1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-22 22:38:08 +00:00

Bech32 (BIP173) address support

This commit is contained in:
Jochen Hoenicke 2017-10-09 09:42:37 +02:00 committed by Pavol Rusnak
parent 56114cc0a6
commit 506167e3f2
5 changed files with 485 additions and 0 deletions

View File

@ -50,6 +50,7 @@ SRCS += blake2b.c blake2s.c
SRCS += chacha20poly1305/chacha20poly1305.c chacha20poly1305/chacha_merged.c chacha20poly1305/poly1305-donna.c chacha20poly1305/rfc7539.c
SRCS += rc4.c
SRCS += nem.c
SRCS += segwit_addr.c
OBJS = $(SRCS:.c=.o)

187
segwit_addr.c Normal file
View File

@ -0,0 +1,187 @@
/* Copyright (c) 2017 Pieter Wuille
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include "segwit_addr.h"
uint32_t bech32_polymod_step(uint32_t pre) {
uint8_t b = pre >> 25;
return ((pre & 0x1FFFFFF) << 5) ^
(-((b >> 0) & 1) & 0x3b6a57b2UL) ^
(-((b >> 1) & 1) & 0x26508e6dUL) ^
(-((b >> 2) & 1) & 0x1ea119faUL) ^
(-((b >> 3) & 1) & 0x3d4233ddUL) ^
(-((b >> 4) & 1) & 0x2a1462b3UL);
}
static const char* charset = "qpzry9x8gf2tvdw0s3jn54khce6mua7l";
static const int8_t charset_rev[128] = {
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
15, -1, 10, 17, 21, 20, 26, 30, 7, 5, -1, -1, -1, -1, -1, -1,
-1, 29, -1, 24, 13, 25, 9, 8, 23, -1, 18, 22, 31, 27, 19, -1,
1, 0, 3, 16, 11, 28, 12, 14, 6, 4, 2, -1, -1, -1, -1, -1,
-1, 29, -1, 24, 13, 25, 9, 8, 23, -1, 18, 22, 31, 27, 19, -1,
1, 0, 3, 16, 11, 28, 12, 14, 6, 4, 2, -1, -1, -1, -1, -1
};
int bech32_encode(char *output, const char *hrp, const uint8_t *data, size_t data_len) {
uint32_t chk = 1;
size_t i = 0;
while (hrp[i] != 0) {
if (hrp[i] >= 'A' && hrp[i] <= 'Z') return 0;
if (!(hrp[i] >> 5)) return 0;
chk = bech32_polymod_step(chk) ^ (hrp[i] >> 5);
++i;
}
if (i + 7 + data_len > 90) return 0;
chk = bech32_polymod_step(chk);
while (*hrp != 0) {
chk = bech32_polymod_step(chk) ^ (*hrp & 0x1f);
*(output++) = *(hrp++);
}
*(output++) = '1';
for (i = 0; i < data_len; ++i) {
if (*data >> 5) return 0;
chk = bech32_polymod_step(chk) ^ (*data);
*(output++) = charset[*(data++)];
}
for (i = 0; i < 6; ++i) {
chk = bech32_polymod_step(chk);
}
chk ^= 1;
for (i = 0; i < 6; ++i) {
*(output++) = charset[(chk >> ((5 - i) * 5)) & 0x1f];
}
*output = 0;
return 1;
}
int bech32_decode(char* hrp, uint8_t *data, size_t *data_len, const char *input) {
uint32_t chk = 1;
size_t i;
size_t input_len = strlen(input);
size_t hrp_len;
int have_lower = 0, have_upper = 0;
if (input_len < 8 || input_len > 90) {
return 0;
}
*data_len = 0;
