Add SingleSignatureAuthenticator in aggregator

Alenar · Alenar · commit ebdea24a74e6 · 2024-09-19T10:32:41.000+02:00
diff --git a/mithril-aggregator/src/lib.rs b/mithril-aggregator/src/lib.rs
@@ -57,6 +57,7 @@ pub use store::{
 };
 pub use tools::{
     CExplorerSignerRetriever, SignersImporter, SignersImporterPersister, SignersImporterRetriever,
+    SingleSignatureAuthenticator,
 };
 
 #[cfg(test)]
diff --git a/mithril-aggregator/src/tools/mod.rs b/mithril-aggregator/src/tools/mod.rs
@@ -6,6 +6,7 @@ mod genesis;
 pub mod mocks;
 mod remote_file_uploader;
 mod signer_importer;
+mod single_signature_authenticator;
 
 pub use certificates_hash_migrator::CertificatesHashMigrator;
 pub use digest_helpers::extract_digest_from_path;
@@ -15,6 +16,7 @@ pub use remote_file_uploader::{GcpFileUploader, RemoteFileUploader};
 pub use signer_importer::{
     CExplorerSignerRetriever, SignersImporter, SignersImporterPersister, SignersImporterRetriever,
 };
+pub use single_signature_authenticator::*;
 
 #[cfg(test)]
 pub use remote_file_uploader::MockRemoteFileUploader;
diff --git a/mithril-aggregator/src/tools/single_signature_authenticator.rs b/mithril-aggregator/src/tools/single_signature_authenticator.rs
@@ -0,0 +1,220 @@
+use slog::{debug, Logger};
+use std::sync::Arc;
+
+use mithril_common::entities::{SingleSignatureAuthenticationStatus, SingleSignatures};
+use mithril_common::StdResult;
+
+use crate::MultiSigner;
+
+/// Authenticates single signatures against a signed message.
+pub struct SingleSignatureAuthenticator {
+    multi_signer: Arc<dyn MultiSigner>,
+    logger: Logger,
+}
+
+impl SingleSignatureAuthenticator {
+    /// Creates a new `SingleSignatureAuthenticator`.
+    pub fn new(multi_signer: Arc<dyn MultiSigner>, logger: Logger) -> Self {
+        Self {
+            multi_signer,
+            logger,
+        }
+    }
+
+    /// Authenticates a single signature against a signed message.
+    pub async fn authenticate(
+        &self,
+        single_signature: &mut SingleSignatures,
+        signed_message: &str,
+    ) -> StdResult<()> {
+        let is_authenticated = match self
+            .multi_signer
+            .verify_single_signature(signed_message, single_signature)
+            .await
+        {
+            Ok(()) => {
+                debug!(
+                    self.logger,
+                    "Single signature party authenticated for current stake distribution";
+                    "party_id" => &single_signature.party_id,
+                );
+                true
+            }
+            Err(_error) => {
+                // Signers may detect epoch changes before the aggregator and send
+                // new signatures using the next epoch stake distribution
+                if self
+                    .multi_signer
+                    .verify_single_signature_for_next_epoch(signed_message, single_signature)
+                    .await
+                    .is_ok()
+                {
+                    debug!(
+                        self.logger,
+                        "Single signature party authenticated for next stake distribution";
+                        "party_id" => &single_signature.party_id,
+                    );
+                    true
+                } else {
+                    debug!(
+                        self.logger,
+                        "Single signature party not authenticated";
+                        "party_id" => &single_signature.party_id,
+                    );
+                    false
+                }
+            }
+        };
+
+        single_signature.authentication_status = if is_authenticated {
+            SingleSignatureAuthenticationStatus::Authenticated
+        } else {
+            SingleSignatureAuthenticationStatus::Unauthenticated
+        };
+
+        Ok(())
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use anyhow::anyhow;
+
+    use crate::multi_signer::MockMultiSigner;
+    use crate::test_tools::TestLogger;
+
+    use super::*;
+
+    fn mock_multi_signer(
+        multi_signer_mock_config: impl FnOnce(&mut MockMultiSigner),
+    ) -> Arc<MockMultiSigner> {
+        let mut multi_signer = MockMultiSigner::new();
+        multi_signer_mock_config(&mut multi_signer);
+        Arc::new(multi_signer)
+    }
+
+    #[tokio::test]
+    async fn single_signature_against_valid_signed_message_for_current_stake_distribution_is_authenticated(
+    ) {
+        let signed_message = "signed_message".to_string();
+        let mut single_signature = SingleSignatures {
+            authentication_status: SingleSignatureAuthenticationStatus::Unauthenticated,
+            ..SingleSignatures::fake("party_id", &signed_message)
+        };
+
+        let authenticator = SingleSignatureAuthenticator::new(
+            mock_multi_signer(|mock_config| {
+                mock_config
+                    .expect_verify_single_signature()
+                    .returning(|_, _| Ok(()));
+            }),
+            TestLogger::stdout(),
+        );
+
+        authenticator
