I'm struggling understanding how I can sign a byte array (or a slice) containing an al

Signature for pre-hashed messages (slice input) about elliptic-curves HOT 2 CLOSED

rustcrypto commented on July 3, 2024

Signature for pre-hashed messages (slice input)

from elliptic-curves.

Comments (2)

tarcieri commented on July 3, 2024 1

This is a somewhat dangerous API in that failure to use a hash function on the input message can lead to arbitrary signature forgeries. For that reason we do not provide a high-level interface to it.

If you really, really need such an API, you'll need to use the low-level SignPrimitive API:

https://docs.rs/ecdsa/latest/ecdsa/hazmat/trait.SignPrimitive.html

You can compute a scalar from a known existing digest using <Scalar as Reduce<U256>>::from_be_bytes. See the implementation of DigestSigner as an example:

https://docs.rs/ecdsa/latest/src/ecdsa/sign.rs.html#179-181

from elliptic-curves.

davxy commented on July 3, 2024 1

I managed to have something working.

This is a reference for who tries to do something similar:

use ecdsa::{
    elliptic_curve::{
        generic_array::{typenum::U32, GenericArray},
        ops::Reduce,
    },
    hazmat::{rfc6979_generate_k, SignPrimitive},
    signature::PrehashSignature,
    RecoveryId,
};
use k256::{
    ecdsa::{Signature, SigningKey},
    NonZeroScalar, Scalar, U256,
};
use rand::rngs::OsRng;

fn sign_prehashed(hash: [u8; 32]) -> (Signature, Option<RecoveryId>) {
    let signing_key = SigningKey::random(&mut OsRng);

    let hash_array: GenericArray<u8, U32> = GenericArray::from_slice(&hash).clone();
    let hash_scalar = <Scalar as Reduce<U256>>::from_be_bytes_reduced(hash_array);

    let priv_bytes = signing_key.to_bytes();
    let priv_scalar = <NonZeroScalar as Reduce<U256>>::from_be_bytes_reduced(priv_bytes);

    let k = rfc6979_generate_k::<_, <Signature as PrehashSignature>::Digest>(
        &priv_scalar,
        &hash_scalar,
        &[],
    );

    priv_scalar.try_sign_prehashed(**k, hash_scalar).unwrap()
}