CompareBigEndian(vch, len, half ? vchMaxModHalfOrder : vchMaxModOrder, 32) <= 0;
}
+bool CKey::ReserealizeSignature(std::vector<unsigned char>& vchSig)
+{
+ if (vchSig.empty())
+ return false;
+
+ unsigned char *pos = &vchSig[0];
+ ECDSA_SIG *sig = d2i_ECDSA_SIG(NULL, (const unsigned char **)&pos, vchSig.size());
+ if (sig == NULL)
+ return false;
+
+ bool ret = false;
+ int nSize = i2d_ECDSA_SIG(sig, NULL);
+ if (nSize > 0) {
+ vchSig.resize(nSize); // grow or shrink as needed
+
+ pos = &vchSig[0];
+ i2d_ECDSA_SIG(sig, &pos);
+
+ ret = true;
+ }
+
+ ECDSA_SIG_free(sig);
+
+ return ret;
+}
+
void CKey::MakeNewKey(bool fCompressed)
{
if (!EC_KEY_generate_key(pkey))
// Check whether an element of a signature (r or s) is valid.
static bool CheckSignatureElement(const unsigned char *vch, int len, bool half);
+
+ // Reserialize to DER
+ static bool ReserealizeSignature(std::vector<unsigned char>& vchSig);
};
#endif
return (nFound >= nRequired);
}
+bool static ReserealizeBlockSignature(CBlock* pblock)
+{
+ if (pblock->IsProofOfWork())
+ {
+ pblock->vchBlockSig.clear();
+ return true;
+ }
+
+ return CKey::ReserealizeSignature(pblock->vchBlockSig);
+}
+
+bool static IsCanonicalBlockSignature(CBlock* pblock)
+{
+ if (pblock->IsProofOfWork())
+ return pblock->vchBlockSig.empty();
+
+ return IsDERSignature(pblock->vchBlockSig);
+}
+
bool ProcessBlock(CNode* pfrom, CBlock* pblock)
{
// Check for duplicate
if (mapOrphanBlocks.count(hash))
return error("ProcessBlock() : already have block (orphan) %s", hash.ToString().substr(0,20).c_str());
- // ppcoin: check proof-of-stake
+ // Check proof-of-stake
// Limited duplicity on stake: prevents block flood attack
// Duplicate stake allowed only when there is orphan child block
if (pblock->IsProofOfStake() && setStakeSeen.count(pblock->GetProofOfStake()) && !mapOrphanBlocksByPrev.count(hash) && !Checkpoints::WantedByPendingSyncCheckpoint(hash))
return error("ProcessBlock() : duplicate proof-of-stake (%s, %d) for block %s", pblock->GetProofOfStake().first.ToString().c_str(), pblock->GetProofOfStake().second, hash.ToString().c_str());
+ // Strip the garbage from newly received blocks, if we found some
+ if (!IsCanonicalBlockSignature(pblock)) {
+ if (!ReserealizeBlockSignature(pblock))
+ printf("WARNING: ProcessBlock() : ReserealizeBlockSignature FAILED\n");
+ }
+
// Preliminary checks
if (!pblock->CheckBlock(true, true, (pblock->nTime > Checkpoints::GetLastCheckpointTime())))
return error("ProcessBlock() : CheckBlock FAILED");
return true;
}
-bool IsCanonicalSignature(const valtype &vchSig, unsigned int flags) {
- if (!(flags & SCRIPT_VERIFY_STRICTENC))
- return true;
-
+bool IsDERSignature(const valtype &vchSig, bool fWithHashType, bool fCheckLow) {
// See https://bitcointalk.org/index.php?topic=8392.msg127623#msg127623
// A canonical signature exists of: <30> <total len> <02> <len R> <R> <02> <len S> <S> <hashtype>
// Where R and S are not negative (their first byte has its highest bit not set), and not
return error("Non-canonical signature: too short");
if (vchSig.size() > 73)
return error("Non-canonical signature: too long");
- unsigned char nHashType = vchSig[vchSig.size() - 1] & (~(SIGHASH_ANYONECANPAY));
- if (nHashType < SIGHASH_ALL || nHashType > SIGHASH_SINGLE)
- return error("Non-canonical signature: unknown hashtype byte");
if (vchSig[0] != 0x30)
return error("Non-canonical signature: wrong type");
- if (vchSig[1] != vchSig.size()-3)
+ if (vchSig[1] != vchSig.size() - (fWithHashType ? 3 : 2))
return error("Non-canonical signature: wrong length marker");
+ if (fWithHashType) {
+ unsigned char nHashType = vchSig[vchSig.size() - 1] & (~(SIGHASH_ANYONECANPAY));
+ if (nHashType < SIGHASH_ALL || nHashType > SIGHASH_SINGLE)
+ return error("Non-canonical signature: unknown hashtype byte");
+ }
unsigned int nLenR = vchSig[3];
if (5 + nLenR >= vchSig.size())
return error("Non-canonical signature: S length misplaced");
unsigned int nLenS = vchSig[5+nLenR];
- if ((unsigned long)(nLenR+nLenS+7) != vchSig.size())
+ if ((unsigned long)(nLenR + nLenS + (fWithHashType ? 7 : 6)) != vchSig.size())
return error("Non-canonical signature: R+S length mismatch");
const unsigned char *R = &vchSig[4];
if (nLenS > 1 && (S[0] == 0x00) && !(S[1] & 0x80))
return error("Non-canonical signature: S value excessively padded");
- if (flags & SCRIPT_VERIFY_LOW_S) {
+ if (fCheckLow) {
+ unsigned int nLenR = vchSig[3];
+ unsigned int nLenS = vchSig[5+nLenR];
+ const unsigned char *S = &vchSig[6+nLenR];
+ // If the S value is above the order of the curve divided by two, its
+ // complement modulo the order could have been used instead, which is
+ // one byte shorter when encoded correctly.
if (!CKey::CheckSignatureElement(S, nLenS, true))
return error("Non-canonical signature: S value is unnecessarily high");
}
return true;
}
+bool IsCanonicalSignature(const valtype &vchSig, unsigned int flags) {
+ if (!(flags & SCRIPT_VERIFY_STRICTENC))
+ return true;
+
+ return IsDERSignature(vchSig, true, flags & SCRIPT_VERIFY_LOW_S);
+}
+
bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, const CTransaction& txTo, unsigned int nIn, unsigned int flags, int nHashType)
{
CAutoBN_CTX pctx;
};
bool IsCanonicalPubKey(const std::vector<unsigned char> &vchPubKey, unsigned int flags);
+bool IsDERSignature(const valtype &vchSig, bool fWithHashType=false, bool fCheckLow=false);
bool IsCanonicalSignature(const std::vector<unsigned char> &vchSig, unsigned int flags);
-
bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript& script, const CTransaction& txTo, unsigned int nIn, unsigned int flags, int nHashType);
bool Solver(const CScript& scriptPubKey, txnouttype& typeRet, std::vector<std::vector<unsigned char> >& vSolutionsRet);
int ScriptSigArgsExpected(txnouttype t, const std::vector<std::vector<unsigned char> >& vSolutions);