use fixtures from BIP-327

https://github.com/bitcoin/bips/tree/master/bip-0327
vulpemventures · Jan 5, 2024 · abbc4f7 · abbc4f7
1 parent 6943f02
commit abbc4f7
Show file tree

Hide file tree

Showing 8 changed files with 259 additions and 95 deletions.
diff --git a/scripts/build_wasm b/scripts/build_wasm
@@ -40,6 +40,8 @@ emcc -O$OPTIMIZATION_LEVEL \
     -s SINGLE_FILE=1 \
     -s ALLOW_MEMORY_GROWTH=1 \
     -I${SECP256K1_SOURCE_DIR}/include \
-    ${SECP256K1_SOURCE_DIR}/src/*.o \
+    ${SECP256K1_SOURCE_DIR}/src/libsecp256k1_la-secp256k1.o \
+    ${SECP256K1_SOURCE_DIR}/src/libsecp256k1_precomputed_la-precomputed_ecmult.o \
+    ${SECP256K1_SOURCE_DIR}/src/libsecp256k1_precomputed_la-precomputed_ecmult_gen.o \
     ./main.c \
     -o ./dist/secp256k1-zkp.js
diff --git a/secp256k1-zkp b/secp256k1-zkp
diff --git a/src/lib/interface.ts b/src/lib/interface.ts
@@ -129,11 +129,14 @@ export interface SurjectionProof {
 }
 
 export interface Musig {
-  pubkeyAgg(pubkeys: Array<Uint8Array>): {
+  pubkeyAgg(pubKeys: Array<Uint8Array>): {
     aggPubkey: Uint8Array;
     keyaggCache: Uint8Array;
   };
-  nonceGen(sessionId: Uint8Array): {
+  nonceGen(
+    sessionId: Uint8Array,
+    pubKey: Uint8Array
+  ): {
     pubNonce: Uint8Array;
     secNonce: Uint8Array;
   };

diff --git a/src/lib/musig.ts b/src/lib/musig.ts
@@ -2,25 +2,38 @@ import { CModule } from './cmodule';
 import { Secp256k1ZKP } from './interface';
 import Memory from './memory';
 
+const keyaggCacheSize = 197;
+const nonceInternalSize = 132;
+
 function pubkeyAgg(cModule: CModule): Secp256k1ZKP['musig']['pubkeyAgg'] {
-  return function pubkeyAgg(pubkeys: Array<Uint8Array>) {
-    if (!pubkeys || !pubkeys.length) {
+  return function pubkeyAgg(pubKeys: Array<Uint8Array>) {
+    if (!pubKeys || !pubKeys.length) {
       throw TypeError('pubkeys must be an Array');
     }
 
-    if (pubkeys.some((pubkey) => !(pubkey instanceof Uint8Array))) {
+    if (pubKeys.some((pubkey) => !(pubkey instanceof Uint8Array))) {
       throw TypeError('all elements of pubkeys must be Uint8Array');
     }
 
+    if (pubKeys.some((pubkey) => pubkey.length !== pubKeys[0].length)) {
+      throw TypeError('all elements of pubkeys must have same length');
+    }
+
     const memory = new Memory(cModule);
     const aggPubkey = memory.malloc(32);
-    const keyaggCache = memory.malloc(165);
+    const keyaggCache = memory.malloc(keyaggCacheSize);
 
     const ret = cModule.ccall(
       'musig_pubkey_agg',
       'number',
-      ['number', 'number', 'number', 'number'],
-      [aggPubkey, keyaggCache, memory.charStarArray(pubkeys), pubkeys.length]
+      ['number', 'number', 'number', 'number', 'number'],
+      [
+        aggPubkey,
+        keyaggCache,
+        memory.charStarArray(pubKeys),
+        pubKeys.length,
+        pubKeys[0].length,
+      ]
     );
 
     if (ret !== 1) {
@@ -30,28 +43,38 @@ function pubkeyAgg(cModule: CModule): Secp256k1ZKP['musig']['pubkeyAgg'] {
 
