From d78de458c120d3b4c4b1b5d78a6cdee88d84cbbf Mon Sep 17 00:00:00 2001
From: Tony Arcieri <bascule@gmail.com>
Date: Mon, 3 Aug 2020 20:19:02 -0700
Subject: [PATCH] ecdsa: add hazmat::RecoverableSignPrimitive

Trait for signature algorithm implementations that support public key
recovery, with a blanket impl for SignPrimitive.
---
 Cargo.lock          |  2 +-
 ecdsa/src/hazmat.rs | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/Cargo.lock b/Cargo.lock
index 9bb4b9d9..6dab0b7e 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -45,7 +45,7 @@ dependencies = [
 [[package]]
 name = "elliptic-curve"
 version = "0.5.0-pre"
-source = "git+https://github.com/RustCrypto/traits#a65edce5d5ee2f5daec882d68fe00f860674f542"
+source = "git+https://github.com/RustCrypto/traits#920522ae53f03483a27b24bc8e924db9e8aff29c"
 dependencies = [
  "generic-array",
  "rand_core",
diff --git a/ecdsa/src/hazmat.rs b/ecdsa/src/hazmat.rs
index 5edb181b..8301f119 100644
--- a/ecdsa/src/hazmat.rs
+++ b/ecdsa/src/hazmat.rs
@@ -45,6 +45,42 @@ where
     ) -> Result<Signature<C>, Error>;
 }
 
+/// [`SignPrimitive`] for signature implementations that can provide public key
+/// recovery implementation.
+pub trait RecoverableSignPrimitive<C>
+where
+    C: Curve + Arithmetic,
+    SignatureSize<C>: ArrayLength<u8>,
+{
+    /// Try to sign the prehashed message.
+    ///
+    /// Accepts the same arguments as [`SignPrimitive::try_sign_prehashed`]
+    /// but returns a boolean flag which indicates whether or not the
+    /// y-coordinate of the computed 𝐑 = 𝑘×𝑮 point is odd, which can be
+    /// incorporated into recoverable signatures.
+    fn try_sign_recoverable_prehashed<K: Borrow<C::Scalar> + Invert<Output = C::Scalar>>(
+        &self,
+        ephemeral_scalar: &K,
+        hashed_msg: &ScalarBytes<C>,
+    ) -> Result<(Signature<C>, bool), Error>;
+}
+
+impl<C, T> SignPrimitive<C> for T
+where
+    C: Curve + Arithmetic,
+    T: RecoverableSignPrimitive<C>,
+    SignatureSize<C>: ArrayLength<u8>,
+{
+    fn try_sign_prehashed<K: Borrow<C::Scalar> + Invert<Output = C::Scalar>>(
+        &self,
+        ephemeral_scalar: &K,
+        hashed_msg: &ScalarBytes<C>,
+    ) -> Result<Signature<C>, Error> {
+        let (sig, _) = self.try_sign_recoverable_prehashed(ephemeral_scalar, hashed_msg)?;
+        Ok(sig)
+    }
+}
+
 /// Verify the given prehashed message using ECDSA.
 ///
 /// This trait is intended to be implemented on type which can access