From 944a81a8bfc73bc731c44e8fc465f68ab89c5385 Mon Sep 17 00:00:00 2001 From: "Alexander \"Arav\" Andreev" Date: Sun, 24 Mar 2024 05:52:19 +0400 Subject: [PATCH] Let's swap a signature and a half of a nonce. And sign both a pub key and the half of a nonce. --- src/crypt.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/crypt.c b/src/crypt.c index 220b92c..ac09beb 100644 --- a/src/crypt.c +++ b/src/crypt.c @@ -113,12 +113,13 @@ unsigned char *crypt_hello(const crypt_key_t *const own) { return NULL; } - if (crypto_sign_detached(hello+CRYPT_PKEY_HEXLEN, NULL, (const unsigned char *)hello, CRYPT_PKEY_HEXLEN, own->sign_sec) == -1) { + randombytes_buf(hello+CRYPT_PKEY_HEXLEN, CRYPT_NONCEHALF_LEN); + + if (crypto_sign_detached(hello+CRYPT_PKEY_HEXLEN+CRYPT_NONCEHALF_LEN, NULL, (const unsigned char *)hello, CRYPT_PKEY_HEXLEN+CRYPT_NONCEHALF_LEN, own->sign_sec) == -1) { free(hello); return NULL; } - randombytes_buf(hello+CRYPT_PKEY_HEXLEN+CRYPT_SIGN_LEN, CRYPT_NONCEHALF_LEN); return hello; } @@ -127,7 +128,7 @@ int crypt_hello_verify(const unsigned char *const hello, crypt_key_t *const remo if (crypt_key_from_hex_public(remote, (const char *const)hello) == -1) return -1; - if (crypto_sign_verify_detached(hello+CRYPT_PKEY_HEXLEN, (const unsigned char *const)hello, CRYPT_PKEY_HEXLEN, remote->sign_pub)) + if (crypto_sign_verify_detached(hello+CRYPT_PKEY_HEXLEN+CRYPT_NONCEHALF_LEN, (const unsigned char *const)hello, CRYPT_PKEY_HEXLEN+CRYPT_NONCEHALF_LEN, remote->sign_pub)) return -1; return 0;