core-lightning/common/codex32.h

#ifndef LIGHTNING_COMMON_CODEX32_H
#define LIGHTNING_COMMON_CODEX32_H
#include "config.h"
#include <ccan/short_types/short_types.h>
#include <stdio.h>

/* Supported encodings. */
typedef enum {
   CODEX32_ENCODING_SHARE,
   CODEX32_ENCODING_SECRET
} codex32_encoding;

/* Decoded codex32 parts */
struct codex32 {
	/* "ms" */
	const char *hrp;
	/* 0, or 2-9 */
	uint8_t threshold;
	/* Four valid bech32 characters which identify this complete codex32 secret, the last char is null */
	char id[4 + 1];
	/* Valid bech32 character identifying this share of the secret, or `s` for unshared */
	char share_idx;
	/* The actual data payload */
	const u8 *payload;
	/* Is this a share, or a secret? */
	codex32_encoding type;
};

/** Decode a codex32 or codex32l string
 *
 *  Out: parts:       Pointer to a codex32. Will be
 *                    updated to contain the details extracted from the codex32 string.
 *       fail:        Pointer to a char *, that would be updated with the reason
 * 		      of failure in case this function returns a NULL.
 *  In: input:        Pointer to a null-terminated codex32 string.
 *      Returns Parts to indicate decoding was successful. NULL is returned if decoding failed,
 * 	with appropriate reason in the fail param
 */
struct codex32 *codex32_decode(const tal_t *ctx,
			       const char *codex32str,
			       char **fail);

/** Encode a seed into codex32 secret format.
 *
 *  In: input:        id: Valid 4 char string identifying the secret
 * 		      threshold: Threshold according to the bip93
 * 		      seed: The secret in u8*
 * 		      seedlen: Length of the seed provided.
 *      Returns a string which contains the seed provided in bip93 format.
 *
 * Returns an error string, or returns NULL and sets @bip93.
 */
const char *codex32_secret_encode(const tal_t *ctx,
				  const char *id,
				  const u32 threshold,
				  const u8 *seed,
				  size_t seedlen,
				  char **bip93);

#endif /* LIGHTNING_COMMON_CODEX32_H */
common/codex32: Added codex32_decode() without checksum verification. 2023-07-31 01:33:33 +02:00			`#ifndef LIGHTNING_COMMON_CODEX32_H`
			`#define LIGHTNING_COMMON_CODEX32_H`
			`#include "config.h"`
			`#include <ccan/short_types/short_types.h>`
			`#include <stdio.h>`

			`/* Supported encodings. */`
			`typedef enum {`
			`CODEX32_ENCODING_SHARE,`
			`CODEX32_ENCODING_SECRET`
			`} codex32_encoding;`

			`/* Decoded codex32 parts */`
			`struct codex32 {`
codex32: rework. Firstly, I wanted the results easier to use: 1. Make them always lower case, even if the string was UPPER. 2. Decode the payload for them. 3. Don't give the user any fields they don't need, and make the field sizes explicit. Secondly, I wanted to avoid the pattern of "check in one place, assume in another", in favour of "check on use". So, I changed the code to lower the string if it needs to at the start, and then changed the pull functions so we always use them to get data: this way we should fail clearly and gracefully if we don't have enough data. I made all the checks explicit, where we assign the fields. I also addressed the FIXME: I think the array is often one shorter, but not always, so I trim the last byte at the end if needed. [ Aditya modified the tests to work ] Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2023-07-31 01:37:46 +02:00			`/* "ms" */`
common/codex32: Added codex32_decode() without checksum verification. 2023-07-31 01:33:33 +02:00			`const char *hrp;`
codex32: rework. Firstly, I wanted the results easier to use: 1. Make them always lower case, even if the string was UPPER. 2. Decode the payload for them. 3. Don't give the user any fields they don't need, and make the field sizes explicit. Secondly, I wanted to avoid the pattern of "check in one place, assume in another", in favour of "check on use". So, I changed the code to lower the string if it needs to at the start, and then changed the pull functions so we always use them to get data: this way we should fail clearly and gracefully if we don't have enough data. I made all the checks explicit, where we assign the fields. I also addressed the FIXME: I think the array is often one shorter, but not always, so I trim the last byte at the end if needed. [ Aditya modified the tests to work ] Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2023-07-31 01:37:46 +02:00			`/* 0, or 2-9 */`
common/codex32: Added codex32_decode() without checksum verification. 2023-07-31 01:33:33 +02:00			`uint8_t threshold;`
codex32: rework. Firstly, I wanted the results easier to use: 1. Make them always lower case, even if the string was UPPER. 2. Decode the payload for them. 3. Don't give the user any fields they don't need, and make the field sizes explicit. Secondly, I wanted to avoid the pattern of "check in one place, assume in another", in favour of "check on use". So, I changed the code to lower the string if it needs to at the start, and then changed the pull functions so we always use them to get data: this way we should fail clearly and gracefully if we don't have enough data. I made all the checks explicit, where we assign the fields. I also addressed the FIXME: I think the array is often one shorter, but not always, so I trim the last byte at the end if needed. [ Aditya modified the tests to work ] Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2023-07-31 01:37:46 +02:00			`/* Four valid bech32 characters which identify this complete codex32 secret, the last char is null */`
			`char id[4 + 1];`
			/* Valid bech32 character identifying this share of the secret, or `s` for unshared */
			`char share_idx;`
			`/* The actual data payload */`
			`const u8 *payload;`
			`/* Is this a share, or a secret? */`
common/codex32: Added codex32_decode() without checksum verification. 2023-07-31 01:33:33 +02:00			`codex32_encoding type;`
			`};`

