fixup! feat(offers): add BOLT 12 payer proof primitives

Author: vincenzopalazzo

lightning/src/offers/merkle.rs

@@ -396,13 +396,28 @@ pub(super) fn compute_selective_disclosure<'a>(
 	Ok(SelectiveDisclosure { leaf_hashes, omitted_markers, missing_hashes, merkle_root })
 }
 
+/// Returns the marker number that follows `prev` (an included TLV type or a
+/// previous marker) per BOLT 12 PR 1295.
+///
+/// A marker is one greater than the previous value, except that a value landing
+/// in the gap between the invoice TLV range and the experimental range (the
+/// signature/payer-proof range) jumps to the start of the experimental range.
+/// The producer and the readers all go through this so their marker sequences
+/// stay in agreement.
+pub(super) fn next_marker(prev: u64) -> u64 {
+	let next = prev.saturating_add(1);
+	if (INVOICE_TYPES.end..EXPERIMENTAL_OFFER_TYPES.start).contains(&next) {
+		EXPERIMENTAL_OFFER_TYPES.start
+	} else {
+		next
+	}
+}
+
 /// Compute omitted markers per BOLT 12 payer proof spec.
 ///
-/// Each omitted TLV gets a marker one greater than the previous included TLV
-/// type or the previous marker. If that value would land in the gap between the
-/// invoice TLV range and the experimental range, it jumps to the start of the
-/// experimental range instead. TLV type 0 is implicitly omitted (never assigned
-/// a marker).
+/// Each omitted TLV gets the marker number following the previous included TLV
+/// type or the previous marker (see [`next_marker`]). TLV type 0 is implicitly
+/// omitted (never assigned a marker).
 fn compute_omitted_markers<'a>(
 	tlv_data: impl Iterator<Item = &'a TlvMerkleData> + 'a,
 ) -> impl Iterator<Item = u64> + 'a {
@@ -413,17 +428,7 @@ fn compute_omitted_markers<'a>(
 				*prev_value = data.tlv_type;
 				Some(None)
 			} else {
-				// Per BOLT 12 PR 1295, omitted-TLV markers live in either the
-				// invoice TLV range or the experimental range. A marker that would
-				// land in the gap between them (the signature/payer-proof range)
-				// jumps to the start of the experimental range.
-				let next = prev_value.saturating_add(1);
-				let marker = if (INVOICE_TYPES.end..EXPERIMENTAL_OFFER_TYPES.start).contains(&next)
-				{
-					EXPERIMENTAL_OFFER_TYPES.start
-				} else {
-					next
-				};
+				let marker = next_marker(*prev_value);
 				*prev_value = marker;
 				// Real BOLT 12 invoices have far fewer than 239 non-signature TLVs,
 				// so the experimental range is never reached in practice; this
@@ -526,7 +531,7 @@ pub(super) fn reconstruct_merkle_root(
 		} else {
 			let marker = omitted_markers[mrk_idx];
 			let inc_type = included_records[inc_idx].r#type;
-			if marker == prev_marker + 1 {
+			if marker == next_marker(prev_marker) {
 				hashes.push(None);
 				prev_marker = marker;
 				mrk_idx += 1;
@@ -615,7 +620,7 @@ fn validate_omitted_markers(markers: &[u64]) -> Result<(), SelectiveDisclosureEr
 /// - After included type X, the next marker in that run equals X + 1
 ///
 /// The algorithm tracks `prev_marker` to detect continuations vs jumps:
-/// - If `marker == prev_marker + 1`: continuation → omitted position
+/// - If `marker == next_marker(prev_marker)`: continuation → omitted position
 /// - Otherwise: jump → included position comes first, then process marker as continuation
 ///
 /// Example: included=[10, 40], markers=[11, 12, 41, 42]
@@ -652,7 +657,7 @@ fn reconstruct_positions(included_types: &[u64], omitted_markers: &[u64]) -> Vec
 			let marker = omitted_markers[mrk_idx];
 			let inc_type = included_types[inc_idx];
 
-			if marker == prev_marker + 1 {
+			if marker == next_marker(prev_marker) {
 				// Continuation of current run → this position is omitted
 				positions.push(false);
 				prev_marker = marker;
@@ -1132,6 +1137,18 @@ mod tests {
 		assert_eq!(markers, vec![1_000_000_000, 1_000_000_001]);
 	}
 
