1use anyhow::{Context, anyhow};
4use async_trait::async_trait;
5use hex::ToHex;
6use slog::{Logger, debug};
7use std::sync::Arc;
8use thiserror::Error;
9
10use super::CertificateRetriever;
11use crate::StdResult;
12use crate::crypto_helper::{
13 ProtocolAggregateVerificationKey, ProtocolGenesisError, ProtocolGenesisVerificationKey,
14 ProtocolMultiSignature,
15};
16use crate::entities::{
17 Certificate, CertificateSignature, ProtocolMessagePartKey, ProtocolParameters,
18};
19use crate::logging::LoggerExtensions;
20
21#[cfg(test)]
22use mockall::automock;
23
24#[derive(Error, Debug)]
26pub enum CertificateVerifierError {
27 #[error("multi signature verification failed: '{0}'")]
29 VerifyMultiSignature(String),
30
31 #[error("certificate genesis error")]
33 CertificateGenesis(#[from] ProtocolGenesisError),
34
35 #[error("certificate hash unmatch error")]
37 CertificateHashUnmatch,
38
39 #[error("certificate chain previous hash unmatch error")]
42 CertificateChainPreviousHashUnmatch,
43
44 #[error("certificate protocol message unmatch error")]
47 CertificateProtocolMessageUnmatch,
48
49 #[error("certificate chain AVK unmatch error")]
54 CertificateChainAVKUnmatch,
55
56 #[error("certificate chain protocol parameters unmatch error")]
61 CertificateChainProtocolParametersUnmatch,
62
63 #[error("certificate epoch unmatch error")]
66 CertificateEpochUnmatch,
67
68 #[error("certificate chain missing epoch error")]
71 CertificateChainMissingEpoch,
72
73 #[error("certificate chain infinite loop error")]
75 CertificateChainInfiniteLoop,
76
77 #[error("can't validate genesis certificate: given certificate isn't a genesis certificate")]
80 InvalidGenesisCertificateProvided,
81
82 #[error("can't validate standard certificate: given certificate isn't a standard certificate")]
85 InvalidStandardCertificateProvided,
86}
87
88#[cfg_attr(test, automock)]
91#[cfg_attr(target_family = "wasm", async_trait(?Send))]
92#[cfg_attr(not(target_family = "wasm"), async_trait)]
93pub trait CertificateVerifier: Send + Sync {
94 async fn verify_genesis_certificate(
96 &self,
97 genesis_certificate: &Certificate,
98 genesis_verification_key: &ProtocolGenesisVerificationKey,
99 ) -> StdResult<()>;
100
101 async fn verify_standard_certificate(
103 &self,
104 certificate: &Certificate,
105 previous_certificate: &Certificate,
106 ) -> StdResult<()>;
107
108 async fn verify_certificate(
110 &self,
111 certificate: &Certificate,
112 genesis_verification_key: &ProtocolGenesisVerificationKey,
113 ) -> StdResult<Option<Certificate>>;
114
115 async fn verify_certificate_chain(
117 &self,
118 certificate: Certificate,
119 genesis_verification_key: &ProtocolGenesisVerificationKey,
120 ) -> StdResult<()> {
121 let mut certificate = certificate;
122 while let Some(previous_certificate) = self
123 .verify_certificate(&certificate, genesis_verification_key)
124 .await?
125 {
126 certificate = previous_certificate;
127 }
128
129 Ok(())
130 }
131}
132
133pub struct MithrilCertificateVerifier {
135 logger: Logger,
136 certificate_retriever: Arc<dyn CertificateRetriever>,
137}
138
139impl MithrilCertificateVerifier {
140 pub fn new(logger: Logger, certificate_retriever: Arc<dyn CertificateRetriever>) -> Self {
142 debug!(logger, "New MithrilCertificateVerifier created");
143 Self {
144 logger: logger.new_with_component_name::<Self>(),
145 certificate_retriever,
146 }
147 }
148
149 async fn fetch_previous_certificate(
150 &self,
151 certificate: &Certificate,
152 ) -> StdResult<Certificate> {
153 self.certificate_retriever
154 .get_certificate_details(&certificate.previous_hash)
155 .await
156 .map_err(|e| anyhow!(e))
157 .with_context(|| "Can not retrieve previous certificate during verification")
158 }
159
160 fn verify_multi_signature(
161 &self,
162 message: &[u8],
163 multi_signature: &ProtocolMultiSignature,
164 aggregate_verification_key: &ProtocolAggregateVerificationKey,
165 protocol_parameters: &ProtocolParameters,
166 ) -> Result<(), CertificateVerifierError> {
167 debug!(
168 self.logger,
169 "Verify multi signature for {:?}",
170 message.encode_hex::<String>()
171 );
172
173 multi_signature
174 .verify(
175 message,
176 aggregate_verification_key,
177 &protocol_parameters.to_owned().into(),
178 )
179 .map_err(|e| CertificateVerifierError::VerifyMultiSignature(e.to_string()))
180 }
181
182 fn verify_is_not_in_infinite_loop(&self, certificate: &Certificate) -> StdResult<()> {
183 if certificate.is_chaining_to_itself() {
184 return Err(anyhow!(
185 CertificateVerifierError::CertificateChainInfiniteLoop
186 ));
187 }
188
189 Ok(())
190 }
191
192 fn verify_hash_matches_content(&self, certificate: &Certificate) -> StdResult<()> {
193 if certificate.compute_hash() != certificate.hash {
