From 8b173f7d470349e2948c5958626d6abe0a6836ae Mon Sep 17 00:00:00 2001
From: Marten Seemann <martenseemann@gmail.com>
Date: Thu, 14 Mar 2019 11:19:39 +0900
Subject: [PATCH] use a prefix when signing the public key

---
 crypto.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/crypto.go b/crypto.go
index c0ac657..c991e33 100644
--- a/crypto.go
+++ b/crypto.go
@@ -21,6 +21,7 @@ import (
 )
 
 const certValidityPeriod = 100 * 365 * 24 * time.Hour // ~100 years
+const certificatePrefix = "libp2p-tls-handshake:"
 
 var extensionID = getPrefixedExtensionID([]int{1, 1})
 
@@ -139,7 +140,7 @@ func getRemotePubKey(chain []*x509.Certificate) (ic.PubKey, error) {
 	if err != nil {
 		return nil, err
 	}
-	valid, err := pubKey.Verify(certKeyPub, sk.Signature)
+	valid, err := pubKey.Verify(append([]byte(certificatePrefix), certKeyPub...), sk.Signature)
 	if err != nil {
 		return nil, fmt.Errorf("signature verification failed: %s", err)
 	}
@@ -163,7 +164,7 @@ func keyToCertificate(sk ic.PrivKey) (*tls.Certificate, error) {
 	if err != nil {
 		return nil, err
 	}
-	signature, err := sk.Sign(certKeyPub)
+	signature, err := sk.Sign(append([]byte(certificatePrefix), certKeyPub...))
 	if err != nil {
 		return nil, err
 	}