Squashed 'bridges/' content from commit 062554430

git-subtree-dir: bridges
git-subtree-split: 0625544309ff299307f7e110f252f04eac383102

primitives/header-chain/Cargo.toml

@@ -0,0 +1,47 @@
+[package]
+name = "bp-header-chain"
+description = "A common interface for describing what a bridge pallet should be able to do."
+version = "0.1.0"
+authors = ["Parity Technologies <admin@parity.io>"]
+edition = "2021"
+license = "GPL-3.0-or-later WITH Classpath-exception-2.0"
+
+[dependencies]
+codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false }
+finality-grandpa = { version = "0.16.0", default-features = false }
+scale-info = { version = "2.1.1", default-features = false, features = ["derive"] }
+serde = { version = "1.0", optional = true }
+
+# Bridge dependencies
+
+bp-runtime = { path = "../runtime", default-features = false }
+
+# Substrate Dependencies
+
+frame-support = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false }
+sp-core = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false }
+sp-finality-grandpa = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false }
+sp-runtime = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false }
+sp-std = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false }
+sp-trie = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false }
+
+[dev-dependencies]
+bp-test-utils = { path = "../test-utils" }
+hex = "0.4"
+hex-literal = "0.3"
+
+[features]
+default = ["std"]
+std = [
+	"bp-runtime/std",
+	"codec/std",
+	"finality-grandpa/std",
+	"serde/std",
+	"frame-support/std",
+	"scale-info/std",
+	"sp-core/std",
+	"sp-finality-grandpa/std",
+	"sp-runtime/std",
+	"sp-std/std",
+	"sp-trie/std",
+]

primitives/header-chain/src/justification.rs

@@ -0,0 +1,227 @@
+// Copyright 2019-2021 Parity Technologies (UK) Ltd.
+// This file is part of Parity Bridges Common.
+
+// Parity Bridges Common is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity Bridges Common is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity Bridges Common.  If not, see <http://www.gnu.org/licenses/>.
+
+//! Pallet for checking GRANDPA Finality Proofs.
+//!
+//! Adapted copy of substrate/client/finality-grandpa/src/justification.rs. If origin
+//! will ever be moved to the sp_finality_grandpa, we should reuse that implementation.
+
+use codec::{Decode, Encode};
+use finality_grandpa::voter_set::VoterSet;
+use frame_support::RuntimeDebug;
+use scale_info::TypeInfo;
+use sp_finality_grandpa::{AuthorityId, AuthoritySignature, SetId};
+use sp_runtime::traits::Header as HeaderT;
+use sp_std::{
+	collections::{btree_map::BTreeMap, btree_set::BTreeSet},
+	prelude::*,
+};
+
+/// A GRANDPA Justification is a proof that a given header was finalized
+/// at a certain height and with a certain set of authorities.
+///
+/// This particular proof is used to prove that headers on a bridged chain
+/// (so not our chain) have been finalized correctly.
+#[derive(Encode, Decode, RuntimeDebug, Clone, PartialEq, Eq, TypeInfo)]
+pub struct GrandpaJustification<Header: HeaderT> {
+	/// The round (voting period) this justification is valid for.
+	pub round: u64,
+	/// The set of votes for the chain which is to be finalized.
+	pub commit:
+		finality_grandpa::Commit<Header::Hash, Header::Number, AuthoritySignature, AuthorityId>,
+	/// A proof that the chain of blocks in the commit are related to each other.
+	pub votes_ancestries: Vec<Header>,
+}
+
+impl<H: HeaderT> crate::FinalityProof<H::Number> for GrandpaJustification<H> {
+	fn target_header_number(&self) -> H::Number {
+		self.commit.target_number
+	}
+}
+
+/// Justification verification error.
+#[derive(Eq, RuntimeDebug, PartialEq)]
+pub enum Error {
+	/// Failed to decode justification.
+	JustificationDecode,
+	/// Justification is finalizing unexpected header.
+	InvalidJustificationTarget,
+	/// The authority has provided an invalid signature.
+	InvalidAuthoritySignature,
+	/// The justification contains precommit for header that is not a descendant of the commit
+	/// header.
+	PrecommitIsNotCommitDescendant,
+	/// The cumulative weight of all votes in the justification is not enough to justify commit
+	/// header finalization.
+	TooLowCumulativeWeight,
+	/// The justification contains extra (unused) headers in its `votes_ancestries` field.
+	ExtraHeadersInVotesAncestries,
+}
+
+/// Decode justification target.
