Branch data Line data Source code
# 1 : : // Copyright (c) 2017, 2021 Pieter Wuille
# 2 : : // Distributed under the MIT software license, see the accompanying
# 3 : : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
# 4 : :
# 5 : : #include <bech32.h>
# 6 : : #include <util/vector.h>
# 7 : :
# 8 : : #include <assert.h>
# 9 : :
# 10 : : namespace bech32
# 11 : : {
# 12 : :
# 13 : : namespace
# 14 : : {
# 15 : :
# 16 : : typedef std::vector<uint8_t> data;
# 17 : :
# 18 : : /** The Bech32 and Bech32m character set for encoding. */
# 19 : : const char* CHARSET = "qpzry9x8gf2tvdw0s3jn54khce6mua7l";
# 20 : :
# 21 : : /** The Bech32 and Bech32m character set for decoding. */
# 22 : : const int8_t CHARSET_REV[128] = {
# 23 : : -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
# 24 : : -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
# 25 : : -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
# 26 : : 15, -1, 10, 17, 21, 20, 26, 30, 7, 5, -1, -1, -1, -1, -1, -1,
# 27 : : -1, 29, -1, 24, 13, 25, 9, 8, 23, -1, 18, 22, 31, 27, 19, -1,
# 28 : : 1, 0, 3, 16, 11, 28, 12, 14, 6, 4, 2, -1, -1, -1, -1, -1,
# 29 : : -1, 29, -1, 24, 13, 25, 9, 8, 23, -1, 18, 22, 31, 27, 19, -1,
# 30 : : 1, 0, 3, 16, 11, 28, 12, 14, 6, 4, 2, -1, -1, -1, -1, -1
# 31 : : };
# 32 : :
# 33 : : /* Determine the final constant to use for the specified encoding. */
# 34 : 86360 : uint32_t EncodingConstant(Encoding encoding) {
# 35 : 86360 : assert(encoding == Encoding::BECH32 || encoding == Encoding::BECH32M);
# 36 [ + + ]: 86360 : return encoding == Encoding::BECH32 ? 1 : 0x2bc830a3;
# 37 : 86360 : }
# 38 : :
# 39 : : /** This function will compute what 6 5-bit values to XOR into the last 6 input values, in order to
# 40 : : * make the checksum 0. These 6 values are packed together in a single 30-bit integer. The higher
# 41 : : * bits correspond to earlier values. */
# 42 : : uint32_t PolyMod(const data& v)
# 43 : 86066 : {
# 44 : : // The input is interpreted as a list of coefficients of a polynomial over F = GF(32), with an
# 45 : : // implicit 1 in front. If the input is [v0,v1,v2,v3,v4], that polynomial is v(x) =
# 46 : : // 1*x^5 + v0*x^4 + v1*x^3 + v2*x^2 + v3*x + v4. The implicit 1 guarantees that
# 47 : : // [v0,v1,v2,...] has a distinct checksum from [0,v0,v1,v2,...].
# 48 : :
# 49 : : // The output is a 30-bit integer whose 5-bit groups are the coefficients of the remainder of
# 50 : : // v(x) mod g(x), where g(x) is the Bech32 generator,
# 51 : : // x^6 + {29}x^5 + {22}x^4 + {20}x^3 + {21}x^2 + {29}x + {18}. g(x) is chosen in such a way
# 52 : : // that the resulting code is a BCH code, guaranteeing detection of up to 3 errors within a
# 53 : : // window of 1023 characters. Among the various possible BCH codes, one was selected to in
# 54 : : // fact guarantee detection of up to 4 errors within a window of 89 characters.
# 55 : :
# 56 : : // Note that the coefficients are elements of GF(32), here represented as decimal numbers
# 57 : : // between {}. In this finite field, addition is just XOR of the corresponding numbers. For
# 58 : : // example, {27} + {13} = {27 ^ 13} = {22}. Multiplication is more complicated, and requires
# 59 : : // treating the bits of values themselves as coefficients of a polynomial over a smaller field,
# 60 : : // GF(2), and multiplying those polynomials mod a^5 + a^3 + 1. For example, {5} * {26} =
# 61 : : // (a^2 + 1) * (a^4 + a^3 + a) = (a^4 + a^3 + a) * a^2 + (a^4 + a^3 + a) = a^6 + a^5 + a^4 + a
# 62 : : // = a^3 + 1 (mod a^5 + a^3 + 1) = {9}.