while (*data_len < input_len && input[(input_len - 1) - *data_len] != '1') {
++(*data_len);
}
hrp_len = input_len - (1 + *data_len);
if (hrp_len < 1 || *data_len < 6) {
return 0;
}
*(data_len) -= 6;
for (i = 0; i < hrp_len; ++i) {
int ch = input[i];
if (ch < 33 || ch > 126) {
return 0;
}
if (ch >= 'a' && ch <= 'z') {
have_lower = 1;
} else if (ch >= 'A' && ch <= 'Z') {
have_upper = 1;
ch = (ch - 'A') + 'a';
}
hrp[i] = ch;
chk = bech32_polymod_step(chk) ^ (ch >> 5);
}
hrp[i] = 0;
chk = bech32_polymod_step(chk);
for (i = 0; i < hrp_len; ++i) {
chk = bech32_polymod_step(chk) ^ (input[i] & 0x1f);
}
++i;
while (i < input_len) {
int v = (input[i] & 0x80) ? -1 : charset_rev[(int)input[i]];
if (input[i] >= 'a' && input[i] <= 'z') have_lower = 1;
if (input[i] >= 'A' && input[i] <= 'Z') have_upper = 1;
if (v == -1) {
return 0;
}
chk = bech32_polymod_step(chk) ^ v;
if (i + 6 < input_len) {
data[i - (1 + hrp_len)] = v;
}
++i;
}
if (have_lower && have_upper) {
return 0;
}
return chk == 1;
}
static int convert_bits(uint8_t* out, size_t* outlen, int outbits, const uint8_t* in, size_t inlen, int inbits, int pad) {
uint32_t val = 0;
int bits = 0;
uint32_t maxv = (((uint32_t)1) << outbits) - 1;
while (inlen--) {
val = (val << inbits) | *(in++);
bits += inbits;
while (bits >= outbits) {
bits -= outbits;
out[(*outlen)++] = (val >> bits) & maxv;
}
}
if (pad) {
if (bits) {
out[(*outlen)++] = (val << (outbits - bits)) & maxv;
}
} else if (((val << (outbits - bits)) & maxv) || bits >= inbits) {
return 0;
}
return 1;
}
int segwit_addr_encode(char *output, const char *hrp, int witver, const uint8_t *witprog, size_t witprog_len) {
uint8_t data[65];
size_t datalen = 0;
if (witver > 16) return 0;
if (witver == 0 && witprog_len != 20 && witprog_len != 32) return 0;
if (witprog_len < 2 || witprog_len > 40) return 0;
data[0] = witver;
convert_bits(data + 1, &datalen, 5, witprog, witprog_len, 8, 1);
++datalen;
return bech32_encode(output, hrp, data, datalen);
}
int segwit_addr_decode(int* witver, uint8_t* witdata, size_t* witdata_len, const char* hrp, const char* addr) {
uint8_t data[84];
char hrp_actual[84];
size_t data_len;
if (!bech32_decode(hrp_actual, data, &data_len, addr)) return 0;
if (data_len == 0 || data_len > 65) return 0;
if (strncmp(hrp, hrp_actual, 84) != 0) return 0;
if (data[0] > 16) return 0;
*witdata_len = 0;
if (!convert_bits(witdata, witdata_len, 8, data + 1, data_len - 1, 5, 0)) return 0;
if (*witdata_len < 2 || *witdata_len > 40) return 0;
if (data[0] == 0 && *witdata_len != 20 && *witdata_len != 32) return 0;
*witver = data[0];
return 1;
}

