From 1461d7a248e720e6b078fa7f1d6df7e11eec68e1 Mon Sep 17 00:00:00 2001
From: alexvanin <alexvanin@icloud.com>
Date: Sun, 1 Mar 2020 16:50:38 +0300
Subject: [PATCH] rfc6979: Add leading zeros if `r` or `s` has less than 32
 bytes

SignECDSA function returns two coordinates on elliptic curve.
Catenation of these coordinates is a 64 byte signature. If
one of these coordinates have less than 32 significant bytes, then
it should have leading zeros.
---
 rfc6979.go | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/rfc6979.go b/rfc6979.go
index 007198a..42f6469 100644
--- a/rfc6979.go
+++ b/rfc6979.go
@@ -38,7 +38,18 @@ func SignRFC6979(key *ecdsa.PrivateKey, msg []byte) ([]byte, error) {
 		return nil, ErrEmptyPrivateKey
 	}
 	r, s := rfc6979.SignECDSA(key, hashBytesRFC6979(msg), sha256.New)
-	return append(r.Bytes(), s.Bytes()...), nil
+	rBytes, sBytes := r.Bytes(), s.Bytes()
+	signature := make([]byte, RFC6979SignatureSize)
+
+	// if `r` has less than 32 bytes, add leading zeros
+	ind := RFC6979SignatureSize/2 - len(rBytes)
+	copy(signature[ind:], rBytes)
+
+	// if `s` has less than 32 bytes, add leading zeros
+	ind = RFC6979SignatureSize - len(sBytes)
+	copy(signature[ind:], sBytes)
+
+	return signature, nil
 }
 
 func decodeSignature(sig []byte) (*big.Int, *big.Int, error) {