fix: der2raw sLength is s byte length (#634)

Raw signature (also see ISO/IEC 7816-8 / IEEE P1363)
are the static size concatenation of the r and s value.
These values MUST be 0 padded to the correct length.

This fixes the occasional `Invalid Signature` in browsers.
This impacts ~1% of messages.
These messages are valid and can now be decrypted.

Author: seebees

modules/integration-browser/src/testDecryptFixture.ts

@@ -37,14 +37,6 @@ export const bitFlippedDerTagsVectors = [
   'f673bdf3-40a8-4551-bc7f-866b289e4d03', // Bit 3370 flipped
 ]
 
-// The signatures on these messages fail to verify due to
-// a known but yet to be fully diagnosed browser-specific issue.
-// The error message is `Error: Invalid Signature`
-export const unverifiableSignatureVectors = [
-  '2ad4430c-1b2e-46b3-a71d-a8e458f28a69',
-  'e3b4ce89-a5f4-4194-9bc5-2984cf1d2a88',
-]
-
 /*The contract for the two test*DecryptFixture methods:
  * If the decryption is NOT supported,
  *  FAILED with err.message in notSupportedDecryptMessages
@@ -164,10 +156,7 @@ export function evaluateTestResultIgnoreUnsupported(
   { err, name, result }: TestVectorResult,
   _expect: (x: any) => any
 ): void {
-  if (
-    bitFlippedDerTagsVectors.includes(name) ||
-    unverifiableSignatureVectors.includes(name)
-  ) {
+  if (bitFlippedDerTagsVectors.includes(name)) {
     return _expect(result).toEqual(false)
   }
   if (err && err['message']) {

modules/serialize/src/ecdsa_signature.ts

@@ -52,7 +52,7 @@ export function der2raw(
   )
 
   const rLength = r.byteLength()
-  const sLength = r.byteLength()
+  const sLength = s.byteLength()
 
   return concatBuffers(
     new Uint8Array(_keyLengthBytes - rLength),