194 return Err(anyhow!(CertificateVerifierError::CertificateHashUnmatch));
195 }
196
197 Ok(())
198 }
199
200 fn verify_previous_hash_matches_previous_certificate_hash(
201 &self,
202 certificate: &Certificate,
203 previous_certificate: &Certificate,
204 ) -> StdResult<()> {
205 if previous_certificate.hash != certificate.previous_hash {
206 return Err(anyhow!(
207 CertificateVerifierError::CertificateChainPreviousHashUnmatch
208 ));
209 }
210
211 Ok(())
212 }
213
214 fn verify_signed_message_matches_hashed_protocol_message(
215 &self,
216 certificate: &Certificate,
217 ) -> StdResult<()> {
218 if certificate.protocol_message.compute_hash() != certificate.signed_message {
219 return Err(anyhow!(
220 CertificateVerifierError::CertificateProtocolMessageUnmatch
221 ));
222 }
223
224 Ok(())
225 }
226
227 fn verify_epoch_matches_protocol_message(&self, certificate: &Certificate) -> StdResult<()> {
228 if let Some(signed_epoch) = &certificate
229 .protocol_message
230 .get_message_part(&ProtocolMessagePartKey::CurrentEpoch)
231 {
232 if **signed_epoch == certificate.epoch.to_string() {
233 return Ok(());
234 }
235 }
236
237 Err(anyhow!(CertificateVerifierError::CertificateEpochUnmatch))
238 }
239
240 fn verify_epoch_chaining(
241 &self,
242 certificate: &Certificate,
243 previous_certificate: &Certificate,
244 ) -> StdResult<()> {
245 if certificate.epoch.has_gap_with(&previous_certificate.epoch) {
246 return Err(anyhow!(
247 CertificateVerifierError::CertificateChainMissingEpoch
248 ));
249 }
250
251 Ok(())
252 }
253
254 fn verify_aggregate_verification_key_chaining(
255 &self,
256 certificate: &Certificate,
257 previous_certificate: &Certificate,
258 ) -> StdResult<()> {
259 let previous_certificate_has_same_epoch = previous_certificate.epoch == certificate.epoch;
260 let certificate_has_valid_aggregate_verification_key =
261 if previous_certificate_has_same_epoch {
262 previous_certificate.aggregate_verification_key
263 == certificate.aggregate_verification_key
264 } else {
265 match &previous_certificate
266 .protocol_message
267 .get_message_part(&ProtocolMessagePartKey::NextAggregateVerificationKey)
268 {
269 Some(previous_certificate_next_aggregate_verification_key) => {
270 **previous_certificate_next_aggregate_verification_key
271 == certificate
272 .aggregate_verification_key
273 .to_json_hex()
274 .with_context(|| {
275 format!(
276 "aggregate verification key to string conversion error for certificate: `{}`",
277 certificate.hash
278 )
279 })?
280 }
281 None => false,
282 }
283 };
284 if !certificate_has_valid_aggregate_verification_key {
285 debug!(
286 self.logger,
287 "Previous certificate {:#?}", previous_certificate
288 );
289 return Err(anyhow!(
290 CertificateVerifierError::CertificateChainAVKUnmatch
291 ));
292 }
293
294 Ok(())
295 }
296
297 fn verify_protocol_parameters_chaining(
298 &self,
299 certificate: &Certificate,
300 previous_certificate: &Certificate,
301 ) -> StdResult<()> {
302 let previous_certificate_has_same_epoch = previous_certificate.epoch == certificate.epoch;
303 let certificate_has_valid_protocol_parameters = if previous_certificate_has_same_epoch {
304 previous_certificate.metadata.protocol_parameters
305 == certificate.metadata.protocol_parameters
306 } else {
307 match &previous_certificate
308 .protocol_message
309 .get_message_part(&ProtocolMessagePartKey::NextProtocolParameters)
310 {
311 Some(previous_certificate_next_protocol_parameters) => {
312 **previous_certificate_next_protocol_parameters
313 == certificate.metadata.protocol_parameters.compute_hash()
314 }
315 None => false,
316 }
317 };
318 if !certificate_has_valid_protocol_parameters {
319 debug!(
320 self.logger,
321 "Previous certificate {:#?}", previous_certificate
322 );
323 return Err(anyhow!(
324 CertificateVerifierError::CertificateChainProtocolParametersUnmatch
325 ));
326 }
327
328 Ok(())
329 }
330}
331
332#[cfg_attr(target_family = "wasm", async_trait(?Send))]
333#[cfg_attr(not(target_family = "wasm"), async_trait)]
334impl CertificateVerifier for MithrilCertificateVerifier {
335 async fn verify_genesis_certificate(
336 &self,
337 genesis_certificate: &Certificate,
338 genesis_verification_key: &ProtocolGenesisVerificationKey,
339 ) -> StdResult<()> {
340 let genesis_signature = match &genesis_certificate.signature {
341 CertificateSignature::GenesisSignature(signature) => Ok(signature),
342 _ => Err(CertificateVerifierError::InvalidGenesisCertificateProvided),
343 }?;
344 self.verify_hash_matches_content(genesis_certificate)?;
345 self.verify_signed_message_matches_hashed_protocol_message(genesis_certificate)?;
346 genesis_verification_key
347 .verify(
348 genesis_certificate.signed_message.as_bytes(),
349 genesis_signature,
350 )
