[Polkadot] Ss58 decoding\encoding support

Resolves brave/brave-browser#44748

Author: cypt4

components/brave_wallet/common/encoding_utils.cc

@@ -5,11 +5,28 @@
 
 #include "brave/components/brave_wallet/common/encoding_utils.h"
 
+#include <utility>
+
+#include "base/containers/span.h"
+#include "base/containers/span_writer.h"
 #include "brave/components/brave_wallet/common/hash_utils.h"
 #include "brave/third_party/bitcoin-core/src/src/base58.h"
 
 namespace brave_wallet {
 
+namespace {
+// Prefix is added a public key to calculate
+// blake2b hash.
+constexpr char kSs58HashPrefix[] = "SS58PRE";
+constexpr size_t kSs58HashPrefixSize = 7u;
+constexpr size_t kSs58HashChecksumSize = 2u;
+}  // namespace
+
+Ss58Address::Ss58Address() = default;
+Ss58Address::~Ss58Address() = default;
+Ss58Address::Ss58Address(Ss58Address&& addr) = default;
+Ss58Address& Ss58Address::operator=(Ss58Address&& addr) = default;
+
 std::string Base58EncodeWithCheck(const std::vector<uint8_t>& bytes) {
   auto with_checksum = bytes;
   auto checksum = DoubleSHA256Hash(bytes);
@@ -42,4 +59,100 @@ std::string Base58Encode(base::span<const uint8_t> bytes) {
   return EncodeBase58(bytes);
 }
 
+// Reference implementation
+// https://github.com/gear-tech/gear/blob/7d481fed39e7b0633ca9afeed8ce1b3cbb636f3e/utils/ss58/src/lib.rs#L295
+std::optional<std::string> Ss58Encode(const Ss58Address& addr) {
+  uint16_t prefix = addr.prefix;
+  if (prefix > 16383) {
+    return std::nullopt;
+  }
+
+  std::vector<uint8_t> buff;
+  size_t offset = prefix < 64 ? 1 : 2;
+  buff.resize(offset + kSs58PublicKeySize + kSs58HashChecksumSize);
+  auto output_span_writer = base::SpanWriter(base::span(buff));
+
+  if (offset == 1) {
+    output_span_writer.WriteU8BigEndian(prefix);
+  } else {
+    output_span_writer.WriteU8BigEndian(((prefix & 0b11111100) >> 2) |
+                                        0b01000000);
+    output_span_writer.WriteU8BigEndian((prefix >> 8) | ((prefix & 0b11) << 6));
+  }
+
+  output_span_writer.Write(base::span(addr.public_key));
+  DCHECK_EQ(output_span_writer.remaining(), kSs58HashChecksumSize);
+  DCHECK_EQ(buff.size(), offset + kSs58PublicKeySize + kSs58HashChecksumSize);
+
+  std::vector<uint8_t> hash_input;
+  hash_input.resize(kSs58HashPrefixSize + offset + kSs58PublicKeySize);
+  auto hash_input_writer = base::SpanWriter(base::span(hash_input));
+  hash_input_writer.Write(base::byte_span_from_cstring(kSs58HashPrefix));
+  hash_input_writer.Write(base::span(buff).first(offset + kSs58PublicKeySize));
+  DCHECK_EQ(hash_input_writer.remaining(), 0u);
+  auto hash = Blake2bHash<64>(base::span(hash_input));
+
+  output_span_writer.Write(base::span(hash).first(kSs58HashChecksumSize));
+
+  return Base58Encode(buff);
+}
+
+// Reference implementation
+// https://github.com/gear-tech/gear/blob/7d481fed39e7b0633ca9afeed8ce1b3cbb636f3e/utils/ss58/src/lib.rs#L243
+std::optional<Ss58Address> Ss58Decode(const std::string& str) {
+  auto result =
+      Base58Decode(str, kSs58HashChecksumSize + kSs58PublicKeySize + 2, false);
+  if (!result ||
+      result->size() < kSs58HashChecksumSize + kSs58PublicKeySize + 1) {
+    return std::nullopt;
+  }
+  uint8_t offset = 0;
+  uint8_t address_type = (*result)[0];
+  uint16_t prefix = 0;
+  if (address_type < 64) {
+    offset = 1;
+    prefix = address_type;
+  } else if (address_type < 128) {
+    offset = 2;
+    uint8_t address_type_1 = (*result)[1];
+    uint8_t lower = ((address_type << 2) | (address_type_1 >> 6)) & 0b11111111;
+    uint8_t upper = address_type_1 & 0b00111111;
+    prefix = lower | (upper << 8);
+  } else {
+    return std::nullopt;
+  }
+
+  if (result->size() != offset + kSs58PublicKeySize + kSs58HashChecksumSize) {
+    return std::nullopt;
+  }
+
+  // Prepare input to calculate checksum
+  std::vector<uint8_t> hash_input(kSs58HashPrefixSize + offset +
+                                  kSs58PublicKeySize);
+  auto hash_input_writer = base::SpanWriter(base::span(hash_input));
+  hash_input_writer.Write(base::byte_span_from_cstring(kSs58HashPrefix));
+  hash_input_writer.Write(
+      base::span(*result).first(offset + kSs58PublicKeySize));
+  DCHECK_EQ(hash_input_writer.remaining(), 0u);
+  auto hash = Blake2bHash<64>(base::span(hash_input));
+
+  // Verify checksum
+  for (size_t i = 0; i < kSs58HashChecksumSize; i++) {
+    // Checking last 2 bytes
+    if (hash[i] != (*result)[offset + kSs58PublicKeySize + i]) {
+      return std::nullopt;
+    }
+  }
+
+  // Prepare output
+  Ss58Address result_addr;
+  result_addr.prefix = prefix;
+  auto public_key_span_writer =
+      base::SpanWriter(base::span(result_addr.public_key));
+  public_key_span_writer.Write(
+      base::span(*result).subspan(offset, kSs58PublicKeySize));
+  DCHECK_EQ(public_key_span_writer.remaining(), 0u);
+  return std::move(result_addr);
+}
+
 }  // namespace brave_wallet

