From b74fb967e27e1a94893d76cac1d0514536159a74 Mon Sep 17 00:00:00 2001
From: Romain Ruetschi <romain@informal.systems>
Date: Wed, 25 Aug 2021 13:40:01 +0200
Subject: [PATCH 1/7] Show underlying detail in some signature errors

---
 tendermint/src/error.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tendermint/src/error.rs b/tendermint/src/error.rs
index 8f32ce97c..c09bf5377 100644
--- a/tendermint/src/error.rs
+++ b/tendermint/src/error.rs
@@ -45,7 +45,7 @@ define_error! {
 
         Protocol
             { detail: String }
-            |_| { format_args!("protocol error") },
+            |e| { format_args!("protocol error: {}", e.detail) },
 
         OutOfRange
             [ DisplayOnly<OutOfRangeError> ]
@@ -53,7 +53,7 @@ define_error! {
 
         SignatureInvalid
             { detail: String }
-            |_| { format_args!("bad signature") },
+            |e| { format_args!("bad signature: {}", e.detail) },
 
         InvalidMessageType
             |_| { format_args!("invalid message type") },

From 64875698dad9098d29447986876bfa7ccf4a28c4 Mon Sep 17 00:00:00 2001
From: Romain Ruetschi <romain@informal.systems>
Date: Thu, 26 Aug 2021 12:17:27 +0200
Subject: [PATCH 2/7] Add support for Secp256k1 signatures

---
 tendermint/Cargo.toml        |  2 +
 tendermint/src/error.rs      |  4 ++
 tendermint/src/public_key.rs | 16 ++++--
 tendermint/src/signature.rs  | 97 ++++++++++++++++++++++++++++++++----
 4 files changed, 107 insertions(+), 12 deletions(-)

diff --git a/tendermint/Cargo.toml b/tendermint/Cargo.toml
index bbb4b5991..2e128d14c 100644
--- a/tendermint/Cargo.toml
+++ b/tendermint/Cargo.toml
@@ -72,4 +72,6 @@ std = [
 [dev-dependencies]
 pretty_assertions = "0.7.2"
 proptest = "0.10.1"
+rand = "0.8.4"
+rand_chacha = "0.3.1"
 tendermint-pbt-gen = { path = "../pbt-gen" }
diff --git a/tendermint/src/error.rs b/tendermint/src/error.rs
index c09bf5377..b4769ad5b 100644
--- a/tendermint/src/error.rs
+++ b/tendermint/src/error.rs
@@ -55,6 +55,10 @@ define_error! {
             { detail: String }
             |e| { format_args!("bad signature: {}", e.detail) },
 
+        SignatureMismatch
+            { detail: String }
+            |e| { format_args!("signature mismatch: {}", e.detail) },
+
         InvalidMessageType
             |_| { format_args!("invalid message type") },
 
diff --git a/tendermint/src/public_key.rs b/tendermint/src/public_key.rs
index ab6b2068c..fa057aa8e 100644
--- a/tendermint/src/public_key.rs
+++ b/tendermint/src/public_key.rs
@@ -134,12 +134,22 @@ impl PublicKey {
                 Signature::Ed25519(sig) => pk.verify(msg, sig).map_err(|_| {
                     Error::signature_invalid("Ed25519 signature verification failed".to_string())
                 }),
+                #[cfg(feature = "secp256k1")]
+                Signature::Secp256k1(_) => Err(Error::signature_mismatch(
+                    "Secp256k1 signature incompatible with Ed25519 public key".to_string(),
+                )),
                 Signature::None => Err(Error::signature_invalid("missing signature".to_string())),
             },
             #[cfg(feature = "secp256k1")]
-            PublicKey::Secp256k1(_) => Err(Error::invalid_key(
-                "unsupported signature algorithm (ECDSA/secp256k1)".to_string(),
-            )),
+            PublicKey::Secp256k1(pk) => match signature {
+                Signature::Secp256k1(sig) => pk.verify(msg, sig).map_err(|_| {
+                    Error::signature_invalid("Secp256k1 signature verification failed".to_string())
+                }),
+                Signature::Ed25519(_) => Err(Error::signature_invalid(
+                    "Ed25519 signature incompatible with Secp256k1 public key".to_string(),
+                )),
+                Signature::None => Err(Error::signature_invalid("missing signature".to_string())),
+            },
         }
     }
 
diff --git a/tendermint/src/signature.rs b/tendermint/src/signature.rs
index 90f4a752b..b191da15e 100644
--- a/tendermint/src/signature.rs
+++ b/tendermint/src/signature.rs
@@ -4,7 +4,7 @@ pub use ed25519::{Signature as Ed25519Signature, SIGNATURE_LENGTH as ED25519_SIG
 pub use signature::{Signer, Verifier};
 
 #[cfg(feature = "secp256k1")]
-pub use k256::ecdsa::Signature as Secp256k1;
+pub use k256::ecdsa::Signature as Secp256k1Signature;
 
 use crate::error::Error;
 use std::convert::TryFrom;
@@ -16,6 +16,12 @@ use tendermint_proto::Protobuf;
 pub enum Signature {
     /// Ed25519 block signature
     Ed25519(Ed25519Signature),
+
+    /// Secp256k1 signature
+    #[cfg(feature = "secp256k1")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "secp256k1")))]
+    Secp256k1(Secp256k1Signature),
+
     /// No signature present
     None, /* This could have been implemented as an `Option<>` but then handling it would be
            * outside the scope of this enum. */
@@ -27,15 +33,26 @@ impl TryFrom<Vec<u8>> for Signature {
     type Error = Error;
 
     fn try_from(value: Vec<u8>) -> Result<Self, Self::Error> {
+        Self::try_from(value.as_ref())
+    }
+}
+
+impl TryFrom<&'_ [u8]> for Signature {
+    type Error = Error;
+
+    fn try_from(value: &'_ [u8]) -> Result<Self, Self::Error> {
         if value.is_empty() {
-            return Ok(Self::default());
-        }
-        if value.len() != ED25519_SIGNATURE_SIZE {
-            return Err(Error::invalid_signature_id_length());
+            return Ok(Self::None);
         }
-        let mut slice: [u8; ED25519_SIGNATURE_SIZE] = [0; ED25519_SIGNATURE_SIZE];
-        slice.copy_from_slice(&value[..]);
-        Ok(Signature::Ed25519(Ed25519Signature::new(slice)))
+
+        let sig = Self::from_raw_ed25519(value);
+
+        #[cfg(feature = "secp256k1")]
+        let sig = sig.or_else(|_| Self::from_raw_secp256k1(value));
+
+        sig.map_err(|_| {
+            Error::signature_invalid("malformed Ed25519 or Secp256k1 signature".to_string())
+        })
     }
 }
 
@@ -52,10 +69,34 @@ impl Default for Signature {
 }
 
 impl Signature {
+    /// Parse an Ed25519 signature from raw bytes
+    fn from_raw_ed25519(value: &[u8]) -> Result<Self, Error> {
+        if value.len() != ED25519_SIGNATURE_SIZE {
+            return Err(Error::invalid_signature_id_length());
+        }
+
+        let mut slice: [u8; ED25519_SIGNATURE_SIZE] = [0; ED25519_SIGNATURE_SIZE];
+        slice.copy_from_slice(value);
+
+        Ok(Self::Ed25519(Ed25519Signature::new(slice)))
+    }
+
+    /// Parse a Secp256k1 signature from raw bytes
+    #[cfg(feature = "secp256k1")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "secp256k1")))]
+    fn from_raw_secp256k1(value: &[u8]) -> Result<Self, Error> {
+        let sig = Secp256k1Signature::try_from(value)
+            .map_err(|_| Error::signature_invalid("malformed Secp256k1 signature".to_string()))?;
+
+        Ok(Self::Secp256k1(sig))
+    }
+
     /// Return the algorithm used to create this particular signature
     pub fn algorithm(&self) -> Algorithm {
         match self {
             Signature::Ed25519(_) => Algorithm::Ed25519,
+            #[cfg(feature = "secp256k1")]
+            Signature::Secp256k1(_) => Algorithm::EcdsaSecp256k1,
             Signature::None => Algorithm::Ed25519, /* It doesn't matter what algorithm an empty
                                                     * signature has. */
         }
@@ -65,7 +106,17 @@ impl Signature {
     pub fn ed25519(self) -> Option<Ed25519Signature> {
         match self {
             Signature::Ed25519(sig) => Some(sig),
-            Signature::None => None,
+            _ => None,
+        }
+    }
+
+    /// Get Secp256k1 signature
+    #[cfg(feature = "secp256k1")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "secp256k1")))]
+    pub fn secp256k1(self) -> Option<Secp256k1Signature> {
+        match self {
+            Signature::Secp256k1(sig) => Some(sig),
+            _ => None,
         }
     }
 
@@ -84,6 +135,8 @@ impl AsRef<[u8]> for Signature {
     fn as_ref(&self) -> &[u8] {
         match self {
             Signature::Ed25519(sig) => sig.as_ref(),
+            #[cfg(feature = "secp256k1")]
+            Signature::Secp256k1(sig) => sig.as_ref(),
             Signature::None => &[],
         }
     }
@@ -95,6 +148,13 @@ impl From<Ed25519Signature> for Signature {
     }
 }
 
+#[cfg(feature = "secp256k1")]
+impl From<Secp256k1Signature> for Signature {
+    fn from(pk: Secp256k1Signature) -> Signature {
+        Signature::Secp256k1(pk)
+    }
+}
+
 /// Digital signature algorithms
 #[derive(Copy, Clone, Debug, Eq, PartialEq)]
 pub enum Algorithm {
@@ -104,3 +164,22 @@ pub enum Algorithm {
     /// EdDSA over Curve25519
     Ed25519,
 }
+
+#[cfg(test)]
+mod tests {
+
+    #[test]
+    #[cfg(feature = "secp256k1")]
+    fn parse_secp256k1() {
+        use super::*;
+        use rand::SeedableRng;
+
+        let rng = rand_chacha::ChaCha8Rng::seed_from_u64(42);
+        let signing_key = k256::ecdsa::SigningKey::random(rng);
+        let sig: Secp256k1Signature = signing_key.sign(&[1, 2, 3, 4, 5]);
+        let sig_bytes = sig.as_ref();
+        let sig = Signature::from_raw_secp256k1(sig_bytes).unwrap();
+        dbg!(&sig);
+        assert!(matches!(sig, Signature::Secp256k1(_)));
+    }
+}