351 .with_context(|| "Certificate verifier failed verifying a genesis certificate")?;
352 self.verify_epoch_matches_protocol_message(genesis_certificate)?;
353
354 Ok(())
355 }
356
357 async fn verify_standard_certificate(
358 &self,
359 certificate: &Certificate,
360 previous_certificate: &Certificate,
361 ) -> StdResult<()> {
362 let multi_signature = match &certificate.signature {
363 CertificateSignature::MultiSignature(_, signature) => Ok(signature),
364 _ => Err(CertificateVerifierError::InvalidStandardCertificateProvided),
365 }?;
366 self.verify_is_not_in_infinite_loop(certificate)?;
367 self.verify_hash_matches_content(certificate)?;
368 self.verify_signed_message_matches_hashed_protocol_message(certificate)?;
369 self.verify_multi_signature(
370 certificate.signed_message.as_bytes(),
371 multi_signature,
372 &certificate.aggregate_verification_key,
373 &certificate.metadata.protocol_parameters,
374 )?;
375 self.verify_epoch_matches_protocol_message(certificate)?;
376 self.verify_epoch_chaining(certificate, previous_certificate)?;
377 self.verify_previous_hash_matches_previous_certificate_hash(
378 certificate,
379 previous_certificate,
380 )?;
381 self.verify_aggregate_verification_key_chaining(certificate, previous_certificate)?;
382 self.verify_protocol_parameters_chaining(certificate, previous_certificate)?;
383
384 Ok(())
385 }
386
387 async fn verify_certificate(
389 &self,
390 certificate: &Certificate,
391 genesis_verification_key: &ProtocolGenesisVerificationKey,
392 ) -> StdResult<Option<Certificate>> {
393 debug!(
394 self.logger, "Verifying certificate";
395 "certificate_hash" => &certificate.hash,
396 "certificate_previous_hash" => &certificate.previous_hash,
397 "certificate_epoch" => ?certificate.epoch,
398 "certificate_signed_entity_type" => ?certificate.signed_entity_type(),
399 );
400
401 match &certificate.signature {
402 CertificateSignature::GenesisSignature(_) => {
403 self.verify_genesis_certificate(certificate, genesis_verification_key)
404 .await?;
405
406 Ok(None)
407 }
408 CertificateSignature::MultiSignature(_, _) => {
409 let previous_certificate = self.fetch_previous_certificate(certificate).await?;
410 self.verify_standard_certificate(certificate, &previous_certificate)
411 .await?;
412
413 Ok(Some(previous_certificate))
414 }
415 }
416 }
417}
418
419#[cfg(test)]
420mod tests {
421 use std::collections::HashMap;
422
423 use async_trait::async_trait;
424 use mockall::mock;
425 use tokio::sync::Mutex;
426
427 use super::CertificateRetriever;
428 use super::*;
429
430 use crate::certificate_chain::{CertificateRetrieverError, FakeCertificaterRetriever};
431 use crate::crypto_helper::{ProtocolClerk, tests_setup::*};
432 use crate::test_utils::{
433 CertificateChainBuilder, CertificateChainBuilderContext, MithrilFixtureBuilder, TestLogger,
434 };
435
436 macro_rules! assert_error_matches {
437 ( $expected_error:path, $error:expr ) => {{
438 let error = $error
439 .downcast_ref::<CertificateVerifierError>()
440 .expect("Can not downcast to `CertificateVerifierError`.");
441 let expected_error = $expected_error;
442
443 assert!(
444 matches!(error, $expected_error),
445 "unexpected error type: got {error:?}, want {expected_error:?}"
446 );
447 }};
448 }
449
450 mock! {
451 pub CertificateRetrieverImpl { }
452
453 #[async_trait]
454 impl CertificateRetriever for CertificateRetrieverImpl {
455
456 async fn get_certificate_details(
457 &self,
458 certificate_hash: &str,
459 ) -> Result<Certificate, CertificateRetrieverError>;
460 }
461 }
462
463 struct MockDependencyInjector {
464 mock_certificate_retriever: MockCertificateRetrieverImpl,
465 }
466
467 impl MockDependencyInjector {
468 fn new() -> MockDependencyInjector {
469 MockDependencyInjector {
470 mock_certificate_retriever: MockCertificateRetrieverImpl::new(),
471 }
472 }
473
474 fn build_certificate_verifier(self) -> MithrilCertificateVerifier {
475 MithrilCertificateVerifier::new(
476 TestLogger::stdout(),
477 Arc::new(self.mock_certificate_retriever),
478 )
479 }
480 }
481
482 #[test]
483 fn verify_multi_signature_success() {
484 let protocol_parameters = setup_protocol_parameters();
485 let fixture = MithrilFixtureBuilder::default()
486 .with_signers(5)
487 .with_protocol_parameters(protocol_parameters.into())
488 .build();
489 let signers = fixture.signers_fixture();
490 let message_hash = setup_message().compute_hash().as_bytes().to_vec();
491
492 let single_signatures = signers
493 .iter()
494 .filter_map(|s| s.protocol_signer.sign(&message_hash))
495 .collect::<Vec<_>>();
496
497 let first_signer = &signers[0].protocol_signer;
498 let clerk = ProtocolClerk::new_clerk_from_signer(first_signer);
499 let aggregate_verification_key = clerk.compute_aggregate_verification_key().into();