components/brave_wallet/common/encoding_utils.h

@@ -13,6 +13,23 @@
 
 namespace brave_wallet {
 
+// Size of Ed25519\Sr25519 public keys.
+inline constexpr size_t kSs58PublicKeySize = 32u;
+
+// Encodes Ed25519 pr Sr25519 public key adding
+// special prefix and checksum.
+struct Ss58Address {
+  Ss58Address();
+  ~Ss58Address();
+  Ss58Address(Ss58Address& addr) = delete;
+  Ss58Address& operator=(const Ss58Address& addr) = delete;
+  Ss58Address(Ss58Address&& addr);
+  Ss58Address& operator=(Ss58Address&& addr);
+  uint16_t prefix;
+  // ed25519 or sr25519 public key.
+  std::array<uint8_t, kSs58PublicKeySize> public_key;
+};
+
 // A bridge function to call DecodeBase58 in bitcoin-core.
 // It will return false if length of decoded byte array does not match len
 // param.
@@ -27,6 +44,9 @@ std::optional<std::vector<uint8_t>> Base58Decode(const std::string& str,
 std::string Base58Encode(base::span<const uint8_t> bytes);
 std::string Base58EncodeWithCheck(const std::vector<uint8_t>& bytes);
 
+std::optional<std::string> Ss58Encode(const Ss58Address& addr);
+std::optional<Ss58Address> Ss58Decode(const std::string& str);
+
 }  // namespace brave_wallet
 
 #endif  // BRAVE_COMPONENTS_BRAVE_WALLET_COMMON_ENCODING_UTILS_H_

components/brave_wallet/common/encoding_utils_unittest.cc

@@ -78,4 +78,127 @@ TEST(EncodingUtilsUnitTest, Base58EncodeWithCheck) {
                     .value()));
 }
 