+pub fn decode_justification_target<Header: HeaderT>(
+	raw_justification: &[u8],
+) -> Result<(Header::Hash, Header::Number), Error> {
+	GrandpaJustification::<Header>::decode(&mut &*raw_justification)
+		.map(|justification| (justification.commit.target_hash, justification.commit.target_number))
+		.map_err(|_| Error::JustificationDecode)
+}
+
+/// Verify that justification, that is generated by given authority set, finalizes given header.
+pub fn verify_justification<Header: HeaderT>(
+	finalized_target: (Header::Hash, Header::Number),
+	authorities_set_id: SetId,
+	authorities_set: &VoterSet<AuthorityId>,
+	justification: &GrandpaJustification<Header>,
+) -> Result<(), Error>
+where
+	Header::Number: finality_grandpa::BlockNumberOps,
+{
+	// ensure that it is justification for the expected header
+	if (justification.commit.target_hash, justification.commit.target_number) != finalized_target {
+		return Err(Error::InvalidJustificationTarget)
+	}
+
+	let mut chain = AncestryChain::new(&justification.votes_ancestries);
+	let mut signature_buffer = Vec::new();
+	let mut votes = BTreeSet::new();
+	let mut cumulative_weight = 0u64;
+	for signed in &justification.commit.precommits {
+		// authority must be in the set
+		let authority_info = match authorities_set.get(&signed.id) {
+			Some(authority_info) => authority_info,
+			None => {
+				// just ignore precommit from unknown authority as
+				// `finality_grandpa::import_precommit` does
+				continue
+			},
+		};
+
+		// check if authority has already voted in the same round.
+		//
+		// there's a lot of code in `validate_commit` and `import_precommit` functions inside
+		// `finality-grandpa` crate (mostly related to reporting equivocations). But the only thing
+		// that we care about is that only first vote from the authority is accepted
+		if !votes.insert(signed.id.clone()) {
+			continue
+		}
+
+		// everything below this line can't just `continue`, because state is already altered
+
+		// precommits aren't allowed for block lower than the target
+		if signed.precommit.target_number < justification.commit.target_number {
+			return Err(Error::PrecommitIsNotCommitDescendant)
+		}
+		// all precommits must be descendants of target block
+		chain = chain
+			.ensure_descendant(&justification.commit.target_hash, &signed.precommit.target_hash)?;
+		// since we know now that the precommit target is the descendant of the justification
+		// target, we may increase 'weight' of the justification target
+		//
+		// there's a lot of code in the `VoteGraph::insert` method inside `finality-grandpa` crate,
+		// but in the end it is only used to find GHOST, which we don't care about. The only thing
+		// that we care about is that the justification target has enough weight
+		cumulative_weight = cumulative_weight.checked_add(authority_info.weight().0.into()).expect(
+			"sum of weights of ALL authorities is expected not to overflow - this is guaranteed by\
+				existence of VoterSet;\
+				the order of loop conditions guarantees that we can account vote from same authority\
+				multiple times;\
+				thus we'll never overflow the u64::MAX;\
+				qed",
+		);
+		// verify authority signature
+		if !sp_finality_grandpa::check_message_signature_with_buffer(
+			&finality_grandpa::Message::Precommit(signed.precommit.clone()),
+			&signed.id,
+			&signed.signature,
+			justification.round,
+			authorities_set_id,
+			&mut signature_buffer,
+		) {
+			return Err(Error::InvalidAuthoritySignature)
+		}
+	}
+
+	// check that there are no extra headers in the justification
+	if !chain.unvisited.is_empty() {
+		return Err(Error::ExtraHeadersInVotesAncestries)
+	}
+
+	// check that the cumulative weight of validators voted for the justification target (or one
+	// of its descendents) is larger than required threshold.
+	let threshold = authorities_set.threshold().0.into();
+	if cumulative_weight >= threshold {
+		Ok(())
+	} else {
+		Err(Error::TooLowCumulativeWeight)
+	}
+}
+
+/// Votes ancestries with useful methods.
+#[derive(RuntimeDebug)]
+pub struct AncestryChain<Header: HeaderT> {
+	/// Header hash => parent header hash mapping.
+	pub parents: BTreeMap<Header::Hash, Header::Hash>,
+	/// Hashes of headers that were not visited by `is_ancestor` method.
+	pub unvisited: BTreeSet<Header::Hash>,
+}
+
+impl<Header: HeaderT> AncestryChain<Header> {
+	/// Create new ancestry chain.
