secp256k1rb 0.1.1 → 0.3.0

data/lib/secp256k1/musig/key_agg.rb

@@ -0,0 +1,74 @@
+module Secp256k1
+  module MuSig
+
+    # Opaque data structure that caches information about public key aggregation.
+    class KeyAggCache < FFI::Struct
+      layout :data, [:uchar, 197]
+    end
+
+    # Key aggregation context class.
+    class KeyAggContext
+      include Secp256k1
+
+      attr_reader :cache
+
+      # Constructor.
+      # @param [Secp256k1::MuSig::KeyAggCache] key_agg_cache Key aggregation cache.
+      # @raise [ArgumentError] If invalid arguments specified.
+      def initialize(key_agg_cache)
+        raise ArgumentError, "key_agg_cache must be Secp256k1::KeyAggCache." unless key_agg_cache.is_a?(Secp256k1::KeyAggCache)
+        @cache = key_agg_cache
+      end
+
+      # Get aggregate public key.
+      # @return [String] An aggregated public key.
+      def aggregate_public_key
+        with_context do |context|
+          agg_pubkey = FFI::MemoryPointer.new(:uchar, 64)
+          if secp256k1_musig_pubkey_get(context, agg_pubkey, cache.pointer) == 0
+            raise Error, "secp256k1_musig_pubkey_get arguments invalid."
+          end
+          serialize_pubkey(context, agg_pubkey)
+        end
+      end
+
+      # Apply ordinary "EC" tweaking to a public key.
+      # @param [String] tweak Tweak value to tweak the aggregated key.
+      # @param [Boolean] xonly Apply x-only tweaking or not.
+      # @return [String] Tweaked x-only public key with hex format.
+      # @raise [ArgumentError] If invalid arguments specified.
+      # @raise [Secp256k1::Error]
+      def tweak_add(tweak, xonly: false)
+        validate_string!("tweak", tweak, 32)
+        with_context do |context|
+          tweak_ptr = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, hex2bin(tweak))
+          pubkey_ptr = FFI::MemoryPointer.new(:uchar, 64)
+          if xonly
+            if secp256k1_musig_pubkey_xonly_tweak_add(context, pubkey_ptr, cache.pointer, tweak_ptr) == 0
+              raise Error, "secp256k1_musig_pubkey_tweak_add arguments invalid."
+            end
+          else
+            if secp256k1_musig_pubkey_ec_tweak_add(context, pubkey_ptr, cache.pointer, tweak_ptr) == 0
+              raise Error, "secp256k1_musig_pubkey_tweak_add arguments invalid."
+            end
+          end
+          serialize_pubkey(context, pubkey_ptr)
+        end
+      end
+
+      # Get KeyAggCache pointer.
+      # @return [FFI::MemoryPointer]
+      def pointer
+        cache.pointer
+      end
+
+      private
+
+      def serialize_pubkey(context, pubkey_ptr)
+        xonly = FFI::MemoryPointer.new(:uchar, 32)
+        secp256k1_xonly_pubkey_serialize(context, xonly, pubkey_ptr)
+        xonly.read_string(32).unpack1('H*')
+      end
+    end
+  end
+end

