mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-24 16:38:15 +00:00
290 lines
8.3 KiB
C
290 lines
8.3 KiB
C
// Copyright (c) 2014-2018, The Monero Project
|
|
//
|
|
// All rights reserved.
|
|
//
|
|
// Redistribution and use in source and binary forms, with or without
|
|
// modification, are permitted provided that the following conditions are met:
|
|
//
|
|
// 1. Redistributions of source code must retain the above copyright notice,
|
|
// this list of conditions and the following disclaimer.
|
|
//
|
|
// 2. Redistributions in binary form must reproduce the above copyright notice,
|
|
// this list of conditions and the following disclaimer in the documentation
|
|
// and/or other materials provided with the distribution.
|
|
//
|
|
// 3. Neither the name of the copyright holder nor the names of its contributors
|
|
// may be used to endorse or promote products derived from this software
|
|
// without specific prior written permission.
|
|
//
|
|
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
|
|
// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
// POSSIBILITY OF SUCH DAMAGE.
|
|
//
|
|
// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote
|
|
// developers
|
|
|
|
#include "base58.h"
|
|
#include <assert.h>
|
|
#include <stdbool.h>
|
|
#include <string.h>
|
|
#include <sys/types.h>
|
|
#include "../base58.h"
|
|
#include "../byte_order.h"
|
|
#include "int-util.h"
|
|
#include "sha2.h"
|
|
|
|
const size_t alphabet_size = 58; // sizeof(b58digits_ordered) - 1;
|
|
const size_t full_encoded_block_size = 11;
|
|
const size_t encoded_block_sizes[] = {
|
|
0, 2, 3, 5, 6, 7, 9, 10, full_encoded_block_size};
|
|
const size_t full_block_size =
|
|
sizeof(encoded_block_sizes) / sizeof(encoded_block_sizes[0]) - 1;
|
|
const size_t addr_checksum_size = 4;
|
|
const size_t max_bin_data_size = 72;
|
|
const int decoded_block_sizes[] = {0, -1, 1, 2, -1, 3, 4, 5, -1, 6, 7, 8};
|
|
#define reverse_alphabet(letter) ((int8_t)b58digits_map[(int)letter])
|
|
|
|
uint64_t uint_8be_to_64(const uint8_t *data, size_t size) {
|
|
assert(1 <= size && size <= sizeof(uint64_t));
|
|
|
|
uint64_t res = 0;
|
|
switch (9 - size) {
|
|
case 1:
|
|
res |= *data++; /* FALLTHRU */
|
|
case 2:
|
|
res <<= 8;
|
|
res |= *data++; /* FALLTHRU */
|
|
case 3:
|
|
res <<= 8;
|
|
res |= *data++; /* FALLTHRU */
|
|
case 4:
|
|
res <<= 8;
|
|
res |= *data++; /* FALLTHRU */
|
|
case 5:
|
|
res <<= 8;
|
|
res |= *data++; /* FALLTHRU */
|
|
case 6:
|
|
res <<= 8;
|
|
res |= *data++; /* FALLTHRU */
|
|
case 7:
|
|
res <<= 8;
|
|
res |= *data++; /* FALLTHRU */
|
|
case 8:
|
|
res <<= 8;
|
|
res |= *data;
|
|
break;
|
|
default:
|
|
assert(false);
|
|
}
|
|
|
|
return res;
|
|
}
|
|
|
|
void uint_64_to_8be(uint64_t num, size_t size, uint8_t *data) {
|
|
assert(1 <= size && size <= sizeof(uint64_t));
|
|
|
|
#if BYTE_ORDER == LITTLE_ENDIAN
|
|
uint64_t num_be = SWAP64(num);
|
|
#else
|
|
uint64_t num_be = num;
|
|
#endif
|
|
memcpy(data, (uint8_t *)(&num_be) + sizeof(uint64_t) - size, size);
|
|
}
|
|
|
|
void encode_block(const char *block, size_t size, char *res) {
|
|
assert(1 <= size && size <= full_block_size);
|
|
|
|
uint64_t num = uint_8be_to_64((uint8_t *)(block), size);
|
|
int i = ((int)(encoded_block_sizes[size])) - 1;
|
|
while (0 <= i) {
|
|
uint64_t remainder = num % alphabet_size;
|
|
num /= alphabet_size;
|
|
res[i] = b58digits_ordered[remainder];
|
|
--i;
|
|
}
|
|
}
|
|
|
|
bool decode_block(const char *block, size_t size, char *res) {
|
|
assert(1 <= size && size <= full_encoded_block_size);
|
|
|
|
int res_size = decoded_block_sizes[size];
|
|
if (res_size <= 0) {
|
|
return false; // Invalid block size
|
|
}
|
|
|
|
uint64_t res_num = 0;
|
|
uint64_t order = 1;
|
|
for (size_t i = size - 1; i < size; --i) {
|
|
if (block[i] & 0x80) {
|
|
return false; // Invalid symbol
|
|
}
|
|
int digit = reverse_alphabet(block[i]);
|
|
if (digit < 0) {
|
|
return false; // Invalid symbol
|
|
}
|
|
|
|
uint64_t product_hi = 0;
|
|
uint64_t tmp = res_num + mul128(order, (uint64_t)digit, &product_hi);
|
|
if (tmp < res_num || 0 != product_hi) {
|
|
