Release 0.12.0 (#95)

* Check arguments passed to secp256k1 methods

Illegal arguments will trigger an internal callback that prints to stderr and calls abort.
We already check arguments in our JNI and kotlin native code but had missed 2 checks (recid in ecdsaRecover, empty arrays in pubkeyCombine).

* Implement the same "tweak" checks in the native code and JNI code

The native code was missing checks on the "tweak" size (which must be 32 bytes)

.github/workflows/release.yml

@@ -33,7 +33,7 @@ jobs:
         shell: bash
         run: |
           echo "ANDROID_HOME=$ANDROID_HOME" >> $GITHUB_ENV
-          echo "ANDROID_NDK_VERSION=21.4.7075529" >> $GITHUB_ENV
+          echo "ANDROID_NDK_VERSION=25.2.9519653" >> $GITHUB_ENV
       - name: Cached Android NDK
         if: matrix.os != 'windows-latest'
         uses: actions/cache@v2
@@ -96,10 +96,9 @@ jobs:
         uses: reactivecircus/android-emulator-runner@v2
         with:
           api-level: 27
-          emulator-build: 7425822  # workaround to emulator bug: https://github.com/ReactiveCircus/android-emulator-runner/issues/160
           emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
           ndk: ${{ env.ANDROID_NDK_VERSION }}
-          cmake: 3.10.2.4988404
+          cmake: 3.22.1
           script: ./gradlew connectedCheck
       - name: Publish Linux
         if: matrix.os == 'ubuntu-latest'

.github/workflows/snapshot.yml

@@ -42,7 +42,7 @@ jobs:
         shell: bash
         run: |
           echo "ANDROID_HOME=$ANDROID_HOME" >> $GITHUB_ENV
-          echo "ANDROID_NDK_VERSION=21.4.7075529" >> $GITHUB_ENV
+          echo "ANDROID_NDK_VERSION=25.2.9519653" >> $GITHUB_ENV
       - name: Cached Android NDK
         if: matrix.os != 'windows-latest'
         uses: actions/cache@v2
@@ -105,10 +105,9 @@ jobs:
         uses: reactivecircus/android-emulator-runner@v2
         with:
           api-level: 27
-          -build: 7425822  # workaround to emulator bug: https://github.com/ReactiveCircus/android-emulator-runner/issues/160
           emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
           ndk: ${{ env.ANDROID_NDK_VERSION }}
-          cmake: 3.10.2.4988404
+          cmake: 3.22.1
           script: ./gradlew connectedCheck
       - name: Publish Linux
         if: matrix.os == 'ubuntu-latest'

.github/workflows/test.yml

@@ -48,7 +48,7 @@ jobs:
         shell: bash
         run: |
           echo "ANDROID_HOME=$ANDROID_HOME" >> $GITHUB_ENV
-          echo "ANDROID_NDK_VERSION=21.4.7075529" >> $GITHUB_ENV
+          echo "ANDROID_NDK_VERSION=25.2.9519653" >> $GITHUB_ENV
       - name: Cached Android NDK
         if: matrix.os != 'windows-latest'
         uses: actions/cache@v2
@@ -111,8 +111,7 @@ jobs:
         uses: reactivecircus/android-emulator-runner@v2
         with:
           api-level: 27
-          emulator-build: 7425822  # workaround to emulator bug: https://github.com/ReactiveCircus/android-emulator-runner/issues/160
           emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
           ndk: ${{ env.ANDROID_NDK_VERSION }}
-          cmake: 3.10.2.4988404
+          cmake: 3.22.1
           script: ./gradlew connectedCheck