101
segwit_addr.h Normal file
View File

@ -0,0 +1,101 @@
/* Copyright (c) 2017 Pieter Wuille
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
#ifndef _SEGWIT_ADDR_H_
#define _SEGWIT_ADDR_H_ 1
#include <stdint.h>
/** Encode a SegWit address
*
* Out: output: Pointer to a buffer of size 73 + strlen(hrp) that will be
* updated to contain the null-terminated address.
* In: hrp: Pointer to the null-terminated human readable part to use
* (chain/network specific).
* ver: Version of the witness program (between 0 and 16 inclusive).
* prog: Data bytes for the witness program (between 2 and 40 bytes).
* prog_len: Number of data bytes in prog.
* Returns 1 if successful.
*/
int segwit_addr_encode(
char *output,
const char *hrp,
int ver,
const uint8_t *prog,
size_t prog_len
);
/** Decode a SegWit address
*
* Out: ver: Pointer to an int that will be updated to contain the witness
* program version (between 0 and 16 inclusive).
* prog: Pointer to a buffer of size 40 that will be updated to
* contain the witness program bytes.
* prog_len: Pointer to a size_t that will be updated to contain the length
* of bytes in prog.
* hrp: Pointer to the null-terminated human readable part that is
* expected (chain/network specific).
* addr: Pointer to the null-terminated address.
* Returns 1 if successful.
*/
int segwit_addr_decode(
int* ver,
uint8_t* prog,
size_t* prog_len,
const char* hrp,
const char* addr
);
/** Encode a Bech32 string
*
* Out: output: Pointer to a buffer of size strlen(hrp) + data_len + 8 that
* will be updated to contain the null-terminated Bech32 string.
* In: hrp : Pointer to the null-terminated human readable part.
* data : Pointer to an array of 5-bit values.
* data_len: Length of the data array.
* Returns 1 if successful.
*/
int bech32_encode(
char *output,
const char *hrp,
const uint8_t *data,
size_t data_len
);
/** Decode a Bech32 string
*
* Out: hrp: Pointer to a buffer of size strlen(input) - 6. Will be
* updated to contain the null-terminated human readable part.
* data: Pointer to a buffer of size strlen(input) - 8 that will
* hold the encoded 5-bit data values.
* data_len: Pointer to a size_t that will be updated to be the number
* of entries in data.
* In: input: Pointer to a null-terminated Bech32 string.
* Returns 1 if succesful.
*/
int bech32_decode(
char *hrp,
uint8_t *data,
size_t *data_len,
const char *input
);
#endif

View File

@ -4053,6 +4053,8 @@ START_TEST(test_rc4_rfc6229)
}
END_TEST
#include "test_segwit.c"
// define test suite and cases
Suite *test_suite(void)
{
@ -4266,6 +4268,10 @@ Suite *test_suite(void)
tcase_add_test(tc, test_rc4_rfc6229);
suite_add_tcase(s, tc);
tc = tcase_create("segwit");
tcase_add_test(tc, test_segwit);
suite_add_tcase(s, tc);
return s;
}

