signMessage() sometimes returns signature string of invalid length

[johnzweng]

Hi!

I found a small bug in the message signing library:

Background:

As defined by BIP 137 (and originally in the Satoshi client, now known as Bitcoin Core) the signature for a Bitcoin signed message always must be exactly 65 bytes long:

• 1 byte header, containing the recId
• 32 byte r-value
• 32 byte s-value

Bug:

The signMessage() method sometimes returns a signature shorter then 65 bytes (which renders the signature invalid).

Reason:

• The signature (consisting of r and s) is calculated correctly
• But when encoding the signature here in signature.dart the two values r and s are encoded as hexadecimal Strings, using the method bigIntToHex(..) which might return Strings shorter than 32 bytes, whenever the hexadecimal representation of r or s has 2 or more leading zeros (i.e. whenever one of the numbers is shorter then 249 bits).

--> The resulting signature is then invalid, as by definition r and s MUST BE encoded as 32 byte values (as there is no field delimiter between the 2 values, there is no other way to tell where r ends and s begins.

Solution:

• In signature.dart, when ecoding the signature here take care that the values are always encoded in 32 bytes (even if that means that leading zeros must be added).

[daskleinesys]

Thanks for reporting, fixed

[johnzweng]

Thanks a lot for the quick fix! 🙂 💪

[Fichte42]

Nice catch!