return false; // Overflow
|
|
}
|
|
|
|
res_num = tmp;
|
|
// The original code comment for the order multiplication says
|
|
// "Never overflows, 58^10 < 2^64"
|
|
// This is incorrect since it overflows on the 11th iteration
|
|
// However, there is no negative impact since the result is unused
|
|
order *= alphabet_size;
|
|
}
|
|
|
|
if ((size_t)res_size < full_block_size &&
|
|
(UINT64_C(1) << (8 * res_size)) <= res_num)
|
|
return false; // Overflow
|
|
|
|
uint_64_to_8be(res_num, res_size, (uint8_t *)(res));
|
|
|
|
return true;
|
|
}
|
|
|
|
bool xmr_base58_encode(char *b58, size_t *b58sz, const void *data,
|
|
size_t binsz) {
|
|
if (binsz == 0) {
|
|
if (b58sz) {
|
|
*b58sz = 0;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
const char *data_bin = data;
|
|
size_t full_block_count = binsz / full_block_size;
|
|
size_t last_block_size = binsz % full_block_size;
|
|
size_t res_size = full_block_count * full_encoded_block_size +
|
|
encoded_block_sizes[last_block_size];
|
|
|
|
if (b58sz) {
|
|
if (res_size > *b58sz) {
|
|
return false;
|
|
}
|
|
*b58sz = res_size;
|
|
}
|
|
|
|
for (size_t i = 0; i < full_block_count; ++i) {
|
|
encode_block(data_bin + i * full_block_size, full_block_size,
|
|
b58 + i * full_encoded_block_size);
|
|
}
|
|
|
|
if (0 < last_block_size) {
|
|
encode_block(data_bin + full_block_count * full_block_size, last_block_size,
|
|
b58 + full_block_count * full_encoded_block_size);
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
bool xmr_base58_decode(const char *b58, size_t b58sz, void *data,
|
|
size_t *binsz) {
|
|
if (b58sz == 0) {
|
|
*binsz = 0;
|
|
return true;
|
|
}
|
|
|
|
size_t full_block_count = b58sz / full_encoded_block_size;
|
|
size_t last_block_size = b58sz % full_encoded_block_size;
|
|
int last_block_decoded_size = decoded_block_sizes[last_block_size];
|
|
if (last_block_decoded_size < 0) {
|
|
*binsz = 0;
|
|
return false; // Invalid enc length
|
|
}
|
|
|
|
size_t data_size =
|
|
full_block_count * full_block_size + last_block_decoded_size;
|
|
if (*binsz < data_size) {
|
|
*binsz = 0;
|
|
return false;
|
|
}
|
|
|
|
char *data_bin = data;
|
|
for (size_t i = 0; i < full_block_count; ++i) {
|
|
if (!decode_block(b58 + i * full_encoded_block_size,
|
|
full_encoded_block_size,
|
|
data_bin + i * full_block_size)) {
|
|
*binsz = 0;
|
|
return false;
|
|
}
|
|
}
|
|
|
|
if (0 < last_block_size) {
|
|
if (!decode_block(b58 + full_block_count * full_encoded_block_size,
|
|
last_block_size,
|
|
data_bin + full_block_count * full_block_size)) {
|
|
*binsz = 0;
|
|
return false;
|
|
}
|
|
}
|
|
|
|
*binsz = data_size;
|
|
return true;
|
|
}
|
|
|
|
int xmr_base58_addr_encode_check(uint64_t tag, const uint8_t *data,
|
|
size_t binsz, char *b58, size_t b58sz) {
|
|
if (binsz > max_bin_data_size || tag > 127) { // tag varint
|
|
return false;
|
|
}
|
|
|
|
size_t b58size = b58sz;
|
|
uint8_t buf[(binsz + 1) + HASHER_DIGEST_LENGTH];
|
|
memset(buf, 0, sizeof(buf));
|
|
uint8_t *hash = buf + binsz + 1;
|
|
buf[0] = (uint8_t)tag;
|
|
memcpy(buf + 1, data, binsz);
|
|
hasher_Raw(HASHER_SHA3K, buf, binsz + 1, hash);
|
|
|
|
bool r =
|
|
xmr_base58_encode(b58, &b58size, buf, binsz + 1 + addr_checksum_size);
|
|
return (int)(!r ? 0 : b58size);
|
|
}
|
|
|
|
int xmr_base58_addr_decode_check(const char *addr, size_t sz, uint64_t *tag,
|
|
void *data, size_t datalen) {
|
|
size_t buflen = 1 + max_bin_data_size + addr_checksum_size;
|
|
uint8_t buf[buflen];
|
|
memset(buf, 0, sizeof(buf));
|
|
uint8_t hash[HASHER_DIGEST_LENGTH] = {0};
|
|
|
|
if (!xmr_base58_decode(addr, sz, buf, &buflen)) {
|
|
return 0;
|
|
}
|
|
|
|
if (buflen <= addr_checksum_size + 1) {
|
|
return 0;
|
|
}
|
|
|
|
size_t res_size = buflen - addr_checksum_size - 1;
|
|
if (datalen < res_size) {
|
|
return 0;
|
|
}
|
|
|
|
hasher_Raw(HASHER_SHA3K, buf, buflen - addr_checksum_size, hash);
|
|
if (memcmp(hash, buf + buflen - addr_checksum_size, addr_checksum_size) !=
|
|
0) {
|
|
return 0;
|
|
}
|
|
|
|
*tag = buf[0];
|
|
if (*tag > 127) {
|
|
return false; // varint
|
|
}
|
|
|
|
memcpy(data, buf + 1, res_size);
|
|
return (int)res_size;
|
|
}
|