1use anyhow::{Context, anyhow};
4use async_trait::async_trait;
5use hex::ToHex;
6use slog::{Logger, debug};
7use std::sync::Arc;
8use thiserror::Error;
9
10use super::CertificateRetriever;
11use crate::StdResult;
12use crate::crypto_helper::{
13 ProtocolAggregateVerificationKey, ProtocolGenesisError, ProtocolGenesisVerificationKey,
14 ProtocolMultiSignature,
15};
16use crate::entities::{
17 Certificate, CertificateSignature, ProtocolMessagePartKey, ProtocolParameters,
18};
19use crate::logging::LoggerExtensions;
20
21#[cfg(test)]
22use mockall::automock;
23
24#[derive(Error, Debug)]
26pub enum CertificateVerifierError {
27 #[error("multi signature verification failed: '{0}'")]
29 VerifyMultiSignature(String),
30
31 #[error("certificate genesis error")]
33 CertificateGenesis(#[from] ProtocolGenesisError),
34
35 #[error("certificate hash unmatch error")]
37 CertificateHashUnmatch,
38
39 #[error("certificate chain previous hash unmatch error")]
42 CertificateChainPreviousHashUnmatch,
43
44 #[error("certificate protocol message unmatch error")]
47 CertificateProtocolMessageUnmatch,
48
49 #[error("certificate chain AVK unmatch error")]
54 CertificateChainAVKUnmatch,
55
56 #[error("certificate chain protocol parameters unmatch error")]
61 CertificateChainProtocolParametersUnmatch,
62
63 #[error("certificate epoch unmatch error")]
66 CertificateEpochUnmatch,
67
68 #[error("certificate chain missing epoch error")]
71 CertificateChainMissingEpoch,
72
73 #[error("certificate chain infinite loop error")]
75 CertificateChainInfiniteLoop,
76
77 #[error("can't validate genesis certificate: given certificate isn't a genesis certificate")]
80 InvalidGenesisCertificateProvided,
81
82 #[error("can't validate standard certificate: given certificate isn't a standard certificate")]
85 InvalidStandardCertificateProvided,
86}
87
88#[cfg_attr(test, automock)]
91#[cfg_attr(target_family = "wasm", async_trait(?Send))]
92#[cfg_attr(not(target_family = "wasm"), async_trait)]
93pub trait CertificateVerifier: Send + Sync {
94 async fn verify_genesis_certificate(
96 &self,
97 genesis_certificate: &Certificate,
98 genesis_verification_key: &ProtocolGenesisVerificationKey,
99 ) -> StdResult<()>;
100
101 async fn verify_standard_certificate(
103 &self,
104 certificate: &Certificate,
105 previous_certificate: &Certificate,
106 ) -> StdResult<()>;
107
108 async fn verify_certificate(
110 &self,
111 certificate: &Certificate,
112 genesis_verification_key: &ProtocolGenesisVerificationKey,
113 ) -> StdResult<Option<Certificate>>;
114
115 async fn verify_certificate_chain(
117 &self,
118 certificate: Certificate,
119 genesis_verification_key: &ProtocolGenesisVerificationKey,
120 ) -> StdResult<()> {
121 let mut certificate = certificate;
122 while let Some(previous_certificate) = self
123 .verify_certificate(&certificate, genesis_verification_key)
124 .await?
125 {
126 certificate = previous_certificate;
127 }
128
129 Ok(())
130 }
131}
132
133pub struct MithrilCertificateVerifier {
135 logger: Logger,
136 certificate_retriever: Arc<dyn CertificateRetriever>,
137}
138
139impl MithrilCertificateVerifier {
140 pub fn new(logger: Logger, certificate_retriever: Arc<dyn CertificateRetriever>) -> Self {
142 debug!(logger, "New MithrilCertificateVerifier created");
143 Self {
144 logger: logger.new_with_component_name::<Self>(),
145 certificate_retriever,
146 }
147 }
148
149 async fn fetch_previous_certificate(
150 &self,
151 certificate: &Certificate,
152 ) -> StdResult<Certificate> {
153 self.certificate_retriever
154 .get_certificate_details(&certificate.previous_hash)
155 .await
156 .map_err(|e| anyhow!(e))
157 .with_context(|| "Can not retrieve previous certificate during verification")
158 }
159
160 fn verify_multi_signature(
161 &self,
162 message: &[u8],
163 multi_signature: &ProtocolMultiSignature,
164 aggregate_verification_key: &ProtocolAggregateVerificationKey,
165 protocol_parameters: &ProtocolParameters,
166 ) -> Result<(), CertificateVerifierError> {
167 debug!(
168 self.logger,
169 "Verify multi signature for {:?}",
170 message.encode_hex::<String>()
171 );
172
173 multi_signature
174 .verify(
175 message,
176 aggregate_verification_key,
177 &protocol_parameters.to_owned().into(),
178 )
179 .map_err(|e| CertificateVerifierError::VerifyMultiSignature(e.to_string()))
180 }
181
182 fn verify_is_not_in_infinite_loop(&self, certificate: &Certificate) -> StdResult<()> {
183 if certificate.is_chaining_to_itself() {
184 return Err(anyhow!(
185 CertificateVerifierError::CertificateChainInfiniteLoop
186 ));
187 }
188
189 Ok(())
190 }
191
192 fn verify_hash_matches_content(&self, certificate: &Certificate) -> StdResult<()> {
193 if certificate.compute_hash() != certificate.hash {
