feat: add kes signature check function and test data

Author: golddydev

.cargo/audit.toml

@@ -1,3 +1,2 @@
 [advisories]
-ignore = []
 informational_warnings = []

common/src/validation.rs

@@ -229,10 +229,15 @@ impl PartialEq for BadVrfProofError {
 /// https://github.com/IntersectMBO/ouroboros-consensus/blob/e3c52b7c583bdb6708fac4fdaa8bf0b9588f5a88/ouroboros-consensus-protocol/src/ouroboros-consensus-protocol/Ouroboros/Consensus/Protocol/Praos.hs#L342
 #[derive(Error, Clone, Debug, serde::Serialize, serde::Deserialize, PartialEq)]
 pub enum KesValidationError {
+    /// **Cause:** The KES signature on the block header is invalid.
     #[error("KES Signature Error: {0}")]
     KesSignatureError(#[from] KesSignatureError),
+    /// **Cause:** The operational certificate is invalid.
     #[error("Operational Certificate Error: {0}")]
     OperationalCertificateError(#[from] OperationalCertificateError),
+    /// **Cause:** Some data has incorrect bytes
+    #[error("TryFromSlice: {0}")]
+    TryFromSlice(String),
     #[error("Other Kes Validation Error: {0}")]
     Other(String),
 }
@@ -264,13 +269,16 @@ pub enum KesSignatureError {
         max_kes_evolutions: u64,
     },
     /// **Cause:** The KES signature on the block header is cryptographically invalid.
-    #[error("Invalid KES Signature OCert: Current KES Period={}, KES Start Period={}, Expected Evolutions={}, Max KES Evolutions={}, Error Message={}", current_kes_period, kes_start_period, expected_evolutions, max_kes_evolutions, error_message)]
+    #[error(
+        "Invalid KES Signature OCert: Current Period={}, OCert Start Period={}, Reason={}",
+        current_period,
+        ocert_start_period,
+        reason
+    )]
     InvalidKesSignatureOcert {
-        current_kes_period: u64,
-        kes_start_period: u64,
-        expected_evolutions: u64,
-        max_kes_evolutions: u64,
-        error_message: String,
+        current_period: u64,
+        ocert_start_period: u64,
+        reason: String,
     },
 }
 

modules/block_kes_validator/src/ouroboros/data/4490511.cbor

@@ -0,0 +1 @@
+828f1a0044850f1a00448e005820f8084c61b6a238acec985b59310b6ecec49c0ab8352249afd7268da5cff2a45758209180d818e69cd997e34663c418a648c076f2e19cd4194e486e159d8580bc6cda58206d930cc9d1baade5cd1c70fbc025d3377ce946760c48e511d1abdf8acff6ff1c82584036ec5378d1f5041a59eb8d96e61de96f0950fb41b49ff511f7bc7fd109d4383e1d24be7034e6749c6612700dd5ceb0c66577b88a19ae286b1321d15bce1ab7365850405aa370ff009544a2be4aa5bc52c4456333f4f9b6571d66c5590d2e5629d08b3a3609f4bd0502ed5d0be1abdb7f2ab76aaeae47fe111b0335a4e4def64693162794b8d3c1ca71500f16b1e244724c03825840da5ccc9f8fd62f6c290b5bb2ed9a4258fc9481dd8a0ac80f8936702ad7709a87814d14dca02ce22d7a3e150d171e57914cc058081941e3c6737987524076b6935850402fcbd1d50e4b42fa81dce2eada18df1803af49273d05cbe4a1870983d86759a61005d5d942a53fb68389fe119b5dae823fa3cd6668dc257556bc52086fd879b082dace60edcf0cd592f63103bcd10e0358201033376be025cb705fd8dd02eda11cc73975a062b5d14ffd74d6ff69e69a2ff75820ae981f4a58d135f98d0a0c5aab9fc04944c8409f65187f9778b57905e43769570000584008d56fe9c28eeeb99bda8920a9887f468f1d74bb03c37ef3caffffbee68d88eb33341498ac145a2422c77546db61c2da782587cdf934d69b113ce52ab8bd8b0b02005901c03de52bc307718194c07824cdc0d2fa016e60b19bc1c7162978fdac55cf43d2ac7f3aea635ffc98d53570a98ac19c703dfda935aac478d84f0281f7c8bc7a180b6aa7e738e9381ebb86baf842af4ee229a3e3908cfec16153f1dd5e21dba0316e7625e4c2a8db495d80ca3c93862fcf4ad0a8a79a20f7d3d9733f9dccbb8ac6d623bbec2bb6dbf170a3c33d32a15d2cc02b3ce78c8d61af768fa82067254b2fe3bd7a1e5cdacf71b50998eec98a48b6970eacdc74d5ae40224f95850fbd88df96e192767c641a70ebf2bb9dc7d32a1e36d1113c09f5591622b35aed5c06bf7b894b882c56bd8e12b7da5b16a341e59d3239a3d14f9d0a5ac006dfdc258e215eacb563954ea234797754b9276f9746d1d6589e10f0dfda8130d422db636d02dec7c8b45ff97de40ac541421e3f2d1aed4246cc5bb54600fa567275046a979f3b4d067c0869732129234df68f1150b09285ecf71385034c79ace9e74186bd811770fcd43a449aa9466165731f92ae73ba4ef9c665a1f8851420a8b1568b711fabca735f474a6a800751f73fbbb3ed2ace0c8bdb2c14eed4032b085dd0ac8f6b0d984a441d337ffe6903aa794728a56360e106c84fc1b943af0e383fd1f1939a2416

