Merge pull request #11 from nspcc-dev/fix/31-bytes-r-s

Add leading zeros if `r` or `s` has less than 32 bytes
2020-03-02 13:46:38 +03:00 · 2020-03-02 13:46:38 +03:00 · ea3b6d784b
commit ea3b6d784b
parent 5ba9a8ffc6 c1e43f8727
2 changed files with 33 additions and 1 deletions
--- a/rfc6979.go
+++ b/rfc6979.go
@ -38,7 +38,18 @@ func SignRFC6979(key *ecdsa.PrivateKey, msg []byte) ([]byte, error) {
 		return nil, ErrEmptyPrivateKey
 	}
 	r, s := rfc6979.SignECDSA(key, hashBytesRFC6979(msg), sha256.New)
-	return append(r.Bytes(), s.Bytes()...), nil
+	rBytes, sBytes := r.Bytes(), s.Bytes()
+	signature := make([]byte, RFC6979SignatureSize)
+
+	// if `r` has less than 32 bytes, add leading zeros
+	ind := RFC6979SignatureSize/2 - len(rBytes)
+	copy(signature[ind:], rBytes)
+
+	// if `s` has less than 32 bytes, add leading zeros
+	ind = RFC6979SignatureSize - len(sBytes)
+	copy(signature[ind:], sBytes)
+
+	return signature, nil
 }

 func decodeSignature(sig []byte) (*big.Int, *big.Int, error) {
--- a/rfc6979_test.go
+++ b/rfc6979_test.go
@ -4,6 +4,7 @@ import (
 	"encoding/hex"
 	"testing"

+	"github.com/nspcc-dev/neofs-crypto/test"
 	"github.com/stretchr/testify/require"
 )

@ -83,3 +84,23 @@ func TestRFC6979(t *testing.T) {
 		}
 	}
 }
+
+func TestRFC6979_ShortDecodePoints(t *testing.T) {
+	key := test.DecodeKey(1)
+
+	msgs := []string{
+		"6341922933e156ea5a53b8ea3fa4a80c", // this msg has 31 byte `s` point
+		"61b863d81f72e0e0d0353b1cb90d62ce", // this msg has 31 byte 'r' point
+	}
+
+	for i := range msgs {
+		msg, err := hex.DecodeString(msgs[i])
+		require.NoError(t, err)
+
+		signature, err := SignRFC6979(key, msg)
+		require.NoError(t, err, msgs[i])
+
+		err = VerifyRFC6979(&key.PublicKey, msg, signature)
+		require.NoError(t, err, msgs[i])
+	}
+}