# 63 : :
# 64 : : // During the course of the loop below, `c` contains the bitpacked coefficients of the
# 65 : : // polynomial constructed from just the values of v that were processed so far, mod g(x). In
# 66 : : // the above example, `c` initially corresponds to 1 mod g(x), and after processing 2 inputs of
# 67 : : // v, it corresponds to x^2 + v0*x + v1 mod g(x). As 1 mod g(x) = 1, that is the starting value
# 68 : : // for `c`.
# 69 : 86066 : uint32_t c = 1;
# 70 [ + + ]: 4163879 : for (const auto v_i : v) {
# 71 : : // We want to update `c` to correspond to a polynomial with one extra term. If the initial
# 72 : : // value of `c` consists of the coefficients of c(x) = f(x) mod g(x), we modify it to
# 73 : : // correspond to c'(x) = (f(x) * x + v_i) mod g(x), where v_i is the next input to
# 74 : : // process. Simplifying:
# 75 : : // c'(x) = (f(x) * x + v_i) mod g(x)
# 76 : : // ((f(x) mod g(x)) * x + v_i) mod g(x)
# 77 : : // (c(x) * x + v_i) mod g(x)
# 78 : : // If c(x) = c0*x^5 + c1*x^4 + c2*x^3 + c3*x^2 + c4*x + c5, we want to compute
# 79 : : // c'(x) = (c0*x^5 + c1*x^4 + c2*x^3 + c3*x^2 + c4*x + c5) * x + v_i mod g(x)
# 80 : : // = c0*x^6 + c1*x^5 + c2*x^4 + c3*x^3 + c4*x^2 + c5*x + v_i mod g(x)
# 81 : : // = c0*(x^6 mod g(x)) + c1*x^5 + c2*x^4 + c3*x^3 + c4*x^2 + c5*x + v_i
# 82 : : // If we call (x^6 mod g(x)) = k(x), this can be written as
# 83 : : // c'(x) = (c1*x^5 + c2*x^4 + c3*x^3 + c4*x^2 + c5*x + v_i) + c0*k(x)
# 84 : :
# 85 : : // First, determine the value of c0:
# 86 : 4163879 : uint8_t c0 = c >> 25;
# 87 : :
# 88 : : // Then compute c1*x^5 + c2*x^4 + c3*x^3 + c4*x^2 + c5*x + v_i:
# 89 : 4163879 : c = ((c & 0x1ffffff) << 5) ^ v_i;
# 90 : :
# 91 : : // Finally, for each set bit n in c0, conditionally add {2^n}k(x):
# 92 [ + + ]: 4163879 : if (c0 & 1) c ^= 0x3b6a57b2; // k(x) = {29}x^5 + {22}x^4 + {20}x^3 + {21}x^2 + {29}x + {18}
# 93 [ + + ]: 4163879 : if (c0 & 2) c ^= 0x26508e6d; // {2}k(x) = {19}x^5 + {5}x^4 + x^3 + {3}x^2 + {19}x + {13}
# 94 [ + + ]: 4163879 : if (c0 & 4) c ^= 0x1ea119fa; // {4}k(x) = {15}x^5 + {10}x^4 + {2}x^3 + {6}x^2 + {15}x + {26}
# 95 [ + + ]: 4163879 : if (c0 & 8) c ^= 0x3d4233dd; // {8}k(x) = {30}x^5 + {20}x^4 + {4}x^3 + {12}x^2 + {30}x + {29}
# 96 [ + + ]: 4163879 : if (c0 & 16) c ^= 0x2a1462b3; // {16}k(x) = {21}x^5 + x^4 + {8}x^3 + {24}x^2 + {21}x + {19}
# 97 : 4163879 : }
# 98 : 86066 : return c;
# 99 : 86066 : }
# 100 : :
# 101 : : /** Convert to lower case. */
# 102 : : inline unsigned char LowerCase(unsigned char c)
# 103 : 109403 : {
# 104 [ + + ][ + + ]: 109403 : return (c >= 'A' && c <= 'Z') ? (c - 'A') + 'a' : c;
# 105 : 109403 : }
# 106 : :
# 107 : : /** Expand a HRP for use in checksum computation. */
# 108 : : data ExpandHRP(const std::string& hrp)
# 109 : 86066 : {
# 110 : 86066 : data ret;
# 111 : 86066 : ret.reserve(hrp.size() + 90);
# 112 : 86066 : ret.resize(hrp.size() * 2 + 1);
# 113 [ + + ]: 430421 : for (size_t i = 0; i < hrp.size(); ++i) {
# 114 : 344355 : unsigned char c = hrp[i];
# 115 : 344355 : ret[i] = c >> 5;
# 116 : 344355 : ret[i + hrp.size() + 1] = c & 0x1f;
# 117 : 344355 : }
# 118 : 86066 : ret[hrp.size()] = 0;
# 119 : 86066 : return ret;
# 120 : 86066 : }
# 121 : :
# 122 : : /** Verify a checksum. */
# 123 : : Encoding VerifyChecksum(const std::string& hrp, const data& values)
# 124 : 27374 : {
# 125 : : // PolyMod computes what value to xor into the final values to make the checksum 0. However,
# 126 : : // if we required that the checksum was 0, it would be the case that appending a 0 to a valid
# 127 : : // list of values would result in a new valid list. For that reason, Bech32 requires the
# 128 : : // resulting checksum to be 1 instead. In Bech32m, this constant was amended.
