Now hello has a half of a nonce is being generated. A crypt_hello_get_nonce() func was introduced to make a full-length nonce.

src/crypt.c

@@ -113,6 +113,8 @@ unsigned char *crypt_hello(const crypt_key_t *const own) {
         return NULL;
     }
 
+    randombytes_buf(hello+CRYPT_PKEY_HEXLEN+CRYPT_SIGN_LEN, CRYPT_NONCEHALF_LEN);
+
     return hello;
 }
 
@@ -120,7 +122,26 @@ int crypt_hello_verify(const unsigned char *const hello, crypt_key_t *const remo
     if (crypt_key_from_hex_public(remote, (const char *const)hello) < 0)
         return -1;
 
-    return crypto_sign_verify_detached(hello+CRYPT_PKEY_HEXLEN, (const unsigned char *const)hello, CRYPT_PKEY_HEXLEN, remote->sign_pub);
+    if (crypto_sign_verify_detached(hello+CRYPT_PKEY_HEXLEN, (const unsigned char *const)hello, CRYPT_PKEY_HEXLEN, remote->sign_pub))
+        return -1;
+
+    return 0;
+}
+
+const unsigned char *crypt_hello_get_nonce(const unsigned char *const own_hello, const unsigned char *const remote_hello, const bool is_client) {
+    unsigned char *nonce = (unsigned char *)malloc(CRYPT_NONCE_LEN * sizeof(unsigned char));
+    if (nonce == NULL)
+        return NULL;
+
+    const unsigned char *first = NULL, *second = NULL;
+
+    first = (is_client ? own_hello : remote_hello) + CRYPT_PKEY_HEXLEN+CRYPT_SIGN_LEN;
+    second = (is_client ? remote_hello : own_hello) + CRYPT_PKEY_HEXLEN+CRYPT_SIGN_LEN;
+
+    memcpy(nonce, first, CRYPT_NONCEHALF_LEN);
+    memcpy(nonce+CRYPT_NONCEHALF_LEN, second, CRYPT_NONCEHALF_LEN);
+
+    return nonce;
 }
 
 int crypt_session_init(crypt_session_t *const s, const crypt_key_t *const own, crypt_key_t *const remote, const bool is_client) {

src/crypt.h

@@ -15,10 +15,13 @@
 
 #define CRYPT_SESS_KEY_LEN crypto_kx_SESSIONKEYBYTES
 
-#define CRYPT_HELLO_LEN CRYPT_PKEY_HEXLEN + CRYPT_SIGN_LEN
+#define CRYPT_NONCE_LEN crypto_aead_aegis256_NPUBBYTES
+#define CRYPT_NONCEHALF_LEN (CRYPT_NONCE_LEN/2)
 
-#define CRYPT_PKEY_HEXLEN (CRYPT_KX_PKEY_LEN + CRYPT_SIGN_PKEY_LEN) * 2
+#define CRYPT_HELLO_LEN (CRYPT_PKEY_HEXLEN + CRYPT_SIGN_LEN + (CRYPT_NONCEHALF_LEN))
-#define CRYPT_SKEY_HEXLEN (CRYPT_SIGN_PKEY_LEN + CRYPT_SIGN_SKEY_LEN) * 2
+
+#define CRYPT_PKEY_HEXLEN ((CRYPT_KX_PKEY_LEN + CRYPT_SIGN_PKEY_LEN) * 2)
+#define CRYPT_SKEY_HEXLEN ((CRYPT_SIGN_PKEY_LEN + CRYPT_SIGN_SKEY_LEN) * 2)
 
 // Stores the public and secret keys used in a key exchange and for signing.
 typedef struct crypt_key_t {
@@ -52,10 +55,13 @@ int crypt_load_key(crypt_key_t *const k, FILE *const pub, FILE *const sec);
 int crypt_store_key(const crypt_key_t *const k, FILE *const pub, FILE *const sec);
 
 // Returns a hello packet consisting of a public key and its sign.
-// The packet is sign_len long.
+// The packet is of CRYPT_SIGN_LEN long.
 unsigned char *crypt_hello(const crypt_key_t *const own);
 // Verify a hello message. It only shows that a remote public key's sign is ok.
 int crypt_hello_verify(const unsigned char *const hello, crypt_key_t *const remote);
+// Combines own and remote halves of a nonce depending in a connection direction and returns it.
+// It will be of CRYPT_NONCE_LEN length.
+const unsigned char *crypt_hello_get_nonce(const unsigned char *const own_hello, const unsigned char *const remote_hello, const bool is_client);
 
 // Stores symmetric keys used for a data encryption in both directions
 // and a remote public key.