data/lib/secp256k1/musig/session.rb

@@ -0,0 +1,123 @@
+module Secp256k1
+  module MuSig
+    class Session
+      include Secp256k1
+      attr_reader :session
+      attr_reader :key_agg_ctx
+      attr_reader :agg_nonce
+      attr_reader :msg
+
+      # Create signing session.
+      # @param [Secp256k1::MuSig::KeyAggContext] key_agg_ctx The key aggregation context.
+      # @param [String] agg_nonce An aggregated public nonce.
+      # @param [String] msg The message to be signed.
+      # @raise [ArgumentError] If invalid arguments specified.
+      # @raise [Secp256k1::Error]
+      def initialize(key_agg_ctx, agg_nonce, msg)
+        raise ArgumentError, 'key_agg_ctx must be KeyAggContext.' unless key_agg_ctx.is_a?(KeyAggContext)
+        validate_string!('msg', msg, 32)
+        validate_string!('agg_nonce', agg_nonce, 66)
+        agg_nonce = hex2bin(agg_nonce)
+        msg = hex2bin(msg)
+        with_context do |context|
+          @session = FFI::MemoryPointer.new(:uchar, 133)
+          agg66 = FFI::MemoryPointer.new(:uchar, 66).put_bytes(0, agg_nonce)
+          agg_ptr = FFI::MemoryPointer.new(:uchar, 132)
+          if secp256k1_musig_aggnonce_parse(context, agg_ptr, agg66) == 0
+            raise Error, "secp256k1_musig_aggnonce_parse failed."
+          end
+          msg_ptr = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, msg)
+          if secp256k1_musig_nonce_process(context, @session, agg_ptr, msg_ptr, key_agg_ctx.pointer) == 0
+            raise Error, "secp256k1_musig_nonce_process arguments invalid."
+          end
+        end
+        @agg_nonce = agg_nonce.unpack1('H*')
+        @msg = msg.unpack1('H*')
+        @key_agg_ctx = key_agg_ctx
+      end
+
+      # Produces a partial signature for a given key pair and secret nonce.
+      # @param [String] sec_nonce The secret nonce to sign the message.
+      # @param [String] private_key The private key to sign the message.
+      # @return [String] A partial signature.
+      # @raise [ArgumentError] If invalid arguments specified.
+      # @raise [Secp256k1::Error]
+      def partial_sign(sec_nonce, private_key)
+        raise ArgumentError, 'key_agg_ctx must be KeyAggContext.' unless key_agg_ctx.is_a?(KeyAggContext)
+        validate_string!('sec_nonce', sec_nonce, 132)
+        validate_string!('private_key', private_key, 32)
+        with_context do |context|
+          partial_sig = FFI::MemoryPointer.new(:uchar, 36)
+          sec_nonce_ptr = FFI::MemoryPointer.new(:uchar, 132).put_bytes(0, hex2bin(sec_nonce))
+          private_key_ptr = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, hex2bin(private_key))
+          key_pair = FFI::MemoryPointer.new(:uchar, 86)
+          if secp256k1_keypair_create(context, key_pair, private_key_ptr) == 0
+            raise Error, "secp256k1_keypair_create invalid private_key."
+          end
+          if secp256k1_musig_partial_sign(
+            context, partial_sig, sec_nonce_ptr, key_pair, key_agg_ctx.cache.pointer, session) == 0
+            raise Error, "secp256k1_musig_partial_sign arguments invalid or sec_nonce has already been used for signing."
+          end
+          out32 = FFI::MemoryPointer.new(:uchar, 32)
+          secp256k1_musig_partial_sig_serialize(context, out32, partial_sig)
+          out32.read_string(32).unpack1('H*')
+        end
+      end
+
+      # Checks that an individual partial signature verifies.
+      # @param [String] partial_sig The partial signature to verify, sent by the signer associated with +pub_nonce+ and +public_key+.
+      # @param [String] pub_nonce The public nonce of the signer in the signing session.
+      # @param [String] public_key The public key of the signer in the signing session.
+      # @return [Boolean] The verification result.
+      # @raise [ArgumentError] If invalid arguments specified.
+      # @raise [Secp256k1::Error]
+      def verify_partial_sig(partial_sig, pub_nonce, public_key)
+        validate_string!('partial_sig', partial_sig, 32)
+        validate_string!('pub_nonce', pub_nonce, 66)
+        validate_string!('public_key', public_key, 33)
+        with_context do |context|
+          sig_ptr = parse_partial_sig(context, partial_sig)
+          public_key = FFI::MemoryPointer.new(:uchar, 33).put_bytes(0, hex2bin(public_key))
+          pubkey_ptr = FFI::MemoryPointer.new(:uchar, 64)
+          raise Error, "pubkey is invalid." unless secp256k1_ec_pubkey_parse(context, pubkey_ptr, public_key, 33) == 1
+          pub_nonce = FFI::MemoryPointer.new(:uchar, 66).put_bytes(0, hex2bin(pub_nonce))
+          nonce_ptr = FFI::MemoryPointer.new(:uchar, 132)
+          if secp256k1_musig_pubnonce_parse(context, nonce_ptr, pub_nonce) == 0
+            raise Error, "secp256k1_musig_pubnonce_parse failed."
+          end
+          secp256k1_musig_partial_sig_verify(context, sig_ptr, nonce_ptr, pubkey_ptr, key_agg_ctx.pointer, session) == 1
+        end
+      end
+
+      # Aggregates partial signatures
+      # @param [Array] partial_sigs Array of partial signatures.
+      # @return [String] An aggregated signature.
+      # @raise [ArgumentError] If invalid arguments specified.
+      # @raise [Secp256k1::Error]
+      def aggregate_partial_sigs(partial_sigs)
+        raise ArgumentError, "partial_sigs must be Array." unless partial_sigs.is_a?(Array)
+        raise ArgumentError, "partial_sigs must not be empty." if partial_sigs.empty?
+        with_context do |context|
+          sigs_ptr = FFI::MemoryPointer.new(:pointer, partial_sigs.length)
+          sigs_ptr.write_array_of_pointer(partial_sigs.map{|partial_sig| parse_partial_sig(context, partial_sig)})
+          sig64 = FFI::MemoryPointer.new(:uchar, 64)
+          if secp256k1_musig_partial_sig_agg(context, sig64, session, sigs_ptr, partial_sigs.length) == 0
+            raise Error, "secp256k1_musig_partial_sig_agg arguments invalid."
+          end
+          sig64.read_string(64).unpack1('H*')
+        end
+      end
+
+      private
+
+      def parse_partial_sig(context, partial_sig)
+        partial_sig = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, hex2bin(partial_sig))
+        sig_ptr = FFI::MemoryPointer.new(:uchar, 36)
+        if secp256k1_musig_partial_sig_parse(context, sig_ptr, partial_sig) == 0
+          raise Error, "secp256k1_musig_partial_sig_parse failed."
+        end
+        sig_ptr
+      end
+    end
+  end
+end