# 129 : 27374 : const uint32_t check = PolyMod(Cat(ExpandHRP(hrp), values));
# 130 [ + + ]: 27374 : if (check == EncodingConstant(Encoding::BECH32)) return Encoding::BECH32;
# 131 [ + + ]: 294 : if (check == EncodingConstant(Encoding::BECH32M)) return Encoding::BECH32M;
# 132 : 36 : return Encoding::INVALID;
# 133 : 36 : }
# 134 : :
# 135 : : /** Create a checksum. */
# 136 : : data CreateChecksum(Encoding encoding, const std::string& hrp, const data& values)
# 137 : 58692 : {
# 138 : 58692 : data enc = Cat(ExpandHRP(hrp), values);
# 139 : 58692 : enc.resize(enc.size() + 6); // Append 6 zeroes
# 140 : 58692 : uint32_t mod = PolyMod(enc) ^ EncodingConstant(encoding); // Determine what to XOR into those 6 zeroes.
# 141 : 58692 : data ret(6);
# 142 [ + + ]: 410844 : for (size_t i = 0; i < 6; ++i) {
# 143 : : // Convert the 5-bit groups in mod to checksum values.
# 144 : 352152 : ret[i] = (mod >> (5 * (5 - i))) & 31;
# 145 : 352152 : }
# 146 : 58692 : return ret;
# 147 : 58692 : }
# 148 : :
# 149 : : } // namespace
# 150 : :
# 151 : : /** Encode a Bech32 or Bech32m string. */
# 152 : 58692 : std::string Encode(Encoding encoding, const std::string& hrp, const data& values) {
# 153 : : // First ensure that the HRP is all lowercase. BIP-173 and BIP350 require an encoder
# 154 : : // to return a lowercase Bech32/Bech32m string, but if given an uppercase HRP, the
# 155 : : // result will always be invalid.
# 156 [ + + ]: 58692 : for (const char& c : hrp) assert(c < 'A' || c > 'Z');
# 157 : 58692 : data checksum = CreateChecksum(encoding, hrp, values);
# 158 : 58692 : data combined = Cat(values, checksum);
# 159 : 58692 : std::string ret = hrp + '1';
# 160 : 58692 : ret.reserve(ret.size() + combined.size());
# 161 [ + + ]: 2308630 : for (const auto c : combined) {
# 162 : 2308630 : ret += CHARSET[c];
# 163 : 2308630 : }
# 164 : 58692 : return ret;
# 165 : 58692 : }
# 166 : :
# 167 : : /** Decode a Bech32 or Bech32m string. */
# 168 : 27800 : DecodeResult Decode(const std::string& str) {
# 169 : 27800 : bool lower = false, upper = false;
# 170 [ + + ]: 1263871 : for (size_t i = 0; i < str.size(); ++i) {
# 171 : 1236090 : unsigned char c = str[i];
# 172 [ + + ][ + + ]: 1236090 : if (c >= 'a' && c <= 'z') lower = true;
# 173 [ + + ][ + + ]: 338353 : else if (c >= 'A' && c <= 'Z') upper = true;
# 174 [ + + ][ + + ]: 328663 : else if (c < 33 || c > 126) return {};
# 175 : 1236090 : }
# 176 [ + + ][ + + ]: 27800 : if (lower && upper) return {};
# 177 : 27477 : size_t pos = str.rfind('1');
# 178 [ + + ][ + + ]: 27477 : if (str.size() > 90 || pos == str.npos || pos == 0 || pos + 7 > str.size()) {
# [ + + ][ + + ]
# 179 : 75 : return {};
# 180 : 75 : }
# 181 : 27402 : data values(str.size() - 1 - pos);
# 182 [ + + ]: 1108076 : for (size_t i = 0; i < str.size() - 1 - pos; ++i) {
# 183 : 1080702 : unsigned char c = str[i + pos + 1];
# 184 : 1080702 : int8_t rev = CHARSET_REV[c];
# 185 : :
# 186 [ + + ]: 1080702 : if (rev == -1) {
# 187 : 28 : return {};
# 188 : 28 : }
# 189 : 1080674 : values[i] = rev;
# 190 : 1080674 : }
# 191 : 27402 : std::string hrp;
# 192 [ + + ]: 136777 : for (size_t i = 0; i < pos; ++i) {
# 193 : 109403 : hrp += LowerCase(str[i]);
# 194 : 109403 : }
# 195 : 27374 : Encoding result = VerifyChecksum(hrp, values);
# 196 [ + + ]: 27374 : if (result == Encoding::INVALID) return {};
# 197 : 27338 : return {result, std::move(hrp), data(values.begin(), values.end() - 6)};
# 198 : 27338 : }
# 199 : :
# 200 : : } // namespace bech32
|