500 let multi_signature = clerk
501 .aggregate_signatures(&single_signatures, &message_hash)
502 .unwrap()
503 .into();
504
505 let verifier = MithrilCertificateVerifier::new(
506 TestLogger::stdout(),
507 Arc::new(MockCertificateRetrieverImpl::new()),
508 );
509 let message_tampered = message_hash[1..].to_vec();
510 assert!(
511 verifier
512 .verify_multi_signature(
513 &message_tampered,
514 &multi_signature,
515 &aggregate_verification_key,
516 &fixture.protocol_parameters(),
517 )
518 .is_err(),
519 "multi signature verification should have failed"
520 );
521 verifier
522 .verify_multi_signature(
523 &message_hash,
524 &multi_signature,
525 &aggregate_verification_key,
526 &fixture.protocol_parameters(),
527 )
528 .expect("multi signature verification should have succeeded");
529 }
530
531 #[tokio::test]
532 async fn verify_genesis_certificate_success() {
533 let (total_certificates, certificates_per_epoch) = (5, 1);
534 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
535 let verifier = MockDependencyInjector::new().build_certificate_verifier();
536 let genesis_certificate = fake_certificates.genesis_certificate();
537
538 let verify = verifier
539 .verify_genesis_certificate(
540 genesis_certificate,
541 &fake_certificates.genesis_verifier.to_verification_key(),
542 )
543 .await;
544
545 verify.expect("verify_genesis_certificate should not fail");
546 }
547
548 #[tokio::test]
549 async fn verify_genesis_certificate_fails_if_is_not_genesis() {
550 let (total_certificates, certificates_per_epoch) = (5, 1);
551 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
552 let verifier = MockDependencyInjector::new().build_certificate_verifier();
553 let standard_certificate = fake_certificates[0].clone();
554 let mut genesis_certificate = fake_certificates.genesis_certificate().clone();
555 genesis_certificate.signature = standard_certificate.signature.clone();
556 genesis_certificate.hash = genesis_certificate.compute_hash();
557
558 let error = verifier
559 .verify_genesis_certificate(
560 &genesis_certificate,
561 &fake_certificates.genesis_verifier.to_verification_key(),
562 )
563 .await
564 .expect_err("verify_genesis_certificate should fail");
565
566 assert_error_matches!(
567 CertificateVerifierError::InvalidGenesisCertificateProvided,
568 error
569 )
570 }
571
572 #[tokio::test]
573 async fn verify_genesis_certificate_fails_if_hash_unmatch() {
574 let (total_certificates, certificates_per_epoch) = (5, 1);
575 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
576 let verifier = MockDependencyInjector::new().build_certificate_verifier();
577 let mut genesis_certificate = fake_certificates.genesis_certificate().clone();
578 genesis_certificate.hash = "another-hash".to_string();
579
580 let error = verifier
581 .verify_genesis_certificate(
582 &genesis_certificate,
583 &fake_certificates.genesis_verifier.to_verification_key(),
584 )
585 .await
586 .expect_err("verify_genesis_certificate should fail");
587
588 assert_error_matches!(CertificateVerifierError::CertificateHashUnmatch, error)
589 }
590
591 #[tokio::test]
592 async fn verify_genesis_certificate_fails_if_protocol_message_unmatch() {
593 let (total_certificates, certificates_per_epoch) = (5, 1);
594 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
595 let verifier = MockDependencyInjector::new().build_certificate_verifier();
596 let mut genesis_certificate = fake_certificates.genesis_certificate().clone();
597 genesis_certificate.protocol_message.set_message_part(
598 ProtocolMessagePartKey::CurrentEpoch,
599 "another-value".to_string(),
600 );
601 genesis_certificate.hash = genesis_certificate.compute_hash();
602
603 let error = verifier
604 .verify_genesis_certificate(
605 &genesis_certificate,
606 &fake_certificates.genesis_verifier.to_verification_key(),
607 )
608 .await
609 .expect_err("verify_genesis_certificate should fail");
610
611 assert_error_matches!(
612 CertificateVerifierError::CertificateProtocolMessageUnmatch,
613 error
614 )
615 }
616
617 #[tokio::test]
618 async fn verify_genesis_certificate_fails_if_epoch_unmatch() {
619 let (total_certificates, certificates_per_epoch) = (5, 1);
620 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
621 let verifier = MockDependencyInjector::new().build_certificate_verifier();
622 let mut genesis_certificate = fake_certificates.genesis_certificate().clone();
623 genesis_certificate.epoch -= 1;
624 genesis_certificate.hash = genesis_certificate.compute_hash();
625
626 let error = verifier
627 .verify_genesis_certificate(
628 &genesis_certificate,
629 &fake_certificates.genesis_verifier.to_verification_key(),
630 )
631 .await
632 .expect_err("verify_genesis_certificate should fail");
633
634 assert_error_matches!(CertificateVerifierError::CertificateEpochUnmatch, error)
