use crypto_core::{CryptoError, SignatureBackend, SignatureFailureKind, SignatureOperation};
use ecdsa::signature::hazmat::PrehashSigner;
use p521::ecdsa::{Signature, SigningKey};
use sha2::{Digest, Sha512};
use crate::constants::P521_SECRET_KEY_LEN;
pub fn sign_p521_der_prehash(secret_key: &[u8], message: &[u8]) -> Result<Vec<u8>, CryptoError> {
if secret_key.len() != P521_SECRET_KEY_LEN {
return Err(CryptoError::InvalidKey);
}
let signing_key = SigningKey::from_slice(secret_key).map_err(|_| CryptoError::InvalidKey)?;
let digest = Sha512::digest(message);
let signature: Signature =
signing_key
.sign_prehash(&digest)
.map_err(|_| CryptoError::Signature {
backend: SignatureBackend::Native,
operation: SignatureOperation::Sign,
kind: SignatureFailureKind::BackendFailure,
})?;
Ok(signature.to_der().as_bytes().to_vec())
}