README.md

@@ -1,4 +1,4 @@
-[![Kotlin](https://img.shields.io/badge/Kotlin-1.6.21-blue.svg?style=flat&logo=kotlin)](http://kotlinlang.org)
+[![Kotlin](https://img.shields.io/badge/Kotlin-1.8.21-blue.svg?style=flat&logo=kotlin)](http://kotlinlang.org)
 [![Maven Central](https://img.shields.io/maven-central/v/fr.acinq.secp256k1/secp256k1-kmp)](https://search.maven.org/search?q=g:fr.acinq.secp256k1%20a:secp256k1-kmp*)
 ![Github Actions](https://github.com/ACINQ/secp256k1-kmp/actions/workflows/test.yml/badge.svg)
 [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/ACINQ/secp256k1-kmp/blob/master/LICENSE)
@@ -58,9 +58,9 @@ Native targets include libsecp256k1, called through KMP's c-interop, simply add
 The JVM library uses JNI bindings for libsecp256k1, which is much faster than BouncyCastle. It will extract and load native bindings for your operating system in a temporary directory.
 
 JNI libraries are included for:
-- Linux 64 bits
-- Windows 64 bits
-- Macos 64 bits
+- Linux 64 bits (x86_64 and arm64)
+- Windows 64 bits (x86_64)
+- Macos 64 bits (x86_64 and arm64)
 
 Along this library, you **must** specify which JNI native library to use in your dependency manager:
 

build.gradle.kts

@@ -3,8 +3,8 @@ import org.jetbrains.kotlin.gradle.plugin.mpp.KotlinNativeTarget
 import org.jetbrains.dokka.Platform
 
 plugins {
-    kotlin("multiplatform") version "1.6.21"
-    id("org.jetbrains.dokka") version "1.6.21"
+    kotlin("multiplatform") version "1.8.21"
+    id("org.jetbrains.dokka") version "1.8.10"
     `maven-publish`
 }
 
@@ -16,13 +16,13 @@ buildscript {
 
     dependencies {
         classpath("com.android.tools.build:gradle:7.3.1")
-        classpath("org.jetbrains.dokka:dokka-gradle-plugin:1.6.21")
+        classpath("org.jetbrains.dokka:dokka-gradle-plugin:1.8.10")
     }
 }
 
 allprojects {
     group = "fr.acinq.secp256k1"
-    version = "0.9.0"
+    version = "0.12.0"
 
     repositories {
         google()
@@ -157,6 +157,7 @@ allprojects {
                             Platform.js -> "js"
                             Platform.native -> "native"
                             Platform.common -> "common"
+                            Platform.wasm -> "wasm"
                         }
                         displayName.set(platformName)
 

jni/c/src/fr_acinq_secp256k1_Secp256k1CFunctions.c

@@ -1,6 +1,9 @@
 #include <string.h>
 #include <stdlib.h>
 
+#ifdef WIN32
+#define SECP256K1_STATIC // needed on windows when linking to a static version of secp256k1
+#endif
 #include "include/secp256k1.h"
 #include "include/secp256k1_ecdh.h"
 #include "include/secp256k1_recovery.h"
@@ -514,6 +517,7 @@ JNIEXPORT jbyteArray JNICALL Java_fr_acinq_secp256k1_Secp256k1CFunctions_secp256
     if (jpubkeys == NULL) return NULL;
 
     count = (*penv)->GetArrayLength(penv, jpubkeys);
+    CHECKRESULT(count < 1, "pubkey array cannot be empty")
     pubkeys = calloc(count, sizeof(secp256k1_pubkey*));
 
     for(i = 0; i < count; i++) {
@@ -597,6 +601,7 @@ JNIEXPORT jbyteArray JNICALL Java_fr_acinq_secp256k1_Secp256k1CFunctions_secp256
     if (jctx == 0) return NULL;
     if (jsig == NULL) return NULL;
     if (jmsg == NULL) return NULL;
+    CHECKRESULT(recid < 0 || recid > 3, "invalid recovery id");
 
     sigSize = (*penv)->GetArrayLength(penv, jsig);
     int sigFormat = GetSignatureFormat(sigSize);

publishing/secp256k1-kmp-snapshot-deploy.sh

@@ -2,52 +2,64 @@
 
 GROUP_ID=fr.acinq.secp256k1
 ARTIFACT_ID_BASE=secp256k1-kmp
-VERSION=0.9.0-SNAPSHOT
+
+if [[ -z "${VERSION}" ]]; then
+  echo "VERSION is not defined"
+  exit 1
+fi
 
