[Malleability] Header: add malleability test

Author: tim-barry

model/flow/header.go

@@ -47,21 +47,32 @@ type Header struct {
 	LastViewTC *TimeoutCertificate
 }
 
+// Body is a type only used to calculate ID of a Header, by converting
+// Timestamp from time.Time to unix time (uint64) and LastViewTC to its identifier LastViewTCID.
+type Body struct {
+	ChainID            ChainID
+	ParentID           Identifier
+	Height             uint64
+	PayloadHash        Identifier
+	Timestamp          uint64
+	View               uint64
+	ParentView         uint64
+	ParentVoterIndices []byte
+	ParentVoterSigData []byte
+	ProposerID         Identifier
+	ProposerSigData    []byte
+	LastViewTCID       Identifier
+}
+
+// ID is implemented for the header Body so that it can be verified
+// by the malleability checker.
+func (b Body) ID() Identifier {
+	return MakeID(b)
+}
+
 // Body returns the immutable part of the block header.
-func (h Header) Body() interface{} {
-	return struct {
-		ChainID            ChainID
-		ParentID           Identifier
-		Height             uint64
-		PayloadHash        Identifier
-		Timestamp          uint64
-		View               uint64
-		ParentView         uint64
-		ParentVoterIndices []byte
-		ParentVoterSigData []byte
-		ProposerID         Identifier
-		LastViewTCID       Identifier
-	}{
+func (h Header) Body() *Body {
+	return &Body{
 		ChainID:            h.ChainID,
 		ParentID:           h.ParentID,
 		Height:             h.Height,
@@ -72,6 +83,7 @@ func (h Header) Body() interface{} {
 		ParentVoterIndices: h.ParentVoterIndices,
 		ParentVoterSigData: h.ParentVoterSigData,
 		ProposerID:         h.ProposerID,
+		ProposerSigData:    h.ProposerSigData,
 		LastViewTCID:       h.LastViewTC.ID(),
 	}
 }
@@ -93,7 +105,7 @@ func (h Header) Fingerprint() []byte {
 // ID returns a unique ID to singularly identify the header and its block
 // within the flow system.
 func (h Header) ID() Identifier {
-	return MakeID(h)
+	return MakeID(h.Body())
 }
 
 // Checksum returns the checksum of the header.

model/flow/header_test.go

@@ -6,7 +6,6 @@ import (
 	"time"
 
 	"github.com/fxamacker/cbor/v2"
-	"github.com/onflow/crypto"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/vmihailenco/msgpack/v4"
@@ -35,19 +34,7 @@ func TestHeaderFingerprint(t *testing.T) {
 	header.LastViewTC = helper.MakeTC()
 	headerID := header.ID()
 	data := header.Fingerprint()
-	var decoded struct {
-		ChainID            flow.ChainID
-		ParentID           flow.Identifier
-		Height             uint64
-		PayloadHash        flow.Identifier
-		Timestamp          uint64
-		View               uint64
-		ParentView         uint64
-		ParentVoterIndices []byte
-		ParentVoterSigData crypto.Signature
-		ProposerID         flow.Identifier
-		LastViewTC         interface{}
-	}
+	var decoded flow.Body
 	rlp.NewMarshaler().MustUnmarshal(data, &decoded)
 	decHeader := &flow.Header{
 		ChainID:            decoded.ChainID,
@@ -60,7 +47,7 @@ func TestHeaderFingerprint(t *testing.T) {
 		ParentVoterIndices: decoded.ParentVoterIndices,
 		ParentVoterSigData: decoded.ParentVoterSigData,
 		ProposerID:         decoded.ProposerID,
-		ProposerSigData:    header.ProposerSigData, // since this field is not encoded/decoded, just set it to the original value to pass test
+		ProposerSigData:    decoded.ProposerSigData,
 		LastViewTC:         header.LastViewTC,
 	}
 	decodedID := decHeader.ID()
@@ -102,3 +89,11 @@ func TestNonUTCTimestampSameHashAsUTC(t *testing.T) {
 	checkedID := header.ID()
 	assert.Equal(t, headerID, checkedID)
 }
+
+func TestHeaderMalleability(t *testing.T) {
+	header := unittest.BlockHeaderFixture()
+	// Require that LastViewTC (TimeoutCertificate) is not malleable, since its ID is incorporated in Body
+	unittest.RequireEntityNonMalleable(t, helper.MakeTC())
+	// Body contains all data from the header, but with the timestamp converted to Unix time, and LastViewTC replaced with its ID
+	unittest.RequireEntityNonMalleable(t, header.Body())
+}