From 989cfedd97d750f0250d14f84a8ad3edc005c4d7 Mon Sep 17 00:00:00 2001
From: Romain Ruetschi <romain@informal.systems>
Date: Fri, 27 Aug 2021 14:39:52 +0200
Subject: [PATCH 3/7] Represent Signature as a wrapper over a byte array

---
 light-client/src/operations/voting_power.rs |  13 +-
 light-client/src/predicates/errors.rs       |   7 +-
 tendermint/src/block/commit_sig.rs          |  23 ++-
 tendermint/src/error.rs                     |   3 +
 tendermint/src/proposal.rs                  |  18 ++-
 tendermint/src/public_key.rs                |  46 +++---
 tendermint/src/signature.rs                 | 153 +++-----------------
 tendermint/src/vote.rs                      |  45 ++++--
 tendermint/src/vote/sign_vote.rs            |  18 +--
 testgen/src/commit.rs                       |   4 +-
 testgen/src/helpers.rs                      |  16 +-
 testgen/src/vote.rs                         |  15 +-
 12 files changed, 141 insertions(+), 220 deletions(-)

diff --git a/light-client/src/operations/voting_power.rs b/light-client/src/operations/voting_power.rs
index adf854dee..bb7b19b2b 100644
--- a/light-client/src/operations/voting_power.rs
+++ b/light-client/src/operations/voting_power.rs
@@ -138,12 +138,9 @@ impl VotingPowerCalculator for ProdVotingPowerCalculator {
                 None => continue, // Cannot find matching validator, so we skip the vote
             };
 
-            let signed_vote = SignedVote::new(
-                vote.clone(),
-                signed_header.header.chain_id.clone(),
-                vote.validator_address,
-                vote.signature,
-            );
+            let signed_vote =
+                SignedVote::from_vote(vote.clone(), signed_header.header.chain_id.clone())
+                    .ok_or_else(VerificationError::missing_signature)?;
 
             // Check vote is valid
             let sign_bytes = signed_vote.sign_bytes();
@@ -152,7 +149,7 @@ impl VotingPowerCalculator for ProdVotingPowerCalculator {
                 .is_err()
             {
                 return Err(VerificationError::invalid_signature(
-                    signed_vote.signature().to_bytes(),
+                    signed_vote.signature().as_bytes().to_vec(),
                     Box::new(validator),
                     sign_bytes,
                 ));
@@ -212,7 +209,7 @@ fn non_absent_vote(
         timestamp: Some(timestamp),
         validator_address,
         validator_index,
-        signature: *signature,
+        signature: signature.clone(),
     })
 }
 
diff --git a/light-client/src/predicates/errors.rs b/light-client/src/predicates/errors.rs
index 9ab9112fa..57afb44c9 100644
--- a/light-client/src/predicates/errors.rs
+++ b/light-client/src/predicates/errors.rs
@@ -58,6 +58,11 @@ define_error! {
                     e.address)
             },
 
+        MissingSignature
+            | _ | {
+                format_args!("missing signature")
+            },
+
         InvalidSignature
             {
                 signature: Vec<u8>,
@@ -65,7 +70,7 @@ define_error! {
                 sign_bytes: Vec<u8>,
             }
             | e | {
-                format_args!("Couldn't verify signature `{:?}` with validator `{:?}` on sign_bytes `{:?}`",
+                format_args!("failed to verify signature `{:?}` with validator `{:?}` on sign_bytes `{:?}`",
                     e.signature, e.validator, e.sign_bytes)
             },
 
diff --git a/tendermint/src/block/commit_sig.rs b/tendermint/src/block/commit_sig.rs
index e5b2a35c2..24592c7f8 100644
--- a/tendermint/src/block/commit_sig.rs
+++ b/tendermint/src/block/commit_sig.rs
@@ -20,7 +20,7 @@ pub enum CommitSig {
         /// Timestamp of vote
         timestamp: Time,
         /// Signature of vote
-        signature: Signature,
+        signature: Option<Signature>,
     },
     /// voted for nil.
     BlockIdFlagNil {
@@ -29,7 +29,7 @@ pub enum CommitSig {
         /// Timestamp of vote
         timestamp: Time,
         /// Signature of vote
-        signature: Signature,
+        signature: Option<Signature>,
     },
 }
 
@@ -79,26 +79,33 @@ impl TryFrom<RawCommitSig> for CommitSig {
                     ));
                 }
             }
+
             if !value.signature.is_empty() {
-                return Err(Error::invalid_signature("empty signature".to_string()));
+                return Err(Error::invalid_signature(
+                    "expected empty signature for absent commitsig".to_string(),
+                ));
             }
+
             return Ok(CommitSig::BlockIdFlagAbsent);
         }
+
         if value.block_id_flag == BlockIdFlag::Commit.to_i32().unwrap() {
             if value.signature.is_empty() {
                 return Err(Error::invalid_signature(
-                    "regular commitsig has no signature".to_string(),
+                    "expected non-empty signature for regular commitsig".to_string(),
                 ));
             }
+
             if value.validator_address.is_empty() {
                 return Err(Error::invalid_validator_address());
             }
+
             let timestamp = value.timestamp.ok_or_else(Error::missing_timestamp)?.into();
 
             return Ok(CommitSig::BlockIdFlagCommit {
                 validator_address: value.validator_address.try_into()?,
                 timestamp,
-                signature: value.signature.try_into()?,
+                signature: Signature::new(value.signature),
             });
         }
         if value.block_id_flag == BlockIdFlag::Nil.to_i32().unwrap() {
@@ -113,7 +120,7 @@ impl TryFrom<RawCommitSig> for CommitSig {
             return Ok(CommitSig::BlockIdFlagNil {
                 validator_address: value.validator_address.try_into()?,
                 timestamp: value.timestamp.ok_or_else(Error::missing_timestamp)?.into(),
-                signature: value.signature.try_into()?,
+                signature: Signature::new(value.signature),
             });
         }
         Err(Error::block_id_flag())
@@ -137,7 +144,7 @@ impl From<CommitSig> for RawCommitSig {
                 block_id_flag: BlockIdFlag::Nil.to_i32().unwrap(),
                 validator_address: validator_address.into(),
                 timestamp: Some(timestamp.into()),
-                signature: signature.into(),
+                signature: signature.map(|s| s.to_bytes()).unwrap_or_default(),
             },
             CommitSig::BlockIdFlagCommit {
                 validator_address,
@@ -147,7 +154,7 @@ impl From<CommitSig> for RawCommitSig {
                 block_id_flag: BlockIdFlag::Commit.to_i32().unwrap(),
                 validator_address: validator_address.into(),
                 timestamp: Some(timestamp.into()),
-                signature: signature.into(),
+                signature: signature.map(|s| s.to_bytes()).unwrap_or_default(),
             },
         }
     }
diff --git a/tendermint/src/error.rs b/tendermint/src/error.rs
index b4769ad5b..ebb734801 100644
--- a/tendermint/src/error.rs
+++ b/tendermint/src/error.rs
@@ -51,6 +51,9 @@ define_error! {
             [ DisplayOnly<OutOfRangeError> ]
             |_| { format_args!("value out of range") },
 
+        EmptySignature
+            |_| { format_args!("empty signature") },
+
         SignatureInvalid
             { detail: String }
             |e| { format_args!("bad signature: {}", e.detail) },
diff --git a/tendermint/src/proposal.rs b/tendermint/src/proposal.rs
index f2c508f74..807866043 100644
--- a/tendermint/src/proposal.rs
+++ b/tendermint/src/proposal.rs
@@ -35,7 +35,7 @@ pub struct Proposal {
     /// Timestamp
     pub timestamp: Option<Time>,
     /// Signature
-    pub signature: Signature,
+    pub signature: Option<Signature>,
 }
 
 impl Protobuf<RawProposal> for Proposal {}
@@ -58,7 +58,7 @@ impl TryFrom<RawProposal> for Proposal {
             pol_round,
             block_id: value.block_id.map(TryInto::try_into).transpose()?,
             timestamp: value.timestamp.map(|t| t.into()),
-            signature: value.signature.try_into()?,
+            signature: Signature::new(value.signature),
         })
     }
 }
@@ -72,7 +72,7 @@ impl From<Proposal> for RawProposal {
             pol_round: value.pol_round.map_or(-1, Into::into),
             block_id: value.block_id.map(Into::into),
             timestamp: value.timestamp.map(Into::into),
-            signature: value.signature.into(),
+            signature: value.signature.map(|s| s.to_bytes()).unwrap_or_default(),
         }
     }
 }
@@ -150,7 +150,9 @@ mod tests {
                 .unwrap(),
             }),
             timestamp: Some(dt.into()),
-            signature: Signature::Ed25519(Ed25519Signature::new([0; ED25519_SIGNATURE_SIZE])),
+            signature: Some(Signature::from(Ed25519Signature::new(
+                [0; ED25519_SIGNATURE_SIZE],
+            ))),
         };
 
         let mut got = vec![];
@@ -232,7 +234,9 @@ mod tests {
                 .unwrap(),
             }),
             timestamp: Some(dt.into()),
-            signature: Signature::Ed25519(Ed25519Signature::new([0; ED25519_SIGNATURE_SIZE])),
+            signature: Some(Signature::from(Ed25519Signature::new(
+                [0; ED25519_SIGNATURE_SIZE],
+            ))),
         };
 
         let mut got = vec![];
@@ -316,7 +320,9 @@ mod tests {
                 )
                 .unwrap(),
             }),
-            signature: Signature::Ed25519(Ed25519Signature::new([0; ED25519_SIGNATURE_SIZE])),
+            signature: Some(Signature::from(Ed25519Signature::new(
+                [0; ED25519_SIGNATURE_SIZE],
+            ))),
         };
         let want = SignProposalRequest {
             proposal,
diff --git a/tendermint/src/public_key.rs b/tendermint/src/public_key.rs
index fa057aa8e..75f88510a 100644
--- a/tendermint/src/public_key.rs
+++ b/tendermint/src/public_key.rs
@@ -110,7 +110,6 @@ impl PublicKey {
 