635 }
636
637 #[tokio::test]
638 async fn verify_standard_certificate_success_with_different_epochs_as_previous() {
639 let (total_certificates, certificates_per_epoch) = (5, 1);
640 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
641 let verifier = MockDependencyInjector::new().build_certificate_verifier();
642 let certificate = fake_certificates[0].clone();
643 let previous_certificate = fake_certificates[1].clone();
644
645 let verify = verifier
646 .verify_standard_certificate(&certificate, &previous_certificate)
647 .await;
648
649 verify.expect("verify_standard_certificate should not fail");
650 }
651
652 #[tokio::test]
653 async fn verify_standard_certificate_success_with_same_epoch_as_previous() {
654 let (total_certificates, certificates_per_epoch) = (5, 2);
655 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
656 let verifier = MockDependencyInjector::new().build_certificate_verifier();
657 let certificate = fake_certificates[0].clone();
658 let previous_certificate = fake_certificates[1].clone();
659
660 let verify = verifier
661 .verify_standard_certificate(&certificate, &previous_certificate)
662 .await;
663
664 verify.expect("verify_standard_certificate should not fail");
665 }
666
667 #[tokio::test]
668 async fn verify_standard_certificate_fails_if_is_not_genesis() {
669 let (total_certificates, certificates_per_epoch) = (5, 1);
670 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
671 let verifier = MockDependencyInjector::new().build_certificate_verifier();
672 let genesis_certificate = fake_certificates.genesis_certificate();
673 let mut standard_certificate = fake_certificates[0].clone();
674 standard_certificate.signature = genesis_certificate.signature.clone();
675 standard_certificate.hash = standard_certificate.compute_hash();
676 let standard_previous_certificate = fake_certificates[1].clone();
677
678 let error = verifier
679 .verify_standard_certificate(&standard_certificate, &standard_previous_certificate)
680 .await
681 .expect_err("verify_standard_certificate should fail");
682
683 assert_error_matches!(
684 CertificateVerifierError::InvalidStandardCertificateProvided,
685 error
686 )
687 }
688
689 #[tokio::test]
690 async fn verify_standard_certificate_fails_if_infinite_loop() {
691 let (total_certificates, certificates_per_epoch) = (5, 1);
692 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
693 let verifier = MockDependencyInjector::new().build_certificate_verifier();
694 let mut certificate = fake_certificates[0].clone();
695 certificate.previous_hash = certificate.hash.clone();
696 let previous_certificate = fake_certificates[1].clone();
697
698 let error = verifier
699 .verify_standard_certificate(&certificate, &previous_certificate)
700 .await
701 .expect_err("verify_standard_certificate should fail");
702
703 assert_error_matches!(
704 CertificateVerifierError::CertificateChainInfiniteLoop,
705 error
706 )
707 }
708
709 #[tokio::test]
710 async fn verify_standard_certificate_fails_if_hash_unmatch() {
711 let (total_certificates, certificates_per_epoch) = (5, 1);
712 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
713 let verifier = MockDependencyInjector::new().build_certificate_verifier();
714 let mut certificate = fake_certificates[0].clone();
715 certificate.hash = "another-hash".to_string();
716 let previous_certificate = fake_certificates[1].clone();
717
718 let error = verifier
719 .verify_standard_certificate(&certificate, &previous_certificate)
720 .await
721 .expect_err("verify_standard_certificate should fail");
722
723 assert_error_matches!(CertificateVerifierError::CertificateHashUnmatch, error)
724 }
725
726 #[tokio::test]
727 async fn verify_standard_certificate_fails_if_protocol_message_unmatch() {
728 let (total_certificates, certificates_per_epoch) = (5, 1);
729 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
730 let verifier = MockDependencyInjector::new().build_certificate_verifier();
731 let mut certificate = fake_certificates[0].clone();
732 certificate.protocol_message.set_message_part(
733 ProtocolMessagePartKey::CurrentEpoch,
734 "another-value".to_string(),
735 );
736 certificate.hash = certificate.compute_hash();
737 let previous_certificate = fake_certificates[1].clone();
738
739 let error = verifier
740 .verify_standard_certificate(&certificate, &previous_certificate)
741 .await
742 .expect_err("verify_standard_certificate should fail");
743
744 assert_error_matches!(
745 CertificateVerifierError::CertificateProtocolMessageUnmatch,
746 error
747 )
748 }
749
750 #[tokio::test]
751 async fn verify_standard_certificate_fails_if_epoch_unmatch() {
752 let (total_certificates, certificates_per_epoch) = (5, 1);
