* Verify musig2 secret nonces
Trying to generate a musig2 partial signature with a secret nonce that was generated with a public key that does not match the signing key's public key will trigger secp256k1's illegal callback (which calls abort()) and crash the application.
=> Here we verify that the secret nonce matches the signing key before we call secp256k1_musig_partial_sign().
The verification method is a bit hackish (we extract the public key from the secret nonce blob) because secp256k1 does not export the methods we need to do this cleanly.
* Use Jonas Nick's musig2 branch
* Reformat c code (no functional changes)
* Implement musig2
* Add documentation to musig2 functions (#97)
Usage of the Musig2 functions isn't intuitive at all, especially with
the key aggregation cache and session data. It's important to provide
accurate documentation to help users understand how to correctly produce
musig2 signatures.
We also change argument names to match Kotlin best practices instead of
using the same argument names as C functions.
* Add musig2 reference tests (no functional changes)
---------
Co-authored-by: Bastien Teinturier <31281497+t-bast@users.noreply.github.com>
* Check arguments passed to secp256k1 methods
Illegal arguments will trigger an internal callback that prints to stderr and calls abort.
We already check arguments in our JNI and kotlin native code but had missed 2 checks (recid in ecdsaRecover, empty arrays in pubkeyCombine).
* Implement the same "tweak" checks in the native code and JNI code
The native code was missing checks on the "tweak" size (which must be 32 bytes)
Don't throw in `seckey_verify`: it's inconsistent to have this function throw
for some invalid inputs and return false for other invalid inputs.
Document public key compression and add tests.
* Upgrade JNI interface
* Input signatures can be DER or compact format, output signatures are always in compact format
* Input public keys can be compressed or uncompressed, output public keys are always uncompressed
* Name and parameters match libsecp256k1's
* JNI implementation is now straightforward
No more ByteBuffers
Exceptions are thrown in case of failures
* Update src/nativeMain/kotlin/fr/acinq/secp256k1/Secp256k1Native.kt
* Add public key compression method
Co-authored-by: Salomon BRYS <salomon.brys@gmail.com>
