WIP support for low-R grinding

msgilligan · msgilligan · commit e474411a422a · 2025-11-02T09:59:18.000-08:00
diff --git a/secp-ffm/src/main/java/org/bitcoinj/secp/ffm/Secp256k1Foreign.java b/secp-ffm/src/main/java/org/bitcoinj/secp/ffm/Secp256k1Foreign.java
@@ -245,7 +245,7 @@ public byte[] ecPubKeySerialize(P256k1PubKey pubKey, int flags) {
 //    public P256K1Point.Uncompressed ecPointUncompress(P256K1Point.Compressed compressedPoint) {
 //        return compressedPoint.uncompress();
 //    }
-    
+
     /* package */ static MemorySegment pubKeySerializeSegment(MemorySegment pubKeySegment, int flags) {
         int byteSize = switch(flags) {
             case 2 -> 65;           // SECP256K1_EC_UNCOMPRESSED())
@@ -289,16 +289,24 @@ private MemorySegment pubKeyParse(P256k1PubKey pubKeyData) {
 
     @Override
     public Result<EcdsaSignature> ecdsaSign(byte[] msg_hash_data, P256k1PrivKey seckey) {
+        return ecdsaSign(msg_hash_data, seckey, secp256k1_h.NULL());
+    }
+
+    public Result<EcdsaSignature> ecdsaSign(byte[] msg_hash_data, P256k1PrivKey seckey, byte[] ndata) {
+        // TODO: validate ndata is exactly 32-bytes long
+        return ecdsaSign(msg_hash_data, seckey, arena.allocateFrom(JAVA_BYTE, ndata));
+    }
+
+    private Result<EcdsaSignature> ecdsaSign(byte[] msg_hash_data, P256k1PrivKey seckey, MemorySegment ndataSegment) {
         /* Generate an ECDSA signature `noncefp` and `ndata` allows you to pass a
          * custom nonce function, passing `NULL` will use the RFC-6979 safe default.
          * Signing with a valid context, verified secret key
          * and the default nonce function should never fail. */
         MemorySegment msg_hash = arena.allocateFrom(JAVA_BYTE, msg_hash_data);
         MemorySegment sig = secp256k1_ecdsa_signature.allocate(arena);
-        MemorySegment nullCallback =  secp256k1_h.NULL(); // Double-check this (normally you shouldn't use a NULL pointer for a null callback)
-        MemorySegment nullPointer = secp256k1_h.NULL();
+        MemorySegment nonceFpNull =  secp256k1_h.NULL(); // Double-check this (normally you shouldn't use a NULL pointer for a null callback)
         MemorySegment privKeySeg = arena.allocateFrom(JAVA_BYTE, seckey.getEncoded());
-        int return_val = secp256k1_h.secp256k1_ecdsa_sign(ctx, sig, msg_hash, privKeySeg, nullCallback, nullPointer);
+        int return_val = secp256k1_h.secp256k1_ecdsa_sign(ctx, sig, msg_hash, privKeySeg, nonceFpNull, ndataSegment);
         privKeySeg.fill((byte) 0x00);
         return Result.checked(return_val, () -> EcdsaSignature.of(sig.toArray(JAVA_BYTE)));
     }