194 return Err(anyhow!(CertificateVerifierError::CertificateHashUnmatch));
195 }
196
197 Ok(())
198 }
199
200 fn verify_previous_hash_matches_previous_certificate_hash(
201 &self,
202 certificate: &Certificate,
203 previous_certificate: &Certificate,
204 ) -> StdResult<()> {
205 if previous_certificate.hash != certificate.previous_hash {
206 return Err(anyhow!(
207 CertificateVerifierError::CertificateChainPreviousHashUnmatch
208 ));
209 }
210
211 Ok(())
212 }
213
214 fn verify_signed_message_matches_hashed_protocol_message(
215 &self,
216 certificate: &Certificate,
217 ) -> StdResult<()> {
218 if certificate.protocol_message.compute_hash() != certificate.signed_message {
219 return Err(anyhow!(
220 CertificateVerifierError::CertificateProtocolMessageUnmatch
221 ));
222 }
223
224 Ok(())
225 }
226
227 fn verify_epoch_matches_protocol_message(&self, certificate: &Certificate) -> StdResult<()> {
228 if let Some(signed_epoch) = &certificate
229 .protocol_message
230 .get_message_part(&ProtocolMessagePartKey::CurrentEpoch)
231 {
232 if **signed_epoch == certificate.epoch.to_string() {
233 return Ok(());
234 }
235 }
236
237 Err(anyhow!(CertificateVerifierError::CertificateEpochUnmatch))
238 }
239
240 fn verify_epoch_chaining(
241 &self,
242 certificate: &Certificate,
243 previous_certificate: &Certificate,
244 ) -> StdResult<()> {
245 if certificate.epoch.has_gap_with(&previous_certificate.epoch) {
246 return Err(anyhow!(
247 CertificateVerifierError::CertificateChainMissingEpoch
248 ));
249 }
250
251 Ok(())
252 }
253
254 fn verify_aggregate_verification_key_chaining(
255 &self,
256 certificate: &Certificate,
257 previous_certificate: &Certificate,
258 ) -> StdResult<()> {
259 let previous_certificate_has_same_epoch = previous_certificate.epoch == certificate.epoch;
260 let certificate_has_valid_aggregate_verification_key =
261 if previous_certificate_has_same_epoch {
262 previous_certificate.aggregate_verification_key
263 == certificate.aggregate_verification_key
264 } else {
265 match &previous_certificate
266 .protocol_message
267 .get_message_part(&ProtocolMessagePartKey::NextAggregateVerificationKey)
268 {
269 Some(previous_certificate_next_aggregate_verification_key) => {
270 **previous_certificate_next_aggregate_verification_key
271 == certificate
272 .aggregate_verification_key
273 .to_json_hex()
274 .with_context(|| {
275 format!(
276 "aggregate verification key to string conversion error for certificate: `{}`",
277 certificate.hash
278 )
279 })?
280 }
281 None => false,
282 }
283 };
284 if !certificate_has_valid_aggregate_verification_key {
285 debug!(
286 self.logger,
287 "Previous certificate {:#?}", previous_certificate
288 );
289 return Err(anyhow!(
290 CertificateVerifierError::CertificateChainAVKUnmatch
291 ));
292 }
293
294 Ok(())
295 }
296
297 fn verify_protocol_parameters_chaining(
298 &self,
299 certificate: &Certificate,
300 previous_certificate: &Certificate,
301 ) -> StdResult<()> {
302 let previous_certificate_has_same_epoch = previous_certificate.epoch == certificate.epoch;
303 let certificate_has_valid_protocol_parameters = if previous_certificate_has_same_epoch {
304 previous_certificate.metadata.protocol_parameters
305 == certificate.metadata.protocol_parameters
306 } else {
307 match &previous_certificate
308 .protocol_message
309 .get_message_part(&ProtocolMessagePartKey::NextProtocolParameters)
310 {
311 Some(previous_certificate_next_protocol_parameters) => {
312 **previous_certificate_next_protocol_parameters
313 == certificate.metadata.protocol_parameters.compute_hash()
314 }
315 None => false,
316 }
317 };
318 if !certificate_has_valid_protocol_parameters {
319 debug!(
320 self.logger,
321 "Previous certificate {:#?}", previous_certificate
322 );
323 return Err(anyhow!(
324 CertificateVerifierError::CertificateChainProtocolParametersUnmatch
325 ));
326 }
327
328 Ok(())
329 }
330}
331
332#[cfg_attr(target_family = "wasm", async_trait(?Send))]
333#[cfg_attr(not(target_family = "wasm"), async_trait)]
334impl CertificateVerifier for MithrilCertificateVerifier {
335 async fn verify_genesis_certificate(
336 &self,
337 genesis_certificate: &Certificate,
338 genesis_verification_key: &ProtocolGenesisVerificationKey,
339 ) -> StdResult<()> {
340 let genesis_signature = match &genesis_certificate.signature {
341 CertificateSignature::GenesisSignature(signature) => Ok(signature),
342 _ => Err(CertificateVerifierError::InvalidGenesisCertificateProvided),
343 }?;
344 self.verify_hash_matches_content(genesis_certificate)?;
345 self.verify_signed_message_matches_hashed_protocol_message(genesis_certificate)?;
346 genesis_verification_key
347 .verify(
348 genesis_certificate.signed_message.as_bytes(),
349 genesis_signature,
350 )
