def test_sign_test_key_conversion():
"""
Taken from test vectors in libsodium
"""
keypair_seed = unhexlify(b"421151a459faeade3d247115f94aedae"
b"42318124095afabe4d1451a559faedee")
ed25519_pk, ed25519_sk = c.crypto_sign_seed_keypair(keypair_seed)
assert c.crypto_sign_ed25519_sk_to_pk(ed25519_sk) == ed25519_pk
with pytest.raises(ValueError):
c.crypto_sign_ed25519_sk_to_pk(unhexlify(b"12"))
assert c.crypto_sign_ed25519_sk_to_seed(ed25519_sk) == keypair_seed
with pytest.raises(ValueError):
c.crypto_sign_ed25519_sk_to_seed(unhexlify(b"12"))
curve25519_pk = c.crypto_sign_ed25519_pk_to_curve25519(ed25519_pk)
with pytest.raises(ValueError):
c.crypto_sign_ed25519_pk_to_curve25519(unhexlify(b"12"))
with pytest.raises(ValueError):
c.crypto_sign_ed25519_sk_to_curve25519(unhexlify(b"12"))
curve25519_sk = c.crypto_sign_ed25519_sk_to_curve25519(ed25519_sk)
assert tohex(curve25519_pk) == ("f1814f0e8ff1043d8a44d25babff3ced"
"cae6c22c3edaa48f857ae70de2baae50")
assert tohex(curve25519_sk) == ("8052030376d47112be7f73ed7a019293"
"dd12ad910b654455798b4667d73de166")
def test_sign_test_key_conversion():
"""
Taken from test vectors in libsodium
"""
keypair_seed = unhexlify(b"421151a459faeade3d247115f94aedae"
b"42318124095afabe4d1451a559faedee")
ed25519_pk, ed25519_sk = c.crypto_sign_seed_keypair(keypair_seed)
assert c.crypto_sign_ed25519_sk_to_pk(ed25519_sk) == ed25519_pk
with pytest.raises(ValueError):
c.crypto_sign_ed25519_sk_to_pk(unhexlify(b"12"))
assert c.crypto_sign_ed25519_sk_to_seed(ed25519_sk) == keypair_seed
with pytest.raises(ValueError):
c.crypto_sign_ed25519_sk_to_seed(unhexlify(b"12"))
curve25519_pk = c.crypto_sign_ed25519_pk_to_curve25519(ed25519_pk)
with pytest.raises(ValueError):
c.crypto_sign_ed25519_pk_to_curve25519(unhexlify(b"12"))
with pytest.raises(ValueError):
c.crypto_sign_ed25519_sk_to_curve25519(unhexlify(b"12"))
curve25519_sk = c.crypto_sign_ed25519_sk_to_curve25519(ed25519_sk)
assert tohex(curve25519_pk) == ("f1814f0e8ff1043d8a44d25babff3ced"
"cae6c22c3edaa48f857ae70de2baae50")
assert tohex(curve25519_sk) == ("8052030376d47112be7f73ed7a019293"
"dd12ad910b654455798b4667d73de166")
def generate_certificates(self, sk):
sk = SigningKey(seed=bytes.fromhex(sk))
self.vk = sk.verify_key.encode().hex()
self.public_key = self.vk2pk(self.vk)
private_key = crypto_sign_ed25519_sk_to_curve25519(
sk._signing_key).hex()
for d in [self.keys_dir, self.public_keys_dir, self.secret_keys_dir]:
if self.wipe_certs and os.path.exists(d):
shutil.rmtree(d)
os.makedirs(d, exist_ok=True)
if self.wipe_certs:
self.create_from_private_key(private_key)
# move public keys to appropriate directory
for key_file in os.listdir(self.keys_dir):
if key_file.endswith(".key"):
shutil.move(os.path.join(self.keys_dir, key_file),
os.path.join(self.public_keys_dir, '.'))
# move secret keys to appropriate directory
for key_file in os.listdir(self.keys_dir):
if key_file.endswith(".key_secret"):
shutil.move(os.path.join(self.keys_dir, key_file),
os.path.join(self.secret_keys_dir, '.'))
log.info('Generated CURVE certificate files!')
def generate_certificates(cls, sk_hex, wipe_certs=False):
sk = SigningKey(seed=bytes.fromhex(sk_hex))
vk = sk.verify_key.encode().hex()
public_key = cls.vk2pk(vk)
private_key = crypto_sign_ed25519_sk_to_curve25519(
sk._signing_key).hex()
for d in [cls.keys_dir, cls.authorized_keys_dir]:
if wipe_certs and exists(d):
shutil.rmtree(d)
os.makedirs(d, exist_ok=True)
if wipe_certs:
_, secret = cls.create_from_private_key(private_key)
for key_file in os.listdir(cls.keys_dir):
if key_file.endswith(".key"):
shutil.move(join(cls.keys_dir, key_file),
join(cls.authorized_keys_dir, '.'))
if exists(cls.keys_dir):
shutil.rmtree(cls.keys_dir)
log.info('Generated CURVE certificate files!')
