ecdsa: remove SignPrimitive/VerifyPrimitive traits

These were removed upstream in RustCrypto/signatures#793. The ECDSA implementation is fully generic now. These traits were originally for per-curve implementations, but those are no-longer needed. The upstream implementation now has native support for low-S normalization by way of `EcdsaCurve::NORMALIZE_S`.
RustCrypto · Jan 18, 2024 · 5ad0764 · 5ad0764
1 parent 32e6310
commit 5ad0764
Show file tree

Hide file tree

Showing 7 changed files with 4 additions and 162 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/k256/src/ecdsa.rs b/k256/src/ecdsa.rs
@@ -58,56 +58,6 @@
 //!
 //! One common application of signature recovery with secp256k1 is Ethereum.
 //!
-//! ### Upgrading recoverable signature code from earlier versions of `k256`
-//!
-//! The v0.12 release of `k256` contains a brand new recoverable signature API
-//! from previous releases. Functionality has been upstreamed from `k256` to a
-//! generic implementation in the [`ecdsa`](`ecdsa_core`) crate.
-//!
-//! If you previously used `k256::ecdsa::recoverable::Signature`, the old
-//! functionality now uses a "detached" [`Signature`] and [`RecoveryId`].
-//! Here is where the various functionality went:
-//!
-//! - Signing now requires the use of the [`hazmat::SignPrimitive`] trait
-//!   (see examples immediately below).
-//! - Signature recovery is now implemented as methods of the [`VerifyingKey`]
-//!   type (i.e. `::recover_from_*`).
-//! - Trial recovery is now defined on the [`RecoveryId`] type
-//!   (i.e. `::trial_recovery_from_*`).
-//!
-//! ### Computing a signature with a [`RecoveryId`].
-//!
-//! This example shows how to compute a signature and its associated
-//! [`RecoveryId`] in a manner which is byte-for-byte compatible with
-//! Ethereum libraries, leveraging the [`SigningKey::sign_digest_recoverable`]
-//! API:
-//!
-#![cfg_attr(feature = "std", doc = "```")]
-#![cfg_attr(not(feature = "std"), doc = "```ignore")]
-//! # fn main() -> Result<(), Box<dyn std::error::Error>> {
-//! use hex_literal::hex;
-//! use k256::ecdsa::{hazmat::SignPrimitive, RecoveryId, Signature, SigningKey};
-//! use sha2::Sha256;
-//! use sha3::{Keccak256, Digest};
-//!
-//! let signing_key = SigningKey::from_bytes(&hex!(
-//!     "4c0883a69102937d6231471b5dbb6204fe5129617082792ae468d01a3f362318"
-//! ).into())?;
-//!
-//! let msg = hex!("e9808504e3b29200831e848094f0109fc8df283027b6285cc889f5aa624eac1f55843b9aca0080018080");
-//! let digest = Keccak256::new_with_prefix(msg);
-//! let (signature, recid) = signing_key.sign_digest_recoverable(digest)?;
-//!
-//! assert_eq!(
-//!     signature.to_bytes().as_slice(),
-//!     &hex!("c9cf86333bcb065d140032ecaab5d9281bde80f21b9687b3e94161de42d51895727a108a0b8d101465414033c3f705a9c7b826e596766046ee1183dbc8aeaa68")
-//! );
-//!
-//! assert_eq!(recid, RecoveryId::try_from(0u8).unwrap());
-//! # Ok(())
-//! # }
-//! ```
-//!
 //! ### Recovering a [`VerifyingKey`] from a signature
 //!
 #![cfg_attr(feature = "std", doc = "```")]
@@ -152,13 +102,6 @@ pub use ecdsa_core::hazmat;
 
 use crate::Secp256k1;
 
-#[cfg(feature = "ecdsa")]
-use {
-    crate::{AffinePoint, FieldBytes, Scalar},
-    ecdsa_core::hazmat::{SignPrimitive, VerifyPrimitive},
-    elliptic_curve::{ops::Invert, scalar::IsHigh, subtle::CtOption},
-};
-
 /// ECDSA/secp256k1 signature (fixed-size)
 pub type Signature = ecdsa_core::Signature<Secp256k1>;
 
@@ -182,35 +125,6 @@ impl hazmat::DigestPrimitive for Secp256k1 {
     type Digest = sha2::Sha256;
 }
 
