Use local secp256k1 callbacks in kotlin native code

These callbacks are only triggered either by arguments do not match explicit rquirements of the sepc256k1 library, or by hardware failures, memory corruption
or bug in secp256k1, and not by misuse of the library.
In theory we do not need to implement them, except to find bugs in our own code, but the default callbacks print a message to stderr and call abort() which
is not nice especially on mobile apps.

=> Here we introduce 2 specific exceptions, Secp256k1ErrorCallbackException and Secp256k1IllegalCallbackException, which are thrown when the error callback or illegal callback are called.

.github/workflows/release.yml

@@ -29,11 +29,13 @@ jobs:
           key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }}-${{ hashFiles('**/gradle/wrapper/gradle-wrapper.properties') }}
           restore-keys: ${{ runner.os }}-gradle-
       - name: Android environment
+        if: matrix.os != 'windows-latest'
         shell: bash
         run: |
           echo "ANDROID_HOME=$ANDROID_HOME" >> $GITHUB_ENV
-          echo "ANDROID_NDK_VERSION=21.4.7075529" >> $GITHUB_ENV
+          echo "ANDROID_NDK_VERSION=25.2.9519653" >> $GITHUB_ENV
       - name: Cached Android NDK
+        if: matrix.os != 'windows-latest'
         uses: actions/cache@v2
         with:
           path: ${{ format('{0}/ndk/{1}', env.ANDROID_HOME, env.ANDROID_NDK_VERSION) }}
@@ -43,6 +45,19 @@ jobs:
         run: |
           echo "C:\msys64\usr\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
           rm.exe "C:/WINDOWS/system32/bash.EXE"
+      - name: Install Automake
+        if: matrix.os == 'macOS-latest'
+        run: brew install automake
+      - name: Install Automake (windows)
+        if: matrix.os == 'windows-latest'
+        uses: msys2/setup-msys2@v2
+        with:
+          path-type: minimal
+          update: true
+          install: >-
+            base-devel
+            autotools
+            mingw-w64-x86_64-gcc
       - name: Set up JDK 8
         uses: actions/setup-java@v1
         with:
@@ -54,18 +69,19 @@ jobs:
           $ANDROID_HOME/tools/bin/sdkmanager "ndk;$ANDROID_NDK_VERSION"
       - name: Setup Android
         if: matrix.os == 'windows-latest'
-        shell: bash
+        shell: msys2 {0}
         run: |
-          $ANDROID_HOME\\tools\\bin\\sdkmanager.bat "ndk;$ANDROID_NDK_VERSION"
+          echo "skip.android=true" > local.properties
       - name: Set up JDK 11
         uses: actions/setup-java@v1
         with:
           java-version: 11
-      - name: Install Automake
-        if: matrix.os == 'macOS-latest'
-        run: brew install automake
       - name: Check JVM
-        shell: bash
+        if: matrix.os != 'windows-latest'
+        run: ./gradlew jvmTest
+      - name: Check JVM (Windows)
+        if: matrix.os == 'windows-latest'
+        shell: msys2 {0}
         run: ./gradlew jvmTest
       - name: Check Linux
         if: matrix.os == 'ubuntu-latest'
@@ -79,35 +95,22 @@ jobs:
         if: matrix.os == 'macOS-latest'
         uses: reactivecircus/android-emulator-runner@v2
         with:
-          api-level: 29
+          api-level: 27
-          emulator-build: 7425822  # workaround to emulator bug: https://github.com/ReactiveCircus/android-emulator-runner/issues/160
           emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
           ndk: ${{ env.ANDROID_NDK_VERSION }}
-          cmake: 3.10.2.4988404
+          cmake: 3.22.1
           script: ./gradlew connectedCheck
       - name: Publish Linux
         if: matrix.os == 'ubuntu-latest'
-        env:
-          BINTRAY_USER: ${{ secrets.bintray_user }}
-          BINTRAY_APIKEY: ${{ secrets.bintray_apikey }}
         shell: bash
-#          ./gradlew publishLinuxPublicationToBintrayRepository :jni:jvm:linux:publishJvmPublicationToBintrayRepository
         run: ./gradlew publishLinuxPublicationToMavenLocal :jni:jvm:linux:publishJvmPublicationToMavenLocal
       - name: Publish Windows
         if: matrix.os == 'windows-latest'
-        env:
+        shell: msys2 {0}
-          BINTRAY_USER: ${{ secrets.bintray_user }}
-          BINTRAY_APIKEY: ${{ secrets.bintray_apikey }}
-        shell: bash
-#          ./gradlew :jni:jvm:mingw:publishJvmPublicationToBintrayRepository
         run: ./gradlew :jni:jvm:mingw:publishToMavenLocal
       - name: Publish MacOS
         if: matrix.os == 'macOS-latest'
-        env:
-          BINTRAY_USER: ${{ secrets.bintray_user }}
-          BINTRAY_APIKEY: ${{ secrets.bintray_apikey }}
         shell: bash
-#          ./gradlew publish
         run: ./gradlew publishToMavenLocal
       - name: Copy artifact files
         run: |
@@ -120,9 +123,3 @@ jobs:
           path: |
             maven-local
             !maven-local/**/maven-metadata-local.xml
-#      - name: Discard
-#        if: ${{ failure() || cancelled() }}
-#        env:
-#          BINTRAY_USER: ${{ secrets.bintray_user }}
-#          BINTRAY_APIKEY: ${{ secrets.bintray_apikey }}
-#        run: ./gradlew postBintrayDiscard

.github/workflows/snapshot.yml

@@ -38,11 +38,13 @@ jobs:
           key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }}-${{ hashFiles('**/gradle/wrapper/gradle-wrapper.properties') }}
           restore-keys: ${{ runner.os }}-gradle-
       - name: Android environment
+        if: matrix.os != 'windows-latest'
         shell: bash
         run: |
           echo "ANDROID_HOME=$ANDROID_HOME" >> $GITHUB_ENV
-          echo "ANDROID_NDK_VERSION=21.4.7075529" >> $GITHUB_ENV
+          echo "ANDROID_NDK_VERSION=25.2.9519653" >> $GITHUB_ENV
       - name: Cached Android NDK
+        if: matrix.os != 'windows-latest'
         uses: actions/cache@v2
         with:
           path: ${{ format('{0}/ndk/{1}', env.ANDROID_HOME, env.ANDROID_NDK_VERSION) }}
@@ -52,6 +54,19 @@ jobs:
         run: |
           echo "C:\msys64\usr\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
           rm.exe "C:/WINDOWS/system32/bash.EXE"
+      - name: Install Automake
+        if: matrix.os == 'macOS-latest'
+        run: brew install automake
+      - name: Install Automake (windows)
+        if: matrix.os == 'windows-latest'
+        uses: msys2/setup-msys2@v2
+        with:
+          path-type: minimal
+          update: true
+          install: >-
+            base-devel
+            autotools
+            mingw-w64-x86_64-gcc
       - name: Set up JDK 8
         uses: actions/setup-java@v1
         with:
@@ -63,18 +78,19 @@ jobs:
           $ANDROID_HOME/tools/bin/sdkmanager "ndk;$ANDROID_NDK_VERSION"
       - name: Setup Android
         if: matrix.os == 'windows-latest'
-        shell: bash
+        shell: msys2 {0}
         run: |
-          $ANDROID_HOME\\tools\\bin\\sdkmanager.bat "ndk;$ANDROID_NDK_VERSION"
+          echo "skip.android=true" > local.properties
       - name: Set up JDK 11
         uses: actions/setup-java@v1
         with:
           java-version: 11
-      - name: Install Automake
-        if: matrix.os == 'macOS-latest'
-        run: brew install automake
       - name: Check JVM
-        shell: bash
+        if: matrix.os != 'windows-latest'
+        run: ./gradlew jvmTest
+      - name: Check JVM (Windows)
+        if: matrix.os == 'windows-latest'
+        shell: msys2 {0}
         run: ./gradlew jvmTest
       - name: Check Linux
         if: matrix.os == 'ubuntu-latest'
@@ -88,35 +104,22 @@ jobs:
         if: matrix.os == 'macOS-latest'
         uses: reactivecircus/android-emulator-runner@v2
         with:
-          api-level: 29
+          api-level: 27
-          -build: 7425822  # workaround to emulator bug: https://github.com/ReactiveCircus/android-emulator-runner/issues/160
           emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
           ndk: ${{ env.ANDROID_NDK_VERSION }}
-          cmake: 3.10.2.4988404
+          cmake: 3.22.1
           script: ./gradlew connectedCheck
       - name: Publish Linux
         if: matrix.os == 'ubuntu-latest'
-        env:
-          BINTRAY_USER: ${{ secrets.bintray_user }}
-          BINTRAY_APIKEY: ${{ secrets.bintray_apikey }}
         shell: bash
-#          ./gradlew publishLinuxPublicationToBintrayRepository :jni:jvm:linux:publishJvmPublicationToBintrayRepository -PsnapshotNumber=${{ github.run_number }} -PgitRef=${{ github.ref }}
         run: ./gradlew publishLinuxPublicationToMavenLocal :jni:jvm:linux:publishJvmPublicationToMavenLocal -PsnapshotNumber=${{ github.run_number }} -PgitRef=${{ github.ref }}
       - name: Publish Windows
         if: matrix.os == 'windows-latest'
-        env:
+        shell: msys2 {0}
-          BINTRAY_USER: ${{ secrets.bintray_user }}
-          BINTRAY_APIKEY: ${{ secrets.bintray_apikey }}
-        shell: bash
-#          ./gradlew :jni:jvm:mingw:publishJvmPublicationToBintrayRepository -PsnapshotNumber=${{ github.run_number }} -PgitRef=${{ github.ref }}
         run: ./gradlew :jni:jvm:mingw:publishToMavenLocal -PsnapshotNumber=${{ github.run_number }} -PgitRef=${{ github.ref }}
       - name: Publish MacOS
         if: matrix.os == 'macOS-latest'
-        env:
-          BINTRAY_USER: ${{ secrets.bintray_user }}
-          BINTRAY_APIKEY: ${{ secrets.bintray_apikey }}
         shell: bash
-#          ./gradlew publish -PsnapshotNumber=${{ github.run_number }} -PgitRef=${{ github.ref }}
         run: ./gradlew publishToMavenLocal -PsnapshotNumber=${{ github.run_number }} -PgitRef=${{ github.ref }}
       - name: Copy artifact files
         run: |
@@ -129,34 +132,4 @@ jobs:
           path: |
             maven-local
             !maven-local/**/maven-metadata-local.xml
-#      - name: Discard
-#        if: ${{ failure() || cancelled() }}
-#        env:
-#          BINTRAY_USER: ${{ secrets.bintray_user }}
-#          BINTRAY_APIKEY: ${{ secrets.bintray_apikey }}
-#        run: ./gradlew postBintrayDiscard -PsnapshotNumber=${{ github.run_number }} -PgitRef=${{ github.ref }}
 
-#  publish:
-#    name: Publish
-#    needs: upload
-#    runs-on: ubuntu-latest
-#    steps:
-#      - name: Check out
-#        uses: actions/checkout@v2
-#        with:
-#          submodules: 'true'
-#      - name: Cached Gradle
-#        uses: actions/cache@v2
-#        with:
-#          path: ~/.gradle
-#          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }}-${{ hashFiles('**/gradle/wrapper/gradle-wrapper.properties') }}
-#          restore-keys: ${{ runner.os }}-gradle-
-#      - name: Set up JDK 11
-#        uses: actions/setup-java@v1
-#        with:
-#          java-version: 11
-#      - name: Publish
-#        env:
-#          BINTRAY_USER: ${{ secrets.bintray_user }}
-#          BINTRAY_APIKEY: ${{ secrets.bintray_apikey }}
-#        run: ./gradlew postBintrayPublish -PsnapshotNumber=${{ github.run_number }} -PgitRef=${{ github.ref }}

.github/workflows/test.yml

@@ -44,11 +44,13 @@ jobs:
           key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }}-${{ hashFiles('**/gradle/wrapper/gradle-wrapper.properties') }}
           restore-keys: ${{ runner.os }}-gradle-
       - name: Android environment
+        if: matrix.os != 'windows-latest'
         shell: bash
         run: |
           echo "ANDROID_HOME=$ANDROID_HOME" >> $GITHUB_ENV
-          echo "ANDROID_NDK_VERSION=21.4.7075529" >> $GITHUB_ENV
+          echo "ANDROID_NDK_VERSION=25.2.9519653" >> $GITHUB_ENV
       - name: Cached Android NDK
+        if: matrix.os != 'windows-latest'
         uses: actions/cache@v2
         with:
           path: ${{ format('{0}/ndk/{1}', env.ANDROID_HOME, env.ANDROID_NDK_VERSION) }}
@@ -58,6 +60,19 @@ jobs:
         run: |
           echo "C:\msys64\usr\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
           rm.exe "C:/WINDOWS/system32/bash.EXE"
+      - name: Install Automake
+        if: matrix.os == 'macOS-latest'
+        run: brew install automake
+      - name: Install Automake (windows)
+        if: matrix.os == 'windows-latest'
+        uses: msys2/setup-msys2@v2
+        with:
+          path-type: minimal
+          update: true
+          install: >-
+            base-devel
+            autotools
+            mingw-w64-x86_64-gcc
       - name: Set up JDK 8
         uses: actions/setup-java@v1
         with:
@@ -69,18 +84,19 @@ jobs:
           $ANDROID_HOME/tools/bin/sdkmanager "ndk;$ANDROID_NDK_VERSION"
       - name: Setup Android
         if: matrix.os == 'windows-latest'
-        shell: bash
+        shell: msys2 {0}
         run: |
-          $ANDROID_HOME\\tools\\bin\\sdkmanager.bat "ndk;$ANDROID_NDK_VERSION"
+          echo "skip.android=true" > local.properties
       - name: Set up JDK 11
         uses: actions/setup-java@v1
         with:
           java-version: 11
-      - name: Install Automake
-        if: matrix.os == 'macOS-latest'
-        run: brew install automake
       - name: Check JVM
-        shell: bash
+        if: matrix.os != 'windows-latest'
+        run: ./gradlew jvmTest
+      - name: Check JVM (Windows)
+        if: matrix.os == 'windows-latest'
+        shell: msys2 {0}
         run: ./gradlew jvmTest
       - name: Check Linux
         if: matrix.os == 'ubuntu-latest'
@@ -94,9 +110,8 @@ jobs:
         if: matrix.os == 'macOS-latest'
         uses: reactivecircus/android-emulator-runner@v2
         with:
-          api-level: 29
+          api-level: 27
-          emulator-build: 7425822  # workaround to emulator bug: https://github.com/ReactiveCircus/android-emulator-runner/issues/160
           emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
           ndk: ${{ env.ANDROID_NDK_VERSION }}
-          cmake: 3.10.2.4988404
+          cmake: 3.22.1
           script: ./gradlew connectedCheck

README.md

@@ -1,4 +1,4 @@
-[![Kotlin](https://img.shields.io/badge/Kotlin-1.4.31-blue.svg?style=flat&logo=kotlin)](http://kotlinlang.org)
+[![Kotlin](https://img.shields.io/badge/Kotlin-1.8.21-blue.svg?style=flat&logo=kotlin)](http://kotlinlang.org)
 [![Maven Central](https://img.shields.io/maven-central/v/fr.acinq.secp256k1/secp256k1-kmp)](https://search.maven.org/search?q=g:fr.acinq.secp256k1%20a:secp256k1-kmp*)
 ![Github Actions](https://github.com/ACINQ/secp256k1-kmp/actions/workflows/test.yml/badge.svg)
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/ACINQ/secp256k1-kmp/blob/master/LICENSE)
@@ -30,19 +30,19 @@ kotlin {
         val commonMain by getting {
             dependencies {
                 implementation(kotlin("stdlib-common"))
-                implementation(kotlin("fr.acinq.secp256k1:secp256k1:$secp256k1_version"))
+                implementation("fr.acinq.secp256k1:secp256k1-kmp:$secp256k1_version")
             }
         }
         val jvmMain by getting {
             dependencies {
                 implementation(kotlin("stdlib"))
-                implementation(kotlin("fr.acinq.secp256k1:secp256k1-jni-jvm:$secp256k1_version"))
+                implementation("fr.acinq.secp256k1:secp256k1-kmp-jni-jvm:$secp256k1_version")
             }
         }
         val androidMain by getting {
             dependencies {
                 implementation(kotlin("stdlib"))
-                implementation(kotlin("fr.acinq.secp256k1:secp256k1-jni-android:$secp256k1_version"))
+                implementation("fr.acinq.secp256k1:secp256k1-kmp-jni-android:$secp256k1_version")
             }
         }
     }
@@ -58,22 +58,22 @@ Native targets include libsecp256k1, called through KMP's c-interop, simply add
 The JVM library uses JNI bindings for libsecp256k1, which is much faster than BouncyCastle. It will extract and load native bindings for your operating system in a temporary directory.
 
