libsecp256k1_core/
der.rs

1use core::{
2    convert::{AsMut, AsRef},
3    mem,
4};
5
6use crate::{error::Error, scalar::Scalar};
7
8pub struct SignatureArray([u8; 6 + 33 + 33], usize);
9
10impl SignatureArray {
11    pub fn new(size: usize) -> Self {
12        SignatureArray([0u8; 6 + 33 + 33], size)
13    }
14
15    pub fn len(&self) -> usize {
16        self.1
17    }
18
19    pub fn is_empty(&self) -> bool {
20        self.len() == 0
21    }
22}
23
24impl AsRef<[u8]> for SignatureArray {
25    fn as_ref(&self) -> &[u8] {
26        &self.0[..self.1]
27    }
28}
29
30impl AsMut<[u8]> for SignatureArray {
31    fn as_mut(&mut self) -> &mut [u8] {
32        &mut self.0[..self.1]
33    }
34}
35
36pub struct Decoder<'a>(&'a [u8], usize);
37
38impl<'a> Decoder<'a> {
39    pub fn new(arr: &'a [u8]) -> Self {
40        Decoder(arr, 0)
41    }
42
43    pub fn remaining_len(&self) -> usize {
44        self.0.len() - self.1
45    }
46
47    pub fn read(&mut self) -> Result<u8, Error> {
48        if self.1 >= self.0.len() {
49            Err(Error::InvalidSignature)
50        } else {
51            let v = self.0[self.1];
52            self.1 += 1;
53            Ok(v)
54        }
55    }
56
57    pub fn peek(&self, forward: usize) -> Result<u8, Error> {
58        if self.1 + forward >= self.0.len() {
59            Err(Error::InvalidSignature)
60        } else {
61            let v = self.0[self.1 + forward];
62            Ok(v)
63        }
64    }
65
66    pub fn peek_slice(&self, len: usize) -> Result<&[u8], Error> {
67        if (len == 0 && self.1 >= self.0.len()) || self.1 + len > self.0.len() {
68            Err(Error::InvalidSignature)
69        } else {
70            let v = &self.0[self.1..(self.1 + len)];
71            Ok(v)
72        }
73    }
74
75    pub fn skip(&mut self, len: usize) -> Result<(), Error> {
76        if (len == 0 && self.1 >= self.0.len()) || self.1 + len > self.0.len() {
77            Err(Error::InvalidSignature)
78        } else {
79            self.1 += len;
80            Ok(())
81        }
82    }
83
84    pub fn read_constructed_sequence(&mut self) -> Result<(), Error> {
85        let v = self.read()?;
86        if v == 0x30 {
87            Ok(())
88        } else {
89            Err(Error::InvalidSignature)
90        }
91    }
92
93    pub fn read_len(&mut self) -> Result<usize, Error> {
94        let b1 = self.read()?;
95        if b1 == 0xff {
96            return Err(Error::InvalidSignature);
97        }
98
99        // Short form
100        if b1 & 0x80 == 0 {
101            return Ok(b1 as usize);
102        }
103
104        // Infinite length is not allowed
105        if b1 == 0x80 {
106            return Err(Error::InvalidSignature);
107        }
108
109        let mut lenleft = (b1 & 0x7f) as usize;
110        if lenleft > self.remaining_len() {
111            return Err(Error::InvalidSignature);
112        }
113
114        if self.peek(0)? == 0 {
115            // Not the shortest possible length encoding
116            return Err(Error::InvalidSignature);
117        }
118
119        if lenleft > mem::size_of::<usize>() {
120            return Err(Error::InvalidSignature);
121        }
122
123        let mut ret = 0;
124        while lenleft > 0 {
125            ret = (ret << 8) | (self.read()? as usize);
126            if ret + lenleft > self.remaining_len() {
127                return Err(Error::InvalidSignature);
128            }
129            lenleft -= 1;
130        }
131
132        if ret < 128 {
133            // Not the shortest possible length encoding
134            return Err(Error::InvalidSignature);
135        }
136
137        Ok(ret)
138    }
139
140    pub fn read_integer(&mut self) -> Result<Scalar, Error> {