+	pub fn new(ancestry: &[Header]) -> AncestryChain<Header> {
+		let mut parents = BTreeMap::new();
+		let mut unvisited = BTreeSet::new();
+		for ancestor in ancestry {
+			let hash = ancestor.hash();
+			let parent_hash = *ancestor.parent_hash();
+			parents.insert(hash, parent_hash);
+			unvisited.insert(hash);
+		}
+		AncestryChain { parents, unvisited }
+	}
+
+	/// Returns `Ok(_)` if `precommit_target` is a descendant of the `commit_target` block and
+	/// `Err(_)` otherwise.
+	pub fn ensure_descendant(
+		mut self,
+		commit_target: &Header::Hash,
+		precommit_target: &Header::Hash,
+	) -> Result<Self, Error> {
+		let mut current_hash = *precommit_target;
+		loop {
+			if current_hash == *commit_target {
+				break
+			}
+
+			let is_visited_before = !self.unvisited.remove(&current_hash);
+			current_hash = match self.parents.get(&current_hash) {
+				Some(parent_hash) => {
+					if is_visited_before {
+						// `Some(parent_hash)` means that the `current_hash` is in the `parents`
+						// container `is_visited_before` means that it has been visited before in
+						// some of previous calls => since we assume that previous call has finished
+						// with `true`, this also will be finished with `true`
+						return Ok(self)
+					}
+
+					*parent_hash
+				},
+				None => return Err(Error::PrecommitIsNotCommitDescendant),
+			};
+		}
+		Ok(self)
+	}
+}

primitives/header-chain/src/lib.rs

@@ -0,0 +1,147 @@
+// Copyright 2019-2021 Parity Technologies (UK) Ltd.
+// This file is part of Parity Bridges Common.
+
+// Parity Bridges Common is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity Bridges Common is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity Bridges Common.  If not, see <http://www.gnu.org/licenses/>.
+
+//! Defines traits which represent a common interface for Substrate pallets which want to
+//! incorporate bridge functionality.
+
+#![cfg_attr(not(feature = "std"), no_std)]
+
+use bp_runtime::{BasicOperatingMode, Chain, HashOf, HasherOf, HeaderOf, StorageProofChecker};
+use codec::{Codec, Decode, Encode, EncodeLike};
+use core::{clone::Clone, cmp::Eq, default::Default, fmt::Debug};
+use frame_support::PalletError;
+use scale_info::TypeInfo;
+#[cfg(feature = "std")]
+use serde::{Deserialize, Serialize};
+use sp_finality_grandpa::{AuthorityList, ConsensusLog, SetId, GRANDPA_ENGINE_ID};
+use sp_runtime::{traits::Header as HeaderT, Digest, RuntimeDebug};
+use sp_std::boxed::Box;
+use sp_trie::StorageProof;
+
+pub mod justification;
+pub mod storage_keys;
+
+/// Header chain error.
+#[derive(Clone, Copy, Decode, Encode, Eq, PalletError, PartialEq, RuntimeDebug, TypeInfo)]
+pub enum HeaderChainError {
+	/// Header with given hash is missing from the chain.
+	UnknownHeader,
+	/// The storage proof doesn't contains storage root.
+	StorageRootMismatch,
+}
+
+impl From<HeaderChainError> for &'static str {
+	fn from(err: HeaderChainError) -> &'static str {
+		match err {
+			HeaderChainError::UnknownHeader => "UnknownHeader",
+			HeaderChainError::StorageRootMismatch => "StorageRootMismatch",
+		}
+	}
+}
+
+/// Substrate header chain, abstracted from the way it is stored.
+pub trait HeaderChain<C: Chain> {
+	/// Returns finalized header by its hash.
+	fn finalized_header(hash: HashOf<C>) -> Option<HeaderOf<C>>;
+	/// Parse storage proof using finalized header.
+	fn parse_finalized_storage_proof<R>(
+		hash: HashOf<C>,
+		storage_proof: StorageProof,
+		parse: impl FnOnce(StorageProofChecker<HasherOf<C>>) -> R,
+	) -> Result<R, HeaderChainError> {
+		let header = Self::finalized_header(hash).ok_or(HeaderChainError::UnknownHeader)?;
+		let storage_proof_checker =
+			bp_runtime::StorageProofChecker::new(*header.state_root(), storage_proof)
+				.map_err(|_| HeaderChainError::StorageRootMismatch)?;
+
+		Ok(parse(storage_proof_checker))
+	}
+}
+
+/// A type that can be used as a parameter in a dispatchable function.
+///
+/// When using `decl_module` all arguments for call functions must implement this trait.