 JNI libraries are included for:
-- Linux 64 bits
+- Linux 64 bits (x86_64 and arm64)
-- Windows 64 bits
+- Windows 64 bits (x86_64)
-- Macos 64 bits
+- Macos 64 bits (x86_64 and arm64)
 
 Along this library, you **must** specify which JNI native library to use in your dependency manager:
 
 * **For desktop or server JVMs**, you must add the dependency:
-  * Either the `fr.acinq.secp256k1:secp256k1-jni-jvm` dependency which imports all supported platforms.
+  * Either the `fr.acinq.secp256k1:secp256k1-kmp-jni-jvm` dependency which imports all supported platforms.
   * Or the platform specific dependencies (note that you can add multiple as they do not conflict):
-    * `fr.acinq.secp256k1:secp256k1-jni-jvm-linux` for Linux
+    * `fr.acinq.secp256k1:secp256k1-kmp-jni-jvm-linux` for Linux
-    * `fr.acinq.secp256k1:secp256k1-jni-jvm-darwin` for Mac OS X
+    * `fr.acinq.secp256k1:secp256k1-kmp-jni-jvm-darwin` for Mac OS X
-    * `fr.acinq.secp256k1:secp256k1-jni-jvm-mingw` for Windows
+    * `fr.acinq.secp256k1:secp256k1-kmp-jni-jvm-mingw` for Windows
-* **For Android**, you must add the `fr.acinq.secp256k1:secp256k1-jni-android` dependency
+* **For Android**, you must add the `fr.acinq.secp256k1:secp256k1-kmp-jni-android` dependency
 
 If you are using the JVM on an OS for which we don't provide JNI bindings (32 bits OS for example), you can use your own library native library by
-adding the `fr.acinq.secp256k1:secp256k1-jni-jvm` dependency and specifying its path with `-Dfr.acinq.secp256k1.lib.path` and optionally its name with `-Dfr.acinq.secp256k1.lib.name`
+adding the `fr.acinq.secp256k1:secp256k1-kmp-jni-jvm` dependency and specifying its path with `-Dfr.acinq.secp256k1.lib.path` and optionally its name with `-Dfr.acinq.secp256k1.lib.name`
 (if unspecified bitcoink use the standard name for your OS i.e. libsecp256k1.so on Linux, secp256k1.dll on Windows, ...).
 
 To compile your own JNI bindings, have a look add the `native/build.sh` and `jni/build.sh` scripts.
@@ -84,3 +84,58 @@ You can also specify the temporary directory where the library will be extracted
 ## Usage
 
 Please have a look at unit tests, more samples will be added soon.
+
+## Building
+
+**secp256k1-kmp** is a [Kotlin Multiplatform](https://kotlinlang.org/docs/multiplatform.html) wrapper for Bitcoin Core's [secp256k1 library](https://github.com/bitcoin-core/secp256k1).
+
+To build the library you need the following:
+- Window 64 bits, Linux 64 bits, or MacOs 64 Bits
+- OpenJDK11 (we recommend using packages provided by https://adoptopenjdk.net/ but there are other options)
+- (optional) Android SDK
+
+It may work with other Operating Systems and JDKs, but then you're on your own (in particular we don't plan to support 32 bits Operating Systems).
+To build the library and publish compiled artefacts locally (so they can be used by other projects):
+
+```sh
+./gradlew :build
+./gradlew :publishToMavenLocal
+```
+
+To run all tests on all platforms:
+
+```sh
+./gradlew allTests
+```
+
+To run tests on a single platform, for example the JVM:
+
+```sh
+./gradlew jvmTest
+```
+
+If you want to skip building Android artefacts create a `local.properties` file in the project's root directory and add the following line:
+
+```
+skip.android=true
+```
+
+## Contributing to and extending the library
+
+secp256k1-kmp follows 2 simples rules:
+- copy as literally as possible what the original [secp256k1 library](https://github.com/bitcoin-core/secp256k1) does: use the same function names, parameters, options, ... 
+- follow JNI best practices (memory allocation, error handling, ...)
+ 
+"Porting" C/C++ code that uses [secp256k1](https://github.com/bitcoin-core/secp256k1) should be a no-brainer and we should not have to document secp256k1-kmp
+
+
+To extend this library and support methods that have been added to specific versions of [secp256k1](https://github.com/bitcoin-core/secp256k1) you have to:
+- add new methods to the Secp256k1 interface src/commonMain/kotlin/fr/acinq/secp256k1/Secp256k1.kt (please follow rule #1 above and try and match secp256k1's interface as much as possible)
+- implement these new methods in jni/src/main/kotlin/fr/acinq/secp256k1/NativeSecp256k1.kt (JNI implementation) and src/nativeMain/kotlin/fr/acinq/secp256k1/Secp256k1Native.kt (native linux/ios/... implementation)
+- update the JNI interface src/main/java/fr/acinq/secp256k1/Secp256k1CFunctions.java (NativeSecp256k1 calls Secp256k1CFunctions)
+- generate a new JNI header file jni/c/headers/java/fr_acinq_secp256k1_Secp256k1CFunctions.h with `javac -h jni/c/headers/java jni/src/main/java/fr/acinq/secp256k1/Secp256k1CFunctions.java`
+- implement the new methods in jni/c/src/fr_acinq_secp256k1_Secp256k1CFunctions.c
+
+You may also need to modify build files if you need to compile [secp256k1](https://github.com/bitcoin-core/secp256k1) with custom options
+
+We use [secp256k1](https://github.com/bitcoin-core/secp256k1) through git submodules so you may also need to change what they point to

build.gradle.kts

@@ -1,16 +1,10 @@
-import org.apache.http.impl.client.HttpClients
-import org.apache.http.client.methods.HttpPost
-import org.apache.http.entity.ContentType
-import org.apache.http.entity.StringEntity
-import org.apache.http.impl.auth.BasicScheme
-import org.apache.http.auth.UsernamePasswordCredentials
 import org.gradle.internal.os.OperatingSystem
 import org.jetbrains.kotlin.gradle.plugin.mpp.KotlinNativeTarget
 import org.jetbrains.dokka.Platform
 
 plugins {
-    kotlin("multiplatform") version "1.4.32"
+    kotlin("multiplatform") version "1.8.21"
-    id("org.jetbrains.dokka") version "1.4.30"
+    id("org.jetbrains.dokka") version "1.8.10"
     `maven-publish`
 }
 
@@ -18,21 +12,19 @@ buildscript {
     repositories {
         google()
         mavenCentral()
-        jcenter()
     }
 
     dependencies {
-        classpath("com.android.tools.build:gradle:4.0.2")
+        classpath("com.android.tools.build:gradle:7.3.1")
-        classpath("org.jetbrains.dokka:dokka-gradle-plugin:1.4.30")
+        classpath("org.jetbrains.dokka:dokka-gradle-plugin:1.8.10")
     }
 }
 
 allprojects {
     group = "fr.acinq.secp256k1"
-    version = "0.5.2"
+    version = "0.12.0-SNAPSHOT"
 
     repositories {
-        jcenter()
         google()
         mavenCentral()
     }
@@ -77,9 +69,8 @@ kotlin {
     }
 
     sourceSets.all {
-        languageSettings.useExperimentalAnnotation("kotlin.RequiresOptIn")
+        languageSettings.optIn("kotlin.RequiresOptIn")
     }
-
 }
 
 // Disable cross compilation
@@ -166,6 +157,7 @@ allprojects {
                             Platform.js -> "js"
                             Platform.native -> "native"
                             Platform.common -> "common"
+                            Platform.wasm -> "wasm"
                         }
                         displayName.set(platformName)
 

gradle.properties

@@ -4,14 +4,8 @@ org.gradle.parallel = true
 
 # kotlin
 kotlin.code.style = official
-kotlin.incremental.multiplatform = true
-kotlin.parallel.tasks.in.project = true
-#kotlin.mpp.enableGranularSourceSetsMetadata = true
-kotlin.native.enableDependencyPropagation = false
 kotlin.native.ignoreDisabledTargets = true
-
+kotlin.mpp.enableCInteropCommonization=true
-# https://github.com/gradle/gradle/issues/11412
-systemProp.org.gradle.internal.publish.checksums.insecure = true
 
 # Android
 android.useAndroidX = true

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.8.3-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.5.1-bin.zip
+distributionSha256Sum=f6b8596b10cce501591e92f229816aa4046424f3b24d771751b06779d58c8ec4
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

gradlew

@@ -82,6 +82,7 @@ esac
 
 CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
 
+
 # Determine the Java command to use to start the JVM.
 if [ -n "$JAVA_HOME" ] ; then
     if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
@@ -129,6 +130,7 @@ fi
 if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
     APP_HOME=`cygpath --path --mixed "$APP_HOME"`
     CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
+
     JAVACMD=`cygpath --unix "$JAVACMD"`
 
     # We build the pattern for arguments to be converted via cygpath

gradlew.bat

@@ -40,7 +40,7 @@ if defined JAVA_HOME goto findJavaFromJavaHome
 
 set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
-if "%ERRORLEVEL%" == "0" goto init
+if "%ERRORLEVEL%" == "0" goto execute
 
 echo.
 echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
@@ -54,7 +54,7 @@ goto fail
 set JAVA_HOME=%JAVA_HOME:"=%
 set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 
-if exist "%JAVA_EXE%" goto init
+if exist "%JAVA_EXE%" goto execute
 
 echo.
 echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
@@ -64,28 +64,14 @@ echo location of your Java installation.
 
 goto fail
 
-:init
-@rem Get command-line arguments, handling Windows variants
-
-if not "%OS%" == "Windows_NT" goto win9xME_args
-
-:win9xME_args
-@rem Slurp the command line arguments.
-set CMD_LINE_ARGS=
-set _SKIP=2
-
-:win9xME_args_slurp
-if "x%~1" == "x" goto execute
-
-set CMD_LINE_ARGS=%*
-
 :execute
 @rem Setup the command line
 
 set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
 
+
 @rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
 
 :end
 @rem End local scope for the variables with windows NT shell

jni/android/build.gradle.kts

@@ -1,5 +1,3 @@
-import org.jetbrains.dokka.Platform
-
 plugins {
     id("com.android.library")
     kotlin("android")
@@ -17,12 +15,9 @@ dependencies {
 
 android {
     defaultConfig {
-        compileSdkVersion(30)
+        compileSdk = 33
-        minSdkVersion(21)
+        minSdk = 21
         testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"
-        externalNativeBuild {
-            cmake {}
-        }
     }
 
     compileOptions {
@@ -32,10 +27,12 @@ android {
 
     externalNativeBuild {
         cmake {
-            setPath("src/main/CMakeLists.txt")
+            version = "3.22.1"
+            path("src/main/CMakeLists.txt")
         }
     }
-    ndkVersion = "21.4.7075529"
+
+    ndkVersion = "25.2.9519653"
 
     afterEvaluate {
         tasks.withType<com.android.build.gradle.tasks.factory.AndroidUnitTest>().all {
@@ -45,8 +42,8 @@ android {
 }
 
 afterEvaluate {
-    configure(listOf("Debug", "Release").map { tasks["externalNativeBuild$it"] }) {
+    tasks.filter { it.name.startsWith("configureCMake") }.forEach {
-        dependsOn(":native:buildSecp256k1Android")
+        it.dependsOn(":native:buildSecp256k1Android")
     }
 }
 

jni/android/src/main/CMakeLists.txt

@@ -1,5 +1,7 @@
 cmake_minimum_required(VERSION 3.10.0)
 
+project(secp256k1jni)
+
 add_library( secp256k1-jni SHARED
     ${CMAKE_CURRENT_LIST_DIR}/../../../c/src/fr_acinq_secp256k1_Secp256k1CFunctions.c
 )

jni/build.gradle.kts

@@ -1,5 +1,3 @@
-import org.jetbrains.dokka.Platform
-
 plugins {
     kotlin("jvm")
     id("org.jetbrains.dokka")
@@ -22,7 +20,7 @@ dependencies {
 val generateHeaders by tasks.creating(JavaCompile::class) {
     group = "build"
     classpath = sourceSets["main"].compileClasspath
-    destinationDir = file("${buildDir}/generated/jni")
+    destinationDirectory.set(file("${buildDir}/generated/jni"))
     source = sourceSets["main"].java
     options.compilerArgs = listOf(
         "-h", file("${buildDir}/generated/jni").absolutePath,

jni/c/headers/java/fr_acinq_secp256k1_Secp256k1CFunctions.h

@@ -119,14 +119,6 @@ JNIEXPORT jbyteArray JNICALL Java_fr_acinq_secp256k1_Secp256k1CFunctions_secp256
 JNIEXPORT jbyteArray JNICALL Java_fr_acinq_secp256k1_Secp256k1CFunctions_secp256k1_1ec_1pubkey_1tweak_1mul
   (JNIEnv *, jclass, jlong, jbyteArray, jbyteArray);
 
-/*
- * Class:     fr_acinq_secp256k1_Secp256k1CFunctions
- * Method:    secp256k1_ec_pubkey_add
- * Signature: (J[B[B)[B
- */
-JNIEXPORT jbyteArray JNICALL Java_fr_acinq_secp256k1_Secp256k1CFunctions_secp256k1_1ec_1pubkey_1add
-  (JNIEnv *, jclass, jlong, jbyteArray, jbyteArray);
-
 /*
  * Class:     fr_acinq_secp256k1_Secp256k1CFunctions
  * Method:    secp256k1_ec_pubkey_combine
@@ -159,6 +151,22 @@ JNIEXPORT jbyteArray JNICALL Java_fr_acinq_secp256k1_Secp256k1CFunctions_secp256
 JNIEXPORT jbyteArray JNICALL Java_fr_acinq_secp256k1_Secp256k1CFunctions_secp256k1_1compact_1to_1der
   (JNIEnv *, jclass, jlong, jbyteArray);
 
+/*
+ * Class:     fr_acinq_secp256k1_Secp256k1CFunctions
+ * Method:    secp256k1_schnorrsig_sign
+ * Signature: (J[B[B[B)[B
+ */
+JNIEXPORT jbyteArray JNICALL Java_fr_acinq_secp256k1_Secp256k1CFunctions_secp256k1_1schnorrsig_1sign
+  (JNIEnv *, jclass, jlong, jbyteArray, jbyteArray, jbyteArray);
+
+/*
+ * Class:     fr_acinq_secp256k1_Secp256k1CFunctions
+ * Method:    secp256k1_schnorrsig_verify
+ * Signature: (J[B[B[B)I
+ */
+JNIEXPORT jint JNICALL Java_fr_acinq_secp256k1_Secp256k1CFunctions_secp256k1_1schnorrsig_1verify
+  (JNIEnv *, jclass, jlong, jbyteArray, jbyteArray, jbyteArray);
+
 #ifdef __cplusplus
 }
 #endif

jni/jvm/darwin/build.gradle.kts

@@ -12,8 +12,12 @@ dependencies {
 val copyJni by tasks.creating(Sync::class) {
     onlyIf { org.gradle.internal.os.OperatingSystem.current().isMacOsX }
     dependsOn(":jni:jvm:buildNativeHost")
+    val arch = when (System.getProperty("os.arch")) {
+        "aarch64" -> "aarch64"
+        else -> "x86_64"
+    }
     from(rootDir.resolve("jni/jvm/build/darwin/libsecp256k1-jni.dylib"))
-    into(buildDir.resolve("jniResources/fr/acinq/secp256k1/jni/native/darwin-x86_64"))
+    into(buildDir.resolve("jniResources/fr/acinq/secp256k1/jni/native/darwin-$arch"))
 }
 
 (tasks["processResources"] as ProcessResources).apply {

jni/jvm/src/main/kotlin/fr/acinq/secp256k1/jni/OSInfo.kt

@@ -154,7 +154,7 @@ internal object OSInfo {
                if (systemOsArch.startsWith("arm")) {
                    resolveArmArchType()
                } else {
-                   val lc = systemOsArch.toLowerCase(Locale.US)
+                   val lc = systemOsArch.lowercase(Locale.US)
                    if (archMapping.containsKey(lc)) return archMapping[lc]
                    systemOsArch
                }

jni/src/main/java/fr/acinq/secp256k1/Secp256k1CFunctions.java

@@ -5,29 +5,29 @@ public class Secp256k1CFunctions {
      * All flags' lower 8 bits indicate what they're for. Do not use directly.
      */
     public static int SECP256K1_FLAGS_TYPE_MASK = ((1 << 8) - 1);
-    public static int SECP256K1_FLAGS_TYPE_CONTEXT = (1 << 0);
+    public static final int SECP256K1_FLAGS_TYPE_CONTEXT = (1 << 0);
-    public static int SECP256K1_FLAGS_TYPE_COMPRESSION = (1 << 1);
+    public static final int SECP256K1_FLAGS_TYPE_COMPRESSION = (1 << 1);
 
     /**
      * The higher bits contain the actual data. Do not use directly.
      */
-    public static int SECP256K1_FLAGS_BIT_CONTEXT_VERIFY = (1 << 8);
+    public static final int SECP256K1_FLAGS_BIT_CONTEXT_VERIFY = (1 << 8);
-    public static int SECP256K1_FLAGS_BIT_CONTEXT_SIGN = (1 << 9);
+    public static final int SECP256K1_FLAGS_BIT_CONTEXT_SIGN = (1 << 9);
-    public static int SECP256K1_FLAGS_BIT_COMPRESSION = (1 << 8);
+    public static final int SECP256K1_FLAGS_BIT_COMPRESSION = (1 << 8);
 
