Bitcoin Core  27.99.0
P2P Digital Currency
lax_der_parsing.h
Go to the documentation of this file.
1 /***********************************************************************
2  * Copyright (c) 2015 Pieter Wuille *
3  * Distributed under the MIT software license, see the accompanying *
4  * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
5  ***********************************************************************/
6 
7 /****
8  * Please do not link this file directly. It is not part of the libsecp256k1
9  * project and does not promise any stability in its API, functionality or
10  * presence. Projects which use this code should instead copy this header
11  * and its accompanying .c file directly into their codebase.
12  ****/
13 
14 /* This file defines a function that parses DER with various errors and
15  * violations. This is not a part of the library itself, because the allowed
16  * violations are chosen arbitrarily and do not follow or establish any
17  * standard.
18  *
19  * In many places it matters that different implementations do not only accept
20  * the same set of valid signatures, but also reject the same set of signatures.
21  * The only means to accomplish that is by strictly obeying a standard, and not
22  * accepting anything else.
23  *
24  * Nonetheless, sometimes there is a need for compatibility with systems that
25  * use signatures which do not strictly obey DER. The snippet below shows how
26  * certain violations are easily supported. You may need to adapt it.
27  *
28  * Do not use this for new systems. Use well-defined DER or compact signatures
29  * instead if you have the choice (see secp256k1_ecdsa_signature_parse_der and
30  * secp256k1_ecdsa_signature_parse_compact).
31  *
32  * The supported violations are:
33  * - All numbers are parsed as nonnegative integers, even though X.609-0207
34  * section 8.3.3 specifies that integers are always encoded as two's
35  * complement.
36  * - Integers can have length 0, even though section 8.3.1 says they can't.
37  * - Integers with overly long padding are accepted, violation section
38  * 8.3.2.
39  * - 127-byte long length descriptors are accepted, even though section
40  * 8.1.3.5.c says that they are not.
41  * - Trailing garbage data inside or after the signature is ignored.
42  * - The length descriptor of the sequence is ignored.
43  *
44  * Compared to for example OpenSSL, many violations are NOT supported:
45  * - Using overly long tag descriptors for the sequence or integers inside,
46  * violating section 8.1.2.2.
47  * - Encoding primitive integers as constructed values, violating section
48  * 8.3.1.
49  */
50 
51 #ifndef SECP256K1_CONTRIB_LAX_DER_PARSING_H
52 #define SECP256K1_CONTRIB_LAX_DER_PARSING_H
53 
54 /* #include secp256k1.h only when it hasn't been included yet.
55  This enables this file to be #included directly in other project
56  files (such as tests.c) without the need to set an explicit -I flag,
57  which would be necessary to locate secp256k1.h. */
58 #ifndef SECP256K1_H
59 #include <secp256k1.h>
60 #endif
61 
62 #ifdef __cplusplus
63 extern "C" {
64 #endif
65 
87  const secp256k1_context* ctx,
89  const unsigned char *input,
90  size_t inputlen
92 
93 #ifdef __cplusplus
94 }
95 #endif
96 
97 #endif /* SECP256K1_CONTRIB_LAX_DER_PARSING_H */
int ecdsa_signature_parse_der_lax(const secp256k1_context *ctx, secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3)
Parse a signature in "lax DER" format.
#define SECP256K1_ARG_NONNULL(_x)
Definition: secp256k1.h:179
Opaque data structured that holds a parsed ECDSA signature.
Definition: secp256k1.h:87