From b24ff47c6487d6cb81c9691c4e68c33f367fce74 Mon Sep 17 00:00:00 2001 From: Peter Todd Date: Fri, 9 Jan 2015 05:52:57 -0500 Subject: [PATCH] Make empty byte arrays pass CheckSignatureEncoding() Makes it possible to compactly provide a delibrately invalid signature for use with CHECK(MULTI)SIG. For instance with BIP19 if m != n invalid signatures need to be provided in the scriptSig; prior to this change those invalid signatures would need to be large DER-encoded signatures. Note that we may want to further expand on this change in the future by saying that only OP_0 is a "valid" invalid signature; BIP19 even with this change is inherently malleable as the invalid signatures can be any validly encoded DER signature. Rebased-From: 2fa9a8ec86033b809a1c48f0396c3482c0d5d33c Github-Pull: #5627 --- src/script/interpreter.cpp | 5 +++++ src/test/data/script_invalid.json | 2 +- src/test/data/script_valid.json | 5 +++++ src/test/multisig_tests.cpp | 4 ---- 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/src/script/interpreter.cpp b/src/script/interpreter.cpp index 3231f2e74e..3128bae35f 100644 --- a/src/script/interpreter.cpp +++ b/src/script/interpreter.cpp @@ -189,6 +189,11 @@ bool static IsDefinedHashtypeSignature(const valtype &vchSig) { } bool static CheckSignatureEncoding(const valtype &vchSig, unsigned int flags, ScriptError* serror) { + // Empty signature. Not strictly DER encoded, but allowed to provide a + // compact way to provide an invalid signature for use with CHECK(MULTI)SIG + if (vchSig.size() == 0) { + return true; + } if ((flags & (SCRIPT_VERIFY_DERSIG | SCRIPT_VERIFY_LOW_S | SCRIPT_VERIFY_STRICTENC)) != 0 && !IsDERSignature(vchSig)) { return set_error(serror, SCRIPT_ERR_SIG_DER); } else if ((flags & SCRIPT_VERIFY_LOW_S) != 0 && !IsLowDERSignature(vchSig, serror)) { diff --git a/src/test/data/script_invalid.json b/src/test/data/script_invalid.json index 86d39b5c20..09120e8838 100644 --- a/src/test/data/script_invalid.json +++ b/src/test/data/script_invalid.json @@ -504,7 +504,7 @@ "2-of-2 CHECKMULTISIG NOT with the first pubkey invalid, and both signatures validly encoded." ], [ - "0 0x47 0x3044022044dc17b0887c161bb67ba9635bf758735bdde503e4b0a0987f587f14a4e1143d022009a215772d49a85dae40d8ca03955af26ad3978a0ff965faa12915e9586249a501 0", + "0 0x47 0x3044022044dc17b0887c161bb67ba9635bf758735bdde503e4b0a0987f587f14a4e1143d022009a215772d49a85dae40d8ca03955af26ad3978a0ff965faa12915e9586249a501 1", "2 0x21 0x02865c40293a680cb9c020e7b1e106d8c1916d3cef99aa431a56d253e69256dac0 0x21 0x02865c40293a680cb9c020e7b1e106d8c1916d3cef99aa431a56d253e69256dac0 2 CHECKMULTISIG NOT", "STRICTENC", "2-of-2 CHECKMULTISIG NOT with both pubkeys valid, but first signature invalid." diff --git a/src/test/data/script_valid.json b/src/test/data/script_valid.json index d3075de646..17398ca1bd 100644 --- a/src/test/data/script_valid.json +++ b/src/test/data/script_valid.json @@ -662,6 +662,11 @@ ["0 0 0x02 0x0000", "CHECKMULTISIGVERIFY 1", ""], ["0 0x02 0x0000 0", "CHECKMULTISIGVERIFY 1", ""], +["While not really correctly DER encoded, the empty signature is allowed by"], +["STRICTENC to provide a compact way to provide a delibrately invalid signature."], +["0", "0x21 0x02865c40293a680cb9c020e7b1e106d8c1916d3cef99aa431a56d253e69256dac0 CHECKSIG NOT", "STRICTENC"], +["0 0", "1 0x21 0x02865c40293a680cb9c020e7b1e106d8c1916d3cef99aa431a56d253e69256dac0 1 CHECKMULTISIG NOT", "STRICTENC"], + ["CHECKMULTISIG evaluation order tests. CHECKMULTISIG evaluates signatures and"], ["pubkeys in a specific order, and will exit early if the number of signatures"], ["left to check is greater than the number of keys left. As STRICTENC fails the"], diff --git a/src/test/multisig_tests.cpp b/src/test/multisig_tests.cpp index 8d06caa147..6c800efde2 100644 --- a/src/test/multisig_tests.cpp +++ b/src/test/multisig_tests.cpp @@ -120,10 +120,6 @@ BOOST_AUTO_TEST_CASE(multisig_verify) } } s.clear(); - s << OP_0 << OP_0; - BOOST_CHECK(!VerifyScript(s, a_or_b, flags, SignatureChecker(txTo[1], 0), &err)); - BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_SIG_DER, ScriptErrorString(err)); - s.clear(); s << OP_0 << OP_1; BOOST_CHECK(!VerifyScript(s, a_or_b, flags, SignatureChecker(txTo[1], 0), &err)); BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_SIG_DER, ScriptErrorString(err));