     /**
      * Flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size, and
      * secp256k1_context_preallocated_create.
      */
-    public static int SECP256K1_CONTEXT_VERIFY = (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_VERIFY);
+    public static final int SECP256K1_CONTEXT_VERIFY = (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_VERIFY);
-    public static int SECP256K1_CONTEXT_SIGN = (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_SIGN);
+    public static final int SECP256K1_CONTEXT_SIGN = (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_SIGN);
-    public static int SECP256K1_CONTEXT_NONE = (SECP256K1_FLAGS_TYPE_CONTEXT);
+    public static final int SECP256K1_CONTEXT_NONE = (SECP256K1_FLAGS_TYPE_CONTEXT);
 
     /**
      * Flag to pass to secp256k1_ec_pubkey_serialize.
      */
-    public static int SECP256K1_EC_COMPRESSED = (SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION);
+    public static final int SECP256K1_EC_COMPRESSED = (SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION);
-    public static int SECP256K1_EC_UNCOMPRESSED = (SECP256K1_FLAGS_TYPE_COMPRESSION);
+    public static final int SECP256K1_EC_UNCOMPRESSED = (SECP256K1_FLAGS_TYPE_COMPRESSION);
 
     public static native long secp256k1_context_create(int flags);
 
@@ -57,8 +57,6 @@ public class Secp256k1CFunctions {
 
     public static native byte[] secp256k1_ec_pubkey_tweak_mul(long ctx, byte[] pubkey, byte[] tweak);
 
-    public static native byte[] secp256k1_ec_pubkey_add(long ctx, byte[] pubkey1, byte[] pubkey2);
-
     public static native byte[] secp256k1_ec_pubkey_combine(long ctx, byte[][] pubkeys);
 
     public static native byte[] secp256k1_ecdh(long ctx, byte[] seckey, byte[] pubkey);
@@ -66,4 +64,8 @@ public class Secp256k1CFunctions {
     public static native byte[] secp256k1_ecdsa_recover(long ctx, byte[] sig, byte[] msg32, int recid);
 
     public static native byte[] secp256k1_compact_to_der(long ctx, byte[] sig);
+
+    public static native byte[] secp256k1_schnorrsig_sign(long ctx, byte[] msg, byte[] seckey, byte[] aux_rand32);
+
+    public static native int secp256k1_schnorrsig_verify(long ctx, byte[] sig, byte[] msg, byte[] pubkey);
 }

jni/src/main/kotlin/fr/acinq/secp256k1/NativeSecp256k1.kt

@@ -14,15 +14,16 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
 package fr.acinq.secp256k1
 
 public object NativeSecp256k1 : Secp256k1 {
-    override fun verify(signature: ByteArray, data: ByteArray, pub: ByteArray): Boolean {
+    override fun verify(signature: ByteArray, message: ByteArray, pubkey: ByteArray): Boolean {
-        return Secp256k1CFunctions.secp256k1_ecdsa_verify(Secp256k1Context.getContext(), signature, data, pub) == 1
+        return Secp256k1CFunctions.secp256k1_ecdsa_verify(Secp256k1Context.getContext(), signature, message, pubkey) == 1
     }
 
-    override fun sign(data: ByteArray, sec: ByteArray): ByteArray {
+    override fun sign(message: ByteArray, privkey: ByteArray): ByteArray {
-        return Secp256k1CFunctions.secp256k1_ecdsa_sign(Secp256k1Context.getContext(), data, sec)
+        return Secp256k1CFunctions.secp256k1_ecdsa_sign(Secp256k1Context.getContext(), message, privkey)
     }
 
     override fun signatureNormalize(sig: ByteArray): Pair<ByteArray, Boolean> {
@@ -31,35 +32,30 @@ public object NativeSecp256k1 : Secp256k1 {
         return Pair(sigout, result == 1)
     }
 
-    override fun secKeyVerify(seckey: ByteArray): Boolean {
+    override fun secKeyVerify(privkey: ByteArray): Boolean {
-        val result = Secp256k1CFunctions.secp256k1_ec_seckey_verify(Secp256k1Context.getContext(), seckey);
+        return Secp256k1CFunctions.secp256k1_ec_seckey_verify(Secp256k1Context.getContext(), privkey) == 1
-        return result == 1;
     }
 
-    override fun pubkeyCreate(seckey: ByteArray): ByteArray {
+    override fun pubkeyCreate(privkey: ByteArray): ByteArray {
-        return Secp256k1CFunctions.secp256k1_ec_pubkey_create(Secp256k1Context.getContext(), seckey)
+        return Secp256k1CFunctions.secp256k1_ec_pubkey_create(Secp256k1Context.getContext(), privkey)
     }
 
     override fun pubkeyParse(pubkey: ByteArray): ByteArray {
         return Secp256k1CFunctions.secp256k1_ec_pubkey_parse(Secp256k1Context.getContext(), pubkey)
     }
 
-    override fun cleanup() {
-        return Secp256k1CFunctions.secp256k1_context_destroy(Secp256k1Context.getContext())
-    }
-
     override fun privKeyNegate(privkey: ByteArray): ByteArray {
         return Secp256k1CFunctions.secp256k1_ec_privkey_negate(Secp256k1Context.getContext(), privkey)
     }
 
-    override fun privKeyTweakMul(privkey: ByteArray, tweak: ByteArray): ByteArray {
-        return Secp256k1CFunctions.secp256k1_ec_privkey_tweak_mul(Secp256k1Context.getContext(), privkey, tweak)
-    }
-
     override fun privKeyTweakAdd(privkey: ByteArray, tweak: ByteArray): ByteArray {
         return Secp256k1CFunctions.secp256k1_ec_privkey_tweak_add(Secp256k1Context.getContext(), privkey, tweak)
     }
 
+    override fun privKeyTweakMul(privkey: ByteArray, tweak: ByteArray): ByteArray {
+        return Secp256k1CFunctions.secp256k1_ec_privkey_tweak_mul(Secp256k1Context.getContext(), privkey, tweak)
+    }
+
     override fun pubKeyNegate(pubkey: ByteArray): ByteArray {
         return Secp256k1CFunctions.secp256k1_ec_pubkey_negate(Secp256k1Context.getContext(), pubkey)
     }
@@ -72,12 +68,12 @@ public object NativeSecp256k1 : Secp256k1 {
         return Secp256k1CFunctions.secp256k1_ec_pubkey_tweak_mul(Secp256k1Context.getContext(), pubkey, tweak)
     }
 
-    override fun pubKeyAdd(pubkey1: ByteArray, pubkey2: ByteArray): ByteArray {
+    override fun pubKeyCombine(pubkeys: Array<ByteArray>): ByteArray {
-        return Secp256k1CFunctions.secp256k1_ec_pubkey_add(Secp256k1Context.getContext(), pubkey1, pubkey2)
+        return Secp256k1CFunctions.secp256k1_ec_pubkey_combine(Secp256k1Context.getContext(), pubkeys)
     }
 
-    override fun ecdh(seckey: ByteArray, pubkey: ByteArray): ByteArray {
+    override fun ecdh(privkey: ByteArray, pubkey: ByteArray): ByteArray {
-        return Secp256k1CFunctions.secp256k1_ecdh(Secp256k1Context.getContext(), seckey, pubkey)
+        return Secp256k1CFunctions.secp256k1_ecdh(Secp256k1Context.getContext(), privkey, pubkey)
     }
 
     override fun ecdsaRecover(sig: ByteArray, message: ByteArray, recid: Int): ByteArray {
@@ -87,4 +83,16 @@ public object NativeSecp256k1 : Secp256k1 {
     override fun compact2der(sig: ByteArray): ByteArray {
         return Secp256k1CFunctions.secp256k1_compact_to_der(Secp256k1Context.getContext(), sig)
     }
+
+    override fun verifySchnorr(signature: ByteArray, data: ByteArray, pub: ByteArray): Boolean {
+        return Secp256k1CFunctions.secp256k1_schnorrsig_verify(Secp256k1Context.getContext(), signature, data, pub) == 1
+    }
+
+    override fun signSchnorr(data: ByteArray, sec: ByteArray, auxrand32: ByteArray?): ByteArray {
+        return Secp256k1CFunctions.secp256k1_schnorrsig_sign(Secp256k1Context.getContext(), data, sec, auxrand32)
+    }
+
+    override fun cleanup() {
+        return Secp256k1CFunctions.secp256k1_context_destroy(Secp256k1Context.getContext())
+    }
 }

native/build-android.sh

@@ -19,23 +19,21 @@ else
 fi
 
 TARGET=$SYS-linux-android
-TOOLTARGET=$TARGET
 if [ "$SYS" == "armv7a" ]; then
   TARGET=armv7a-linux-androideabi
-  TOOLTARGET=arm-linux-androideabi
 fi
 
 export CC=$ANDROID_NDK/toolchains/llvm/prebuilt/$TOOLCHAIN/bin/${TARGET}21-clang
-export LD=$ANDROID_NDK/toolchains/llvm/prebuilt/$TOOLCHAIN/bin/$TOOLTARGET-ld
+export LD=$ANDROID_NDK/toolchains/llvm/prebuilt/$TOOLCHAIN/bin/ld
-export AR=$ANDROID_NDK/toolchains/llvm/prebuilt/$TOOLCHAIN/bin/$TOOLTARGET-ar
+export AR=$ANDROID_NDK/toolchains/llvm/prebuilt/$TOOLCHAIN/bin/llvm-ar
-export AS=$ANDROID_NDK/toolchains/llvm/prebuilt/$TOOLCHAIN/bin/$TOOLTARGET-as
+export AS=$CC
-export RANLIB=$ANDROID_NDK/toolchains/llvm/prebuilt/$TOOLCHAIN/bin/$TOOLTARGET-ranlib
+export RANLIB=$ANDROID_NDK/toolchains/llvm/prebuilt/$TOOLCHAIN/bin/llvm-ranlib
-export STRIP=$ANDROID_NDK/toolchains/llvm/prebuilt/$TOOLCHAIN/bin/$TOOLTARGET-strip
+export STRIP=$ANDROID_NDK/toolchains/llvm/prebuilt/$TOOLCHAIN/bin/llvm-strip
 
 cd secp256k1
 
 ./autogen.sh
-./configure CFLAGS=-fpic --host=$TARGET --enable-experimental --enable-module_ecdh --enable-module-recovery --enable-benchmark=no --enable-shared=no --enable-exhaustive-tests=no --enable-tests=no
+./configure CFLAGS=-fpic --host=$TARGET --enable-experimental --enable-module_ecdh --enable-module-recovery --enable-module-schnorrsig --enable-benchmark=no --enable-shared=no --enable-exhaustive-tests=no --enable-tests=no
 make clean
 make
 

native/build-ios.sh

@@ -6,7 +6,7 @@ cp xconfigure.sh secp256k1
 cd secp256k1
 
 ./autogen.sh
-sh xconfigure.sh --enable-experimental --enable-module_ecdh --enable-module-recovery --enable-benchmark=no --enable-shared=no --enable-exhaustive-tests=no --enable-tests=no
+sh xconfigure.sh --enable-experimental --enable-module_ecdh --enable-module-recovery --enable-module-schnorrsig --enable-benchmark=no --enable-shared=no --enable-exhaustive-tests=no --enable-tests=no
 
 mkdir -p ../build/ios
 cp -v _build/universal/* ../build/ios/

native/build.gradle.kts

@@ -1,9 +1,13 @@
 import org.gradle.internal.os.OperatingSystem
 
-evaluationDependsOn(":jni:android")
+val includeAndroid = System.getProperty("includeAndroid")?.toBoolean() ?: true
+
+if (includeAndroid) {
+    evaluationDependsOn(":jni:android")
+}
 
 val currentOs = OperatingSystem.current()
-val bash = if (currentOs.isWindows) "bash.exe" else "bash"
+val bash = "bash"
 
 val buildSecp256k1 by tasks.creating { group = "build" }
 
@@ -23,7 +27,7 @@ val buildSecp256k1Host by tasks.creating(Exec::class) {
 
     workingDir = projectDir
     environment("TARGET", target)
-    commandLine(bash, "build.sh")
+    commandLine(bash, "-l", "build.sh")
 }
 
 val buildSecp256k1Ios by tasks.creating(Exec::class) {
@@ -39,34 +43,39 @@ val buildSecp256k1Ios by tasks.creating(Exec::class) {
     commandLine(bash, "build-ios.sh")
 }
 
-val buildSecp256k1Android by tasks.creating {
+if (includeAndroid) {
-    group = "build"
-    buildSecp256k1.dependsOn(this)
-}
-fun creatingBuildSecp256k1Android(arch: String) = tasks.creating(Exec::class) {
-    group = "build"
-    buildSecp256k1Android.dependsOn(this)
 
-    inputs.files(projectDir.resolve("build-android.sh"))
+    val buildSecp256k1Android by tasks.creating {
-    outputs.dir(projectDir.resolve("build/android/$arch"))
+        group = "build"
-
+        buildSecp256k1.dependsOn(this)
-    workingDir = projectDir
-
-    val toolchain = when {
-        currentOs.isLinux -> "linux-x86_64"
-        currentOs.isMacOsX -> "darwin-x86_64"
-        currentOs.isWindows -> "windows-x86_64"
-        else -> error("No Android toolchain defined for this OS: $currentOs")
     }
-    environment("TOOLCHAIN", toolchain)
+
-    environment("ARCH", arch)
+    fun creatingBuildSecp256k1Android(arch: String) = tasks.creating(Exec::class) {
-    environment("ANDROID_NDK", (project(":jni:android").extensions["android"] as com.android.build.gradle.LibraryExtension).ndkDirectory)
+        group = "build"
-    commandLine(bash, "build-android.sh")
+        buildSecp256k1Android.dependsOn(this)
+
+        inputs.files(projectDir.resolve("build-android.sh"))
+        outputs.dir(projectDir.resolve("build/android/$arch"))
+
+        workingDir = projectDir
+
+        val toolchain = when {
+            currentOs.isLinux -> "linux-x86_64"
+            currentOs.isMacOsX -> "darwin-x86_64"
+            currentOs.isWindows -> "windows-x86_64"
+            else -> error("No Android toolchain defined for this OS: $currentOs")
+        }
+        environment("TOOLCHAIN", toolchain)
+        environment("ARCH", arch)
+        environment("ANDROID_NDK", (project(":jni:android").extensions["android"] as com.android.build.gradle.LibraryExtension).ndkDirectory)
+        commandLine(bash, "build-android.sh")
+    }
+
+    val buildSecp256k1AndroidX86_64 by creatingBuildSecp256k1Android("x86_64")
+    val buildSecp256k1AndroidX86 by creatingBuildSecp256k1Android("x86")
+    val buildSecp256k1AndroidArm64v8a by creatingBuildSecp256k1Android("arm64-v8a")
+    val buildSecp256k1AndroidArmeabiv7a by creatingBuildSecp256k1Android("armeabi-v7a")
 }
-val buildSecp256k1AndroidX86_64 by creatingBuildSecp256k1Android("x86_64")
-val buildSecp256k1AndroidX86 by creatingBuildSecp256k1Android("x86")
-val buildSecp256k1AndroidArm64v8a by creatingBuildSecp256k1Android("arm64-v8a")
-val buildSecp256k1AndroidArmeabiv7a by creatingBuildSecp256k1Android("armeabi-v7a")
 
 val clean by tasks.creating {
     group = "build"

native/build.sh

@@ -16,14 +16,14 @@ if [ "$TARGET" == "mingw" ]; then
 elif [ "$TARGET" == "linux" ]; then
   CONF_OPTS="CFLAGS=-fPIC"
 elif [ "$TARGET" == "darwin" ]; then
-  CONF_OPTS="--host=x86_64-w64-darwin"
+  CONF_OPTS=""
 else
   echo "Unknown TARGET=$TARGET"
   exit 1
 fi
 