+	/// [`next_marker`] increments by one within a range but jumps over the
+	/// signature/payer-proof gap, so producer and readers stay in agreement.
+	#[test]
+	fn next_marker_jumps_the_gap() {
+		assert_eq!(super::next_marker(0), 1);
+		assert_eq!(super::next_marker(5), 6);
+		assert_eq!(super::next_marker(238), 239);
+		// 240 would land in the signature range, so it jumps to the experimental range.
+		assert_eq!(super::next_marker(239), 1_000_000_000);
+		assert_eq!(super::next_marker(1_000_000_000), 1_000_000_001);
+	}
+
 	#[test]
 	fn test_tlv_record_read_value_rejects_trailing_bytes() {
 		use bitcoin::secp256k1::PublicKey;

lightning/src/offers/payer_proof.rs

@@ -32,8 +32,8 @@ use crate::offers::invoice_request::{
 	ExperimentalInvoiceRequestTlvStream, InvoiceRequestTlvStream, INVOICE_REQUEST_PAYER_ID_TYPE,
 };
 use crate::offers::merkle::{
-	self, SelectiveDisclosure, SelectiveDisclosureError, SignError, TaggedHash, TlvRecord,
-	TlvStream, SIGNATURE_TYPES,
+	self, next_marker, SelectiveDisclosure, SelectiveDisclosureError, SignError, TaggedHash,
+	TlvRecord, TlvStream, SIGNATURE_TYPES,
 };
 use crate::offers::nonce::Nonce;
 use crate::offers::offer::{
@@ -901,10 +901,11 @@ impl TryFrom<Vec<u8>> for PayerProof {
 ///   above the experimental invoice range (`>= 4_000_000_000`) is rejected.
 /// - MUST be in strict ascending order
 /// - MUST NOT contain the number of an included TLV field
-/// - Markers MUST be minimized: each marker must be exactly prev_value + 1 within
-///   a run, and the first marker after an included type X must be X + 1. This
-///   naturally allows a trailing run of omitted TLVs after the final included
-///   type.
+/// - Markers MUST be minimized: each marker is the marker number following the
+///   previous marker (or the previous included type X) — one greater, except a
+///   value that would land in the signature/payer-proof gap jumps to the
+///   experimental range. This naturally allows a trailing run of omitted TLVs
+///   after the final included type.
 fn validate_omitted_markers_for_parsing(
 	omitted_markers: &[u64], included_types: &BTreeSet<u64>,
 ) -> Result<(), DecodeError> {
@@ -945,7 +946,7 @@ fn validate_omitted_markers_for_parsing(
 		if marker != expected_next {
 			let mut found = false;
 			for inc_type in inc_iter.by_ref() {
-				if inc_type + 1 == marker {
+				if next_marker(inc_type) == marker {
 					found = true;
 					break;
 				}
@@ -958,7 +959,7 @@ fn validate_omitted_markers_for_parsing(
 			}
 		}
 
-		expected_next = marker + 1;
+		expected_next = next_marker(marker);
 		prev = marker;
 	}
 
@@ -1445,6 +1446,41 @@ mod tests {
 		assert!(result.is_ok());
 	}
 
+	/// Reproduces the producer/consumer gap-jump mismatch.
+	///
+	/// `compute_omitted_markers` emits `[1, ..., 239, 1_000_000_000]` for 240
+	/// consecutive omitted TLVs (see the merkle.rs test
+	/// `compute_omitted_markers_jumps_to_high_range_after_239`): the marker after
+	/// 239 jumps over the signature/payer-proof gap into the experimental range.
+	/// `validate_omitted_markers_for_parsing` must accept that jump as a valid
+	/// minimized sequence, otherwise a proof the producer can legitimately build
+	/// is rejected on parse.
+	#[test]
+	fn test_validate_omitted_markers_accepts_gap_jump() {
+		let mut omitted: Vec<u64> = (1..=239).collect();
+		omitted.push(1_000_000_000);
+		let included: BTreeSet<u64> = BTreeSet::new();
+
+		let result = validate_omitted_markers_for_parsing(&omitted, &included);
+		assert!(result.is_ok(), "gap-jumped markers must be accepted, got {:?}", result);
+	}
+
+	/// An included TLV of type 239 followed by an omitted TLV: the producer emits
+	/// marker `next_marker(239)` = `1_000_000_000`. The reader's
+	/// jump-after-included-type path must accept it.
+	#[test]
+	fn test_validate_omitted_markers_accepts_gap_jump_after_included() {
+		let omitted = vec![1_000_000_000];
+		let included: BTreeSet<u64> = [239].iter().copied().collect();
+
+		let result = validate_omitted_markers_for_parsing(&omitted, &included);
+		assert!(
+			result.is_ok(),
+			"gap-jump after included type 239 must be accepted, got {:?}",
+			result
+		);
+	}
+
 	/// Test that non-minimized markers are rejected.
 	#[test]
 	fn test_validate_omitted_markers_rejects_non_minimized() {