fixup! feat(offers): add BOLT 12 payer proof primitives

vincenzopalazzo · vincenzopalazzo · commit 9d9411fb320a · 2026-05-22T09:26:52.000+02:00
diff --git a/lightning/src/offers/invoice.rs b/lightning/src/offers/invoice.rs
@@ -1589,7 +1589,7 @@ tlv_stream!(InvoiceTlvStream, InvoiceTlvStreamRef<'a>, INVOICE_TYPES, {
 });
 
 /// Valid type range for experimental invoice TLV records.
-pub(super) const EXPERIMENTAL_INVOICE_TYPES: core::ops::RangeFrom<u64> = 3_000_000_000..;
+pub(super) const EXPERIMENTAL_INVOICE_TYPES: core::ops::Range<u64> = 3_000_000_000..4_000_000_000;
 
 #[cfg(not(test))]
 tlv_stream!(
diff --git a/lightning/src/offers/merkle.rs b/lightning/src/offers/merkle.rs
@@ -10,6 +10,8 @@
 //! Tagged hashes for use in signature calculation and verification.
 
 use crate::io;
+use crate::offers::invoice::{EXPERIMENTAL_INVOICE_TYPES, INVOICE_TYPES};
+use crate::offers::offer::{EXPERIMENTAL_OFFER_TYPES, OFFER_TYPES};
 use crate::util::ser::{BigSize, Readable, Writeable, Writer};
 use bitcoin::hashes::{sha256, Hash, HashEngine};
 use bitcoin::secp256k1::schnorr::Signature;
@@ -396,39 +398,40 @@ pub(super) fn compute_selective_disclosure<'a>(
 
 /// Compute omitted markers per BOLT 12 payer proof spec.
 ///
-/// Each omitted TLV gets a marker that is one greater than the previous included
-/// TLV type or the previous marker, except that a marker of 239 (the top of the
-/// low marker range) is followed by 1_000_000_000 (the start of the high range)
-/// to skip the signature type range. TLV type 0 is implicitly omitted (never
-/// assigned a marker).
+/// Each omitted TLV gets a marker one greater than the previous included TLV
+/// type or the previous marker. If that value would land in the gap between the
+/// invoice TLV range and the experimental range, it jumps to the start of the
+/// experimental range instead. TLV type 0 is implicitly omitted (never assigned
+/// a marker).
 fn compute_omitted_markers<'a>(
 	tlv_data: impl Iterator<Item = &'a TlvMerkleData> + 'a,
 ) -> impl Iterator<Item = u64> + 'a {
 	tlv_data
 		.filter(|data| data.tlv_type != 0)
-		.scan((0u64, false), |(prev_value, prev_included), data| {
+		.scan(0u64, |prev_value, data| {
 			if data.is_included {
 				*prev_value = data.tlv_type;
-				*prev_included = true;
 				Some(None)
 			} else {
-				// Per BOLT 12 PR 1295, omitted-TLV markers live in either `1..=239`
-				// or `1_000_000_000..=3_999_999_999`. When the previous marker was
-				// 239 the next one jumps to the start of the high range rather than
-				// entering the signature type range.
-				let marker = if !*prev_included && *prev_value == 239 {
-					1_000_000_000
+				// Per BOLT 12 PR 1295, omitted-TLV markers live in either the
+				// invoice TLV range or the experimental range. A marker that would
+				// land in the gap between them (the signature/payer-proof range)
+				// jumps to the start of the experimental range.
+				let next = prev_value.saturating_add(1);
+				let marker = if (INVOICE_TYPES.end..EXPERIMENTAL_OFFER_TYPES.start).contains(&next)
+				{
+					EXPERIMENTAL_OFFER_TYPES.start
 				} else {
-					*prev_value + 1
+					next
 				};
 				*prev_value = marker;
-				*prev_included = false;
 				// Real BOLT 12 invoices have far fewer than 239 non-signature TLVs,
-				// so the high range is never reached in practice; this assert
-				// documents and guards the invariant.
+				// so the experimental range is never reached in practice; this
+				// assert documents and guards the invariant.
 				debug_assert!(
-					(1..=239).contains(&marker)
-						|| (1_000_000_000..=3_999_999_999).contains(&marker),
+					(OFFER_TYPES.start..INVOICE_TYPES.end).contains(&marker)
+						|| (EXPERIMENTAL_OFFER_TYPES.start..EXPERIMENTAL_INVOICE_TYPES.end)
+							.contains(&marker),
 					"compute_omitted_markers produced marker {} outside spec ranges",
 					marker,
 				);
@@ -1101,6 +1104,34 @@ mod tests {
 		assert_eq!(markers, expected);
 	}
 
+	/// An *included* TLV at the top of the low range (type 239) followed by an
+	/// omitted TLV: the marker must skip the signature/payer-proof gap and jump
+	/// to the start of the experimental range, not land on 240.
+	#[test]
+	fn compute_omitted_markers_jumps_after_included_at_top_of_low_range() {
+		let dummy_hash = sha256::Hash::all_zeros();
+		let tlv_data = vec![
+			TlvMerkleData { tlv_type: 239, per_tlv_hash: dummy_hash, is_included: true },
+			TlvMerkleData { tlv_type: 1_500_000_000, per_tlv_hash: dummy_hash, is_included: false },
+		];
+		let markers: Vec<u64> = compute_omitted_markers(tlv_data.iter()).collect();
+		assert_eq!(markers, vec![1_000_000_000]);
+	}
+
+	/// After a jump into the experimental range, subsequent omitted markers
+	/// continue sequentially within that range.
+	#[test]
+	fn compute_omitted_markers_continue_in_experimental_range_after_jump() {
+		let dummy_hash = sha256::Hash::all_zeros();
+		let tlv_data = vec![
+			TlvMerkleData { tlv_type: 239, per_tlv_hash: dummy_hash, is_included: true },
+			TlvMerkleData { tlv_type: 3_000_000_000, per_tlv_hash: dummy_hash, is_included: false },
+			TlvMerkleData { tlv_type: 3_000_000_001, per_tlv_hash: dummy_hash, is_included: false },
+		];
+		let markers: Vec<u64> = compute_omitted_markers(tlv_data.iter()).collect();
+		assert_eq!(markers, vec![1_000_000_000, 1_000_000_001]);
+	}
+
 	#[test]
 	fn test_tlv_record_read_value_rejects_trailing_bytes() {
 		use bitcoin::secp256k1::PublicKey;