-#[cfg(feature = "ecdsa")]
-impl SignPrimitive<Secp256k1> for Scalar {
-    #[allow(non_snake_case, clippy::many_single_char_names)]
-    fn try_sign_prehashed<K>(
-        &self,
-        k: K,
-        z: &FieldBytes,
-    ) -> Result<(Signature, Option<RecoveryId>), Error>
-    where
-        K: AsRef<Self> + Invert<Output = CtOption<Self>>,
-    {
-        let (sig, recid) = hazmat::sign_prehashed::<Secp256k1, K>(self, k, z)?;
-        let is_y_odd = recid.is_y_odd() ^ bool::from(sig.s().is_high());
-        let recid = RecoveryId::new(is_y_odd, recid.is_x_reduced());
-        Ok((sig.normalize_s(), Some(recid)))
-    }
-}
-
-#[cfg(feature = "ecdsa")]
-impl VerifyPrimitive<Secp256k1> for AffinePoint {
-    fn verify_prehashed(&self, z: &FieldBytes, sig: &Signature) -> Result<(), Error> {
-        if sig.s().is_high().into() {
-            return Err(Error::new());
-        }
-
-        hazmat::verify_prehashed(&self.into(), z, sig)
-    }
-}
-
 #[cfg(all(test, feature = "ecdsa", feature = "arithmetic"))]
 mod tests {
     mod normalize {

diff --git a/p192/src/ecdsa.rs b/p192/src/ecdsa.rs
@@ -36,9 +36,6 @@ pub use ecdsa_core::signature::{self, Error};
 use super::NistP192;
 use ecdsa_core::EcdsaCurve;
 
-#[cfg(feature = "ecdsa")]
-use {crate::AffinePoint, ecdsa_core::hazmat::VerifyPrimitive};
-
 /// ECDSA/P-192 signature (fixed-size)
 pub type Signature = ecdsa_core::Signature<NistP192>;
 
@@ -53,9 +50,6 @@ impl EcdsaCurve for NistP192 {
 #[cfg(feature = "ecdsa")]
 pub type VerifyingKey = ecdsa_core::VerifyingKey<NistP192>;
 
-#[cfg(feature = "ecdsa")]
-impl VerifyPrimitive<NistP192> for AffinePoint {}
-
 #[cfg(all(test, feature = "ecdsa"))]
 mod tests {
     mod verify {

diff --git a/p224/src/ecdsa.rs b/p224/src/ecdsa.rs
@@ -42,12 +42,6 @@ pub use ecdsa_core::signature::{self, Error};
 use super::NistP224;
 use ecdsa_core::EcdsaCurve;
 
-#[cfg(feature = "ecdsa")]
-use {
-    crate::{AffinePoint, Scalar},
-    ecdsa_core::hazmat::{SignPrimitive, VerifyPrimitive},
-};
-
 /// ECDSA/P-224 signature (fixed-size)
 pub type Signature = ecdsa_core::Signature<NistP224>;
 
@@ -71,12 +65,6 @@ impl ecdsa_core::hazmat::DigestPrimitive for NistP224 {
     type Digest = sha2::Sha224;
 }
 
-#[cfg(feature = "ecdsa")]
-impl SignPrimitive<NistP224> for Scalar {}
-
-#[cfg(feature = "ecdsa")]
-impl VerifyPrimitive<NistP224> for AffinePoint {}
-
 #[cfg(all(test, feature = "ecdsa"))]
 mod tests {
     use crate::ecdsa::{signature::Signer, Signature, SigningKey};

diff --git a/p256/src/ecdsa.rs b/p256/src/ecdsa.rs
@@ -44,12 +44,6 @@ pub use ecdsa_core::signature::{self, Error};
 use super::NistP256;
 use ecdsa_core::EcdsaCurve;
 
-#[cfg(feature = "ecdsa")]
-use {
-    crate::{AffinePoint, Scalar},
-    ecdsa_core::hazmat::{SignPrimitive, VerifyPrimitive},
-};
-
 /// ECDSA/P-256 signature (fixed-size)
 pub type Signature = ecdsa_core::Signature<NistP256>;
 
