Add new protobuf checks to Go

Author: ethanfrey

go/ops.go

@@ -3,6 +3,7 @@ package ics23
 import (
 	"bytes"
 	"crypto"
+
 	// adds sha256 capability to crypto.SHA256
 	_ "crypto/sha256"
 	// adds sha512 capability to crypto.SHA512
@@ -69,10 +70,20 @@ func (op *InnerOp) Apply(child []byte) ([]byte, error) {
 
 // CheckAgainstSpec will verify the InnerOp is in the format defined in spec
 func (op *InnerOp) CheckAgainstSpec(spec *ProofSpec) error {
+	if op.Hash != spec.InnerSpec.Hash {
+		return errors.Errorf("Unexpected HashOp: %d", op.Hash)
+	}
+
 	leafPrefix := spec.LeafSpec.Prefix
 	if bytes.HasPrefix(op.Prefix, leafPrefix) {
 		return errors.Errorf("Inner Prefix starts with %X", leafPrefix)
 	}
+	if len(op.Prefix) < int(spec.InnerSpec.MinPrefixLength) {
+		return errors.Errorf("InnerOp prefix too short (%d)", len(op.Prefix))
+	}
+	if len(op.Prefix) > int(spec.InnerSpec.MaxPrefixLength) {
+		return errors.Errorf("InnerOp prefix too long (%d)", len(op.Prefix))
+	}
 	return nil
 }
 

go/proof.go

@@ -2,6 +2,7 @@ package ics23
 
 import (
 	"bytes"
+
 	"github.com/pkg/errors"
 )
 
@@ -18,6 +19,7 @@ var IavlSpec = &ProofSpec{
 		MinPrefixLength: 4,
 		MaxPrefixLength: 12,
 		ChildSize:       33, // (with length byte)
+		Hash:            HashOp_SHA256,
 	},
 }
 
@@ -34,6 +36,7 @@ var TendermintSpec = &ProofSpec{
 		MinPrefixLength: 1,
 		MaxPrefixLength: 1,
 		ChildSize:       32, // (no length byte)
+		Hash:            HashOp_SHA256,
 	},
 }
 
@@ -96,6 +99,13 @@ func (p *ExistenceProof) CheckAgainstSpec(spec *ProofSpec) error {
 	if err != nil {
 		return errors.WithMessage(err, "leaf")
 	}
+	if spec.MinDepth > 0 && len(p.Path) < int(spec.MinDepth) {
+		return errors.Errorf("InnerOps depth too short: %d", len(p.Path))
+	}
+	if spec.MaxDepth > 0 && len(p.Path) > int(spec.MaxDepth) {
+		return errors.Errorf("InnerOps depth too long: %d", len(p.Path))
+	}
+
 	for _, inner := range p.Path {
 		if err := inner.CheckAgainstSpec(spec); err != nil {
 			return errors.WithMessage(err, "inner")

go/proof_test.go

@@ -237,12 +237,18 @@ func TestCheckLeaf(t *testing.T) {
 
 func TestCheckAgainstSpec(t *testing.T) {
 	validInner := &InnerOp{
-		Prefix: fromHex("aa"),
+		Hash:   HashOp_SHA256,
+		Prefix: fromHex("aabbccdd"),
 	}
 	invalidInner := &InnerOp{
-		Prefix: fromHex("00aa"),
+		Hash:   HashOp_SHA256,
+		Prefix: fromHex("00aabbccdd"),
 		Suffix: fromHex("bb"),
 	}
+	invalidInner2 := &InnerOp{
+		Hash:   HashOp_SHA512,
+		Prefix: fromHex("aabbccdd"),
+	}
 
 	cases := map[string]struct {
 		proof *ExistenceProof
@@ -315,6 +321,20 @@ func TestCheckAgainstSpec(t *testing.T) {
 			spec:  IavlSpec,
 			isErr: true,
 		},
+		"rejects leaf with invalid inner proof (hash mismatch)": {
+			proof: &ExistenceProof{
+				Key:   []byte("food"),
+				Value: []byte("bar"),
+				Leaf:  IavlSpec.LeafSpec,
+				Path: []*InnerOp{
+					invalidInner2,
+					validInner,
+					validInner,
+				},
+			},
+			spec:  IavlSpec,
+			isErr: true,
+		},
 	}
 
 	for name, tc := range cases {