351 .with_context(|| "Certificate verifier failed verifying a genesis certificate")?;
352 self.verify_epoch_matches_protocol_message(genesis_certificate)?;
353
354 Ok(())
355 }
356
357 async fn verify_standard_certificate(
358 &self,
359 certificate: &Certificate,
360 previous_certificate: &Certificate,
361 ) -> StdResult<()> {
362 let multi_signature = match &certificate.signature {
363 CertificateSignature::MultiSignature(_, signature) => Ok(signature),
364 _ => Err(CertificateVerifierError::InvalidStandardCertificateProvided),
365 }?;
366 self.verify_is_not_in_infinite_loop(certificate)?;
367 self.verify_hash_matches_content(certificate)?;
368 self.verify_signed_message_matches_hashed_protocol_message(certificate)?;
369 self.verify_multi_signature(
370 certificate.signed_message.as_bytes(),
371 multi_signature,
372 &certificate.aggregate_verification_key,
373 &certificate.metadata.protocol_parameters,
374 )?;
375 self.verify_epoch_matches_protocol_message(certificate)?;
376 self.verify_epoch_chaining(certificate, previous_certificate)?;
377 self.verify_previous_hash_matches_previous_certificate_hash(
378 certificate,
379 previous_certificate,
380 )?;
381 self.verify_aggregate_verification_key_chaining(certificate, previous_certificate)?;
382 self.verify_protocol_parameters_chaining(certificate, previous_certificate)?;
383
384 Ok(())
385 }
386
387 async fn verify_certificate(
389 &self,
390 certificate: &Certificate,
391 genesis_verification_key: &ProtocolGenesisVerificationKey,
392 ) -> StdResult<Option<Certificate>> {
393 debug!(
394 self.logger, "Verifying certificate";
395 "certificate_hash" => &certificate.hash,
396 "certificate_previous_hash" => &certificate.previous_hash,
397 "certificate_epoch" => ?certificate.epoch,
398 "certificate_signed_entity_type" => ?certificate.signed_entity_type(),
399 );
400
401 match &certificate.signature {
402 CertificateSignature::GenesisSignature(_) => {
403 self.verify_genesis_certificate(certificate, genesis_verification_key)
404 .await?;
405
406 Ok(None)
407 }
408 CertificateSignature::MultiSignature(_, _) => {
409 let previous_certificate = self.fetch_previous_certificate(certificate).await?;
410 self.verify_standard_certificate(certificate, &previous_certificate)
411 .await?;
412
413 Ok(Some(previous_certificate))
414 }
415 }
416 }
417}
418
419#[cfg(test)]
420mod tests {
421 use std::collections::HashMap;
422
423 use async_trait::async_trait;
424 use mockall::mock;
425 use tokio::sync::Mutex;
426
427 use super::CertificateRetriever;
428 use super::*;
429
430 use crate::certificate_chain::{CertificateRetrieverError, FakeCertificaterRetriever};
431 use crate::crypto_helper::{ProtocolClerk, tests_setup::*};
432 use crate::test_utils::{
433 CertificateChainBuilder, CertificateChainBuilderContext, MithrilFixtureBuilder, TestLogger,
434 };
435
436 macro_rules! assert_error_matches {
437 ( $expected_error:path, $error:expr ) => {{
438 let error = $error
439 .downcast_ref::<CertificateVerifierError>()
440 .expect("Can not downcast to `CertificateVerifierError`.");
441 let expected_error = $expected_error;
442
443 assert!(
444 matches!(error, $expected_error),
445 "unexpected error type: got {error:?}, want {expected_error:?}"
446 );
447 }};
448 }
449
450 mock! {
451 pub CertificateRetrieverImpl { }
452
453 #[async_trait]
454 impl CertificateRetriever for CertificateRetrieverImpl {
455
456 async fn get_certificate_details(
457 &self,
458 certificate_hash: &str,
459 ) -> Result<Certificate, CertificateRetrieverError>;
460 }
461 }
462
463 struct MockDependencyInjector {
464 mock_certificate_retriever: MockCertificateRetrieverImpl,
465 }
466
467 impl MockDependencyInjector {
468 fn new() -> MockDependencyInjector {
469 MockDependencyInjector {
470 mock_certificate_retriever: MockCertificateRetrieverImpl::new(),
471 }
472 }
473
474 fn build_certificate_verifier(self) -> MithrilCertificateVerifier {
475 MithrilCertificateVerifier::new(
476 TestLogger::stdout(),
477 Arc::new(self.mock_certificate_retriever),
478 )
479 }
480 }
481
482 #[test]
483 fn verify_multi_signature_success() {
484 let protocol_parameters = setup_protocol_parameters();
485 let fixture = MithrilFixtureBuilder::default()
486 .with_signers(5)
487 .with_protocol_parameters(protocol_parameters.into())
488 .build();
489 let signers = fixture.signers_fixture();
490 let message_hash = setup_message().compute_hash().as_bytes().to_vec();
491
492 let single_signatures = signers
493 .iter()
494 .filter_map(|s| s.protocol_signer.sign(&message_hash))
495 .collect::<Vec<_>>();
496
497 let first_signer = &signers[0].protocol_signer;
498 let clerk = ProtocolClerk::from_signer(first_signer);
499 let aggregate_verification_key = clerk.compute_avk().into();
