k256: use generic signing implementation from ecdsa
#911
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Note: #908 still needs to be addressed, but is a similar change |
Uses `ecdsa::hazmat::sign_prehashed` which provides a generic implementation of ECDSA signing. The code is largely identical to what was previously used, that code having originally been copied from `p256` and updated iteratively to match the generic implementation in the `ecdsa` crate as it evolved. The only reason why we can't use the default implementation of `SignPrimitive::try_sign_prehashed` is to handle low-S normalization, which is unique to the secp256k1 ecosystem but nearly ubiquitous and very much expected of ECDSA/secp256k1 implementations. In the next release this can hopefully be upstreamed to the `ecdsa` crate as well, which would eliminate the need for the `SignPrimitive` and `VerifyPrimitive` traits (which pretty much exist exclusively so `k256` can have custom logic to handle low-S normalization).
tarcieri
force-pushed
the
k256/use-generic-ecdsa-signing-implementation
branch
from
27cda04
to
7229df0
Compare
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uses
ecdsa::hazmat::sign_prehashedwhich provides a generic implementation of ECDSA signing, which was introduced in RustCrypto/signatures#731 and released inecdsav0.16.8.The code is largely identical to what was previously used, that code having originally been copied from
p256and updated iteratively to match the generic implementation in theecdsacrate as it evolved.The only reason why we can't use the default implementation of
SignPrimitive::try_sign_prehashedis to handle low-S normalization, which is unique to the secp256k1 ecosystem but nearly ubiquitous and very much expected of ECDSA/secp256k1 implementations.In the next release this can hopefully be upstreamed to the
ecdsacrate as well, which would eliminate the need for theSignPrimitiveandVerifyPrimitivetraits (which pretty much exist exclusively sok256can have custom logic to handle low-S normalization).