diff options
-rw-r--r-- | src/key.cpp | 23 | ||||
-rw-r--r-- | src/script/interpreter.cpp | 6 |
2 files changed, 29 insertions, 0 deletions
diff --git a/src/key.cpp b/src/key.cpp index f581bcb0c8..31d485722a 100644 --- a/src/key.cpp +++ b/src/key.cpp @@ -17,6 +17,22 @@ static secp256k1_context* secp256k1_context_sign = NULL; /** These functions are taken from the libsecp256k1 distribution and are very ugly. */ + +/** + * This parses a format loosely based on a DER encoding of the ECPrivateKey type from + * section C.4 of SEC 1 <http://www.secg.org/sec1-v2.pdf>, with the following caveats: + * + * * The octet-length of the SEQUENCE must be encoded as 1 or 2 octets. It is not + * required to be encoded as one octet if it is less than 256, as DER would require. + * * The octet-length of the SEQUENCE must not be greater than the remaining + * length of the key encoding, but need not match it (i.e. the encoding may contain + * junk after the encoded SEQUENCE). + * * The privateKey OCTET STRING is zero-filled on the left to 32 octets. + * * Anything after the encoding of the privateKey OCTET STRING is ignored, whether + * or not it is validly encoded DER. + * + * out32 must point to an output buffer of length at least 32 bytes. + */ static int ec_privkey_import_der(const secp256k1_context* ctx, unsigned char *out32, const unsigned char *privkey, size_t privkeylen) { const unsigned char *end = privkey + privkeylen; size_t lenb = 0; @@ -66,6 +82,13 @@ static int ec_privkey_import_der(const secp256k1_context* ctx, unsigned char *ou return 1; } +/** + * This serializes to a DER encoding of the ECPrivateKey type from section C.4 of SEC 1 + * <http://www.secg.org/sec1-v2.pdf>. The optional parameters and publicKey fields are + * included. + * + * key32 must point to a 32-byte raw private key. + */ static int ec_privkey_export_der(const secp256k1_context *ctx, unsigned char *privkey, size_t *privkeylen, const unsigned char *key32, int compressed) { secp256k1_pubkey pubkey; size_t pubkeylen = 0; diff --git a/src/script/interpreter.cpp b/src/script/interpreter.cpp index 8a121774a0..39e06f4a51 100644 --- a/src/script/interpreter.cpp +++ b/src/script/interpreter.cpp @@ -174,7 +174,13 @@ bool static IsLowDERSignature(const valtype &vchSig, ScriptError* serror) { if (!IsValidSignatureEncoding(vchSig)) { return set_error(serror, SCRIPT_ERR_SIG_DER); } + // https://bitcoin.stackexchange.com/a/12556: + // Also note that inside transaction signatures, an extra hashtype byte + // follows the actual signature data. std::vector<unsigned char> vchSigCopy(vchSig.begin(), vchSig.begin() + vchSig.size() - 1); + // If the S value is above the order of the curve divided by two, its + // complement modulo the order could have been used instead, which is + // one byte shorter when encoded correctly. if (!CPubKey::CheckLowS(vchSigCopy)) { return set_error(serror, SCRIPT_ERR_SIG_HIGH_S); } |