pezkuwichain/pezkuwi-subxt
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-subxt.git synced 2026-06-28 00:31:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
52c1913fff981ed295f11787f0edbd85e21934a0
pezkuwi-subxt/bridges/modules/substrate/src/justification.rs
T
Hernando Castano 44beb30836 Initial Substrate Header Chain Implementation (#296) 
* Add pallet template from Substrate Dev Hub

* Clean up un-needed stuff from template

* Sketch out dispatchable interface

* Introduce notion of finality chain

* Add dependencies which were removed during a rebase

* Sketch out idea for finality header-chain pallet

* Sketch out ChainVerifier trait

* Add storage parameter to verifier

* Write out some things I think I need for finality verification

* Add some pseudocode for marking finalized headers

* Remove parity_scale_codec duplicate

* Move verification logic into pallet

I've been struggling with getting the generic types between the storage and verifier
traits to play nice with each other. As a way to continue making progress I'm moving
everything to the pallet. This way I hope to make progress towards a functional
pallet.

* Start doing verification around authority set changes

* Remove commented BridgeStorage and ChainVerifier traits

* Create Substrate bridge primitives crate

* Add logic for updating scheduled authority sets

* Introduce notion of imported headers

* Implement basic header ancestry checker

* Add mock runtime for tests

* Add testing boilerplate

* Add some storage read/write sanity tests

* Add some basic header import tests

* Add tests for ancestry proofs

* Create helper for changing authority sets

* Fix authority set test

Fixes a problem with how the scheduled change was counted as well as
a SCALE encoding issue

* Correctly check for scheduled change digests

There's no guarantee that the consensus digest item will be the last
one in a header, which is how it was previously being checked.

Thanks to Andre for pointing me to the Grandpa code that does this.

* Mark imported headers as finalized when appropriate

When a header that finalizes a chain of headers is succesfully imported
we also want to mark its ancestors as finalized.

* Add helper for writing test headers

* Add test helper for scheduling authority set changes

* Bump Substrate pallet and primitives to rc6

* Remove Millau verifier implementation

* Add some doc comments

* Remove some needless returns

* Make Clippy happy

* Split block import from finalization

* Make tests compile again

* Add test for finalizing header after importing children

* Create a test stub for importing future justifications

* Start adding genesis config

* Reject justifications from future

We should only be accepting justifications for the header
which enacted the current authority set. Any ancestors of
that header which require a justification can be imported
but they must not be finalized.

* Add explanation to some `expect()` calls

* Start adding GenesisConfig

* Plug genesis config into runtime

* Remove tests module

* Check for overflow when updating authority sets

* Make verifier take ownership of headers during import

* Only store best finalized header hash

Removed the need to store the whole header, since we store
it was part of the ImportedHeaders structure anyways

* Add some helpers to ImportedHeader

* Update ancestry checker to work with ImportedHeaders

* Update ancestry tests to use ImportedHeaders

* Update import tests to use ImportedHeaders

* Clean up some of the test helpers

* Remove stray dbg!

* Add doc comments throughout

* Remove runtime related code

* Fix Clippy warnings

* Remove trait bound on ImportedHeader struct

* Simplify checks in GenesisConfig

* Rename `get_header_by_hash()`

* Alias `parity_scale_codec` to `codec`

* Reword Verifier documentation

* Missed codec rename in tests

* Split ImportError into FinalizationError

* Remove ChainVerifier trait

This trait was a remenant of the original design, and it is not required
at the moment. Something like it should be added back in the future to
ensure that other chains which conform to this interface can be used
by higher-level bridge applications.

* Fix the verifier tests so they compile

* Implement Deref for ImportedHeader

* Get rid of `new` methods for some Substrate primitives

* Ensure that a child header's number follows its parent's

* Prevent ancestry checker from aimlessly traversing to genesis

If an ancestor which was newer than the child header we were checking we
would walk all the way to genesis before realizing that we weren't related.
This commit fixes that.

* Remove redundant clones

* Ensure that old headers are not finalized

Prevents a panic where if the header being imported and `best_finalized`
were the same header the ancestry checker would return an empty list. We
had made an assumption that the list would always be populated, and if this
didn't hold we would end up panicking.

* Disallow imports at same height as `best_finalized`

* Fix Clippy warnings

* Make NextScheduledChange optional

* Rework how scheduled authority set changes are enacted

We now require a justification for headers which _enact_ changes
instead of those which _schedule_ changes. A few changes had to
be made to accomodate this, such as changing when we check for
scheduled change logs in incoming headers.

* Update documentation for Substrate Primitives

* Clarify why we skip header in requires_justification check

* Add description to assert! call

* Fix formatting within macros

* Remove unused dependencies from runtime

* Remove expect call in GenesisConfig

* Turn FinalityProof into a struct

* Add some inline TODOs for follow up PRs

* Remove test which enacted multiple changes

This should be added back at some later point in time, but right now
the code doesn't allow for this behaviour.

