dmq: Sig validation

Author: coot

dmq-node/cddl/specs/sig.cddl

@@ -13,7 +13,7 @@ messagePayload = [
 
 messageId    = bstr
 messageBody  = bstr
-kesSignature = bstr
+kesSignature = bstr .size 448
 kesPeriod    = word64
 operationalCertificate = [ bstr .size 32, word64, word64, bstr .size 64 ]
 coldVerificationKey = bstr .size 32

dmq-node/src/DMQ/NodeToNode.hs

@@ -4,6 +4,7 @@
 {-# LANGUAGE OverloadedStrings   #-}
 {-# LANGUAGE RankNTypes          #-}
 {-# LANGUAGE ScopedTypeVariables #-}
+{-# LANGUAGE TypeOperators       #-}
 
 module DMQ.NodeToNode
   ( RemoteAddress
@@ -40,6 +41,7 @@ import Codec.CBOR.Encoding qualified as CBOR
 import Codec.CBOR.Read qualified as CBOR
 import Codec.CBOR.Term qualified as CBOR
 import Data.Aeson qualified as Aeson
+import Data.ByteString qualified as BS
 import Data.ByteString.Lazy qualified as BL
 import Data.Functor.Contravariant ((>$<))
 import Data.Hashable (Hashable)
@@ -52,7 +54,10 @@ import Network.Mux.Types (Mode (..))
 import Network.Mux.Types qualified as Mx
 import Network.TypedProtocol.Codec (AnnotatedCodec, Codec)
 
+import Cardano.Crypto.DSIGN.Class qualified as DSIGN
+import Cardano.Crypto.KES.Class qualified as KES
 import Cardano.KESAgent.KES.Crypto (Crypto (..))
+import Cardano.KESAgent.KES.OCert (OCertSignable)
 
 import DMQ.Configuration (Configuration, Configuration' (..), I (..))
 import DMQ.Diffusion.NodeKernel (NodeKernel (..))
@@ -147,6 +152,10 @@ data Apps addr m a b =
 ntnApps
   :: forall crypto m addr .
     ( Crypto crypto
+    , DSIGN.ContextDSIGN (DSIGN crypto) ~ ()
+    , DSIGN.Signable (DSIGN crypto) (OCertSignable crypto)
+    , KES.ContextKES (KES crypto) ~ ()
+    , KES.Signable (KES crypto) BS.ByteString
     , Typeable crypto
     , Alternative (STM m)
     , MonadAsync m
@@ -224,8 +233,8 @@ ntnApps
     -- connection if we receive one, rather than validate them in the
     -- mempool.
     mempoolWriter = Mempool.getWriter sigId
-                                      (pure ())
-                                      (\_ _ -> Right () :: Either Void ())
+                                      (pure ()) -- TODO not needed
+                                      (\_ -> validateSig)
                                       (\_ -> True)
                                       mempool
 

dmq-node/src/DMQ/Protocol/SigSubmission/Codec.hs

@@ -1,7 +1,6 @@
 {-# LANGUAGE DataKinds           #-}
 {-# LANGUAGE FlexibleContexts    #-}
 {-# LANGUAGE GADTs               #-}
-{-# LANGUAGE KindSignatures      #-}
 {-# LANGUAGE NamedFieldPuns      #-}
 {-# LANGUAGE PolyKinds           #-}
 {-# LANGUAGE ScopedTypeVariables #-}
@@ -33,8 +32,9 @@ import Codec.CBOR.Read qualified as CBOR
 import Network.TypedProtocol.Codec.CBOR
 
 import Cardano.Binary (FromCBOR (..), ToCBOR (..))
-import Cardano.Crypto.DSIGN.Class (decodeSignedDSIGN, encodeSignedDSIGN)
-import Cardano.Crypto.KES.Class (decodeVerKeyKES, encodeVerKeyKES)
+import Cardano.Crypto.DSIGN.Class (decodeSignedDSIGN, decodeVerKeyDSIGN,
+           encodeSignedDSIGN)
+import Cardano.Crypto.KES.Class (decodeSigKES, decodeVerKeyKES, encodeVerKeyKES)
 import Cardano.KESAgent.KES.Crypto (Crypto (..))
 import Cardano.KESAgent.KES.OCert (OCert (..))
 