 ./autogen.sh
-./configure $CONF_OPTS --enable-experimental --enable-module_ecdh --enable-module-recovery --enable-benchmark=no --enable-shared=no --enable-exhaustive-tests=no --enable-tests=no
+./configure $CONF_OPTS --enable-experimental --enable-module_ecdh --enable-module-recovery --enable-module-schnorrsig --enable-benchmark=no --enable-shared=no --enable-exhaustive-tests=no --enable-tests=no
 make clean
 make
 

publishing/PUBLISHING.md

@@ -0,0 +1,57 @@
+# Publishing secp256k1-kmp artifacts
+
+## snapshots
+
+Snapshots are published to the Sonatype snapshot repository (https://oss.sonatype.org/content/repositories/snapshots/).
+To publish snapshot, you must add your sonatype credentials for the `ossrh` server to your local maven settings (typically in $HOME/.m2/settings.xml)
+
+- Download `snapshot.zip` generated by the `Publish snapshot` github action
+- unzip `snapshot.zip` in the `publishing` directory
+- add additional JNI bindings (optional, see below)
+- edit `secp256k1-kmp-snapshot-deploy.sh` and update the `VERSION` environment variable if needed
+- run `secp256k1-kmp-snapshot-deploy.sh`
+
+## releases
+
+Releases are published to the Sonatype staging repository. If all items are valid they will be published to `maven central` repository.
+You must edit `secp256k1-kmp-staging-upload.sh` and add your sonatype credentials. You must also have a valid GPG key.
+
+- Download `release.zip` generated by the `Publish release` github action (which is triggered every time you publish a github release)
+- unzip `release.zip` in the `publishing` directory
+- add additional JNI bindings (optional, see below)
+- edit `secp256k1-kmp-staging-upload.sh` and update the `VERSION` environment variable if needed
+- sign all artifacts with a valid gpg key: `find release -type f -print -exec gpg -ab {} \;`
+- run `secp256k1-kmp-staging-upload.sh`
+- log into sonatype, close and publish your staging repository. Artifacts will be available on Maven Central within a few hours.
+
+## Adding custom JNI bindings
+
+Github CI currently generates JNI bindings for Windows x64, Linux x64 and iOS x64. But it is possible to add custom bindings to JNI packages before 
+they are published to maven central. 
+
+This is how we add linux arm64 bindings:
+- compile JNI bindings for Linux Arm64 (on a Linux Arm64 machine, cross-compilation is not supported)
+  - git clone --recursive https://github.com/ACINQ/secp256k1-kmp.git
+  - cd secp256k1-kmp 
+  - TARGET=linux ./native/build.sh 
+  - mkdir -p jni/jvm/build/linux 
+  - TARGET=linux ./jni/jvm/build.sh 
+  - JNI library is: jni/jvm/build/linux/libsecp256k1-jni.so
+- copy libsecp256k1-jni.so to fr/acinq/secp256k1/jni/native/linux-aarch64/libsecp256k1-jni.so
+- run `secp256k1-kmp-add-linuxarm64.sh` and specify either `release` or `snapshot` and the `VERSION` environment variable, for example:
+  - VERSION=0.9.0-SNAPSHOT ./secp256k1-kmp-add-linuxarm64.sh snapshot
+  - VERSION=0.9.0 ./secp256k1-kmp-add-linuxarm64.sh release
+
+This is how we add macos arm64 (M1/M2) bindings:
+- compile JNI bindings for macos Arm64 (on a macos Arm64 machine, cross-compilation is not supported)
+  - git clone --recursive https://github.com/ACINQ/secp256k1-kmp.git
+  - cd secp256k1-kmp
+  - TARGET=darwin ./native/build.sh
+  - mkdir -p jni/jvm/build/darwin
+  - TARGET=darwin ./jni/jvm/build.sh
+  - JNI library is: jni/jvm/build/darwin/libsecp256k1-jni.dylib
+- copy libsecp256k1-jni.dylib to fr/acinq/secp256k1/jni/native/darwin-aarch64/libsecp256k1-jni.dylib
+- run `secp256k1-kmp-add-darwinaarch64.sh` and specify either `release` or `snapshot` and the `VERSION` environment variable, for example:
+  - VERSION=0.9.0-SNAPSHOT ./secp256k1-kmp-add-darwinaarch64.sh snapshot
+  - VERSION=0.9.0 ./secp256k1-kmp-add-darwinaarch64.sh release
+

publishing/secp256k1-kmp-add-darwinaarch64.sh

@@ -0,0 +1,17 @@
+#!/bin/bash -x
+
+if [ $# -eq 0 ]
+  then
+    echo "specify either snapshot or release"
+    exit 1
+fi
+
+# add aarch64 (ARM64) library to the darwin jar
+if [ -e fr/acinq/secp256k1/jni/native/darwin-aarch64/libsecp256k1-jni.dylib ]
+then
+    jar -uf $1/fr/acinq/secp256k1/secp256k1-kmp-jni-jvm-darwin/$VERSION/secp256k1-kmp-jni-jvm-darwin-$VERSION.jar fr || exit
+else
+    libsecp256k1-jni.dylib for arch64 is missing
+    exit 1
+fi
+

publishing/secp256k1-kmp-add-linuxarm64.sh

@@ -0,0 +1,17 @@
+#!/bin/bash -x
+
+if [ $# -eq 0 ]
+  then
+    echo "specify either snapshot or release"
+    exit 1
+fi
+
+# add aarch64 (ARM64) library to the linux jar
+if [ -e fr/acinq/secp256k1/jni/native/linux-aarch64/libsecp256k1-jni.so ]
+then
+    jar -uf $1/fr/acinq/secp256k1/secp256k1-kmp-jni-jvm-linux/$VERSION/secp256k1-kmp-jni-jvm-linux-$VERSION.jar fr || exit
+else
+    libsecp256k1-jni.so for arch64 is missing
+    exit 1
+fi
+

publishing/secp256k1-kmp-snapshot-deploy.sh

@@ -0,0 +1,65 @@
+#!/bin/bash -x
+
+GROUP_ID=fr.acinq.secp256k1
+ARTIFACT_ID_BASE=secp256k1-kmp
+
+if [[ -z "${VERSION}" ]]; then
+  echo "VERSION is not defined"
+  exit 1
+fi
+
+cd snapshot
+pushd .
+cd fr/acinq/secp256k1/secp256k1-kmp/$VERSION
+mvn deploy:deploy-file -DrepositoryId=ossrh -Durl=https://oss.sonatype.org/content/repositories/snapshots/ \
+  -DpomFile=$ARTIFACT_ID_BASE-$VERSION.pom \
+  -Dfile=$ARTIFACT_ID_BASE-$VERSION.jar \
+  -Dfiles=$ARTIFACT_ID_BASE-$VERSION.module,$ARTIFACT_ID_BASE-$VERSION-kotlin-tooling-metadata.json \
+  -Dtypes=module,json \
+  -Dclassifiers=,kotlin-tooling-metadata \
+  -Dsources=$ARTIFACT_ID_BASE-$VERSION-sources.jar \
+  -Djavadoc=$ARTIFACT_ID_BASE-$VERSION-javadoc.jar
+popd
+pushd .
+for i in iosarm64 iosx64 jni-android jni-common jni-jvm-darwin jni-jvm-extract jni-jvm-linux jni-jvm-mingw jni-jvm jvm linux; do
+  cd fr/acinq/secp256k1/secp256k1-kmp-$i/$VERSION
+  if [ $i == iosarm64 ] || [ $i == iosx64 ]; then
+    mvn deploy:deploy-file -DrepositoryId=ossrh -Durl=https://oss.sonatype.org/content/repositories/snapshots/ \
+      -DpomFile=$ARTIFACT_ID_BASE-$i-$VERSION.pom \
+      -Dfile=$ARTIFACT_ID_BASE-$i-$VERSION.klib \
+      -Dfiles=$ARTIFACT_ID_BASE-$i-$VERSION-metadata.jar,$ARTIFACT_ID_BASE-$i-$VERSION.module,$ARTIFACT_ID_BASE-$i-$VERSION-cinterop-libsecp256k1.klib \
+      -Dtypes=jar,module,klib \
+      -Dclassifiers=metadata,,cinterop-libsecp256k1 \
+      -Dsources=$ARTIFACT_ID_BASE-$i-$VERSION-sources.jar \
+      -Djavadoc=$ARTIFACT_ID_BASE-$i-$VERSION-javadoc.jar
+  elif [ $i == linux ]; then
+    mvn deploy:deploy-file -DrepositoryId=ossrh -Durl=https://oss.sonatype.org/content/repositories/snapshots/ \
+      -DpomFile=$ARTIFACT_ID_BASE-$i-$VERSION.pom \
+      -Dfile=$ARTIFACT_ID_BASE-$i-$VERSION.klib \
+      -Dfiles=$ARTIFACT_ID_BASE-$i-$VERSION.module,$ARTIFACT_ID_BASE-$i-$VERSION-cinterop-libsecp256k1.klib \
+      -Dtypes=module,klib \
+      -Dclassifiers=,cinterop-libsecp256k1 \
+      -Dsources=$ARTIFACT_ID_BASE-$i-$VERSION-sources.jar \
+      -Djavadoc=$ARTIFACT_ID_BASE-$i-$VERSION-javadoc.jar
+  elif [ $i == jni-android ]; then
+    mvn deploy:deploy-file -DrepositoryId=ossrh -Durl=https://oss.sonatype.org/content/repositories/snapshots/ \
+      -DpomFile=$ARTIFACT_ID_BASE-$i-$VERSION.pom \
+      -Dfile=$ARTIFACT_ID_BASE-$i-$VERSION.aar \
+      -Dfiles=$ARTIFACT_ID_BASE-$i-$VERSION.module \
+      -Dtypes=module \
+      -Dclassifiers= \
+      -Dsources=$ARTIFACT_ID_BASE-$i-$VERSION-sources.jar \
+      -Djavadoc=$ARTIFACT_ID_BASE-$i-$VERSION-javadoc.jar
+  else
+    mvn deploy:deploy-file -DrepositoryId=ossrh -Durl=https://oss.sonatype.org/content/repositories/snapshots/ \
+      -DpomFile=$ARTIFACT_ID_BASE-$i-$VERSION.pom \
+      -Dfile=$ARTIFACT_ID_BASE-$i-$VERSION.jar \
+      -Dfiles=$ARTIFACT_ID_BASE-$i-$VERSION.module \
+      -Dtypes=module \
+      -Dclassifiers= \
+      -Dsources=$ARTIFACT_ID_BASE-$i-$VERSION-sources.jar \
+      -Djavadoc=$ARTIFACT_ID_BASE-$i-$VERSION-javadoc.jar
+  fi
+  popd
+  pushd .
+done

publishing/secp256k1-kmp-staging-upload.sh

@@ -0,0 +1,28 @@
+#!/bin/bash -x
+#
+# first you must sign all files:
+# find release -type f -print -exec gpg -ab {} \;
+
+VERSION=0.6.2
+for i in 	secp256k1-kmp \
+		secp256k1-kmp-iosarm64 \
+		secp256k1-kmp-iosx64 \
+		secp256k1-kmp-jni-android \
+		secp256k1-kmp-jni-common \
+		secp256k1-kmp-jni-jvm \
+		secp256k1-kmp-jni-jvm-darwin \
+		secp256k1-kmp-jni-jvm-extract \
+		secp256k1-kmp-jni-jvm-linux \
+		secp256k1-kmp-jni-jvm-mingw \
+		secp256k1-kmp-jvm \
+		secp256k1-kmp-linux
+do
+	pushd .
+	cd release/fr/acinq/secp256k1/$i/$VERSION
+	pwd
+	jar -cvf bundle.jar *
+	# use correct sonatype credentials here
+  curl -v -XPOST -u USER:PASSWORD --upload-file bundle.jar https://oss.sonatype.org/service/local/staging/bundle_upload
+  popd
+done
+

settings.gradle.kts

@@ -2,15 +2,30 @@ pluginManagement {
     repositories {
         google()
         gradlePluginPortal()
-        jcenter()
+    }
+    resolutionStrategy {
+        eachPlugin {
+            if (requested.id.namespace == "com.android" || requested.id.name == "kotlin-android-extensions") {
+                useModule("com.android.tools.build:gradle:7.3.1")
+            }
+        }
     }
 }
 rootProject.name = "secp256k1-kmp"
 
+// We use a property defined in `local.properties` to know whether we should build the android application or not.
+// For example, iOS developers may want to skip that most of the time.
+val skipAndroid = File("$rootDir/local.properties").takeIf { it.exists() }
+    ?.inputStream()?.use { java.util.Properties().apply { load(it) } }
+    ?.run { getProperty("skip.android", "false")?.toBoolean() }
+    ?: false
+
+// Use system properties to inject the property in other gradle build files.
+System.setProperty("includeAndroid", (!skipAndroid).toString())
+
 include(
     ":native",
     ":jni",
-    ":jni:android",
     ":jni:jvm",
     ":jni:jvm:darwin",
     ":jni:jvm:linux",
@@ -18,3 +33,10 @@ include(
     ":jni:jvm:all",
     ":tests"
 )
+
+if (!skipAndroid) {
+    print("building android library")
+    include(":jni:android")
+} else {
+    print("skipping android build")
+}

src/commonMain/kotlin/fr/acinq/secp256k1/Secp256k1.kt

@@ -20,60 +20,163 @@ import kotlin.jvm.JvmStatic
 
 public interface Secp256k1 {
 
-    public fun verify(signature: ByteArray, data: ByteArray, pub: ByteArray): Boolean
+    /**
+     * Verify an ECDSA signature.
+     *
+     * @param signature signature using either compact encoding (64 bytes) or der-encoding.
+     * @param message message signed.
+     * @param pubkey signer's public key.
+     */
+    public fun verify(signature: ByteArray, message: ByteArray, pubkey: ByteArray): Boolean
 
-    public fun sign(data: ByteArray, sec: ByteArray): ByteArray
+    /**
+     * Create a normalized ECDSA signature.
+     *
+     * @param message message to sign.
+     * @param privkey signer's private key.
+     */
+    public fun sign(message: ByteArray, privkey: ByteArray): ByteArray
 
+    /**
+     * Verify a Schnorr signature.
+     *
+     * @param signature 64 bytes signature.
+     * @param data message signed.
+     * @param pub signer's x-only public key (32 bytes).
+     */
+    public fun verifySchnorr(signature: ByteArray, data: ByteArray, pub: ByteArray): Boolean
+
+    /**
+     * Create a Schnorr signature.
+     *
+     * @param data message to sign.
+     * @param sec signer's private key.
+     * @param auxrand32 32 bytes of fresh randomness (optional).
+     */
+    public fun signSchnorr(data: ByteArray, sec: ByteArray, auxrand32: ByteArray?): ByteArray
+
+   /**
+     * Convert an ECDSA signature to a normalized lower-S form (bitcoin standardness rule).
+     * Returns the normalized signature and a boolean set to true if the input signature was not normalized.
+     *
+     * @param sig signature that should be normalized.
+     */
     public fun signatureNormalize(sig: ByteArray): Pair<ByteArray, Boolean>
 
-    public fun secKeyVerify(seckey: ByteArray): Boolean
+    /**
+     * Verify the validity of a private key.
+     */
+    public fun secKeyVerify(privkey: ByteArray): Boolean
 
-    public fun pubkeyCreate(seckey: ByteArray): ByteArray
+    /**
+     * Get the public key corresponding to the given private key.
+     * Returns the uncompressed public key (65 bytes).
+     */
+    public fun pubkeyCreate(privkey: ByteArray): ByteArray
 
+    /**
+     * Parse a serialized public key.
+     * Returns the uncompressed public key (65 bytes).
+     */
     public fun pubkeyParse(pubkey: ByteArray): ByteArray
 
-    public fun cleanup()
+    /**
-
+     * Negate the given private key.
+     */
     public fun privKeyNegate(privkey: ByteArray): ByteArray
 
-    public fun privKeyTweakMul(privkey: ByteArray, tweak: ByteArray): ByteArray
+    /**
-
+     * Tweak a private key by adding tweak to it.
+     */
     public fun privKeyTweakAdd(privkey: ByteArray, tweak: ByteArray): ByteArray
 
+    /**
+     * Tweak a private key by multiplying it by a tweak.
+     */
+    public fun privKeyTweakMul(privkey: ByteArray, tweak: ByteArray): ByteArray
+
+    /**
+     * Negate the given public key.
+     * Returns the uncompressed public key (65 bytes).
+     */
     public fun pubKeyNegate(pubkey: ByteArray): ByteArray
 
+    /**
+     * Tweak a public key by adding tweak times the generator to it.
+     * Returns the uncompressed public key (65 bytes).
+     */
     public fun pubKeyTweakAdd(pubkey: ByteArray, tweak: ByteArray): ByteArray
 
+    /**
+     * Tweak a public key by multiplying it by a tweak value.
+     * Returns the uncompressed public key (65 bytes).
+     */
     public fun pubKeyTweakMul(pubkey: ByteArray, tweak: ByteArray): ByteArray
 
-    public fun pubKeyAdd(pubkey1: ByteArray, pubkey2: ByteArray): ByteArray
+    /**
+     * Add a number of public keys together.
+     * Returns the uncompressed public key (65 bytes).
+     */
+    public fun pubKeyCombine(pubkeys: Array<ByteArray>): ByteArray
 
-    public fun ecdh(seckey: ByteArray, pubkey: ByteArray): ByteArray
+    /**
+     * Compute an elliptic curve Diffie-Hellman secret.
+     */
+    public fun ecdh(privkey: ByteArray, pubkey: ByteArray): ByteArray
 
+    /**
+     * Recover a public key from an ECDSA signature.
+     *
+     * @param sig ecdsa compact signature (64 bytes).
+     * @param message message signed.
+     * @param recid recoveryId (should have been provided with the signature to allow recovery).
+     */
     public fun ecdsaRecover(sig: ByteArray, message: ByteArray, recid: Int): ByteArray
 
+    /**
+     * Convert a compact ECDSA signature (64 bytes) to a der-encoded ECDSA signature.
+     */
     public fun compact2der(sig: ByteArray): ByteArray
 
-    public fun pubKeyCompress(pubkey: ByteArray) : ByteArray {
+    /**
+     * Serialize a public key to compact form (33 bytes).
+     */
+    public fun pubKeyCompress(pubkey: ByteArray): ByteArray {
         return when {
             pubkey.size == 33 && (pubkey[0] == 2.toByte() || pubkey[0] == 3.toByte()) -> pubkey
             pubkey.size == 65 && pubkey[0] == 4.toByte() -> {
-                val pub1 = pubkey.copyOf(33)
+                val compressed = pubkey.copyOf(33)
-                pub1[0] = if (pubkey.last() % 2 == 0) 2.toByte() else 3.toByte()
+                compressed[0] = if (pubkey.last() % 2 == 0) 2.toByte() else 3.toByte()
-                pub1
+                compressed
             }
             else -> throw Secp256k1Exception("invalid public key")
         }
     }
 
