reallyme-crypto-p521 0.1.2

P-521 ECDSA primitive for ReallyMe Crypto.
Documentation
// SPDX-FileCopyrightText: Copyright © 2026 ReallyMe LLC. All rights reserved
//
// SPDX-License-Identifier: Apache-2.0

use crypto_core::{CryptoError, SignatureBackend, SignatureFailureKind, SignatureOperation};
use ecdsa::signature::hazmat::PrehashSigner;
use p521::ecdsa::{Signature, SigningKey};
use sha2::{Digest, Sha512};

use crate::constants::P521_SECRET_KEY_LEN;

/// Sign `message` with P-521 ECDSA using SHA-512 prehashing.
///
/// The returned signature is DER-encoded because DER is the common X.509/PKI
/// boundary format for P-521 signatures. Verifiers accept both S forms because
/// ECDSA validity is not tied to a unique signature representation here.
pub fn sign_p521_der_prehash(secret_key: &[u8], message: &[u8]) -> Result<Vec<u8>, CryptoError> {
    if secret_key.len() != P521_SECRET_KEY_LEN {
        return Err(CryptoError::InvalidKey);
    }

    let signing_key = SigningKey::from_slice(secret_key).map_err(|_| CryptoError::InvalidKey)?;
    let digest = Sha512::digest(message);
    let signature: Signature =
        signing_key
            .sign_prehash(&digest)
            .map_err(|_| CryptoError::Signature {
                backend: SignatureBackend::Native,
                operation: SignatureOperation::Sign,
                kind: SignatureFailureKind::BackendFailure,
            })?;

    Ok(signature.to_der().as_bytes().to_vec())
}