+pub trait Parameter: Codec + EncodeLike + Clone + Eq + Debug + TypeInfo {}
+impl<T> Parameter for T where T: Codec + EncodeLike + Clone + Eq + Debug + TypeInfo {}
+
+/// A GRANDPA Authority List and ID.
+#[derive(Default, Encode, Eq, Decode, RuntimeDebug, PartialEq, Clone, TypeInfo)]
+#[cfg_attr(feature = "std", derive(Serialize, Deserialize))]
+pub struct AuthoritySet {
+	/// List of GRANDPA authorities for the current round.
+	pub authorities: AuthorityList,
+	/// Monotonic identifier of the current GRANDPA authority set.
+	pub set_id: SetId,
+}
+
+impl AuthoritySet {
+	/// Create a new GRANDPA Authority Set.
+	pub fn new(authorities: AuthorityList, set_id: SetId) -> Self {
+		Self { authorities, set_id }
+	}
+}
+
+/// Data required for initializing the bridge pallet.
+///
+/// The bridge needs to know where to start its sync from, and this provides that initial context.
+#[derive(Default, Encode, Decode, RuntimeDebug, PartialEq, Eq, Clone, TypeInfo)]
+#[cfg_attr(feature = "std", derive(Serialize, Deserialize))]
+pub struct InitializationData<H: HeaderT> {
+	/// The header from which we should start syncing.
+	pub header: Box<H>,
+	/// The initial authorities of the pallet.
+	pub authority_list: AuthorityList,
+	/// The ID of the initial authority set.
+	pub set_id: SetId,
+	/// Pallet operating mode.
+	pub operating_mode: BasicOperatingMode,
+}
+
+/// Abstract finality proof that is justifying block finality.
+pub trait FinalityProof<Number>: Clone + Send + Sync + Debug {
+	/// Return number of header that this proof is generated for.
+	fn target_header_number(&self) -> Number;
+}
+
+/// A trait that provides helper methods for querying the consensus log.
+pub trait ConsensusLogReader {
+	/// Returns true if digest contains item that schedules authorities set change.
+	fn schedules_authorities_change(digest: &Digest) -> bool;
+}
+
+/// A struct that provides helper methods for querying the GRANDPA consensus log.
+pub struct GrandpaConsensusLogReader<Number>(sp_std::marker::PhantomData<Number>);
+
+impl<Number: Codec> GrandpaConsensusLogReader<Number> {
+	pub fn find_authorities_change(
+		digest: &Digest,
+	) -> Option<sp_finality_grandpa::ScheduledChange<Number>> {
+		// find the first consensus digest with the right ID which converts to
+		// the right kind of consensus log.
+		digest
+			.convert_first(|log| log.consensus_try_to(&GRANDPA_ENGINE_ID))
+			.and_then(|log| match log {
+				ConsensusLog::ScheduledChange(change) => Some(change),
+				_ => None,
+			})
+	}
+}
+
+impl<Number: Codec> ConsensusLogReader for GrandpaConsensusLogReader<Number> {
+	fn schedules_authorities_change(digest: &Digest) -> bool {
+		GrandpaConsensusLogReader::<Number>::find_authorities_change(digest).is_some()
+	}
+}

primitives/header-chain/src/storage_keys.rs

@@ -0,0 +1,78 @@
+// Copyright 2019-2021 Parity Technologies (UK) Ltd.
+// This file is part of Parity Bridges Common.
+
+// Parity Bridges Common is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity Bridges Common is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity Bridges Common.  If not, see <http://www.gnu.org/licenses/>.
+
+//! Storage keys of bridge GRANDPA pallet.
+
+/// Name of the `IsHalted` storage value.
+pub const PALLET_OPERATING_MODE_VALUE_NAME: &str = "PalletOperatingMode";
+/// Name of the `BestFinalized` storage value.
+pub const BEST_FINALIZED_VALUE_NAME: &str = "BestFinalized";
+
+use sp_core::storage::StorageKey;
+
+/// Storage key of the `PalletOperatingMode` variable in the runtime storage.
+pub fn pallet_operating_mode_key(pallet_prefix: &str) -> StorageKey {
+	StorageKey(
+		bp_runtime::storage_value_final_key(
+			pallet_prefix.as_bytes(),
+			PALLET_OPERATING_MODE_VALUE_NAME.as_bytes(),
+		)
+		.to_vec(),
+	)
+}
+
+/// Storage key of the best finalized header number and hash value in the runtime storage.
