chore(core): Use C implementation of Bech32 decode.

2025-07-26 08:29:26 +00:00 · 2022-09-09 22:11:58 +02:00 · 2022-09-09 22:11:58 +02:00 · d815a7d6de
commit d815a7d6de
parent cc054050a5
11 changed files with 118 additions and 51 deletions
--- a/core/SConscript.firmware
+++ b/core/SConscript.firmware
@ -117,6 +117,7 @@ SOURCE_MOD += [
    'vendor/trezor-crypto/rfc6979.c',
    'vendor/trezor-crypto/ripemd160.c',
    'vendor/trezor-crypto/secp256k1.c',
    'vendor/trezor-crypto/segwit_addr.c',
    'vendor/trezor-crypto/sha2.c',
    'vendor/trezor-crypto/sha3.c',
    'vendor/trezor-crypto/shamir.c',
--- a/core/SConscript.unix
+++ b/core/SConscript.unix
@ -116,6 +116,7 @@ SOURCE_MOD += [
    'vendor/trezor-crypto/rfc6979.c',
    'vendor/trezor-crypto/ripemd160.c',
    'vendor/trezor-crypto/secp256k1.c',
    'vendor/trezor-crypto/segwit_addr.c',
    'vendor/trezor-crypto/sha2.c',
    'vendor/trezor-crypto/sha3.c',
    'vendor/trezor-crypto/shamir.c',
--- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-bech32.h
+++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-bech32.h
@ -0,0 +1,84 @@
 /*
 * This file is part of the Trezor project, https://trezor.io/
 *
 * Copyright (c) SatoshiLabs
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 #include "embed/extmod/trezorobj.h"
 #include "py/objstr.h"
 #include "segwit_addr.h"
 /// package: trezorcrypto.bech32
 /// def decode(
 ///     bech: str,
 ///     max_bech_len: int = 90,
 /// ) -> tuple[str, list[int], Encoding]:
 ///     """
 ///     Decode a Bech32 or Bech32m string
 ///     """
 STATIC mp_obj_t mod_trezorcrypto_bech32_decode(size_t n_args,
                                               const mp_obj_t *args) {
  mp_buffer_info_t bech = {0};
  mp_get_buffer_raise(args[0], &bech, MP_BUFFER_READ);
  uint32_t max_bech_len = 90;
  if (n_args > 1) {
    max_bech_len = trezor_obj_get_uint(args[1]);
  }
  if (bech.len > max_bech_len) {
    mp_raise_ValueError(NULL);
  }
  uint8_t data[bech.len - 8];
  char hrp[BECH32_MAX_HRP_LEN + 1] = {0};
  size_t data_len = 0;
  bech32_encoding enc = bech32_decode(hrp, data, &data_len, bech.buf);
  if (enc == BECH32_ENCODING_NONE) {
    mp_raise_ValueError(NULL);
  }
  mp_obj_list_t *data_list = MP_OBJ_TO_PTR(mp_obj_new_list(data_len, NULL));
  for (size_t i = 0; i < data_len; ++i) {
    data_list->items[i] = mp_obj_new_int_from_uint(data[i]);
  }
  mp_obj_tuple_t *tuple = MP_OBJ_TO_PTR(mp_obj_new_tuple(3, NULL));
  tuple->items[0] = mp_obj_new_str(hrp, strlen(hrp));
  tuple->items[1] = data_list;
  tuple->items[2] = MP_OBJ_NEW_SMALL_INT(enc);
  return MP_OBJ_FROM_PTR(tuple);
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_bech32_decode_obj,
                                           1, 2,
                                           mod_trezorcrypto_bech32_decode);
 STATIC const mp_rom_map_elem_t mod_trezorcrypto_bech32_globals_table[] = {
    {MP_ROM_QSTR(MP_QSTR___name__), MP_ROM_QSTR(MP_QSTR_bech32)},
    {MP_ROM_QSTR(MP_QSTR_decode),
     MP_ROM_PTR(&mod_trezorcrypto_bech32_decode_obj)},
    {MP_ROM_QSTR(MP_QSTR_BECH32), MP_ROM_INT(BECH32_ENCODING_BECH32)},
    {MP_ROM_QSTR(MP_QSTR_BECH32M), MP_ROM_INT(BECH32_ENCODING_BECH32M)}};
 STATIC MP_DEFINE_CONST_DICT(mod_trezorcrypto_bech32_globals,
                            mod_trezorcrypto_bech32_globals_table);
 STATIC const mp_obj_module_t mod_trezorcrypto_bech32_module = {
    .base = {&mp_type_module},
    .globals = (mp_obj_dict_t *)&mod_trezorcrypto_bech32_globals,
 };
--- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto.c
+++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto.c
@ -37,6 +37,7 @@ static void wrapped_ui_wait_callback(uint32_t current, uint32_t total) {
 }
 #include "modtrezorcrypto-aes.h"
