You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

lax_der_parsing.h 3.8KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091
  1. /**********************************************************************
  2. * Copyright (c) 2015 Pieter Wuille *
  3. * Distributed under the MIT software license, see the accompanying *
  4. * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
  5. **********************************************************************/
  6. /****
  7. * Please do not link this file directly. It is not part of the libsecp256k1
  8. * project and does not promise any stability in its API, functionality or
  9. * presence. Projects which use this code should instead copy this header
  10. * and its accompanying .c file directly into their codebase.
  11. ****/
  12. /* This file defines a function that parses DER with various errors and
  13. * violations. This is not a part of the library itself, because the allowed
  14. * violations are chosen arbitrarily and do not follow or establish any
  15. * standard.
  16. *
  17. * In many places it matters that different implementations do not only accept
  18. * the same set of valid signatures, but also reject the same set of signatures.
  19. * The only means to accomplish that is by strictly obeying a standard, and not
  20. * accepting anything else.
  21. *
  22. * Nonetheless, sometimes there is a need for compatibility with systems that
  23. * use signatures which do not strictly obey DER. The snippet below shows how
  24. * certain violations are easily supported. You may need to adapt it.
  25. *
  26. * Do not use this for new systems. Use well-defined DER or compact signatures
  27. * instead if you have the choice (see secp256k1_ecdsa_signature_parse_der and
  28. * secp256k1_ecdsa_signature_parse_compact).
  29. *
  30. * The supported violations are:
  31. * - All numbers are parsed as nonnegative integers, even though X.609-0207
  32. * section 8.3.3 specifies that integers are always encoded as two's
  33. * complement.
  34. * - Integers can have length 0, even though section 8.3.1 says they can't.
  35. * - Integers with overly long padding are accepted, violation section
  36. * 8.3.2.
  37. * - 127-byte long length descriptors are accepted, even though section
  38. * 8.1.3.5.c says that they are not.
  39. * - Trailing garbage data inside or after the signature is ignored.
  40. * - The length descriptor of the sequence is ignored.
  41. *
  42. * Compared to for example OpenSSL, many violations are NOT supported:
  43. * - Using overly long tag descriptors for the sequence or integers inside,
  44. * violating section 8.1.2.2.
  45. * - Encoding primitive integers as constructed values, violating section
  46. * 8.3.1.
  47. */
  48. #ifndef _SECP256K1_CONTRIB_LAX_DER_PARSING_H_
  49. #define _SECP256K1_CONTRIB_LAX_DER_PARSING_H_
  50. #include <secp256k1.h>
  51. # ifdef __cplusplus
  52. extern "C" {
  53. # endif
  54. /** Parse a signature in "lax DER" format
  55. *
  56. * Returns: 1 when the signature could be parsed, 0 otherwise.
  57. * Args: ctx: a secp256k1 context object
  58. * Out: sig: a pointer to a signature object
  59. * In: input: a pointer to the signature to be parsed
  60. * inputlen: the length of the array pointed to be input
  61. *
  62. * This function will accept any valid DER encoded signature, even if the
  63. * encoded numbers are out of range. In addition, it will accept signatures
  64. * which violate the DER spec in various ways. Its purpose is to allow
  65. * validation of the Starwels blockchain, which includes non-DER signatures
  66. * from before the network rules were updated to enforce DER. Note that
  67. * the set of supported violations is a strict subset of what OpenSSL will
  68. * accept.
  69. *
  70. * After the call, sig will always be initialized. If parsing failed or the
  71. * encoded numbers are out of range, signature validation with it is
  72. * guaranteed to fail for every message and public key.
  73. */
  74. int ecdsa_signature_parse_der_lax(
  75. const secp256k1_context* ctx,
  76. secp256k1_ecdsa_signature* sig,
  77. const unsigned char *input,
  78. size_t inputlen
  79. ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
  80. #ifdef __cplusplus
  81. }
  82. #endif
  83. #endif