Merge #229: musig: Fix nits left open in #211

jonasnick · jonasnick · commit ce18267b66ec · 2023-04-23T08:06:33.000Z
a0b51af musig: VERIFY_CHECK preconditions of _musig_keyaggcoef_internal() (Tim Ruffing) da77028 extrakeys: Clarify comparison order of compare/sort functions (Tim Ruffing) Pull request description: ACKs for top commit: jonasnick: ACK a0b51af Tree-SHA512: ad509d7a55c6f832a25b896b0fe38e259b79864b2a8d1fb337b9d9b4a5e1950a9d579040285465c89d815becc6e49af4129ab2d904d32ac98cef74357a440c89
diff --git a/include/secp256k1_extrakeys.h b/include/secp256k1_extrakeys.h
@@ -242,7 +242,8 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_xonly_tweak_add
     const unsigned char *tweak32
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
 
-/** Compare two public keys using lexicographic order
+/** Compare two public keys using lexicographic order of their compressed
+ *  serialization.
  *
  *  Returns: <0 if the first public key is less than the second
  *           >0 if the first public key is greater than the second
@@ -257,7 +258,8 @@ SECP256K1_API int secp256k1_pubkey_cmp(
     const secp256k1_pubkey* pk2
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
 
-/** Sorts public keys using lexicographic order
+/** Sort public keys using lexicographic order of their compressed
+ *  serialization.
  *
  *  Returns: 0 if the arguments are invalid. 1 otherwise.
  *
diff --git a/src/modules/musig/keyagg_impl.h b/src/modules/musig/keyagg_impl.h
@@ -166,6 +166,12 @@ static void secp256k1_musig_keyaggcoef_sha256(secp256k1_sha256 *sha) {
 static void secp256k1_musig_keyaggcoef_internal(secp256k1_scalar *r, const unsigned char *pk_hash, secp256k1_ge *pk, const secp256k1_ge *second_pk) {
     secp256k1_sha256 sha;
 
+    VERIFY_CHECK(!secp256k1_ge_is_infinity(pk));
+#ifdef VERIFY
+    VERIFY_CHECK(pk->x.normalized && pk->y.normalized);
+    VERIFY_CHECK(secp256k1_ge_is_infinity(second_pk) || (second_pk->x.normalized && second_pk->y.normalized));
+#endif
+
     if (!secp256k1_ge_is_infinity(second_pk)
           && secp256k1_fe_equal(&pk->x, &second_pk->x)
           && secp256k1_fe_is_odd(&pk->y) == secp256k1_fe_is_odd(&second_pk->y)) {

Original file line number	Diff line number	Diff line change
`@@ -242,7 +242,8 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_xonly_tweak_add`
`242`	`242`	`const unsigned char *tweak32`
`243`	`243`	`) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);`
`244`	`244`
`245`		`-/** Compare two public keys using lexicographic order`
	`245`	`+/** Compare two public keys using lexicographic order of their compressed`
	`246`	`+ * serialization.`
`246`	`247`	`*`
`247`	`248`	`* Returns: <0 if the first public key is less than the second`
`248`	`249`	`* >0 if the first public key is greater than the second`
`@@ -257,7 +258,8 @@ SECP256K1_API int secp256k1_pubkey_cmp(`
`257`	`258`	`const secp256k1_pubkey* pk2`
`258`	`259`	`) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);`
`259`	`260`
`260`		`-/** Sorts public keys using lexicographic order`
	`261`	`+/** Sort public keys using lexicographic order of their compressed`
	`262`	`+ * serialization.`
`261`	`263`	`*`
`262`	`264`	`* Returns: 0 if the arguments are invalid. 1 otherwise.`
`263`	`265`	`*`