 #include "modtrezorcrypto-bech32.h"
 #include "modtrezorcrypto-bip32.h"
 #ifdef USE_SECP256K1_ZKP
 #include "modtrezorcrypto-bip340.h"
@ -72,6 +73,7 @@ static void wrapped_ui_wait_callback(uint32_t current, uint32_t total) {
 STATIC const mp_rom_map_elem_t mp_module_trezorcrypto_globals_table[] = {
    {MP_ROM_QSTR(MP_QSTR___name__), MP_ROM_QSTR(MP_QSTR_trezorcrypto)},
    {MP_ROM_QSTR(MP_QSTR_aes), MP_ROM_PTR(&mod_trezorcrypto_AES_type)},
    {MP_ROM_QSTR(MP_QSTR_bech32), MP_ROM_PTR(&mod_trezorcrypto_bech32_module)},
    {MP_ROM_QSTR(MP_QSTR_bip32), MP_ROM_PTR(&mod_trezorcrypto_bip32_module)},
    {MP_ROM_QSTR(MP_QSTR_bip39), MP_ROM_PTR(&mod_trezorcrypto_bip39_module)},
    {MP_ROM_QSTR(MP_QSTR_blake256),
--- a/core/mocks/generated/trezorcrypto/bech32.pyi
+++ b/core/mocks/generated/trezorcrypto/bech32.pyi
@ -0,0 +1,11 @@
 from typing import *
 # extmod/modtrezorcrypto/modtrezorcrypto-bech32.h
 def decode(
    bech: str,
    max_bech_len: int = 90,
 ) -> tuple[str, list[int], Encoding]:
    """
    Decode a Bech32 or Bech32m string
    """
--- a/core/src/apps/cardano/helpers/bech32.py
+++ b/core/src/apps/cardano/helpers/bech32.py
@ -35,8 +35,6 @@ def get_hrp(bech: str) -> str:
 def decode(hrp: str, bech: str) -> bytes:
    decoded_hrp, data, spec = bech32.bech32_decode(bech, 130)
    if data is None:
        raise ValueError
    if decoded_hrp != hrp:
        raise ValueError
    if spec != bech32.Encoding.BECH32:
--- a/core/src/apps/zcash/unified_addresses.py
+++ b/core/src/apps/zcash/unified_addresses.py
@ -83,8 +83,9 @@ def encode(receivers: dict[Typecode, bytes], coin: CoinInfo) -> str:
 def decode(addr_str: str, coin: CoinInfo) -> dict[int, bytes]:
-    (hrp, data, encoding) = bech32_decode(addr_str, max_bech_len=1000)
+    try:
-    if (hrp, data, encoding) == (None, None, None):
+        hrp, data, encoding = bech32_decode(addr_str, 1000)
    except ValueError:
        raise DataError("Bech32m decoding failed.")
    assert hrp is not None  # to satisfy typecheckers
    assert data is not None  # to satisfy typecheckers
--- a/core/src/trezor/crypto/bech32.py
+++ b/core/src/trezor/crypto/bech32.py
@ -20,8 +20,12 @@
 """Reference implementation for Bech32/Bech32m and segwit addresses."""
 from trezorcrypto import bech32
 from typing import TYPE_CHECKING
 bech32_decode = bech32.decode
 if TYPE_CHECKING:
    from enum import IntEnum
    from typing import Sequence, TypeVar
@ -32,7 +36,6 @@ if TYPE_CHECKING:
    # usage: OptionalTuple[int, list[int]] is either (None, None) or (someint, somelist)
    # but not (None, somelist)
    OptionalTuple2 = tuple[None, None] | tuple[A, B]
    OptionalTuple3 = tuple[None, None, None] | tuple[A, B, C]
 else:
    IntEnum = object
@ -65,16 +68,6 @@ def bech32_hrp_expand(hrp: str) -> list[int]:
    return [ord(x) >> 5 for x in hrp] + [0] + [ord(x) & 31 for x in hrp]
 def bech32_verify_checksum(hrp: str, data: list[int]) -> Encoding | None:
    """Verify a checksum given HRP and converted data characters."""
    const = bech32_polymod(bech32_hrp_expand(hrp) + data)
    if const == 1:
        return Encoding.BECH32
    if const == BECH32M_CONST:
        return Encoding.BECH32M
    return None
 def bech32_create_checksum(hrp: str, data: list[int], spec: Encoding) -> list[int]:
    """Compute the checksum values given HRP and data."""
    values = bech32_hrp_expand(hrp) + data
@ -89,28 +82,6 @@ def bech32_encode(hrp: str, data: list[int], spec: Encoding) -> str:
    return hrp + "1" + "".join([CHARSET[d] for d in combined])
 def bech32_decode(
    bech: str, max_bech_len: int = 90
 ) -> OptionalTuple3[str, list[int], Encoding]:
    """Validate a Bech32/Bech32m string, and determine HRP and data."""
