Beispiel #1
0
void checkCanonicalSignature(const valtype &vchSig) {
    // See https://bitcointalk.org/index.php?topic=8392.msg127623#msg127623
    // A canonical signature exists of: <30> <total len> <02> <len R> <R> <02> <len S> <S> <hashtype>
    // Where R and S are not negative (their first byte has its highest bit not set), and not
    // excessively padded (do not start with a 0 byte, unless an otherwise negative number follows,
    // in which case a single 0 byte is necessary and even required).
    if (vchSig.size() < 9)
        throw runtime_error("Non-canonical signature: too short");
    if (vchSig.size() > 73)
        throw runtime_error("Non-canonical signature: too long");
    unsigned char nHashType = vchSig[vchSig.size() - 1] & (~(SIGHASH_ANYONECANPAY));
    if (nHashType < SIGHASH_ALL || nHashType > SIGHASH_SINGLE)
        throw runtime_error("Non-canonical signature: unknown hashtype byte");
    if (vchSig[0] != 0x30)
        throw runtime_error("Non-canonical signature: wrong type");
    if (vchSig[1] != vchSig.size()-3)
        throw runtime_error("Non-canonical signature: wrong length marker");
    unsigned int nLenR = vchSig[3];
    if (5 + nLenR >= vchSig.size())
        throw runtime_error("Non-canonical signature: S length misplaced");
    unsigned int nLenS = vchSig[5+nLenR];
    if ((unsigned long)(nLenR+nLenS+7) != vchSig.size())
        throw runtime_error("Non-canonical signature: R+S length mismatch");
    
    const unsigned char *R = &vchSig[4];
    if (R[-2] != 0x02)
        throw runtime_error("Non-canonical signature: R value type mismatch");
    if (nLenR == 0)
        throw runtime_error("Non-canonical signature: R length is zero");
    if (R[0] & 0x80)
        throw runtime_error("Non-canonical signature: R value negative");
    if (nLenR > 1 && (R[0] == 0x00) && !(R[1] & 0x80))
        throw runtime_error("Non-canonical signature: R value excessively padded");
    
    const unsigned char *S = &vchSig[6+nLenR];
    if (S[-2] != 0x02)
        throw runtime_error("Non-canonical signature: S value type mismatch");
    if (nLenS == 0)
        throw runtime_error("Non-canonical signature: S length is zero");
    if (S[0] & 0x80)
        throw runtime_error("Non-canonical signature: S value negative");
    if (nLenS > 1 && (S[0] == 0x00) && !(S[1] & 0x80))
        throw runtime_error("Non-canonical signature: S value excessively padded");
}
Beispiel #2
0
bool static CheckMinimalPush(const valtype& data, opcodetype opcode) {
    if (data.size() == 0) {
        // Could have used OP_0.
        return opcode == OP_0;
    } else if (data.size() == 1 && data[0] >= 1 && data[0] <= 16) {
        // Could have used OP_1 .. OP_16.
        return opcode == OP_1 + (data[0] - 1);
    } else if (data.size() == 1 && data[0] == 0x81) {
        // Could have used OP_1NEGATE.
        return opcode == OP_1NEGATE;
    } else if (data.size() <= 75) {
        // Could have used a direct push (opcode indicating number of bytes pushed + those bytes).
        return opcode == data.size();
    } else if (data.size() <= 255) {
        // Could have used OP_PUSHDATA.
        return opcode == OP_PUSHDATA1;
    } else if (data.size() <= 65535) {
        // Could have used OP_PUSHDATA2.
        return opcode == OP_PUSHDATA2;
    }
    return true;
}
/**
 * A canonical signature exists of: <30> <total len> <02> <len R> <R> <02> <len S> <S> <hashtype>
 * Where R and S are not negative (their first byte has its highest bit not set), and not
 * excessively padded (do not start with a 0 byte, unless an otherwise negative number follows,
 * in which case a single 0 byte is necessary and even required).
 * 
 * See https://bitcredittalk.org/index.php?topic=8392.msg127623#msg127623
 */
bool static IsDERSignature(const valtype &vchSig) {

    if (vchSig.size() < 9) {
        //  Non-canonical signature: too short
        return false;
    }
    if (vchSig.size() > 73) {
        // Non-canonical signature: too long
        return false;
    }
    if (vchSig[0] != 0x30) {
        //  Non-canonical signature: wrong type
        return false;
    }
    if (vchSig[1] != vchSig.size()-3) {
        //  Non-canonical signature: wrong length marker
        return false;
    }
    unsigned int nLenR = vchSig[3];
    if (5 + nLenR >= vchSig.size()) {
        //  Non-canonical signature: S length misplaced
        return false;
    }
    unsigned int nLenS = vchSig[5+nLenR];
    if ((unsigned long)(nLenR+nLenS+7) != vchSig.size()) {
        //  Non-canonical signature: R+S length mismatch
        return false;
    }

    const unsigned char *R = &vchSig[4];
    if (R[-2] != 0x02) {
        //  Non-canonical signature: R value type mismatch
        return false;
    }
    if (nLenR == 0) {
        //  Non-canonical signature: R length is zero
        return false;
    }
    if (R[0] & 0x80) {
        //  Non-canonical signature: R value negative
        return false;
    }
    if (nLenR > 1 && (R[0] == 0x00) && !(R[1] & 0x80)) {
        //  Non-canonical signature: R value excessively padded
        return false;
    }

    const unsigned char *S = &vchSig[6+nLenR];
    if (S[-2] != 0x02) {
        //  Non-canonical signature: S value type mismatch
        return false;
    }
    if (nLenS == 0) {
        //  Non-canonical signature: S length is zero
        return false;
    }
    if (S[0] & 0x80) {
        //  Non-canonical signature: S value negative
        return false;
    }
    if (nLenS > 1 && (S[0] == 0x00) && !(S[1] & 0x80)) {
        //  Non-canonical signature: S value excessively padded
        return false;
    }
    return true;
}