Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

k256: use generic signing implementation from ecdsa #911

Merged
merged 1 commit into from
Jul 21, 2023

Conversation

tarcieri
Copy link
Member

Uses ecdsa::hazmat::sign_prehashed which provides a generic implementation of ECDSA signing, which was introduced in RustCrypto/signatures#731 and released in ecdsa v0.16.8.

The code is largely identical to what was previously used, that code having originally been copied from p256 and updated iteratively to match the generic implementation in the ecdsa crate as it evolved.

The only reason why we can't use the default implementation of SignPrimitive::try_sign_prehashed is to handle low-S normalization, which is unique to the secp256k1 ecosystem but nearly ubiquitous and very much expected of ECDSA/secp256k1 implementations.

In the next release this can hopefully be upstreamed to the ecdsa crate as well, which would eliminate the need for the SignPrimitive and VerifyPrimitive traits (which pretty much exist exclusively so k256 can have custom logic to handle low-S normalization).

@tarcieri tarcieri requested a review from fjarri July 21, 2023 16:07
@tarcieri
Copy link
Member Author

Note: #908 still needs to be addressed, but is a similar change

Uses `ecdsa::hazmat::sign_prehashed` which provides a generic
implementation of ECDSA signing.

The code is largely identical to what was previously used, that code
having originally been copied from `p256` and updated iteratively to
match the generic implementation in the `ecdsa` crate as it evolved.

The only reason why we can't use the default implementation of
`SignPrimitive::try_sign_prehashed` is to handle low-S normalization,
which is unique to the secp256k1 ecosystem but nearly ubiquitous and
very much expected of ECDSA/secp256k1 implementations.

In the next release this can hopefully be upstreamed to the `ecdsa`
crate as well, which would eliminate the need for the `SignPrimitive`
and `VerifyPrimitive` traits (which pretty much exist exclusively so
`k256` can have custom logic to handle low-S normalization).
@tarcieri tarcieri force-pushed the k256/use-generic-ecdsa-signing-implementation branch from 27cda04 to 7229df0 Compare July 21, 2023 16:13
@tarcieri tarcieri merged commit dd656af into master Jul 21, 2023
@tarcieri tarcieri deleted the k256/use-generic-ecdsa-signing-implementation branch July 21, 2023 21:14
@tarcieri tarcieri mentioned this pull request Nov 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant