuffer([]byte{})
_, err = buf.ReadVarBytes()
assert.ErrorIs(t, err, io.EOF)
// Test error during data read (insufficient bytes)
data = []byte{0x03, 0x01}
buf = varn.NewBuffer(data)
_, err = buf.ReadVarBytes()
assert.ErrorIs(t, err, io.ErrUnexpectedEOF)
}

38
varn/varn.go Normal file
View File

@@ -0,0 +1,38 @@
// Package varn implements variable-length encoding for unsigned integers and
// byte slices. It is used in the OpenTimestamps protocol to encode
// instructions and attestations. The encoding is similar to the one used in
// Protocol Buffers, but with a different format for the variable-length
// integers. The encoding is designed to be compact and efficient, while still
// being easy to decode. The package provides functions to read and write
// variable-length integers and byte slices, as well as a Buffer type for
// reading and writing data in a more convenient way. The package is not
// thread-safe and should not be used concurrently. It is intended for use in
// the OpenTimestamps protocol and is not a general-purpose encoding library.
package varn
// AppendVarUint appends a variable-length unsigned integer to the buffer
func AppendVarUint(buf []byte, value uint64) []byte {
if value == 0 {
buf = append(buf, 0)
} else {
for value != 0 {
b := byte(value & 0b01111111)
if value > 0b01111111 {
b |= 0b10000000
}
buf = append(buf, b)
if value <= 0b01111111 {
break
}
value >>= 7
}
}
return buf
}
func AppendVarBytes(buf []byte, value []byte) []byte {
buf = AppendVarUint(buf, uint64(len(value)))
buf = append(buf, value...)
return buf
}

118
varn/varn_test.go Normal file
View File

@@ -0,0 +1,118 @@
package varn_test
import (
"bytes"
"encoding/hex"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"git.intruders.space/public/opentimestamps/varn"
)
// Helper functions for decoding (to verify encoding)
func readVarUint(t *testing.T, data []byte) (uint64, int) {
t.Helper()
require.NotZero(t, data, "empty buffer")
if data[0] == 0 {
return 0, 1
}
var value uint64
var bytesRead int
for i, b := range data {
bytesRead = i + 1
value |= uint64(b&0x7F) << uint(7*i)
if b&0x80 == 0 {
break
}
require.Less(t, i, 9, "varint too long") // 9 is max bytes needed for uint64
}
return value, bytesRead
}
func readVarBytes(t *testing.T, data []byte) ([]byte, int) {
t.Helper()
length, bytesRead := readVarUint(t, data)
require.GreaterOrEqual(t, uint64(len(data)-bytesRead), length, "buffer too short")
end := bytesRead + int(length)
return data[bytesRead:end], end
}
func TestAppendVarUint(t *testing.T) {
tests := []struct {
name string
value uint64
expected string // hex representation of expected bytes
}{
{"zero", 0, "00"},
{"small value", 42, "2a"},
{"value below 128", 127, "7f"},
{"value requiring 2 bytes", 128, "8001"},
{"medium value", 300, "ac02"},
{"large value", 1234567890, "d285d8cc04"}, // Updated from "d2a6e58e07" to correct encoding
{"max uint64", 18446744073709551615, "ffffffffffffffffff01"},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
var buf []byte
result := varn.AppendVarUint(buf, tt.value)
// Check encoding
expected, err := hex.DecodeString(tt.expected)
assert.NoError(t, err)
assert.Equal(t, expected, result)
// Verify by decoding
decoded, _ := readVarUint(t, result)
assert.Equal(t, tt.value, decoded)
})
}
}
func TestAppendVarBytes(t *testing.T) {
tests := []struct {
name string
value []byte
}{
{"empty", []byte{}},
{"small", []byte{0x01, 0x02, 0x03}},
{"medium", bytes.Repeat([]byte{0xAA}, 127)},
{"large", bytes.Repeat([]byte{0xBB}, 256)},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
var buf []byte
result := varn.AppendVarBytes(buf, tt.value)
// Verify by decoding
decoded, _ := readVarBytes(t, result)
assert.Equal(t, tt.value, decoded)
// Check that length is properly encoded
lenEncoded, _ := readVarUint(t, result)
assert.Equal(t, uint64(len(tt.value)), lenEncoded)
})
}
}
func TestAppendingToExistingBuffer(t *testing.T) {
existing := []byte{0xFF, 0xFF}
// Test AppendVarUint
result := varn.AppendVarUint(existing, 42)
assert.Equal(t, []byte{0xFF, 0xFF, 0x2A}, result)
// Test AppendVarBytes
data := []byte{0x01, 0x02, 0x03}
result = varn.AppendVarBytes(existing, data)
assert.Equal(t, []byte{0xFF, 0xFF, 0x03, 0x01, 0x02, 0x03}, result)
}

