rfc6979: Add leading zeros if `r` or `s` has less than 32 bytes

SignECDSA function returns two coordinates on elliptic curve. Catenation of these coordinates is a 64 byte signature. If one of these coordinates have less than 32 significant bytes, then it should have leading zeros.
2020-03-01 16:50:38 +03:00 · 2020-03-01 16:50:38 +03:00 · 1461d7a248
parent 5ba9a8ffc6
commit 1461d7a248
1 changed files with 12 additions and 1 deletions
--- a/rfc6979.go
+++ b/rfc6979.go
@ -38,7 +38,18 @@ func SignRFC6979(key *ecdsa.PrivateKey, msg []byte) ([]byte, error) {
 		return nil, ErrEmptyPrivateKey
 	}
 	r, s := rfc6979.SignECDSA(key, hashBytesRFC6979(msg), sha256.New)
-	return append(r.Bytes(), s.Bytes()...), nil
+	rBytes, sBytes := r.Bytes(), s.Bytes()
+	signature := make([]byte, RFC6979SignatureSize)
+
+	// if `r` has less than 32 bytes, add leading zeros
+	ind := RFC6979SignatureSize/2 - len(rBytes)
+	copy(signature[ind:], rBytes)
+
+	// if `s` has less than 32 bytes, add leading zeros
+	ind = RFC6979SignatureSize - len(sBytes)
+	copy(signature[ind:], sBytes)
+
+	return signature, nil
 }

 func decodeSignature(sig []byte) (*big.Int, *big.Int, error) {