     /// Get Ed25519 public key
     pub fn ed25519(self) -> Option<Ed25519> {
-        #[allow(unreachable_patterns)]
         match self {
             PublicKey::Ed25519(pk) => Some(pk),
             _ => None,
@@ -130,26 +129,33 @@ impl PublicKey {
     /// Verify the given [`Signature`] using this public key
     pub fn verify(&self, msg: &[u8], signature: &Signature) -> Result<(), Error> {
         match self {
-            PublicKey::Ed25519(pk) => match signature {
-                Signature::Ed25519(sig) => pk.verify(msg, sig).map_err(|_| {
-                    Error::signature_invalid("Ed25519 signature verification failed".to_string())
-                }),
-                #[cfg(feature = "secp256k1")]
-                Signature::Secp256k1(_) => Err(Error::signature_mismatch(
-                    "Secp256k1 signature incompatible with Ed25519 public key".to_string(),
-                )),
-                Signature::None => Err(Error::signature_invalid("missing signature".to_string())),
-            },
+            PublicKey::Ed25519(pk) => {
+                match ed25519_dalek::Signature::try_from(signature.as_bytes()) {
+                    Ok(sig) => pk.verify(msg, &sig).map_err(|_| {
+                        Error::signature_invalid(
+                            "Ed25519 signature verification failed".to_string(),
+                        )
+                    }),
+                    Err(e) => Err(Error::signature_invalid(format!(
+                        "invalid Ed25519 signature: {}",
+                        e
+                    ))),
+                }
+            }
             #[cfg(feature = "secp256k1")]
-            PublicKey::Secp256k1(pk) => match signature {
-                Signature::Secp256k1(sig) => pk.verify(msg, sig).map_err(|_| {
-                    Error::signature_invalid("Secp256k1 signature verification failed".to_string())
-                }),
-                Signature::Ed25519(_) => Err(Error::signature_invalid(
-                    "Ed25519 signature incompatible with Secp256k1 public key".to_string(),
-                )),
-                Signature::None => Err(Error::signature_invalid("missing signature".to_string())),
-            },
+            PublicKey::Secp256k1(pk) => {
+                match k256::ecdsa::Signature::try_from(signature.as_bytes()) {
+                    Ok(sig) => pk.verify(msg, &sig).map_err(|_| {
+                        Error::signature_invalid(
+                            "Secp256k1 signature verification failed".to_string(),
+                        )
+                    }),
+                    Err(e) => Err(Error::signature_invalid(format!(
+                        "invalid Secp256k1 signature: {}",
+                        e
+                    ))),
+                }
+            }
         }
     }
 
diff --git a/tendermint/src/signature.rs b/tendermint/src/signature.rs
index b191da15e..9ba88113c 100644
--- a/tendermint/src/signature.rs
+++ b/tendermint/src/signature.rs
@@ -6,180 +6,71 @@ pub use signature::{Signer, Verifier};
 #[cfg(feature = "secp256k1")]
 pub use k256::ecdsa::Signature as Secp256k1Signature;
 
-use crate::error::Error;
 use std::convert::TryFrom;
 use tendermint_proto::Protobuf;
 
+use crate::error::Error;
+
 /// Signatures
-#[derive(Copy, Clone, Debug, PartialEq)]
-#[non_exhaustive]
-pub enum Signature {
-    /// Ed25519 block signature
-    Ed25519(Ed25519Signature),
-
-    /// Secp256k1 signature
-    #[cfg(feature = "secp256k1")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "secp256k1")))]
-    Secp256k1(Secp256k1Signature),
-
-    /// No signature present
-    None, /* This could have been implemented as an `Option<>` but then handling it would be
-           * outside the scope of this enum. */
-}
+#[derive(Clone, Debug, PartialEq)]
+pub struct Signature(Vec<u8>);
 
 impl Protobuf<Vec<u8>> for Signature {}
 
 impl TryFrom<Vec<u8>> for Signature {
     type Error = Error;
 
-    fn try_from(value: Vec<u8>) -> Result<Self, Self::Error> {
-        Self::try_from(value.as_ref())
-    }
-}
-
-impl TryFrom<&'_ [u8]> for Signature {
-    type Error = Error;
-
-    fn try_from(value: &'_ [u8]) -> Result<Self, Self::Error> {
-        if value.is_empty() {
-            return Ok(Self::None);
+    fn try_from(bytes: Vec<u8>) -> Result<Self, Self::Error> {
+        if bytes.is_empty() {
+            return Err(Error::empty_signature());
         }
 
-        let sig = Self::from_raw_ed25519(value);
-
-        #[cfg(feature = "secp256k1")]
-        let sig = sig.or_else(|_| Self::from_raw_secp256k1(value));
-
-        sig.map_err(|_| {
-            Error::signature_invalid("malformed Ed25519 or Secp256k1 signature".to_string())
-        })
+        Ok(Self(bytes))
     }
 }
 
 impl From<Signature> for Vec<u8> {
     fn from(value: Signature) -> Self {
-        value.as_bytes().to_vec()
-    }
-}
-
-impl Default for Signature {
-    fn default() -> Self {
-        Signature::None
+        value.0
     }
 }
 
 impl Signature {
-    /// Parse an Ed25519 signature from raw bytes
-    fn from_raw_ed25519(value: &[u8]) -> Result<Self, Error> {
-        if value.len() != ED25519_SIGNATURE_SIZE {
-            return Err(Error::invalid_signature_id_length());
+    /// Create a new signature from the given byte array, if non-empty.
+    pub fn new(bytes: Vec<u8>) -> Option<Self> {
+        if bytes.is_empty() {
+            None
+        } else {
+            Some(Self(bytes))
         }
-
-        let mut slice: [u8; ED25519_SIGNATURE_SIZE] = [0; ED25519_SIGNATURE_SIZE];
-        slice.copy_from_slice(value);
-
-        Ok(Self::Ed25519(Ed25519Signature::new(slice)))
     }
 
-    /// Parse a Secp256k1 signature from raw bytes
-    #[cfg(feature = "secp256k1")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "secp256k1")))]
-    fn from_raw_secp256k1(value: &[u8]) -> Result<Self, Error> {
-        let sig = Secp256k1Signature::try_from(value)
-            .map_err(|_| Error::signature_invalid("malformed Secp256k1 signature".to_string()))?;
-
-        Ok(Self::Secp256k1(sig))
-    }
-
-    /// Return the algorithm used to create this particular signature
-    pub fn algorithm(&self) -> Algorithm {
-        match self {
-            Signature::Ed25519(_) => Algorithm::Ed25519,
-            #[cfg(feature = "secp256k1")]
-            Signature::Secp256k1(_) => Algorithm::EcdsaSecp256k1,
-            Signature::None => Algorithm::Ed25519, /* It doesn't matter what algorithm an empty
-                                                    * signature has. */
-        }
-    }
-
-    /// Get Ed25519 signature
-    pub fn ed25519(self) -> Option<Ed25519Signature> {
-        match self {
-            Signature::Ed25519(sig) => Some(sig),
-            _ => None,
-        }
-    }
-
-    /// Get Secp256k1 signature
-    #[cfg(feature = "secp256k1")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "secp256k1")))]
-    pub fn secp256k1(self) -> Option<Secp256k1Signature> {
-        match self {
-            Signature::Secp256k1(sig) => Some(sig),
-            _ => None,
-        }
-    }
-
-    /// Return the raw bytes of this signature
+    /// Return a reference to the underlying byte array
     pub fn as_bytes(&self) -> &[u8] {
-        self.as_ref()
+        self.0.as_ref()
     }
 
-    /// Get a vector containing the byte serialization of this key
+    /// Return the underlying byte array
     pub fn to_bytes(self) -> Vec<u8> {
-        self.as_bytes().to_vec()
+        self.0
     }
 }
 
 impl AsRef<[u8]> for Signature {
     fn as_ref(&self) -> &[u8] {
-        match self {
-            Signature::Ed25519(sig) => sig.as_ref(),
-            #[cfg(feature = "secp256k1")]
-            Signature::Secp256k1(sig) => sig.as_ref(),
-            Signature::None => &[],
-        }
+        self.as_bytes()
     }
 }
 
 impl From<Ed25519Signature> for Signature {
     fn from(pk: Ed25519Signature) -> Signature {
-        Signature::Ed25519(pk)
+        Self(pk.as_ref().to_vec())
     }
 }
 
 #[cfg(feature = "secp256k1")]
 impl From<Secp256k1Signature> for Signature {
     fn from(pk: Secp256k1Signature) -> Signature {
-        Signature::Secp256k1(pk)
-    }
-}
-
-/// Digital signature algorithms
-#[derive(Copy, Clone, Debug, Eq, PartialEq)]
-pub enum Algorithm {
-    /// ECDSA over secp256k1
-    EcdsaSecp256k1,
-
-    /// EdDSA over Curve25519
-    Ed25519,
-}
-
-#[cfg(test)]
-mod tests {
-
-    #[test]
-    #[cfg(feature = "secp256k1")]
-    fn parse_secp256k1() {
-        use super::*;
-        use rand::SeedableRng;
-
-        let rng = rand_chacha::ChaCha8Rng::seed_from_u64(42);
-        let signing_key = k256::ecdsa::SigningKey::random(rng);
-        let sig: Secp256k1Signature = signing_key.sign(&[1, 2, 3, 4, 5]);
-        let sig_bytes = sig.as_ref();
-        let sig = Signature::from_raw_secp256k1(sig_bytes).unwrap();
-        dbg!(&sig);
-        assert!(matches!(sig, Signature::Secp256k1(_)));
+        Self(pk.as_ref().to_vec())
     }
 }
diff --git a/tendermint/src/vote.rs b/tendermint/src/vote.rs
index 986cbf3af..3fbbbb991 100644
--- a/tendermint/src/vote.rs
+++ b/tendermint/src/vote.rs
@@ -9,22 +9,24 @@ pub use self::canonical_vote::CanonicalVote;
 pub use self::power::Power;
 pub use self::sign_vote::*;
 pub use self::validator_index::ValidatorIndex;
-use crate::chain::Id as ChainId;
-use crate::consensus::State;
-use crate::error::Error;
-use crate::hash;
-use crate::{account, block, Signature, Time};
-use bytes::BufMut;
-use ed25519::Signature as ed25519Signature;
-use ed25519::SIGNATURE_LENGTH as ed25519SignatureLength;
-use serde::{Deserialize, Serialize};
+
 use std::convert::{TryFrom, TryInto};
 use std::fmt;
+use std::str::FromStr;
+
+use bytes::BufMut;
+use ed25519::Signature as Ed25519Signature;
+use ed25519::SIGNATURE_LENGTH as ED25519_SIGNATURE_LENGTH;
+use serde::{Deserialize, Serialize};
+
 use tendermint_proto::types::Vote as RawVote;
 use tendermint_proto::{Error as ProtobufError, Protobuf};
 
