Add Hrp type

tcharding · tcharding · commit e8a1a5ec6915 · 2023-05-10T14:04:46.000+10:00
Instead of accepting `&amp;str` for hrp strings we can add a type `Hrp` and
abstract the checking of the string. This is the "parse don't validate"
methodology suggested by Clark.
diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml
@@ -10,7 +10,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        fuzz_target: [decode_rnd, encode_decode]
+        fuzz_target: [decode_rnd, encode_decode, parse_hrp]
     steps:
       - name: Install test dependencies
         run: sudo apt-get update -y && sudo apt-get install -y binutils-dev libunwind8-dev libcurl4-openssl-dev libelf-dev libdw-dev cmake gcc libiberty-dev
diff --git a/embedded/no-allocator/src/main.rs b/embedded/no-allocator/src/main.rs
@@ -10,7 +10,7 @@
 use panic_halt as _;
 
 use arrayvec::{ArrayString, ArrayVec};
-use bech32::{self, u5, ComboError, FromBase32, ToBase32, Variant};
+use bech32::{self, u5, ComboError, FromBase32, ToBase32, Variant, Hrp};
 use cortex_m_rt::entry;
 use cortex_m_semihosting::{debug, hprintln};
 
@@ -24,7 +24,9 @@ fn main() -> ! {
 
     [0x00u8, 0x01, 0x02].write_base32(&mut base32).unwrap();
 
-    bech32::encode_to_fmt_anycase(&mut encoded, "bech32", &base32, Variant::Bech32)
+    let hrp = Hrp::parse("bech32").unwrap();
+
+    bech32::encode_to_fmt_anycase(&mut encoded, hrp, &base32, Variant::Bech32)
         .unwrap()
         .unwrap();
     test(&*encoded == "bech321qqqsyrhqy2a");
@@ -35,9 +37,9 @@ fn main() -> ! {
 
     let mut scratch = ArrayVec::<u5, 30>::new();
 
-    let (hrp, data, variant) =
+    let (got_hrp, data, variant) =
         bech32::decode_lowercase::<ComboError, _, _>(&encoded, &mut decoded, &mut scratch).unwrap();
-    test(hrp == "bech32");
+    test(got_hrp == hrp);
     let res = ArrayVec::<u8, 30>::from_base32(&data).unwrap();
     test(&res == [0x00, 0x01, 0x02].as_ref());
     test(variant == Variant::Bech32);
diff --git a/embedded/with-allocator/src/main.rs b/embedded/with-allocator/src/main.rs
@@ -11,7 +11,7 @@ use self::alloc::vec::Vec;
 use core::alloc::Layout;
 
 use alloc_cortex_m::CortexMHeap;
-use bech32::{self, FromBase32, ToBase32, Variant};
+use bech32::{self, FromBase32, ToBase32, Variant, Hrp};
 use cortex_m::asm;
 use cortex_m_rt::entry;
 use cortex_m_semihosting::{debug, hprintln};
@@ -26,8 +26,9 @@ fn main() -> ! {
     // Initialize the allocator BEFORE you use it
     unsafe { ALLOCATOR.init(cortex_m_rt::heap_start() as usize, HEAP_SIZE) }
 
+    let hrp = Hrp::parse("bech32").unwrap();
     let encoded = bech32::encode(
-        "bech32",
+        hrp,
         vec![0x00, 0x01, 0x02].to_base32(),
         Variant::Bech32,
     )
@@ -36,8 +37,8 @@ fn main() -> ! {
 
     hprintln!("{}", encoded).unwrap();
 
-    let (hrp, data, variant) = bech32::decode(&encoded).unwrap();
-    test(hrp == "bech32");
+    let (got_hrp, data, variant) = bech32::decode(&encoded).unwrap();
+    test(got_hrp == hrp);
     test(Vec::<u8>::from_base32(&data).unwrap() == vec![0x00, 0x01, 0x02]);
     test(variant == Variant::Bech32);
 
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
@@ -27,4 +27,8 @@ path = "fuzz_targets/decode_rnd.rs"
 
 [[bin]]
 name = "encode_decode"
-path = "fuzz_targets/encode_decode.rs"
+path = "fuzz_targets/encode_decode.rs"
+
+[[bin]]
+name = "parse_hrp"
+path = "fuzz_targets/parse_hrp.rs"
diff --git a/fuzz/fuzz_targets/decode_rnd.rs b/fuzz/fuzz_targets/decode_rnd.rs
@@ -1,7 +1,5 @@
 extern crate bech32;
 
