Rework Bolt11Features deserialization, cleaner, better testable (with mutants)

Author: optout21

lightning-invoice/src/de.rs

@@ -71,26 +71,43 @@ impl FromBase32 for PaymentSecret {
 impl FromBase32 for Bolt11InvoiceFeatures {
 	type Err = CheckedHrpstringError;
 
+	/// Convert to byte values, by packing the 5-bit groups,
+	/// putting the 5-bit values from left to-right (reverse order),
+	/// starting from the rightmost bit,
+	/// and taking the resulting 8-bit values (right to left),
+	/// with the leading 0's skipped.
 	fn from_base32(field_data: &[Fe32]) -> Result<Self, Self::Err> {
-		// Explanation for the "7": the normal way to round up when dividing is to add the divisor
-		// minus one before dividing
-		let length_bytes = (field_data.len() * 5 + 7) / 8 as usize;
-		let mut res_bytes: Vec<u8> = vec![0; length_bytes];
-		for (u5_idx, chunk) in field_data.iter().enumerate() {
-			let bit_pos_from_right_0_indexed = (field_data.len() - u5_idx - 1) * 5;
-			let new_byte_idx = (bit_pos_from_right_0_indexed / 8) as usize;
-			let new_bit_pos = bit_pos_from_right_0_indexed % 8;
-			let chunk_u16 = chunk.to_u8() as u16;
-			res_bytes[new_byte_idx] |= ((chunk_u16 << new_bit_pos) & 0xff) as u8;
-			if new_byte_idx != length_bytes - 1 {
-				res_bytes[new_byte_idx + 1] |= ((chunk_u16 >> (8-new_bit_pos)) & 0xff) as u8;
+		// Fe32 conversion cannot be used, because this unpacks from right, right-to-left
+		// Carry bits, 0, 1, 2, 3, or 4 bits
+		let mut carry_bits = 0;
+		let mut carry = 0u8;
+		let mut output = Vec::<u8>::new();
+
+		// Iterate over input in reverse
+		for (_, curr_in) in field_data.into_iter().rev().enumerate() {
+			let curr_in_as_u8 = curr_in.to_u8();
+			if carry_bits >= 3 {
+				// we have a new full byte -- 3, 4 or 5 carry bits, plus 5 new ones
+				// For combining with carry '|', '^', or '+' can be used (disjoint bit positions)
+				let next = carry + (curr_in_as_u8 << carry_bits);
+				output.push(next);
+				carry = curr_in_as_u8 >> (8 - carry_bits);
+				carry_bits -= 3; // added 5, removed 8
+			} else {
+				// only 0, 1, or 2 carry bits,  plus 5 new ones
+				carry = carry + (curr_in_as_u8 << carry_bits);
+				carry_bits += 5;
 			}
 		}
-		// Trim the highest feature bits.
-		while !res_bytes.is_empty() && res_bytes[res_bytes.len() - 1] == 0 {
-			res_bytes.pop();
+		// No more inputs, output remaining (if any)
+		if carry_bits > 0 {
+			output.push(carry);
 		}
-		Ok(Bolt11InvoiceFeatures::from_le_bytes(res_bytes))
+		// Trim the highest feature bits
+		while !output.is_empty() && output[output.len() - 1] == 0 {
+			output.pop();
+		}
+		Ok(Bolt11InvoiceFeatures::from_le_bytes(output))
 	}
 }
 

lightning-invoice/src/ser.rs

@@ -79,42 +79,40 @@ impl Base32Len for PaymentSecret {
 }
 
 impl Base32Iterable for Bolt11InvoiceFeatures {
-	/// Convert to 32-byte values, by packing into 5 bits,
-	/// putting the bytes from right-to-left (reverse order),
+	/// Convert to 5-bit values, by unpacking the 5 bit groups,
+	/// putting the bytes from right-to-left,
 	/// starting from the rightmost bit,
 	/// and taking the resulting 5-bit values in reverse (left-to-right),
 	/// with the leading 0's skipped.
 	fn fe_iter<'s>(&'s self) -> Box<dyn Iterator<Item = Fe32> + 's> {
 		// Fe32 conversion cannot be used, because this packs from right, right-to-left
-		let input_u8s = &self.le_flags();
-		let mut remain_bits = 0;
-		let mut remain_u8 = 0u8;
-		let mut curr_idx = 0;
+		let mut input_iter = self.le_flags().into_iter();
+		// Carry bits, 0..7 bits
+		let mut carry = 0u8;
+		let mut carry_bits = 0;
 		let mut output = Vec::<Fe32>::new();
 