@@ -159,9 +159,9 @@ decodeSig = do
     endOffset <- CBOR.peekByteOffset
     -- end of signed data
 
-    sigRawKESSignature <- SigKESSignature <$> CBOR.decodeBytes
+    sigRawKESSignature <- SigKESSignature <$> decodeSigKES
     sigRawOpCertificate <- decodeSigOpCertificate
-    sigRawColdKey <- SigColdKey <$> CBOR.decodeBytes
+    sigRawColdKey <- SigColdKey <$> decodeVerKeyDSIGN
     return $ \bytes -- ^ full bytes of the message, not just the sig part
            -> SigRawWithSignedBytes {
         sigRawSignedBytes = Utils.bytesBetweenOffsets startOffset endOffset bytes,
@@ -176,13 +176,13 @@ decodeSig = do
         }
       }
   where
-    decodePayload :: CBOR.Decoder s (SigId, SigBody, SigKESPeriod, POSIXTime)
+    decodePayload :: CBOR.Decoder s (SigId, SigBody, KESPeriod, POSIXTime)
     decodePayload = do
       a <- CBOR.decodeListLen
       when (a /= 4) $ fail (printf "decodeSig: unexpected number of parameters %d for Sig's payload" a)
       (,,,) <$> decodeSigId
             <*> (SigBody <$> CBOR.decodeBytes)
-            <*> CBOR.decodeWord
+            <*> (KESPeriod <$> CBOR.decodeWord)
             <*> (realToFrac <$> CBOR.decodeWord32)
 
 

dmq-node/src/DMQ/Protocol/SigSubmission/Type.hs

@@ -4,8 +4,9 @@
 {-# LANGUAGE NamedFieldPuns       #-}
 {-# LANGUAGE OverloadedStrings    #-}
 {-# LANGUAGE PatternSynonyms      #-}
+{-# LANGUAGE ScopedTypeVariables  #-}
 {-# LANGUAGE StandaloneDeriving   #-}
-{-# LANGUAGE TypeSynonymInstances #-}
+{-# LANGUAGE TypeOperators        #-}
 {-# LANGUAGE UndecidableInstances #-}
 
 module DMQ.Protocol.SigSubmission.Type
@@ -14,21 +15,24 @@ module DMQ.Protocol.SigSubmission.Type
   , SigId (..)
   , SigBody (..)
   , SigKESSignature (..)
-  , SigKESPeriod
   , SigOpCertificate (..)
   , SigColdKey (..)
   , SigRaw (..)
   , SigRawWithSignedBytes (..)
   , Sig (Sig, SigWithBytes, sigRawWithSignedBytes, sigRawBytes, sigId, sigBody, sigExpiresAt, sigOpCertificate, sigKESPeriod, sigKESSignature, sigColdKey, sigSignedBytes, sigBytes)
+  , validateSig
     -- * `TxSubmission` mini-protocol
   , SigSubmission
   , module SigSubmission
   , POSIXTime
     -- * Utilities
   , CBORBytes (..)
+    -- * Re-exports from `kes-agent`
+  , KESPeriod (..)
   ) where
 
 import Data.Aeson
+import Data.Bifunctor (first)
 import Data.ByteString (ByteString)
 import Data.ByteString.Base16 as BS.Base16
 import Data.ByteString.Base16.Lazy as LBS.Base16
@@ -37,12 +41,14 @@ import Data.ByteString.Lazy.Char8 qualified as LBS.Char8
 import Data.Text.Encoding qualified as Text
 import Data.Time.Clock.POSIX (POSIXTime)
 import Data.Typeable
+import Data.Word (Word64)
 
-import Cardano.Crypto.DSIGN.Class (DSIGNAlgorithm)
-import Cardano.Crypto.KES.Class (VerKeyKES)
--- import Cardano.Crypto.Util (SignableRepresentation (..))
+import Cardano.Crypto.DSIGN.Class (ContextDSIGN, DSIGNAlgorithm, VerKeyDSIGN)
+import Cardano.Crypto.DSIGN.Class qualified as DSIGN
+import Cardano.Crypto.KES.Class (KESAlgorithm (..), Signable)
 import Cardano.KESAgent.KES.Crypto as KES
-import Cardano.KESAgent.KES.OCert (OCert (..))
+import Cardano.KESAgent.KES.OCert (KESPeriod (..), OCert (..), OCertSignable,
+           validateOCert)
 
 import Ouroboros.Network.Protocol.TxSubmission2.Type as SigSubmission hiding
            (TxSubmission2)
@@ -66,13 +72,13 @@ newtype SigBody = SigBody { getSigBody :: ByteString }
   deriving stock (Show, Eq)
 
