github.com/ethereum/go-ethereum@v1.16.1/crypto/secp256k1/libsecp256k1/contrib/lax_der_parsing.h

github.com/ethereum/go-ethereum@v1.16.1/crypto/secp256k1/libsecp256k1/contrib/lax_der_parsing.h (about)

     1  /***********************************************************************
     2   * Copyright (c) 2015 Pieter Wuille                                    *
     3   * Distributed under the MIT software license, see the accompanying    *
     4   * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
     5   ***********************************************************************/
     6  
     7  /****
     8   * Please do not link this file directly. It is not part of the libsecp256k1
     9   * project and does not promise any stability in its API, functionality or
    10   * presence. Projects which use this code should instead copy this header
    11   * and its accompanying .c file directly into their codebase.
    12   ****/
    13  
    14  /* This file defines a function that parses DER with various errors and
    15   * violations. This is not a part of the library itself, because the allowed
    16   * violations are chosen arbitrarily and do not follow or establish any
    17   * standard.
    18   *
    19   * In many places it matters that different implementations do not only accept
    20   * the same set of valid signatures, but also reject the same set of signatures.
    21   * The only means to accomplish that is by strictly obeying a standard, and not
    22   * accepting anything else.
    23   *
    24   * Nonetheless, sometimes there is a need for compatibility with systems that
    25   * use signatures which do not strictly obey DER. The snippet below shows how
    26   * certain violations are easily supported. You may need to adapt it.
    27   *
    28   * Do not use this for new systems. Use well-defined DER or compact signatures
    29   * instead if you have the choice (see secp256k1_ecdsa_signature_parse_der and
    30   * secp256k1_ecdsa_signature_parse_compact).
    31   *
    32   * The supported violations are:
    33   * - All numbers are parsed as nonnegative integers, even though X.609-0207
    34   *   section 8.3.3 specifies that integers are always encoded as two's
    35   *   complement.
    36   * - Integers can have length 0, even though section 8.3.1 says they can't.
    37   * - Integers with overly long padding are accepted, violation section
    38   *   8.3.2.
    39   * - 127-byte long length descriptors are accepted, even though section
    40   *   8.1.3.5.c says that they are not.
    41   * - Trailing garbage data inside or after the signature is ignored.
    42   * - The length descriptor of the sequence is ignored.
    43   *
    44   * Compared to for example OpenSSL, many violations are NOT supported:
    45   * - Using overly long tag descriptors for the sequence or integers inside,
    46   *   violating section 8.1.2.2.
    47   * - Encoding primitive integers as constructed values, violating section
    48   *   8.3.1.
    49   */
    50  
    51  #ifndef SECP256K1_CONTRIB_LAX_DER_PARSING_H
    52  #define SECP256K1_CONTRIB_LAX_DER_PARSING_H
    53  
    54  /* #include secp256k1.h only when it hasn't been included yet.
    55     This enables this file to be #included directly in other project
    56     files (such as tests.c) without the need to set an explicit -I flag,
    57     which would be necessary to locate secp256k1.h. */
    58  #ifndef SECP256K1_H
    59  #include <secp256k1.h>
    60  #endif
    61  
    62  #ifdef __cplusplus
    63  extern "C" {
    64  #endif
    65  
    66  /** Parse a signature in "lax DER" format
    67   *
    68   *  Returns: 1 when the signature could be parsed, 0 otherwise.
    69   *  Args: ctx:      a secp256k1 context object
    70   *  Out:  sig:      pointer to a signature object
    71   *  In:   input:    pointer to the signature to be parsed
    72   *        inputlen: the length of the array pointed to be input
    73   *
    74   *  This function will accept any valid DER encoded signature, even if the
    75   *  encoded numbers are out of range. In addition, it will accept signatures
    76   *  which violate the DER spec in various ways. Its purpose is to allow
    77   *  validation of the Bitcoin blockchain, which includes non-DER signatures
    78   *  from before the network rules were updated to enforce DER. Note that
    79   *  the set of supported violations is a strict subset of what OpenSSL will
    80   *  accept.
    81   *
    82   *  After the call, sig will always be initialized. If parsing failed or the
    83   *  encoded numbers are out of range, signature validation with it is
    84   *  guaranteed to fail for every message and public key.
    85   */
    86  int ecdsa_signature_parse_der_lax(
    87      const secp256k1_context* ctx,
    88      secp256k1_ecdsa_signature* sig,
    89      const unsigned char *input,
    90      size_t inputlen
    91  ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
    92  
    93  #ifdef __cplusplus
    94  }
    95  #endif
    96  
    97  #endif /* SECP256K1_CONTRIB_LAX_DER_PARSING_H */