Add public function encoded_length

tcharding · tcharding · commit d09c7b161894 · 2023-10-17T15:06:31.000+11:00
Currently we do not enforce the BIP-173 maximum character length for
bech32 endoded strings.

Add a pubic function `encoded_length` that calculates the length of an
encoding of HRP and data, returning the length either in `Ok(len)` or in
an error if length exceeds 90 chars.

Also add a segwit version of the function that adds 1 for the witness
version.

Do not call either of the functions anywhere, will be done separately.
However it is unlikely that we will do length checks in the `iter` or
`encode` modules (under `primitives`). Add a warning to those two
modules that we do not do length checks
diff --git a/src/lib.rs b/src/lib.rs
@@ -142,6 +142,7 @@ pub mod segwit;
 use alloc::{string::String, vec::Vec};
 use core::fmt;
 
+#[cfg(feature = "alloc")]
 use crate::error::write_err;
 #[cfg(doc)]
 use crate::primitives::decode::CheckedHrpstring;
@@ -160,6 +161,11 @@ pub use {
     crate::primitives::{Bech32, Bech32m, NoChecksum},
 };
 
+/// The maximum allowed length of a bech32 string (see [`BIP-173`]).
+///
+/// [`BIP-173`]: <https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki>
+pub const BECH32_MAX_LENGTH: usize = 90;
+
 /// Decodes a bech32 encoded string.
 ///
 /// If this function succeeds the input string was found to be well formed (hrp, separator, bech32
@@ -343,6 +349,25 @@ pub fn encode_upper_to_writer<Ck: Checksum, W: std::io::Write>(
     Ok(())
 }
 
+/// Returns the length of the bech32 string after encoding `hrp` and `data`.
+///
+/// # Returns
+///
+/// Returns the encoded length, ether as `Ok(len)` if valid or as `Err(EncodedLengthError(len))` if
+/// invalid (exceeds the maximum of 90 characters as defined in [BIP-173]).
+///
+/// [`BIP-173`]: <https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki>
+pub fn encoded_length<Ck: Checksum>(hrp: &Hrp, data: &[u8]) -> Result<usize, EncodedLengthError> {
+    let iter = data.iter().copied().bytes_to_fes();
+    let encoded_len = hrp.len() + 1 + iter.len() + Ck::CHECKSUM_LENGTH; // +1 for separator
+
+    if encoded_len > BECH32_MAX_LENGTH {
+        Err(EncodedLengthError(encoded_len))
+    } else {
+        Ok(encoded_len)
+    }
+}
+
 /// An error while decoding an address.
 #[cfg(feature = "alloc")]
 #[derive(Debug, Clone, PartialEq, Eq)]
@@ -431,6 +456,22 @@ impl From<DecodeError> for DecodeFromReaderError {
     fn from(e: DecodeError) -> Self { Self::Decode(e) }
 }
 
+/// Encoding bech32 string exceeds the spec limit of 90 characters.
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[non_exhaustive]
+pub struct EncodedLengthError(usize);
+
+impl fmt::Display for EncodedLengthError {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        write!(f, "encoded length {} exceeds spec limit 90 chars", self.0)
+    }
+}
+
+#[cfg(feature = "std")]
+impl std::error::Error for EncodedLengthError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { None }
+}
+
 #[cfg(test)]
 #[cfg(feature = "alloc")]
 mod tests {
diff --git a/src/primitives/encode.rs b/src/primitives/encode.rs
@@ -9,6 +9,8 @@
 //! In general, directly using these adaptors is not very ergonomic, and users are recommended to
 //! instead use the higher-level functions at the root of this crate.
 //!
+//! WARNING: This module does not enforce the maximum length of an encoded bech32 string (90 chars).
+//!
 //! # Examples
 //!
 //! ```
diff --git a/src/primitives/iter.rs b/src/primitives/iter.rs
@@ -8,6 +8,8 @@
 //! - `FesToBytes`: An iterator over field elements to an iterator over bytes.
 //! - `Checksummed`: An iterator over field elements that appends the checksum.
 //!
+//! WARNING: This module does not enforce the maximum length of an encoded bech32 string (90 chars).
+//!
 //! # Examples
 //!
 //! ```
diff --git a/src/segwit.rs b/src/segwit.rs
@@ -58,6 +58,7 @@ use crate::primitives::{Bech32, Bech32m};
 #[rustfmt::skip]                // Keep public re-exports separate.
 #[doc(inline)]
 pub use {
+    crate::{BECH32_MAX_LENGTH, EncodedLengthError},
     crate::primitives::segwit::{VERSION_0, VERSION_1},
 };
 
@@ -264,6 +265,26 @@ pub fn encode_upper_to_writer_unchecked<W: std::io::Write>(
     Ok(())
 }
 
+/// Returns the length of the bech32 string after encoding HRP, witness version and program.
+///
+/// # Returns
+///
+/// Returns the encoded length, ether as `Ok(len)` if valid or as `Err(EncodedLengthError(len))` if
+/// invalid (exceeds the maximum of 90 characters as defined in [BIP-173]).
+///
+/// [`BIP-173`]: <https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki>
+pub fn encoded_length(
+    hrp: &Hrp,
+    _witness_version: Fe32, // Emphasize that this is only for segwit.
+    witness_program: &[u8],
+) -> Result<usize, EncodedLengthError> {
+    // Ck is only for length and since they are both the same we can use either here.
+    match crate::encoded_length::<Bech32>(hrp, witness_program) {
+        Ok(len) => Ok(len + 1), // +1 for witness version.
+        Err(EncodedLengthError(len)) => Err(EncodedLengthError(len + 1)),
+    }
+}
+
 /// An error while decoding a segwit address.
 #[cfg(feature = "alloc")]
 #[derive(Debug, Clone, PartialEq, Eq)]
