Closed junderw closed 2 years ago
Thoughts (still not sure):
I would be interested to know if the below is secure.
```diff
diff --git a/src/lib.rs b/src/lib.rs
index f22adbf..751249a 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -17,9 +17,9 @@ use secp256k1_sys::{
secp256k1_ec_pubkey_tweak_add, secp256k1_ec_pubkey_tweak_mul, secp256k1_ec_seckey_negate,
secp256k1_ec_seckey_tweak_add, secp256k1_ecdsa_sign, secp256k1_ecdsa_signature_normalize,
secp256k1_ecdsa_signature_parse_compact, secp256k1_ecdsa_signature_serialize_compact,
- secp256k1_ecdsa_verify, secp256k1_keypair_create, secp256k1_keypair_xonly_pub,
- secp256k1_nonce_function_bip340, secp256k1_nonce_function_rfc6979, secp256k1_schnorrsig_sign,
- secp256k1_schnorrsig_verify, secp256k1_xonly_pubkey_from_pubkey, secp256k1_xonly_pubkey_parse,
+ secp256k1_ecdsa_verify, secp256k1_keypair_create, secp256k1_nonce_function_bip340,
+ secp256k1_nonce_function_rfc6979, secp256k1_schnorrsig_sign, secp256k1_schnorrsig_verify,
+ secp256k1_xonly_pubkey_from_pubkey, secp256k1_xonly_pubkey_parse,
secp256k1_xonly_pubkey_serialize, secp256k1_xonly_pubkey_tweak_add,
secp256k1_xonly_pubkey_tweak_add_check, types::c_void, Context, KeyPair, PublicKey, Signature,
XOnlyPublicKey, SECP256K1_SER_COMPRESSED, SECP256K1_SER_UNCOMPRESSED, SECP256K1_START_SIGN,
@@ -52,7 +52,7 @@ const HASH_SIZE: usize = 32;
const EXTRA_DATA_SIZE: usize = 32;
const SIGNATURE_SIZE: usize = 64;
-const ERROR_BAD_PRIVATE: usize = 0;
+// const ERROR_BAD_PRIVATE: usize = 0;
const ERROR_BAD_POINT: usize = 1;
const ERROR_BAD_TWEAK: usize = 2;
// const ERROR_BAD_HASH: usize = 3;
@@ -128,25 +128,6 @@ fn get_context() -> *const Context {
}
}
-unsafe fn create_keypair(input: *const u8) -> InvalidInputResult
I implemented the simpler version here, not sure if we should use it:
https://github.com/bitcoinjs/tiny-secp256k1/compare/feature/schnorr...feature/schnorr-simpler
Looking at the above, though. Really, the only actual changes to the API are
Suggestions on naming of functions in the API etc. are welcome.
Also, I made isPoint only work for DER points and not x_only points since the rest of the API expects them, besides the new methods.
Perhaps we should just allow for all methods to accept x_only and assume the parity bit is 0 as per the BIP.
Also, some of the addtweakcheck vectors I got from pointAddScalar vectors.
If point was odd, I converted the vector by negating the point to even, then negating the tweak, then negating the result if it existed.
P + tweak*G = R
if P y is odd
P = -P (change 03 to 02) tweak = n - tweak R = -R (flip 02/03) if R not null
LGTM
Let me know if I need to add anything else.