* Verify musig2 secret nonces
Trying to generate a musig2 partial signature with a secret nonce that was generated with a public key that does not match the signing key's public key will trigger secp256k1's illegal callback (which calls abort()) and crash the application.
=> Here we verify that the secret nonce matches the signing key before we call secp256k1_musig_partial_sign().
The verification method is a bit hackish (we extract the public key from the secret nonce blob) because secp256k1 does not export the methods we need to do this cleanly.
* Use Jonas Nick's musig2 branch
* Reformat c code (no functional changes)
* Implement musig2
* Add documentation to musig2 functions (#97)
Usage of the Musig2 functions isn't intuitive at all, especially with
the key aggregation cache and session data. It's important to provide
accurate documentation to help users understand how to correctly produce
musig2 signatures.
We also change argument names to match Kotlin best practices instead of
using the same argument names as C functions.
* Add musig2 reference tests (no functional changes)
---------
Co-authored-by: Bastien Teinturier <31281497+t-bast@users.noreply.github.com>
* Check arguments passed to secp256k1 methods
Illegal arguments will trigger an internal callback that prints to stderr and calls abort.
We already check arguments in our JNI and kotlin native code but had missed 2 checks (recid in ecdsaRecover, empty arrays in pubkeyCombine).
* Implement the same "tweak" checks in the native code and JNI code
The native code was missing checks on the "tweak" size (which must be 32 bytes)
Don't throw in `seckey_verify`: it's inconsistent to have this function throw
for some invalid inputs and return false for other invalid inputs.
Document public key compression and add tests.
* Android loading may fallback to standard JVM
* Java code must target JVM 1.8 in order to be compatible Android.
Co-authored-by: Salomon BRYS <salomon@kodein.net>