+pub fn best_finalized_key(pallet_prefix: &str) -> StorageKey {
+	StorageKey(
+		bp_runtime::storage_value_final_key(
+			pallet_prefix.as_bytes(),
+			BEST_FINALIZED_VALUE_NAME.as_bytes(),
+		)
+		.to_vec(),
+	)
+}
+
+#[cfg(test)]
+mod tests {
+	use super::*;
+	use hex_literal::hex;
+
+	#[test]
+	fn pallet_operating_mode_key_computed_properly() {
+		// If this test fails, then something has been changed in module storage that is breaking
+		// compatibility with previous pallet.
+		let storage_key = pallet_operating_mode_key("BridgeGrandpa").0;
+		assert_eq!(
+			storage_key,
+			hex!("0b06f475eddb98cf933a12262e0388de0f4cf0917788d791142ff6c1f216e7b3").to_vec(),
+			"Unexpected storage key: {}",
+			hex::encode(&storage_key),
+		);
+	}
+
+	#[test]
+	fn best_finalized_key_computed_properly() {
+		// If this test fails, then something has been changed in module storage that is breaking
+		// compatibility with previous pallet.
+		let storage_key = best_finalized_key("BridgeGrandpa").0;
+		assert_eq!(
+			storage_key,
+			hex!("0b06f475eddb98cf933a12262e0388dea4ebafdd473c549fdb24c5c991c5591c").to_vec(),
+			"Unexpected storage key: {}",
+			hex::encode(&storage_key),
+		);
+	}
+}

primitives/header-chain/tests/implementation_match.rs

@@ -0,0 +1,328 @@
+// Copyright 2020-2021 Parity Technologies (UK) Ltd.
+// This file is part of Parity Bridges Common.
+
+// Parity Bridges Common is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity Bridges Common is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity Bridges Common.  If not, see <http://www.gnu.org/licenses/>.
+
+//! Tests inside this module are made to ensure that our custom justification verification
+//! implementation works exactly as `fn finality_grandpa::validate_commit`.
+//!
+//! Some of tests in this module may partially duplicate tests from `justification.rs`,
+//! but their purpose is different.
+
+use bp_header_chain::justification::{verify_justification, Error, GrandpaJustification};
+use bp_test_utils::{
+	header_id, make_justification_for_header, signed_precommit, test_header, Account,
+	JustificationGeneratorParams, ALICE, BOB, CHARLIE, DAVE, EVE, TEST_GRANDPA_SET_ID,
+};
+use finality_grandpa::voter_set::VoterSet;
+use sp_finality_grandpa::{AuthorityId, AuthorityWeight};
+use sp_runtime::traits::Header as HeaderT;
+
+type TestHeader = sp_runtime::testing::Header;
+type TestHash = <TestHeader as HeaderT>::Hash;
+type TestNumber = <TestHeader as HeaderT>::Number;
+
+/// Implementation of `finality_grandpa::Chain` that is used in tests.
+struct AncestryChain(bp_header_chain::justification::AncestryChain<TestHeader>);
+
+impl AncestryChain {
+	fn new(ancestry: &[TestHeader]) -> Self {
+		Self(bp_header_chain::justification::AncestryChain::new(ancestry))
+	}
+}
+
+impl finality_grandpa::Chain<TestHash, TestNumber> for AncestryChain {
+	fn ancestry(
+		&self,
+		base: TestHash,
+		block: TestHash,
+	) -> Result<Vec<TestHash>, finality_grandpa::Error> {
+		let mut route = Vec::new();
+		let mut current_hash = block;
+		loop {
+			if current_hash == base {
+				break
+			}
+			match self.0.parents.get(&current_hash).cloned() {
+				Some(parent_hash) => {
+					current_hash = parent_hash;
+					route.push(current_hash);
+				},
+				_ => return Err(finality_grandpa::Error::NotDescendent),
+			}
+		}
+		route.pop(); // remove the base
+
+		Ok(route)
+	}
+}
+
+/// Get a full set of accounts.
+fn full_accounts_set() -> Vec<(Account, AuthorityWeight)> {
+	vec![(ALICE, 1), (BOB, 1), (CHARLIE, 1), (DAVE, 1), (EVE, 1)]
+}
+
+/// Get a full set of GRANDPA authorities.
+fn full_voter_set() -> VoterSet<AuthorityId> {
+	VoterSet::new(full_accounts_set().iter().map(|(id, w)| (AuthorityId::from(*id), *w))).unwrap()
+}
+
+/// Get a minimal set of accounts.
+fn minimal_accounts_set() -> Vec<(Account, AuthorityWeight)> {
+	// there are 5 accounts in the full set => we need 2/3 + 1 accounts, which results in 4 accounts
+	vec![(ALICE, 1), (BOB, 1), (CHARLIE, 1), (DAVE, 1)]
+}
+
+/// Get a minimal subset of GRANDPA authorities that have enough cumulative vote weight to justify a
+/// header finality.
