From 8d45d2e7459d08bd127fb8e0e43de2954ffd305b Mon Sep 17 00:00:00 2001
From: stcb <21@stcb.cc>
Date: Fri, 28 Mar 2025 19:41:55 +0200
Subject: [PATCH] Signature fix

---
 protocol_prototype/protocol.py | 29 +++++++++++++----------------
 1 file changed, 13 insertions(+), 16 deletions(-)

diff --git a/protocol_prototype/protocol.py b/protocol_prototype/protocol.py
index 3973867..99e22e3 100644
--- a/protocol_prototype/protocol.py
+++ b/protocol_prototype/protocol.py
@@ -307,8 +307,8 @@ class IcingProtocol:
 
     def generate_ecdhe(self, index: int):
         """
-        Formerly 'respond_to_handshake'. Verifies ephemeral signature, computes ECDH,
-        updates pfs_history, and stores shared_secret. Does NOT send a handshake back.
+        Formerly 'respond_to_handshake'. Verifies the inbound ephemeral signature
+        and computes the ECDH shared secret, updating PFS history.
         """
         if index < 0 or index >= len(self.inbound_messages):
             print(f"{RED}[ERROR]{RESET} Invalid index {index}.")
@@ -318,33 +318,30 @@ class IcingProtocol:
             print(f"{RED}[ERROR]{RESET} inbound_messages[{index}] is not a HANDSHAKE.")
             return
 
-        # Parse fields
-        # (timestamp, ephemeral_pub, ephemeral_sig, pfs_hash) = ...
-        (ts32, ephemeral_pub, ephemeral_sig, pfs_val) = msg["parsed"]
+        ephemeral_pub = msg["parsed"]["ephemeral_pub"]
+        ephemeral_sig = msg["parsed"]["ephemeral_sig"]
+
+        # Use our raw_signature_to_der wrapper only if signature is 64 bytes.
+        # Otherwise, assume the signature is already DER-encoded.
+        from crypto_utils import raw_signature_to_der
+        if len(ephemeral_sig) == 64:
+            sig_der = raw_signature_to_der(ephemeral_sig)
+        else:
+            sig_der = ephemeral_sig
 
-        # 1) Verify ephemeral signature
-        if not self.peer_identity_pubkey_obj:
-            print(f"{RED}[ERROR]{RESET} Peer identity not set.")
-            return
-        # ephemeral_sig is raw r||s
-        sig_der = raw_signature_to_der(ephemeral_sig)
         ok = verify_signature(self.peer_identity_pubkey_obj, sig_der, ephemeral_pub)
         if not ok:
             print(f"{RED}[ERROR]{RESET} Ephemeral signature invalid.")
             return
         print(f"{GREEN}[OK]{RESET} Ephemeral signature verified.")
 
-        # 2) ECDH
         if not self.ephemeral_privkey:
-            print(f"{YELLOW}[WARN]{RESET} No ephemeral_privkey. Cannot compute shared secret.")
+            print(f"{YELLOW}[WARN]{RESET} No ephemeral_privkey available, cannot compute shared secret.")
             return
         shared = compute_ecdh_shared_key(self.ephemeral_privkey, ephemeral_pub)
         self.shared_secret = shared.hex()
         print(f"{GREEN}[OK]{RESET} Computed ECDH shared key = {self.shared_secret}")
 
-        # 3) Update pfs_history
-        # If we have an entry, increment session_number, store new secret
-        # If none, create session_number=1, store new secret
         old_session, _ = self.pfs_history.get(self.peer_identity_pubkey_bytes, (-1, ""))
         new_session = 1 if old_session < 0 else old_session + 1
         self.pfs_history[self.peer_identity_pubkey_bytes] = (new_session, self.shared_secret)