* Use `contains_key` when checking for header

This is better than using `get().is_some()` since we skip
decoding the storage value

* Use initial hash when updating best_finalized

* Add better checks around enacting scheduled changes

* Rename finality related functions

* Appease Clippy
2024-04-10 10:28:37 +02:00

331 lines
9.5 KiB
Rust
Raw Blame History

// Copyright 2019-2020 Parity Technologies (UK) Ltd.
// This file is part of Parity Bridges Common.
// Parity Bridges Common is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// Parity Bridges Common is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with Parity Bridges Common. If not, see <http://www.gnu.org/licenses/>.
//! Adapted copy of substrate/client/finality-grandpa/src/justification.rs. If origin
//! will ever be moved to the sp_finality_grandpa, we should reuse that implementation.
// TODO: remove on actual use
#![allow(dead_code)]
use codec::Decode;
use finality_grandpa::{voter_set::VoterSet, Chain, Error as GrandpaError};
use frame_support::RuntimeDebug;
use sp_finality_grandpa::{AuthorityId, AuthoritySignature, SetId};
use sp_runtime::traits::Header as HeaderT;
use sp_std::collections::{btree_map::BTreeMap, btree_set::BTreeSet};
use sp_std::prelude::Vec;
/// Justification verification error.
#[derive(RuntimeDebug, PartialEq)]
pub enum Error {
/// Failed to decode justification.
JustificationDecode,
/// Justification is finalizing unexpected header.
InvalidJustificationTarget,
/// Invalid commit in justification.
InvalidJustificationCommit,
/// Justification has invalid authority singature.
InvalidAuthoritySignature,
/// The justification has precommit for the header that has no route from the target header.
InvalidPrecommitAncestryProof,
/// The justification has 'unused' headers in its precommit ancestries.
InvalidPrecommitAncestries,
}
/// Verify that justification, that is generated by given authority set, finalizes given header.
pub fn verify_justification<Header: HeaderT>(
finalized_target: (Header::Hash, Header::Number),
authorities_set_id: SetId,
authorities_set: VoterSet<AuthorityId>,
raw_justification: &[u8],
) -> Result<(), Error>
where
Header::Number: finality_grandpa::BlockNumberOps,
{
// decode justification first
let justification =
GrandpaJustification::<Header>::decode(&mut &raw_justification[..]).map_err(|_| Error::JustificationDecode)?;
// ensure that it is justification for the expected header
if (justification.commit.target_hash, justification.commit.target_number) != finalized_target {
return Err(Error::InvalidJustificationTarget);
}
// validate commit of the justification (it just assumes all signatures are valid)
let ancestry_chain = AncestryChain::new(&justification.votes_ancestries);
match finality_grandpa::validate_commit(&justification.commit, &authorities_set, &ancestry_chain) {
Ok(ref result) if result.ghost().is_some() => {}
_ => return Err(Error::InvalidJustificationCommit),
}
// now that we know that the commit is correct, check authorities signatures
let mut buf = Vec::new();
let mut visited_hashes = BTreeSet::new();
for signed in &justification.commit.precommits {
if !sp_finality_grandpa::check_message_signature_with_buffer(
&finality_grandpa::Message::Precommit(signed.precommit.clone()),
&signed.id,
&signed.signature,
justification.round,
authorities_set_id,
&mut buf,
) {
return Err(Error::InvalidAuthoritySignature);
}
if justification.commit.target_hash == signed.precommit.target_hash {
continue;
}
match ancestry_chain.ancestry(justification.commit.target_hash, signed.precommit.target_hash) {
Ok(route) => {
// ancestry starts from parent hash but the precommit target hash has been visited
visited_hashes.insert(signed.precommit.target_hash);
visited_hashes.extend(route);
}
_ => {
// could this happen in practice? I don't think so, but original code has this check
return Err(Error::InvalidPrecommitAncestryProof);
}
}
}
let ancestry_hashes = justification
.votes_ancestries
.iter()
.map(|h: &Header| h.hash())
.collect();
if visited_hashes != ancestry_hashes {
return Err(Error::InvalidPrecommitAncestries);
}
Ok(())
}
/// GRANDPA justification of the bridged chain
#[derive(Decode, RuntimeDebug)]
#[cfg_attr(test, derive(codec::Encode))]
struct GrandpaJustification<Header: HeaderT> {
round: u64,
commit: finality_grandpa::Commit<Header::Hash, Header::Number, AuthoritySignature, AuthorityId>,
votes_ancestries: Vec<Header>,
}
/// A utility trait implementing `finality_grandpa::Chain` using a given set of headers.
struct AncestryChain<Header: HeaderT> {