+    /**
+     * Delete the secp256k1 context from dynamic memory.
+     */
+    public fun cleanup()
+
     public companion object : Secp256k1 by getSecpk256k1() {
-        @JvmStatic public fun get(): Secp256k1 = this
+        @JvmStatic
+        public fun get(): Secp256k1 = this
     }
 }
 
 internal expect fun getSecpk256k1(): Secp256k1
 
-public class Secp256k1Exception : RuntimeException {
+public open class Secp256k1Exception : RuntimeException {
-    public constructor() : super() {}
+    public constructor() : super()
-    public constructor(message: String?) : super(message) {}
+    public constructor(message: String?) : super(message)
+}
+
+public class Secp256k1ErrorCallbackException : Secp256k1Exception {
+    public constructor() : super()
+    public constructor(message: String?) : super(message)
+}
+
+public class Secp256k1IllegalCallbackException : Secp256k1Exception {
+    public constructor() : super()
+    public constructor(message: String?) : super(message)
 }

src/jvmMain/kotlin/fr/acinq/secp256k1/Secp256k1Jvm.kt

@@ -20,12 +20,12 @@ import java.util.*
 
 
 private fun tryLoad(platform: String): Secp256k1? {
-    try {
+    return try {
-        val cls = Class.forName("fr.acinq.secp256k1.jni.NativeSecp256k1${platform.capitalize(Locale.ROOT)}Loader")
+        val cls = Class.forName("fr.acinq.secp256k1.jni.NativeSecp256k1${platform.replaceFirstChar { if (it.isLowerCase()) it.titlecase(Locale.ROOT) else it.toString() }}Loader")
         val load = cls.getMethod("load")
-        return load.invoke(null) as Secp256k1
+        load.invoke(null) as Secp256k1
     } catch (ex: ClassNotFoundException) {
-        return null
+        null
     }
 }
 

src/nativeInterop/cinterop/libsecp256k1.def

@@ -1,7 +1,7 @@
 package = secp256k1
 
-headers = secp256k1.h secp256k1_ecdh.h secp256k1_recovery.h
+headers = secp256k1.h secp256k1_ecdh.h secp256k1_recovery.h secp256k1_extrakeys.h secp256k1_schnorrsig.h
-headerFilter = secp256k1/** secp256k1_ecdh.h secp256k1_recovery.h secp256k1.h
+headerFilter = secp256k1/** secp256k1_ecdh.h secp256k1_recovery.h secp256k1_extrakeys.h secp256k1_schnorrsig.h secp256k1.h
 
 libraryPaths.linux = c/secp256k1/build/linux/
 linkerOpts.linux = -L/usr/lib64 -L/usr/lib/x86_64-linux-gnu -L/usr/local/lib

src/nativeMain/kotlin/fr/acinq/secp256k1/Secp256k1Native.kt

@@ -4,15 +4,67 @@ import kotlinx.cinterop.*
 import platform.posix.size_tVar
 import secp256k1.*
 
-@OptIn(ExperimentalUnsignedTypes::class)
+private typealias Secp256k1CallbackHandler = (String) -> Unit
+
+@OptIn(ExperimentalStdlibApi::class)
+private class CallbackHandler(ctx: CPointer<secp256k1_context>) : AutoCloseable {
+    var illegalCallBackMessage: String? = null
+    val illegalHandler: Secp256k1CallbackHandler = { x: String -> illegalCallBackMessage = x }
+    val illegalCallbackRef = StableRef.create(illegalHandler)
+    var errorCallBackMessage: String? = null
+    val errorHandler: Secp256k1CallbackHandler = { x: String -> errorCallBackMessage = x }
+    val errorCallbackRef = StableRef.create(errorHandler)
+
+    init {
+        secp256k1_context_set_error_callback(
+            ctx, staticCFunction { buffer: CPointer<ByteVar>?, data: COpaquePointer? ->
+                if (data != null) {
+                    val callback = data.asStableRef<Secp256k1CallbackHandler>().get()
+                    callback(buffer?.toKString() ?: "error callback triggered")
+                }
+            },
+            errorCallbackRef.asCPointer()
+        )
+        secp256k1_context_set_illegal_callback(
+            ctx, staticCFunction { buffer: CPointer<ByteVar>?, data: COpaquePointer? ->
+                if (data != null) {
+                    val callback = data.asStableRef<Secp256k1CallbackHandler>().get()
+                    callback(buffer?.toKString() ?: "illegal callback triggered")
+                }
+            },
+            illegalCallbackRef.asCPointer()
+        )
+    }
+
+    fun checkForErrors() {
+        errorCallBackMessage?.let { throw Secp256k1ErrorCallbackException(it) }
+        illegalCallBackMessage?.let { throw Secp256k1IllegalCallbackException(it) }
+    }
+
+    override fun close() {
+        // StableRef instances have to be disposed of manually
+        illegalCallbackRef.dispose()
+        errorCallbackRef.dispose()
+    }
+}
+
+@OptIn(ExperimentalUnsignedTypes::class, ExperimentalStdlibApi::class)
 public object Secp256k1Native : Secp256k1 {
 
     private val ctx: CPointer<secp256k1_context> by lazy {
+
         secp256k1_context_create((SECP256K1_FLAGS_TYPE_CONTEXT or SECP256K1_FLAGS_BIT_CONTEXT_SIGN or SECP256K1_FLAGS_BIT_CONTEXT_VERIFY).toUInt())
-            ?: error("Could not create segp256k1 context")
+            ?: error("Could not create secp256k1 context")
     }
 
-    private fun Int.requireSuccess(message: String): Int = if (this != 1) throw Secp256k1Exception(message) else this
+    private fun Int.requireSuccess(message: String): Int {
+        return if (this != 1) throw Secp256k1Exception(message) else this
+    }
+
+    private fun Int.requireSuccess(callbackHandler: CallbackHandler, message: String): Int {
+        callbackHandler.checkForErrors()
+        return if (this != 1) throw Secp256k1Exception(message) else this
+    }
 
     private fun MemScope.allocSignature(input: ByteArray): secp256k1_ecdsa_signature {
         val sig = alloc<secp256k1_ecdsa_signature>()
@@ -55,61 +107,246 @@ public object Secp256k1Native : Secp256k1 {
         return pinned.addressOf(0)
     }
 
-    public override fun verify(signature: ByteArray, data: ByteArray, pub: ByteArray): Boolean {
+    public override fun verify(signature: ByteArray, message: ByteArray, pubkey: ByteArray): Boolean {
-        require(data.size == 32)
+        require(message.size == 32)
-        require(pub.size == 33 || pub.size == 65)
+        require(pubkey.size == 33 || pubkey.size == 65)
-        memScoped {
+        CallbackHandler(ctx).use { callbackHandler ->
-            val nPubkey = allocPublicKey(pub)
+            memScoped {
-            val nData = toNat(data)
+                val nPubkey = allocPublicKey(pubkey)
-            val nSig = allocSignature(signature)
+                val nMessage = toNat(message)
-            return secp256k1_ecdsa_verify(ctx, nSig.ptr, nData, nPubkey.ptr) == 1
+                val nSig = allocSignature(signature)
+                val verify = secp256k1_ecdsa_verify(ctx, nSig.ptr, nMessage, nPubkey.ptr)
+                callbackHandler.checkForErrors()
+                return verify == 1
+            }
         }
     }
 
-    public override fun sign(data: ByteArray, sec: ByteArray): ByteArray {
+    public override fun sign(message: ByteArray, privkey: ByteArray): ByteArray {
-        require(sec.size == 32)
+        require(privkey.size == 32)
-        require(data.size == 32)
+        require(message.size == 32)
-        memScoped {
+        CallbackHandler(ctx).use { callbackHandler ->
-            val nSec = toNat(sec)
+            memScoped {
-            val nData = toNat(data)
+                val nPrivkey = toNat(privkey)
-            val nSig = alloc<secp256k1_ecdsa_signature>()
+                val nMessage = toNat(message)
-            secp256k1_ecdsa_sign(ctx, nSig.ptr, nData, nSec, null, null).requireSuccess("secp256k1_ecdsa_sign() failed")
+                val nSig = alloc<secp256k1_ecdsa_signature>()
-            return serializeSignature(nSig)
+                secp256k1_ecdsa_sign(ctx, nSig.ptr, nMessage, nPrivkey, null, null).requireSuccess(callbackHandler, "secp256k1_ecdsa_sign() failed")
+                return serializeSignature(nSig)
+            }
         }
     }
 
     public override fun signatureNormalize(sig: ByteArray): Pair<ByteArray, Boolean> {
-        require(sig.size >= 64){ "invalid signature ${Hex.encode(sig)}" }
+        require(sig.size >= 64) { "invalid signature ${Hex.encode(sig)}" }
-        memScoped {
+        CallbackHandler(ctx).use { callbackHandler ->
-            val nSig = allocSignature(sig)
+            memScoped {
-            val isHighS = secp256k1_ecdsa_signature_normalize(ctx, nSig.ptr, nSig.ptr)
+                val nSig = allocSignature(sig)
-            return Pair(serializeSignature(nSig), isHighS == 1)
+                val isHighS = secp256k1_ecdsa_signature_normalize(ctx, nSig.ptr, nSig.ptr)
+                callbackHandler.checkForErrors()
+                return Pair(serializeSignature(nSig), isHighS == 1)
+            }
         }
     }
 
-    public override fun secKeyVerify(seckey: ByteArray): Boolean {
+    public override fun secKeyVerify(privkey: ByteArray): Boolean {
-        require(seckey.size == 32)
+        if (privkey.size != 32) return false
-        memScoped {
+        CallbackHandler(ctx).use { callbackHandler ->
-            val nSec = toNat(seckey)
+            memScoped {
-            return secp256k1_ec_seckey_verify(ctx, nSec) == 1
+                val nPrivkey = toNat(privkey)
+                val result = secp256k1_ec_seckey_verify(ctx, nPrivkey) == 1
+                callbackHandler.checkForErrors()
+                return result
+            }
         }
     }
 
-    public override fun pubkeyCreate(seckey: ByteArray): ByteArray {
+    public override fun pubkeyCreate(privkey: ByteArray): ByteArray {
-        require(seckey.size == 32)
+        require(privkey.size == 32)
-        memScoped {
+        CallbackHandler(ctx).use { callbackHandler ->
-            val nSec = toNat(seckey)
+            memScoped {
-            val nPubkey = alloc<secp256k1_pubkey>()
+                val nPrivkey = toNat(privkey)
-            secp256k1_ec_pubkey_create(ctx, nPubkey.ptr, nSec).requireSuccess("secp256k1_ec_pubkey_create() failed")
+                val nPubkey = alloc<secp256k1_pubkey>()
-            return serializePubkey(nPubkey)
+                secp256k1_ec_pubkey_create(ctx, nPubkey.ptr, nPrivkey).requireSuccess(callbackHandler, "secp256k1_ec_pubkey_create() failed")
+                return serializePubkey(nPubkey)
+            }
         }
     }
 
     public override fun pubkeyParse(pubkey: ByteArray): ByteArray {
         require(pubkey.size == 33 || pubkey.size == 65)
-        memScoped {
+        CallbackHandler(ctx).use { callbackHandler ->
-            val nPubkey = allocPublicKey(pubkey)
+            memScoped {
-            return serializePubkey(nPubkey)
+                val nPubkey = allocPublicKey(pubkey)
+                val result = serializePubkey(nPubkey)
+                callbackHandler.checkForErrors()
+                return result
+            }
+        }
+    }
+
+    public override fun privKeyNegate(privkey: ByteArray): ByteArray {
+        require(privkey.size == 32)
+        CallbackHandler(ctx).use { callbackHandler ->
+            memScoped {
+                val negated = privkey.copyOf()
+                val negPriv = toNat(negated)
+                secp256k1_ec_seckey_negate(ctx, negPriv).requireSuccess(callbackHandler, "secp256k1_ec_seckey_negate() failed")
+                return negated
+            }
+        }
+    }
+
+    public override fun privKeyTweakAdd(privkey: ByteArray, tweak: ByteArray): ByteArray {
+        require(privkey.size == 32)
+        CallbackHandler(ctx).use { callbackHandler ->
+            memScoped {
+                val added = privkey.copyOf()
+                val natAdd = toNat(added)
+                val natTweak = toNat(tweak)
+                secp256k1_ec_seckey_tweak_add(ctx, natAdd, natTweak).requireSuccess(callbackHandler, "secp256k1_ec_seckey_tweak_add() failed")
+                return added
+            }
+        }
+    }
+
+    public override fun privKeyTweakMul(privkey: ByteArray, tweak: ByteArray): ByteArray {
+        require(privkey.size == 32)
+        CallbackHandler(ctx).use { callbackHandler ->
+            memScoped {
+                val multiplied = privkey.copyOf()
+                val natMul = toNat(multiplied)
+                val natTweak = toNat(tweak)
+                secp256k1_ec_privkey_tweak_mul(ctx, natMul, natTweak).requireSuccess(callbackHandler, "secp256k1_ec_privkey_tweak_mul() failed")
+                return multiplied
+            }
+        }
+    }
+
+    public override fun pubKeyNegate(pubkey: ByteArray): ByteArray {
+        require(pubkey.size == 33 || pubkey.size == 65)
+        CallbackHandler(ctx).use { callbackHandler ->
+            memScoped {
+                val nPubkey = allocPublicKey(pubkey)
+                secp256k1_ec_pubkey_negate(ctx, nPubkey.ptr).requireSuccess(callbackHandler, "secp256k1_ec_pubkey_negate() failed")
+                return serializePubkey(nPubkey)
+            }
+        }
+    }
+
+    public override fun pubKeyTweakAdd(pubkey: ByteArray, tweak: ByteArray): ByteArray {
+        require(pubkey.size == 33 || pubkey.size == 65)
+        CallbackHandler(ctx).use { callbackHandler ->
+            memScoped {
+                val nPubkey = allocPublicKey(pubkey)
+                val nTweak = toNat(tweak)
+                secp256k1_ec_pubkey_tweak_add(ctx, nPubkey.ptr, nTweak).requireSuccess(callbackHandler, "secp256k1_ec_pubkey_tweak_add() failed")
+                return serializePubkey(nPubkey)
+            }
+        }
+    }
+
+    public override fun pubKeyTweakMul(pubkey: ByteArray, tweak: ByteArray): ByteArray {
+        require(pubkey.size == 33 || pubkey.size == 65)
+        CallbackHandler(ctx).use { callbackHandler ->
+            memScoped {
+                val nPubkey = allocPublicKey(pubkey)
+                val nTweak = toNat(tweak)
+                secp256k1_ec_pubkey_tweak_mul(ctx, nPubkey.ptr, nTweak).requireSuccess(callbackHandler, "secp256k1_ec_pubkey_tweak_mul() failed")
+                return serializePubkey(nPubkey)
+            }
+        }
+    }
+
+    public override fun pubKeyCombine(pubkeys: Array<ByteArray>): ByteArray {
+        pubkeys.forEach { require(it.size == 33 || it.size == 65) }
+        CallbackHandler(ctx).use { callbackHandler ->
+            memScoped {
+                val nPubkeys = pubkeys.map { allocPublicKey(it).ptr }
+                val combined = alloc<secp256k1_pubkey>()
+                secp256k1_ec_pubkey_combine(ctx, combined.ptr, nPubkeys.toCValues(), pubkeys.size.convert()).requireSuccess(callbackHandler, "secp256k1_ec_pubkey_combine() failed")
+                return serializePubkey(combined)
+            }
+        }
+    }
+
+    public override fun ecdh(privkey: ByteArray, pubkey: ByteArray): ByteArray {
+        require(privkey.size == 32)
+        require(pubkey.size == 33 || pubkey.size == 65)
+        CallbackHandler(ctx).use { callbackHandler ->
+            memScoped {
+                val nPubkey = allocPublicKey(pubkey)
+                val nPrivkey = toNat(privkey)
+                val output = allocArray<UByteVar>(32)
+                secp256k1_ecdh(ctx, output, nPubkey.ptr, nPrivkey, null, null).requireSuccess(callbackHandler, "secp256k1_ecdh() failed")
+                return output.readBytes(32)
+            }
+        }
+    }
+
+    public override fun ecdsaRecover(sig: ByteArray, message: ByteArray, recid: Int): ByteArray {
+        require(sig.size == 64)
+        require(message.size == 32)
+        // we do not check that recid is valid, which should trigger our illegal callback handler to throw a Secp256k1IllegalCallbackException
+        // require(recid in 0..3)
+
+        CallbackHandler(ctx).use { callbackHandler ->
+            memScoped {
+                val nSig = toNat(sig)
+                val rSig = alloc<secp256k1_ecdsa_recoverable_signature>()
+                secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, rSig.ptr, nSig, recid).requireSuccess(callbackHandler, "secp256k1_ecdsa_recoverable_signature_parse_compact() failed")
+                val nMessage = toNat(message)
+                val pubkey = alloc<secp256k1_pubkey>()
+                secp256k1_ecdsa_recover(ctx, pubkey.ptr, rSig.ptr, nMessage).requireSuccess(callbackHandler, "secp256k1_ecdsa_recover() failed")
+                return serializePubkey(pubkey)
+            }
+        }
+    }
+
+    public override fun compact2der(sig: ByteArray): ByteArray {
+        require(sig.size == 64)
+        CallbackHandler(ctx).use { callbackHandler ->
+            memScoped {
+                val nSig = allocSignature(sig)
+                val natOutput = allocArray<UByteVar>(73)
+                val len = alloc<size_tVar>()
+                len.value = 73.convert()
+                secp256k1_ecdsa_signature_serialize_der(ctx, natOutput, len.ptr, nSig.ptr).requireSuccess(callbackHandler, "secp256k1_ecdsa_signature_serialize_der() failed")
+                return natOutput.readBytes(len.value.toInt())
+            }
+        }
+    }
+
+    override fun verifySchnorr(signature: ByteArray, data: ByteArray, pub: ByteArray): Boolean {
+        require(signature.size == 64)
+        require(data.size == 32)
+        require(pub.size == 32)
+        CallbackHandler(ctx).use { callbackHandler ->
+            memScoped {
+                val nPub = toNat(pub)
+                val pubkey = alloc<secp256k1_xonly_pubkey>()
+                secp256k1_xonly_pubkey_parse(ctx, pubkey.ptr, nPub).requireSuccess(callbackHandler, "secp256k1_xonly_pubkey_parse() failed")
+                val nData = toNat(data)
+                val nSig = toNat(signature)
+                return secp256k1_schnorrsig_verify(ctx, nSig, nData, 32u, pubkey.ptr) == 1
+            }
+        }
+    }
+
+    override fun signSchnorr(data: ByteArray, sec: ByteArray, auxrand32: ByteArray?): ByteArray {
+        require(sec.size == 32)
+        require(data.size == 32)
+        auxrand32?.let { require(it.size == 32) }
+        CallbackHandler(ctx).use { callbackHandler ->
+            memScoped {
+                val nSec = toNat(sec)
+                val nData = toNat(data)
+                val nAuxrand32 = auxrand32?.let { toNat(it) }
+                val nSig = allocArray<UByteVar>(64)
+                val keypair = alloc<secp256k1_keypair>()
+                secp256k1_keypair_create(ctx, keypair.ptr, nSec).requireSuccess(callbackHandler, "secp256k1_keypair_create() failed")
+                secp256k1_schnorrsig_sign32(ctx, nSig, nData, keypair.ptr, nAuxrand32).requireSuccess(callbackHandler, "secp256k1_ecdsa_sign() failed")
+                return nSig.readBytes(64)
+            }
         }
     }
     
