From 2c6cb0161c01201a82d991d368a62cdb8fdaafb0 Mon Sep 17 00:00:00 2001
From: Chrysostomos Nanakos <chris@include.gr>
Date: Tue, 16 Jun 2026 20:39:49 +0300
Subject: [PATCH] fix(mix): reject mix-identity with inconsistent pub/priv

Part of https://github.com/logos-storage/logos-storage-pm/issues/13

Signed-off-by: Chrysostomos Nanakos <chris@include.gr>
---
 storage/utils/mixidentity.nim | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/storage/utils/mixidentity.nim b/storage/utils/mixidentity.nim
index db9bb854..21422c55 100644
--- a/storage/utils/mixidentity.nim
+++ b/storage/utils/mixidentity.nim
@@ -16,6 +16,7 @@ import pkg/libp2p/crypto/crypto
 import pkg/libp2p/crypto/secp
 import pkg/libp2p_mix
 import pkg/libp2p_mix/[curve25519, mix_node]
+import pkg/libp2p/crypto/curve25519 as libp2p_curve25519
 import pkg/questionable/results
 import pkg/stew/byteutils
 
@@ -55,6 +56,9 @@ proc loadOrGenerateMixKeys*(
         raw.toOpenArrayByte(FieldElementSize, 2 * FieldElementSize - 1)
       ).valueOr:
         return failure("Bad mix priv key in " & path & ": " & error)
+    if libp2p_curve25519.public(priv) != pub:
+      return
+        failure("Mix identity in " & path & " is inconsistent: pub does not match priv")
     return success((mixPub: pub, mixPriv: priv))
 
   let (priv, pub) = generateKeyPair().valueOr: