Reorder verify_ecdsa args to match the order of verify_schnorr

When `verify_schnorr` was first introduced, it used parameters in the inuitive
order: sig, msg, key. It was later noticed that `verify_ecdsa` had the same
parameters but in a different order. Since both functions have been released,
this will be a breaking change, but fixing this now will add consistency and
remove any confusion for users in the future.

Author: shinghim

examples/sign_verify.rs

@@ -15,7 +15,7 @@ fn verify<C: Verification>(
     let sig = ecdsa::Signature::from_compact(&sig)?;
     let pubkey = PublicKey::from_slice(&pubkey)?;
 
-    Ok(secp.verify_ecdsa(&msg, &sig, &pubkey).is_ok())
+    Ok(secp.verify_ecdsa(&sig, &msg, &pubkey).is_ok())
 }
 
 fn sign<C: Signing>(

no_std_test/src/main.rs

@@ -95,10 +95,10 @@ fn start(_argc: isize, _argv: *const *const u8) -> isize {
     let message = Message::from_digest_slice(&[0xab; 32]).expect("32 bytes");
 
     let sig = secp.sign_ecdsa(&message, &secret_key);
-    assert!(secp.verify_ecdsa(&message, &sig, &public_key).is_ok());
+    assert!(secp.verify_ecdsa(&sig, &message, &public_key).is_ok());
 
     let rec_sig = secp.sign_ecdsa_recoverable(&message, &secret_key);
-    assert!(secp.verify_ecdsa(&message, &rec_sig.to_standard(), &public_key).is_ok());
+    assert!(secp.verify_ecdsa(&rec_sig.to_standard(), &message, &public_key).is_ok());
     assert_eq!(public_key, secp.recover_ecdsa(&message, &rec_sig).unwrap());
     let (rec_id, data) = rec_sig.serialize_compact();
     let new_rec_sig = ecdsa::RecoverableSignature::from_compact(&data, rec_id).unwrap();
@@ -122,7 +122,7 @@ fn start(_argc: isize, _argv: *const *const u8) -> isize {
         let message = Message::from_digest_slice(&[0xab; 32]).expect("32 bytes");
 
         let sig = secp_alloc.sign_ecdsa(&message, &secret_key);
-        assert!(secp_alloc.verify_ecdsa(&message, &sig, &public_key).is_ok());
+        assert!(secp_alloc.verify_ecdsa(&sig, &message, &public_key).is_ok());
         unsafe { libc::printf("Verified alloc Successfully!\n\0".as_ptr() as _) };
     }
 

src/ecdsa/mod.rs

@@ -195,7 +195,7 @@ impl Signature {
     #[inline]
     #[cfg(feature = "global-context")]
     pub fn verify(&self, msg: &Message, pk: &PublicKey) -> Result<(), Error> {
-        SECP256K1.verify_ecdsa(msg, self, pk)
+        SECP256K1.verify_ecdsa(self, msg, pk)
     }
 }
 
@@ -373,17 +373,17 @@ impl<C: Verification> Secp256k1<C> {
     /// #
     /// let message = Message::from_digest_slice(&[0xab; 32]).expect("32 bytes");
     /// let sig = secp.sign_ecdsa(&message, &secret_key);
-    /// assert_eq!(secp.verify_ecdsa(&message, &sig, &public_key), Ok(()));
+    /// assert_eq!(secp.verify_ecdsa(&sig, &message, &public_key), Ok(()));
     ///
     /// let message = Message::from_digest_slice(&[0xcd; 32]).expect("32 bytes");
-    /// assert_eq!(secp.verify_ecdsa(&message, &sig, &public_key), Err(Error::IncorrectSignature));
+    /// assert_eq!(secp.verify_ecdsa(&sig, &message, &public_key), Err(Error::IncorrectSignature));
     /// # }
     /// ```
     #[inline]
     pub fn verify_ecdsa(
         &self,
-        msg: &Message,
         sig: &Signature,
+        msg: &Message,
         pk: &PublicKey,
     ) -> Result<(), Error> {
         unsafe {

