1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-21 15:08:12 +00:00
trezor-firmware/crypto/monero/base58.c
2022-09-30 13:47:06 +02:00

290 lines
8.3 KiB
C

// Copyright (c) 2014-2018, The Monero Project
//
// All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are met:
//
// 1. Redistributions of source code must retain the above copyright notice,
// this list of conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright notice,
// this list of conditions and the following disclaimer in the documentation
// and/or other materials provided with the distribution.
//
// 3. Neither the name of the copyright holder nor the names of its contributors
// may be used to endorse or promote products derived from this software
// without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
// POSSIBILITY OF SUCH DAMAGE.
//
// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote
// developers
#include "base58.h"
#include <assert.h>
#include <stdbool.h>
#include <string.h>
#include <sys/types.h>
#include "../base58.h"
#include "../byte_order.h"
#include "int-util.h"
#include "sha2.h"
const size_t alphabet_size = 58; // sizeof(b58digits_ordered) - 1;
const size_t full_encoded_block_size = 11;
const size_t encoded_block_sizes[] = {
0, 2, 3, 5, 6, 7, 9, 10, full_encoded_block_size};
const size_t full_block_size =
sizeof(encoded_block_sizes) / sizeof(encoded_block_sizes[0]) - 1;
const size_t addr_checksum_size = 4;
const size_t max_bin_data_size = 72;
const int decoded_block_sizes[] = {0, -1, 1, 2, -1, 3, 4, 5, -1, 6, 7, 8};
#define reverse_alphabet(letter) ((int8_t)b58digits_map[(int)letter])
uint64_t uint_8be_to_64(const uint8_t *data, size_t size) {
assert(1 <= size && size <= sizeof(uint64_t));
uint64_t res = 0;
switch (9 - size) {
case 1:
res |= *data++; /* FALLTHRU */
case 2:
res <<= 8;
res |= *data++; /* FALLTHRU */
case 3:
res <<= 8;
res |= *data++; /* FALLTHRU */
case 4:
res <<= 8;
res |= *data++; /* FALLTHRU */
case 5:
res <<= 8;
res |= *data++; /* FALLTHRU */
case 6:
res <<= 8;
res |= *data++; /* FALLTHRU */
case 7:
res <<= 8;
res |= *data++; /* FALLTHRU */
case 8:
res <<= 8;
res |= *data;
break;
default:
assert(false);
}
return res;
}
void uint_64_to_8be(uint64_t num, size_t size, uint8_t *data) {
assert(1 <= size && size <= sizeof(uint64_t));
#if BYTE_ORDER == LITTLE_ENDIAN
uint64_t num_be = SWAP64(num);
#else
uint64_t num_be = num;
#endif
memcpy(data, (uint8_t *)(&num_be) + sizeof(uint64_t) - size, size);
}
void encode_block(const char *block, size_t size, char *res) {
assert(1 <= size && size <= full_block_size);
uint64_t num = uint_8be_to_64((uint8_t *)(block), size);
int i = ((int)(encoded_block_sizes[size])) - 1;
while (0 <= i) {
uint64_t remainder = num % alphabet_size;
num /= alphabet_size;
res[i] = b58digits_ordered[remainder];
--i;
}
}
bool decode_block(const char *block, size_t size, char *res) {
assert(1 <= size && size <= full_encoded_block_size);
int res_size = decoded_block_sizes[size];
if (res_size <= 0) {
return false; // Invalid block size
}
uint64_t res_num = 0;
uint64_t order = 1;
for (size_t i = size - 1; i < size; --i) {
if (block[i] & 0x80) {
return false; // Invalid symbol
}
int digit = reverse_alphabet(block[i]);
if (digit < 0) {
return false; // Invalid symbol
}
uint64_t product_hi = 0;
uint64_t tmp = res_num + mul128(order, (uint64_t)digit, &product_hi);
if (tmp < res_num || 0 != product_hi) {
return false; // Overflow
}
res_num = tmp;
