nip44: reject non-canonical extended prefix in unpad() pseudocode

When the 6-byte extended prefix sentinel is detected, validate that the decoded length is >= extended_prefix_threshold (65536). Without this, the same plaintext could be encoded with either prefix format, breaking strict canonicalization.
author: Alex Gleason <alex@alexgleason.me> 2026-03-17 17:11:10 -0500
committer: Alex Gleason <alex@alexgleason.me> 2026-03-17 17:11:10 -0500
commit: 3465f540e3eaedccb5309711b502f0febf56b52f (patch)
tree: b7588f61fddf9374268d5cd6f4e3f2655d7c840a
parent: 98fb2069515bf325faebe0d74a1ac739ed653d36 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/44.md b/44.md
index fcf6009..47b8990 100644
--- a/44.md
+++ b/44.md
@@ -215,6 +215,7 @@ def unpad(padded):
  first_two = read_uint16_be(padded[0:2])
  if first_two == 0:
    unpadded_len = read_uint32_be(padded[2:6])
+    if unpadded_len < c.extended_prefix_threshold: raise Exception('invalid padding')
    prefix_len = 6
  else:
    unpadded_len = first_two
author	Alex Gleason <alex@alexgleason.me>	2026-03-17 17:11:10 -0500
committer	Alex Gleason <alex@alexgleason.me>	2026-03-17 17:11:10 -0500
commit	3465f540e3eaedccb5309711b502f0febf56b52f (patch)
tree	b7588f61fddf9374268d5cd6f4e3f2655d7c840a
parent	98fb2069515bf325faebe0d74a1ac739ed653d36 (diff)

diff --git a/44.md b/44.md index fcf6009..47b8990 100644 --- a/44.md +++ b/44.md
@@ -215,6 +215,7 @@ def unpad(padded):
215	first_two = read_uint16_be(padded[0:2])	215	first_two = read_uint16_be(padded[0:2])
216	if first_two == 0:	216	if first_two == 0:
217	unpadded_len = read_uint32_be(padded[2:6])	217	unpadded_len = read_uint32_be(padded[2:6])
		218	if unpadded_len < c.extended_prefix_threshold: raise Exception('invalid padding')
218	prefix_len = 6	219	prefix_len = 6
219	else:	220	else:
220	unpadded_len = first_two	221	unpadded_len = first_two