141        if self.read()? != 0x02 {
142            return Err(Error::InvalidSignature);
143        }
144
145        let mut rlen = self.read_len()?;
146        if rlen == 0 || rlen > self.remaining_len() {
147            return Err(Error::InvalidSignature);
148        }
149
150        if self.peek(0)? == 0x00 && rlen > 1 && (self.peek(1)? & 0x80) == 0x00 {
151            return Err(Error::InvalidSignature);
152        }
153
154        if self.peek(0)? == 0xff && rlen > 1 && (self.peek(1)? & 0x80) == 0x00 {
155            return Err(Error::InvalidSignature);
156        }
157
158        let mut overflow = false;
159        if self.peek(0)? & 0x80 == 0x80 {
160            overflow |= true;
161        }
162
163        // Skip leading zero bytes
164        while rlen > 0 && self.peek(0)? == 0 {
165            rlen -= 1;
166            self.read()?;
167        }
168
169        if rlen > 32 {
170            overflow |= true;
171        }
172
173        let mut int = Scalar::default();
174
175        if !overflow {
176            let mut b32 = [0u8; 32];
177            b32[32 - rlen..].copy_from_slice(self.peek_slice(rlen)?);
178            self.skip(rlen)?;
179
180            overflow |= bool::from(int.set_b32(&b32));
181        }
182
183        if overflow {
184            int = Scalar::default();
185        }
186
187        Ok(int)
188    }
189
190    pub fn read_seq_len_lax(&mut self) -> Result<usize, Error> {
191        let mut len = self.read()?;
192        if len & 0x80 != 0x00 {
193            len -= 0x80;
194            if len as usize > self.remaining_len() {
195                return Err(Error::InvalidSignature);
196            }
197            self.skip(len as usize)?;
198        }
199
200        Ok(len as usize)
201    }
202
203    pub fn read_len_lax(&mut self) -> Result<usize, Error> {
204        let mut ret = 0usize;
205        let mut len = self.read()?;
206        if len & 0x80 != 0x00 {
207            len -= 0x80;
208            if len as usize > self.remaining_len() {
209                return Err(Error::InvalidSignature);
210            }
211            while len > 0 && self.peek(0)? == 0 {
212                self.skip(1)?;
213                len -= 1;
214            }
215            if (len as usize) >= mem::size_of::<usize>() {
216                return Err(Error::InvalidSignature);
217            }
218            while len > 0 {
219                ret = (ret << 8) + (self.read()? as usize);
220                len -= 1;
221            }
222        } else {
223            ret = len as usize;
224        }
225        if ret > self.remaining_len() {
226            return Err(Error::InvalidSignature);
227        }
228
229        Ok(ret)
230    }
231
232    pub fn read_integer_lax(&mut self) -> Result<Scalar, Error> {
233        // Integer tag byte.
234        if self.read()? != 0x02 {
235            return Err(Error::InvalidSignature);
236        }
237
238        let mut len = self.read_len_lax()?;
239
240        // Ignore leading zeroes.
241        while len > 0 && self.peek(0)? == 0 {
242            len -= 1;
243            self.skip(1)?;
244        }
245
246        let mut overflow = false;
247        // Copy value
248        if len > 32 {
249            overflow |= true;
250        }
251
252        let mut int = Scalar::default();
253
254        if !overflow {
255            let mut b32 = [0u8; 32];
256            b32[32 - len..].copy_from_slice(&self.peek_slice(len)?);
257            self.skip(len)?;
258
259            overflow |= bool::from(int.set_b32(&b32));
260        }
261
262        if overflow {
263            int = Scalar::default();
264        }
265
266        Ok(int)
267    }
268}
libsecp256k1_core/der.rs

libsecp256k1_core/
der.rs