data/lib/secp256k1/musig.rb

@@ -0,0 +1,203 @@
+require_relative 'musig/key_agg'
+require_relative 'musig/session'
+
+module Secp256k1
+
+  # MuSig module
+  # @example
+  #   include Secp256k1
+  #
+  #   # Two signer.
+  #   sk1, pk1 = generate_key_pair
+  #   sk2, pk2 = generate_key_pair
+  #
+  #   # Aggregate public key
+  #   key_agg_ctx = aggregate_pubkey([pk1, pk2])
+  #   agg_pubkey = key_agg_ctx.aggregate_public_key
+  #
+  #   # If you need tweak
+  #   key_agg_ctx.tweak_add('7468697320636f756c64206265206120424950333220747765616b2e2e2e2e00')
+  #   # If you need tweak with xonly
+  #   key_agg_ctx.tweak_add('7468697320636f756c64206265206120546170726f6f7420747765616b2e2e00', xonly: true)
+  #
+  #   agg_pubkey = key_agg_ctx.aggregate_public_key
+  #
+  #   msg = Digest::SHA256.digest('message')
+  #
+  #   # Nonce generation
+  #   session_id1 = generate_musig_session_id
+  #   secnonce1, pubnonce1 = target.generate_musig_nonce(
+  #     session_id1,
+  #     pk1,
+  #     sk: sk1,
+  #     key_agg_ctx: key_agg_ctx,
+  #     msg: msg
+  #   )
+  #
+  #   session_id2 = generate_musig_session_id
+  #   secnonce2, pubnonce2 = target.generate_musig_nonce(
+  #     session_id2,
+  #     pk2,
+  #     sk: sk2,
+  #     key_agg_ctx: key_agg_ctx,
+  #     msg: msg
+  #   )
+  #
+  #   # Aggregate public nonces
+  #   agg_nonce = aggregate_musig_nonce([pubnonce1, pubnonce2])
+  #
+  #   # Generate partial sig
+  #   musig_session = Secp256k1::MuSig::Session.new(key_agg_ctx, agg_nonce, msg)
+  #   partial_sig1 = musig_session.partial_sign(secnonce1, sk1)
+  #   partial_sig2 = musig_session.partial_sign(secnonce2, sk2)
+  #
+  #   # Aggregate signature
+  #   agg_sig = musig_session.aggregate_partial_sigs([partial_sig1, partial_sig2])
+  #
+  #   # Verify schnorr signature
+  #   verify_schnorr(msg, agg_sig, agg_pubkey)
+  module MuSig
+
+    # Aggregate public keys.
+    # @param [Array] pubkeys An array of public keys.
+    # @return [Secp2561k::MuSig::KeyAggContext]
+    # @raise [Secp256k1::Error]
+    def aggregate_pubkey(pubkeys)
+      raise ArgumentError, "pubkeys must be an array." unless pubkeys.is_a?(Array)
+      with_context do |context|
+        pubkeys_ptrs = pubkeys.map do |pubkey|
+          pubkey = hex2bin(pubkey)
+          validate_string!('pubkey', pubkey, 33)
+          input = FFI::MemoryPointer.new(:uchar, 33).put_bytes(0, pubkey)
+          pubkey_ptr = FFI::MemoryPointer.new(:uchar, 64)
+          raise Error, "pubkey is invalid." unless secp256k1_ec_pubkey_parse(context, pubkey_ptr, input, 33) == 1
+          pubkey_ptr
+        end
+        pubkeys_ptr = FFI::MemoryPointer.new(:pointer, pubkeys.length)
+        pubkeys_ptr.write_array_of_pointer(pubkeys_ptrs)
+        agg_pubkey = FFI::MemoryPointer.new(:uchar, 64)
+        cache = Secp256k1::MuSig::KeyAggCache.new
+        if secp256k1_musig_pubkey_agg(context, agg_pubkey, cache.pointer, pubkeys_ptr, pubkeys.length) == 0
+          raise Error, "secp256k1_musig_pubkey_agg argument error."
+        end
+        Secp256k1::MuSig::KeyAggContext.new(cache)
+      end
+    end
+
+    # Generate fresh session id for musig signing session.
+    # @return [String] The session id.
