Make sure that signer is in list of public keys add test vectors

This is ensured by adding failure case to "GetSessionKeyAggCoeff". This commit
also fixes a bug where the callers of would unnecessarily handle
GetSessionKeyAggCoeff handle failure, because before this commit
GetSessionKeyAggCoeff did not fail.

bip-musig2.mediawiki

@@ -428,7 +428,9 @@ Algorithm ''GetSessionValues(session_ctx)'':
 <div>
 Algorithm ''GetSessionKeyAggCoeff(session_ctx, P)'':
 * Let ''(_, u, pk<sub>1..u</sub>, _, _, _, _) = session_ctx''
-* Return ''KeyAggCoeff(pk<sub>1..u</sub>, cbytes(P))''
+* Let ''pk = cbytes(P)''
+* Fail if ''pk'' not in ''pk<sub>1..u</sub>''
+* Return ''KeyAggCoeff(pk<sub>1..u</sub>, pk)''
 </div>
 
 === Signing ===
@@ -728,6 +730,7 @@ An exception to this rule is <code>MAJOR</code> version zero (0.y.z) which is fo
 The <code>MINOR</code> version is incremented whenever the inputs or the output of an algorithm changes in a backward-compatible way or new backward-compatible functionality is added.
 The <code>PATCH</code> version is incremented for other changes that are noteworthy (bug fixes, test vectors, important clarifications, etc.).
 
+* '''0.9.1''' (2022-10-28): Make sure that signer's key is in list of input public keys by adding failure case to ''GetSessionKeyAggCoeff'' and add test vectors.
 * '''0.9.0''' (2022-10-28): Add mandatory ''pk'' argument to ''NonceGen'', append ''pk'' to ''secnonce'' and check in ''Sign'' that the ''pk'' in ''secnonce'' matches. Update test vectors.
 * '''0.8.6''' (2022-09-15): Clarify that implementations do not need to support every feature and add a test vector for signing with a tweaked key
 * '''0.8.5''' (2022-09-05): Rename some functions to improve clarity.

bip-musig2/reference.py

@@ -344,7 +344,10 @@ def get_session_values(session_ctx: SessionContext) -> Tuple[Point, int, int, in
 
 def get_session_key_agg_coeff(session_ctx: SessionContext, P: Point) -> int:
     (_, pubkeys, _, _, _) = session_ctx
-    return key_agg_coeff(pubkeys, PlainPk(cbytes(P)))
+    pk = PlainPk(cbytes(P))
+    if pk not in pubkeys:
+        raise ValueError('The signer\'s pubkey must be included in the list of pubkeys.')
+    return key_agg_coeff(pubkeys, pk)
 
 def sign(secnonce: bytearray, sk: bytes, session_ctx: SessionContext) -> bytes:
     (Q, gacc, _, b, R, e) = get_session_values(session_ctx)

bip-musig2/vectors/det_sign_vectors.json

@@ -82,6 +82,20 @@
             },
             "comment": "Signer 2 provided an invalid public key"
         },
+        {
+            "rand": "0000000000000000000000000000000000000000000000000000000000000000",
+            "aggothernonce": "0337C87821AFD50A8644D820A8F3E02E499C931865C2360FB43D0A0D20DAFE07EA0287BF891D2A6DEAEBADC909352AA9405D1428C15F4B75F04DAE642A95C2548480",
+            "key_indices": [1, 2],
+            "tweaks": [],
+            "is_xonly": [],
+            "msg_index": 0,
+            "signer_index": 1,
+            "error": {
+                "type": "value",
+                "message": "The signer's pubkey must be included in the list of pubkeys."
+            },
+            "comment": "The signers pubkey is not in the list of pubkeys"
+        },
         {
             "rand": "0000000000000000000000000000000000000000000000000000000000000000",
             "aggothernonce": "0437C87821AFD50A8644D820A8F3E02E499C931865C2360FB43D0A0D20DAFE07EA0287BF891D2A6DEAEBADC909352AA9405D1428C15F4B75F04DAE642A95C2548480",

bip-musig2/vectors/sign_verify_vectors.json

@@ -83,6 +83,17 @@
         }
     ],
     "sign_error_test_cases": [
+        {
+            "key_indices": [1, 2],
+            "aggnonce_index": 0,
+            "msg_index": 0,
+            "secnonce_index": 0,
+            "error": {
+                "type": "value",
+                "message": "The signer's pubkey must be included in the list of pubkeys."
+            },
+            "comment": "The signers pubkey is not in the list of pubkeys"
+        },
         {
             "key_indices": [1, 0, 3],
             "aggnonce_index": 0,