ancestry: BTreeMap<Header::Hash, Header::Hash>,
}
impl<Header: HeaderT> AncestryChain<Header> {
fn new(ancestry: &[Header]) -> AncestryChain<Header> {
AncestryChain {
ancestry: ancestry
.iter()
.map(|header| (header.hash(), *header.parent_hash()))
.collect(),
}
}
}
impl<Header: HeaderT> finality_grandpa::Chain<Header::Hash, Header::Number> for AncestryChain<Header>
where
Header::Number: finality_grandpa::BlockNumberOps,
{
fn ancestry(&self, base: Header::Hash, block: Header::Hash) -> Result<Vec<Header::Hash>, GrandpaError> {
let mut route = Vec::new();
let mut current_hash = block;
loop {
if current_hash == base {
break;
}
match self.ancestry.get(&current_hash).cloned() {
Some(parent_hash) => {
current_hash = parent_hash;
route.push(current_hash);
}
_ => return Err(GrandpaError::NotDescendent),
}
}
route.pop(); // remove the base
Ok(route)
}
fn best_chain_containing(&self, _block: Header::Hash) -> Option<(Header::Hash, Header::Number)> {
unreachable!("is only used during voting; qed")
}
}
#[cfg(test)]
mod tests {
use super::*;
use codec::Encode;
use sp_core::H256;
use sp_keyring::Ed25519Keyring;
use sp_runtime::traits::BlakeTwo256;
const TEST_GRANDPA_ROUND: u64 = 1;
const TEST_GRANDPA_SET_ID: SetId = 1;
type TestHeader = sp_runtime::generic::Header<u64, BlakeTwo256>;
fn header(index: u8) -> TestHeader {
TestHeader::new(
index as _,
Default::default(),
Default::default(),
if index == 0 {
Default::default()
} else {
header(index - 1).hash()
},
Default::default(),
)
}
fn header_id(index: u8) -> (H256, u64) {
(header(index).hash(), index as _)
}
fn authorities_set() -> VoterSet<AuthorityId> {
VoterSet::new(vec![
(Ed25519Keyring::Alice.public().into(), 1),
(Ed25519Keyring::Bob.public().into(), 1),
(Ed25519Keyring::Charlie.public().into(), 1),
])
.unwrap()
}
fn signed_precommit(
signer: Ed25519Keyring,
target: (H256, u64),
) -> finality_grandpa::SignedPrecommit<H256, u64, AuthoritySignature, AuthorityId> {
let precommit = finality_grandpa::Precommit {
target_hash: target.0,
target_number: target.1,
};
let encoded = sp_finality_grandpa::localized_payload(
TEST_GRANDPA_ROUND,
TEST_GRANDPA_SET_ID,
&finality_grandpa::Message::Precommit(precommit.clone()),
);
let signature = signer.sign(&encoded[..]).into();
finality_grandpa::SignedPrecommit {
precommit,
signature,
id: signer.public().into(),
}
}
fn make_justification_for_header_1() -> GrandpaJustification<TestHeader> {
GrandpaJustification {
round: TEST_GRANDPA_ROUND,
commit: finality_grandpa::Commit {
target_hash: header_id(1).0,
target_number: header_id(1).1,
precommits: vec![
signed_precommit(Ed25519Keyring::Alice, header_id(2)),
signed_precommit(Ed25519Keyring::Bob, header_id(3)),
signed_precommit(Ed25519Keyring::Charlie, header_id(4)),
],
},
votes_ancestries: vec![header(2), header(3), header(4)],
}
}
#[test]
fn justification_with_invalid_encoding_rejected() {
assert_eq!(
verify_justification::<TestHeader>(header_id(1), TEST_GRANDPA_SET_ID, authorities_set(), &[],),
Err(Error::JustificationDecode),
);
}
#[test]
fn justification_with_invalid_target_rejected() {
assert_eq!(
verify_justification::<TestHeader>(
header_id(2),
TEST_GRANDPA_SET_ID,
authorities_set(),
&make_justification_for_header_1().encode(),
),
Err(Error::InvalidJustificationTarget),
);
}
#[test]
fn justification_with_invalid_commit_rejected() {
let mut justification = make_justification_for_header_1();
justification.commit.precommits.clear();
assert_eq!(
verify_justification::<TestHeader>(
header_id(1),
TEST_GRANDPA_SET_ID,
authorities_set(),
&justification.encode(),
),
Err(Error::InvalidJustificationCommit),
);
}
#[test]
fn justification_with_invalid_authority_signature_rejected() {
let mut justification = make_justification_for_header_1();
justification.commit.precommits[0].signature = Default::default();
assert_eq!(
verify_justification::<TestHeader>(
header_id(1),
TEST_GRANDPA_SET_ID,
authorities_set(),
&justification.encode(),
),
Err(Error::InvalidAuthoritySignature),
);
}
#[test]
fn justification_with_invalid_precommit_ancestry() {
let mut justification = make_justification_for_header_1();
justification.votes_ancestries.push(header(10));
assert_eq!(
verify_justification::<TestHeader>(
header_id(1),
TEST_GRANDPA_SET_ID,
authorities_set(),
&justification.encode(),
),
Err(Error::InvalidPrecommitAncestries),
);
}
#[test]
fn valid_justification_accepted() {
assert_eq!(
verify_justification::<TestHeader>(
header_id(1),
TEST_GRANDPA_SET_ID,
authorities_set(),
&make_justification_for_header_1().encode(),
),
Ok(()),
);
}
}
Reference in New Issue View Git Blame Copy Permalink