500 let multi_signature = clerk.aggregate(&single_signatures, &message_hash).unwrap().into();
501
502 let verifier = MithrilCertificateVerifier::new(
503 TestLogger::stdout(),
504 Arc::new(MockCertificateRetrieverImpl::new()),
505 );
506 let message_tampered = message_hash[1..].to_vec();
507 assert!(
508 verifier
509 .verify_multi_signature(
510 &message_tampered,
511 &multi_signature,
512 &aggregate_verification_key,
513 &fixture.protocol_parameters(),
514 )
515 .is_err(),
516 "multi signature verification should have failed"
517 );
518 verifier
519 .verify_multi_signature(
520 &message_hash,
521 &multi_signature,
522 &aggregate_verification_key,
523 &fixture.protocol_parameters(),
524 )
525 .expect("multi signature verification should have succeeded");
526 }
527
528 #[tokio::test]
529 async fn verify_genesis_certificate_success() {
530 let (total_certificates, certificates_per_epoch) = (5, 1);
531 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
532 let verifier = MockDependencyInjector::new().build_certificate_verifier();
533 let genesis_certificate = fake_certificates.genesis_certificate();
534
535 let verify = verifier
536 .verify_genesis_certificate(
537 genesis_certificate,
538 &fake_certificates.genesis_verifier.to_verification_key(),
539 )
540 .await;
541
542 verify.expect("verify_genesis_certificate should not fail");
543 }
544
545 #[tokio::test]
546 async fn verify_genesis_certificate_fails_if_is_not_genesis() {
547 let (total_certificates, certificates_per_epoch) = (5, 1);
548 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
549 let verifier = MockDependencyInjector::new().build_certificate_verifier();
550 let standard_certificate = fake_certificates[0].clone();
551 let mut genesis_certificate = fake_certificates.genesis_certificate().clone();
552 genesis_certificate.signature = standard_certificate.signature.clone();
553 genesis_certificate.hash = genesis_certificate.compute_hash();
554
555 let error = verifier
556 .verify_genesis_certificate(
557 &genesis_certificate,
558 &fake_certificates.genesis_verifier.to_verification_key(),
559 )
560 .await
561 .expect_err("verify_genesis_certificate should fail");
562
563 assert_error_matches!(
564 CertificateVerifierError::InvalidGenesisCertificateProvided,
565 error
566 )
567 }
568
569 #[tokio::test]
570 async fn verify_genesis_certificate_fails_if_hash_unmatch() {
571 let (total_certificates, certificates_per_epoch) = (5, 1);
572 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
573 let verifier = MockDependencyInjector::new().build_certificate_verifier();
574 let mut genesis_certificate = fake_certificates.genesis_certificate().clone();
575 genesis_certificate.hash = "another-hash".to_string();
576
577 let error = verifier
578 .verify_genesis_certificate(
579 &genesis_certificate,
580 &fake_certificates.genesis_verifier.to_verification_key(),
581 )
582 .await
583 .expect_err("verify_genesis_certificate should fail");
584
585 assert_error_matches!(CertificateVerifierError::CertificateHashUnmatch, error)
586 }
587
588 #[tokio::test]
589 async fn verify_genesis_certificate_fails_if_protocol_message_unmatch() {
590 let (total_certificates, certificates_per_epoch) = (5, 1);
591 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
592 let verifier = MockDependencyInjector::new().build_certificate_verifier();
593 let mut genesis_certificate = fake_certificates.genesis_certificate().clone();
594 genesis_certificate.protocol_message.set_message_part(
595 ProtocolMessagePartKey::CurrentEpoch,
596 "another-value".to_string(),
597 );
598 genesis_certificate.hash = genesis_certificate.compute_hash();
599
600 let error = verifier
601 .verify_genesis_certificate(
602 &genesis_certificate,
603 &fake_certificates.genesis_verifier.to_verification_key(),
604 )
605 .await
606 .expect_err("verify_genesis_certificate should fail");
607
608 assert_error_matches!(
609 CertificateVerifierError::CertificateProtocolMessageUnmatch,
610 error
611 )
612 }
613
614 #[tokio::test]
615 async fn verify_genesis_certificate_fails_if_epoch_unmatch() {
616 let (total_certificates, certificates_per_epoch) = (5, 1);
617 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
618 let verifier = MockDependencyInjector::new().build_certificate_verifier();
619 let mut genesis_certificate = fake_certificates.genesis_certificate().clone();
620 genesis_certificate.epoch -= 1;
621 genesis_certificate.hash = genesis_certificate.compute_hash();
622
623 let error = verifier
624 .verify_genesis_certificate(
625 &genesis_certificate,
626 &fake_certificates.genesis_verifier.to_verification_key(),
627 )
628 .await
629 .expect_err("verify_genesis_certificate should fail");
630
631 assert_error_matches!(CertificateVerifierError::CertificateEpochUnmatch, error)
