proof: update parsing to return error if unknown even type encountered

Author: guggero

proof/meta.go

@@ -42,7 +42,7 @@ const (
 	// minted asset to express the decimal display of the minted asset.
 	MetadataDecDisplayKey = "decimal_display"
 
-	// maxDecDisplay is the maximum value of decimal display that a user can
+	// MaxDecDisplay is the maximum value of decimal display that a user can
 	// define when minting assets. Since the uint64 max value has 19 decimal
 	// places we will allow for a max of 12 decimal places.
 	MaxDecDisplay = uint32(12)
@@ -101,7 +101,8 @@ type MetaReveal struct {
 	Data []byte
 }
 
-// A subset of Integer that excludes int8, since we never use it in practice.
+// SizableInteger is a subset of Integer that excludes int8, since we never use
+// it in practice.
 type SizableInteger interface {
 	constraints.Unsigned | ~int | ~int16 | ~int32 | ~int64
 }
@@ -365,5 +366,9 @@ func (m *MetaReveal) Decode(r io.Reader) error {
 	if err != nil {
 		return err
 	}
-	return stream.Decode(r)
+
+	// Note, we can't use the DecodeP2P method here, because the meta data
+	// itself can be larger than 65k bytes. But we impose limits in the
+	// individual decoding functions.
+	return asset.TlvStrictDecode(stream, r, KnownMetaRevealTypes)
 }

proof/proof.go

@@ -427,7 +427,7 @@ func (p *Proof) Decode(r io.Reader) error {
 	// Note, we can't use the DecodeP2P method here, because the additional
 	// inputs records might be larger than 64k each. Instead, we add
 	// individual limits to each record.
-	return stream.Decode(r)
+	return asset.TlvStrictDecode(stream, r, KnownProofTypes)
 }
 
 // Record returns a TLV record that can be used to encode/decode a Proof to/from

proof/proof_test.go

@@ -939,6 +939,31 @@ func runBIPTestVector(t *testing.T, testVectors *TestVectors) {
 				buf.Bytes(),
 			)
 
+			// Make sure the proof in the test vectors doesn't use
+			// a record type we haven't marked as known/supported
+			// yet. If the following check fails, you need to update
+			// the KnownProofTypes set.
+			for _, record := range p.EncodeRecords() {
+				require.Contains(
+					tt, KnownProofTypes, record.Type(),
+				)
+			}
+
+			checkTaprootProofTypes(tt, p.InclusionProof)
+			for i := range p.ExclusionProofs {
+				checkTaprootProofTypes(tt, p.ExclusionProofs[i])
+			}
+
+			if p.MetaReveal != nil {
+				metaRecords := p.MetaReveal.EncodeRecords()
+				for _, records := range metaRecords {
+					require.Contains(
+						tt, KnownMetaRevealTypes,
+						records.Type(),
+					)
+				}
+			}
+
 			// Create nice diff if things don't match.
 			if !areEqual {
 				expectedProof := &Proof{}
@@ -986,6 +1011,48 @@ func runBIPTestVector(t *testing.T, testVectors *TestVectors) {
 	}
 }
 
+// checkTaprootProofTypes ensures that the taproot proof contains only known
+// TLV types.
+func checkTaprootProofTypes(t *testing.T, p TaprootProof) {
+	for _, record := range p.EncodeRecords() {
+		require.Contains(t, KnownTaprootProofTypes, record.Type())
+	}
+
+	if p.CommitmentProof != nil {
+		for _, record := range p.CommitmentProof.EncodeRecords() {
+			require.Contains(
+				t, KnownCommitmentProofTypes, record.Type(),
+			)
+
+			tap := p.CommitmentProof.TaprootAssetProof
+			types := commitment.KnownTaprootAssetProofTypes
+			for _, record := range tap.Records() {
+				require.Contains(
+					t, types, record.Type(),
+				)
+			}
+
+			if p.CommitmentProof.AssetProof != nil {
+				ap := p.CommitmentProof.AssetProof
+				types := commitment.KnownAssetProofTypes
+				for _, record := range ap.Records() {
+					require.Contains(
+						t, types, record.Type(),
+					)
+				}
+			}
+		}
+	}
+
+	if p.TapscriptProof != nil {
+		for _, record := range p.TapscriptProof.EncodeRecords() {
+			require.Contains(
+				t, KnownTapscriptProofTypes, record.Type(),
+			)
+		}
+	}
+}
+
 func init() {
 	logWriter := build.NewRotatingLogWriter()
 	logger := logWriter.GenSubLogger(Subsystem, func() {})