modules/block_kes_validator/src/ouroboros/data/4556956.cbor

@@ -0,0 +1 @@
+828f1a0045889c1a0058e1515820d5852411975dc3c5da5042f48372aa533b96c6d24017f9291cf65e730b5835555820330b133b489d79d039c7feceefe5acb9149f636d5d84943788ce8783c1c098245820e9dffe03f31be0431b2199696250f94ec599916ff5618080b428ac7c5ea5f6108258403962c816bc3989fe2b817e3a8f8deb54f6b0cf69105c7b041b3f1e90dfbf05a96c8912e11046647053d8e0c43fddf984082231946d3250a4182659e9b18cdd39585084e17ca6179f8d416f9bdc11f39714cb546ba0bc2274cf9d2c560a83d76942a31c55f30e95b310a9db9726c81cf37913f1a687dee0f21b5c553d863d393a4b1128425bb11901a6dc0a5bcd5d2eae82028258400018db71ca133eaa423d45ebfc33b6dbe2d35296f89e4ca3fe09810d8805255414ad3b5c97d0c3c7eca86d8d4c07035aa479bd6af9d9e986b8c4f9a5f76c9382585024df0024d93acdc1eb8b2a3a7b0f348fba765a4f27590eb6420458b34507ee655089866644bee297644c63fe8bc2aa3574a6b6a76e34fcaa5ce4010dd2648fb7118fbc7b6899024fd6369c43155c450f0358201033376be025cb705fd8dd02eda11cc73975a062b5d14ffd74d6ff69e69a2ff7582029429acc1d7d18b05039b379a7fe94dc95bd86631433ecb41b523e7d04a974c801015840c2b36ecd955d90a8adac85b4aa8a3dbdf022108794a255763c84c460db3b6eca45fb26dd5bc5cce9812f3199527e2c249473de89bd459888f12c964f58b1fc0c01005901c0f04b785404897ff6e361e76bc9a5f62c5b1af03e255a6110b09fc3be9d50ba1f2314076c09320a9bc9b755b6f9483325f9dbdab108bd8e412a63b1e15e54d60d17a33403716c4d5a57e851b90f21569cfdf4b7cd74ceb725d9173714d8ea7dda528f6848b0001f921382cdd64ae1ba60d7f725af64f10c572ed56ae28e187e4fe11c45ea269b508bcb6c08748be32e9bcf27df9c8853dc7272a278e60120f7fbe927d8614bbc3a1d9bab4a00199313f2f81f6b62a2f35496c04c1d7f8dae984695270c741298d567251066675609c71743a4cf61b525eabbea0f27d14e53a558210dbc7397354abda4d323b5b82460b6c8a1cb654f62af1962bfd3ec1a818e016be9e84c4ea1007a2edb5d392ea5cd84e4d92f2dd92fb1d80502f18df873a29915616650b4a697289bfec648eb72f0867bb1c6bd9c85fc25215078139f770a30e79b0f764bbef90a3933a82bb4f190e418f361c0426da2521c47c9330e96c876d8ec496117bf9a3cdb89420018e33e2977077fff74120fe8385ecd7729aee75742b31c09d4112ac7e777aced184056e8de92c3519e26ffdc98d85e3bd46725488bcad48a5da411985577277605a9c65a82f5224c179ac2da52be2e497b37de6b

