Add EraMarkers sign/verify

Author: jpraynaud

mithril-common/src/crypto_helper/era.rs

@@ -0,0 +1,178 @@
+use ed25519_dalek::{ExpandedSecretKey, SignatureError};
+use rand_chacha_dalek_compat::rand_core::{self, CryptoRng, RngCore, SeedableRng};
+use rand_chacha_dalek_compat::ChaCha20Rng;
+use serde::{Deserialize, Serialize};
+use thiserror::Error;
+
+/// Alias of [Ed25519:PublicKey](https://docs.rs/ed25519-dalek/latest/ed25519_dalek/struct.PublicKey.html).
+pub type EraMarkersVerifierVerificationKey = ed25519_dalek::PublicKey;
+
+/// Alias of [Ed25519:SecretKey](https://docs.rs/ed25519-dalek/latest/ed25519_dalek/struct.SecretKey.html).
+pub type EraMarkersVerifierSecretKey = ed25519_dalek::SecretKey;
+
+/// Alias of [Ed25519:Signature](https://docs.rs/ed25519-dalek/latest/ed25519_dalek/struct.Signature.html).
+pub type EraMarkersVerifierSignature = ed25519_dalek::Signature;
+
+#[derive(Error, Debug)]
+/// [EraMarkersSigner] and [EraMarkersVerifier] related errors.
+pub enum EraMarkersVerifierError {
+    /// Error raised when a Signature verification fail
+    #[error("era markers signature verification error: '{0}'")]
+    SignatureVerification(#[from] SignatureError),
+}
+
+/// A protocol Signer that is responsible for signing the
+/// [Certificate](https://mithril.network/doc/mithril/mithril-protocol/certificates#the-certificate-chain-design)
+#[derive(Debug, Serialize, Deserialize)]
+pub struct EraMarkersSigner {
+    pub(crate) secret_key: EraMarkersVerifierSecretKey,
+}
+
+impl EraMarkersSigner {
+    /// EraMarkersSigner factory
+    pub fn create_test_signer<R>(mut rng: R) -> Self
+    where
+        R: CryptoRng + RngCore,
+    {
+        let secret_key = EraMarkersVerifierSecretKey::generate(&mut rng);
+        Self::from_secret_key(secret_key)
+    }
+
+    /// EraMarkersSigner deterministic
+    pub fn create_deterministic_signer() -> Self {
+        let rng = ChaCha20Rng::from_seed([0u8; 32]);
+        Self::create_test_signer(rng)
+    }
+
+    /// EraMarkersSigner non deterministic
+    pub fn create_non_deterministic_signer() -> Self {
+        let rng = rand_core::OsRng;
+        Self::create_test_signer(rng)
+    }
+
+    /// EraMarkersSigner from EraMarkersVerifierSecretKey
+    pub fn from_secret_key(secret_key: EraMarkersVerifierSecretKey) -> Self {
+        Self { secret_key }
+    }
+
+    /// Create a an expanded secret key
+    fn create_expanded_secret_key(&self) -> ExpandedSecretKey {
+        ExpandedSecretKey::from(&self.secret_key)
+    }
+
+    /// Create a EraMarkersVerifierVerificationKey
+    fn create_verification_key(
+        &self,
+        expanded_secret_key: &ExpandedSecretKey,
+    ) -> EraMarkersVerifierVerificationKey {
+        let verification_key: EraMarkersVerifierVerificationKey = expanded_secret_key.into();
+        verification_key
+    }
+
+    /// Create a EraMarkersVerifier
+    pub fn create_verifier(&self) -> EraMarkersVerifier {
+        let expanded_secret_key = self.create_expanded_secret_key();
+        let verification_key = self.create_verification_key(&expanded_secret_key);
+        EraMarkersVerifier::from_verification_key(verification_key)
+    }
+
+    /// Signs a message and returns a EraMarkersVerifierSignature
+    pub fn sign(&self, message: &[u8]) -> EraMarkersVerifierSignature {
+        let expanded_secret_key = self.create_expanded_secret_key();
+        let verification_key = self.create_verification_key(&expanded_secret_key);
+        expanded_secret_key.sign(message, &verification_key)
