[secp256r1] Verify signature using message hash

[alexb5dh]

Is it possible to verify a secp256r1 signature when only a hash of the message is known?

There's a verify function accepting plaintext message, but no verify_prehash like in p256::ecdsa.

[benr-ml]

@alexb5dh Since ECDSA is insecure for non-hashed messages, fastcrypto only exposes verify_with_hash in case a specific hash is needed.

CC @jonas-lj

[alexb5dh]

Yeah, but it still has its use cases - for example, in Ethereum.

For history, I circumvented this using "no-op" hash function (apologies for the code quality, don't have much experience with Rust):

pub struct NoOpHash<const DIGEST_LENGTH: usize> {}

impl Default for NoOpHash<32> {
    fn default() -> Self {
        todo!()
    }
}

impl HashFunction<32> for NoOpHash<32> {
    fn update<Data: AsRef<[u8]>>(&mut self, _data: Data) {
        todo!()
    }

    fn finalize(self) -> Digest<32> {
        todo!()
    }

    fn digest<Data: AsRef<[u8]>>(data: Data) -> Digest<32> {
        Digest {
            digest: data.as_ref().try_into().expect("Input must be exactly 32 bytes"),
        }
    }
}

and calling library as:

public_key.verify_with_hash::<NoOpHash<32>>(msg, &signature)