proof/records.go

@@ -7,6 +7,7 @@ import (
 	"github.com/btcsuite/btcd/wire"
 	"github.com/lightninglabs/taproot-assets/asset"
 	"github.com/lightninglabs/taproot-assets/commitment"
+	"github.com/lightninglabs/taproot-assets/fn"
 	"github.com/lightningnetwork/lnd/tlv"
 )
 
@@ -45,6 +46,45 @@ const (
 	MetaRevealDataType     tlv.Type = 2
 )
 
+// KnownProofTypes is a set of all known proof TLV types. This set is asserted
+// to be complete by a check in the BIP test vector unit tests.
+var KnownProofTypes = fn.NewSet(
+	VersionType, PrevOutType, BlockHeaderType, AnchorTxType,
+	TxMerkleProofType, AssetLeafType, InclusionProofType,
+	ExclusionProofsType, SplitRootProofType, MetaRevealType,
+	AdditionalInputsType, ChallengeWitnessType, BlockHeightType,
+	GenesisRevealType, GroupKeyRevealType,
+)
+
+// KnownTaprootProofTypes is a set of all known Taproot proof TLV types. This
+// set is asserted to be complete by a check in the BIP test vector unit tests.
+var KnownTaprootProofTypes = fn.NewSet(
+	TaprootProofOutputIndexType, TaprootProofInternalKeyType,
+	TaprootProofCommitmentProofType, TaprootProofTapscriptProofType,
+)
+
+// KnownCommitmentProofTypes is a set of all known commitment proof TLV types.
+// This set is asserted to be complete by a check in the BIP test vector unit
+// tests.
+var KnownCommitmentProofTypes = fn.NewSet(
+	commitment.ProofAssetProofType, commitment.ProofTaprootAssetProofType,
+	CommitmentProofTapSiblingPreimageType,
+)
+
+// KnownTapscriptProofTypes is a set of all known Tapscript proof TLV types.
+// This set is asserted to be complete by a check in the BIP test vector unit
+// tests.
+var KnownTapscriptProofTypes = fn.NewSet(
+	TapscriptProofTapPreimage1, TapscriptProofTapPreimage2,
+	TapscriptProofBip86,
+)
+
+// KnownMetaRevealTypes is a set of all known meta reveal TLV types. This set is
+// asserted to be complete by a check in the BIP test vector unit tests.
+var KnownMetaRevealTypes = fn.NewSet(
+	MetaRevealEncodingType, MetaRevealDataType,
+)
+
 func VersionRecord(version *TransitionVersion) tlv.Record {
 	return tlv.MakeStaticRecord(
 		VersionType, version, 4, VersionEncoder, VersionDecoder,

proof/taproot.go

@@ -74,7 +74,8 @@ func (p *CommitmentProof) Decode(r io.Reader) error {
 	if err != nil {
 		return err
 	}
-	return stream.Decode(r)
+
+	return asset.TlvStrictDecodeP2P(stream, r, KnownCommitmentProofTypes)
 }
 
 // TapscriptProof represents a proof of a Taproot output not including a
@@ -139,7 +140,8 @@ func (p *TapscriptProof) Decode(r io.Reader) error {
 	if err != nil {
 		return err
 	}
-	return stream.Decode(r)
+
+	return asset.TlvStrictDecodeP2P(stream, r, KnownTapscriptProofTypes)
 }
 
 // TaprootProof represents a proof that reveals the partial contents to a
@@ -208,7 +210,8 @@ func (p *TaprootProof) Decode(r io.Reader) error {
 	if err != nil {
 		return err
 	}
-	return stream.DecodeP2P(r)
+
+	return asset.TlvStrictDecodeP2P(stream, r, KnownTaprootProofTypes)
 }
 
 // deriveTaprootKey derives the taproot key backing a Taproot Asset commitment.