@@ -117,116 +354,7 @@ public object Secp256k1Native : Secp256k1 {
         secp256k1_context_destroy(ctx)
     }
 
-    public override fun privKeyNegate(privkey: ByteArray): ByteArray {
-        require(privkey.size == 32)
-        memScoped {
-            val negated = privkey.copyOf()
-            val negPriv = toNat(negated)
-            secp256k1_ec_privkey_negate(ctx, negPriv).requireSuccess("secp256k1_ec_privkey_negate() failed")
-            return negated
-        }
-    }
 
-    public override fun privKeyTweakMul(privkey: ByteArray, tweak: ByteArray): ByteArray {
-        require(privkey.size == 32)
-        memScoped {
-            val multiplied = privkey.copyOf()
-            val natMul = toNat(multiplied)
-            val natTweak = toNat(tweak)
-            secp256k1_ec_privkey_tweak_mul(ctx, natMul, natTweak).requireSuccess("secp256k1_ec_privkey_tweak_mul() failed")
-            return multiplied
-        }
-    }
-
-    public override fun privKeyTweakAdd(privkey: ByteArray, tweak: ByteArray): ByteArray {
-        require(privkey.size == 32)
-        memScoped {
-            val added = privkey.copyOf()
-            val natAdd = toNat(added)
-            val natTweak = toNat(tweak)
-            secp256k1_ec_privkey_tweak_add(ctx, natAdd, natTweak).requireSuccess("secp256k1_ec_privkey_tweak_add() failed")
-            return added
-        }
-    }
-
-    public override fun pubKeyNegate(pubkey: ByteArray): ByteArray {
-        require(pubkey.size == 33 || pubkey.size == 65)
-        memScoped {
-            val nPubkey = allocPublicKey(pubkey)
-            secp256k1_ec_pubkey_negate(ctx, nPubkey.ptr).requireSuccess("secp256k1_ec_pubkey_negate() failed")
-            return serializePubkey(nPubkey)
-        }
-    }
-
-    public override fun pubKeyTweakAdd(pubkey: ByteArray, tweak: ByteArray): ByteArray {
-        require(pubkey.size == 33 || pubkey.size == 65)
-        memScoped {
-            val nPubkey = allocPublicKey(pubkey)
-            val nTweak = toNat(tweak)
-            secp256k1_ec_pubkey_tweak_add(ctx, nPubkey.ptr, nTweak).requireSuccess("secp256k1_ec_pubkey_tweak_add() failed")
-            return serializePubkey(nPubkey)
-        }
-    }
-
-    public override fun pubKeyTweakMul(pubkey: ByteArray, tweak: ByteArray): ByteArray {
-        require(pubkey.size == 33 || pubkey.size == 65)
-        memScoped {
-            val nPubkey = allocPublicKey(pubkey)
-            val nTweak = toNat(tweak)
-            secp256k1_ec_pubkey_tweak_mul(ctx, nPubkey.ptr, nTweak).requireSuccess("secp256k1_ec_pubkey_tweak_mul() failed")
-            return serializePubkey(nPubkey)
-        }
-    }
-
-    public override fun pubKeyAdd(pubkey1: ByteArray, pubkey2: ByteArray): ByteArray {
-        require(pubkey1.size == 33 || pubkey1.size == 65)
-        require(pubkey2.size == 33 || pubkey2.size == 65)
-        memScoped {
-            val nPubkey1 = allocPublicKey(pubkey1)
-            val nPubkey2 = allocPublicKey(pubkey2)
-            val combined = alloc<secp256k1_pubkey>()
-            secp256k1_ec_pubkey_combine(ctx, combined.ptr, cValuesOf(nPubkey1.ptr, nPubkey2.ptr), 2.convert()).requireSuccess("secp256k1_ec_pubkey_combine() failed")
-            return serializePubkey(combined)
-        }
-    }
-
-    public override fun ecdh(seckey: ByteArray, pubkey: ByteArray): ByteArray {
-        require(seckey.size == 32)
-        require(pubkey.size == 33 || pubkey.size == 65)
-        memScoped {
-            val nPubkey = allocPublicKey(pubkey)
-            val nSeckey = toNat(seckey)
-            val output = allocArray<UByteVar>(32)
-            secp256k1_ecdh(ctx, output, nPubkey.ptr, nSeckey, null, null).requireSuccess("secp256k1_ecdh() failed")
-            return output.readBytes(32)
-        }
-    }
-
-    public override fun ecdsaRecover(sig: ByteArray, message: ByteArray, recid: Int): ByteArray {
-        require(sig.size == 64)
-        require(message.size == 32)
-        memScoped {
-            val nSig = toNat(sig)
-            val rSig = alloc<secp256k1_ecdsa_recoverable_signature>()
-            secp256k1_ecdsa_recoverable_signature_parse_compact(ctx, rSig.ptr, nSig, recid).requireSuccess("secp256k1_ecdsa_recoverable_signature_parse_compact() failed")
-            val nMessage = toNat(message)
-            val pubkey = alloc<secp256k1_pubkey>()
-            secp256k1_ecdsa_recover(ctx, pubkey.ptr, rSig.ptr, nMessage).requireSuccess("secp256k1_ecdsa_recover() failed")
-            return serializePubkey(pubkey)
-        }
-    }
-
-    public override fun compact2der(sig: ByteArray): ByteArray {
-        require(sig.size == 64)
-        memScoped {
-            val nSig = allocSignature(sig)
-            val natOutput = allocArray<UByteVar>(73)
-            val len = alloc<size_tVar>()
-            len.value = 73.convert()
-            secp256k1_ecdsa_signature_serialize_der(ctx, natOutput, len.ptr, nSig.ptr).requireSuccess("secp256k1_ecdsa_signature_serialize_der() failed")
-            return natOutput.readBytes(len.value.toInt())
-        }
-    }
 }
 
 internal actual fun getSecpk256k1(): Secp256k1 = Secp256k1Native

tests/build.gradle.kts

@@ -1,11 +1,16 @@
+
 plugins {
     kotlin("multiplatform")
-    id("com.android.library")
+    if (System.getProperty("includeAndroid")?.toBoolean() == true) {
+        id("com.android.library")
+    }
 }
 
 kotlin {
     explicitApi()
 
+    val includeAndroid = System.getProperty("includeAndroid")?.toBoolean() ?: true
+
     val commonMain by sourceSets.getting {
         dependencies {
             implementation(rootProject)
@@ -13,6 +18,7 @@ kotlin {
     }
     val commonTest by sourceSets.getting {
         dependencies {
+            implementation(kotlin("test-common"))
             implementation(kotlin("test-annotations-common"))
         }
     }
@@ -29,17 +35,19 @@ kotlin {
         }
     }
 
-    android {
+    if (includeAndroid) {
-        compilations.all {
+        android {
-            kotlinOptions.jvmTarget = "1.8"
+            compilations.all {
-        }
+                kotlinOptions.jvmTarget = "1.8"
-        sourceSets["androidMain"].dependencies {
+            }
-            implementation(project(":jni:android"))
+            sourceSets["androidMain"].dependencies {
-        }
+                implementation(project(":jni:android"))
-        sourceSets["androidTest"].dependencies {
+            }
-            implementation(kotlin("test-junit"))
+            sourceSets["androidTest"].dependencies {
-            implementation("androidx.test.ext:junit:1.1.2")
+                implementation(kotlin("test-junit"))
-            implementation("androidx.test.espresso:espresso-core:3.3.0")
+                implementation("androidx.test.ext:junit:1.1.2")
+                implementation("androidx.test.espresso:espresso-core:3.3.0")
+            }
         }
     }
 
@@ -48,23 +56,26 @@ kotlin {
     ios()
 }
 
-android {
+val includeAndroid = System.getProperty("includeAndroid")?.toBoolean() ?: true
-    defaultConfig {
+if (includeAndroid) {
-        compileSdkVersion(30)
+    extensions.configure<com.android.build.gradle.LibraryExtension>("android") {
-        minSdkVersion(21)
+        defaultConfig {
-        testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"
+            compileSdkVersion(30)
-    }
+            minSdkVersion(21)
+            testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner"
+        }
 
-    compileOptions {
+        compileOptions {
-        sourceCompatibility = JavaVersion.VERSION_1_8
+            sourceCompatibility = JavaVersion.VERSION_1_8
-        targetCompatibility = JavaVersion.VERSION_1_8
+            targetCompatibility = JavaVersion.VERSION_1_8
-    }
+        }
 
-    sourceSets["main"].manifest.srcFile("src/androidMain/AndroidManifest.xml")
+        sourceSets["main"].manifest.srcFile("src/androidMain/AndroidManifest.xml")
 
-    afterEvaluate {
+        afterEvaluate {
-        tasks.withType<com.android.build.gradle.tasks.factory.AndroidUnitTest>().all {
+            tasks.withType<com.android.build.gradle.tasks.factory.AndroidUnitTest>().all {
-            enabled = false
+                enabled = false
+            }
         }
     }
 }

tests/src/androidTest/java/fr/acinq/secp256k1/AndroidTest.kt

@@ -1,7 +0,0 @@
-package fr.acinq.secp256k1
-
-import org.junit.Test
-import kotlin.test.assertEquals
-
-
-class AndroidTest {}

tests/src/commonTest/kotlin/fr/acinq/secp256k1/Secp256k1Test.kt

@@ -3,272 +3,362 @@ package fr.acinq.secp256k1
 import kotlin.random.Random
 import kotlin.test.*
 
-
-/**
- * This class holds test cases defined for testing this library.
- */
 class Secp256k1Test {
-    //TODO improve comments/add more tests
 
     @Test
-    fun testVerifyPos() {
+    fun verifyValidPrivateKey() {
-        var result: Boolean
+        val priv = Hex.decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".lowercase())
-        val data: ByteArray = Hex.decode("CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A90".toLowerCase()) //sha256hash of "testing"
+        assertTrue(Secp256k1.secKeyVerify(priv))
-        val sig: ByteArray = Hex.decode("3044022079BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F817980220294F14E883B3F525B5367756C2A11EF6CF84B730B36C17CB0C56F0AAB2C98589".toLowerCase())
-        val pub: ByteArray = Hex.decode("040A629506E1B65CD9D2E0BA9C75DF9C4FED0DB16DC9625ED14397F0AFC836FAE595DC53F8B0EFE61E703075BD9B143BAC75EC0E19F82A2208CAEB32BE53414C40".toLowerCase())
-        result = Secp256k1.verify(sig, data, pub)
-        assertTrue(result, "testVerifyPos")
-        val sigCompact: ByteArray = Hex.decode("79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798294F14E883B3F525B5367756C2A11EF6CF84B730B36C17CB0C56F0AAB2C98589".toLowerCase())
-        result = Secp256k1.verify(sigCompact, data, pub)
-        assertTrue(result, "testVerifyPos")
     }
 
     @Test
-    fun testVerifyNeg() {
+    fun verifyInvalidPrivateKey() {
-        var result: Boolean
+        val invalidSize = Hex.decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A106353001")
-        val data: ByteArray = Hex.decode("CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A91".toLowerCase()) //sha256hash of "testing"
+        assertFalse(Secp256k1.secKeyVerify(invalidSize))
-        val sig: ByteArray = Hex.decode("3044022079BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F817980220294F14E883B3F525B5367756C2A11EF6CF84B730B36C17CB0C56F0AAB2C98589".toLowerCase())
+        val curveOrder = Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141".lowercase())
-        val pub: ByteArray = Hex.decode("040A629506E1B65CD9D2E0BA9C75DF9C4FED0DB16DC9625ED14397F0AFC836FAE595DC53F8B0EFE61E703075BD9B143BAC75EC0E19F82A2208CAEB32BE53414C40".toLowerCase())
+        assertFalse(Secp256k1.secKeyVerify(curveOrder))
-        result = Secp256k1.verify(sig, data, pub)
+        val zero = Hex.decode("0000000000000000000000000000000000000000000000000000000000000000".lowercase())
-        assertFalse(result, "testVerifyNeg")
+        assertFalse(Secp256k1.secKeyVerify(zero))
     }
 
     @Test
-    fun testSecKeyVerifyPos() {
+    fun createValidPublicKey() {
-        var result: Boolean
+        val priv = Hex.decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".lowercase())
-        val sec: ByteArray = Hex.decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".toLowerCase())
+        val pub = Secp256k1.pubkeyCreate(priv)
-        result = Secp256k1.secKeyVerify(sec)
-        assertTrue(result, "testSecKeyVerifyPos")
-    }
-
-    @Test
-    fun testSecKeyVerifyNeg() {
-        var result: Boolean
-        val sec: ByteArray = Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF".toLowerCase())
-        result = Secp256k1.secKeyVerify(sec)
-        assertFalse(result, "testSecKeyVerifyNeg")
-    }
-
-    @Test
-    fun testPubKeyCreatePos() {
-        val sec: ByteArray = Hex.decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".toLowerCase())
-        val resultArr: ByteArray = Secp256k1.pubkeyCreate(sec)
-        val pubkeyString: String = Hex.encode(resultArr).toUpperCase()
         assertEquals(
             "04C591A8FF19AC9C4E4E5793673B83123437E975285E7B442F4EE2654DFFCA5E2D2103ED494718C697AC9AEBCFD19612E224DB46661011863ED2FC54E71861E2A6",
-            pubkeyString,
+            Hex.encode(pub).uppercase(),
-            "testPubKeyCreatePos"
         )
     }
 
     @Test
-    fun testPubKeyCreateNeg() {
+    fun createInvalidPublicKey() {
-        val sec: ByteArray = Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF".toLowerCase())
+        assertFailsWith<Secp256k1Exception> { Secp256k1.pubkeyCreate(Hex.decode("0000000000000000000000000000000000000000000000000000000000000000".lowercase())) }
-        assertFailsWith<Secp256k1Exception> {
+        assertFailsWith<Secp256k1Exception> { Secp256k1.pubkeyCreate(Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141".lowercase())) }
-            Secp256k1.pubkeyCreate(sec)
+        assertFailsWith<Secp256k1Exception> { Secp256k1.pubkeyCreate(Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF".lowercase())) }
-        }
     }
 
     @Test
-    fun testPubkeyCompress() {
+    fun compressPublicKey() {
         val pub = Hex.decode("04C591A8FF19AC9C4E4E5793673B83123437E975285E7B442F4EE2654DFFCA5E2D2103ED494718C697AC9AEBCFD19612E224DB46661011863ED2FC54E71861E2A6")
         val compressed = Secp256k1.pubKeyCompress(pub)
-        assertEquals("02C591A8FF19AC9C4E4E5793673B83123437E975285E7B442F4EE2654DFFCA5E2D", Hex.encode(compressed).toUpperCase())
+        assertEquals("02C591A8FF19AC9C4E4E5793673B83123437E975285E7B442F4EE2654DFFCA5E2D", Hex.encode(compressed).uppercase())
     }
 