190
test_segwit.c Normal file
View File

@ -0,0 +1,190 @@
#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include <check.h>
#include "segwit_addr.h"
static const char* valid_checksum[] = {
"A12UEL5L",
"an83characterlonghumanreadablepartthatcontainsthenumber1andtheexcludedcharactersbio1tt5tgs",
"abcdef1qpzry9x8gf2tvdw0s3jn54khce6mua7lmqqqxw",
"11qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqc8247j",
"split1checkupstagehandshakeupstreamerranterredcaperred2y9e3w",
};
static const char* invalid_checksum[] = {
" 1nwldj5",
"\x7f""1axkwrx",
"an84characterslonghumanreadablepartthatcontainsthenumber1andtheexcludedcharactersbio1569pvx",
"pzry9x0s0muk",
"1pzry9x0s0muk",
"x1b4n0q5v",
"li1dgmt3",
"de1lg7wt\xff",
};
struct valid_address_data {
const char* address;
size_t scriptPubKeyLen;
const uint8_t scriptPubKey[42];
};
struct invalid_address_data {
const char* hrp;
int version;
size_t program_length;
};
static struct valid_address_data valid_address[] = {
{
"BC1QW508D6QEJXTDG4Y5R3ZARVARY0C5XW7KV8F3T4",
22, {
0x00, 0x14, 0x75, 0x1e, 0x76, 0xe8, 0x19, 0x91, 0x96, 0xd4, 0x54,
0x94, 0x1c, 0x45, 0xd1, 0xb3, 0xa3, 0x23, 0xf1, 0x43, 0x3b, 0xd6
}
},
{
"tb1qrp33g0q5c5txsp9arysrx4k6zdkfs4nce4xj0gdcccefvpysxf3q0sl5k7",
34, {
0x00, 0x20, 0x18, 0x63, 0x14, 0x3c, 0x14, 0xc5, 0x16, 0x68, 0x04,
0xbd, 0x19, 0x20, 0x33, 0x56, 0xda, 0x13, 0x6c, 0x98, 0x56, 0x78,
0xcd, 0x4d, 0x27, 0xa1, 0xb8, 0xc6, 0x32, 0x96, 0x04, 0x90, 0x32,
0x62
}
},
{
"bc1pw508d6qejxtdg4y5r3zarvary0c5xw7kw508d6qejxtdg4y5r3zarvary0c5xw7k7grplx",
42, {
0x51, 0x28, 0x75, 0x1e, 0x76, 0xe8, 0x19, 0x91, 0x96, 0xd4, 0x54,
0x94, 0x1c, 0x45, 0xd1, 0xb3, 0xa3, 0x23, 0xf1, 0x43, 0x3b, 0xd6,
0x75, 0x1e, 0x76, 0xe8, 0x19, 0x91, 0x96, 0xd4, 0x54, 0x94, 0x1c,
0x45, 0xd1, 0xb3, 0xa3, 0x23, 0xf1, 0x43, 0x3b, 0xd6
}
},
{
"BC1SW50QA3JX3S",
4, {
0x60, 0x02, 0x75, 0x1e
}
},
{
"bc1zw508d6qejxtdg4y5r3zarvaryvg6kdaj",
18, {
0x52, 0x10, 0x75, 0x1e, 0x76, 0xe8, 0x19, 0x91, 0x96, 0xd4, 0x54,
0x94, 0x1c, 0x45, 0xd1, 0xb3, 0xa3, 0x23
}
},
{
"tb1qqqqqp399et2xygdj5xreqhjjvcmzhxw4aywxecjdzew6hylgvsesrxh6hy",
34, {
0x00, 0x20, 0x00, 0x00, 0x00, 0xc4, 0xa5, 0xca, 0xd4, 0x62, 0x21,
0xb2, 0xa1, 0x87, 0x90, 0x5e, 0x52, 0x66, 0x36, 0x2b, 0x99, 0xd5,
0xe9, 0x1c, 0x6c, 0xe2, 0x4d, 0x16, 0x5d, 0xab, 0x93, 0xe8, 0x64,
0x33
}
}
};
static const char* invalid_address[] = {
"tc1qw508d6qejxtdg4y5r3zarvary0c5xw7kg3g4ty",
"bc1qw508d6qejxtdg4y5r3zarvary0c5xw7kv8f3t5",
"BC13W508D6QEJXTDG4Y5R3ZARVARY0C5XW7KN40WF2",
"bc1rw5uspcuh",
"bc10w508d6qejxtdg4y5r3zarvary0c5xw7kw508d6qejxtdg4y5r3zarvary0c5xw7kw5rljs90",
"BC1QR508D6QEJXTDG4Y5R3ZARVARYV98GJ9P",
"tb1qrp33g0q5c5txsp9arysrx4k6zdkfs4nce4xj0gdcccefvpysxf3q0sL5k7",
"bc1zw508d6qejxtdg4y5r3zarvaryvqyzf3du",
"tb1qrp33g0q5c5txsp9arysrx4k6zdkfs4nce4xj0gdcccefvpysxf3pjxtptv",
"bc1gmk9yu",
};
static struct invalid_address_data invalid_address_enc[] = {
{"BC", 0, 20},
