Bitcoin Core  0.20.99
P2P Digital Currency
lax_der_parsing.h
Go to the documentation of this file.
1 /**********************************************************************
2  * Copyright (c) 2015 Pieter Wuille *
3  * Distributed under the MIT software license, see the accompanying *
4  * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5  **********************************************************************/
6 
7 /****
8  * Please do not link this file directly. It is not part of the libsecp256k1
9  * project and does not promise any stability in its API, functionality or
10  * presence. Projects which use this code should instead copy this header
11  * and its accompanying .c file directly into their codebase.
12  ****/
13 
14 /* This file defines a function that parses DER with various errors and
15  * violations. This is not a part of the library itself, because the allowed
16  * violations are chosen arbitrarily and do not follow or establish any
17  * standard.
18  *
19  * In many places it matters that different implementations do not only accept
20  * the same set of valid signatures, but also reject the same set of signatures.
21  * The only means to accomplish that is by strictly obeying a standard, and not
22  * accepting anything else.
23  *
24  * Nonetheless, sometimes there is a need for compatibility with systems that
25  * use signatures which do not strictly obey DER. The snippet below shows how
26  * certain violations are easily supported. You may need to adapt it.
27  *
28  * Do not use this for new systems. Use well-defined DER or compact signatures
29  * instead if you have the choice (see secp256k1_ecdsa_signature_parse_der and
30  * secp256k1_ecdsa_signature_parse_compact).
31  *
32  * The supported violations are:
33  * - All numbers are parsed as nonnegative integers, even though X.609-0207
34  * section 8.3.3 specifies that integers are always encoded as two's
35  * complement.
36  * - Integers can have length 0, even though section 8.3.1 says they can't.
37  * - Integers with overly long padding are accepted, violation section
38  * 8.3.2.
39  * - 127-byte long length descriptors are accepted, even though section
40  * 8.1.3.5.c says that they are not.
41  * - Trailing garbage data inside or after the signature is ignored.
42  * - The length descriptor of the sequence is ignored.
43  *
44  * Compared to for example OpenSSL, many violations are NOT supported:
45  * - Using overly long tag descriptors for the sequence or integers inside,
46  * violating section 8.1.2.2.
47  * - Encoding primitive integers as constructed values, violating section
48  * 8.3.1.
49  */
50 
51 #ifndef SECP256K1_CONTRIB_LAX_DER_PARSING_H
52 #define SECP256K1_CONTRIB_LAX_DER_PARSING_H
53 
54 #include <secp256k1.h>
55 
56 #ifdef __cplusplus
57 extern "C" {
58 #endif
59 
81  const secp256k1_context* ctx,
83  const unsigned char *input,
84  size_t inputlen
86 
87 #ifdef __cplusplus
88 }
89 #endif
90 
91 #endif /* SECP256K1_CONTRIB_LAX_DER_PARSING_H */
static secp256k1_context * ctx
Definition: tests.c:46
int ecdsa_signature_parse_der_lax(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a signature in "lax DER" format.
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1.h:79
#define SECP256K1_ARG_NONNULL(_x)
Definition: secp256k1.h:154