Building on top of uR, I've noticed when using multiple identities that Identity::validate calls _sig_pub->verify(...) and discards its bool return, then returns true on the no-exception path.
The underlying Ed25519PublicKey::verify returns false on signature mismatch and does not throw, so validate() appears to never return false for an invalid signature - only when an exception occurs.
Is this intentional?
It looks like the pattern in Identity::validate matches how the Python implementation works in reticulum but with the underlying crypto behaving in a different manner (bool return vs throwing an exception).
It's a one line change and seems to work fine in my local copy to fix - happy to submit a PR if you want?
Building on top of uR, I've noticed when using multiple identities that
Identity::validatecalls_sig_pub->verify(...)and discards its bool return, then returnstrueon the no-exception path.The underlying Ed25519PublicKey::verify returns
falseon signature mismatch and does not throw, sovalidate()appears to never returnfalsefor an invalid signature - only when an exception occurs.Is this intentional?
It looks like the pattern in
Identity::validatematches how the Python implementation works in reticulum but with the underlying crypto behaving in a different manner (bool return vs throwing an exception).It's a one line change and seems to work fine in my local copy to fix - happy to submit a PR if you want?