src/ecdsa/recovery.rs

@@ -336,7 +336,7 @@ mod tests {
 
         let msg = crate::random_32_bytes(&mut rand::thread_rng());
         let msg = Message::from_digest_slice(&msg).unwrap();
-        assert_eq!(s.verify_ecdsa(&msg, &sig, &pk), Err(Error::IncorrectSignature));
+        assert_eq!(s.verify_ecdsa(&sig, &msg, &pk), Err(Error::IncorrectSignature));
 
         let recovered_key = s.recover_ecdsa(&msg, &sigr).unwrap();
         assert!(recovered_key != pk);

src/key.rs

@@ -740,7 +740,7 @@ impl PublicKey {
         msg: &Message,
         sig: &ecdsa::Signature,
     ) -> Result<(), Error> {
-        secp.verify_ecdsa(msg, sig, self)
+        secp.verify_ecdsa(sig, msg, self)
     }
 }
 

src/lib.rs

@@ -39,7 +39,7 @@
 //! let message = Message::from_digest(digest.to_byte_array());
 //!
 //! let sig = secp.sign_ecdsa(&message, &secret_key);
-//! assert!(secp.verify_ecdsa(&message, &sig, &public_key).is_ok());
+//! assert!(secp.verify_ecdsa(&sig, &message, &public_key).is_ok());
 //! # }
 //! ```
 //!
@@ -76,7 +76,7 @@
 //! let message = Message::from_digest(compute_hash(b"CSW is not Satoshi"));
 //!
 //! let sig = secp.sign_ecdsa(&message, &secret_key);
-//! assert!(secp.verify_ecdsa(&message, &sig, &public_key).is_ok());
+//! assert!(secp.verify_ecdsa(&sig, &message, &public_key).is_ok());
 //! # }
 //! ```
 //!
@@ -115,7 +115,7 @@
 //! ]).expect("compact signatures are 64 bytes; DER signatures are 68-72 bytes");
 //!
 //! # #[cfg(not(secp256k1_fuzz))]
-//! assert!(secp.verify_ecdsa(&message, &sig, &public_key).is_ok());
+//! assert!(secp.verify_ecdsa(&sig, &message, &public_key).is_ok());
 //! # }
 //! ```
 //!
@@ -547,8 +547,8 @@ mod tests {
         let sig = full.sign_ecdsa(&msg, &sk);
 
         // Try verifying
-        assert!(vrfy.verify_ecdsa(&msg, &sig, &pk).is_ok());
-        assert!(full.verify_ecdsa(&msg, &sig, &pk).is_ok());
+        assert!(vrfy.verify_ecdsa(&sig, &msg, &pk).is_ok());
+        assert!(full.verify_ecdsa(&sig, &msg, &pk).is_ok());
 
         // The following drop will have no effect; in fact, they will trigger a compiler
         // error because manually dropping a `ManuallyDrop` is almost certainly incorrect.
@@ -614,8 +614,8 @@ mod tests {
         let sig = full.sign_ecdsa(&msg, &sk);
 
         // Try verifying
-        assert!(vrfy.verify_ecdsa(&msg, &sig, &pk).is_ok());
-        assert!(full.verify_ecdsa(&msg, &sig, &pk).is_ok());
+        assert!(vrfy.verify_ecdsa(&sig, &msg, &pk).is_ok());
+        assert!(full.verify_ecdsa(&sig, &msg, &pk).is_ok());
     }
 
     #[test]
@@ -636,8 +636,8 @@ mod tests {
         let sig = full.sign_ecdsa(&msg, &sk);
 
         // Try verifying
-        assert!(vrfy.verify_ecdsa(&msg, &sig, &pk).is_ok());
-        assert!(full.verify_ecdsa(&msg, &sig, &pk).is_ok());
+        assert!(vrfy.verify_ecdsa(&sig, &msg, &pk).is_ok());
+        assert!(full.verify_ecdsa(&sig, &msg, &pk).is_ok());
 