-use crate::signature::Signature::Ed25519;
-use std::str::FromStr;
+use crate::chain::Id as ChainId;
+use crate::consensus::State;
+use crate::error::Error;
+use crate::hash;
+use crate::{account, block, Signature, Time};
 
 /// Votes are signed messages from validators for a particular block which
 /// include information about the validator signing it.
@@ -55,7 +57,7 @@ pub struct Vote {
     pub validator_index: ValidatorIndex,
 
     /// Signature
-    pub signature: Signature,
+    pub signature: Option<Signature>,
 }
 
 impl Protobuf<RawVote> for Vote {}
@@ -80,7 +82,7 @@ impl TryFrom<RawVote> for Vote {
             timestamp: value.timestamp.map(|t| t.into()),
             validator_address: value.validator_address.try_into()?,
             validator_index: value.validator_index.try_into()?,
-            signature: value.signature.try_into()?,
+            signature: Signature::new(value.signature),
         })
     }
 }
@@ -95,7 +97,7 @@ impl From<Vote> for RawVote {
             timestamp: value.timestamp.map(Into::into),
             validator_address: value.validator_address.into(),
             validator_index: value.validator_index.into(),
-            signature: value.signature.into(),
+            signature: value.signature.map(|s| s.to_bytes()).unwrap_or_default(),
         }
     }
 }
@@ -166,7 +168,9 @@ impl Default for Vote {
             timestamp: Some(Time::unix_epoch()),
             validator_address: account::Id::new([0; account::LENGTH]),
             validator_index: ValidatorIndex::try_from(0_i32).unwrap(),
-            signature: Ed25519(ed25519Signature::new([0; ed25519SignatureLength])),
+            signature: Some(Signature::from(Ed25519Signature::new(
+                [0; ED25519_SIGNATURE_LENGTH],
+            ))),
         }
     }
 }
@@ -179,7 +183,7 @@ pub struct SignedVote {
 }
 
 impl SignedVote {
-    /// Create new SignedVote from provided canonicalized vote, validator id, and
+    /// Create new `SignedVote` from provided canonicalized vote, validator id, and
     /// the signature of that validator.
     pub fn new(
         vote: Vote,
@@ -195,6 +199,15 @@ impl SignedVote {
         }
     }
 
+    /// Create a new `SignedVote` from the provided `Vote`, which may or may not be signed.
+    /// If the vote is not signed, this function will return `None`.
+    pub fn from_vote(vote: Vote, chain_id: ChainId) -> Option<Self> {
+        let validator_address = vote.validator_address;
+        vote.signature
+            .clone()
+            .map(|signature| Self::new(vote, chain_id, validator_address, signature))
+    }
+
     /// Return the id of the validator that signed this vote.
     pub fn validator_id(&self) -> account::Id {
         self.validator_address
diff --git a/tendermint/src/vote/sign_vote.rs b/tendermint/src/vote/sign_vote.rs
index 4d07ce394..0ffccd1c1 100644
--- a/tendermint/src/vote/sign_vote.rs
+++ b/tendermint/src/vote/sign_vote.rs
@@ -128,14 +128,14 @@ mod tests {
             ])
             .unwrap(),
             validator_index: ValidatorIndex::try_from(56789).unwrap(),
-            signature: Signature::try_from(vec![
+            signature: Signature::new(vec![
                 130u8, 246, 183, 50, 153, 248, 28, 57, 51, 142, 55, 217, 194, 24, 134, 212, 233,
                 100, 211, 10, 24, 174, 179, 117, 41, 65, 141, 134, 149, 239, 65, 174, 217, 42, 6,
                 184, 112, 17, 7, 97, 255, 221, 252, 16, 60, 144, 30, 212, 167, 39, 67, 35, 118,
                 192, 133, 130, 193, 115, 32, 206, 152, 91, 173, 10,
-            ])
-            .unwrap(),
+            ]),
         };
+
         let mut got = vec![];
 
         let request = SignVoteRequest {
@@ -213,13 +213,12 @@ mod tests {
             ])
             .unwrap(),
             validator_index: ValidatorIndex::try_from(56789).unwrap(),
-            signature: Signature::try_from(vec![
+            signature: Signature::new(vec![
                 130u8, 246, 183, 50, 153, 248, 28, 57, 51, 142, 55, 217, 194, 24, 134, 212, 233,
                 100, 211, 10, 24, 174, 179, 117, 41, 65, 141, 134, 149, 239, 65, 174, 217, 42, 6,
                 184, 112, 17, 7, 97, 255, 221, 252, 16, 60, 144, 30, 212, 167, 39, 67, 35, 118,
                 192, 133, 130, 193, 115, 32, 206, 152, 91, 173, 10,
-            ])
-            .unwrap(),
+            ]),
         };
 
         let request = SignVoteRequest {
@@ -363,13 +362,12 @@ mod tests {
                 .unwrap(),
             }),
             // signature: None,
-            signature: Signature::try_from(vec![
+            signature: Signature::new(vec![
                 130u8, 246, 183, 50, 153, 248, 28, 57, 51, 142, 55, 217, 194, 24, 134, 212, 233,
                 100, 211, 10, 24, 174, 179, 117, 41, 65, 141, 134, 149, 239, 65, 174, 217, 42, 6,
                 184, 112, 17, 7, 97, 255, 221, 252, 16, 60, 144, 30, 212, 167, 39, 67, 35, 118,
                 192, 133, 130, 193, 115, 32, 206, 152, 91, 173, 10,
-            ])
-            .unwrap(),
+            ]),
         };
         let got = vote.encode_vec().unwrap();
         let v = Vote::decode_vec(&got).unwrap();
@@ -425,7 +423,7 @@ mod tests {
                 )
                 .unwrap(),
             }),
-            signature: Signature::try_from(vec![1; ED25519_SIGNATURE_SIZE]).unwrap(),
+            signature: Signature::new(vec![1; ED25519_SIGNATURE_SIZE]),
         };
         let want = SignVoteRequest {
             vote,
diff --git a/testgen/src/commit.rs b/testgen/src/commit.rs
index 31c9956d7..a0cd86a50 100644
--- a/testgen/src/commit.rs
+++ b/testgen/src/commit.rs
@@ -215,12 +215,12 @@ mod tests {
                     assert!(!verify_signature(
                         &valset2[i].get_public_key().unwrap(),
                         &sign_bytes,
-                        signature
+                        signature.as_ref().unwrap()
                     ));
                     assert!(verify_signature(
                         &valset1[i].get_public_key().unwrap(),
                         &sign_bytes,
-                        signature
+                        signature.as_ref().unwrap()
                     ));
                 }
                 _ => panic!("signature was not a commit"),
diff --git a/testgen/src/helpers.rs b/testgen/src/helpers.rs
index 46d632470..7c36cfdba 100644
--- a/testgen/src/helpers.rs
+++ b/testgen/src/helpers.rs
@@ -43,20 +43,16 @@ pub fn read_stdin() -> Result<String, SimpleError> {
 }
 
 pub fn get_vote_sign_bytes(chain_id: chain::Id, vote: &vote::Vote) -> Vec<u8> {
-    let signed_vote = vote::SignedVote::new(
-        vote.clone(),
-        chain_id,
-        vote.validator_address,
-        vote.signature,
-    );
+    let signed_vote = vote::SignedVote::from_vote(vote.clone(), chain_id).unwrap();
+
     signed_vote.sign_bytes()
 }
 
 pub fn verify_signature(verifier: &public_key::Ed25519, msg: &[u8], signature: &Signature) -> bool {
-    match signature {
-        tendermint::signature::Signature::Ed25519(sig) => verifier.verify(msg, sig).is_ok(),
-        _ => false,
-    }
+    use std::convert::TryFrom;
+
+    let sig = ed25519_dalek::Signature::try_from(signature.as_bytes());
+    sig.and_then(|sig| verifier.verify(msg, &sig)).is_ok()
 }
 
 pub fn get_time(abs: u64) -> Time {
diff --git a/testgen/src/vote.rs b/testgen/src/vote.rs
index b7d02234a..7d174cde3 100644
--- a/testgen/src/vote.rs
+++ b/testgen/src/vote.rs
@@ -5,7 +5,7 @@ use simple_error::*;
 use std::convert::TryFrom;
 use tendermint::{
     block::{self, parts::Header as PartSetHeader},
-    signature::{self, Signature, Signer, ED25519_SIGNATURE_SIZE},
+    signature::{Signature, Signer, ED25519_SIGNATURE_SIZE},
     vote,
     vote::ValidatorIndex,
 };
@@ -130,13 +130,12 @@ impl Generator<vote::Vote> for Vote {
             timestamp: Some(timestamp),
             validator_address: block_validator.address,
             validator_index: ValidatorIndex::try_from(validator_index as u32).unwrap(),
-            signature: Signature::Ed25519(try_with!(
-                signature::Ed25519Signature::try_from(&[0_u8; ED25519_SIGNATURE_SIZE][..]),
-                "failed to construct empty ed25519 signature"
-            )),
+            signature: Signature::new(vec![0_u8; ED25519_SIGNATURE_SIZE]),
         };
+
         let sign_bytes = get_vote_sign_bytes(block_header.chain_id, &vote);
-        vote.signature = signer.sign(sign_bytes.as_slice()).into();
+        vote.signature = Some(signer.sign(sign_bytes.as_slice()).into());
+
         Ok(vote)
     }
 }
@@ -183,12 +182,12 @@ mod tests {
         assert!(!verify_signature(
             &valset1[0].get_public_key().unwrap(),
             &sign_bytes,
-            &block_vote.signature
+            block_vote.signature.as_ref().unwrap()
         ));
         assert!(verify_signature(
             &valset1[1].get_public_key().unwrap(),
             &sign_bytes,
-            &block_vote.signature
+            block_vote.signature.as_ref().unwrap()
         ));
     }
 }

From 950e13fe4f2651db12b679f421f3527bfc9541a0 Mon Sep 17 00:00:00 2001
From: Romain Ruetschi <romain@informal.systems>
Date: Fri, 27 Aug 2021 14:56:33 +0200
Subject: [PATCH 4/7] Cleanup