632 }
633
634 #[tokio::test]
635 async fn verify_standard_certificate_success_with_different_epochs_as_previous() {
636 let (total_certificates, certificates_per_epoch) = (5, 1);
637 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
638 let verifier = MockDependencyInjector::new().build_certificate_verifier();
639 let certificate = fake_certificates[0].clone();
640 let previous_certificate = fake_certificates[1].clone();
641
642 let verify = verifier
643 .verify_standard_certificate(&certificate, &previous_certificate)
644 .await;
645
646 verify.expect("verify_standard_certificate should not fail");
647 }
648
649 #[tokio::test]
650 async fn verify_standard_certificate_success_with_same_epoch_as_previous() {
651 let (total_certificates, certificates_per_epoch) = (5, 2);
652 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
653 let verifier = MockDependencyInjector::new().build_certificate_verifier();
654 let certificate = fake_certificates[0].clone();
655 let previous_certificate = fake_certificates[1].clone();
656
657 let verify = verifier
658 .verify_standard_certificate(&certificate, &previous_certificate)
659 .await;
660
661 verify.expect("verify_standard_certificate should not fail");
662 }
663
664 #[tokio::test]
665 async fn verify_standard_certificate_fails_if_is_not_genesis() {
666 let (total_certificates, certificates_per_epoch) = (5, 1);
667 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
668 let verifier = MockDependencyInjector::new().build_certificate_verifier();
669 let genesis_certificate = fake_certificates.genesis_certificate();
670 let mut standard_certificate = fake_certificates[0].clone();
671 standard_certificate.signature = genesis_certificate.signature.clone();
672 standard_certificate.hash = standard_certificate.compute_hash();
673 let standard_previous_certificate = fake_certificates[1].clone();
674
675 let error = verifier
676 .verify_standard_certificate(&standard_certificate, &standard_previous_certificate)
677 .await
678 .expect_err("verify_standard_certificate should fail");
679
680 assert_error_matches!(
681 CertificateVerifierError::InvalidStandardCertificateProvided,
682 error
683 )
684 }
685
686 #[tokio::test]
687 async fn verify_standard_certificate_fails_if_infinite_loop() {
688 let (total_certificates, certificates_per_epoch) = (5, 1);
689 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
690 let verifier = MockDependencyInjector::new().build_certificate_verifier();
691 let mut certificate = fake_certificates[0].clone();
692 certificate.previous_hash = certificate.hash.clone();
693 let previous_certificate = fake_certificates[1].clone();
694
695 let error = verifier
696 .verify_standard_certificate(&certificate, &previous_certificate)
697 .await
698 .expect_err("verify_standard_certificate should fail");
699
700 assert_error_matches!(
701 CertificateVerifierError::CertificateChainInfiniteLoop,
702 error
703 )
704 }
705
706 #[tokio::test]
707 async fn verify_standard_certificate_fails_if_hash_unmatch() {
708 let (total_certificates, certificates_per_epoch) = (5, 1);
709 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
710 let verifier = MockDependencyInjector::new().build_certificate_verifier();
711 let mut certificate = fake_certificates[0].clone();
712 certificate.hash = "another-hash".to_string();
713 let previous_certificate = fake_certificates[1].clone();
714
715 let error = verifier
716 .verify_standard_certificate(&certificate, &previous_certificate)
717 .await
718 .expect_err("verify_standard_certificate should fail");
719
720 assert_error_matches!(CertificateVerifierError::CertificateHashUnmatch, error)
721 }
722
723 #[tokio::test]
724 async fn verify_standard_certificate_fails_if_protocol_message_unmatch() {
725 let (total_certificates, certificates_per_epoch) = (5, 1);
726 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
727 let verifier = MockDependencyInjector::new().build_certificate_verifier();
728 let mut certificate = fake_certificates[0].clone();
729 certificate.protocol_message.set_message_part(
730 ProtocolMessagePartKey::CurrentEpoch,
731 "another-value".to_string(),
732 );
733 certificate.hash = certificate.compute_hash();
734 let previous_certificate = fake_certificates[1].clone();
735
736 let error = verifier
737 .verify_standard_certificate(&certificate, &previous_certificate)
738 .await
739 .expect_err("verify_standard_certificate should fail");
740
741 assert_error_matches!(
742 CertificateVerifierError::CertificateProtocolMessageUnmatch,
743 error
744 )
745 }
746
747 #[tokio::test]
748 async fn verify_standard_certificate_fails_if_epoch_unmatch() {
749 let (total_certificates, certificates_per_epoch) = (5, 1);
