| 221 | } |
| 222 | |
| 223 | bool CKey::Sign(const uint256 &hash, std::vector<unsigned char>& vchSig, bool grind, uint32_t test_case) const { |
| 224 | if (!fValid) |
| 225 | return false; |
| 226 | vchSig.resize(CPubKey::SIGNATURE_SIZE); |
| 227 | size_t nSigLen = CPubKey::SIGNATURE_SIZE; |
| 228 | unsigned char extra_entropy[32] = {0}; |
| 229 | WriteLE32(extra_entropy, test_case); |
| 230 | secp256k1_ecdsa_signature sig; |
| 231 | uint32_t counter = 0; |
| 232 | int ret = secp256k1_ecdsa_sign(secp256k1_context_sign, &sig, hash.begin(), begin(), secp256k1_nonce_function_rfc6979, (!grind && test_case) ? extra_entropy : nullptr); |
| 233 | |
| 234 | // Grind for low R |
| 235 | while (ret && !SigHasLowR(&sig) && grind) { |
| 236 | WriteLE32(extra_entropy, ++counter); |
| 237 | ret = secp256k1_ecdsa_sign(secp256k1_context_sign, &sig, hash.begin(), begin(), secp256k1_nonce_function_rfc6979, extra_entropy); |
| 238 | } |
| 239 | assert(ret); |
| 240 | secp256k1_ecdsa_signature_serialize_der(secp256k1_context_sign, vchSig.data(), &nSigLen, &sig); |
| 241 | vchSig.resize(nSigLen); |
| 242 | // Additional verification step to prevent using a potentially corrupted signature |
| 243 | secp256k1_pubkey pk; |
| 244 | ret = secp256k1_ec_pubkey_create(secp256k1_context_sign, &pk, begin()); |
| 245 | assert(ret); |
| 246 | ret = secp256k1_ecdsa_verify(GetVerifyContext(), &sig, hash.begin(), &pk); |
| 247 | assert(ret); |
| 248 | return true; |
| 249 | } |
| 250 | |
| 251 | bool CKey::VerifyPubKey(const CPubKey& pubkey) const { |
| 252 | if (pubkey.IsCompressed() != fCompressed) { |