// The original code comment for the order multiplication says
// "Never overflows, 58^10 < 2^64"
// This is incorrect since it overflows on the 11th iteration
// However, there is no negative impact since the result is unused
order *= alphabet_size;
}
if ((size_t)res_size < full_block_size &&
(UINT64_C(1) << (8 * res_size)) <= res_num)
return false; // Overflow
uint_64_to_8be(res_num, res_size, (uint8_t *)(res));
return true;
}
bool xmr_base58_encode(char *b58, size_t *b58sz, const void *data,
size_t binsz) {
if (binsz == 0) {
if (b58sz) {
*b58sz = 0;
}
return true;
}
const char *data_bin = data;
size_t full_block_count = binsz / full_block_size;
size_t last_block_size = binsz % full_block_size;
size_t res_size = full_block_count * full_encoded_block_size +
encoded_block_sizes[last_block_size];
if (b58sz) {
if (res_size > *b58sz) {
return false;
}
*b58sz = res_size;
}
for (size_t i = 0; i < full_block_count; ++i) {
encode_block(data_bin + i * full_block_size, full_block_size,
b58 + i * full_encoded_block_size);
}
if (0 < last_block_size) {
encode_block(data_bin + full_block_count * full_block_size, last_block_size,
b58 + full_block_count * full_encoded_block_size);
}
return true;
}
bool xmr_base58_decode(const char *b58, size_t b58sz, void *data,
size_t *binsz) {
if (b58sz == 0) {
*binsz = 0;
return true;
}
size_t full_block_count = b58sz / full_encoded_block_size;
size_t last_block_size = b58sz % full_encoded_block_size;
int last_block_decoded_size = decoded_block_sizes[last_block_size];
if (last_block_decoded_size < 0) {
*binsz = 0;
return false; // Invalid enc length
}
size_t data_size =
full_block_count * full_block_size + last_block_decoded_size;
if (*binsz < data_size) {
*binsz = 0;
return false;
}
char *data_bin = data;
for (size_t i = 0; i < full_block_count; ++i) {
if (!decode_block(b58 + i * full_encoded_block_size,
full_encoded_block_size,
data_bin + i * full_block_size)) {
*binsz = 0;
return false;
}
}
if (0 < last_block_size) {
if (!decode_block(b58 + full_block_count * full_encoded_block_size,
last_block_size,
data_bin + full_block_count * full_block_size)) {
*binsz = 0;
return false;
}
}
*binsz = data_size;
return true;
}
int xmr_base58_addr_encode_check(uint64_t tag, const uint8_t *data,
size_t binsz, char *b58, size_t b58sz) {
if (binsz > max_bin_data_size || tag > 127) { // tag varint
return false;
}
size_t b58size = b58sz;
uint8_t buf[(binsz + 1) + HASHER_DIGEST_LENGTH];
memset(buf, 0, sizeof(buf));
uint8_t *hash = buf + binsz + 1;
buf[0] = (uint8_t)tag;
memcpy(buf + 1, data, binsz);
hasher_Raw(HASHER_SHA3K, buf, binsz + 1, hash);
bool r =
xmr_base58_encode(b58, &b58size, buf, binsz + 1 + addr_checksum_size);
return (int)(!r ? 0 : b58size);
}
int xmr_base58_addr_decode_check(const char *addr, size_t sz, uint64_t *tag,
void *data, size_t datalen) {
size_t buflen = 1 + max_bin_data_size + addr_checksum_size;
uint8_t buf[buflen];
memset(buf, 0, sizeof(buf));
uint8_t hash[HASHER_DIGEST_LENGTH] = {0};
if (!xmr_base58_decode(addr, sz, buf, &buflen)) {
return 0;
}
if (buflen <= addr_checksum_size + 1) {
return 0;
}
size_t res_size = buflen - addr_checksum_size - 1;
if (datalen < res_size) {
return 0;
}
hasher_Raw(HASHER_SHA3K, buf, buflen - addr_checksum_size, hash);
if (memcmp(hash, buf + buflen - addr_checksum_size, addr_checksum_size) !=
0) {
return 0;
}
*tag = buf[0];
if (*tag > 127) {
return false; // varint
}
memcpy(data, buf + 1, res_size);
return (int)res_size;
}