csecp256k1

Haskell FFI bindings to bitcoin-core/secp256k1 (docs.ppad.tech/csecp256k1).
git clone git://git.ppad.tech/csecp256k1.git
Log | Files | Refs | README | LICENSE

lax_der_parsing.h (4310B)

      1 /***********************************************************************
      2  * Copyright (c) 2015 Pieter Wuille                                    *
      3  * Distributed under the MIT software license, see the accompanying    *
      4  * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
      5  ***********************************************************************/
      6 
      7 /****
      8  * Please do not link this file directly. It is not part of the libsecp256k1
      9  * project and does not promise any stability in its API, functionality or
     10  * presence. Projects which use this code should instead copy this header
     11  * and its accompanying .c file directly into their codebase.
     12  ****/
     13 
     14 /* This file defines a function that parses DER with various errors and
     15  * violations. This is not a part of the library itself, because the allowed
     16  * violations are chosen arbitrarily and do not follow or establish any
     17  * standard.
     18  *
     19  * In many places it matters that different implementations do not only accept
     20  * the same set of valid signatures, but also reject the same set of signatures.
     21  * The only means to accomplish that is by strictly obeying a standard, and not
     22  * accepting anything else.
     23  *
     24  * Nonetheless, sometimes there is a need for compatibility with systems that
     25  * use signatures which do not strictly obey DER. The snippet below shows how
     26  * certain violations are easily supported. You may need to adapt it.
     27  *
     28  * Do not use this for new systems. Use well-defined DER or compact signatures
     29  * instead if you have the choice (see haskellsecp256k1_v0_1_0_ecdsa_signature_parse_der and
     30  * haskellsecp256k1_v0_1_0_ecdsa_signature_parse_compact).
     31  *
     32  * The supported violations are:
     33  * - All numbers are parsed as nonnegative integers, even though X.609-0207
     34  *   section 8.3.3 specifies that integers are always encoded as two's
     35  *   complement.
     36  * - Integers can have length 0, even though section 8.3.1 says they can't.
     37  * - Integers with overly long padding are accepted, violation section
     38  *   8.3.2.
     39  * - 127-byte long length descriptors are accepted, even though section
     40  *   8.1.3.5.c says that they are not.
     41  * - Trailing garbage data inside or after the signature is ignored.
     42  * - The length descriptor of the sequence is ignored.
     43  *
     44  * Compared to for example OpenSSL, many violations are NOT supported:
     45  * - Using overly long tag descriptors for the sequence or integers inside,
     46  *   violating section 8.1.2.2.
     47  * - Encoding primitive integers as constructed values, violating section
     48  *   8.3.1.
     49  */
     50 
     51 #ifndef SECP256K1_CONTRIB_LAX_DER_PARSING_H
     52 #define SECP256K1_CONTRIB_LAX_DER_PARSING_H
     53 
     54 /* #include secp256k1.h only when it hasn't been included yet.
     55    This enables this file to be #included directly in other project
     56    files (such as tests.c) without the need to set an explicit -I flag,
     57    which would be necessary to locate secp256k1.h. */
     58 #ifndef SECP256K1_H
     59 #include <secp256k1.h>
     60 #endif
     61 
     62 #ifdef __cplusplus
     63 extern "C" {
     64 #endif
     65 
     66 /** Parse a signature in "lax DER" format
     67  *
     68  *  Returns: 1 when the signature could be parsed, 0 otherwise.
     69  *  Args: ctx:      a secp256k1 context object
     70  *  Out:  sig:      pointer to a signature object
     71  *  In:   input:    pointer to the signature to be parsed
     72  *        inputlen: the length of the array pointed to be input
     73  *
     74  *  This function will accept any valid DER encoded signature, even if the
     75  *  encoded numbers are out of range. In addition, it will accept signatures
     76  *  which violate the DER spec in various ways. Its purpose is to allow
     77  *  validation of the Bitcoin blockchain, which includes non-DER signatures
     78  *  from before the network rules were updated to enforce DER. Note that
     79  *  the set of supported violations is a strict subset of what OpenSSL will
     80  *  accept.
     81  *
     82  *  After the call, sig will always be initialized. If parsing failed or the
     83  *  encoded numbers are out of range, signature validation with it is
     84  *  guaranteed to fail for every message and public key.
     85  */
     86 int haskellsecp256k1_v0_1_0_ecdsa_signature_parse_der_lax(
     87     const haskellsecp256k1_v0_1_0_context* ctx,
     88     haskellsecp256k1_v0_1_0_ecdsa_signature* sig,
     89     const unsigned char *input,
     90     size_t inputlen
     91 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
     92 
     93 #ifdef __cplusplus
     94 }
     95 #endif
     96 
     97 #endif /* SECP256K1_CONTRIB_LAX_DER_PARSING_H */