-use std::str::FromStr;
-
 fn do_test(data: &[u8]) {
     let data_str = String::from_utf8_lossy(data);
     let decoded = bech32::decode(&data_str);
@@ -10,7 +8,7 @@ fn do_test(data: &[u8]) {
         Err(_) => return,
     };
 
-    assert_eq!(bech32::encode(&b32.0, b32.1, b32.2).unwrap(), data_str);
+    assert_eq!(bech32::encode(b32.0, b32.1, b32.2).unwrap(), data_str);
 }
 
 #[cfg(feature = "afl")]
diff --git a/fuzz/fuzz_targets/encode_decode.rs b/fuzz/fuzz_targets/encode_decode.rs
@@ -1,6 +1,9 @@
 extern crate bech32;
 
 use std::convert::TryFrom;
+use std::str;
+
+use bech32::Hrp;
 
 fn do_test(data: &[u8]) {
     if data.len() < 1 {
@@ -13,10 +16,6 @@ fn do_test(data: &[u8]) {
         return;
     }
 
-    let hrp = String::from_utf8_lossy(&data[1..hrp_end])
-        .to_lowercase()
-        .to_string();
-
     let dp = data[hrp_end..]
         .iter()
         .map(|b| bech32::u5::try_from(b % 32).unwrap())
@@ -28,11 +27,21 @@ fn do_test(data: &[u8]) {
         bech32::Variant::Bech32
     };
 
-    if let Ok(data_str) = bech32::encode(&hrp, &dp, variant).map(|b32| b32.to_string()) {
-        let decoded = bech32::decode(&data_str);
-        let b32 = decoded.expect("should be able to decode own encoding");
+    match str::from_utf8(&data[1..hrp_end]) {
+        Err(_) => return,
+        Ok(s) => {
+            match Hrp::parse(&s) {
+                Err(_) => return,
+                Ok(hrp) => {
+                    if let Ok(data_str) = bech32::encode(hrp, &dp, variant).map(|b32| b32.to_string()) {
+                        let decoded = bech32::decode(&data_str);
+                        let b32 = decoded.expect("should be able to decode own encoding");
 
-        assert_eq!(bech32::encode(&b32.0, &b32.1, b32.2).unwrap(), data_str);
+                        assert_eq!(bech32::encode(b32.0, &b32.1, b32.2).unwrap(), data_str);
+                    }
+                }
+            }
+        }
     }
 }
 
diff --git a/fuzz/fuzz_targets/parse_hrp.rs b/fuzz/fuzz_targets/parse_hrp.rs
@@ -0,0 +1,59 @@
+extern crate bech32;
+
+use bech32::Hrp;
+
+fn do_test(data: &[u8]) {
+    let s = String::from_utf8_lossy(data);
+
+    // Make sure parsing garbage doesn't make us crash (from_utf8_lossy should
+    // contain some garbage, perhaps even invalid chars).
+    let _ = Hrp::parse(&s);
+}
+
+#[cfg(feature = "afl")]
+extern crate afl;
+#[cfg(feature = "afl")]
+fn main() {
+    afl::read_stdio_bytes(|data| {
+        do_test(&data);
+    });
+}
+
+#[cfg(feature = "honggfuzz")]
+#[macro_use]
+extern crate honggfuzz;
+#[cfg(feature = "honggfuzz")]
+fn main() {
+    loop {
+        fuzz!(|data| {
+            do_test(data);
+        });
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    fn extend_vec_from_hex(hex: &str, out: &mut Vec<u8>) {
+        let mut b = 0;
+        for (idx, c) in hex.as_bytes().iter().filter(|&&c| c != b'\n').enumerate() {
+            b <<= 4;
+            match *c {
+                b'A'...b'F' => b |= c - b'A' + 10,
+                b'a'...b'f' => b |= c - b'a' + 10,
+                b'0'...b'9' => b |= c - b'0',
+                _ => panic!("Bad hex"),
+            }
+            if (idx & 1) == 1 {
+                out.push(b);
+                b = 0;
+            }
+        }
+    }
+
+    #[test]
+    fn duplicate_crash() {
+        let mut a = Vec::new();
+        extend_vec_from_hex("ff6c2d", &mut a);
+        super::do_test(&a);
+    }
+}
diff --git a/src/lib.rs b/src/lib.rs
diff --git a/src/primitives/hrp.rs b/src/primitives/hrp.rs
diff --git a/src/primitives/mod.rs b/src/primitives/mod.rs