+    def generate_musig_session_id
+      SecureRandom.random_bytes(32).unpack1('H*')
+    end
+
+    # Generate nonce pair.
+    # @param [String] session_id The uniform random identifier for this session.
+    # @param [String] pk The public key for which the partial signature is generated.
+    # @param [String] sk (Optional) The private key for which the partial signature is generated.
+    # @param [Secp256k1::MuSig::KeyAggContext] key_agg_ctx (Optional) The aggregated public key context.
+    # @param [String] msg (Optional) The message to be signed.
+    # @param [String] extra_in (Optional) The auxiliary input.
+    # @return [Array(String)] The array of secret nonce and public nonce with hex format.
+    # @raise [ArgumentError] If invalid arguments specified.
+    # @raise [Secp256k1::Error]
+    def generate_musig_nonce(session_id, pk, sk: nil, key_agg_ctx: nil, msg: nil, extra_in: nil)
+      validate_string!("session_id", session_id, 32)
+      validate_string!("pk", pk, 33)
+      validate_string!("sk", sk, 32) if sk
+      validate_string!("msg", msg, 32) if msg
+      validate_string!("extra_in", extra_in, 32) if extra_in
+
+      if key_agg_ctx
+        raise ArgumentError, "key_agg must be Secp256k1::MuSig::KeyAggContext." unless key_agg_ctx.is_a?(KeyAggContext)
+      end
+
+      with_context do |context|
+        pk_ptr = FFI::MemoryPointer.new(:uchar, 33).put_bytes(0, hex2bin(pk))
+        pubkey = FFI::MemoryPointer.new(:uchar, 64)
+        raise Error, "pk is invalid public key." unless secp256k1_ec_pubkey_parse(context, pubkey, pk_ptr, 33) == 1
+
+        pubnonce = FFI::MemoryPointer.new(:uchar, 132)
+        secnonce = FFI::MemoryPointer.new(:uchar, 132)
+        seckey = sk ? FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, hex2bin(sk)) : nil
+        msg32 = msg ? FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, hex2bin(msg)) : nil
+        extra_input32 = extra_in ? FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, hex2bin(extra_in)) : nil
+        session_secrand32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, hex2bin(session_id))
+
+        raise Error, "arguments is invalid." unless secp256k1_musig_nonce_gen(
+          context, secnonce, pubnonce, session_secrand32, seckey, pubkey, msg32, key_agg_ctx.pointer, extra_input32) == 1
+
+        pub66 = FFI::MemoryPointer.new(:uchar, 66)
+        secp256k1_musig_pubnonce_serialize(context, pub66, pubnonce)
+        [secnonce.read_string(132).unpack1('H*'), pub66.read_string(66).unpack1('H*')]
+      end
+    end
+
+    # Generate a nonce pair deterministically using a non-repeating counter instead of session randomness.
+    # The caller must ensure that +counter+ never repeats for the same key pair.
+    # @param [Integer] counter A non-repeating counter(uint64).
+    # @param [String] private_key The private key for which the partial signature is generated, with hex format.
+    # @param [Secp256k1::MuSig::KeyAggContext] key_agg_ctx (Optional) The aggregated public key context.
+    # @param [String] msg (Optional) The message to be signed.
+    # @param [String] extra_in (Optional) The auxiliary input.
+    # @return [Array(String)] The array of secret nonce and public nonce with hex format.