+pub fn minimal_voter_set() -> VoterSet<AuthorityId> {
+	VoterSet::new(minimal_accounts_set().iter().map(|(id, w)| (AuthorityId::from(*id), *w)))
+		.unwrap()
+}
+
+/// Make a valid GRANDPA justification with sensible defaults.
+pub fn make_default_justification(header: &TestHeader) -> GrandpaJustification<TestHeader> {
+	make_justification_for_header(JustificationGeneratorParams {
+		header: header.clone(),
+		authorities: minimal_accounts_set(),
+		..Default::default()
+	})
+}
+
+// the `finality_grandpa::validate_commit` function has two ways to report an unsuccessful
+// commit validation:
+//
+// 1) to return `Err()` (which only may happen if `finality_grandpa::Chain` implementation
+//    returns an error);
+// 2) to return `Ok(validation_result)` if `validation_result.is_valid()` is false.
+//
+// Our implementation would just return error in both cases.
+
+#[test]
+fn same_result_when_precommit_target_has_lower_number_than_commit_target() {
+	let mut justification = make_default_justification(&test_header(1));
+	// the number of header in precommit (0) is lower than number of header in commit (1)
+	justification.commit.precommits[0].precommit.target_number = 0;
+
+	// our implementation returns an error
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			TEST_GRANDPA_SET_ID,
+			&full_voter_set(),
+			&justification,
+		),
+		Err(Error::PrecommitIsNotCommitDescendant),
+	);
+
+	// original implementation returns `Ok(validation_result)`
+	// with `validation_result.is_valid() == false`.
+	let result = finality_grandpa::validate_commit(
+		&justification.commit,
+		&full_voter_set(),
+		&AncestryChain::new(&justification.votes_ancestries),
+	)
+	.unwrap();
+
+	assert!(!result.is_valid());
+}
+
+#[test]
+fn same_result_when_precommit_target_is_not_descendant_of_commit_target() {
+	let not_descendant = test_header::<TestHeader>(10);
+	let mut justification = make_default_justification(&test_header(1));
+	// the route from header of commit (1) to header of precommit (10) is missing from
+	// the votes ancestries
+	justification.commit.precommits[0].precommit.target_number = *not_descendant.number();
+	justification.commit.precommits[0].precommit.target_hash = not_descendant.hash();
+	justification.votes_ancestries.push(not_descendant);
+
+	// our implementation returns an error
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			TEST_GRANDPA_SET_ID,
+			&full_voter_set(),
+			&justification,
+		),
+		Err(Error::PrecommitIsNotCommitDescendant),
+	);
+
+	// original implementation returns `Ok(validation_result)`
+	// with `validation_result.is_valid() == false`.
+	let result = finality_grandpa::validate_commit(
+		&justification.commit,
+		&full_voter_set(),
+		&AncestryChain::new(&justification.votes_ancestries),
+	)
+	.unwrap();
+
+	assert!(!result.is_valid());
+}
+
+#[test]
+fn same_result_when_justification_contains_duplicate_vote() {
+	let mut justification = make_justification_for_header(JustificationGeneratorParams {
+		header: test_header(1),
+		authorities: minimal_accounts_set(),
+		ancestors: 0,
+		..Default::default()
+	});
+	// the justification may contain exactly the same vote (i.e. same precommit and same signature)
+	// multiple times && it isn't treated as an error by original implementation
+	justification.commit.precommits.push(justification.commit.precommits[0].clone());
+	justification.commit.precommits.push(justification.commit.precommits[0].clone());
+
+	// our implementation succeeds
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			TEST_GRANDPA_SET_ID,
+			&full_voter_set(),
+			&justification,
+		),
+		Ok(()),
+	);
+	// original implementation returns `Ok(validation_result)`
+	// with `validation_result.is_valid() == true`.
+	let result = finality_grandpa::validate_commit(
+		&justification.commit,
+		&full_voter_set(),
+		&AncestryChain::new(&justification.votes_ancestries),
+	)
+	.unwrap();
+
+	assert!(result.is_valid());
+}
+
+#[test]
+fn same_result_when_authority_equivocates_once_in_a_round() {
+	let mut justification = make_justification_for_header(JustificationGeneratorParams {
+		header: test_header(1),
+		authorities: minimal_accounts_set(),
+		ancestors: 0,
+		..Default::default()
+	});
+	// the justification original implementation allows authority to submit two different
+	// votes in a single round, of which only first is 'accepted'
+	justification.commit.precommits.push(signed_precommit::<TestHeader>(
+		&ALICE,
+		header_id::<TestHeader>(1),
+		justification.round,
+		TEST_GRANDPA_SET_ID,
+	));
+
+	// our implementation succeeds
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			TEST_GRANDPA_SET_ID,
+			&full_voter_set(),
+			&justification,
+		),
+		Ok(()),
+	);
+	// original implementation returns `Ok(validation_result)`
+	// with `validation_result.is_valid() == true`.