 cd snapshot
 pushd .
 cd fr/acinq/secp256k1/secp256k1-kmp/$VERSION
 mvn deploy:deploy-file -DrepositoryId=ossrh -Durl=https://oss.sonatype.org/content/repositories/snapshots/ \
-    -DpomFile=$ARTIFACT_ID_BASE-$VERSION.pom \
-    -Dfile=$ARTIFACT_ID_BASE-$VERSION.jar \
-    -Dfiles=$ARTIFACT_ID_BASE-$VERSION.module,$ARTIFACT_ID_BASE-$VERSION-kotlin-tooling-metadata.json \
-    -Dtypes=module,json \
-    -Dclassifiers=,kotlin-tooling-metadata \
-    -Dsources=$ARTIFACT_ID_BASE-$VERSION-sources.jar \
-    -Djavadoc=$ARTIFACT_ID_BASE-$VERSION-javadoc.jar
+  -DpomFile=$ARTIFACT_ID_BASE-$VERSION.pom \
+  -Dfile=$ARTIFACT_ID_BASE-$VERSION.jar \
+  -Dfiles=$ARTIFACT_ID_BASE-$VERSION.module,$ARTIFACT_ID_BASE-$VERSION-kotlin-tooling-metadata.json \
+  -Dtypes=module,json \
+  -Dclassifiers=,kotlin-tooling-metadata \
+  -Dsources=$ARTIFACT_ID_BASE-$VERSION-sources.jar \
+  -Djavadoc=$ARTIFACT_ID_BASE-$VERSION-javadoc.jar
 popd
 pushd .
-for i in iosarm64 iosx64 jni-android jni-common jni-jvm-darwin jni-jvm-extract jni-jvm-linux jni-jvm-mingw jni-jvm jvm linux
-do
-    cd fr/acinq/secp256k1/secp256k1-kmp-$i/$VERSION
-    if [ $i == iosarm64 ] || [ $i == iosx64 ] || [ $i == linux ]; then
-        mvn deploy:deploy-file -DrepositoryId=ossrh -Durl=https://oss.sonatype.org/content/repositories/snapshots/ \
-        -DpomFile=$ARTIFACT_ID_BASE-$i-$VERSION.pom \
-        -Dfile=$ARTIFACT_ID_BASE-$i-$VERSION.klib \
-    	-Dfiles=$ARTIFACT_ID_BASE-$i-$VERSION.module,$ARTIFACT_ID_BASE-$i-$VERSION-cinterop-libsecp256k1.klib  \
-    	-Dtypes=module,klib \
-    	-Dclassifiers=,cinterop-libsecp256k1 \
-        -Dsources=$ARTIFACT_ID_BASE-$i-$VERSION-sources.jar \
-        -Djavadoc=$ARTIFACT_ID_BASE-$i-$VERSION-javadoc.jar
-    elif [ $i == jni-android ]; then
-        mvn deploy:deploy-file -DrepositoryId=ossrh -Durl=https://oss.sonatype.org/content/repositories/snapshots/ \
-        -DpomFile=$ARTIFACT_ID_BASE-$i-$VERSION.pom \
-        -Dfile=$ARTIFACT_ID_BASE-$i-$VERSION.aar \
-    	-Dfiles=$ARTIFACT_ID_BASE-$i-$VERSION.module \
-    	-Dtypes=module \
-        -Dclassifiers= \
-    	-Dsources=$ARTIFACT_ID_BASE-$i-$VERSION-sources.jar \
-        -Djavadoc=$ARTIFACT_ID_BASE-$i-$VERSION-javadoc.jar
-    else
-        mvn deploy:deploy-file -DrepositoryId=ossrh -Durl=https://oss.sonatype.org/content/repositories/snapshots/ \
-        -DpomFile=$ARTIFACT_ID_BASE-$i-$VERSION.pom \
-        -Dfile=$ARTIFACT_ID_BASE-$i-$VERSION.jar \
-    	-Dfiles=$ARTIFACT_ID_BASE-$i-$VERSION.module \
-    	-Dtypes=module \
