CKey::Check question #4918

issue philsong opened this issue on September 15, 2014

philsong commented at 7:16 AM on September 15, 2014: contributor

Is there any place/doc to explain what is below for?

bool CKey::Check(const unsigned char *vch) { // Do not convert to OpenSSL's data structures for range-checking keys, // it's easy enough to do directly. static const unsigned char vchMax[32] = { 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE, 0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B, 0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x40 }; bool fIsZero = true; for (int i=0; i<32 && fIsZero; i++) if (vch[i] != 0) fIsZero = false; if (fIsZero) return false; for (int i=0; i<32; i++) { if (vch[i] < vchMax[i]) return true; if (vch[i] > vchMax[i]) return false; } return true; }
laanwj commented at 7:38 AM on September 15, 2014: member
It does a simple range check. Only keys 1..vchMax are valid. I suggest reading the version in git master, which is much easier to understand.
```
bool CKey::Check(const unsigned char *vch) {
    return CompareBigEndian(vch, 32, vchZero, 0) > 0 &&
CompareBigEndian(vch, 32, vchMaxModOrder, 32) <= 0;
}
```
laanwj closed this on Sep 15, 2014
philsong commented at 8:38 AM on September 15, 2014: contributor

thx, but my original meaning is "why does vchMaxModOrder define look likes a serial magic value"? what's '0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE, 0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B, 0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x40" meaning?
laanwj commented at 9:08 AM on September 15, 2014: member

vchMaxModOrder is the order of secp256k1's generator (n), so is the maximum valid key value.
sipa commented at 2:08 PM on September 15, 2014: member

To be entirely correct, it is the order minus one, and the range check performs a greater-than check. Valid values for r and s in the signature are in the range 1..(order-1), inclusive.
MarcoFalke locked this on Sep 8, 2021

Contributors

philsong

laanwj

sipa