fix: ecdsa sign would return r as a BN.js instance

[r4mmer]

Description

The Q.x would return a BN without bitcore-lib's methods, this is avoided by calling getX instead which converts to the appropriate instance.

[kajoseph]

Q.x is an instance of ./bn.js since ./bn.js is a monkey patch of the dependency bn.js. At the point of your change Q.x instanceof BN is true and has the monkey patched methods on it. What's your usage?

[r4mmer]

Hi @kajoseph ! Sorry for the delayed response.
We use bitcore-lib on a react-native environment and we also need some node apis so we use rn-nodeify for the patches.

The actual issue is a bit complicated, but we use the message sign to validate that the owner of the private key is sending the message.

The validation of the signed message would fail, we tracked the issue to this line this.r.toBuffer({ size: 32 }) since the buffer returned here was not 32 bytes long, after some investigation we saw that it is because r = Q.x.umod(N); is actually a bn.js instance and not a ./bn.js instance.

The actual issue is that the BN.toBuffer ignores the size argument as you can see below.

This makes the verify method fail since it tries to read exactly 32 bytes for the r and s.