Module curves 

High-level curve API: Curve trait + per-curve unit structs.

This module exposes the user-facing dispatch layer shared by ECDSA and ECDH over short Weierstrass curves. A curve key pair is primitive-agnostic – a SecretKey is just a scalar, a PublicKey is just a point – so the same unit struct (P256, P384, …) dispatches ECDSA sign/verify and ECDH derive to the underlying LIMBS-generic implementations in super::ecdsa.

Supported curves:

Wrapper	Curve	Canonical hash (ECDSA)
P256	NIST P-256	SHA-256
P384	NIST P-384	SHA-384
P521	NIST P-521	SHA-512
Secp256k1	secp256k1 (SECG)	SHA-256
BrainpoolP256r1	brainpoolP256r1	SHA-256
BrainpoolP384r1	brainpoolP384r1	SHA-384
BrainpoolP512r1	brainpoolP512r1	SHA-512

Structs

BrainpoolP256r1

brainpoolP256r1 (BSI / RFC 5639).

BrainpoolP384r1

brainpoolP384r1 (BSI / RFC 5639).

BrainpoolP512r1

brainpoolP512r1 (BSI / RFC 5639).

P256

NIST P-256 (secp256r1).

P384

NIST P-384 (secp384r1).

P521

NIST P-521 (secp521r1). Uses LIMBS=9; qlen=521 is not a multiple of 8, so all RFC 6979 byte-length arithmetic uses rlen_bytes=66 (not LIMBS*8=72). The canonical hash pairing is SHA-512.

PublicKey

Public key on a short Weierstrass curve: an SEC1-encoded point (uncompressed 0x04 || X || Y or compressed 0x02/0x03 || X).

Secp256k1

secp256k1 (SECG / Bitcoin / Ethereum).

SecretKey

Secret key on a short Weierstrass curve: a scalar in [1, n-1] encoded as felem_bytes big-endian octets (per the curve’s SEC1 octet length).

Traits

CryptoRng

A simple RNG trait for randomized nonce generation and key generation.

Curve

Operations on a short Weierstrass curve: keygen, ECDSA sign / verify, and ECDH key agreement.