Merge pull request #21 from paulmillr/master

Fix tests

Author: alcuadrado

package.json

@@ -26,7 +26,7 @@
   "dependencies": {
     "micro-base": "^0.10.1",
     "@noble/hashes": "^0.5.7",
-    "@noble/secp256k1": "^1.3.3"
+    "@noble/secp256k1": "^1.4.0"
   },
   "browser": {
     "crypto": false

src/secp256k1-compat.ts

@@ -2,8 +2,8 @@ import { sha256 } from "@noble/hashes/sha256";
 import * as secp from "./secp256k1";
 import { assertBool, assertBytes, hexToBytes, toHex } from "./utils";
 
-// Legacy compatibility layer for elliptic via noble-secp256k1
-// Use `secp256k1` module directly instead
+// Use `secp256k1` module directly.
+// This is a legacy compatibility layer for the npm package `secp256k1` via noble-secp256k1
 
 // Copy-paste from secp256k1, maybe export it?
 const bytesToNumber = (bytes: Uint8Array) => hexToNumber(toHex(bytes));
@@ -116,7 +116,6 @@ export function ecdsaSign(
   }
   const [signature, recid] = secp.signSync(msgHash, privateKey, {
     recovered: true,
-    canonical: true,
     der: false
   });
   return { signature: output(out, 64, signature), recid };
@@ -150,13 +149,14 @@ export function ecdsaVerify(
   if (r >= ORDER || s >= ORDER) {
     throw new Error("Cannot parse signature");
   }
+  const pub = secp.Point.fromHex(publicKey); // should not throw error
   let sig;
   try {
     sig = getSignature(signature);
   } catch (error) {
     return false;
   }
-  return secp.verify(sig, msgHash, publicKey);
+  return secp.verify(sig, msgHash, pub);
 }
 
 export function privateKeyTweakAdd(
@@ -234,10 +234,10 @@ export function publicKeyTweakAdd(
   assertBool(compressed);
   const p1 = secp.Point.fromHex(publicKey);
   const p2 = secp.Point.fromPrivateKey(tweak);
-  if (p2.equals(secp.Point.ZERO)) {
+  const point = p1.add(p2);
+  if (p2.equals(secp.Point.ZERO) || point.equals(secp.Point.ZERO)) {
     throw new Error("Tweak must not be zero");
   }
-  const point = p1.add(p2);
   return output(out, compressed ? 33 : 65, point.toRawBytes(compressed));
 }
 
@@ -254,7 +254,7 @@ export function publicKeyTweakMul(
   if (bn === 0n) {
     throw new Error("Tweak must not be zero");
   }
-  if (bn <= 0 || bn >= ORDER) {
+  if (bn <= 1 || bn >= ORDER) {
     throw new Error("Tweak is zero or bigger than curve order");
   }
   const point = secp.Point.fromHex(publicKey).multiply(bn);
@@ -267,23 +267,17 @@ export function privateKeyTweakMul(
 ): Uint8Array {
   assertBytes(privateKey, 32);
   assertBytes(tweak, 32);
-  let bn = bytesToNumber(tweak);
-  if (bn === 0n) {
-    throw new Error("Tweak must not be zero");
-  }
-  if (bn >= ORDER) {
-    throw new Error("Tweak bigger than curve order");
-  }
-  bn = mod(bn * bytesToNumber(privateKey), ORDER);
-  if (bn >= ORDER) {
-    bn -= ORDER;
+  const bn = bytesToNumber(tweak);
+  if (bn <= 1 || bn >= ORDER) {
+    throw new Error("Tweak is zero or bigger than curve order");
   }
-  if (bn === 0n) {
+  const res = mod(bn * bytesToNumber(privateKey), ORDER);
+  if (res === 0n) {
     throw new Error(
       "The tweak was out of range or the resulted private key is invalid"
     );
   }
-  privateKey.set(hexToBytes(numberToHex(bn)));
+  privateKey.set(hexToBytes(numberToHex(res)));
   return privateKey;
 }
 // internal -> DER

test/test-vectors/secp256k1.ts

@@ -1,7 +1,7 @@
 import * as secp from "../../src/secp256k1";
 import { deepStrictEqual } from "./assert";
 
-describe("curve-secp256k1", () => {
+describe("secp256k1", () => {
   it("should verify msg bb5a...", async () => {
     const msg =
       "bb5a52f42f9c9261ed4361f59422a1e30036e7c32b270c8807a419feca605023";
@@ -11,6 +11,6 @@ describe("curve-secp256k1", () => {
     const s = 115792089237316195423570985008687907852837564279074904382605163141518161494334n;
     const pub = new secp.Point(x, y);
     const sig = new secp.Signature(r, s);
-    deepStrictEqual(secp.verify(sig, msg, pub), true);
+    deepStrictEqual(secp.verify(sig, msg, pub, { strict: false }), true);
   });
 });