---
 tendermint/Cargo.toml   | 2 --
 tendermint/src/error.rs | 4 ----
 2 files changed, 6 deletions(-)

diff --git a/tendermint/Cargo.toml b/tendermint/Cargo.toml
index 2e128d14c..bbb4b5991 100644
--- a/tendermint/Cargo.toml
+++ b/tendermint/Cargo.toml
@@ -72,6 +72,4 @@ std = [
 [dev-dependencies]
 pretty_assertions = "0.7.2"
 proptest = "0.10.1"
-rand = "0.8.4"
-rand_chacha = "0.3.1"
 tendermint-pbt-gen = { path = "../pbt-gen" }
diff --git a/tendermint/src/error.rs b/tendermint/src/error.rs
index ebb734801..5ee1b54bf 100644
--- a/tendermint/src/error.rs
+++ b/tendermint/src/error.rs
@@ -58,10 +58,6 @@ define_error! {
             { detail: String }
             |e| { format_args!("bad signature: {}", e.detail) },
 
-        SignatureMismatch
-            { detail: String }
-            |e| { format_args!("signature mismatch: {}", e.detail) },
-
         InvalidMessageType
             |_| { format_args!("invalid message type") },
 

From 04e02d50bac34874e6fc0175fc2e70972b520af7 Mon Sep 17 00:00:00 2001
From: Romain Ruetschi <romain@informal.systems>
Date: Fri, 27 Aug 2021 14:58:11 +0200
Subject: [PATCH 5/7] Fix warning when `secp256k1` feature is disabled

---
 tendermint/src/public_key.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tendermint/src/public_key.rs b/tendermint/src/public_key.rs
index 75f88510a..779f97137 100644
--- a/tendermint/src/public_key.rs
+++ b/tendermint/src/public_key.rs
@@ -110,6 +110,7 @@ impl PublicKey {
 
     /// Get Ed25519 public key
     pub fn ed25519(self) -> Option<Ed25519> {
+        #[allow(unreachable_patterns)]
         match self {
             PublicKey::Ed25519(pk) => Some(pk),
             _ => None,

From 6804579ad91857726e632f5356bac4df8807625b Mon Sep 17 00:00:00 2001
From: Romain Ruetschi <romain@informal.systems>
Date: Fri, 27 Aug 2021 14:59:40 +0200
Subject: [PATCH 6/7] Add .changelog entry

---
 .changelog/unreleased/features/939-secp256k1-signatures.md | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .changelog/unreleased/features/939-secp256k1-signatures.md

diff --git a/.changelog/unreleased/features/939-secp256k1-signatures.md b/.changelog/unreleased/features/939-secp256k1-signatures.md
new file mode 100644
index 000000000..8b3ea9795
--- /dev/null
+++ b/.changelog/unreleased/features/939-secp256k1-signatures.md
@@ -0,0 +1 @@
+- Add support for Secp256k1 signatures ([#939](https://github.com/informalsystems/tendermint-rs/issues/939))

From d294d9bec10e504544c95f6cc01ae7deacc17e2c Mon Sep 17 00:00:00 2001
From: Thane Thomson <thane@informal.systems>
Date: Wed, 1 Sep 2021 11:33:31 -0400
Subject: [PATCH 7/7] Updates to secp256k1 signature support (#964)

* Add fallible constructor for Signature to facilitate TryFrom<&[u8]>

Signed-off-by: Thane Thomson <connect@thanethomson.com>

* Add Ed25519 test vectors from RFC

Signed-off-by: Thane Thomson <connect@thanethomson.com>

* Add test vectors for secp256k1 signature validation

Signed-off-by: Thane Thomson <connect@thanethomson.com>
---
 tendermint/src/block/commit_sig.rs |   4 +-
 tendermint/src/proposal.rs         |   2 +-
 tendermint/src/public_key.rs       | 258 ++++++++++++++++++++++++++++-
 tendermint/src/signature.rs        |  37 ++++-
 tendermint/src/vote.rs             |   2 +-
 tendermint/src/vote/sign_vote.rs   |  11 +-
 testgen/src/vote.rs                |   3 +-
 7 files changed, 299 insertions(+), 18 deletions(-)

diff --git a/tendermint/src/block/commit_sig.rs b/tendermint/src/block/commit_sig.rs
index 24592c7f8..b3fe308f8 100644
--- a/tendermint/src/block/commit_sig.rs
+++ b/tendermint/src/block/commit_sig.rs
@@ -105,7 +105,7 @@ impl TryFrom<RawCommitSig> for CommitSig {
             return Ok(CommitSig::BlockIdFlagCommit {
                 validator_address: value.validator_address.try_into()?,
                 timestamp,
-                signature: Signature::new(value.signature),
+                signature: Signature::new(value.signature)?,
             });
         }
         if value.block_id_flag == BlockIdFlag::Nil.to_i32().unwrap() {
@@ -120,7 +120,7 @@ impl TryFrom<RawCommitSig> for CommitSig {
             return Ok(CommitSig::BlockIdFlagNil {
                 validator_address: value.validator_address.try_into()?,
                 timestamp: value.timestamp.ok_or_else(Error::missing_timestamp)?.into(),
-                signature: Signature::new(value.signature),
+                signature: Signature::new(value.signature)?,
             });
         }
         Err(Error::block_id_flag())
diff --git a/tendermint/src/proposal.rs b/tendermint/src/proposal.rs
index 807866043..c0984d46b 100644
--- a/tendermint/src/proposal.rs
+++ b/tendermint/src/proposal.rs
@@ -58,7 +58,7 @@ impl TryFrom<RawProposal> for Proposal {
             pol_round,
             block_id: value.block_id.map(TryInto::try_into).transpose()?,
             timestamp: value.timestamp.map(|t| t.into()),
-            signature: Signature::new(value.signature),
+            signature: Signature::new(value.signature)?,
         })
     }
 }
diff --git a/tendermint/src/public_key.rs b/tendermint/src/public_key.rs
index 779f97137..837a12ffa 100644
--- a/tendermint/src/public_key.rs
+++ b/tendermint/src/public_key.rs
@@ -375,7 +375,9 @@ where
 