 		loop {
-			let next_out8 = if remain_bits >= 5 {
-				// We have enough remained bits for an output, no need to read the input
-				let next_out8 = remain_u8;
-				remain_u8 = remain_u8 >> 5;
-				remain_bits -= 5;
+			let next_out8 = if carry_bits >= 5 {
+				// We have enough carry bits for an output, no need to read the input
+				let next_out8 = carry;
+				carry = carry >> 5;
+				carry_bits -= 5;
 				next_out8
 			} else {
-				if curr_idx < input_u8s.len() {
-					// take next byte
-					let curr_in = input_u8s[curr_idx];
-					curr_idx += 1;
+				// take next byte
+				if let Some(curr_in) = input_iter.next() {
 					// we have at least one Fe32 to output (maybe two)
-					let next_out8 = remain_u8 | (curr_in << remain_bits);
-					let to_remain_shift = 5 - remain_bits;
-					remain_u8 = curr_in >> to_remain_shift;
-					remain_bits += 3; // added 8, removed 5
+					// For combining with carry '|', '^', or '+' can be used (disjoint bit positions)
+					let next_out8 = carry + (curr_in << carry_bits);
+					carry = curr_in >> (5 - carry_bits);
+					carry_bits += 3; // added 8, removed 5
 					next_out8
 				} else {
 					// No more inputs, output remaining (if any)
-					if remain_bits > 0 {
-						remain_bits = 0;
-						remain_u8
+					if carry_bits > 0 {
+						carry_bits = 0;
+						carry
 					} else {
 						break;
 					}
@@ -123,7 +121,7 @@ impl Base32Iterable for Bolt11InvoiceFeatures {
 			// Isolate the 5 right bits
 			output.push(Fe32::try_from(next_out8 & 31u8).expect("<32"))
 		}
-		// Take result in reverse order, skip leading 0s
+		// Take result in reverse order, and skip leading 0s
 		return Box::new(output.into_iter().rev().skip_while(|e| *e == Fe32::Q));
 	}
 }

lightning-invoice/src/test_ser_de.rs

@@ -17,7 +17,7 @@ where
 
 	// deserialize back
 	let o2 = T::from_base32(&serialized_32).unwrap();
-	assert_eq!(o, o2);
+	assert_eq!(o, o2, "Mismatch for {}", serialized_str);
 }
 
 /// Test base32 encode and decode, and also length hint
@@ -76,7 +76,10 @@ fn bolt11_invoice_features() {
 	use crate::Bolt11InvoiceFeatures;
 
 	// Test few values, lengths, and paddings
-	ser_de_test_len(Bolt11InvoiceFeatures::from_le_bytes(vec![1, 2, 3, 4, 5, 42, 100, 101]), "x2ep2q5zqxqsp");
+	ser_de_test_len(
+		Bolt11InvoiceFeatures::from_le_bytes(vec![1, 2, 3, 4, 5, 42, 100, 101]),
+		"x2ep2q5zqxqsp",
+	);
 	ser_de_test_len(Bolt11InvoiceFeatures::from_le_bytes(vec![]), "");
 	ser_de_test_len(Bolt11InvoiceFeatures::from_le_bytes(vec![0]), "");
 	ser_de_test_len(Bolt11InvoiceFeatures::from_le_bytes(vec![1]), "p");
@@ -88,11 +91,49 @@ fn bolt11_invoice_features() {
 	ser_de_test_len(Bolt11InvoiceFeatures::from_le_bytes(vec![1, 2, 3]), "xqsp");
 	ser_de_test_len(Bolt11InvoiceFeatures::from_le_bytes(vec![1, 2, 3, 4]), "zqxqsp");
 	ser_de_test_len(Bolt11InvoiceFeatures::from_le_bytes(vec![1, 2, 3, 4, 5]), "5zqxqsp");
-	ser_de_test_len(Bolt11InvoiceFeatures::from_le_bytes(vec![255, 254, 253, 252, 251]), "l070mlhl");
+	ser_de_test_len(
+		Bolt11InvoiceFeatures::from_le_bytes(vec![255, 254, 253, 252, 251]),
+		"l070mlhl",
+	);
 	ser_de_test_len(Bolt11InvoiceFeatures::from_le_bytes(vec![100, 0]), "ry");
 	ser_de_test_len(Bolt11InvoiceFeatures::from_le_bytes(vec![100, 0, 0, 0]), "ry");
 	ser_de_test_len(Bolt11InvoiceFeatures::from_le_bytes(vec![0, 100]), "eqq");
 	ser_de_test_len(Bolt11InvoiceFeatures::from_le_bytes(vec![0, 0, 0, 100]), "pjqqqqq");
+	ser_de_test_len(
+		Bolt11InvoiceFeatures::from_le_bytes(vec![255, 255, 255, 255, 255, 255, 255, 255, 255]),
+		"rllllllllllllll",
+	);
+	ser_de_test_len(
+		Bolt11InvoiceFeatures::from_le_bytes(vec![255, 255, 255, 255, 255, 255, 255, 255, 254]),
+		"rl0llllllllllll",
+	);
+	ser_de_test_len(
+		Bolt11InvoiceFeatures::from_le_bytes(vec![255, 255, 255, 255, 255, 255, 255, 255, 127]),
+		"pllllllllllllll",
+	);
+	ser_de_test_len(
+		Bolt11InvoiceFeatures::from_le_bytes(vec![255, 255, 255, 255, 255, 255, 255, 255, 63]),
+		"llllllllllllll",
+	);
+
+	// To test skipping 0's in deserialization, we have to start with deserialization
+	assert_eq!(
+		Bolt11InvoiceFeatures::from_base32(
+			&"qqqqqry".to_string().chars().map(|c| Fe32::from_char(c).unwrap()).collect::<Vec<_>>()
+				[..]
+		)
+		.unwrap()
+		.le_flags(),
+		vec![100]
+	);
+	assert_eq!(
+		Bolt11InvoiceFeatures::from_base32(
+			&"ry".to_string().chars().map(|c| Fe32::from_char(c).unwrap()).collect::<Vec<_>>()[..]
+		)
+		.unwrap()
+		.le_flags(),
+		vec![100]
+	);
 }
 
 #[test]