modules/block_kes_validator/src/ouroboros/data/4576496.cbor

@@ -0,0 +1 @@
+828f1a0045d4f01a005eebcd5820d0547673599cc31048011657b1ac2ae14ff15b2103702b4071fd0c0e1caaeecf5820330b133b489d79d039c7feceefe5acb9149f636d5d84943788ce8783c1c098245820e9dffe03f31be0431b2199696250f94ec599916ff5618080b428ac7c5ea5f610825840ce902041f973eb263968e1de7f6255de7a9ddcafa343c2d2ed89c4daaca121d87621f683634ef07ff8234f69e381bd593e6229e92b2416fb463e5b50f1df675a5850b6568f768f3e4ca83dee729f934b83438fd693945f6c08110c1d9963024c904c1f836b51792a839aaedeb9381f65273abee234ea9e3205810e08ec03413244e2345aa58992d60e30aa38c3191f11db03825840000f783edf754904b325197136c4cdf5badf6a32ee7b86758d005aed320eb298efcd137da7507a51a7c580211017b14b08267c947b179358ebd5ee77d6b473b4585051632cef6eb7a950d94086d8f8770028d32ff55dc39741f7d45e061fd558383d5e18eb15aa6192a9c0bd16a5dbfcbee0dc041d158a2c50e67e80d3fc4a78dab889a5b703ab815afece18d00ed0431f0019018c582040fd0376795eec5777148337d4a5d37b72c358c30da034de8bac5e23c4525407582029429acc1d7d18b05039b379a7fe94dc95bd86631433ecb41b523e7d04a974c801015840c2b36ecd955d90a8adac85b4aa8a3dbdf022108794a255763c84c460db3b6eca45fb26dd5bc5cce9812f3199527e2c249473de89bd459888f12c964f58b1fc0c01005901c0c28b49147a742ee1a357f459315234446df337e2933df741307268fc064c32c0d465e2785f29ac9a79bfe55db85be4f3e36bfc2b7e15f76db91c46cbc2d27601b08c6020c1aee33d51ab7a66f9432d61d1dbb5bc3a7f6b183d414b94ffacbb459600a4ef2b27ece3c5682b50d1316dff928d7e627cb4f6754321e6465acb16cd360c41571150cd17dafdb642a27bbd5e80ce24a30ac2126a5c27fd866f7e43ab6c446de810e15924cf0b05873c6f4e49e518c139333d6d47c1ae709771ac5abf95270c741298d567251066675609c71743a4cf61b525eabbea0f27d14e53a558210dbc7397354abda4d323b5b82460b6c8a1cb654f62af1962bfd3ec1a818e016be9e84c4ea1007a2edb5d392ea5cd84e4d92f2dd92fb1d80502f18df873a29915616650b4a697289bfec648eb72f0867bb1c6bd9c85fc25215078139f770a30e79b0f764bbef90a3933a82bb4f190e418f361c0426da2521c47c9330e96c876d8ec496117bf9a3cdb89420018e33e2977077fff74120fe8385ecd7729aee75742b31c09d4112ac7e777aced184056e8de92c3519e26ffdc98d85e3bd46725488bcad48a5da411985577277605a9c65a82f5224c179ac2da52be2e497b37de6b

