From 27808c6e048f008fd912e1e868f8e5496fab15d9 Mon Sep 17 00:00:00 2001
From: Ethan Reesor <ethan.reesor@gmail.com>
Date: Wed, 10 Jul 2024 12:12:57 -0500
Subject: [PATCH] Fix legacy ed25519

---
 protocol/signature.go       |  5 +++--
 protocol/signature_utils.go | 10 ++++++++--
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/protocol/signature.go b/protocol/signature.go
index daa6f47ab..29eed1340 100644
--- a/protocol/signature.go
+++ b/protocol/signature.go
@@ -361,8 +361,9 @@ func (e *LegacyED25519Signature) Verify(sig Signature, msg Signable) bool {
 	if len(e.PublicKey) != 32 || len(e.Signature) != 64 {
 		return false
 	}
-	return verifySig(e, sig, true, msg, func(msg []byte) bool {
-		return ed25519.Verify(e.PublicKey, msg, e.Signature)
+	return verifySigSplit(e, sig, true, msg, func(sig, msg []byte) bool {
+		hash := doSha256(sig, common.Uint64Bytes(e.Timestamp), msg)
+		return ed25519.Verify(e.PublicKey, hash, e.Signature)
 	})
 }
 
diff --git a/protocol/signature_utils.go b/protocol/signature_utils.go
index 1316058af..2133419a7 100644
--- a/protocol/signature_utils.go
+++ b/protocol/signature_utils.go
@@ -13,11 +13,17 @@ type SignableHash [32]byte
 func (h SignableHash) Hash() [32]byte { return h }
 
 func verifySig(inner, outer Signature, merkle bool, msg interface{ Hash() [32]byte }, verify func([]byte) bool) bool {
+	return verifySigSplit(inner, outer, merkle, msg, func(sig, msg []byte) bool {
+		return verify(doSha256(sig, msg))
+	})
+}
+
+func verifySigSplit(inner, outer Signature, merkle bool, msg interface{ Hash() [32]byte }, verify func(_, _ []byte) bool) bool {
 	if outer == nil {
 		outer = inner
 	}
 	msgHash := msg.Hash()
-	if verify(doSha256(outer.Metadata().Hash(), msgHash[:])) {
+	if verify(outer.Metadata().Hash(), msgHash[:]) {
 		return true
 	}
 	if !merkle {
@@ -32,7 +38,7 @@ func verifySig(inner, outer Signature, merkle bool, msg interface{ Hash() [32]by
 	if err != nil {
 		return false
 	}
-	return verify(doSha256(h.MerkleHash(), msgHash[:]))
+	return verify(h.MerkleHash(), msgHash[:])
 }
 
 func signatureHash(sig Signature) []byte {