{"bc", 0, 21},
{"bc", 17, 32},
{"bc", 1, 1},
{"bc", 16, 41},
};
static void segwit_scriptpubkey(uint8_t* scriptpubkey, size_t* scriptpubkeylen, int witver, const uint8_t* witprog, size_t witprog_len) {
scriptpubkey[0] = witver ? (0x50 + witver) : 0;
scriptpubkey[1] = witprog_len;
memcpy(scriptpubkey + 2, witprog, witprog_len);
*scriptpubkeylen = witprog_len + 2;
}
int my_strncasecmp(const char *s1, const char *s2, size_t n) {
size_t i = 0;
while (i < n) {
char c1 = s1[i];
char c2 = s2[i];
if (c1 >= 'A' && c1 <= 'Z') c1 = (c1 - 'A') + 'a';
if (c2 >= 'A' && c2 <= 'Z') c2 = (c2 - 'A') + 'a';
if (c1 < c2) return -1;
if (c1 > c2) return 1;
if (c1 == 0) return 0;
++i;
}
return 0;
}
START_TEST(test_segwit)
{
size_t i;
for (i = 0; i < sizeof(valid_checksum) / sizeof(valid_checksum[0]); ++i) {
uint8_t data[82];
char rebuild[92];
char hrp[84];
size_t data_len;
int res = bech32_decode(hrp, data, &data_len, valid_checksum[i]);
ck_assert_int_eq(res, 1);
res = bech32_encode(rebuild, hrp, data, data_len);
ck_assert_int_eq(res, 1);
ck_assert_int_eq(my_strncasecmp(rebuild, valid_checksum[i], 92), 0);
}
for (i = 0; i < sizeof(invalid_checksum) / sizeof(invalid_checksum[0]); ++i) {
uint8_t data[82];
char hrp[84];
size_t data_len;
int res = bech32_decode(hrp, data, &data_len, invalid_checksum[i]);
ck_assert_int_eq(res, 0);
}
for (i = 0; i < sizeof(valid_address) / sizeof(valid_address[0]); ++i) {
uint8_t witprog[40];
size_t witprog_len;
int witver;
const char* hrp = "bc";
uint8_t scriptpubkey[42];
size_t scriptpubkey_len;
char rebuild[93];
int ret = segwit_addr_decode(&witver, witprog, &witprog_len, hrp, valid_address[i].address);
if (!ret) {
hrp = "tb";
ret = segwit_addr_decode(&witver, witprog, &witprog_len, hrp, valid_address[i].address);
}
ck_assert_int_eq(ret, 1);
segwit_scriptpubkey(scriptpubkey, &scriptpubkey_len, witver, witprog, witprog_len);
ck_assert_int_eq(scriptpubkey_len, valid_address[i].scriptPubKeyLen);
ck_assert_int_eq(memcmp(scriptpubkey, valid_address[i].scriptPubKey, scriptpubkey_len), 0);
ck_assert_int_eq(segwit_addr_encode(rebuild, hrp, witver, witprog, witprog_len), 1);
ck_assert_int_eq(my_strncasecmp(valid_address[i].address, rebuild, 93), 0);
}
for (i = 0; i < sizeof(invalid_address) / sizeof(invalid_address[0]); ++i) {
uint8_t witprog[40];
size_t witprog_len;
int witver;
int ret = segwit_addr_decode(&witver, witprog, &witprog_len, "bc", invalid_address[i]);
ck_assert_int_eq(ret, 0);
ret = segwit_addr_decode(&witver, witprog, &witprog_len, "tb", invalid_address[i]);
ck_assert_int_eq(ret, 0);
}
for (i = 0; i < sizeof(invalid_address_enc) / sizeof(invalid_address_enc[0]); ++i) {
char rebuild[93];
static const uint8_t program[42] = {0};
int ret = segwit_addr_encode(rebuild, invalid_address_enc[i].hrp, invalid_address_enc[i].version, program, invalid_address_enc[i].program_length);
ck_assert_int_eq(ret, 0);
}
}
END_TEST