			`/** Decode a codex32 or codex32l string`
			`*`
			`* Out: parts: Pointer to a codex32. Will be`
			`* updated to contain the details extracted from the codex32 string.`
			`* fail: Pointer to a char *, that would be updated with the reason`
			`* of failure in case this function returns a NULL.`
			`* In: input: Pointer to a null-terminated codex32 string.`
			`* Returns Parts to indicate decoding was successful. NULL is returned if decoding failed,`
			`* with appropriate reason in the fail param`
			`*/`
			`struct codex32 codex32_decode(const tal_t ctx,`
codex32: rework. Firstly, I wanted the results easier to use: 1. Make them always lower case, even if the string was UPPER. 2. Decode the payload for them. 3. Don't give the user any fields they don't need, and make the field sizes explicit. Secondly, I wanted to avoid the pattern of "check in one place, assume in another", in favour of "check on use". So, I changed the code to lower the string if it needs to at the start, and then changed the pull functions so we always use them to get data: this way we should fail clearly and gracefully if we don't have enough data. I made all the checks explicit, where we assign the fields. I also addressed the FIXME: I think the array is often one shorter, but not always, so I trim the last byte at the end if needed. [ Aditya modified the tests to work ] Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2023-07-31 01:37:46 +02:00			`const char *codex32str,`
			`char **fail);`
common/codex32: Added codex32_decode() without checksum verification. 2023-07-31 01:33:33 +02:00
common/codex32: Add codex32_secret_encode to encode seeds in bip93 format. 2023-07-31 06:10:15 +02:00			`/** Encode a seed into codex32 secret format.`
			`*`
			`* In: input: id: Valid 4 char string identifying the secret`
			`* threshold: Threshold according to the bip93`
			`* seed: The secret in u8*`
			`* seedlen: Length of the seed provided.`
			`* Returns a string which contains the seed provided in bip93 format.`
hsmtool: tighten checks for validity on getcodexsecret Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2023-08-01 03:29:54 +02:00			`*`
			`* Returns an error string, or returns NULL and sets @bip93.`
common/codex32: Add codex32_secret_encode to encode seeds in bip93 format. 2023-07-31 06:10:15 +02:00			`*/`
hsmtool: tighten checks for validity on getcodexsecret Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2023-08-01 03:29:54 +02:00			`const char codex32_secret_encode(const tal_t ctx,`
			`const char *id,`
			`const u32 threshold,`
			`const u8 *seed,`
			`size_t seedlen,`
			`char **bip93);`
common/codex32: Add codex32_secret_encode to encode seeds in bip93 format. 2023-07-31 06:10:15 +02:00
codex32: rework. Firstly, I wanted the results easier to use: 1. Make them always lower case, even if the string was UPPER. 2. Decode the payload for them. 3. Don't give the user any fields they don't need, and make the field sizes explicit. Secondly, I wanted to avoid the pattern of "check in one place, assume in another", in favour of "check on use". So, I changed the code to lower the string if it needs to at the start, and then changed the pull functions so we always use them to get data: this way we should fail clearly and gracefully if we don't have enough data. I made all the checks explicit, where we assign the fields. I also addressed the FIXME: I think the array is often one shorter, but not always, so I trim the last byte at the end if needed. [ Aditya modified the tests to work ] Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> 2023-07-31 01:37:46 +02:00			`#endif /* LIGHTNING_COMMON_CODEX32_H */`