-        -Dclassifiers= \
-        -Dsources=$ARTIFACT_ID_BASE-$i-$VERSION-sources.jar \
-        -Djavadoc=$ARTIFACT_ID_BASE-$i-$VERSION-javadoc.jar
-    fi    
-    popd
-    pushd .
+for i in iosarm64 iosx64 jni-android jni-common jni-jvm-darwin jni-jvm-extract jni-jvm-linux jni-jvm-mingw jni-jvm jvm linux; do
+  cd fr/acinq/secp256k1/secp256k1-kmp-$i/$VERSION
+  if [ $i == iosarm64 ] || [ $i == iosx64 ]; then
+    mvn deploy:deploy-file -DrepositoryId=ossrh -Durl=https://oss.sonatype.org/content/repositories/snapshots/ \
+      -DpomFile=$ARTIFACT_ID_BASE-$i-$VERSION.pom \
+      -Dfile=$ARTIFACT_ID_BASE-$i-$VERSION.klib \
+      -Dfiles=$ARTIFACT_ID_BASE-$i-$VERSION-metadata.jar,$ARTIFACT_ID_BASE-$i-$VERSION.module,$ARTIFACT_ID_BASE-$i-$VERSION-cinterop-libsecp256k1.klib \
+      -Dtypes=jar,module,klib \
+      -Dclassifiers=metadata,,cinterop-libsecp256k1 \
+      -Dsources=$ARTIFACT_ID_BASE-$i-$VERSION-sources.jar \
+      -Djavadoc=$ARTIFACT_ID_BASE-$i-$VERSION-javadoc.jar
+  elif [ $i == linux ]; then
+    mvn deploy:deploy-file -DrepositoryId=ossrh -Durl=https://oss.sonatype.org/content/repositories/snapshots/ \
+      -DpomFile=$ARTIFACT_ID_BASE-$i-$VERSION.pom \
+      -Dfile=$ARTIFACT_ID_BASE-$i-$VERSION.klib \
+      -Dfiles=$ARTIFACT_ID_BASE-$i-$VERSION.module,$ARTIFACT_ID_BASE-$i-$VERSION-cinterop-libsecp256k1.klib \
+      -Dtypes=module,klib \
+      -Dclassifiers=,cinterop-libsecp256k1 \
+      -Dsources=$ARTIFACT_ID_BASE-$i-$VERSION-sources.jar \
+      -Djavadoc=$ARTIFACT_ID_BASE-$i-$VERSION-javadoc.jar
+  elif [ $i == jni-android ]; then
+    mvn deploy:deploy-file -DrepositoryId=ossrh -Durl=https://oss.sonatype.org/content/repositories/snapshots/ \
+      -DpomFile=$ARTIFACT_ID_BASE-$i-$VERSION.pom \
+      -Dfile=$ARTIFACT_ID_BASE-$i-$VERSION.aar \
+      -Dfiles=$ARTIFACT_ID_BASE-$i-$VERSION.module \
+      -Dtypes=module \
+      -Dclassifiers= \
+      -Dsources=$ARTIFACT_ID_BASE-$i-$VERSION-sources.jar \
+      -Djavadoc=$ARTIFACT_ID_BASE-$i-$VERSION-javadoc.jar
+  else
+    mvn deploy:deploy-file -DrepositoryId=ossrh -Durl=https://oss.sonatype.org/content/repositories/snapshots/ \
+      -DpomFile=$ARTIFACT_ID_BASE-$i-$VERSION.pom \
+      -Dfile=$ARTIFACT_ID_BASE-$i-$VERSION.jar \
+      -Dfiles=$ARTIFACT_ID_BASE-$i-$VERSION.module \
+      -Dtypes=module \
+      -Dclassifiers= \
+      -Dsources=$ARTIFACT_ID_BASE-$i-$VERSION-sources.jar \
+      -Djavadoc=$ARTIFACT_ID_BASE-$i-$VERSION-javadoc.jar
+  fi
+  popd
+  pushd .
 done