modules/block_kes_validator/src/ouroboros/data/7854823.cbor

@@ -0,0 +1 @@
+828a1a0077dae71a046344c15820991e0770751806103894d8fffaf86fcc90f238c6ac00bdc7cb0a953e4a59fd93582041ec779d32f5ca1fc81a8cb4152e6bc1f0ab569abe1c0de8b66d76242d23a70f5820b5b6a6b790e6926f6ba856255aaf3eb5192cc80c03eeec7469cd3f64344bafb78258403f42ef44b8525ee45ca45a094191f00b359e9205a400b0607c87fe488f3b44442afc9e7c3e28ded9080c71d84eb7840ecb2e7240721ee243b45a761048ad6c53585054ac3b2bc94b54705b951146a83cba92041fdf537644628c64e9549365e74c10502fb7c23f34d7daa8327843f728513b225044a9390f86fb2a83951c4a39a13c17472c71cf50d74f1ce12d04dc85e9021a00015b1158202c1657b98fabe337cff8811a0b198dd36dfa61a415fdc5e5759f43cfa1103c48845820249caec7a56b2ede7dfdb956178fc6d7d5c96b5f35e63ddc7987e9261ac277c70b1902065840c4bbbda856bebac009d32c276080a54bb6322ab3252d09ad4c7c4a3e3f9b8931dd81b1795dbd165d8d3ca493d77966eb682bfff0edc1d151ef0ad42efb91ba0d8207005901c03824c9afe0176e3abf9e9bcf6972fb8c408d218fe0eab8026780a9995c7cc8fbf2a6f7d54fcb138bcff109b578d020baf5dbae751dad81980d52146afc615905ea103db0ff10d488fc9d0dbfa410066768d93c566fc346ff4b81bd41137df20c446771dd0d24399d61a9caeddce7abb55e6647247158ac252cf87e56871f4535857f6dbbf90b99d9b4bd6ca20705f7deff4e7d3220c002c4e7e5d96927751d96e08c92886ac223a4f7141625da97819a3b574dbf80ca50418f33ce2858b41f2fe63290bda8fcfe8382defc7ce721ed6d96466efe69a0bcb31a3951447b3e73c07e167240a99b492a71b0f9a6af321620d16b944b7b7ce89353ce0b65fc19f3744357603fca23f2b0056c607f817b24ee15b51008ab43e470016e46c0a1589bf184b46b79e808750f7a96fa747387414b9e691b95e7003e825308e4cd4fcf67d87233cb90282e3a5e65ce5cd3448e2a5d5ee6b232a431a45c252ed9a04dbee9cf89c5d5f975481b3be2623bf4a517205b69516d59e0a1877643e25485846911252315499cc705061ee74bd8a6ca2a9ffe46f2905839372b008074d775b6f6f7bb3f245263d306f0194133f947909ff4af9f9815800f1173ef7ea602886f55e1fd

modules/block_kes_validator/src/ouroboros/praos.rs

@@ -1,13 +1,51 @@
-use acropolis_common::validation::OperationalCertificateError;
+use acropolis_common::validation::{KesSignatureError, OperationalCertificateError};
 use pallas::crypto::key::ed25519;
 
+use crate::ouroboros::kes;
+
 pub struct OperationalCertificate<'a> {
     pub operational_cert_hot_vkey: &'a [u8],
     pub operational_cert_sequence_number: u64,
     pub operational_cert_kes_period: u64,
     pub operational_cert_sigma: &'a [u8],
 }
 
+pub fn validate_kes_signature<'a>(
+    slot_kes_period: u64,
+    opcert_kes_period: u64,
+    header_body: &[u8],
+    public_key: &kes::PublicKey,
+    signature: &kes::Signature,
+    max_kes_evolutions: u64,
+) -> Result<(), KesSignatureError> {
+    if opcert_kes_period > slot_kes_period {
+        return Err(KesSignatureError::KesBeforeStartOcert {
+            ocert_start_period: opcert_kes_period,
+            current_period: slot_kes_period,
+        });
+    }
+
+    if slot_kes_period >= opcert_kes_period + max_kes_evolutions {
+        return Err(KesSignatureError::KesAfterEndOcert {
+            current_period: slot_kes_period,
+            ocert_start_period: opcert_kes_period,
+            max_kes_evolutions,
+        });
+    }
+
+    let kes_period = (slot_kes_period - opcert_kes_period) as u32;
+
+    signature.verify(kes_period, public_key, header_body).map_err(|error| {
+        KesSignatureError::InvalidKesSignatureOcert {
+            current_period: slot_kes_period,
+            ocert_start_period: opcert_kes_period,
+            reason: error.to_string(),
+        }
+    })?;
+
+    Ok(())
+}
+
 pub fn validate_operational_certificate<'a>(
     certificate: OperationalCertificate<'a>,
     issuer: &ed25519::PublicKey,