     @Test
-    fun testPubKeyNegatePos() {
+    fun negatePublicKey() {
-        val sec: ByteArray = Hex.decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".toLowerCase())
+        val priv = Hex.decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".lowercase())
-        val pubkey: ByteArray = Secp256k1.pubkeyCreate(sec)
+        val pub = Secp256k1.pubkeyCreate(priv)
-        val pubkeyString: String = Hex.encode(pubkey).toUpperCase()
         assertEquals(
             "04C591A8FF19AC9C4E4E5793673B83123437E975285E7B442F4EE2654DFFCA5E2D2103ED494718C697AC9AEBCFD19612E224DB46661011863ED2FC54E71861E2A6",
-            pubkeyString,
+            Hex.encode(pub).uppercase(),
-            "testPubKeyCreatePos"
         )
-        val pubkey1: ByteArray = Secp256k1.pubKeyNegate(pubkey)
+        assertEquals(
-        val pubkeyString1: String = Hex.encode(pubkey1).toUpperCase()
+            "02C591A8FF19AC9C4E4E5793673B83123437E975285E7B442F4EE2654DFFCA5E2D",
+            Hex.encode(Secp256k1.pubKeyCompress(pub)).uppercase()
+        )
+        val npub = Secp256k1.pubKeyNegate(pub)
         assertEquals(
             "04C591A8FF19AC9C4E4E5793673B83123437E975285E7B442F4EE2654DFFCA5E2DDEFC12B6B8E73968536514302E69ED1DDB24B999EFEE79C12D03AB17E79E1989",
-            pubkeyString1,
+            Hex.encode(npub).uppercase(),
-            "testPubKeyNegatePos"
         )
+        assertEquals(
+            "03C591A8FF19AC9C4E4E5793673B83123437E975285E7B442F4EE2654DFFCA5E2D",
+            Hex.encode(Secp256k1.pubKeyCompress(npub)).uppercase()
+        )
+        val nnpub = Secp256k1.pubKeyNegate(npub)
+        assertContentEquals(pub, nnpub)
     }
 
     @Test
-    fun testPubKeyParse() {
+    fun parsePublicKey() {
-        val pub: ByteArray = Hex.decode("02C591A8FF19AC9C4E4E5793673B83123437E975285E7B442F4EE2654DFFCA5E2D".toLowerCase())
+        val pub = Hex.decode("02C591A8FF19AC9C4E4E5793673B83123437E975285E7B442F4EE2654DFFCA5E2D".lowercase())
-        val resultArr: ByteArray = Secp256k1.pubkeyParse(pub)
+        val parsed1 = Secp256k1.pubkeyParse(pub)
-        val pubkeyString: String = Hex.encode(resultArr).toUpperCase()
         assertEquals(
             "04C591A8FF19AC9C4E4E5793673B83123437E975285E7B442F4EE2654DFFCA5E2D2103ED494718C697AC9AEBCFD19612E224DB46661011863ED2FC54E71861E2A6",
-            pubkeyString,
+            Hex.encode(parsed1).uppercase(),
-            "testPubKeyAdd"
         )
+        val parsed2 = Secp256k1.pubkeyParse(parsed1)
+        assertContentEquals(parsed1, parsed2)
     }
 
     @Test
-    fun testPubKeyAdd() {
+    fun parseInvalidPublicKey() {
-        val pub1: ByteArray = Hex.decode("041b84c5567b126440995d3ed5aaba0565d71e1834604819ff9c17f5e9d5dd078f70beaf8f588b541507fed6a642c5ab42dfdf8120a7f639de5122d47a69a8e8d1".toLowerCase())
+        // Not a valid curve point.
-        val pub2: ByteArray = Hex.decode("044d4b6cd1361032ca9bd2aeb9d900aa4d45d9ead80ac9423374c451a7254d07662a3eada2d0fe208b6d257ceb0f064284662e857f57b66b54c198bd310ded36d0".toLowerCase())
+        assertFailsWith<Secp256k1Exception> { Secp256k1.pubkeyParse(Hex.decode("02FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF".lowercase())) }
-        val pub3: ByteArray = Secp256k1.pubKeyAdd(pub1, pub2)
+        // Invalid first byte.
-        val pubkeyString: String = Hex.encode(pub3).toUpperCase()
+        assertFailsWith<Secp256k1Exception> { Secp256k1.pubkeyParse(Hex.decode("02C591A8FF19AC9C4E4E5793673B83123437E975285E7B442F4EE2654DFFCA5E2D2103ED494718C697AC9AEBCFD19612E224DB46661011863ED2FC54E71861E2A6".lowercase())) }
+        assertFailsWith<Secp256k1Exception> { Secp256k1.pubkeyParse(Hex.decode("03C591A8FF19AC9C4E4E5793673B83123437E975285E7B442F4EE2654DFFCA5E2D2103ED494718C697AC9AEBCFD19612E224DB46661011863ED2FC54E71861E2A6".lowercase())) }
+        assertFailsWith<Secp256k1Exception> { Secp256k1.pubkeyParse(Hex.decode("05C591A8FF19AC9C4E4E5793673B83123437E975285E7B442F4EE2654DFFCA5E2D2103ED494718C697AC9AEBCFD19612E224DB46661011863ED2FC54E71861E2A6".lowercase())) }
+        assertFailsWith<Secp256k1Exception> { Secp256k1.pubkeyParse(Hex.decode("01C591A8FF19AC9C4E4E5793673B83123437E975285E7B442F4EE2654DFFCA5E2D".lowercase())) }
+        assertFailsWith<Secp256k1Exception> { Secp256k1.pubkeyParse(Hex.decode("04C591A8FF19AC9C4E4E5793673B83123437E975285E7B442F4EE2654DFFCA5E2D".lowercase())) }
+    }
+
+    @Test
+    fun combinePublicKeys() {
+        // Mixture of compressed and uncompressed public keys.
+        val pub1 = Hex.decode("041b84c5567b126440995d3ed5aaba0565d71e1834604819ff9c17f5e9d5dd078f70beaf8f588b541507fed6a642c5ab42dfdf8120a7f639de5122d47a69a8e8d1")
+        val pub2 = Hex.decode("044d4b6cd1361032ca9bd2aeb9d900aa4d45d9ead80ac9423374c451a7254d07662a3eada2d0fe208b6d257ceb0f064284662e857f57b66b54c198bd310ded36d0")
+        val pub3 = Hex.decode("02eec7245d6b7d2ccb30380bfbe2a3648cd7a942653f5aa340edcea1f283686619")
+        val pub4 = Secp256k1.pubKeyCombine(arrayOf(pub1, pub2, pub3))
         assertEquals(
-            "04531FE6068134503D2723133227C867AC8FA6C83C537E9A44C3C5BDBDCB1FE3379E92C265E71E481BA82A84675A47AC705A200FCD524E92D93B0E7386F26A5458",
+            "042C0B7CF95324A07D05398B240174DC0C2BE444D96B159AA6C7F7B1E668680991AE31A9C671A36543F46CEA8FCE6984608AA316AA0472A7EED08847440218CB2F",
-            pubkeyString,
+            Hex.encode(pub4).uppercase(),
-            "testPubKeyAdd"
         )
     }
 
     @Test
-    fun testSignPos() {
+    fun createEcdsaSignature() {
-        val data: ByteArray = Hex.decode("CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A90".toLowerCase()) //sha256hash of "testing"
+        val message = Hex.decode("CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A90".lowercase()) //sha256hash of "testing"
-        val sec: ByteArray = Hex.decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".toLowerCase())
+        val priv = Hex.decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".lowercase())
-        val resultArr: ByteArray = Secp256k1.sign(data, sec)
+        val sig = Secp256k1.sign(message, priv)
-        val sigString: String = Hex.encode(resultArr).toUpperCase()
         assertEquals(
             "182A108E1448DC8F1FB467D06A0F3BB8EA0533584CB954EF8DA112F1D60E39A21C66F36DA211C087F3AF88B50EDF4F9BDAA6CF5FD6817E74DCA34DB12390C6E9",
-            sigString,
+            Hex.encode(sig).uppercase(),
-            "testSignPos"
         )
     }
 
     @Test
-    fun testSignatureNormalize() {
+    fun normalizeEcdsaSignature() {
-        val data: ByteArray = Hex.decode("30440220182A108E1448DC8F1FB467D06A0F3BB8EA0533584CB954EF8DA112F1D60E39A202201C66F36DA211C087F3AF88B50EDF4F9BDAA6CF5FD6817E74DCA34DB12390C6E9".toLowerCase())
+        val normalizedDerSig = Hex.decode("30440220182A108E1448DC8F1FB467D06A0F3BB8EA0533584CB954EF8DA112F1D60E39A202201C66F36DA211C087F3AF88B50EDF4F9BDAA6CF5FD6817E74DCA34DB12390C6E9".lowercase())
-        val (resultArr, isHighS) = Secp256k1.signatureNormalize(data)
+        val (normalizedCompactSig1, wasNotNormalized1) = Secp256k1.signatureNormalize(normalizedDerSig)
-        val sigString: String = Hex.encode(resultArr).toUpperCase()
+        assertFalse(wasNotNormalized1)
         assertEquals(
             "182A108E1448DC8F1FB467D06A0F3BB8EA0533584CB954EF8DA112F1D60E39A21C66F36DA211C087F3AF88B50EDF4F9BDAA6CF5FD6817E74DCA34DB12390C6E9",
-            sigString,
+            Hex.encode(normalizedCompactSig1).uppercase(),
-            "testSignPos"
+        )
+        val notNormalizedDerSig = Hex.decode("30450220182A108E1448DC8F1FB467D06A0F3BB8EA0533584CB954EF8DA112F1D60E39A2022100E3990C925DEE3F780C50774AF120B062E0080D86D8C721C6E32F10DBACA57A58".lowercase())
+        val (normalizedCompactSig2, wasNotNormalized2) = Secp256k1.signatureNormalize(notNormalizedDerSig)
+        assertTrue(wasNotNormalized2)
+        assertEquals(
+            "182A108E1448DC8F1FB467D06A0F3BB8EA0533584CB954EF8DA112F1D60E39A21C66F36DA211C087F3AF88B50EDF4F9BDAA6CF5FD6817E74DCA34DB12390C6E9",
+            Hex.encode(normalizedCompactSig2).uppercase(),
+        )
+        val normalizedCompactSig = Hex.decode("182A108E1448DC8F1FB467D06A0F3BB8EA0533584CB954EF8DA112F1D60E39A21C66F36DA211C087F3AF88B50EDF4F9BDAA6CF5FD6817E74DCA34DB12390C6E9".lowercase())
+        val (normalizedCompactSig3, wasNotNormalized3) = Secp256k1.signatureNormalize(normalizedCompactSig)
+        assertFalse(wasNotNormalized3)
+        assertEquals(
+            "182A108E1448DC8F1FB467D06A0F3BB8EA0533584CB954EF8DA112F1D60E39A21C66F36DA211C087F3AF88B50EDF4F9BDAA6CF5FD6817E74DCA34DB12390C6E9",
+            Hex.encode(normalizedCompactSig3).uppercase(),
+        )
+        val notNormalizedCompactSig = Hex.decode("182A108E1448DC8F1FB467D06A0F3BB8EA0533584CB954EF8DA112F1D60E39A2E3990C925DEE3F780C50774AF120B062E0080D86D8C721C6E32F10DBACA57A58".lowercase())
+        val (normalizedCompactSig4, wasNotNormalized4) = Secp256k1.signatureNormalize(notNormalizedCompactSig)
+        assertTrue(wasNotNormalized4)
+        assertEquals(
+            "182A108E1448DC8F1FB467D06A0F3BB8EA0533584CB954EF8DA112F1D60E39A21C66F36DA211C087F3AF88B50EDF4F9BDAA6CF5FD6817E74DCA34DB12390C6E9",
+            Hex.encode(normalizedCompactSig4).uppercase(),
         )
-        assertFalse(isHighS, "isHighS")
     }
 
     @Test
-    fun testSignNeg() {
+    fun failToCreateEcdsaSignature() {
-        val data: ByteArray = Hex.decode("CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A90".toLowerCase()) //sha256hash of "testing"
+        val message = Hex.decode("CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A90".lowercase()) //sha256hash of "testing"
-        val sec: ByteArray = Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF".toLowerCase())
+        val priv = Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF".lowercase())
         assertFailsWith<Secp256k1Exception> {
-            Secp256k1.sign(data, sec)
+            Secp256k1.sign(message, priv)
         }
     }
 
     @Test
-    fun testSignCompactPos() {
+    fun createCompactEcdsaSignature() {
-        val data: ByteArray = Hex.decode("CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A90".toLowerCase()) //sha256hash of "testing"
+        val message = Hex.decode("CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A90".lowercase()) //sha256hash of "testing"
-        val sec: ByteArray = Hex.decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".toLowerCase())
+        val priv = Hex.decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".lowercase())
-        val resultArr: ByteArray = Secp256k1.sign(data, sec)
+        val sig = Secp256k1.sign(message, priv)
-        val sigString: String = Hex.encode(resultArr).toUpperCase()
         assertEquals(
             "182A108E1448DC8F1FB467D06A0F3BB8EA0533584CB954EF8DA112F1D60E39A21C66F36DA211C087F3AF88B50EDF4F9BDAA6CF5FD6817E74DCA34DB12390C6E9",
-            sigString,
+            Hex.encode(sig).uppercase(),
-            "testSignCompactPos"
         )
     }
 
     @Test
-    fun testPrivKeyTweakNegate() {
+    fun verifyValidEcdsaSignatures() {
-        val sec: ByteArray = Hex.decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".toLowerCase())
+        val message = Hex.decode("CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A90".lowercase()) //sha256hash of "testing"
-        val sec1: ByteArray = Secp256k1.privKeyNegate(sec)
+        val sig = Hex.decode("3044022079BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F817980220294F14E883B3F525B5367756C2A11EF6CF84B730B36C17CB0C56F0AAB2C98589".lowercase())
+        val pub = Hex.decode("040A629506E1B65CD9D2E0BA9C75DF9C4FED0DB16DC9625ED14397F0AFC836FAE595DC53F8B0EFE61E703075BD9B143BAC75EC0E19F82A2208CAEB32BE53414C40".lowercase())
+        assertTrue(Secp256k1.verify(sig, message, pub))
+        val sigCompact = Hex.decode("79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798294F14E883B3F525B5367756C2A11EF6CF84B730B36C17CB0C56F0AAB2C98589".lowercase())
+        assertTrue(Secp256k1.verify(sigCompact, message, pub))
+    }
+
+    @Test
+    fun verifyInvalidEcdsaSignatures() {
+        val message = Hex.decode("CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A91".lowercase()) //sha256hash of "testing"
+        val sig = Hex.decode("3044022079BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F817980220294F14E883B3F525B5367756C2A11EF6CF84B730B36C17CB0C56F0AAB2C98589".lowercase())
+        val pub = Hex.decode("040A629506E1B65CD9D2E0BA9C75DF9C4FED0DB16DC9625ED14397F0AFC836FAE595DC53F8B0EFE61E703075BD9B143BAC75EC0E19F82A2208CAEB32BE53414C40".lowercase())
+        assertFalse(Secp256k1.verify(sig, message, pub))
+    }
+
+    @Test
+    fun negatePrivateKey() {
+        val priv = Hex.decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".lowercase())
+        val npriv = Secp256k1.privKeyNegate(priv)
         assertEquals(
             "981A9A7DD677A622518DA068D66D5F824E5F22F084B8A0E2F195B5662F300C11",
-            Hex.encode(sec1).toUpperCase(),
+            Hex.encode(npriv).uppercase(),
-            "testPrivKeyNegate"
         )
-        val sec2: ByteArray = Secp256k1.privKeyNegate(sec1)
+        val nnpriv: ByteArray = Secp256k1.privKeyNegate(npriv)
-        assertTrue(sec.contentEquals(sec2))
+        assertContentEquals(priv, nnpriv)
     }
 
     @Test
-    fun testPrivKeyTweakAdd_1() {
+    fun addTweakToPrivateKey() {
-        val sec: ByteArray = Hex.decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".toLowerCase())
+        val priv = Hex.decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".lowercase())
-        val data: ByteArray = Hex.decode("3982F19BEF1615BCCFBB05E321C10E1D4CBA3DF0E841C2E41EEB6016347653C3".toLowerCase()) //sha256hash of "tweak"
+        val tweak = Hex.decode("3982F19BEF1615BCCFBB05E321C10E1D4CBA3DF0E841C2E41EEB6016347653C3".lowercase())
-        val resultArr: ByteArray = Secp256k1.privKeyTweakAdd(sec, data)
+        val tweakedPriv = Secp256k1.privKeyTweakAdd(priv, tweak)
-        val sigString: String = Hex.encode(resultArr).toUpperCase()
         assertEquals(
             "A168571E189E6F9A7E2D657A4B53AE99B909F7E712D1C23CED28093CD57C88F3",
-            sigString,
+            Hex.encode(tweakedPriv).uppercase(),
-            "testPrivKeyAdd_1"
         )
     }
 