src/nativeMain/kotlin/fr/acinq/secp256k1/Secp256k1Native.kt

@@ -125,6 +125,7 @@ public object Secp256k1Native : Secp256k1 {
 
     public override fun privKeyTweakAdd(privkey: ByteArray, tweak: ByteArray): ByteArray {
         require(privkey.size == 32)
+        require(tweak.size == 32)
         memScoped {
             val added = privkey.copyOf()
             val natAdd = toNat(added)
@@ -136,6 +137,7 @@ public object Secp256k1Native : Secp256k1 {
 
     public override fun privKeyTweakMul(privkey: ByteArray, tweak: ByteArray): ByteArray {
         require(privkey.size == 32)
+        require(tweak.size == 32)
         memScoped {
             val multiplied = privkey.copyOf()
             val natMul = toNat(multiplied)
@@ -156,6 +158,7 @@ public object Secp256k1Native : Secp256k1 {
 
     public override fun pubKeyTweakAdd(pubkey: ByteArray, tweak: ByteArray): ByteArray {
         require(pubkey.size == 33 || pubkey.size == 65)
+        require(tweak.size == 32)
         memScoped {
             val nPubkey = allocPublicKey(pubkey)
             val nTweak = toNat(tweak)
@@ -166,6 +169,7 @@ public object Secp256k1Native : Secp256k1 {
 
     public override fun pubKeyTweakMul(pubkey: ByteArray, tweak: ByteArray): ByteArray {
         require(pubkey.size == 33 || pubkey.size == 65)
+        require(tweak.size == 32)
         memScoped {
             val nPubkey = allocPublicKey(pubkey)
             val nTweak = toNat(tweak)
@@ -175,6 +179,7 @@ public object Secp256k1Native : Secp256k1 {
     }
 
     public override fun pubKeyCombine(pubkeys: Array<ByteArray>): ByteArray {
+        require(pubkeys.isNotEmpty())
         pubkeys.forEach { require(it.size == 33 || it.size == 65) }
         memScoped {
             val nPubkeys = pubkeys.map { allocPublicKey(it).ptr }
@@ -199,6 +204,7 @@ public object Secp256k1Native : Secp256k1 {
     public override fun ecdsaRecover(sig: ByteArray, message: ByteArray, recid: Int): ByteArray {
         require(sig.size == 64)
         require(message.size == 32)
+        require(recid in 0..3)
         memScoped {
             val nSig = toNat(sig)
             val rSig = alloc<secp256k1_ecdsa_recoverable_signature>()

tests/src/commonTest/kotlin/fr/acinq/secp256k1/Secp256k1Test.kt

@@ -352,6 +352,38 @@ class Secp256k1Test {
         }
     }
 
+    @Test
+    fun testInvalidArguments() {
+        assertFails {
+            Secp256k1.pubkeyCreate(ByteArray(32))
+        }
+        assertFails {
+            Secp256k1.pubkeyCreate(Hex.decode("ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"))
+        }
+        assertFails {
+            Secp256k1.pubkeyParse(ByteArray(33))
+        }
+        assertFails {
+            Secp256k1.pubkeyParse(Hex.decode("03ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"))
+        }
+        assertFails {
+            Secp256k1.pubKeyCombine(arrayOf())
+        }
+        assertFails {
+            Secp256k1.pubKeyCombine(arrayOf(ByteArray(0)))
+        }
+        assertFails {
+            Secp256k1.signSchnorr(ByteArray(0), Hex.decode("0101010101010101010101010101010101010101010101010101010101010101"), null)
+        }
+        assertFails {
+            Secp256k1.ecdsaRecover(
+                Hex.decode("01010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101"),
+                Hex.decode("0202020202020202020202020202020202020202020202020202020202020202"),
+                -1
+            )
+        }
+    }
+
     @Test
     fun fuzzEcdsaSignVerify() {
         val random = Random.Default