 #[cfg(test)]
 mod tests {
-    use super::{PublicKey, TendermintKey};
+    use std::convert::TryFrom;
+
+    use super::{PublicKey, Signature, TendermintKey};
     use crate::public_key::PubKeyResponse;
     use subtle_encoding::hex;
     use tendermint_proto::Protobuf;
@@ -489,4 +491,258 @@ mod tests {
         assert_eq!(got, encoded);
         assert_eq!(PubKeyResponse::decode_vec(&encoded).unwrap(), msg);
     }
+
+    // From https://datatracker.ietf.org/doc/html/rfc8032#section-7.1
+    // Each test vector consists of: [public_key, message, signature].
+    const ED25519_TEST_VECTORS: &[&[&[u8]]] = &[
+        // Test 1
+        &[
+            &[
+                0xd7, 0x5a, 0x98, 0x01, 0x82, 0xb1, 0x0a, 0xb7, 0xd5, 0x4b, 0xfe, 0xd3, 0xc9, 0x64,
+                0x07, 0x3a, 0x0e, 0xe1, 0x72, 0xf3, 0xda, 0xa6, 0x23, 0x25, 0xaf, 0x02, 0x1a, 0x68,
+                0xf7, 0x07, 0x51, 0x1a,
+            ],
+            &[],
+            &[
+                0xe5, 0x56, 0x43, 0x00, 0xc3, 0x60, 0xac, 0x72, 0x90, 0x86, 0xe2, 0xcc, 0x80, 0x6e,
+                0x82, 0x8a, 0x84, 0x87, 0x7f, 0x1e, 0xb8, 0xe5, 0xd9, 0x74, 0xd8, 0x73, 0xe0, 0x65,
+                0x22, 0x49, 0x01, 0x55, 0x5f, 0xb8, 0x82, 0x15, 0x90, 0xa3, 0x3b, 0xac, 0xc6, 0x1e,
+                0x39, 0x70, 0x1c, 0xf9, 0xb4, 0x6b, 0xd2, 0x5b, 0xf5, 0xf0, 0x59, 0x5b, 0xbe, 0x24,
+                0x65, 0x51, 0x41, 0x43, 0x8e, 0x7a, 0x10, 0x0b,
+            ],
+        ],
+        // Test 2
+        &[
+            &[
+                0x3d, 0x40, 0x17, 0xc3, 0xe8, 0x43, 0x89, 0x5a, 0x92, 0xb7, 0x0a, 0xa7, 0x4d, 0x1b,
+                0x7e, 0xbc, 0x9c, 0x98, 0x2c, 0xcf, 0x2e, 0xc4, 0x96, 0x8c, 0xc0, 0xcd, 0x55, 0xf1,
+                0x2a, 0xf4, 0x66, 0x0c,
+            ],
+            &[0x72],
+            &[
+                0x92, 0xa0, 0x09, 0xa9, 0xf0, 0xd4, 0xca, 0xb8, 0x72, 0x0e, 0x82, 0x0b, 0x5f, 0x64,
+                0x25, 0x40, 0xa2, 0xb2, 0x7b, 0x54, 0x16, 0x50, 0x3f, 0x8f, 0xb3, 0x76, 0x22, 0x23,
+                0xeb, 0xdb, 0x69, 0xda, 0x08, 0x5a, 0xc1, 0xe4, 0x3e, 0x15, 0x99, 0x6e, 0x45, 0x8f,
+                0x36, 0x13, 0xd0, 0xf1, 0x1d, 0x8c, 0x38, 0x7b, 0x2e, 0xae, 0xb4, 0x30, 0x2a, 0xee,
+                0xb0, 0x0d, 0x29, 0x16, 0x12, 0xbb, 0x0c, 0x00,
+            ],
+        ],
+        // Test 3
+        &[
+            &[
+                0xfc, 0x51, 0xcd, 0x8e, 0x62, 0x18, 0xa1, 0xa3, 0x8d, 0xa4, 0x7e, 0xd0, 0x02, 0x30,
+                0xf0, 0x58, 0x08, 0x16, 0xed, 0x13, 0xba, 0x33, 0x03, 0xac, 0x5d, 0xeb, 0x91, 0x15,
+                0x48, 0x90, 0x80, 0x25,
+            ],
+            &[0xaf, 0x82],
+            &[
+                0x62, 0x91, 0xd6, 0x57, 0xde, 0xec, 0x24, 0x02, 0x48, 0x27, 0xe6, 0x9c, 0x3a, 0xbe,
+                0x01, 0xa3, 0x0c, 0xe5, 0x48, 0xa2, 0x84, 0x74, 0x3a, 0x44, 0x5e, 0x36, 0x80, 0xd7,
+                0xdb, 0x5a, 0xc3, 0xac, 0x18, 0xff, 0x9b, 0x53, 0x8d, 0x16, 0xf2, 0x90, 0xae, 0x67,
+                0xf7, 0x60, 0x98, 0x4d, 0xc6, 0x59, 0x4a, 0x7c, 0x15, 0xe9, 0x71, 0x6e, 0xd2, 0x8d,
+                0xc0, 0x27, 0xbe, 0xce, 0xea, 0x1e, 0xc4, 0x0a,
+            ],
+        ],
+        // Test 1024
+        &[
+            &[
+                0x27, 0x81, 0x17, 0xfc, 0x14, 0x4c, 0x72, 0x34, 0x0f, 0x67, 0xd0, 0xf2, 0x31, 0x6e,
+                0x83, 0x86, 0xce, 0xff, 0xbf, 0x2b, 0x24, 0x28, 0xc9, 0xc5, 0x1f, 0xef, 0x7c, 0x59,
+                0x7f, 0x1d, 0x42, 0x6e,
+            ],
+            &[
+                0x08, 0xb8, 0xb2, 0xb7, 0x33, 0x42, 0x42, 0x43, 0x76, 0x0f, 0xe4, 0x26, 0xa4, 0xb5,
+                0x49, 0x08, 0x63, 0x21, 0x10, 0xa6, 0x6c, 0x2f, 0x65, 0x91, 0xea, 0xbd, 0x33, 0x45,
+                0xe3, 0xe4, 0xeb, 0x98, 0xfa, 0x6e, 0x26, 0x4b, 0xf0, 0x9e, 0xfe, 0x12, 0xee, 0x50,
+                0xf8, 0xf5, 0x4e, 0x9f, 0x77, 0xb1, 0xe3, 0x55, 0xf6, 0xc5, 0x05, 0x44, 0xe2, 0x3f,
+                0xb1, 0x43, 0x3d, 0xdf, 0x73, 0xbe, 0x84, 0xd8, 0x79, 0xde, 0x7c, 0x00, 0x46, 0xdc,
+                0x49, 0x96, 0xd9, 0xe7, 0x73, 0xf4, 0xbc, 0x9e, 0xfe, 0x57, 0x38, 0x82, 0x9a, 0xdb,
+                0x26, 0xc8, 0x1b, 0x37, 0xc9, 0x3a, 0x1b, 0x27, 0x0b, 0x20, 0x32, 0x9d, 0x65, 0x86,
+                0x75, 0xfc, 0x6e, 0xa5, 0x34, 0xe0, 0x81, 0x0a, 0x44, 0x32, 0x82, 0x6b, 0xf5, 0x8c,
+                0x94, 0x1e, 0xfb, 0x65, 0xd5, 0x7a, 0x33, 0x8b, 0xbd, 0x2e, 0x26, 0x64, 0x0f, 0x89,
+                0xff, 0xbc, 0x1a, 0x85, 0x8e, 0xfc, 0xb8, 0x55, 0x0e, 0xe3, 0xa5, 0xe1, 0x99, 0x8b,
+                0xd1, 0x77, 0xe9, 0x3a, 0x73, 0x63, 0xc3, 0x44, 0xfe, 0x6b, 0x19, 0x9e, 0xe5, 0xd0,
+                0x2e, 0x82, 0xd5, 0x22, 0xc4, 0xfe, 0xba, 0x15, 0x45, 0x2f, 0x80, 0x28, 0x8a, 0x82,
+                0x1a, 0x57, 0x91, 0x16, 0xec, 0x6d, 0xad, 0x2b, 0x3b, 0x31, 0x0d, 0xa9, 0x03, 0x40,
+                0x1a, 0xa6, 0x21, 0x00, 0xab, 0x5d, 0x1a, 0x36, 0x55, 0x3e, 0x06, 0x20, 0x3b, 0x33,
+                0x89, 0x0c, 0xc9, 0xb8, 0x32, 0xf7, 0x9e, 0xf8, 0x05, 0x60, 0xcc, 0xb9, 0xa3, 0x9c,
+                0xe7, 0x67, 0x96, 0x7e, 0xd6, 0x28, 0xc6, 0xad, 0x57, 0x3c, 0xb1, 0x16, 0xdb, 0xef,
+                0xef, 0xd7, 0x54, 0x99, 0xda, 0x96, 0xbd, 0x68, 0xa8, 0xa9, 0x7b, 0x92, 0x8a, 0x8b,
+                0xbc, 0x10, 0x3b, 0x66, 0x21, 0xfc, 0xde, 0x2b, 0xec, 0xa1, 0x23, 0x1d, 0x20, 0x6b,
+                0xe6, 0xcd, 0x9e, 0xc7, 0xaf, 0xf6, 0xf6, 0xc9, 0x4f, 0xcd, 0x72, 0x04, 0xed, 0x34,
+                0x55, 0xc6, 0x8c, 0x83, 0xf4, 0xa4, 0x1d, 0xa4, 0xaf, 0x2b, 0x74, 0xef, 0x5c, 0x53,
+                0xf1, 0xd8, 0xac, 0x70, 0xbd, 0xcb, 0x7e, 0xd1, 0x85, 0xce, 0x81, 0xbd, 0x84, 0x35,
+                0x9d, 0x44, 0x25, 0x4d, 0x95, 0x62, 0x9e, 0x98, 0x55, 0xa9, 0x4a, 0x7c, 0x19, 0x58,
+                0xd1, 0xf8, 0xad, 0xa5, 0xd0, 0x53, 0x2e, 0xd8, 0xa5, 0xaa, 0x3f, 0xb2, 0xd1, 0x7b,
+                0xa7, 0x0e, 0xb6, 0x24, 0x8e, 0x59, 0x4e, 0x1a, 0x22, 0x97, 0xac, 0xbb, 0xb3, 0x9d,
+                0x50, 0x2f, 0x1a, 0x8c, 0x6e, 0xb6, 0xf1, 0xce, 0x22, 0xb3, 0xde, 0x1a, 0x1f, 0x40,
+                0xcc, 0x24, 0x55, 0x41, 0x19, 0xa8, 0x31, 0xa9, 0xaa, 0xd6, 0x07, 0x9c, 0xad, 0x88,
+                0x42, 0x5d, 0xe6, 0xbd, 0xe1, 0xa9, 0x18, 0x7e, 0xbb, 0x60, 0x92, 0xcf, 0x67, 0xbf,
+                0x2b, 0x13, 0xfd, 0x65, 0xf2, 0x70, 0x88, 0xd7, 0x8b, 0x7e, 0x88, 0x3c, 0x87, 0x59,
+                0xd2, 0xc4, 0xf5, 0xc6, 0x5a, 0xdb, 0x75, 0x53, 0x87, 0x8a, 0xd5, 0x75, 0xf9, 0xfa,
+                0xd8, 0x78, 0xe8, 0x0a, 0x0c, 0x9b, 0xa6, 0x3b, 0xcb, 0xcc, 0x27, 0x32, 0xe6, 0x94,
+                0x85, 0xbb, 0xc9, 0xc9, 0x0b, 0xfb, 0xd6, 0x24, 0x81, 0xd9, 0x08, 0x9b, 0xec, 0xcf,
+                0x80, 0xcf, 0xe2, 0xdf, 0x16, 0xa2, 0xcf, 0x65, 0xbd, 0x92, 0xdd, 0x59, 0x7b, 0x07,
+                0x07, 0xe0, 0x91, 0x7a, 0xf4, 0x8b, 0xbb, 0x75, 0xfe, 0xd4, 0x13, 0xd2, 0x38, 0xf5,
+                0x55, 0x5a, 0x7a, 0x56, 0x9d, 0x80, 0xc3, 0x41, 0x4a, 0x8d, 0x08, 0x59, 0xdc, 0x65,
+                0xa4, 0x61, 0x28, 0xba, 0xb2, 0x7a, 0xf8, 0x7a, 0x71, 0x31, 0x4f, 0x31, 0x8c, 0x78,
+                0x2b, 0x23, 0xeb, 0xfe, 0x80, 0x8b, 0x82, 0xb0, 0xce, 0x26, 0x40, 0x1d, 0x2e, 0x22,
+                0xf0, 0x4d, 0x83, 0xd1, 0x25, 0x5d, 0xc5, 0x1a, 0xdd, 0xd3, 0xb7, 0x5a, 0x2b, 0x1a,
+                0xe0, 0x78, 0x45, 0x04, 0xdf, 0x54, 0x3a, 0xf8, 0x96, 0x9b, 0xe3, 0xea, 0x70, 0x82,
+                0xff, 0x7f, 0xc9, 0x88, 0x8c, 0x14, 0x4d, 0xa2, 0xaf, 0x58, 0x42, 0x9e, 0xc9, 0x60,
+                0x31, 0xdb, 0xca, 0xd3, 0xda, 0xd9, 0xaf, 0x0d, 0xcb, 0xaa, 0xaf, 0x26, 0x8c, 0xb8,
+                0xfc, 0xff, 0xea, 0xd9, 0x4f, 0x3c, 0x7c, 0xa4, 0x95, 0xe0, 0x56, 0xa9, 0xb4, 0x7a,
+                0xcd, 0xb7, 0x51, 0xfb, 0x73, 0xe6, 0x66, 0xc6, 0xc6, 0x55, 0xad, 0xe8, 0x29, 0x72,
+                0x97, 0xd0, 0x7a, 0xd1, 0xba, 0x5e, 0x43, 0xf1, 0xbc, 0xa3, 0x23, 0x01, 0x65, 0x13,
+                0x39, 0xe2, 0x29, 0x04, 0xcc, 0x8c, 0x42, 0xf5, 0x8c, 0x30, 0xc0, 0x4a, 0xaf, 0xdb,
+                0x03, 0x8d, 0xda, 0x08, 0x47, 0xdd, 0x98, 0x8d, 0xcd, 0xa6, 0xf3, 0xbf, 0xd1, 0x5c,
+                0x4b, 0x4c, 0x45, 0x25, 0x00, 0x4a, 0xa0, 0x6e, 0xef, 0xf8, 0xca, 0x61, 0x78, 0x3a,
+                0xac, 0xec, 0x57, 0xfb, 0x3d, 0x1f, 0x92, 0xb0, 0xfe, 0x2f, 0xd1, 0xa8, 0x5f, 0x67,
+                0x24, 0x51, 0x7b, 0x65, 0xe6, 0x14, 0xad, 0x68, 0x08, 0xd6, 0xf6, 0xee, 0x34, 0xdf,
+                0xf7, 0x31, 0x0f, 0xdc, 0x82, 0xae, 0xbf, 0xd9, 0x04, 0xb0, 0x1e, 0x1d, 0xc5, 0x4b,
+                0x29, 0x27, 0x09, 0x4b, 0x2d, 0xb6, 0x8d, 0x6f, 0x90, 0x3b, 0x68, 0x40, 0x1a, 0xde,
+                0xbf, 0x5a, 0x7e, 0x08, 0xd7, 0x8f, 0xf4, 0xef, 0x5d, 0x63, 0x65, 0x3a, 0x65, 0x04,
