sig missing from handshake's auth spec

[ryandotsmith]

auth = auth-size || enc-auth-body
auth-size = size of enc-auth-body, encoded as a big-endian 16-bit integer
auth-vsn = 4
auth-body = [sig, initiator-pubk, initiator-nonce, auth-vsn, ...]
enc-auth-body = ecies.encrypt(recipient-pubk, auth-body || auth-padding, auth-size)
auth-padding = arbitrary data

Looking at various implementations, it seems like sig is:

sig = secp256k1.sign(ephemeral-privkey , shared-secret ^ initiator-nonce)

and shared-secret is:

shared-secret = ecdh.agree(privkey, remote-pubk)

[ryandotsmith]

Also, there might need to be a definition for auth-padding and clarification on auth-size.

Is auth-size = len(auth-body || auth-padding) instead of size of enc-auth-bod

[ryandotsmith]

Ah, I suppose that auth-size can be known prior to ecies encryption using: len(auth-body || auth-padding) + 113. Does that sound correct?

[kdeme]

Ah, I suppose that auth-size can be known prior to ecies encryption using: len(auth-body || auth-padding) + 113. Does that sound correct?

Yes, 113 is the fixed ecies overhead which can be used to pre-calculate the total size.