750 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
751 let verifier = MockDependencyInjector::new().build_certificate_verifier();
752 let mut certificate = fake_certificates[0].clone();
753 certificate.epoch -= 1;
754 certificate.hash = certificate.compute_hash();
755 let previous_certificate = fake_certificates[1].clone();
756
757 let error = verifier
758 .verify_standard_certificate(&certificate, &previous_certificate)
759 .await
760 .expect_err("verify_standard_certificate should fail");
761
762 assert_error_matches!(CertificateVerifierError::CertificateEpochUnmatch, error)
763 }
764
765 #[tokio::test]
766 async fn verify_standard_certificate_fails_if_has_missing_epoch() {
767 fn create_epoch_gap_certificate(
768 certificate: Certificate,
769 context: &CertificateChainBuilderContext,
770 ) -> Certificate {
771 let fixture = context.fixture;
772 let modified_epoch = certificate.epoch + 1;
773 let mut protocol_message = certificate.protocol_message.to_owned();
774 protocol_message.set_message_part(
775 ProtocolMessagePartKey::CurrentEpoch,
776 modified_epoch.to_string(),
777 );
778 let signed_message = protocol_message.compute_hash();
779 let mut modified_certificate = certificate;
780 modified_certificate.epoch = modified_epoch;
781 modified_certificate.protocol_message = protocol_message;
782 modified_certificate.signed_message = signed_message.clone();
783 let single_signatures = fixture
784 .signers_fixture()
785 .iter()
786 .filter_map(|s| s.protocol_signer.sign(signed_message.as_bytes()))
787 .collect::<Vec<_>>();
788 let clerk = ProtocolClerk::from_signer(&fixture.signers_fixture()[0].protocol_signer);
789 let modified_multi_signature = clerk
790 .aggregate(&single_signatures, signed_message.as_bytes())
791 .unwrap();
792 modified_certificate.signature = CertificateSignature::MultiSignature(
793 modified_certificate.signed_entity_type(),
794 modified_multi_signature.into(),
795 );
796
797 modified_certificate
798 }
799
800 let (total_certificates, certificates_per_epoch) = (5, 1);
801 let fake_certificates = CertificateChainBuilder::new()
802 .with_total_certificates(total_certificates)
803 .with_certificates_per_epoch(certificates_per_epoch)
804 .with_standard_certificate_processor(&|certificate, context| {
805 if context.is_last_certificate() {
806 create_epoch_gap_certificate(certificate, context)
807 } else {
808 certificate
809 }
810 })
811 .build();
812 let verifier = MockDependencyInjector::new().build_certificate_verifier();
813 let certificate = fake_certificates[0].clone();
814 let previous_certificate = fake_certificates[1].clone();
815
816 let error = verifier
817 .verify_standard_certificate(&certificate, &previous_certificate)
818 .await
819 .expect_err("verify_standard_certificate should fail");
820
821 assert_error_matches!(
822 CertificateVerifierError::CertificateChainMissingEpoch,
823 error
824 )
825 }
826
827 #[tokio::test]
828 async fn verify_standard_certificate_fails_if_certificate_previous_hash_unmatch() {
829 let (total_certificates, certificates_per_epoch) = (5, 1);
830 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
831 let verifier = MockDependencyInjector::new().build_certificate_verifier();
832 let certificate = fake_certificates[0].clone();
833 let mut previous_certificate = fake_certificates[1].clone();
834 previous_certificate.previous_hash = "another-hash".to_string();
835 previous_certificate.hash = previous_certificate.compute_hash();
836
837 let error = verifier
838 .verify_standard_certificate(&certificate, &previous_certificate)
839 .await
840 .expect_err("verify_standard_certificate should fail");
841
842 assert_error_matches!(
843 CertificateVerifierError::CertificateChainPreviousHashUnmatch,
844 error
845 )
846 }
847
848 #[tokio::test]
849 async fn verify_standard_certificate_fails_if_certificate_chain_avk_unmatch() {
850 let (total_certificates, certificates_per_epoch) = (5, 1);
851 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
852 let verifier = MockDependencyInjector::new().build_certificate_verifier();
853 let mut certificate = fake_certificates[0].clone();
854 let mut previous_certificate = fake_certificates[1].clone();
855 previous_certificate.protocol_message.set_message_part(
856 ProtocolMessagePartKey::NextAggregateVerificationKey,
857 "another-avk".to_string(),
858 );
859 previous_certificate.hash = previous_certificate.compute_hash();
860 certificate.previous_hash.clone_from(&previous_certificate.hash);
861 certificate.hash = certificate.compute_hash();
862
863 let error = verifier
864 .verify_standard_certificate(&certificate, &previous_certificate)
865 .await
866 .expect_err("verify_standard_certificate should fail");
867
868 assert_error_matches!(CertificateVerifierError::CertificateChainAVKUnmatch, error)