+    }
+}
+
+/// An era merkers Verifier
+#[derive(Debug, Serialize, Deserialize, Clone)]
+pub struct EraMarkersVerifier {
+    pub(crate) verification_key: EraMarkersVerifierVerificationKey,
+}
+
+impl EraMarkersVerifier {
+    /// EraMarkersVerifier from EraMarkersVerifierVerificationKey
+    pub fn from_verification_key(verification_key: EraMarkersVerifierVerificationKey) -> Self {
+        Self { verification_key }
+    }
+
+    /// EraMarkersVerifier to EraMarkersVerifierVerificationKey
+    pub fn to_verification_key(&self) -> EraMarkersVerifierVerificationKey {
+        self.verification_key
+    }
+
+    /// Verifies the signature of a message
+    pub fn verify(
+        &self,
+        message: &[u8],
+        signature: &EraMarkersVerifierSignature,
+    ) -> Result<(), EraMarkersVerifierError> {
+        Ok(self.verification_key.verify_strict(message, signature)?)
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::super::codec::{key_decode_hex, key_encode_hex};
+    use super::*;
+
+    #[test]
+    fn test_generate_test_deterministic_keypair() {
+        let signer = EraMarkersSigner::create_deterministic_signer();
+        let verifier = signer.create_verifier();
+        let signer_2 = EraMarkersSigner::create_deterministic_signer();
+        let verifier_2 = signer.create_verifier();
+        assert_eq!(signer.secret_key.as_bytes(), signer_2.secret_key.as_bytes());
+        assert_eq!(
+            verifier.verification_key.as_bytes(),
+            verifier_2.verification_key.as_bytes()
+        );
+
+        println!(
+            "Deterministic Verification Key={}",
+            key_encode_hex(verifier.verification_key.as_bytes()).unwrap()
+        );
+        println!(
+            "Deterministic Secret Key=={}",
+            key_encode_hex(signer.secret_key.as_bytes()).unwrap()
+        );
+    }
+
+    #[test]
+    fn test_generate_test_non_deterministic_keypair() {
+        let signer = EraMarkersSigner::create_non_deterministic_signer();
+        let verifier = signer.create_verifier();
+
+        println!(
+            "Non Deterministic Verification Key={}",
+            key_encode_hex(verifier.verification_key.as_bytes()).unwrap()
+        );
+        println!(
+            "Non Deterministic Secret Key=={}",
+            key_encode_hex(signer.secret_key.as_bytes()).unwrap()
+        );
+    }
+
+    #[test]
+    fn test_codec_keypair() {
+        let signer = EraMarkersSigner::create_deterministic_signer();
+        let verifier = signer.create_verifier();
+        let secret_key_encoded = key_encode_hex(signer.secret_key.as_bytes()).unwrap();
+        let verification_key_encoded =
+            key_encode_hex(verifier.verification_key.as_bytes()).unwrap();
+        let secret_key_decoded: EraMarkersVerifierSecretKey =
+            key_decode_hex(&secret_key_encoded).unwrap();
+        let verification_key_decoded: EraMarkersVerifierVerificationKey =
+            key_decode_hex(&verification_key_encoded).unwrap();
+        let signer_decoded = EraMarkersSigner::from_secret_key(secret_key_decoded);
+        let verifier_decoded = EraMarkersVerifier::from_verification_key(verification_key_decoded);
+
+        let message: &[u8] = b"some message.";
+        let signature = signer_decoded.sign(message);
+        let verify_signature = verifier_decoded.verify(message, &signature);
+        assert!(
+            verify_signature.is_ok(),
+            "signature verification should not fail"
+        );
+    }
+}

