MCPcopy Create free account
hub / github.com/BTCGPU/BTCGPU / IsValidSignatureEncoding

Function IsValidSignatureEncoding

src/script/interpreter.cpp:107–170  ·  view source on GitHub ↗

* A canonical signature exists of: <30> <02> <02> * Where R and S are not negative (their first byte has its highest bit not set), and not * excessively padded (do not start with a 0 byte, unless an otherwise negative number follows, * in which case a single 0 byte is necessary and even required). * * See https://bitcointalk.org/index.php?topic=8

Source from the content-addressed store, hash-verified

105 * This function is consensus-critical since BIP66.
106 */
107bool static IsValidSignatureEncoding(const std::vector<unsigned char> &sig) {
108 // Format: 0x30 [total-length] 0x02 [R-length] [R] 0x02 [S-length] [S] [sighash]
109 // * total-length: 1-byte length descriptor of everything that follows,
110 // excluding the sighash byte.
111 // * R-length: 1-byte length descriptor of the R value that follows.
112 // * R: arbitrary-length big-endian encoded R value. It must use the shortest
113 // possible encoding for a positive integer (which means no null bytes at
114 // the start, except a single one when the next byte has its highest bit set).
115 // * S-length: 1-byte length descriptor of the S value that follows.
116 // * S: arbitrary-length big-endian encoded S value. The same rules apply.
117 // * sighash: 1-byte value indicating what data is hashed (not part of the DER
118 // signature)
119
120 // Minimum and maximum size constraints.
121 if (sig.size() < 9) return false;
122 if (sig.size() > 73) return false;
123
124 // A signature is of type 0x30 (compound).
125 if (sig[0] != 0x30) return false;
126
127 // Make sure the length covers the entire signature.
128 if (sig[1] != sig.size() - 3) return false;
129
130 // Extract the length of the R element.
131 unsigned int lenR = sig[3];
132
133 // Make sure the length of the S element is still inside the signature.
134 if (5 + lenR >= sig.size()) return false;
135
136 // Extract the length of the S element.
137 unsigned int lenS = sig[5 + lenR];
138
139 // Verify that the length of the signature matches the sum of the length
140 // of the elements.
141 if ((size_t)(lenR + lenS + 7) != sig.size()) return false;
142
143 // Check whether the R element is an integer.
144 if (sig[2] != 0x02) return false;
145
146 // Zero-length integers are not allowed for R.
147 if (lenR == 0) return false;
148
149 // Negative numbers are not allowed for R.
150 if (sig[4] & 0x80) return false;
151
152 // Null bytes at the start of R are not allowed, unless R would
153 // otherwise be interpreted as a negative number.
154 if (lenR > 1 && (sig[4] == 0x00) && !(sig[5] & 0x80)) return false;
155
156 // Check whether the S element is an integer.
157 if (sig[lenR + 4] != 0x02) return false;
158
159 // Zero-length integers are not allowed for S.
160 if (lenS == 0) return false;
161
162 // Negative numbers are not allowed for S.
163 if (sig[lenR + 6] & 0x80) return false;
164

Callers 2

IsLowDERSignatureFunction · 0.85
CheckSignatureEncodingFunction · 0.85

Calls 1

sizeMethod · 0.45

Tested by

no test coverage detected