753 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
754 let verifier = MockDependencyInjector::new().build_certificate_verifier();
755 let mut certificate = fake_certificates[0].clone();
756 certificate.epoch -= 1;
757 certificate.hash = certificate.compute_hash();
758 let previous_certificate = fake_certificates[1].clone();
759
760 let error = verifier
761 .verify_standard_certificate(&certificate, &previous_certificate)
762 .await
763 .expect_err("verify_standard_certificate should fail");
764
765 assert_error_matches!(CertificateVerifierError::CertificateEpochUnmatch, error)
766 }
767
768 #[tokio::test]
769 async fn verify_standard_certificate_fails_if_has_missing_epoch() {
770 fn create_epoch_gap_certificate(
771 certificate: Certificate,
772 context: &CertificateChainBuilderContext,
773 ) -> Certificate {
774 let fixture = context.fixture;
775 let modified_epoch = certificate.epoch + 1;
776 let mut protocol_message = certificate.protocol_message.to_owned();
777 protocol_message.set_message_part(
778 ProtocolMessagePartKey::CurrentEpoch,
779 modified_epoch.to_string(),
780 );
781 let signed_message = protocol_message.compute_hash();
782 let mut modified_certificate = certificate;
783 modified_certificate.epoch = modified_epoch;
784 modified_certificate.protocol_message = protocol_message;
785 modified_certificate.signed_message = signed_message.clone();
786 let single_signatures = fixture
787 .signers_fixture()
788 .iter()
789 .filter_map(|s| s.protocol_signer.sign(signed_message.as_bytes()))
790 .collect::<Vec<_>>();
791 let clerk =
792 ProtocolClerk::new_clerk_from_signer(&fixture.signers_fixture()[0].protocol_signer);
793 let modified_multi_signature = clerk
794 .aggregate_signatures(&single_signatures, signed_message.as_bytes())
795 .unwrap();
796 modified_certificate.signature = CertificateSignature::MultiSignature(
797 modified_certificate.signed_entity_type(),
798 modified_multi_signature.into(),
799 );
800
801 modified_certificate
802 }
803
804 let (total_certificates, certificates_per_epoch) = (5, 1);
805 let fake_certificates = CertificateChainBuilder::new()
806 .with_total_certificates(total_certificates)
807 .with_certificates_per_epoch(certificates_per_epoch)
808 .with_standard_certificate_processor(&|certificate, context| {
809 if context.is_last_certificate() {
810 create_epoch_gap_certificate(certificate, context)
811 } else {
812 certificate
813 }
814 })
815 .build();
816 let verifier = MockDependencyInjector::new().build_certificate_verifier();
817 let certificate = fake_certificates[0].clone();
818 let previous_certificate = fake_certificates[1].clone();
819
820 let error = verifier
821 .verify_standard_certificate(&certificate, &previous_certificate)
822 .await
823 .expect_err("verify_standard_certificate should fail");
824
825 assert_error_matches!(
826 CertificateVerifierError::CertificateChainMissingEpoch,
827 error
828 )
829 }
830
831 #[tokio::test]
832 async fn verify_standard_certificate_fails_if_certificate_previous_hash_unmatch() {
833 let (total_certificates, certificates_per_epoch) = (5, 1);
834 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
835 let verifier = MockDependencyInjector::new().build_certificate_verifier();
836 let certificate = fake_certificates[0].clone();
837 let mut previous_certificate = fake_certificates[1].clone();
838 previous_certificate.previous_hash = "another-hash".to_string();
839 previous_certificate.hash = previous_certificate.compute_hash();
840
841 let error = verifier
842 .verify_standard_certificate(&certificate, &previous_certificate)
843 .await
844 .expect_err("verify_standard_certificate should fail");
845
846 assert_error_matches!(
847 CertificateVerifierError::CertificateChainPreviousHashUnmatch,
848 error
849 )
850 }
851
852 #[tokio::test]
853 async fn verify_standard_certificate_fails_if_certificate_chain_avk_unmatch() {
854 let (total_certificates, certificates_per_epoch) = (5, 1);
855 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
856 let verifier = MockDependencyInjector::new().build_certificate_verifier();
857 let mut certificate = fake_certificates[0].clone();
858 let mut previous_certificate = fake_certificates[1].clone();
859 previous_certificate.protocol_message.set_message_part(
860 ProtocolMessagePartKey::NextAggregateVerificationKey,
861 "another-avk".to_string(),
862 );
863 previous_certificate.hash = previous_certificate.compute_hash();
864 certificate.previous_hash.clone_from(&previous_certificate.hash);
865 certificate.hash = certificate.compute_hash();
866
867 let error = verifier
868 .verify_standard_certificate(&certificate, &previous_certificate)
869 .await
870 .expect_err("verify_standard_certificate should fail");
871