     @Test
-    fun testPrivKeyTweakMul_1() {
+    fun multiplyPrivateKeyWithTweak() {
-        val sec: ByteArray = Hex.decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".toLowerCase())
+        val priv = Hex.decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".lowercase())
-        val data: ByteArray = Hex.decode("3982F19BEF1615BCCFBB05E321C10E1D4CBA3DF0E841C2E41EEB6016347653C3".toLowerCase()) //sha256hash of "tweak"
+        val tweak = Hex.decode("3982F19BEF1615BCCFBB05E321C10E1D4CBA3DF0E841C2E41EEB6016347653C3".lowercase())
-        val resultArr: ByteArray = Secp256k1.privKeyTweakMul(sec, data)
+        val tweakedPriv = Secp256k1.privKeyTweakMul(priv, tweak)
-        val sigString: String = Hex.encode(resultArr).toUpperCase()
         assertEquals(
             "97F8184235F101550F3C71C927507651BD3F1CDB4A5A33B8986ACF0DEE20FFFC",
-            sigString,
+            Hex.encode(tweakedPriv).uppercase(),
-            "testPrivKeyMul_1"
         )
     }
 
     @Test
-    fun testPrivKeyTweakAdd_2() {
+    fun addTweakToPublicKey() {
-        val pub: ByteArray = Hex.decode("040A629506E1B65CD9D2E0BA9C75DF9C4FED0DB16DC9625ED14397F0AFC836FAE595DC53F8B0EFE61E703075BD9B143BAC75EC0E19F82A2208CAEB32BE53414C40".toLowerCase())
+        val pub = Hex.decode("040A629506E1B65CD9D2E0BA9C75DF9C4FED0DB16DC9625ED14397F0AFC836FAE595DC53F8B0EFE61E703075BD9B143BAC75EC0E19F82A2208CAEB32BE53414C40".lowercase())
-        val data: ByteArray = Hex.decode("3982F19BEF1615BCCFBB05E321C10E1D4CBA3DF0E841C2E41EEB6016347653C3".toLowerCase()) //sha256hash of "tweak"
+        val tweak = Hex.decode("3982F19BEF1615BCCFBB05E321C10E1D4CBA3DF0E841C2E41EEB6016347653C3".lowercase())
-        val resultArr: ByteArray = Secp256k1.pubKeyTweakAdd(pub, data)
+        val tweakedPub = Secp256k1.pubKeyTweakAdd(pub, tweak)
-        val sigString: String = Hex.encode(resultArr).toUpperCase()
         assertEquals(
             "0411C6790F4B663CCE607BAAE08C43557EDC1A4D11D88DFCB3D841D0C6A941AF525A268E2A863C148555C48FB5FBA368E88718A46E205FABC3DBA2CCFFAB0796EF",
-            sigString,
+            Hex.encode(tweakedPub).uppercase(),
-            "testPrivKeyAdd_2"
         )
     }
 
     @Test
-    fun testPrivKeyTweakMul_2() {
+    fun multiplyPublicKeyWithTweak() {
-        val pub: ByteArray = Hex.decode("040A629506E1B65CD9D2E0BA9C75DF9C4FED0DB16DC9625ED14397F0AFC836FAE595DC53F8B0EFE61E703075BD9B143BAC75EC0E19F82A2208CAEB32BE53414C40".toLowerCase())
+        val pub = Hex.decode("040A629506E1B65CD9D2E0BA9C75DF9C4FED0DB16DC9625ED14397F0AFC836FAE595DC53F8B0EFE61E703075BD9B143BAC75EC0E19F82A2208CAEB32BE53414C40".lowercase())
-        val data: ByteArray = Hex.decode("3982F19BEF1615BCCFBB05E321C10E1D4CBA3DF0E841C2E41EEB6016347653C3".toLowerCase()) //sha256hash of "tweak"
+        val tweak = Hex.decode("3982F19BEF1615BCCFBB05E321C10E1D4CBA3DF0E841C2E41EEB6016347653C3".lowercase())
-        val resultArr: ByteArray = Secp256k1.pubKeyTweakMul(pub, data)
+        val tweakedPub = Secp256k1.pubKeyTweakMul(pub, tweak)
-        val sigString: String = Hex.encode(resultArr).toUpperCase()
         assertEquals(
             "04E0FE6FE55EBCA626B98A807F6CAF654139E14E5E3698F01A9A658E21DC1D2791EC060D4F412A794D5370F672BC94B722640B5F76914151CFCA6E712CA48CC589",
-            sigString,
+            Hex.encode(tweakedPub).uppercase(),
-            "testPrivKeyMul_2"
         )
     }
 
     @Test
-    fun testCreateECDHSecret() {
+    fun createEcdhSecret() {
-        val sec: ByteArray = Hex.decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".toLowerCase())
+        val priv = Hex.decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".lowercase())
-        val pub: ByteArray = Hex.decode("040A629506E1B65CD9D2E0BA9C75DF9C4FED0DB16DC9625ED14397F0AFC836FAE595DC53F8B0EFE61E703075BD9B143BAC75EC0E19F82A2208CAEB32BE53414C40".toLowerCase())
+        val pub = Hex.decode("040A629506E1B65CD9D2E0BA9C75DF9C4FED0DB16DC9625ED14397F0AFC836FAE595DC53F8B0EFE61E703075BD9B143BAC75EC0E19F82A2208CAEB32BE53414C40".lowercase())
-        val resultArr: ByteArray = Secp256k1.ecdh(sec, pub)
+        val secret = Secp256k1.ecdh(priv, pub)
-        val ecdhString: String = Hex.encode(resultArr).toUpperCase()
         assertEquals(
             "2A2A67007A926E6594AF3EB564FC74005B37A9C8AEF2033C4552051B5C87F043",
-            ecdhString,
+            Hex.encode(secret).uppercase(),
-            "testCreateECDHSecret"
         )
     }
 
     @Test
-    fun testEcdsaRecover() {
+    fun createSymmetricEcdhSecret() {
-        val data: ByteArray = Hex.decode("CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A90".toLowerCase()) //sha256hash of "testing"
+        val priv1 = Hex.decode("3580a881ac24eb00530a51235c42bcb65424ba121e2e7d910a70fa531a578d21")
-        val sec: ByteArray = Hex.decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".toLowerCase())
+        val pub1 = Secp256k1.pubkeyCreate(priv1)
-        val pub: ByteArray = Secp256k1.pubkeyCreate(sec)
+        val priv2 = Hex.decode("f6a353f7a5de654501c3495acde7450293f74d09086c2b7c9a4e524248d0daac")
-        val sig: ByteArray = Secp256k1.sign(data, sec)
+        val pub2 = Secp256k1.pubkeyCreate(priv2)
-        val pub0: ByteArray = Secp256k1.ecdsaRecover(sig, data, 0)
+        val secret1 = Secp256k1.ecdh(priv1, pub2)
-        val pub1: ByteArray = Secp256k1.ecdsaRecover(sig, data, 1)
+        val secret2 = Secp256k1.ecdh(priv2, pub1)
-        assertTrue(pub.contentEquals(pub0) || pub.contentEquals(pub1), "testEcdsaRecover")
+        assertContentEquals(secret1, secret2)
     }
 
     @Test
-    fun testCompactToDER() {
+    fun recoverPublicKeyFromEcdsaSignature() {
-        val sig: ByteArray = Hex.decode("182A108E1448DC8F1FB467D06A0F3BB8EA0533584CB954EF8DA112F1D60E39A21C66F36DA211C087F3AF88B50EDF4F9BDAA6CF5FD6817E74DCA34DB12390C6E9".toLowerCase()) //sha256hash of "testing"
+        val message = Hex.decode("CF80CD8AED482D5D1527D7DC72FCEFF84E6326592848447D2DC0B0E87DFC9A90".lowercase()) //sha256hash of "testing"
-        val der: ByteArray = Secp256k1.compact2der(sig)
+        val priv = Hex.decode("67E56582298859DDAE725F972992A07C6C4FB9F62A8FFF58CE3CA926A1063530".lowercase())
+        val pub = Secp256k1.pubkeyCreate(priv)
+        val sig = Secp256k1.sign(message, priv)
+        val pub0 = Secp256k1.ecdsaRecover(sig, message, 0)
+        val pub1 = Secp256k1.ecdsaRecover(sig, message, 1)
+        assertTrue(pub.contentEquals(pub0) || pub.contentEquals(pub1))
+
+        // this is a special case, ecdsaRecover explicitly does not check that recid is valid, which triggers our illegal callback handler
+        assertFailsWith(Secp256k1IllegalCallbackException::class) {
+            Secp256k1.ecdsaRecover(sig, message, 4)
+        }
+    }
+
+    @Test
+    fun convertCompactEcdsaSignatureToDer() {
+        val compact = Hex.decode("182A108E1448DC8F1FB467D06A0F3BB8EA0533584CB954EF8DA112F1D60E39A21C66F36DA211C087F3AF88B50EDF4F9BDAA6CF5FD6817E74DCA34DB12390C6E9".lowercase()) //sha256hash of "testing"
+        val der = Secp256k1.compact2der(compact)
         assertEquals(
             "30440220182A108E1448DC8F1FB467D06A0F3BB8EA0533584CB954EF8DA112F1D60E39A202201C66F36DA211C087F3AF88B50EDF4F9BDAA6CF5FD6817E74DCA34DB12390C6E9",
-            Hex.encode(der).toUpperCase(),
+            Hex.encode(der).uppercase(),
         )
     }
 
     @Test
-    fun testFormatConversion() {
+    fun testSchnorrSignature() {
+        val seckey = Hex.decode("0000000000000000000000000000000000000000000000000000000000000003")
+        val msg = Hex.decode("0000000000000000000000000000000000000000000000000000000000000000")
+        val auxrand32 = Hex.decode("0000000000000000000000000000000000000000000000000000000000000000")
+        val sig = Secp256k1.signSchnorr(msg, seckey, auxrand32)
+        assertEquals(
+            "E907831F80848D1069A5371B402410364BDF1C5F8307B0084C55F1CE2DCA821525F66A4A85EA8B71E482A74F382D2CE5EBEEE8FDB2172F477DF4900D310536C0",
+            Hex.encode(sig).uppercase(),
+        )
+        val pubkey = Secp256k1.pubkeyCreate(seckey).drop(1).take(32).toByteArray()
+        assertEquals(
+            "F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9",
+            Hex.encode(pubkey).uppercase()
+        )
+        assertTrue(Secp256k1.verifySchnorr(sig, msg, pubkey))
+    }
+
+    @Test
+    fun testSchnorrTestVectors() {
+        // BIP340 test vectors copied from https://github.com/bitcoin/bips/blob/master/bip-0340/test-vectors.csv
+        val bip340TestVectors = """index,secret key,public key,aux_rand,message,signature,verification result,comment
+0,0000000000000000000000000000000000000000000000000000000000000003,F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9,0000000000000000000000000000000000000000000000000000000000000000,0000000000000000000000000000000000000000000000000000000000000000,E907831F80848D1069A5371B402410364BDF1C5F8307B0084C55F1CE2DCA821525F66A4A85EA8B71E482A74F382D2CE5EBEEE8FDB2172F477DF4900D310536C0,TRUE,
+1,B7E151628AED2A6ABF7158809CF4F3C762E7160F38B4DA56A784D9045190CFEF,DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659,0000000000000000000000000000000000000000000000000000000000000001,243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89,6896BD60EEAE296DB48A229FF71DFE071BDE413E6D43F917DC8DCF8C78DE33418906D11AC976ABCCB20B091292BFF4EA897EFCB639EA871CFA95F6DE339E4B0A,TRUE,
+2,C90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B14E5C9,DD308AFEC5777E13121FA72B9CC1B7CC0139715309B086C960E18FD969774EB8,C87AA53824B4D7AE2EB035A2B5BBBCCC080E76CDC6D1692C4B0B62D798E6D906,7E2D58D8B3BCDF1ABADEC7829054F90DDA9805AAB56C77333024B9D0A508B75C,5831AAEED7B44BB74E5EAB94BA9D4294C49BCF2A60728D8B4C200F50DD313C1BAB745879A5AD954A72C45A91C3A51D3C7ADEA98D82F8481E0E1E03674A6F3FB7,TRUE,
+3,0B432B2677937381AEF05BB02A66ECD012773062CF3FA2549E44F58ED2401710,25D1DFF95105F5253C4022F628A996AD3A0D95FBF21D468A1B33F8C160D8F517,FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF,FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF,7EB0509757E246F19449885651611CB965ECC1A187DD51B64FDA1EDC9637D5EC97582B9CB13DB3933705B32BA982AF5AF25FD78881EBB32771FC5922EFC66EA3,TRUE,test fails if msg is reduced modulo p or n
+4,,D69C3509BB99E412E68B0FE8544E72837DFA30746D8BE2AA65975F29D22DC7B9,,4DF3C3F68FCC83B27E9D42C90431A72499F17875C81A599B566C9889B9696703,00000000000000000000003B78CE563F89A0ED9414F5AA28AD0D96D6795F9C6376AFB1548AF603B3EB45C9F8207DEE1060CB71C04E80F593060B07D28308D7F4,TRUE,
+5,,EEFDEA4CDB677750A420FEE807EACF21EB9898AE79B9768766E4FAA04A2D4A34,,243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89,6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E17776969E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B,FALSE,public key not on the curve
+6,,DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659,,243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89,FFF97BD5755EEEA420453A14355235D382F6472F8568A18B2F057A14602975563CC27944640AC607CD107AE10923D9EF7A73C643E166BE5EBEAFA34B1AC553E2,FALSE,has_even_y(R) is false
+7,,DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659,,243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89,1FA62E331EDBC21C394792D2AB1100A7B432B013DF3F6FF4F99FCB33E0E1515F28890B3EDB6E7189B630448B515CE4F8622A954CFE545735AAEA5134FCCDB2BD,FALSE,negated message
+8,,DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659,,243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89,6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E177769961764B3AA9B2FFCB6EF947B6887A226E8D7C93E00C5ED0C1834FF0D0C2E6DA6,FALSE,negated s value
+9,,DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659,,243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89,0000000000000000000000000000000000000000000000000000000000000000123DDA8328AF9C23A94C1FEECFD123BA4FB73476F0D594DCB65C6425BD186051,FALSE,sG - eP is infinite. Test fails in single verification if has_even_y(inf) is defined as true and x(inf) as 0
+10,,DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659,,243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89,00000000000000000000000000000000000000000000000000000000000000017615FBAF5AE28864013C099742DEADB4DBA87F11AC6754F93780D5A1837CF197,FALSE,sG - eP is infinite. Test fails in single verification if has_even_y(inf) is defined as true and x(inf) as 1
+11,,DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659,,243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89,4A298DACAE57395A15D0795DDBFD1DCB564DA82B0F269BC70A74F8220429BA1D69E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B,FALSE,sig[0:32] is not an X coordinate on the curve
+12,,DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659,,243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89,FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F69E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B,FALSE,sig[0:32] is equal to field size
+13,,DFF1D77F2A671C5F36183726DB2341BE58FEAE1DA2DECED843240F7B502BA659,,243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89,6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E177769FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141,FALSE,sig[32:64] is equal to curve order
+14,,FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC30,,243F6A8885A308D313198A2E03707344A4093822299F31D0082EFA98EC4E6C89,6CFF5C3BA86C69EA4B7376F31A9BCB4F74C1976089B2D9963DA2E5543E17776969E89B4C5564D00349106B8497785DD7D1D713A8AE82B32FA79D5F7FC407D39B,FALSE,public key is not a valid X coordinate because it exceeds the field size"""
+
+        bip340TestVectors.split('\n').drop(1).forEach {
+            val testData = it.split(',')
+            val index = testData[0]
+            val seckey = Hex.decode(testData[1])
+            val pubkey = Hex.decode(testData[2])
+            val auxrand = if (testData[3].isEmpty()) null else Hex.decode(testData[3])
+            val msg = Hex.decode(testData[4])
+            val sig = testData[5]
+            val expected = when (testData[6]) {
+                "FALSE" -> false
+                else -> true
+            }
+            val comment = testData[7]
+
+            if (seckey.isNotEmpty()) {
+                val ourSig = Secp256k1.signSchnorr(msg, seckey, auxrand)
+                assertEquals(Hex.encode(ourSig).uppercase(), sig)
+            }
+            val result = try {
+                Secp256k1.verifySchnorr(Hex.decode(sig), msg, pubkey)
+            } catch (t: Throwable) {
+                false
+            }
+            assertEquals(expected, result, "test [$index, $comment] failed")
+        }
+    }
+
+    @Test
+    fun fuzzEcdsaSignVerify() {
         val random = Random.Default
 
         fun randomBytes(length: Int): ByteArray {
@@ -279,11 +369,13 @@ class Secp256k1Test {
 
         repeat(200) {
             val priv = randomBytes(32)
+            assertTrue(Secp256k1.secKeyVerify(priv))
             val pub = Secp256k1.pubkeyCreate(priv)
-            val data = randomBytes(32)
+            val message = randomBytes(32)
-            val sig = Secp256k1.sign(data, priv)
+            val sig = Secp256k1.sign(message, priv)
+            assertTrue(Secp256k1.verify(sig, message, pub))
             val der = Secp256k1.compact2der(sig)
-            Secp256k1.verify(der, data, pub)
+            assertTrue(Secp256k1.verify(der, message, pub))
         }
     }
 }