+                0x0c, 0xf9, 0xbf, 0xd4, 0xac, 0xa7, 0x98, 0x4a, 0x74, 0xd3, 0x71, 0x45, 0x98, 0x67,
+                0x80, 0xfc, 0x0b, 0x16, 0xac, 0x45, 0x16, 0x49, 0xde, 0x61, 0x88, 0xa7, 0xdb, 0xdf,
+                0x19, 0x1f, 0x64, 0xb5, 0xfc, 0x5e, 0x2a, 0xb4, 0x7b, 0x57, 0xf7, 0xf7, 0x27, 0x6c,
+                0xd4, 0x19, 0xc1, 0x7a, 0x3c, 0xa8, 0xe1, 0xb9, 0x39, 0xae, 0x49, 0xe4, 0x88, 0xac,
+                0xba, 0x6b, 0x96, 0x56, 0x10, 0xb5, 0x48, 0x01, 0x09, 0xc8, 0xb1, 0x7b, 0x80, 0xe1,
+                0xb7, 0xb7, 0x50, 0xdf, 0xc7, 0x59, 0x8d, 0x5d, 0x50, 0x11, 0xfd, 0x2d, 0xcc, 0x56,
+                0x00, 0xa3, 0x2e, 0xf5, 0xb5, 0x2a, 0x1e, 0xcc, 0x82, 0x0e, 0x30, 0x8a, 0xa3, 0x42,
+                0x72, 0x1a, 0xac, 0x09, 0x43, 0xbf, 0x66, 0x86, 0xb6, 0x4b, 0x25, 0x79, 0x37, 0x65,
+                0x04, 0xcc, 0xc4, 0x93, 0xd9, 0x7e, 0x6a, 0xed, 0x3f, 0xb0, 0xf9, 0xcd, 0x71, 0xa4,
+                0x3d, 0xd4, 0x97, 0xf0, 0x1f, 0x17, 0xc0, 0xe2, 0xcb, 0x37, 0x97, 0xaa, 0x2a, 0x2f,
+                0x25, 0x66, 0x56, 0x16, 0x8e, 0x6c, 0x49, 0x6a, 0xfc, 0x5f, 0xb9, 0x32, 0x46, 0xf6,
+                0xb1, 0x11, 0x63, 0x98, 0xa3, 0x46, 0xf1, 0xa6, 0x41, 0xf3, 0xb0, 0x41, 0xe9, 0x89,
+                0xf7, 0x91, 0x4f, 0x90, 0xcc, 0x2c, 0x7f, 0xff, 0x35, 0x78, 0x76, 0xe5, 0x06, 0xb5,
+                0x0d, 0x33, 0x4b, 0xa7, 0x7c, 0x22, 0x5b, 0xc3, 0x07, 0xba, 0x53, 0x71, 0x52, 0xf3,
+                0xf1, 0x61, 0x0e, 0x4e, 0xaf, 0xe5, 0x95, 0xf6, 0xd9, 0xd9, 0x0d, 0x11, 0xfa, 0xa9,
+                0x33, 0xa1, 0x5e, 0xf1, 0x36, 0x95, 0x46, 0x86, 0x8a, 0x7f, 0x3a, 0x45, 0xa9, 0x67,
+                0x68, 0xd4, 0x0f, 0xd9, 0xd0, 0x34, 0x12, 0xc0, 0x91, 0xc6, 0x31, 0x5c, 0xf4, 0xfd,
+                0xe7, 0xcb, 0x68, 0x60, 0x69, 0x37, 0x38, 0x0d, 0xb2, 0xea, 0xaa, 0x70, 0x7b, 0x4c,
+                0x41, 0x85, 0xc3, 0x2e, 0xdd, 0xcd, 0xd3, 0x06, 0x70, 0x5e, 0x4d, 0xc1, 0xff, 0xc8,
+                0x72, 0xee, 0xee, 0x47, 0x5a, 0x64, 0xdf, 0xac, 0x86, 0xab, 0xa4, 0x1c, 0x06, 0x18,
+                0x98, 0x3f, 0x87, 0x41, 0xc5, 0xef, 0x68, 0xd3, 0xa1, 0x01, 0xe8, 0xa3, 0xb8, 0xca,
+                0xc6, 0x0c, 0x90, 0x5c, 0x15, 0xfc, 0x91, 0x08, 0x40, 0xb9, 0x4c, 0x00, 0xa0, 0xb9,
+                0xd0,
+            ],
+            &[
+                0x0a, 0xab, 0x4c, 0x90, 0x05, 0x01, 0xb3, 0xe2, 0x4d, 0x7c, 0xdf, 0x46, 0x63, 0x32,
+                0x6a, 0x3a, 0x87, 0xdf, 0x5e, 0x48, 0x43, 0xb2, 0xcb, 0xdb, 0x67, 0xcb, 0xf6, 0xe4,
+                0x60, 0xfe, 0xc3, 0x50, 0xaa, 0x53, 0x71, 0xb1, 0x50, 0x8f, 0x9f, 0x45, 0x28, 0xec,
+                0xea, 0x23, 0xc4, 0x36, 0xd9, 0x4b, 0x5e, 0x8f, 0xcd, 0x4f, 0x68, 0x1e, 0x30, 0xa6,
+                0xac, 0x00, 0xa9, 0x70, 0x4a, 0x18, 0x8a, 0x03,
+            ],
+        ],
+    ];
+
+    #[test]
+    fn ed25519_test_vectors() {
+        for (i, v) in ED25519_TEST_VECTORS.iter().enumerate() {
+            let public_key = v[0];
+            let msg = v[1];
+            let sig = v[2];
+
+            let public_key = PublicKey::from_raw_ed25519(public_key).unwrap();
+            match public_key {
+                PublicKey::Ed25519(_) => {}
+                #[cfg(feature = "secp256k1")]
+                _ => panic!("expected public key to be Ed25519: {:?}", public_key),
+            }
+            let sig = Signature::try_from(sig).unwrap();
+            public_key
+                .verify(msg, &sig)
+                .unwrap_or_else(|_| panic!("signature should be valid for test vector {}", i));
+        }
+    }
+
+    // Arbitrary "valid" tests taken from
+    // https://github.com/google/wycheproof/blob/2196000605e45d91097147c9c71f26b72af58003/testvectors/ecdsa_secp256k1_sha256_test.json
+    //
+    // Each test vector consists of: [public_key, message, signature].
+    //
+    // NB: It appears as though all signatures in this test suite are
+    // DER-encoded.
+    #[cfg(feature = "secp256k1")]
+    const SECP256K1_TEST_VECTORS: &[&[&[u8]]] = &[
+        // tcId 3
+        &[
+            &[
+                0x04, 0xb8, 0x38, 0xff, 0x44, 0xe5, 0xbc, 0x17, 0x7b, 0xf2, 0x11, 0x89, 0xd0, 0x76,
+                0x60, 0x82, 0xfc, 0x9d, 0x84, 0x32, 0x26, 0x88, 0x7f, 0xc9, 0x76, 0x03, 0x71, 0x10,
+                0x0b, 0x7e, 0xe2, 0x0a, 0x6f, 0xf0, 0xc9, 0xd7, 0x5b, 0xfb, 0xa7, 0xb3, 0x1a, 0x6b,
+                0xca, 0x19, 0x74, 0x49, 0x6e, 0xeb, 0x56, 0xde, 0x35, 0x70, 0x71, 0x95, 0x5d, 0x83,
+                0xc4, 0xb1, 0xba, 0xda, 0xa0, 0xb2, 0x18, 0x32, 0xe9,
+            ],
+            &[0x31, 0x32, 0x33, 0x34, 0x30, 0x30],
+            &[
+                0x30, 0x45, 0x02, 0x21, 0x00, 0x81, 0x3e, 0xf7, 0x9c, 0xce, 0xfa, 0x9a, 0x56, 0xf7,
+                0xba, 0x80, 0x5f, 0x0e, 0x47, 0x85, 0x84, 0xfe, 0x5f, 0x0d, 0xd5, 0xf5, 0x67, 0xbc,
+                0x09, 0xb5, 0x12, 0x3c, 0xcb, 0xc9, 0x83, 0x23, 0x65, 0x02, 0x20, 0x6f, 0xf1, 0x8a,
+                0x52, 0xdc, 0xc0, 0x33, 0x6f, 0x7a, 0xf6, 0x24, 0x00, 0xa6, 0xdd, 0x9b, 0x81, 0x07,
+                0x32, 0xba, 0xf1, 0xff, 0x75, 0x80, 0x00, 0xd6, 0xf6, 0x13, 0xa5, 0x56, 0xeb, 0x31,
+                0xba,
+            ],
+        ],
+        // tcId 230
+        &[
+            &[
+                0x04, 0xb8, 0x38, 0xff, 0x44, 0xe5, 0xbc, 0x17, 0x7b, 0xf2, 0x11, 0x89, 0xd0, 0x76,
+                0x60, 0x82, 0xfc, 0x9d, 0x84, 0x32, 0x26, 0x88, 0x7f, 0xc9, 0x76, 0x03, 0x71, 0x10,
+                0x0b, 0x7e, 0xe2, 0x0a, 0x6f, 0xf0, 0xc9, 0xd7, 0x5b, 0xfb, 0xa7, 0xb3, 0x1a, 0x6b,
+                0xca, 0x19, 0x74, 0x49, 0x6e, 0xeb, 0x56, 0xde, 0x35, 0x70, 0x71, 0x95, 0x5d, 0x83,
+                0xc4, 0xb1, 0xba, 0xda, 0xa0, 0xb2, 0x18, 0x32, 0xe9,
+            ],
+            &[0x32, 0x35, 0x35, 0x38, 0x35],
+            &[
+                0x30, 0x45, 0x02, 0x21, 0x00, 0xdd, 0x1b, 0x7d, 0x09, 0xa7, 0xbd, 0x82, 0x18, 0x96,
+                0x10, 0x34, 0xa3, 0x9a, 0x87, 0xfe, 0xcf, 0x53, 0x14, 0xf0, 0x0c, 0x4d, 0x25, 0xeb,
+                0x58, 0xa0, 0x7a, 0xc8, 0x5e, 0x85, 0xea, 0xb5, 0x16, 0x02, 0x20, 0x35, 0x13, 0x8c,
+                0x40, 0x1e, 0xf8, 0xd3, 0x49, 0x3d, 0x65, 0xc9, 0x00, 0x2f, 0xe6, 0x2b, 0x43, 0xae,
+                0xe5, 0x68, 0x73, 0x1b, 0x74, 0x45, 0x48, 0x35, 0x89, 0x96, 0xd9, 0xcc, 0x42, 0x7e,
+                0x06,
+            ],
+        ],
+        // tcId 231
+        &[
+            &[
+                0x04, 0xb8, 0x38, 0xff, 0x44, 0xe5, 0xbc, 0x17, 0x7b, 0xf2, 0x11, 0x89, 0xd0, 0x76,
+                0x60, 0x82, 0xfc, 0x9d, 0x84, 0x32, 0x26, 0x88, 0x7f, 0xc9, 0x76, 0x03, 0x71, 0x10,
+                0x0b, 0x7e, 0xe2, 0x0a, 0x6f, 0xf0, 0xc9, 0xd7, 0x5b, 0xfb, 0xa7, 0xb3, 0x1a, 0x6b,
+                0xca, 0x19, 0x74, 0x49, 0x6e, 0xeb, 0x56, 0xde, 0x35, 0x70, 0x71, 0x95, 0x5d, 0x83,
+                0xc4, 0xb1, 0xba, 0xda, 0xa0, 0xb2, 0x18, 0x32, 0xe9,
+            ],
+            &[0x34, 0x32, 0x36, 0x34, 0x37, 0x39, 0x37, 0x32, 0x34],
+            &[
+                0x30, 0x45, 0x02, 0x21, 0x00, 0x95, 0xc2, 0x92, 0x67, 0xd9, 0x72, 0xa0, 0x43, 0xd9,
+                0x55, 0x22, 0x45, 0x46, 0x22, 0x2b, 0xba, 0x34, 0x3f, 0xc1, 0xd4, 0xdb, 0x0f, 0xec,
+                0x26, 0x2a, 0x33, 0xac, 0x61, 0x30, 0x56, 0x96, 0xae, 0x02, 0x20, 0x6e, 0xdf, 0xe9,
+                0x67, 0x13, 0xae, 0xd5, 0x6f, 0x8a, 0x28, 0xa6, 0x65, 0x3f, 0x57, 0xe0, 0xb8, 0x29,
+                0x71, 0x2e, 0x5e, 0xdd, 0xc6, 0x7f, 0x34, 0x68, 0x2b, 0x24, 0xf0, 0x67, 0x6b, 0x26,
+                0x40,
+            ],
+        ],
+    ];
+
+    #[cfg(feature = "secp256k1")]
+    #[test]
+    fn secp256k1_test_vectors() {
+        for (i, v) in SECP256K1_TEST_VECTORS.iter().enumerate() {
+            let public_key = v[0];
+            let msg = v[1];
+            let sig = v[2];
+
+            let public_key = PublicKey::from_raw_secp256k1(public_key).unwrap();
+            match public_key {
+                PublicKey::Secp256k1(_) => {}
+                _ => panic!("expected public key to be secp256k1: {:?}", public_key),
+            }
+            let der_sig = k256::ecdsa::Signature::from_der(sig).unwrap();
+            let sig = der_sig.as_ref();
+            let sig = Signature::try_from(sig).unwrap();
+            public_key
+                .verify(msg, &sig)
+                .unwrap_or_else(|_| panic!("signature should be valid for test vector {}", i));
+        }
+    }
 }
diff --git a/tendermint/src/signature.rs b/tendermint/src/signature.rs
index 9ba88113c..796d0705e 100644
--- a/tendermint/src/signature.rs
+++ b/tendermint/src/signature.rs
@@ -11,6 +11,9 @@ use tendermint_proto::Protobuf;
 