872 assert_error_matches!(CertificateVerifierError::CertificateChainAVKUnmatch, error)
873 }
874
875 #[tokio::test]
876 async fn verify_standard_certificate_fails_if_certificate_chain_protocol_parameters_unmatch() {
877 let (total_certificates, certificates_per_epoch) = (5, 1);
878 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
879 let verifier = MockDependencyInjector::new().build_certificate_verifier();
880 let mut certificate = fake_certificates[0].clone();
881 let mut previous_certificate = fake_certificates[1].clone();
882 previous_certificate.protocol_message.set_message_part(
883 ProtocolMessagePartKey::NextProtocolParameters,
884 "protocol-params-hash-123".to_string(),
885 );
886 previous_certificate.hash = previous_certificate.compute_hash();
887 certificate.previous_hash.clone_from(&previous_certificate.hash);
888 certificate.hash = certificate.compute_hash();
889
890 let error = verifier
891 .verify_standard_certificate(&certificate, &previous_certificate)
892 .await
893 .expect_err("verify_standard_certificate should fail");
894
895 assert_error_matches!(
896 CertificateVerifierError::CertificateChainProtocolParametersUnmatch,
897 error
898 )
899 }
900
901 #[tokio::test]
902 async fn verify_certificate_success_when_certificate_is_genesis_and_valid() {
903 let (total_certificates, certificates_per_epoch) = (5, 1);
904 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
905 let genesis_certificate = fake_certificates.genesis_certificate();
906 let mock_container = MockDependencyInjector::new();
907 let verifier = mock_container.build_certificate_verifier();
908
909 let verify = verifier
910 .verify_certificate(
911 genesis_certificate,
912 &fake_certificates.genesis_verifier.to_verification_key(),
913 )
914 .await;
915
916 verify.expect("verify_certificate should not fail");
917 }
918
919 #[tokio::test]
920 async fn verify_certificate_success_when_certificate_is_standard_and_valid() {
921 let (total_certificates, certificates_per_epoch) = (5, 1);
922 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
923 let certificate = fake_certificates[0].clone();
924 let previous_certificate = fake_certificates[1].clone();
925 let mut mock_container = MockDependencyInjector::new();
926 mock_container
927 .mock_certificate_retriever
928 .expect_get_certificate_details()
929 .returning(move |_| Ok(previous_certificate.clone()))
930 .times(1);
931 let verifier = mock_container.build_certificate_verifier();
932
933 let verify = verifier
934 .verify_certificate(
935 &certificate,
936 &fake_certificates.genesis_verifier.to_verification_key(),
937 )
938 .await;
939
940 verify.expect("verify_certificate should not fail");
941 }
942
943 #[tokio::test]
944 async fn verify_certificate_chain_verifies_all_chained_certificates() {
945 struct CertificateVerifierTest {
946 certificates_unverified: Mutex<HashMap<String, Certificate>>,
947 }
948
949 impl CertificateVerifierTest {
950 fn from_certificates(certificates: &[Certificate]) -> Self {
951 Self {
952 certificates_unverified: Mutex::new(HashMap::from_iter(
953 certificates.iter().map(|c| (c.hash.to_owned(), c.to_owned())),
954 )),
955 }
956 }
957
958 async fn has_unverified_certificates(&self) -> bool {
959 !self.certificates_unverified.lock().await.is_empty()
960 }
961 }
962
963 #[async_trait]
964 impl CertificateVerifier for CertificateVerifierTest {
965 async fn verify_genesis_certificate(
966 &self,
967 _genesis_certificate: &Certificate,
968 _genesis_verification_key: &ProtocolGenesisVerificationKey,
969 ) -> StdResult<()> {
970 unimplemented!()
971 }
972
973 async fn verify_standard_certificate(
974 &self,
975 _certificate: &Certificate,
976 _previous_certificate: &Certificate,
977 ) -> StdResult<()> {
978 unimplemented!()
979 }
980
981 async fn verify_certificate(
982 &self,
983 certificate: &Certificate,
984 _genesis_verification_key: &ProtocolGenesisVerificationKey,
985 ) -> StdResult<Option<Certificate>> {
986 let mut certificates_unverified = self.certificates_unverified.lock().await;
987 let _verified_certificate = (*certificates_unverified).remove(&certificate.hash);
988 let previous_certificate =
989 (*certificates_unverified).get(&certificate.previous_hash).cloned();
990
991 Ok(previous_certificate)
992 }
993 }
994
995 let (total_certificates, certificates_per_epoch) = (10, 1);
996 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
997 let fake_certificate_to_verify = fake_certificates[0].clone();
998 let verifier = CertificateVerifierTest::from_certificates(&fake_certificates);
999 assert!(verifier.has_unverified_certificates().await);
1000
1001 let verify = verifier
1002 .verify_certificate_chain(
1003 fake_certificate_to_verify,
1004 &fake_certificates.genesis_verifier.to_verification_key(),
1005 )
1006 .await;
1007