    if (any(ord(x) < 33 or ord(x) > 126 for x in bech)) or (
        bech.lower() != bech and bech.upper() != bech
    ):
        return (None, None, None)
    bech = bech.lower()
    pos = bech.rfind("1")
    if pos < 1 or pos + 7 > len(bech) or len(bech) > max_bech_len:
        return (None, None, None)
    if not all(x in CHARSET for x in bech[pos + 1 :]):
        return (None, None, None)
    hrp = bech[:pos]
    data = [CHARSET.find(x) for x in bech[pos + 1 :]]
    spec = bech32_verify_checksum(hrp, data)
    if spec is None:
        return (None, None, None)
    return (hrp, data[:-6], spec)
 def convertbits(
    data: Sequence[int], frombits: int, tobits: int, arbitrary_input: bool = True
 ) -> list[int]:
@ -156,17 +127,13 @@ def convertbits(
 def decode(hrp: str, addr: str) -> OptionalTuple2[int, bytes]:
    """Decode a segwit address."""
    hrpgot, data, spec = bech32_decode(addr)
    # the following two lines are strictly not required
    # but they make typecheckers happy
    if data is None:
        return (None, None)
    if hrpgot != hrp:
        return (None, None)
    try:
        hrpgot, data, spec = bech32_decode(addr)
        decoded = bytes(convertbits(data[1:], 5, 8, False))
    except ValueError:
        return (None, None)
    if hrpgot != hrp:
        return (None, None)
    if not 2 <= len(decoded) <= 40:
        return (None, None)
    if data[0] > 16:
--- a/core/tests/test_trezor.crypto.bech32.py
+++ b/core/tests/test_trezor.crypto.bech32.py
@ -153,10 +153,8 @@ class TestCryptoBech32(unittest.TestCase):
    def test_invalid_checksum(self):
        """Test validation of invalid checksums."""
        for test in INVALID_CHECKSUM:
-            hrp, data, spec = bech32.bech32_decode(test)
+            with self.assertRaises(ValueError):
-            self.assertIsNone(hrp)
+                bech32.bech32_decode(test)
            self.assertIsNone(data)
            self.assertIsNone(spec)
    def test_valid_address(self):
        """Test whether valid addresses decode to the correct output."""
--- a/crypto/segwit_addr.c
+++ b/crypto/segwit_addr.c
@ -95,7 +95,7 @@ bech32_encoding bech32_decode(char* hrp, uint8_t *data, size_t *data_len, const
    size_t input_len = strlen(input);
    size_t hrp_len = 0;
    int have_lower = 0, have_upper = 0;
-    if (input_len < 8 || input_len > 90) {
+    if (input_len < 8) {
        return BECH32_ENCODING_NONE;
    }
    *data_len = 0;
@ -103,7 +103,7 @@ bech32_encoding bech32_decode(char* hrp, uint8_t *data, size_t *data_len, const
        ++(*data_len);
    }
    hrp_len = input_len - (1 + *data_len);
-    if (1 + *data_len >= input_len || *data_len < 6) {
+    if (1 + *data_len >= input_len || *data_len < 6 || hrp_len > BECH32_MAX_HRP_LEN) {
        return BECH32_ENCODING_NONE;
    }
    *(data_len) -= 6;
@ -192,6 +192,7 @@ int segwit_addr_decode(int* witver, uint8_t* witdata, size_t* witdata_len, const
    uint8_t data[84] = {0};
    char hrp_actual[84] = {0};
    size_t data_len = 0;
    if (strlen(addr) > 90) return 0;
    bech32_encoding enc = bech32_decode(hrp_actual, data, &data_len, addr);
    if (enc == BECH32_ENCODING_NONE) return 0;
    if (data_len == 0 || data_len > 65) return 0;
--- a/crypto/segwit_addr.h
+++ b/crypto/segwit_addr.h
@ -24,6 +24,9 @@
 #include <stdint.h>
 // The maximum length of the Bech32 human-readable part according to BIP-173.
 #define BECH32_MAX_HRP_LEN 83
 /** Encode a SegWit address
 *
@ -92,7 +95,7 @@ int bech32_encode(
 /** Decode a Bech32 or Bech32m string
 *
- *  Out: hrp:      Pointer to a buffer of size strlen(input) - 6. Will be
+ *  Out: hrp:      Pointer to a buffer of size BECH32_MAX_HRP_LEN + 1. Will be
 *                 updated to contain the null-terminated human readable part.
 *       data:     Pointer to a buffer of size strlen(input) - 8 that will
 *                 hold the encoded 5-bit data values.