         // Check that we can produce keys from slices with no precomputation
         let (pk_slice, sk_slice) = (&pk.serialize(), &sk[..]);
@@ -750,13 +750,13 @@ mod tests {
 
             let (sk, pk) = s.generate_keypair(&mut rand::thread_rng());
             let sig = s.sign_ecdsa(&msg, &sk);
-            assert_eq!(s.verify_ecdsa(&msg, &sig, &pk), Ok(()));
+            assert_eq!(s.verify_ecdsa(&sig, &msg, &pk), Ok(()));
             let noncedata_sig = s.sign_ecdsa_with_noncedata(&msg, &sk, &noncedata);
-            assert_eq!(s.verify_ecdsa(&msg, &noncedata_sig, &pk), Ok(()));
+            assert_eq!(s.verify_ecdsa(&noncedata_sig, &msg, &pk), Ok(()));
             let low_r_sig = s.sign_ecdsa_low_r(&msg, &sk);
-            assert_eq!(s.verify_ecdsa(&msg, &low_r_sig, &pk), Ok(()));
+            assert_eq!(s.verify_ecdsa(&low_r_sig, &msg, &pk), Ok(()));
             let grind_r_sig = s.sign_ecdsa_grind_r(&msg, &sk, 1);
-            assert_eq!(s.verify_ecdsa(&msg, &grind_r_sig, &pk), Ok(()));
+            assert_eq!(s.verify_ecdsa(&grind_r_sig, &msg, &pk), Ok(()));
             let compact = sig.serialize_compact();
             if compact[0] < 0x80 {
                 assert_eq!(sig, low_r_sig);
@@ -798,9 +798,9 @@ mod tests {
                 let low_r_sig = s.sign_ecdsa_low_r(&msg, &key);
                 let grind_r_sig = s.sign_ecdsa_grind_r(&msg, &key, 1);
                 let pk = PublicKey::from_secret_key(&s, &key);
-                assert_eq!(s.verify_ecdsa(&msg, &sig, &pk), Ok(()));
-                assert_eq!(s.verify_ecdsa(&msg, &low_r_sig, &pk), Ok(()));
-                assert_eq!(s.verify_ecdsa(&msg, &grind_r_sig, &pk), Ok(()));
+                assert_eq!(s.verify_ecdsa(&sig, &msg, &pk), Ok(()));
+                assert_eq!(s.verify_ecdsa(&low_r_sig, &msg, &pk), Ok(()));
+                assert_eq!(s.verify_ecdsa(&grind_r_sig, &msg, &pk), Ok(()));
             }
         }
     }
@@ -820,7 +820,7 @@ mod tests {
 
         let msg = crate::random_32_bytes(&mut rand::thread_rng());
         let msg = Message::from_digest(msg);
-        assert_eq!(s.verify_ecdsa(&msg, &sig, &pk), Err(Error::IncorrectSignature));
+        assert_eq!(s.verify_ecdsa(&sig, &msg, &pk), Err(Error::IncorrectSignature));
     }
 
     #[test]
@@ -913,10 +913,10 @@ mod tests {
         let msg = Message::from_digest(msg);
 
         // without normalization we expect this will fail
-        assert_eq!(secp.verify_ecdsa(&msg, &sig, &pk), Err(Error::IncorrectSignature));
+        assert_eq!(secp.verify_ecdsa(&sig, &msg, &pk), Err(Error::IncorrectSignature));
         // after normalization it should pass
         sig.normalize_s();
-        assert_eq!(secp.verify_ecdsa(&msg, &sig, &pk), Ok(()));
+        assert_eq!(secp.verify_ecdsa(&sig, &msg, &pk), Ok(()));
     }
 
     #[test]
@@ -1000,7 +1000,7 @@ mod tests {
 
         // Check usage as self
         let sig = SECP256K1.sign_ecdsa(&msg, &sk);
-        assert!(SECP256K1.verify_ecdsa(&msg, &sig, &pk).is_ok());
+        assert!(SECP256K1.verify_ecdsa(&sig, &msg, &pk).is_ok());
     }
 }
 
@@ -1045,7 +1045,7 @@ mod benches {
         let sig = s.sign_ecdsa(&msg, &sk);
 
         bh.iter(|| {
-            let res = s.verify_ecdsa(&msg, &sig, &pk).unwrap();
+            let res = s.verify_ecdsa(&sig, &msg, &pk).unwrap();
             black_box(res);
         });
     }