+	let result = finality_grandpa::validate_commit(
+		&justification.commit,
+		&full_voter_set(),
+		&AncestryChain::new(&justification.votes_ancestries),
+	)
+	.unwrap();
+
+	assert!(result.is_valid());
+}
+
+#[test]
+fn same_result_when_authority_equivocates_twice_in_a_round() {
+	let mut justification = make_justification_for_header(JustificationGeneratorParams {
+		header: test_header(1),
+		authorities: minimal_accounts_set(),
+		ancestors: 0,
+		..Default::default()
+	});
+	// there's some code in the original implementation that should return an error when
+	// same authority submits more than two different votes in a single round:
+	// https://github.com/paritytech/finality-grandpa/blob/6aeea2d1159d0f418f0b86e70739f2130629ca09/src/lib.rs#L473
+	// but there's also a code that prevents this from happening:
+	// https://github.com/paritytech/finality-grandpa/blob/6aeea2d1159d0f418f0b86e70739f2130629ca09/src/round.rs#L287
+	// => so now we are also just ignoring all votes from the same authority, except the first one
+	justification.commit.precommits.push(signed_precommit::<TestHeader>(
+		&ALICE,
+		header_id::<TestHeader>(1),
+		justification.round,
+		TEST_GRANDPA_SET_ID,
+	));
+	justification.commit.precommits.push(signed_precommit::<TestHeader>(
+		&ALICE,
+		header_id::<TestHeader>(1),
+		justification.round,
+		TEST_GRANDPA_SET_ID,
+	));
+
+	// our implementation succeeds
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			TEST_GRANDPA_SET_ID,
+			&full_voter_set(),
+			&justification,
+		),
+		Ok(()),
+	);
+	// original implementation returns `Ok(validation_result)`
+	// with `validation_result.is_valid() == true`.
+	let result = finality_grandpa::validate_commit(
+		&justification.commit,
+		&full_voter_set(),
+		&AncestryChain::new(&justification.votes_ancestries),
+	)
+	.unwrap();
+
+	assert!(result.is_valid());
+}
+
+#[test]
+fn same_result_when_there_are_not_enough_cumulative_weight_to_finalize_commit_target() {
+	// just remove one authority from the minimal set and we shall not reach the threshold
+	let mut authorities_set = minimal_accounts_set();
+	authorities_set.pop();
+	let justification = make_justification_for_header(JustificationGeneratorParams {
+		header: test_header(1),
+		authorities: authorities_set,
+		..Default::default()
+	});
+
+	// our implementation returns an error
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			TEST_GRANDPA_SET_ID,
+			&full_voter_set(),
+			&justification,
+		),
+		Err(Error::TooLowCumulativeWeight),
+	);
+	// original implementation returns `Ok(validation_result)`
+	// with `validation_result.is_valid() == false`.
+	let result = finality_grandpa::validate_commit(
+		&justification.commit,
+		&full_voter_set(),
+		&AncestryChain::new(&justification.votes_ancestries),
+	)
+	.unwrap();
+
+	assert!(!result.is_valid());
+}

primitives/header-chain/tests/justification.rs

@@ -0,0 +1,192 @@
+// Copyright 2020-2021 Parity Technologies (UK) Ltd.
+// This file is part of Parity Bridges Common.
+
+// Parity Bridges Common is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity Bridges Common is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity Bridges Common.  If not, see <http://www.gnu.org/licenses/>.
+
+//! Tests for Grandpa Justification code.