+            .authenticate(&mut single_signature, &signed_message)
+            .await
+            .unwrap();
+
+        assert_eq!(
+            single_signature.authentication_status,
+            SingleSignatureAuthenticationStatus::Authenticated
+        );
+    }
+
+    #[tokio::test]
+    async fn single_signature_against_valid_signed_message_for_next_stake_distribution_is_authenticated(
+    ) {
+        let signed_message = "signed_message".to_string();
+        let mut single_signature = SingleSignatures {
+            authentication_status: SingleSignatureAuthenticationStatus::Unauthenticated,
+            ..SingleSignatures::fake("party_id", &signed_message)
+        };
+
+        let authenticator = SingleSignatureAuthenticator::new(
+            mock_multi_signer(|mock_config| {
+                mock_config
+                    .expect_verify_single_signature()
+                    .returning(|_, _| Err(anyhow!("error")));
+                mock_config
+                    .expect_verify_single_signature_for_next_epoch()
+                    .returning(|_, _| Ok(()));
+            }),
+            TestLogger::stdout(),
+        );
+
+        authenticator
+            .authenticate(&mut single_signature, &signed_message)
+            .await
+            .unwrap();
+
+        assert_eq!(
+            single_signature.authentication_status,
+            SingleSignatureAuthenticationStatus::Authenticated
+        );
+    }
+
+    #[tokio::test]
+    async fn single_signature_against_invalid_signed_message_for_current_and_next_stake_distribution_is_not_authenticated(
+    ) {
+        let signed_message = "signed_message".to_string();
+        let mut single_signature = SingleSignatures {
+            authentication_status: SingleSignatureAuthenticationStatus::Unauthenticated,
+            ..SingleSignatures::fake("party_id", &signed_message)
+        };
+
+        let authenticator = SingleSignatureAuthenticator::new(
+            mock_multi_signer(|mock_config| {
+                mock_config
+                    .expect_verify_single_signature()
+                    .returning(|_, _| Err(anyhow!("verify_single_signature error")));
+                mock_config
+                    .expect_verify_single_signature_for_next_epoch()
+                    .returning(|_, _| Err(anyhow!("verify_single_signature_for_next_epoch error")));
+            }),
+            TestLogger::stdout(),
+        );
+
+        authenticator
+            .authenticate(&mut single_signature, &signed_message)
+            .await
+            .unwrap();
+
+        assert_eq!(
+            single_signature.authentication_status,
+            SingleSignatureAuthenticationStatus::Unauthenticated
+        );
+    }
+
+    #[tokio::test]
+    async fn single_signature_previously_authenticated_but_fail_new_authentication_is_now_unauthenticated(
+    ) {
+        let signed_message = "signed_message".to_string();
+        let mut single_signature = SingleSignatures {
+            authentication_status: SingleSignatureAuthenticationStatus::Authenticated,
+            ..SingleSignatures::fake("party_id", &signed_message)
+        };
+
+        let authenticator = SingleSignatureAuthenticator::new(
+            mock_multi_signer(|mock_config| {
+                mock_config
+                    .expect_verify_single_signature()
+                    .returning(|_, _| Err(anyhow!("verify_single_signature error")));
+                mock_config
+                    .expect_verify_single_signature_for_next_epoch()
+                    .returning(|_, _| Err(anyhow!("verify_single_signature_for_next_epoch error")));
+            }),
+            TestLogger::stdout(),
+        );
+
+        authenticator
+            .authenticate(&mut single_signature, &signed_message)
+            .await
+            .unwrap();
+
+        assert_eq!(
+            single_signature.authentication_status,
+            SingleSignatureAuthenticationStatus::Unauthenticated
+        );
+    }
+}
diff --git a/mithril-common/src/entities/single_signatures.rs b/mithril-common/src/entities/single_signatures.rs
@@ -34,7 +34,7 @@ pub struct SingleSignatures {
 }
 
 /// Status of the authentication of the signer that emitted the signature
-#[derive(Copy, Clone, PartialEq, Eq, Default, Serialize, Deserialize)]
+#[derive(Debug, Copy, Clone, PartialEq, Eq, Default, Serialize, Deserialize)]
 pub enum SingleSignatureAuthenticationStatus {
     /// We could authenticate the signer that emitted the signature
     Authenticated,

Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ pub struct SingleSignatures {`
`34`	`34`	`}`
`35`	`35`
`36`	`36`	`/// Status of the authentication of the signer that emitted the signature`
`37`		`-#[derive(Copy, Clone, PartialEq, Eq, Default, Serialize, Deserialize)]`
	`37`	`+#[derive(Debug, Copy, Clone, PartialEq, Eq, Default, Serialize, Deserialize)]`
`38`	`38`	`pub enum SingleSignatureAuthenticationStatus {`
`39`	`39`	`/// We could authenticate the signer that emitted the signature`
`40`	`40`	`Authenticated,`