+// Test vectors calculated using https://ss58.org
+TEST(EncodingUtilsUnitTest, Ss58Encode) {
+  // Single-byte prefix
+  {
+    Ss58Address addr;
+    EXPECT_TRUE(base::HexStringToSpan(
+        "d43593c715fdd31c61141abd04a99fd6822c8558854ccde39a5684e7a56da27d",
+        base::span(addr.public_key)));
+    addr.prefix = 0;
+    EXPECT_EQ("15oF4uVJwmo4TdGW7VfQxNLavjCXviqxT9S1MgbjMNHr6Sp5",
+              Ss58Encode(addr).value());
+
+    auto decoded =
+        Ss58Decode("15oF4uVJwmo4TdGW7VfQxNLavjCXviqxT9S1MgbjMNHr6Sp5");
+    EXPECT_EQ(decoded->public_key, addr.public_key);
+    EXPECT_EQ(decoded->prefix, 0u);
+  }
+
+  {
+    Ss58Address addr;
+    EXPECT_TRUE(base::HexStringToSpan(
+        "d43593c715fdd31c61141abd04a99fd6822c8558854ccde39a5684e7a56da27d",
+        base::span(addr.public_key)));
+    addr.prefix = 42;
+    EXPECT_EQ("5GrwvaEF5zXb26Fz9rcQpDWS57CtERHpNehXCPcNoHGKutQY",
+              Ss58Encode(addr).value());
+
+    auto decoded =
+        Ss58Decode("5GrwvaEF5zXb26Fz9rcQpDWS57CtERHpNehXCPcNoHGKutQY");
+    EXPECT_EQ(decoded->public_key, addr.public_key);
+    EXPECT_EQ(decoded->prefix, 42u);
+  }
+
+  {
+    Ss58Address addr;
+    EXPECT_TRUE(base::HexStringToSpan(
+        "d43593c715fdd31c61141abd04a99fd6822c8558854ccde39a5684e7a56da27d",
+        base::span(addr.public_key)));
+    addr.prefix = 63;
+    EXPECT_EQ("7NPoMQbiA6trJKkjB35uk96MeJD4PGWkLQLH7k7hXEkZpiba",
+              Ss58Encode(addr).value());
+
+    auto decoded =
+        Ss58Decode("7NPoMQbiA6trJKkjB35uk96MeJD4PGWkLQLH7k7hXEkZpiba");
+    EXPECT_EQ(decoded->public_key, addr.public_key);
+    EXPECT_EQ(decoded->prefix, 63u);
+  }
+
+  // Two-bytes prefix
+  {
+    Ss58Address addr;
+    EXPECT_TRUE(base::HexStringToSpan(
+        "d43593c715fdd31c61141abd04a99fd6822c8558854ccde39a5684e7a56da27d",
+        base::span(addr.public_key)));
+    addr.prefix = 64u;
+    EXPECT_EQ("cEaNSpz4PxFcZ7nT1VEKrKewH67rfx6MfcM6yKojyyPz7qaqp",
+              Ss58Encode(addr).value());
+
+    auto decoded =
+        Ss58Decode("cEaNSpz4PxFcZ7nT1VEKrKewH67rfx6MfcM6yKojyyPz7qaqp");
+    EXPECT_EQ(decoded->public_key, addr.public_key);
+    EXPECT_EQ(decoded->prefix, 64u);
+  }
+
+  {
+    Ss58Address addr;
+    EXPECT_TRUE(base::HexStringToSpan(
+        "d43593c715fdd31c61141abd04a99fd6822c8558854ccde39a5684e7a56da27d",
+        base::span(addr.public_key)));
+    addr.prefix = 200;
+    EXPECT_EQ("sD4TrgAhf8c8tYheiyKQb19jvTWY5fGx3TD1nK1Ue61WHRnT4",
+              Ss58Encode(addr).value());
+
+    auto decoded =
+        Ss58Decode("5GrwvaEF5zXb26Fz9rcQpDWS57CtERHpNehXCPcNoHGKutQY");
+    EXPECT_EQ(decoded->public_key, addr.public_key);
+    EXPECT_EQ(decoded->prefix, 42u);
+  }
+
+  {
+    Ss58Address addr;
+    EXPECT_TRUE(base::HexStringToSpan(
+        "d43593c715fdd31c61141abd04a99fd6822c8558854ccde39a5684e7a56da27d",
+        base::span(addr.public_key)));
+    addr.prefix = 16383;
+    EXPECT_EQ("yNa8JpqfFB3q8A29rCwSgxvdU94ufJw2yKKxDgznS5m1PoFvn",
+              Ss58Encode(addr).value());
+
+    auto decoded =
+        Ss58Decode("yNa8JpqfFB3q8A29rCwSgxvdU94ufJw2yKKxDgznS5m1PoFvn");
+    EXPECT_EQ(decoded->public_key, addr.public_key);
+    EXPECT_EQ(decoded->prefix, 16383u);
+  }
+
+  // Wrong prefix encode
+  {
+    Ss58Address addr;
+    EXPECT_TRUE(base::HexStringToSpan(
+        "d43593c715fdd31c61141abd04a99fd6822c8558854ccde39a5684e7a56da27d",
+        base::span(addr.public_key)));
+    addr.prefix = 16384u;
+    EXPECT_FALSE(Ss58Encode(addr));
+  }
+
+  // Wrong prefix decode
+  {
+    EXPECT_FALSE(
+        Ss58Decode("HHrwvaEF5zXb26Fz9rcQpDWS57CtERHpNehXCPcNoHGKutQY"));
+  }
+
+  // Wrong addr size
+  {
+    EXPECT_FALSE(
+        Ss58Decode("0Na8JpqfFB3q8A29rCwSgxvdU94ufJw2yKKxDgznS5m1PoFvn"));
+  }
+
+  // Wrong checksum
+  {
+    EXPECT_FALSE(
+        Ss58Decode("5GrwvaEF5zXb26Fz9rcQpDWS57CtERHpNehXCPcNoHGKutQa"));
+  }
+}
+
 }  // namespace brave_wallet