Currently the pool role (and presumably other roles) incorrectly verifies the Template Provider authority key (and presumable other upstream keys).

https://github.com/stratum-mining/sv2-spec/blob/main/04-Protocol-Security.md#453-server-authentication

The checks happen here:

1. The spec requires that server_public_key (the upstream static key) is included in the signature hash, but m only covers the 10 bytes of the SIGNATURE_NOISE_MESSAGE. It needs to append the server static public.

2. The message should be signed by the authority key, but it's actually being checked against the static key.

The Template Provider in Bitcoin Core generated signatures with the same two issues. I fixed the bug, but then put in a workaround to re-introduce the bug. That way things keep working.

A fix for the Bitcoin Core side is here: Sjors/bitcoin#29

I'll merge that once the SRI-side is fixed.