+    # @raise [ArgumentError] If invalid arguments specified.
+    # @raise [Secp256k1::Error]
+    def generate_musig_nonce_counter(counter, private_key, key_agg_ctx: nil, msg: nil, extra_in: nil)
+      raise ArgumentError, "counter must be Integer." unless counter.is_a?(Integer)
+      raise ArgumentError, "counter must be between 0 and 2**64-1." if counter < 0 || counter > (2**64 - 1)
+      validate_string!("private_key", private_key, 32)
+      validate_string!("msg", msg, 32) if msg
+      validate_string!("extra_in", extra_in, 32) if extra_in
+      if key_agg_ctx
+        raise ArgumentError, "key_agg_ctx must be Secp256k1::MuSig::KeyAggContext." unless key_agg_ctx.is_a?(KeyAggContext)
+      end
+
+      with_context do |context|
+        keypair = [create_keypair(private_key)].pack('H*')
+        keypair_ptr = FFI::MemoryPointer.new(:uchar, 96).put_bytes(0, keypair)
+        pubnonce = FFI::MemoryPointer.new(:uchar, 132)
+        secnonce = FFI::MemoryPointer.new(:uchar, 132)
+        msg32 = msg ? FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, hex2bin(msg)) : nil
+        extra_input32 = extra_in ? FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, hex2bin(extra_in)) : nil
+        cache_ptr = key_agg_ctx ? key_agg_ctx.pointer : nil
+
+        raise Error, "arguments is invalid." unless secp256k1_musig_nonce_gen_counter(
+          context, secnonce, pubnonce, counter, keypair_ptr, msg32, cache_ptr, extra_input32) == 1
+
+        pub66 = FFI::MemoryPointer.new(:uchar, 66)
+        secp256k1_musig_pubnonce_serialize(context, pub66, pubnonce)
+        [secnonce.read_string(132).unpack1('H*'), pub66.read_string(66).unpack1('H*')]
+      end
+    end
+
+    # Aggregates the nonces of all signers into a single nonce.
+    # @param [Array] pub_nonces An array of public nonces sent by the signers.
+    # @return [String] An aggregated public nonce.
+    # @raise [Secp256k1::Error]
+    # @raise [ArgumentError] If invalid arguments specified.
+    def aggregate_musig_nonce(pub_nonces)
+      raise ArgumentError, "pub_nonces must be Array." unless pub_nonces.is_a?(Array)
+
+      with_context do |context|
+        nonce_ptrs = pub_nonces.map do |pub_nonce|
+          pub_nonce = hex2bin(pub_nonce)
+          validate_string!("pub_nonce", pub_nonce, 66)
+          in66 = FFI::MemoryPointer.new(:uchar, 66).put_bytes(0, pub_nonce)
+          pub_nonce_ptr = FFI::MemoryPointer.new(:uchar, 132)
+          if secp256k1_musig_pubnonce_parse(context, pub_nonce_ptr, in66) == 0
+            raise Error, "secp256k1_musig_pubnonce_parse error."
+          end
+          pub_nonce_ptr
+        end
+        agg_nonce = FFI::MemoryPointer.new(:uchar, 132)
+        pubnonces = FFI::MemoryPointer.new(:pointer, pub_nonces.length)
+        pubnonces.write_array_of_pointer(nonce_ptrs)
+        result = secp256k1_musig_nonce_agg(context, agg_nonce, pubnonces, pub_nonces.length)
+        raise Error, "nonce aggregation failed." if result == 0
+        out66 = FFI::MemoryPointer.new(:uchar, 66)
+        secp256k1_musig_aggnonce_serialize(context, out66, agg_nonce)
+        out66.read_string(66).unpack1("H*")
+      end
+    end
+  end
+end