1008 verify.expect("verify_certificate_chain should not fail");
1009 assert!(!verifier.has_unverified_certificates().await);
1010 }
1011
1012 #[tokio::test]
1013 async fn verify_certificate_chain_success_when_chain_is_valid() {
1014 let (total_certificates, certificates_per_epoch) = (7, 2);
1015 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
1016 let certificate_retriever =
1017 FakeCertificaterRetriever::from_certificates(&fake_certificates);
1018 let verifier =
1019 MithrilCertificateVerifier::new(TestLogger::stdout(), Arc::new(certificate_retriever));
1020 let certificate_to_verify = fake_certificates[0].clone();
1021
1022 let verify = verifier
1023 .verify_certificate_chain(
1024 certificate_to_verify,
1025 &fake_certificates.genesis_verifier.to_verification_key(),
1026 )
1027 .await;
1028 verify.expect("verify_certificate_chain should not fail");
1029 }
1030
1031 #[tokio::test]
1032 async fn verify_certificate_chain_fails_when_chain_is_tampered() {
1033 let (total_certificates, certificates_per_epoch) = (7, 2);
1034 let mut fake_certificates =
1035 setup_certificate_chain(total_certificates, certificates_per_epoch);
1036 let index_certificate_fail = (total_certificates / 2) as usize;
1037 fake_certificates[index_certificate_fail].signed_message = "tampered-message".to_string();
1038 let certificate_retriever =
1039 FakeCertificaterRetriever::from_certificates(&fake_certificates);
1040 let verifier =
1041 MithrilCertificateVerifier::new(TestLogger::stdout(), Arc::new(certificate_retriever));
1042 let certificate_to_verify = fake_certificates[0].clone();
1043
1044 let error = verifier
1045 .verify_certificate_chain(
1046 certificate_to_verify,
1047 &fake_certificates.genesis_verifier.to_verification_key(),
1048 )
1049 .await
1050 .expect_err("verify_certificate_chain should fail");
1051
1052 assert_error_matches!(CertificateVerifierError::CertificateHashUnmatch, error)
1053 }
1054
1055 #[tokio::test]
1056 async fn verify_certificate_chain_fails_when_adversarial_with_registered_signer_forgery_through_protocol_parameters()
1057 {
1058 fn forge_certificate(
1064 certificate: Certificate,
1065 context: &CertificateChainBuilderContext,
1066 ) -> Certificate {
1067 assert_ne!(
1068 1.0, certificate.metadata.protocol_parameters.phi_f,
1069 "Adversarial protocol parameters phi_f should be different from 1.0"
1070 );
1071 let fixture = context.fixture;
1072 let signed_message = certificate.signed_message.to_owned();
1073 let mut forged_certificate = certificate;
1074 let mut forged_protocol_parameters = fixture.protocol_parameters();
1075 forged_protocol_parameters.phi_f = 1.0;
1076 let forged_single_signatures = fixture
1077 .signers_fixture()
1078 .iter()
1079 .take(1)
1080 .filter_map(|s| {
1081 let s_adversary = s
1082 .to_owned()
1083 .try_new_with_protocol_parameters(forged_protocol_parameters.clone())
1084 .unwrap();
1085
1086 s_adversary.protocol_signer.sign(signed_message.as_bytes())
1087 })
1088 .collect::<Vec<_>>();
1089 let forged_clerk = ProtocolClerk::new_clerk_from_closed_key_registration(
1090 &forged_protocol_parameters.clone().into(),
1091 &fixture.signers_fixture()[0].protocol_closed_key_registration,
1092 );
1093 let forged_multi_signature = forged_clerk
1094 .aggregate_signatures(&forged_single_signatures, signed_message.as_bytes())
1095 .unwrap();
1096 forged_certificate.signature = CertificateSignature::MultiSignature(
1097 forged_certificate.signed_entity_type(),
1098 forged_multi_signature.into(),
1099 );
1100 forged_certificate.metadata.protocol_parameters = forged_protocol_parameters;
1101
1102 forged_certificate
1103 }
1104
1105 let (total_certificates, certificates_per_epoch) = (7, 2);
1106 let fake_certificates = CertificateChainBuilder::new()
1107 .with_total_certificates(total_certificates)
1108 .with_certificates_per_epoch(certificates_per_epoch)
1109 .with_standard_certificate_processor(&|certificate, context| {
1110 if context.is_last_certificate() {
1111 forge_certificate(certificate, context)
1112 } else {
1113 certificate
1114 }
1115 })
1116 .build();
1117 let certificate_to_verify = fake_certificates[0].clone();
1118 let mock_container = MockDependencyInjector::new();
1119 let mut verifier = mock_container.build_certificate_verifier();
1120 verifier.certificate_retriever = Arc::new(FakeCertificaterRetriever::from_certificates(
1121 &fake_certificates,
1122 ));
1123
1124 let error = verifier
1125 .verify_certificate(
1126 &certificate_to_verify,
1127 &fake_certificates.genesis_verifier.to_verification_key(),
1128 )
1129 .await
1130 .expect_err("verify_certificate_chain should fail");
1131
1132 assert_error_matches!(
1133 CertificateVerifierError::CertificateChainProtocolParametersUnmatch,
1134 error
1135 )
1136 }
1137}