 
--- TODO:
--- This type should be something like: `SignedKES (KES crypto) SigPayload`
-newtype SigKESSignature = SigKESSignature { getSigKESSignature :: ByteString }
-  deriving stock (Show, Eq)
+newtype SigKESSignature crypto = SigKESSignature { getSigKESSignature :: SigKES (KES crypto) }
+
+deriving instance Show (SigKES (KES crypto))
+               => Show (SigKESSignature crypto)
+deriving instance Eq (SigKES (KES crypto))
+               => Eq (SigKESSignature crypto)
 
--- TODO:
--- This type should be more than just a `ByteString`.
 newtype SigOpCertificate crypto = SigOpCertificate { getSigOpCertificate :: OCert crypto }
 
 deriving instance ( DSIGNAlgorithm (KES.DSIGN crypto)
@@ -81,37 +87,45 @@ deriving instance ( DSIGNAlgorithm (KES.DSIGN crypto)
                 => Show (SigOpCertificate crypto)
 deriving instance ( DSIGNAlgorithm (KES.DSIGN crypto)
                   , Eq (VerKeyKES (KES crypto))
-                  ) => Eq   (SigOpCertificate crypto)
+                  ) => Eq (SigOpCertificate crypto)
 
 
-type SigKESPeriod = Word
+newtype SigColdKey crypto = SigColdKey { getSigColdKey :: VerKeyDSIGN (KES.DSIGN crypto) }
 
-newtype SigColdKey = SigColdKey { getSigColdKey :: ByteString }
-  deriving stock (Show, Eq)
+deriving instance Show (VerKeyDSIGN (KES.DSIGN crypto))
+               => Show (SigColdKey crypto)
+
+deriving instance Eq (VerKeyDSIGN (KES.DSIGN crypto))
+               => Eq (SigColdKey crypto)
 
 -- | Sig type consists of payload and its KES signature.
 --
 -- TODO: add signed bytes.
 data SigRaw crypto = SigRaw {
     sigRawId            :: SigId,
     sigRawBody          :: SigBody,
-    sigRawKESPeriod     :: SigKESPeriod,
+    sigRawKESPeriod     :: KESPeriod,
     -- ^ KES period when this signature was created.
     --
     -- NOTE: `kes-agent` library is using `Word` for KES period, CIP-137
     -- requires `Word64`, thus we're only supporting 64-bit architectures.
-    sigRawExpiresAt     :: POSIXTime,
-    sigRawKESSignature  :: SigKESSignature,
     sigRawOpCertificate :: SigOpCertificate crypto,
-    sigRawColdKey       :: SigColdKey
+    sigRawColdKey       :: SigColdKey crypto,
+    sigRawExpiresAt     :: POSIXTime,
+    sigRawKESSignature  :: SigKESSignature crypto
+    -- ^ KES signature of all previous fields.
+    --
+    -- NOTE: this field must be lazy, otetherwise tests will fail.
   }
 
 deriving instance ( DSIGNAlgorithm (KES.DSIGN crypto)
                   , Show (VerKeyKES (KES crypto))
+                  , Show (SigKES (KES crypto))
                   )
                => Show (SigRaw crypto)
 deriving instance ( DSIGNAlgorithm (KES.DSIGN crypto)
                   , Eq (VerKeyKES (KES crypto))
+                  , Eq (SigKES (KES crypto))
                   )
                => Eq (SigRaw crypto)
 
@@ -151,17 +165,20 @@ data SigRawWithSignedBytes crypto = SigRawWithSignedBytes {
 
 deriving instance ( DSIGNAlgorithm (KES.DSIGN crypto)
                   , Show (VerKeyKES (KES crypto))
+                  , Show (SigKES (KES crypto))
                   )
                => Show (SigRawWithSignedBytes crypto)
 deriving instance ( DSIGNAlgorithm (KES.DSIGN crypto)
                   , Eq (VerKeyKES (KES crypto))
+                  , Eq (SigKES (KES crypto))
                   )
                => Eq (SigRawWithSignedBytes crypto)
 
 instance Crypto crypto
       => ToJSON (SigRawWithSignedBytes crypto) where
   toJSON SigRawWithSignedBytes {sigRaw} = toJSON sigRaw
 