869 }
870
871 #[tokio::test]
872 async fn verify_standard_certificate_fails_if_certificate_chain_protocol_parameters_unmatch() {
873 let (total_certificates, certificates_per_epoch) = (5, 1);
874 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
875 let verifier = MockDependencyInjector::new().build_certificate_verifier();
876 let mut certificate = fake_certificates[0].clone();
877 let mut previous_certificate = fake_certificates[1].clone();
878 previous_certificate.protocol_message.set_message_part(
879 ProtocolMessagePartKey::NextProtocolParameters,
880 "protocol-params-hash-123".to_string(),
881 );
882 previous_certificate.hash = previous_certificate.compute_hash();
883 certificate.previous_hash.clone_from(&previous_certificate.hash);
884 certificate.hash = certificate.compute_hash();
885
886 let error = verifier
887 .verify_standard_certificate(&certificate, &previous_certificate)
888 .await
889 .expect_err("verify_standard_certificate should fail");
890
891 assert_error_matches!(
892 CertificateVerifierError::CertificateChainProtocolParametersUnmatch,
893 error
894 )
895 }
896
897 #[tokio::test]
898 async fn verify_certificate_success_when_certificate_is_genesis_and_valid() {
899 let (total_certificates, certificates_per_epoch) = (5, 1);
900 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
901 let genesis_certificate = fake_certificates.genesis_certificate();
902 let mock_container = MockDependencyInjector::new();
903 let verifier = mock_container.build_certificate_verifier();
904
905 let verify = verifier
906 .verify_certificate(
907 genesis_certificate,
908 &fake_certificates.genesis_verifier.to_verification_key(),
909 )
910 .await;
911
912 verify.expect("verify_certificate should not fail");
913 }
914
915 #[tokio::test]
916 async fn verify_certificate_success_when_certificate_is_standard_and_valid() {
917 let (total_certificates, certificates_per_epoch) = (5, 1);
918 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
919 let certificate = fake_certificates[0].clone();
920 let previous_certificate = fake_certificates[1].clone();
921 let mut mock_container = MockDependencyInjector::new();
922 mock_container
923 .mock_certificate_retriever
924 .expect_get_certificate_details()
925 .returning(move |_| Ok(previous_certificate.clone()))
926 .times(1);
927 let verifier = mock_container.build_certificate_verifier();
928
929 let verify = verifier
930 .verify_certificate(
931 &certificate,
932 &fake_certificates.genesis_verifier.to_verification_key(),
933 )
934 .await;
935
936 verify.expect("verify_certificate should not fail");
937 }
938
939 #[tokio::test]
940 async fn verify_certificate_chain_verifies_all_chained_certificates() {
941 struct CertificateVerifierTest {
942 certificates_unverified: Mutex<HashMap<String, Certificate>>,
943 }
944
945 impl CertificateVerifierTest {
946 fn from_certificates(certificates: &[Certificate]) -> Self {
947 Self {
948 certificates_unverified: Mutex::new(HashMap::from_iter(
949 certificates.iter().map(|c| (c.hash.to_owned(), c.to_owned())),
950 )),
951 }
952 }
953
954 async fn has_unverified_certificates(&self) -> bool {
955 !self.certificates_unverified.lock().await.is_empty()
956 }
957 }
958
959 #[async_trait]
960 impl CertificateVerifier for CertificateVerifierTest {
961 async fn verify_genesis_certificate(
962 &self,
963 _genesis_certificate: &Certificate,
964 _genesis_verification_key: &ProtocolGenesisVerificationKey,
965 ) -> StdResult<()> {
966 unimplemented!()
967 }
968
969 async fn verify_standard_certificate(
970 &self,
971 _certificate: &Certificate,
972 _previous_certificate: &Certificate,
973 ) -> StdResult<()> {
974 unimplemented!()
975 }
976
977 async fn verify_certificate(
978 &self,
979 certificate: &Certificate,
980 _genesis_verification_key: &ProtocolGenesisVerificationKey,
981 ) -> StdResult<Option<Certificate>> {
982 let mut certificates_unverified = self.certificates_unverified.lock().await;
983 let _verified_certificate = (*certificates_unverified).remove(&certificate.hash);
984 let previous_certificate =
985 (*certificates_unverified).get(&certificate.previous_hash).cloned();
986
987 Ok(previous_certificate)
988 }
989 }
990
991 let (total_certificates, certificates_per_epoch) = (10, 1);
992 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
993 let fake_certificate_to_verify = fake_certificates[0].clone();
994 let verifier = CertificateVerifierTest::from_certificates(&fake_certificates);
995 assert!(verifier.has_unverified_certificates().await);
996
997 let verify = verifier
998 .verify_certificate_chain(
999 fake_certificate_to_verify,
1000 &fake_certificates.genesis_verifier.to_verification_key(),
1001 )
1002 .await;
1003
