Merge pull request #6931 from LiskHQ/6841-verify-scs

Implement verifySingleCertificateSignature - Closes #6841

framework/src/node/consensus/certificate_generation/utils.ts

@@ -15,6 +15,7 @@
 import { signBLS, verifyWeightedAggSig } from '@liskhq/lisk-cryptography';
 import { BlockHeader } from '@liskhq/lisk-chain';
 import { codec } from '@liskhq/lisk-codec';
+import { verifyBLS } from '@liskhq/lisk-cryptography';
 import { Certificate } from './types';
 import { certificateSchema } from './schema';
 import { MESSAGE_TAG_CERTIFICATE } from './constants';
@@ -52,14 +53,22 @@ export const signCertificate = (
 	);
 };
 
-// TODO: https://github.com/LiskHQ/lisk-sdk/issues/6841
 export const verifySingleCertificateSignature = (
-	_pk: Buffer,
-	_signature: Buffer,
-	_networkIdentifier: Buffer,
-	_certificate: Certificate,
-	// eslint-disable-next-line @typescript-eslint/no-empty-function
-): boolean => true;
+	pk: Buffer,
+	signature: Buffer,
+	networkIdentifier: Buffer,
+	certificate: Certificate,
+): boolean => {
+	const message = codec.encode(certificateSchema, {
+		blockID: certificate.blockID,
+		height: certificate.height,
+		timestamp: certificate.timestamp,
+		stateRoot: certificate.stateRoot,
+		validatorsHash: certificate.validatorsHash,
+	});
+
+	return verifyBLS(MESSAGE_TAG_CERTIFICATE, networkIdentifier, message, signature, pk);
+};
 
 export const verifyAggregateCertificateSignature = (
 	keysList: Buffer[],

framework/test/unit/node/consensus/certificate_generation/utils.spec.ts

@@ -28,6 +28,7 @@ import {
 	verifyAggregateCertificateSignature,
 	computeCertificateFromBlockHeader,
 	signCertificate,
+	verifySingleCertificateSignature,
 } from '../../../../../src/node/consensus/certificate_generation/utils';
 import { createFakeBlockHeader } from '../../../../../src/testing';
 
@@ -98,7 +99,71 @@ describe('utils', () => {
 		});
 	});
 	describe('verifySingleCertificateSignature', () => {
-		it.todo('');
+		let privateKey: Buffer;
+		let publicKey: Buffer;
+		let certificate: Certificate;
+		let signature: Buffer;
+
+		beforeEach(() => {
+			privateKey = generatePrivateKey(getRandomBytes(32));
+			publicKey = getPublicKeyFromPrivateKey(privateKey);
+			certificate = {
+				blockID: Buffer.alloc(0),
+				height: 1030,
+				stateRoot: Buffer.alloc(0),
+				timestamp: 10300,
+				validatorsHash: Buffer.alloc(0),
+			};
+
+			const encodedCertificate = codec.encode(certificateSchema, certificate);
+
+			signature = signBLS(
+				MESSAGE_TAG_CERTIFICATE,
+				networkIdentifier,
+				encodedCertificate,
+				privateKey,
+			);
+
+			(certificate as any).aggregationBits = getRandomBytes(4);
+			(certificate as any).signature = getRandomBytes(4);
+		});
+
+		it('should return true with proper parameters', () => {
+			const isVerifiedSignature = verifySingleCertificateSignature(
+				publicKey,
+				signature,
+				networkIdentifier,
+				certificate,
+			);
+
+			expect(isVerifiedSignature).toBeTrue();
+		});
+
+		it('should return false for wrong public key', () => {
+			publicKey = getRandomBytes(48);
+
+			const isVerifiedSignature = verifySingleCertificateSignature(
+				publicKey,
+				signature,
+				networkIdentifier,
+				certificate,
+			);
+
+			expect(isVerifiedSignature).toBeFalse();
+		});
+
+		it('should return false for wrong signature', () => {
+			signature = getRandomBytes(32);
+
+			const isVerifiedSignature = verifySingleCertificateSignature(
+				publicKey,
+				signature,
+				networkIdentifier,
+				certificate,
+			);
+
+			expect(isVerifiedSignature).toBeFalse();
+		});
 	});
 	describe('verifyAggregateCertificateSignature', () => {
 		let certificate: Certificate;