@@ -72,13 +66,6 @@ pub type VerifyingKey = ecdsa_core::VerifyingKey<NistP256>;
 impl ecdsa_core::hazmat::DigestPrimitive for NistP256 {
     type Digest = sha2::Sha256;
 }
-
-#[cfg(feature = "ecdsa")]
-impl SignPrimitive<NistP256> for Scalar {}
-
-#[cfg(feature = "ecdsa")]
-impl VerifyPrimitive<NistP256> for AffinePoint {}
-
 #[cfg(all(test, feature = "ecdsa"))]
 mod tests {
     use crate::{
@@ -87,13 +74,9 @@ mod tests {
             signature::Signer,
             Signature, SigningKey, VerifyingKey,
         },
-        test_vectors::ecdsa::ECDSA_TEST_VECTORS,
-        AffinePoint, BlindedScalar, EncodedPoint, Scalar,
-    };
-    use ecdsa_core::hazmat::SignPrimitive;
-    use elliptic_curve::{
-        array::Array, group::ff::PrimeField, rand_core::OsRng, sec1::FromEncodedPoint,
+        AffinePoint, EncodedPoint,
     };
+    use elliptic_curve::{array::Array, sec1::FromEncodedPoint};
     use hex_literal::hex;
     use sha2::Digest;
 
@@ -172,19 +155,6 @@ mod tests {
         assert!(result.is_ok());
     }
 
-    #[test]
-    fn scalar_blinding() {
-        let vector = &ECDSA_TEST_VECTORS[0];
-        let d = Scalar::from_repr(Array::clone_from_slice(vector.d)).unwrap();
-        let k = Scalar::from_repr(Array::clone_from_slice(vector.k)).unwrap();
-        let k_blinded = BlindedScalar::new(k, &mut OsRng);
-        let z = Array::clone_from_slice(vector.m);
-        let sig = d.try_sign_prehashed(k_blinded, &z).unwrap().0;
-
-        assert_eq!(vector.r, sig.r().to_bytes().as_slice());
-        assert_eq!(vector.s, sig.s().to_bytes().as_slice());
-    }
-
     mod sign {
         use crate::{test_vectors::ecdsa::ECDSA_TEST_VECTORS, NistP256};
         ecdsa_core::new_signing_test!(NistP256, ECDSA_TEST_VECTORS);

diff --git a/p384/src/ecdsa.rs b/p384/src/ecdsa.rs
@@ -42,12 +42,6 @@ pub use ecdsa_core::signature::{self, Error};
 use super::NistP384;
 use ecdsa_core::EcdsaCurve;
 
-#[cfg(feature = "ecdsa")]
-use {
-    crate::{AffinePoint, Scalar},
-    ecdsa_core::hazmat::{SignPrimitive, VerifyPrimitive},
-};
-
 /// ECDSA/P-384 signature (fixed-size)
 pub type Signature = ecdsa_core::Signature<NistP384>;
 
@@ -71,12 +65,6 @@ impl ecdsa_core::hazmat::DigestPrimitive for NistP384 {
     type Digest = sha2::Sha384;
 }
 
-#[cfg(feature = "ecdsa")]
-impl SignPrimitive<NistP384> for Scalar {}
-
-#[cfg(feature = "ecdsa")]
-impl VerifyPrimitive<NistP384> for AffinePoint {}
-
 #[cfg(all(test, feature = "ecdsa"))]
 mod tests {
     use crate::{

diff --git a/p521/src/ecdsa.rs b/p521/src/ecdsa.rs
@@ -42,12 +42,6 @@ pub use ecdsa_core::signature::{self, Error};
 use super::NistP521;
 use ecdsa_core::EcdsaCurve;
 
-#[cfg(feature = "ecdsa")]
-use {
-    crate::{AffinePoint, Scalar},
-    ecdsa_core::hazmat::{SignPrimitive, VerifyPrimitive},
-};
-
 /// ECDSA/P-521 signature (fixed-size)
 pub type Signature = ecdsa_core::Signature<NistP521>;
 
@@ -71,12 +65,6 @@ impl ecdsa_core::hazmat::DigestPrimitive for NistP521 {
     type Digest = sha2::Sha512;
 }
 
-#[cfg(feature = "ecdsa")]
-impl SignPrimitive<NistP521> for Scalar {}
-
-#[cfg(feature = "ecdsa")]
-impl VerifyPrimitive<NistP521> for AffinePoint {}
-
 #[cfg(all(test, feature = "ecdsa"))]
 mod tests {
     use crate::ecdsa::{signature::Signer, Signature, SigningKey};