15
verifyer/bitcoin.go Normal file
View File

@@ -0,0 +1,15 @@
package verifyer
import (
"github.com/btcsuite/btcd/chaincfg/chainhash"
"github.com/btcsuite/btcd/rpcclient"
"github.com/btcsuite/btcd/wire"
)
type Bitcoin interface {
GetBlockHash(height int64) (*chainhash.Hash, error)
GetBlockHeader(hash *chainhash.Hash) (*wire.BlockHeader, error)
}
var _ Bitcoin = (*esplora)(nil)
var _ Bitcoin = (*rpcclient.Client)(nil)

7
verifyer/bitcoind.go Normal file
View File

@@ -0,0 +1,7 @@
package verifyer
import "github.com/btcsuite/btcd/rpcclient"
func NewBitcoindInterface(config rpcclient.ConnConfig) (Bitcoin, error) {
return rpcclient.New(&config, nil)
}

85
verifyer/esplora.go Normal file
View File

@@ -0,0 +1,85 @@
package verifyer
import (
"bytes"
"encoding/hex"
"fmt"
"io"
"net/http"
"strconv"
"strings"
"time"
"slices"
"github.com/btcsuite/btcd/chaincfg/chainhash"
"github.com/btcsuite/btcd/wire"
)
// esplora is a client for the Esplora API, which provides access to Bitcoin
// blockchain data.
type esplora struct {
httpClient *http.Client
baseURL string
}
func NewEsploraClient(url string, timeout time.Duration) Bitcoin {
url = strings.TrimSuffix(url, "/")
h := &http.Client{
Timeout: timeout,
}
return esplora{h, url}
}
func (e esplora) GetBlockHash(height int64) (*chainhash.Hash, error) {
resp, err := e.httpClient.Get(e.baseURL + "/block-height/" + strconv.FormatInt(height, 10))
if err != nil {
return nil, fmt.Errorf("failed to get block hash: %w", err)
}
defer resp.Body.Close()
hexb, err := io.ReadAll(resp.Body)
if err != nil {
return nil, fmt.Errorf("failed to read block hash: %w", err)
}
hash, err := hex.DecodeString(string(hexb))
if err != nil {
return nil, fmt.Errorf("failed to decode block hash: %w", err)
}
if len(hash) != chainhash.HashSize {
return nil, fmt.Errorf("got block hash (%x) of invalid size (expected %d)", hash, chainhash.HashSize)
}
slices.Reverse(hash)
var chash chainhash.Hash
copy(chash[:], hash)
return &chash, nil
}
func (e esplora) GetBlockHeader(hash *chainhash.Hash) (*wire.BlockHeader, error) {
resp, err := e.httpClient.Get(fmt.Sprintf("%s/block/%s/header", e.baseURL, hash.String()))
if err != nil {
return nil, err
}
defer resp.Body.Close()
hexb, err := io.ReadAll(resp.Body)
if err != nil {
return nil, err
}
headerHash, err := hex.DecodeString(string(hexb))
if err != nil {
return nil, err
}
header := &wire.BlockHeader{}
if err := header.BtcDecode(bytes.NewBuffer(headerHash), 0, 0); err != nil {
return nil, err
}
return header, nil
}