Add comments

str4d · str4d · commit e181dbe74824 · 2017-07-17T11:55:05.000-05:00
diff --git a/src/key.cpp b/src/key.cpp
@@ -17,6 +17,22 @@
 static secp256k1_context* secp256k1_context_sign = NULL;
 
 /** These functions are taken from the libsecp256k1 distribution and are very ugly. */
+
+/**
+ * This parses a format loosely based on a DER encoding of the ECPrivateKey type from
+ * section C.4 of SEC 1 <http://www.secg.org/sec1-v2.pdf>, with the following caveats:
+ *
+ * * The octet-length of the SEQUENCE must be encoded as 1 or 2 octets. It is not
+ *   required to be encoded as one octet if it is less than 256, as DER would require.
+ * * The octet-length of the SEQUENCE must not be greater than the remaining
+ *   length of the key encoding, but need not match it (i.e. the encoding may contain
+ *   junk after the encoded SEQUENCE).
+ * * The privateKey OCTET STRING is zero-filled on the left to 32 octets.
+ * * Anything after the encoding of the privateKey OCTET STRING is ignored, whether
+ *   or not it is validly encoded DER.
+ *
+ * out32 must point to an output buffer of length at least 32 bytes.
+ */
 static int ec_privkey_import_der(const secp256k1_context* ctx, unsigned char *out32, const unsigned char *privkey, size_t privkeylen) {
     const unsigned char *end = privkey + privkeylen;
     size_t lenb = 0;
@@ -66,6 +82,13 @@ static int ec_privkey_import_der(const secp256k1_context* ctx, unsigned char *ou
     return 1;
 }
 
+/**
+ * This serializes to a DER encoding of the ECPrivateKey type from section C.4 of SEC 1
+ * <http://www.secg.org/sec1-v2.pdf>. The optional parameters and publicKey fields are
+ * included.
+ *
+ * key32 must point to a 32-byte raw private key.
+ */
 static int ec_privkey_export_der(const secp256k1_context *ctx, unsigned char *privkey, size_t *privkeylen, const unsigned char *key32, int compressed) {
     secp256k1_pubkey pubkey;
     size_t pubkeylen = 0;
diff --git a/src/script/interpreter.cpp b/src/script/interpreter.cpp
@@ -174,7 +174,13 @@ bool static IsLowDERSignature(const valtype &vchSig, ScriptError* serror) {
     if (!IsValidSignatureEncoding(vchSig)) {
         return set_error(serror, SCRIPT_ERR_SIG_DER);
     }
+    // https://bitcoin.stackexchange.com/a/12556:
+    //     Also note that inside transaction signatures, an extra hashtype byte
+    //     follows the actual signature data.
     std::vector<unsigned char> vchSigCopy(vchSig.begin(), vchSig.begin() + vchSig.size() - 1);
+    // If the S value is above the order of the curve divided by two, its
+    // complement modulo the order could have been used instead, which is
+    // one byte shorter when encoded correctly.
     if (!CPubKey::CheckLowS(vchSigCopy)) {
         return set_error(serror, SCRIPT_ERR_SIG_HIGH_S);
     }

Original file line number	Diff line number	Diff line change
`@@ -174,7 +174,13 @@ bool static IsLowDERSignature(const valtype &vchSig, ScriptError* serror) {`
`174`	`174`	`if (!IsValidSignatureEncoding(vchSig)) {`
`175`	`175`	`return set_error(serror, SCRIPT_ERR_SIG_DER);`
`176`	`176`	`}`
	`177`	`+ // https://bitcoin.stackexchange.com/a/12556:`
	`178`	`+ // Also note that inside transaction signatures, an extra hashtype byte`
	`179`	`+ // follows the actual signature data.`
`177`	`180`	`std::vector<unsigned char> vchSigCopy(vchSig.begin(), vchSig.begin() + vchSig.size() - 1);`
	`181`	`+ // If the S value is above the order of the curve divided by two, its`
	`182`	`+ // complement modulo the order could have been used instead, which is`
	`183`	`+ // one byte shorter when encoded correctly.`
`178`	`184`	`if (!CPubKey::CheckLowS(vchSigCopy)) {`
`179`	`185`	`return set_error(serror, SCRIPT_ERR_SIG_HIGH_S);`
`180`	`186`	`}`