1004 verify.expect("verify_certificate_chain should not fail");
1005 assert!(!verifier.has_unverified_certificates().await);
1006 }
1007
1008 #[tokio::test]
1009 async fn verify_certificate_chain_success_when_chain_is_valid() {
1010 let (total_certificates, certificates_per_epoch) = (7, 2);
1011 let fake_certificates = setup_certificate_chain(total_certificates, certificates_per_epoch);
1012 let certificate_retriever =
1013 FakeCertificaterRetriever::from_certificates(&fake_certificates);
1014 let verifier =
1015 MithrilCertificateVerifier::new(TestLogger::stdout(), Arc::new(certificate_retriever));
1016 let certificate_to_verify = fake_certificates[0].clone();
1017
1018 let verify = verifier
1019 .verify_certificate_chain(
1020 certificate_to_verify,
1021 &fake_certificates.genesis_verifier.to_verification_key(),
1022 )
1023 .await;
1024 verify.expect("verify_certificate_chain should not fail");
1025 }
1026
1027 #[tokio::test]
1028 async fn verify_certificate_chain_fails_when_chain_is_tampered() {
1029 let (total_certificates, certificates_per_epoch) = (7, 2);
1030 let mut fake_certificates =
1031 setup_certificate_chain(total_certificates, certificates_per_epoch);
1032 let index_certificate_fail = (total_certificates / 2) as usize;
1033 fake_certificates[index_certificate_fail].signed_message = "tampered-message".to_string();
1034 let certificate_retriever =
1035 FakeCertificaterRetriever::from_certificates(&fake_certificates);
1036 let verifier =
1037 MithrilCertificateVerifier::new(TestLogger::stdout(), Arc::new(certificate_retriever));
1038 let certificate_to_verify = fake_certificates[0].clone();
1039
1040 let error = verifier
1041 .verify_certificate_chain(
1042 certificate_to_verify,
1043 &fake_certificates.genesis_verifier.to_verification_key(),
1044 )
1045 .await
1046 .expect_err("verify_certificate_chain should fail");
1047
1048 assert_error_matches!(CertificateVerifierError::CertificateHashUnmatch, error)
1049 }
1050
1051 #[tokio::test]
1052 async fn verify_certificate_chain_fails_when_adversarial_with_registered_signer_forgery_through_protocol_parameters()
1053 {
1054 fn forge_certificate(
1060 certificate: Certificate,
1061 context: &CertificateChainBuilderContext,
1062 ) -> Certificate {
1063 assert_ne!(
1064 1.0, certificate.metadata.protocol_parameters.phi_f,
1065 "Adversarial protocol parameters phi_f should be different from 1.0"
1066 );
1067 let fixture = context.fixture;
1068 let signed_message = certificate.signed_message.to_owned();
1069 let mut forged_certificate = certificate;
1070 let mut forged_protocol_parameters = fixture.protocol_parameters();
1071 forged_protocol_parameters.phi_f = 1.0;
1072 let forged_single_signatures = fixture
1073 .signers_fixture()
1074 .iter()
1075 .take(1)
1076 .filter_map(|s| {
1077 let s_adversary = s
1078 .to_owned()
1079 .try_new_with_protocol_parameters(forged_protocol_parameters.clone())
1080 .unwrap();
1081
1082 s_adversary.protocol_signer.sign(signed_message.as_bytes())
1083 })
1084 .collect::<Vec<_>>();
1085 let forged_clerk = ProtocolClerk::from_registration(
1086 &forged_protocol_parameters.clone().into(),
1087 &fixture.signers_fixture()[0].protocol_closed_key_registration,
1088 );
1089 let forged_multi_signature = forged_clerk
1090 .aggregate(&forged_single_signatures, signed_message.as_bytes())
1091 .unwrap();
1092 forged_certificate.signature = CertificateSignature::MultiSignature(
1093 forged_certificate.signed_entity_type(),
1094 forged_multi_signature.into(),
1095 );
1096 forged_certificate.metadata.protocol_parameters = forged_protocol_parameters;
1097
1098 forged_certificate
1099 }
1100
1101 let (total_certificates, certificates_per_epoch) = (7, 2);
1102 let fake_certificates = CertificateChainBuilder::new()
1103 .with_total_certificates(total_certificates)
1104 .with_certificates_per_epoch(certificates_per_epoch)
1105 .with_standard_certificate_processor(&|certificate, context| {
1106 if context.is_last_certificate() {
1107 forge_certificate(certificate, context)
1108 } else {
1109 certificate
1110 }
1111 })
1112 .build();
1113 let certificate_to_verify = fake_certificates[0].clone();
1114 let mock_container = MockDependencyInjector::new();
1115 let mut verifier = mock_container.build_certificate_verifier();
1116 verifier.certificate_retriever = Arc::new(FakeCertificaterRetriever::from_certificates(
1117 &fake_certificates,
1118 ));
1119
1120 let error = verifier
1121 .verify_certificate(
1122 &certificate_to_verify,
1123 &fake_certificates.genesis_verifier.to_verification_key(),
1124 )
1125 .await
1126 .expect_err("verify_certificate_chain should fail");
1127
1128 assert_error_matches!(
1129 CertificateVerifierError::CertificateChainProtocolParametersUnmatch,
1130 error
1131 )
1132 }
1133}