mithril-common/src/crypto_helper/mod.rs

@@ -3,6 +3,7 @@
 mod cardano;
 mod codec;
 mod conversions;
+mod era;
 mod genesis;
 #[cfg(any(test, feature = "test_only"))]
 pub mod tests_setup;
@@ -12,6 +13,10 @@ mod types;
 pub use cardano::ColdKeyGenerator;
 pub use cardano::{KESPeriod, OpCert, SerDeShelleyFileFormat};
 pub use codec::*;
+pub use era::{
+    EraMarkersSigner, EraMarkersVerifier, EraMarkersVerifierError, EraMarkersVerifierSecretKey,
+    EraMarkersVerifierSignature, EraMarkersVerifierVerificationKey,
+};
 pub use genesis::{ProtocolGenesisError, ProtocolGenesisSigner, ProtocolGenesisVerifier};
 pub use types::*;
 

mithril-common/src/era/cardano_chain_adapter.rs

@@ -1,12 +1,20 @@
-use crate::chain_observer::ChainAddress;
-use crate::crypto_helper::key_decode_hex;
-use crate::{chain_observer::ChainObserver, entities::Epoch};
+use crate::{
+    chain_observer::{ChainAddress, ChainObserver},
+    crypto_helper::{
+        key_decode_hex, EraMarkersSigner, EraMarkersVerifier, EraMarkersVerifierSignature,
+        EraMarkersVerifierVerificationKey,
+    },
+    entities::Epoch,
+};
 use async_trait::async_trait;
+use hex::{FromHex, ToHex};
 use serde::{Deserialize, Serialize};
 use std::error::Error as StdError;
 use std::sync::Arc;
 use thiserror::Error;
 
+type GeneralError = Box<dyn StdError + Sync + Send>;
+
 // TODO: remove EraMarker & EraReaderAdapter w/ they are available
 
 /// Value object that represents a tag of Era change.
@@ -31,38 +39,101 @@ impl EraMarker {
 #[async_trait]
 pub trait EraReaderAdapter: Sync + Send {
     /// Read era markers from the underlying adapter.
-    async fn read(&self) -> Result<Vec<EraMarker>, Box<dyn StdError + Sync + Send>>;
+    async fn read(&self) -> Result<Vec<EraMarker>, GeneralError>;
 }
 
 // TODO: Keep Cardano Chain Adapter part below
 
 type HexEncodeEraMarkerSignature = String;
 
+/// [EraMarkersPayload] related errors.
+#[derive(Debug, Error)]
+pub enum EraMarkersPayloadError {
+    /// Error raised when the message serialization fails
+    #[error("could not serialize message: {0}")]
+    SerializeMessage(GeneralError),
+
+    /// Error raised when the signature deserialization fails
+    #[error("could not deserialize signature: {0}")]
+    DeserializeSignature(GeneralError),
+
+    /// Error raised when the signature is invalid
+    #[error("could not verify signature: {0}")]
+    VerifySignature(GeneralError),
+
+    /// Error raised when the signing the markers
+    #[error("could not create signature: {0}")]
+    CreateSignature(GeneralError),
+}
+
 #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
 struct EraMarkersPayload {
     markers: Vec<EraMarker>,
     signature: HexEncodeEraMarkerSignature,
 }
 
+impl EraMarkersPayload {
+    fn message_to_sign(&self) -> Result<Vec<u8>, EraMarkersPayloadError> {
+        serde_json::to_vec(&self.markers)
+            .map_err(|e| EraMarkersPayloadError::SerializeMessage(e.into()))
+    }
+
+    fn verify_signature(
+        &self,
+        verification_key: EraMarkersVerifierVerificationKey,
+    ) -> Result<(), EraMarkersPayloadError> {
+        let signature = EraMarkersVerifierSignature::from_bytes(
+            &Vec::from_hex(&self.signature)
+                .map_err(|e| EraMarkersPayloadError::DeserializeSignature(e.into()))?,
+        )
+        .map_err(|e| EraMarkersPayloadError::DeserializeSignature(e.into()))?;
+        let markers_verifier = EraMarkersVerifier::from_verification_key(verification_key);
+        markers_verifier
+            .verify(&self.message_to_sign()?, &signature)
+            .map_err(|e| EraMarkersPayloadError::VerifySignature(e.into()))
+    }
+
+    #[cfg(any(test, feature = "test_only"))]
+    fn sign(self, signer: &EraMarkersSigner) -> Result<Self, EraMarkersPayloadError> {
+        let signature = signer
+            .sign(
+                &self
+                    .message_to_sign()
+                    .map_err(|e| EraMarkersPayloadError::CreateSignature(e.into()))?,
+            )
+            .encode_hex::<String>();
+        Ok(Self {
+            markers: self.markers,
+            signature,
+        })
+    }
+}
+
 /// Cardano Chain adapter retrieves era markers on chain
 pub struct CardanoChainAdapter {
     address: ChainAddress,
     chain_observer: Arc<dyn ChainObserver>,
+    verification_key: EraMarkersVerifierVerificationKey,
 }
 