return vk, public_key, secret
def to_age_private_key(self) -> AgePrivateKey:
# use pynacl for this conversion
ed25519_pk = self._key.public_key().public_bytes(
Encoding.Raw, PublicFormat.Raw)
ed25519_sk = self._key.private_bytes(Encoding.Raw, PrivateFormat.Raw,
NoEncryption())
curve25519_sk = crypto_sign_ed25519_sk_to_curve25519(ed25519_sk +
ed25519_pk)
private_key = X25519PrivateKey.from_private_bytes(curve25519_sk)
return AgePrivateKey(private_key)
def __init__(self, signing_key, witness_list, url, sbb_index):
self.log = get_logger("SubBlockBuilder_{}".format(sb_index))
# Comment out below for more granularity in debugging
# self.log.setLevel(logging.INFO)
#self.log.important("SubBlockBuilder started with url {}".format(url))
# Register signal handler to teardown
signal.signal(signal.SIGTERM, self._signal_teardown)
# need to revisit this when threading strategy is clear
self.loop = asyncio.new_event_loop()
asyncio.set_event_loop(self.loop)
self.signing_key = signing_key
# witness_list should be comma separated list of ip:vk
self.witness_table = self._parse_witness_list(witness_list)
self.url = url
self.sbb_index = sbb_index
self.block_num = (int) sbb_index / 16 # hard code this for now
self.sub_block_num = (int) sb_index % 16
self.num_txs = 0
self.num_sub_blocks = 0
self.tasks = []
#SenecaInterpreter connect with BlockManager (parent process that spawned this one)
self.context = zmq.asyncio.Context()
self.socket = self.context.socket(zmq.PAIR) # For communication with main process
self.socket.connect(self.url)
# do we need this still? or do we move it to a util methods
self.verifying_key = wallet.get_vk(self.signing_key)
skg = SigningKey(seed=bytes.fromhex(sk))
self.vk = skg.verify_key.encode().hex()
self.public_key = self.vk2pk(self.vk)
self.private_key = crypto_sign_ed25519_sk_to_curve25519(skg._signing_key).hex()
priv = PrivateKey(bytes.fromhex(self.private_key))
publ = priv.public_key
self.public_key = public_key = encode(publ._public_key)
self.secret = secret_key = encode(priv._private_key)
self.pending_txs = LinkedHashTable()
self.interpreter = SenecaInterpreter()
self._recently_seen = CappedSet(max_size=DUPE_TABLE_SIZE)
try:
self._subscribe_to_witnesses()
# start event loop and start listening witness sockets as well as mgr
self.run_loop_second_time()
except Exception as e:
err_msg = '\n' + '!' * 64 + '\nSBB terminating with exception:\n' + str(traceback.format_exc())
err_msg += '\n' + '!' * 64 + '\n'
self.log.error(err_msg)
finally:
self._teardown()
def genkeys(sk_hex):
sk = SigningKey(seed=bytes.fromhex(sk_hex))
vk = sk.verify_key.encode().hex()
public_key = VerifyKey(bytes.fromhex(vk)).to_curve25519_public_key()._public_key
private_key = crypto_sign_ed25519_sk_to_curve25519(sk._signing_key)
return {
'sk': sk_hex,
'vk': vk,
'public_key': public_key.hex(),
'private_key': encode(private_key),
'curve_key': encode(public_key)
}
def generate_serval_keys(name):
node_hash = HexEncoder.decode(nacl.hash.sha256(name.encode("utf-8")))
sign_pk, sign_sk = crypto_sign_seed_keypair(node_hash)
box_sk = crypto_sign_ed25519_sk_to_curve25519(sign_sk)
box_pk = crypto_scalarmult_base(box_sk)
rhiz_pk = HexEncoder.decode(nacl.hash.sha256(("rhizome"+name).encode("utf-8")))
keys = {
"sign_pk": HexEncoder.encode(sign_pk).decode("ascii").upper(),
"box_sk": HexEncoder.encode( box_sk).decode("ascii").upper(),
"sign_sk": HexEncoder.encode(sign_sk).decode("ascii").upper(),
"box_pk": HexEncoder.encode( box_pk).decode("ascii").upper(),
"sid": HexEncoder.encode( box_pk).decode("ascii").upper(),
"rhiz_pk": HexEncoder.encode(rhiz_pk).decode("ascii").upper(),
}
return keys
def make_subkey(sk, subuser_pk: VerifyKey):
# Typically we'll do this, though in theory we can generate any old 32-byte value for c:
a = sodium.crypto_sign_ed25519_sk_to_curve25519(sk.encode() +
sk.verify_key.encode())
c = blake2b(sk.verify_key.encode() + subuser_pk.encode(),
digest_size=32,
encoder=RawEncoder)
d = sodium.crypto_core_ed25519_scalar_mul(
a,
sodium.crypto_core_ed25519_scalar_add(
c,
blake2b(c + sk.verify_key.encode(),
key=b'OxenSSSubkey',
digest_size=32,
encoder=RawEncoder)))
D = sodium.crypto_scalarmult_ed25519_base_noclamp(d)
return c, d, D