     const res = {
       aggPubkey: memory.charStarToUint8(aggPubkey, 32),
-      keyaggCache: memory.charStarToUint8(keyaggCache, 165),
+      keyaggCache: memory.charStarToUint8(keyaggCache, keyaggCacheSize),
     };
     memory.free();
     return res;
   };
 }
 
 function nonceGen(cModule: CModule): Secp256k1ZKP['musig']['nonceGen'] {
-  return function nonceGen(sessionId: Uint8Array) {
+  return function nonceGen(sessionId: Uint8Array, pubKey: Uint8Array) {
     if (!(sessionId instanceof Uint8Array)) {
       throw new TypeError('sessionId must be Uint8Array');
     }
 
+    if (!(pubKey instanceof Uint8Array)) {
+      throw new TypeError('pubkey must be Uint8Array');
+    }
+
     const memory = new Memory(cModule);
-    const secnonce = memory.malloc(68);
-    const pubnonce = memory.malloc(66);
+    const secnonce = memory.malloc(nonceInternalSize);
+    const pubnonce = memory.malloc(nonceInternalSize);
 
     const ret = cModule.ccall(
       'musig_nonce_gen',
       'number',
-      ['number', 'number', 'number'],
-      [secnonce, pubnonce, memory.charStar(sessionId)]
+      ['number', 'number', 'number', 'number', 'number'],
+      [
+        secnonce,
+        pubnonce,
+        memory.charStar(sessionId),
+        memory.charStar(pubKey),
+        pubKey.length,
+      ]
     );
 
     if (ret !== 1) {
@@ -60,7 +83,7 @@ function nonceGen(cModule: CModule): Secp256k1ZKP['musig']['nonceGen'] {
     }
 
     const res = {
-      secNonce: memory.charStarToUint8(secnonce, 68),
+      secNonce: memory.charStarToUint8(secnonce, nonceInternalSize),
       pubNonce: memory.charStarToUint8(pubnonce, 66),
     };
     memory.free();
@@ -218,11 +241,12 @@ function partialVerify(
     const ret = cModule.ccall(
       'musig_partial_sig_verify',
       'number',
-      ['number', 'number', 'number', 'number', 'number'],
+      ['number', 'number', 'number', 'number', 'number', 'number'],
       [
         memory.charStar(partialSig),
         memory.charStar(pubNonce),
         memory.charStar(pubKey),
+        pubKey.length,
         memory.charStar(keyaggCache),
         memory.charStar(session),
       ]
@@ -329,7 +353,7 @@ function pubkeyXonlyTweakAdd(
     );
     const keyaggCacheTweakedRes = memory.charStarToUint8(
       keyaggCacheTweaked,
-      165
+      keyaggCacheSize
     );
 
     memory.free();

diff --git a/src/lib/secp256k1-zkp.js b/src/lib/secp256k1-zkp.js
diff --git a/src/main.c b/src/main.c
@@ -534,21 +534,26 @@ void free_pointer_arr(void **ptrs, size_t n)
     return ret;                     \
   }
 
-int musig_pubkey_agg(unsigned char *agg_pubkey, secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char **pubkeys, size_t n_pubkeys)
+int musig_pubkey_agg(
+  unsigned char *agg_pubkey,
+  secp256k1_musig_keyagg_cache *keyagg_cache,
+  const unsigned char **pubkeys,
+  const size_t n_pubkeys,
+  const size_t pubkey_len)
 {
   secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY);
-  secp256k1_xonly_pubkey **pubkeys_ptr = (secp256k1_xonly_pubkey **)alloc_pointer_arr(n_pubkeys, sizeof(secp256k1_xonly_pubkey));
+  secp256k1_pubkey **pubkeys_ptr = (secp256k1_pubkey **)alloc_pointer_arr(n_pubkeys, sizeof(secp256k1_pubkey));
 