 impl CardanoChainAdapter {
     /// CardanoChainAdapter factory
-    pub fn new(address: ChainAddress, chain_observer: Arc<dyn ChainObserver>) -> Self {
+    pub fn new(
+        address: ChainAddress,
+        chain_observer: Arc<dyn ChainObserver>,
+        verification_key: EraMarkersVerifierVerificationKey,
+    ) -> Self {
         Self {
             address,
             chain_observer,
+            verification_key,
         }
     }
 }
 
 #[async_trait]
 impl EraReaderAdapter for CardanoChainAdapter {
-    async fn read(&self) -> Result<Vec<EraMarker>, Box<dyn StdError + Sync + Send>> {
+    async fn read(&self) -> Result<Vec<EraMarker>, GeneralError> {
         let tx_datums = self
             .chain_observer
             .get_current_datums(&self.address)
@@ -72,7 +143,12 @@ impl EraReaderAdapter for CardanoChainAdapter {
             .filter_map(|datum| datum.get_field_raw_value("bytes", 0).ok())
             .filter_map(|field_value| field_value.as_str().map(|s| s.to_string()))
             .filter_map(|field_value_str| key_decode_hex(&field_value_str).ok())
-            .map(|era_markers_payload: EraMarkersPayload| era_markers_payload.markers)
+            .filter_map(|era_markers_payload: EraMarkersPayload| {
+                era_markers_payload
+                    .verify_signature(self.verification_key)
+                    .ok()
+                    .map(|_| era_markers_payload.markers)
+            })
             .collect::<Vec<Vec<EraMarker>>>();
         Ok(markers_list.first().unwrap_or(&Vec::new()).to_owned())
     }
@@ -81,7 +157,7 @@ impl EraReaderAdapter for CardanoChainAdapter {
 #[cfg(test)]
 mod test {
     use crate::chain_observer::{FakeObserver, TxDatum};
-    use crate::crypto_helper::key_encode_hex;
+    use crate::crypto_helper::{key_encode_hex, EraMarkersSigner};
 
     use super::*;
 
@@ -99,35 +175,42 @@ mod test {
 
     #[tokio::test]
     async fn test_cardano_chain_adapter() {
+        let era_markers_signer = EraMarkersSigner::create_deterministic_signer();
         let fake_address = "addr_test_123456".to_string();
         let era_marker_payload_1 = EraMarkersPayload {
             markers: vec![
                 EraMarker::new("thales", Some(Epoch(1))),
-                EraMarker::new("pythagors", None),
+                EraMarker::new("pythagoras", None),
             ],
             signature: "".to_string(),
         };
         let era_marker_payload_2 = EraMarkersPayload {
             markers: vec![
                 EraMarker::new("thales", Some(Epoch(1))),
-                EraMarker::new("pythagors", Some(Epoch(2))),
+                EraMarker::new("pythagoras", Some(Epoch(2))),
             ],
             signature: "".to_string(),
         };
         let mut fake_datums = dummy_tx_datums_from_markers_payload(vec![
-            era_marker_payload_1.clone(),
-            era_marker_payload_2,
+            era_marker_payload_1,
+            era_marker_payload_2
+                .clone()
+                .sign(&era_markers_signer)
+                .unwrap(),
         ]);
         fake_datums.push(TxDatum("not_valid_datum".to_string()));
         let chain_observer = FakeObserver::default();
         chain_observer.set_datums(fake_datums.clone()).await;
-        let cardano_chain_adapter =
-            CardanoChainAdapter::new(fake_address, Arc::new(chain_observer));
+        let cardano_chain_adapter = CardanoChainAdapter::new(
+            fake_address,
+            Arc::new(chain_observer),
+            era_markers_signer.create_verifier().to_verification_key(),
+        );
         let markers = cardano_chain_adapter
             .read()
             .await
             .expect("CardanoChainAdapter read should not fail");
-        let expected_markers = era_marker_payload_1.markers.to_owned();
+        let expected_markers = era_marker_payload_2.markers.to_owned();
         assert_eq!(expected_markers, markers);
     }
 }