data/lib/secp256k1/recovery.rb

@@ -1,4 +1,15 @@
 module Secp256k1
+  # Recover module
+  # @example
+  #   include Secp256k1
+  #
+  #   sk, _ = generate_key_pair
+  #   msg = Digest::SHA256.digest('message')
+  #   sig, rec = sign_recoverable(msg, sk)
+  #   full_sig = [rec + 0x1b + 4].pack('C') + [sig].pack('H*')
+  #   compressed = true
+  #   recover_pubkey = target.recover(msg, full_sig, compressed)
+  #
   module Recover
     # Sign data with compact format.
     # @param [String] data The 32-byte message hash being signed.
@@ -7,13 +18,10 @@ module Secp256k1
     # @raise [Secp256k1::Error] If recovery failed.
     # @raise [ArgumentError] If invalid arguments specified.
     def sign_recoverable(data, private_key)
-      raise ArgumentError, "private_key must be String." unless private_key.is_a?(String)
-      raise ArgumentError, "data must by String." unless data.is_a?(String)
+      validate_string!("private_key", private_key, 32)
+      validate_string!("data", data, 32)
       private_key = hex2bin(private_key)
-      raise ArgumentError, "private_key must be 32 bytes." unless private_key.bytesize == 32
       data = hex2bin(data)
-      raise ArgumentError, "data must be 32 bytes." unless data.bytesize == 32
-
       with_context do |context|
         sig = FFI::MemoryPointer.new(:uchar, 65)
         hash =FFI::MemoryPointer.new(:uchar, data.bytesize).put_bytes(0, data)
@@ -39,12 +47,10 @@ module Secp256k1
     # @raise [Secp256k1::Error] If recover failed.
     # @raise [ArgumentError] If invalid arguments specified.
     def recover(data, signature, compressed)
-      raise ArgumentError, "data must be String." unless data.is_a?(String)
-      raise ArgumentError, "signature must be String." unless signature.is_a?(String)
+      validate_string!("data", data, 32)
+      validate_string!("signature", signature, 65)
       signature = hex2bin(signature)
-      raise ArgumentError, "signature must be 65 bytes." unless signature.bytesize == 65
       data = hex2bin(data)
-      raise ArgumentError, "data must be 32 bytes." unless data.bytesize == 32
       rec = (signature[0].ord - 0x1b) & 3
       raise ArgumentError, "rec must be between 0 and 3." if rec < 0 || rec > 3
 