   int ret = 1;
   for (int i = 0; i < n_pubkeys && ret == 1; i++)
   {
-    ret = secp256k1_xonly_pubkey_parse(ctx, pubkeys_ptr[i], pubkeys[i]);
+    ret = secp256k1_ec_pubkey_parse(ctx, pubkeys_ptr[i], pubkeys[i], pubkey_len);
   }
 
   if (ret == 1)
   {
     secp256k1_xonly_pubkey agg_pubkey_temp;
-    ret = secp256k1_musig_pubkey_agg(ctx, NULL, &agg_pubkey_temp, keyagg_cache, (const secp256k1_xonly_pubkey *const *) pubkeys_ptr, n_pubkeys);
+    ret = secp256k1_musig_pubkey_agg(ctx, NULL, &agg_pubkey_temp, keyagg_cache, (const secp256k1_pubkey *const *)pubkeys_ptr, n_pubkeys);
 
     if (ret == 1)
     {
@@ -561,12 +566,21 @@ int musig_pubkey_agg(unsigned char *agg_pubkey, secp256k1_musig_keyagg_cache *ke
   return ret;
 }
 
-int musig_nonce_gen(secp256k1_musig_secnonce *secnonce, unsigned char *pubnonce, const unsigned char *session_id32)
+int musig_nonce_gen(
+  secp256k1_musig_secnonce *secnonce,
+  unsigned char *pubnonce,
+  const unsigned char *session_id32,
+  const unsigned char *pubkey,
+  const size_t pubkey_len)
 {
   secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
 
+  secp256k1_pubkey pubkey_temp;
+  int ret = secp256k1_ec_pubkey_parse(ctx, &pubkey_temp, pubkey, pubkey_len);
+  RETURN_ON_ZERO;
+
   secp256k1_musig_pubnonce pubnonce_temp;
-  int ret = secp256k1_musig_nonce_gen(ctx, secnonce, &pubnonce_temp, session_id32, NULL, NULL, NULL, NULL);
+  ret = secp256k1_musig_nonce_gen(ctx, secnonce, &pubnonce_temp, session_id32, NULL, &pubkey_temp, NULL, NULL, NULL);
   RETURN_ON_ZERO;
 
   ret = secp256k1_musig_pubnonce_serialize(ctx, pubnonce, &pubnonce_temp);
@@ -638,6 +652,7 @@ int musig_partial_sig_verify(
   const unsigned char *partial_sig,
   const unsigned char *pubnonce,
   const unsigned char *pubkey,
+  const size_t pubkey_len,
   const secp256k1_musig_keyagg_cache *keyagg_cache,
   const secp256k1_musig_session *session)
 {
@@ -651,8 +666,8 @@ int musig_partial_sig_verify(
   ret = secp256k1_musig_pubnonce_parse(ctx, &pubnonce_temp, pubnonce);
   RETURN_ON_ZERO;
 
-  secp256k1_xonly_pubkey pubkey_temp;
-  ret = secp256k1_xonly_pubkey_parse(ctx, &pubkey_temp, pubkey);
+  secp256k1_pubkey pubkey_temp;
+  ret = secp256k1_ec_pubkey_parse(ctx, &pubkey_temp, pubkey, pubkey_len);
   RETURN_ON_ZERO;
 
   ret = secp256k1_musig_partial_sig_verify(ctx, &sig_temp, &pubnonce_temp, &pubkey_temp, keyagg_cache, session);
@@ -678,7 +693,7 @@ int musig_partial_sig_agg(
 
   if (ret == 1)
   {
-    ret = secp256k1_musig_partial_sig_agg(ctx, sig, session, (const secp256k1_musig_partial_sig *const *)sigs_ptr, n_sigs);
+    ret = secp256k1_musig_partial_sig_agg(ctx, sig, session, (const secp256k1_musig_partial_sig *const *) sigs_ptr, n_sigs);
   }
 
   free_pointer_arr((void **)sigs_ptr, n_sigs);