k256: use generic signing implementation from ecdsa
#911
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uses
ecdsa::hazmat::sign_prehashed
which provides a generic implementation of ECDSA signing, which was introduced in RustCrypto/signatures#731 and released inecdsa
v0.16.8.The code is largely identical to what was previously used, that code having originally been copied from
p256
and updated iteratively to match the generic implementation in theecdsa
crate as it evolved.The only reason why we can't use the default implementation of
SignPrimitive::try_sign_prehashed
is to handle low-S normalization, which is unique to the secp256k1 ecosystem but nearly ubiquitous and very much expected of ECDSA/secp256k1 implementations.In the next release this can hopefully be upstreamed to the
ecdsa
crate as well, which would eliminate the need for theSignPrimitive
andVerifyPrimitive
traits (which pretty much exist exclusively sok256
can have custom logic to handle low-S normalization).