// SPDX-License-Identifier: CC0-1.0 //! ECDSA Bitcoin signatures. //! //! This module provides ECDSA signatures used by Bitcoin that can be roundtrip (de)serialized. use core::str::FromStr; use core::{fmt, iter}; #[cfg(feature = "arbitrary")] use arbitrary::{Arbitrary, Unstructured}; use hex::FromHex; use internals::{impl_to_hex_from_lower_hex, write_err}; use io::Write; use crate::prelude::{DisplayHex, Vec}; use crate::script::PushBytes; #[cfg(doc)] use crate::script::ScriptBufExt as _; use crate::sighash::{EcdsaSighashType, NonStandardSighashTypeError}; const MAX_SIG_LEN: usize = 73; /// An ECDSA signature with the corresponding hash type. #[derive(Debug, Copy, Clone, PartialEq, Eq, Hash)] #[cfg_attr(feature = "serde", derive(Serialize, Deserialize))] pub struct Signature { /// The underlying ECDSA Signature. pub signature: secp256k1::ecdsa::Signature, /// The corresponding hash type. pub sighash_type: EcdsaSighashType, } impl Signature { /// Constructs an ECDSA Bitcoin signature for [`EcdsaSighashType::All`]. pub fn sighash_all(signature: secp256k1::ecdsa::Signature) -> Signature { Signature { signature, sighash_type: EcdsaSighashType::All } } /// Deserializes from slice following the standardness rules for [`EcdsaSighashType`]. pub fn from_slice(sl: &[u8]) -> Result { let (sighash_type, sig) = sl.split_last().ok_or(DecodeError::EmptySignature)?; let sighash_type = EcdsaSighashType::from_standard(*sighash_type as u32)?; let signature = secp256k1::ecdsa::Signature::from_der(sig).map_err(DecodeError::Secp256k1)?; Ok(Signature { signature, sighash_type }) } /// Serializes an ECDSA signature (inner secp256k1 signature in DER format). /// /// This does **not** perform extra heap allocation. pub fn serialize(&self) -> SerializedSignature { let mut buf = [0u8; MAX_SIG_LEN]; let signature = self.signature.serialize_der(); buf[..signature.len()].copy_from_slice(&signature); buf[signature.len()] = self.sighash_type as u8; SerializedSignature { data: buf, len: signature.len() + 1 } } /// Serializes an ECDSA signature (inner secp256k1 signature in DER format) into `Vec`. /// /// Note: this performs an extra heap allocation, you might prefer the /// [`serialize`](Self::serialize) method instead. pub fn to_bytes(self) -> Vec { self.signature .serialize_der() .iter() .copied() .chain(iter::once(self.sighash_type as u8)) .collect() } /// Serializes an ECDSA signature (inner secp256k1 signature in DER format) into `Vec`. #[deprecated(since = "TBD", note = "Use to_bytes instead")] pub fn to_vec(self) -> Vec { self.to_bytes() } /// Serializes an ECDSA signature (inner secp256k1 signature in DER format) to a `writer`. #[inline] pub fn serialize_to_writer(&self, writer: &mut W) -> Result<(), io::Error> { let sig = self.serialize(); sig.write_to(writer) } } impl fmt::Display for Signature { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { fmt::LowerHex::fmt(&self.signature.serialize_der().as_hex(), f)?; fmt::LowerHex::fmt(&[self.sighash_type as u8].as_hex(), f) } } impl FromStr for Signature { type Err = ParseSignatureError; fn from_str(s: &str) -> Result { let bytes = Vec::from_hex(s)?; Ok(Self::from_slice(&bytes)?) } } /// Holds signature serialized in-line (not in `Vec`). /// /// This avoids allocation and allows proving maximum size of the signature (73 bytes). /// The type can be used largely as a byte slice. It implements all standard traits one would /// expect and has familiar methods. /// However, the usual use case is to push it into a script. This can be done directly passing it /// into [`push_slice`](crate::script::ScriptBuf::push_slice). #[derive(Copy, Clone)] pub struct SerializedSignature { data: [u8; MAX_SIG_LEN], len: usize, } impl SerializedSignature { /// Returns an iterator over bytes of the signature. #[inline] pub fn iter(&self) -> core::slice::Iter<'_, u8> { self.into_iter() } /// Writes this serialized signature to a `writer`. #[inline] pub fn write_to(&self, writer: &mut W) -> Result<(), io::Error> { writer.write_all(self) } } impl core::ops::Deref for SerializedSignature { type Target = [u8]; #[inline] fn deref(&self) -> &Self::Target { &self.data[..self.len] } } impl core::ops::DerefMut for SerializedSignature { #[inline] fn deref_mut(&mut self) -> &mut Self::Target { &mut self.data[..self.len] } } impl AsRef<[u8]> for SerializedSignature { #[inline] fn as_ref(&self) -> &[u8] { self } } impl AsMut<[u8]> for SerializedSignature { #[inline] fn as_mut(&mut self) -> &mut [u8] { self } } impl AsRef for SerializedSignature { #[inline] fn as_ref(&self) -> &PushBytes { &<&PushBytes>::from(&self.data)[..self.len()] } } impl core::borrow::Borrow<[u8]> for SerializedSignature { #[inline] fn borrow(&self) -> &[u8] { self } } impl core::borrow::BorrowMut<[u8]> for SerializedSignature { #[inline] fn borrow_mut(&mut self) -> &mut [u8] { self } } impl fmt::Debug for SerializedSignature { #[inline] fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { fmt::Display::fmt(self, f) } } impl fmt::Display for SerializedSignature { #[inline] fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { fmt::LowerHex::fmt(self, f) } } impl fmt::LowerHex for SerializedSignature { #[inline] fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { fmt::LowerHex::fmt(&(**self).as_hex(), f) } } impl_to_hex_from_lower_hex!(SerializedSignature, |signature: &SerializedSignature| signature.len * 2); impl fmt::UpperHex for SerializedSignature { #[inline] fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { fmt::UpperHex::fmt(&(**self).as_hex(), f) } } impl PartialEq for SerializedSignature { #[inline] fn eq(&self, other: &SerializedSignature) -> bool { **self == **other } } impl Eq for SerializedSignature {} impl core::hash::Hash for SerializedSignature { fn hash(&self, state: &mut H) { core::hash::Hash::hash(&**self, state) } } impl<'a> IntoIterator for &'a SerializedSignature { type IntoIter = core::slice::Iter<'a, u8>; type Item = &'a u8; #[inline] fn into_iter(self) -> Self::IntoIter { (*self).iter() } } /// Error encountered while parsing an ECDSA signature from a byte slice. #[derive(Debug, Clone, PartialEq, Eq)] #[non_exhaustive] pub enum DecodeError { /// Non-standard sighash type. SighashType(NonStandardSighashTypeError), /// Signature was empty. EmptySignature, /// A secp256k1 error. Secp256k1(secp256k1::Error), } internals::impl_from_infallible!(DecodeError); impl fmt::Display for DecodeError { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { use DecodeError::*; match *self { SighashType(ref e) => write_err!(f, "non-standard signature hash type"; e), EmptySignature => write!(f, "empty ECDSA signature"), Secp256k1(ref e) => write_err!(f, "secp256k1"; e), } } } #[cfg(feature = "std")] impl std::error::Error for DecodeError { fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { use DecodeError::*; match *self { Secp256k1(ref e) => Some(e), SighashType(ref e) => Some(e), EmptySignature => None, } } } impl From for DecodeError { fn from(e: secp256k1::Error) -> Self { Self::Secp256k1(e) } } impl From for DecodeError { fn from(e: NonStandardSighashTypeError) -> Self { Self::SighashType(e) } } /// Error encountered while parsing an ECDSA signature from a string. #[derive(Debug, Clone, PartialEq, Eq)] #[non_exhaustive] pub enum ParseSignatureError { /// Hex string decoding error. Hex(hex::HexToBytesError), /// Signature byte slice decoding error. Decode(DecodeError), } internals::impl_from_infallible!(ParseSignatureError); impl fmt::Display for ParseSignatureError { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { use ParseSignatureError::*; match *self { Hex(ref e) => write_err!(f, "signature hex decoding error"; e), Decode(ref e) => write_err!(f, "signature byte slice decoding error"; e), } } } #[cfg(feature = "std")] impl std::error::Error for ParseSignatureError { fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { use ParseSignatureError::*; match *self { Hex(ref e) => Some(e), Decode(ref e) => Some(e), } } } impl From for ParseSignatureError { fn from(e: hex::HexToBytesError) -> Self { Self::Hex(e) } } impl From for ParseSignatureError { fn from(e: DecodeError) -> Self { Self::Decode(e) } } #[cfg(feature = "arbitrary")] impl<'a> Arbitrary<'a> for Signature { fn arbitrary(u: &mut Unstructured<'a>) -> arbitrary::Result { // The valid range of r and s should be between 0 and n-1 where // n = 0xFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141 let high_min = 0x0u128; let high_max = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEu128; let low_min = 0x0u128; let low_max = 0xBAAEDCE6AF48A03BBFD25E8CD0364140u128; // Equally weight the chances of getting a minimum value for a signature, maximum value for // a signature, and an arbitrary valid signature let choice = u.int_in_range(0..=2)?; let (high, low) = match choice { 0 => (high_min, low_min), 1 => (high_max, low_max), _ => (u.int_in_range(high_min..=high_max)?, u.int_in_range(low_min..=low_max)?), }; // We can use the same bytes for r and s since they're just arbitrary values let mut bytes: [u8; 32] = [0; 32]; bytes[..16].copy_from_slice(&high.to_be_bytes()); bytes[16..].copy_from_slice(&low.to_be_bytes()); let mut signature_bytes: [u8; 64] = [0; 64]; signature_bytes[..32].copy_from_slice(&bytes); signature_bytes[32..].copy_from_slice(&bytes); Ok(Signature { signature: secp256k1::ecdsa::Signature::from_compact(&signature_bytes).unwrap(), sighash_type: EcdsaSighashType::arbitrary(u)?, }) } } #[cfg(test)] mod tests { use super::*; #[test] fn write_serialized_signature() { let hex = "3046022100839c1fbc5304de944f697c9f4b1d01d1faeba32d751c0f7acb21ac8a0f436a72022100e89bd46bb3a5a62adc679f659b7ce876d83ee297c7a5587b2011c4fcc72eab45"; let sig = Signature { signature: secp256k1::ecdsa::Signature::from_str(hex).unwrap(), sighash_type: EcdsaSighashType::All, }; let mut buf = vec![]; sig.serialize_to_writer(&mut buf).expect("write failed"); assert_eq!(sig.to_bytes(), buf) } }