@@ -62,5 +68,28 @@ module Secp256k1
         serialize_pubkey_internal(context, pubkey.read_string(64), compressed)
       end
     end
+
+    # Convert a recoverable signature into a normal DER-encoded ECDSA signature.
+    # @param [String] signature The recoverable signature with binary format(65 bytes), as accepted by {#recover}.
+    # @return [String] DER-encoded signature with binary format.
+    # @raise [Secp256k1::Error] If conversion failed.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def recoverable_signature_to_ecdsa(signature)
+      validate_string!("signature", signature, 65)
+      signature = hex2bin(signature)
+      rec = (signature[0].ord - 0x1b) & 3
+      raise ArgumentError, "rec must be between 0 and 3." if rec < 0 || rec > 3
+      with_context do |context|
+        recoverable = FFI::MemoryPointer.new(:uchar, 65)
+        input = FFI::MemoryPointer.new(:uchar, 64).put_bytes(0, signature[1..-1])
+        raise Error, 'secp256k1_ecdsa_recoverable_signature_parse_compact failed.' unless secp256k1_ecdsa_recoverable_signature_parse_compact(context, recoverable, input, rec) == 1
+        internal_signature = FFI::MemoryPointer.new(:uchar, 64)
+        raise Error, 'secp256k1_ecdsa_recoverable_signature_convert failed.' unless secp256k1_ecdsa_recoverable_signature_convert(context, internal_signature, recoverable) == 1
+        output = FFI::MemoryPointer.new(:uchar, 72)
+        output_len = FFI::MemoryPointer.new(:uint64).put_uint64(0, 72)
+        raise Error, 'secp256k1_ecdsa_signature_serialize_der failed.' unless secp256k1_ecdsa_signature_serialize_der(context, output, output_len, internal_signature) == 1
+        output.read_string(output_len.read_uint64)
+      end
+    end
   end
 end

data/lib/secp256k1/schnorrsig.rb

@@ -1,20 +1,29 @@
 module Secp256k1
+  # SchnorrSig module
+  # @example
+  #   include Secp256k1
+  #
+  #   sk, pk = generate_key_pair
+  #
+  #   # sign and verify (Schnorr)
+  #   signature = sign_schnorr(msg, sk)
+  #   verify_schnorr(msg, signature, pk[2..-1]) # public key must be 32 bytes
+  #
   module SchnorrSig
 
     # Sign to data using schnorr.
     # @param [String] data The 32-byte message hash being signed with binary format.
     # @param [String] private_key a private key with hex format using sign.
-    # @param [String] aux_rand a extra entropy.
+    # @param [String] aux_rand The 32-byte extra entropy.
     # @return [String] signature data with binary format. If unsupported algorithm specified, return nil.
     # @raise [ArgumentError] If invalid arguments specified.
     def sign_schnorr(data, private_key, aux_rand = nil)
-      raise ArgumentError, "private_key must be String." unless private_key.is_a?(String)
-      raise ArgumentError, "data must by String." unless data.is_a?(String)
+      validate_string!("data", data, 32)
+      validate_string!("private_key", private_key, 32)
+      validate_string!("aux_rand", aux_rand, 32) if aux_rand
       raise ArgumentError, "aux_rand must be String." if !aux_rand.nil? && !aux_rand.is_a?(String)
       private_key = hex2bin(private_key)
-      raise ArgumentError, "private_key must be 32 bytes." unless private_key.bytesize == 32
       data = hex2bin(data)
-      raise ArgumentError, "data must be 32 bytes." unless data.bytesize == 32
 
       with_context do |context|
         keypair = [create_keypair(private_key)].pack('H*')
@@ -27,18 +36,71 @@ module Secp256k1
       end
     end
 