 use crate::error::Error;
 
+/// The expected length of all currently supported signatures, in bytes.
+pub const SIGNATURE_LENGTH: usize = 64;
+
 /// Signatures
 #[derive(Clone, Debug, PartialEq)]
 pub struct Signature(Vec<u8>);
@@ -21,11 +24,15 @@ impl TryFrom<Vec<u8>> for Signature {
     type Error = Error;
 
     fn try_from(bytes: Vec<u8>) -> Result<Self, Self::Error> {
-        if bytes.is_empty() {
-            return Err(Error::empty_signature());
-        }
+        Self::new_non_empty(bytes)
+    }
+}
 
-        Ok(Self(bytes))
+impl TryFrom<&[u8]> for Signature {
+    type Error = Error;
+
+    fn try_from(bytes: &[u8]) -> Result<Self, Self::Error> {
+        Self::new_non_empty(bytes)
     }
 }
 
@@ -37,12 +44,26 @@ impl From<Signature> for Vec<u8> {
 
 impl Signature {
     /// Create a new signature from the given byte array, if non-empty.
-    pub fn new(bytes: Vec<u8>) -> Option<Self> {
+    ///
+    /// If the given byte array is empty, returns `Ok(None)`.
+    pub fn new<B: AsRef<[u8]>>(bytes: B) -> Result<Option<Self>, Error> {
+        let bytes = bytes.as_ref();
         if bytes.is_empty() {
-            None
-        } else {
-            Some(Self(bytes))
+            return Ok(None);
+        }
+        if bytes.len() != SIGNATURE_LENGTH {
+            return Err(Error::signature_invalid(format!(
+                "expected signature to be {} bytes long, but was {} bytes",
+                SIGNATURE_LENGTH,
+                bytes.len()
+            )));
         }
+
+        Ok(Some(Self(bytes.to_vec())))
+    }
+
+    fn new_non_empty<B: AsRef<[u8]>>(bytes: B) -> Result<Self, Error> {
+        Self::new(bytes)?.ok_or_else(Error::empty_signature)
     }
 
     /// Return a reference to the underlying byte array
diff --git a/tendermint/src/vote.rs b/tendermint/src/vote.rs
index 3fbbbb991..d2672c7c3 100644
--- a/tendermint/src/vote.rs
+++ b/tendermint/src/vote.rs
@@ -82,7 +82,7 @@ impl TryFrom<RawVote> for Vote {
             timestamp: value.timestamp.map(|t| t.into()),
             validator_address: value.validator_address.try_into()?,
             validator_index: value.validator_index.try_into()?,
-            signature: Signature::new(value.signature),
+            signature: Signature::new(value.signature)?,
         })
     }
 }
diff --git a/tendermint/src/vote/sign_vote.rs b/tendermint/src/vote/sign_vote.rs
index 0ffccd1c1..a954f2bb1 100644
--- a/tendermint/src/vote/sign_vote.rs
+++ b/tendermint/src/vote/sign_vote.rs
@@ -133,7 +133,8 @@ mod tests {
                 100, 211, 10, 24, 174, 179, 117, 41, 65, 141, 134, 149, 239, 65, 174, 217, 42, 6,
                 184, 112, 17, 7, 97, 255, 221, 252, 16, 60, 144, 30, 212, 167, 39, 67, 35, 118,
                 192, 133, 130, 193, 115, 32, 206, 152, 91, 173, 10,
-            ]),
+            ])
+            .unwrap(),
         };
 
         let mut got = vec![];
@@ -218,7 +219,8 @@ mod tests {
                 100, 211, 10, 24, 174, 179, 117, 41, 65, 141, 134, 149, 239, 65, 174, 217, 42, 6,
                 184, 112, 17, 7, 97, 255, 221, 252, 16, 60, 144, 30, 212, 167, 39, 67, 35, 118,
                 192, 133, 130, 193, 115, 32, 206, 152, 91, 173, 10,
-            ]),
+            ])
+            .unwrap(),
         };
 
         let request = SignVoteRequest {
@@ -367,7 +369,8 @@ mod tests {
                 100, 211, 10, 24, 174, 179, 117, 41, 65, 141, 134, 149, 239, 65, 174, 217, 42, 6,
                 184, 112, 17, 7, 97, 255, 221, 252, 16, 60, 144, 30, 212, 167, 39, 67, 35, 118,
                 192, 133, 130, 193, 115, 32, 206, 152, 91, 173, 10,
-            ]),
+            ])
+            .unwrap(),
         };
         let got = vote.encode_vec().unwrap();
         let v = Vote::decode_vec(&got).unwrap();
@@ -423,7 +426,7 @@ mod tests {
                 )
                 .unwrap(),
             }),
-            signature: Signature::new(vec![1; ED25519_SIGNATURE_SIZE]),
+            signature: Signature::new(vec![1; ED25519_SIGNATURE_SIZE]).unwrap(),
         };
         let want = SignVoteRequest {
             vote,
diff --git a/testgen/src/vote.rs b/testgen/src/vote.rs
index 7d174cde3..1c2a3add3 100644
--- a/testgen/src/vote.rs
+++ b/testgen/src/vote.rs
@@ -130,7 +130,8 @@ impl Generator<vote::Vote> for Vote {
             timestamp: Some(timestamp),
             validator_address: block_validator.address,
             validator_index: ValidatorIndex::try_from(validator_index as u32).unwrap(),
-            signature: Signature::new(vec![0_u8; ED25519_SIGNATURE_SIZE]),
+            signature: Signature::new(vec![0_u8; ED25519_SIGNATURE_SIZE])
+                .map_err(|e| SimpleError::new(e.to_string()))?,
         };
 
         let sign_bytes = get_vote_sign_bytes(block_header.chain_id, &vote);