+
+use bp_header_chain::justification::{verify_justification, Error};
+use bp_test_utils::*;
+
+type TestHeader = sp_runtime::testing::Header;
+
+#[test]
+fn valid_justification_accepted() {
+	let authorities = vec![(ALICE, 1), (BOB, 1), (CHARLIE, 1), (DAVE, 1)];
+	let params = JustificationGeneratorParams {
+		header: test_header(1),
+		round: TEST_GRANDPA_ROUND,
+		set_id: TEST_GRANDPA_SET_ID,
+		authorities: authorities.clone(),
+		ancestors: 7,
+		forks: 3,
+	};
+
+	let justification = make_justification_for_header::<TestHeader>(params.clone());
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			TEST_GRANDPA_SET_ID,
+			&voter_set(),
+			&justification,
+		),
+		Ok(()),
+	);
+
+	assert_eq!(justification.commit.precommits.len(), authorities.len());
+	assert_eq!(justification.votes_ancestries.len(), params.ancestors as usize);
+}
+
+#[test]
+fn valid_justification_accepted_with_single_fork() {
+	let params = JustificationGeneratorParams {
+		header: test_header(1),
+		round: TEST_GRANDPA_ROUND,
+		set_id: TEST_GRANDPA_SET_ID,
+		authorities: vec![(ALICE, 1), (BOB, 1), (CHARLIE, 1), (DAVE, 1), (EVE, 1)],
+		ancestors: 5,
+		forks: 1,
+	};
+
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			TEST_GRANDPA_SET_ID,
+			&voter_set(),
+			&make_justification_for_header::<TestHeader>(params)
+		),
+		Ok(()),
+	);
+}
+
+#[test]
+fn valid_justification_accepted_with_arbitrary_number_of_authorities() {
+	use finality_grandpa::voter_set::VoterSet;
+	use sp_finality_grandpa::AuthorityId;
+
+	let n = 15;
+	let authorities = accounts(n).iter().map(|k| (*k, 1)).collect::<Vec<_>>();
+
+	let params = JustificationGeneratorParams {
+		header: test_header(1),
+		round: TEST_GRANDPA_ROUND,
+		set_id: TEST_GRANDPA_SET_ID,
+		authorities: authorities.clone(),
+		ancestors: n.into(),
+		forks: n.into(),
+	};
+
+	let authorities = authorities
+		.iter()
+		.map(|(id, w)| (AuthorityId::from(*id), *w))
+		.collect::<Vec<(AuthorityId, _)>>();
+	let voter_set = VoterSet::new(authorities).unwrap();
+
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			TEST_GRANDPA_SET_ID,
+			&voter_set,
+			&make_justification_for_header::<TestHeader>(params)
+		),
+		Ok(()),
+	);
+}
+
+#[test]
+fn justification_with_invalid_target_rejected() {
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(2),
+			TEST_GRANDPA_SET_ID,
+			&voter_set(),
+			&make_default_justification::<TestHeader>(&test_header(1)),
+		),
+		Err(Error::InvalidJustificationTarget),
+	);
+}
+
+#[test]
+fn justification_with_invalid_commit_rejected() {
+	let mut justification = make_default_justification::<TestHeader>(&test_header(1));
+	justification.commit.precommits.clear();
+
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			TEST_GRANDPA_SET_ID,
+			&voter_set(),
+			&justification,
+		),
+		Err(Error::ExtraHeadersInVotesAncestries),
+	);
+}
+
+#[test]
+fn justification_with_invalid_authority_signature_rejected() {
+	let mut justification = make_default_justification::<TestHeader>(&test_header(1));
+	justification.commit.precommits[0].signature =
+		sp_core::crypto::UncheckedFrom::unchecked_from([1u8; 64]);
+
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			TEST_GRANDPA_SET_ID,
+			&voter_set(),
+			&justification,
+		),
+		Err(Error::InvalidAuthoritySignature),
+	);
+}
+
+#[test]
+fn justification_with_invalid_precommit_ancestry() {
+	let mut justification = make_default_justification::<TestHeader>(&test_header(1));
+	justification.votes_ancestries.push(test_header(10));
+
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			TEST_GRANDPA_SET_ID,
+			&voter_set(),
+			&justification,
+		),
+		Err(Error::ExtraHeadersInVotesAncestries),
+	);
+}
+
+#[test]
+fn justification_is_invalid_if_we_dont_meet_threshold() {
+	// Need at least three authorities to sign off or else the voter set threshold can't be reached
+	let authorities = vec![(ALICE, 1), (BOB, 1)];
+
+	let params = JustificationGeneratorParams {
+		header: test_header(1),
+		round: TEST_GRANDPA_ROUND,
+		set_id: TEST_GRANDPA_SET_ID,
+		authorities: authorities.clone(),
+		ancestors: 2 * authorities.len() as u32,
+		forks: 2,
+	};
+
+	assert_eq!(
+		verify_justification::<TestHeader>(
+			header_id::<TestHeader>(1),
+			TEST_GRANDPA_SET_ID,
+			&voter_set(),
+			&make_justification_for_header::<TestHeader>(params)
+		),
+		Err(Error::TooLowCumulativeWeight),
+	);
+}