-    # Verify ecdsa signature.
+    # Magic bytes for secp256k1_schnorrsig_extraparams.
+    SCHNORRSIG_EXTRAPARAMS_MAGIC = [0xda, 0x6f, 0xb3, 0x8c].pack('C*').freeze
+
+    # Sign to a variable-length message using schnorr (BIP340 sign with custom parameters).
+    # @param [String] data The message being signed with binary format. Unlike {#sign_schnorr}, the length is arbitrary.
+    # @param [String] private_key a private key with hex format using sign.
+    # @param [String] aux_rand (Optional)The 32-byte extra entropy.
+    # @return [String] signature data with binary format(64 bytes).
+    # @raise [Secp256k1::Error] If signing failed.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def sign_schnorr_custom(data, private_key, aux_rand = nil)
+      raise ArgumentError, "data must be String." unless data.is_a?(String)
+      validate_string!("private_key", private_key, 32)
+      validate_string!("aux_rand", aux_rand, 32) if aux_rand
+      private_key = hex2bin(private_key)
+      data = hex2bin(data)
+      aux_rand = hex2bin(aux_rand) if aux_rand
+
+      with_context do |context|
+        keypair = [create_keypair(private_key)].pack('H*')
+        keypair = FFI::MemoryPointer.new(:uchar, 96).put_bytes(0, keypair)
+        signature = FFI::MemoryPointer.new(:uchar, 64)
+        msg = FFI::MemoryPointer.new(:uchar, [data.bytesize, 1].max).put_bytes(0, data)
+
+        # Build secp256k1_schnorrsig_extraparams: magic[4], noncefp(NULL=default BIP340), ndata(aux_rand or NULL).
+        ptr_size = FFI::Pointer.size
+        extraparams = FFI::MemoryPointer.new(:uchar, ptr_size * 3)
+        extraparams.put_bytes(0, SCHNORRSIG_EXTRAPARAMS_MAGIC)
+        extraparams.put_pointer(ptr_size, FFI::Pointer::NULL)
+        ndata = aux_rand ? FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, aux_rand) : FFI::Pointer::NULL
+        extraparams.put_pointer(ptr_size * 2, ndata)
+
+        raise Error, 'Failed to generate schnorr signature.' unless secp256k1_schnorrsig_sign_custom(context, signature, msg, data.bytesize, keypair, extraparams) == 1
+        signature.read_string(64)
+      end
+    end
+
+    # Verify schnorr signature.
     # @param [String] data The 32-byte message hash assumed to be signed.
     # @param [String] signature signature data with binary format
     # @param [String] pubkey a public key with hex format using verify.
     # @return [Boolean] verification result.
     # @raise [ArgumentError] If invalid arguments specified.
     def verify_schnorr(data, signature, pubkey)
-      raise ArgumentError, "sig must be String." unless signature.is_a?(String)
-      raise ArgumentError, "pubkey must be String." unless pubkey.is_a?(String)
+      validate_string!("data", data, 32)
+      verify_schnorr_internal(data, signature, pubkey)
+    end
+
+    # Verify a schnorr signature over a variable-length message (counterpart of {#sign_schnorr_custom}).
+    # @param [String] data The message assumed to be signed. The length is arbitrary.
+    # @param [String] signature signature data with binary format(64 bytes).
+    # @param [String] pubkey an x-only public key with hex format(32 bytes) using verify.
+    # @return [Boolean] verification result.
+    # @raise [ArgumentError] If invalid arguments specified.
+    def verify_schnorr_custom(data, signature, pubkey)
       raise ArgumentError, "data must be String." unless data.is_a?(String)
+      verify_schnorr_internal(data, signature, pubkey)
+    end
+
+    private
+
+    def verify_schnorr_internal(data, signature, pubkey)
+      validate_string!("signature", signature, 64)
+      validate_string!("pubkey", pubkey, 32)
       data = hex2bin(data)
-      raise ArgumentError, "data must be 32 bytes." unless data.bytesize == 32
       pubkey = hex2bin(pubkey)
       signature = hex2bin(signature)
       with_context do |context|
@@ -46,8 +108,8 @@ module Secp256k1
         pubkey = [full_pubkey_from_xonly_pubkey(pubkey)].pack('H*')
         xonly_pubkey = FFI::MemoryPointer.new(:uchar, pubkey.bytesize).put_bytes(0, pubkey)
         signature = FFI::MemoryPointer.new(:uchar, signature.bytesize).put_bytes(0, signature)
-        msg32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, data)
-        result = secp256k1_schnorrsig_verify(context, signature, msg32, 32, xonly_pubkey)
+        msg = FFI::MemoryPointer.new(:uchar, [data.bytesize, 1].max).put_bytes(0, data)
+        result = secp256k1_schnorrsig_verify(context, signature, msg, data.bytesize, xonly_pubkey)
         result == 1
       end
     end

data/lib/secp256k1/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Secp256k1
-  VERSION = "0.1.1"
+  VERSION = "0.3.0"
 end