+
 data Sig crypto = SigWithBytes {
     sigRawBytes           :: LBS.ByteString,
     -- ^ encoded `SigRaw` data type
@@ -171,10 +188,12 @@ data Sig crypto = SigWithBytes {
 
 deriving instance ( DSIGNAlgorithm (KES.DSIGN crypto)
                   , Show (VerKeyKES (KES crypto))
+                  , Show (SigKES (KES crypto))
                   )
                => Show (Sig crypto)
 deriving instance ( DSIGNAlgorithm (KES.DSIGN crypto)
                   , Eq (VerKeyKES (KES crypto))
+                  , Eq (SigKES (KES crypto))
                   )
                => Eq (Sig crypto)
 
@@ -187,10 +206,10 @@ instance Crypto crypto
 pattern Sig
   :: SigId
   -> SigBody
-  -> SigKESSignature
-  -> SigKESPeriod
+  -> SigKESSignature crypto
+  -> KESPeriod
   -> SigOpCertificate crypto
-  -> SigColdKey
+  -> SigColdKey crypto
   -> POSIXTime
   -> LBS.ByteString
   -> LBS.ByteString
@@ -253,6 +272,60 @@ pattern
 
 instance Typeable crypto => ShowProxy (Sig crypto) where
 
+
+data SigValidationError =
+    InvalidKESSignature KESPeriod KESPeriod String
+  | InvalidSignatureOCERT
+      !Word64    -- OCert counter
+      !KESPeriod -- OCert KES period
+      !String    -- DSIGN error message
+  | KESBeforeStartOCERT KESPeriod KESPeriod
+  | KESAfterEndOCERT KESPeriod KESPeriod
+  deriving Show
+
+validateSig :: forall crypto.
+               ( Crypto crypto
+               , ContextDSIGN (KES.DSIGN crypto) ~ ()
+               , DSIGN.Signable (DSIGN crypto) (OCertSignable crypto)
+               , ContextKES (KES crypto) ~ ()
+               , Signable (KES crypto) ByteString
+               )
+            => Sig crypto
+            -> Either SigValidationError ()
+validateSig Sig { sigSignedBytes = signedBytes,
+                  sigKESPeriod,
+                  sigOpCertificate = SigOpCertificate ocert@OCert {
+                      ocertKESPeriod,
+                      ocertVkHot,
+                      ocertN
+                  },
+                  sigColdKey = SigColdKey coldKey,
+                  sigKESSignature = SigKESSignature kesSig
+                }
+            = do
+            sigKESPeriod < endKESPeriod
+              ?!  KESAfterEndOCERT endKESPeriod sigKESPeriod
+            sigKESPeriod >= startKESPeriod
+              ?!  KESBeforeStartOCERT startKESPeriod sigKESPeriod
+
+            -- validate OCert, which includes verifying its signature
+            validateOCert coldKey ocertVkHot ocert
+              ?!: InvalidSignatureOCERT ocertN sigKESPeriod
+            -- validate KES signature of the payload
+            verifyKES () ocertVkHot
+                         (unKESPeriod sigKESPeriod - unKESPeriod startKESPeriod)
+                         (LBS.toStrict signedBytes)
+                         kesSig
+              ?!: InvalidKESSignature ocertKESPeriod sigKESPeriod
+  where
+    startKESPeriod, endKESPeriod :: KESPeriod
+
+    startKESPeriod = ocertKESPeriod
+    -- TODO: is `totalPeriodsKES` the same as `praosMaxKESEvo`
+    -- or `sgMaxKESEvolution` in the genesis file?
+    endKESPeriod   = KESPeriod $ unKESPeriod startKESPeriod
+                               + totalPeriodsKES (Proxy :: Proxy (KES crypto))
+
 type SigSubmission crypto = TxSubmission2.TxSubmission2 SigId (Sig crypto)
 
 
@@ -267,3 +340,19 @@ newtype CBORBytes = CBORBytes { getCBORBytes :: LBS.ByteString }
 
 instance Show CBORBytes where
   show = LBS.Char8.unpack . LBS.Base16.encode . getCBORBytes
+
+
+--
+-- Utility functions
+--
+
+(?!:) :: Either e1 a -> (e1 -> e2) -> Either e2 a
+(?!:) = flip first
+
+infix 1 ?!:
+
+(?!) :: Bool -> e -> Either e ()
+(?!) True  _ = Right ()
+(?!) False e = Left e
+
+infix 1 ?!