Commit Graph

5 Commits

Author SHA1 Message Date
Pieter Wuille
6fd7ef2bbf Also switch the (unused) verification code to low-s instead of even-s.
a81cd968 introduced a malleability breaker for signatures
(using an even value for S). In e0e14e43 this was changed to
the lower of two potential values, rather than the even one.
Only the signing code was changed though, the (for now unused)
verification code wasn't adapted.
2014-03-10 20:38:32 +01:00
Brandon Dahler
51ed9ec971 Cleanup code using forward declarations.
Use misc methods of avoiding unnecesary header includes.
Replace int typedefs with int##_t from stdint.h.
Replace PRI64[xdu] with PRI[xdu]64 from inttypes.h.
Normalize QT_VERSION ifs where possible.
Resolve some indirect dependencies as direct ones.
Remove extern declarations from .cpp files.
2013-11-10 09:36:28 -06:00
Cory Fields
152e51c7af included-tests: generate binary data from test files for inclusion into test binaries
This change moves test data into the binaries rather than reading them from
the disk at runtime.

Advantages:
- Tests become distributable
- Cross-compile friendly. Build on one machine and execute in an arbitrary
  location on another.
- Easier testing for backports. Users can verify that tests pass without having
  to track down corresponding test data.
- More trustworthy test results and easier quality assurance as tests make
  fewer assumptions about their environment.
- Tests could theoretically run at client/daemon startup and exit on failure.

Disadvantages:
- Required 'hexdump' build-dependency. This is a standard bsd tool that should
  be usable everywhere. It is likely already installed on all build-machines.
- Tests can no longer be fudged after build by altering test-data.
2013-09-16 12:53:11 -04:00
Pieter Wuille
a81cd96805 Only create signatures with even S, and verification mode to check.
To fix a minor malleability found by Sergio Lerner (reported here:
https://bitcointalk.org/index.php?topic=8392.msg1245898#msg1245898)

The problem is that if (R,S) is a valid ECDSA signature for a given
message and public key, (R,-S) is also valid. Modulo N (the order
of the secp256k1 curve), this means that both (R,S) and (R,N-S) are
valid. Given that N is odd, S and N-S have a different lowest bit.
We solve the problem by forcing signatures to have an even S value,
excluding one of the alternatives.

This commit just changes the signing code to always produce even S
values, and adds a verification mode to check it. This code is not
enabled anywhere yet. Existing tests in key_tests.cpp verify that
the produced signatures are still valid.
2013-08-16 00:17:50 +02:00
Pieter Wuille
58bc86e37f Check for canonical public keys and signatures
Only enabled inside tests for now.
2012-09-21 01:24:25 +02:00