def test_sign_test_key_conversion(): """ Taken from test vectors in libsodium """ keypair_seed = unhexlify(b"421151a459faeade3d247115f94aedae" b"42318124095afabe4d1451a559faedee") ed25519_pk, ed25519_sk = c.crypto_sign_seed_keypair(keypair_seed) assert c.crypto_sign_ed25519_sk_to_pk(ed25519_sk) == ed25519_pk with pytest.raises(ValueError): c.crypto_sign_ed25519_sk_to_pk(unhexlify(b"12")) assert c.crypto_sign_ed25519_sk_to_seed(ed25519_sk) == keypair_seed with pytest.raises(ValueError): c.crypto_sign_ed25519_sk_to_seed(unhexlify(b"12")) curve25519_pk = c.crypto_sign_ed25519_pk_to_curve25519(ed25519_pk) with pytest.raises(ValueError): c.crypto_sign_ed25519_pk_to_curve25519(unhexlify(b"12")) with pytest.raises(ValueError): c.crypto_sign_ed25519_sk_to_curve25519(unhexlify(b"12")) curve25519_sk = c.crypto_sign_ed25519_sk_to_curve25519(ed25519_sk) assert tohex(curve25519_pk) == ("f1814f0e8ff1043d8a44d25babff3ced" "cae6c22c3edaa48f857ae70de2baae50") assert tohex(curve25519_sk) == ("8052030376d47112be7f73ed7a019293" "dd12ad910b654455798b4667d73de166")
def generate_certificates(self, sk): sk = SigningKey(seed=bytes.fromhex(sk)) self.vk = sk.verify_key.encode().hex() self.public_key = self.vk2pk(self.vk) private_key = crypto_sign_ed25519_sk_to_curve25519( sk._signing_key).hex() for d in [self.keys_dir, self.public_keys_dir, self.secret_keys_dir]: if self.wipe_certs and os.path.exists(d): shutil.rmtree(d) os.makedirs(d, exist_ok=True) if self.wipe_certs: self.create_from_private_key(private_key) # move public keys to appropriate directory for key_file in os.listdir(self.keys_dir): if key_file.endswith(".key"): shutil.move(os.path.join(self.keys_dir, key_file), os.path.join(self.public_keys_dir, '.')) # move secret keys to appropriate directory for key_file in os.listdir(self.keys_dir): if key_file.endswith(".key_secret"): shutil.move(os.path.join(self.keys_dir, key_file), os.path.join(self.secret_keys_dir, '.')) log.info('Generated CURVE certificate files!')
def generate_certificates(cls, sk_hex, wipe_certs=False): sk = SigningKey(seed=bytes.fromhex(sk_hex)) vk = sk.verify_key.encode().hex() public_key = cls.vk2pk(vk) private_key = crypto_sign_ed25519_sk_to_curve25519( sk._signing_key).hex() for d in [cls.keys_dir, cls.authorized_keys_dir]: if wipe_certs and exists(d): shutil.rmtree(d) os.makedirs(d, exist_ok=True) if wipe_certs: _, secret = cls.create_from_private_key(private_key) for key_file in os.listdir(cls.keys_dir): if key_file.endswith(".key"): shutil.move(join(cls.keys_dir, key_file), join(cls.authorized_keys_dir, '.')) if exists(cls.keys_dir): shutil.rmtree(cls.keys_dir) log.info('Generated CURVE certificate files!') return vk, public_key, secret
def to_age_private_key(self) -> AgePrivateKey: # use pynacl for this conversion ed25519_pk = self._key.public_key().public_bytes( Encoding.Raw, PublicFormat.Raw) ed25519_sk = self._key.private_bytes(Encoding.Raw, PrivateFormat.Raw, NoEncryption()) curve25519_sk = crypto_sign_ed25519_sk_to_curve25519(ed25519_sk + ed25519_pk) private_key = X25519PrivateKey.from_private_bytes(curve25519_sk) return AgePrivateKey(private_key)
def __init__(self, signing_key, witness_list, url, sbb_index): self.log = get_logger("SubBlockBuilder_{}".format(sb_index)) # Comment out below for more granularity in debugging # self.log.setLevel(logging.INFO) #self.log.important("SubBlockBuilder started with url {}".format(url)) # Register signal handler to teardown signal.signal(signal.SIGTERM, self._signal_teardown) # need to revisit this when threading strategy is clear self.loop = asyncio.new_event_loop() asyncio.set_event_loop(self.loop) self.signing_key = signing_key # witness_list should be comma separated list of ip:vk self.witness_table = self._parse_witness_list(witness_list) self.url = url self.sbb_index = sbb_index self.block_num = (int) sbb_index / 16 # hard code this for now self.sub_block_num = (int) sb_index % 16 self.num_txs = 0 self.num_sub_blocks = 0 self.tasks = [] #SenecaInterpreter connect with BlockManager (parent process that spawned this one) self.context = zmq.asyncio.Context() self.socket = self.context.socket(zmq.PAIR) # For communication with main process self.socket.connect(self.url) # do we need this still? or do we move it to a util methods self.verifying_key = wallet.get_vk(self.signing_key) skg = SigningKey(seed=bytes.fromhex(sk)) self.vk = skg.verify_key.encode().hex() self.public_key = self.vk2pk(self.vk) self.private_key = crypto_sign_ed25519_sk_to_curve25519(skg._signing_key).hex() priv = PrivateKey(bytes.fromhex(self.private_key)) publ = priv.public_key self.public_key = public_key = encode(publ._public_key) self.secret = secret_key = encode(priv._private_key) self.pending_txs = LinkedHashTable() self.interpreter = SenecaInterpreter() self._recently_seen = CappedSet(max_size=DUPE_TABLE_SIZE) try: self._subscribe_to_witnesses() # start event loop and start listening witness sockets as well as mgr self.run_loop_second_time() except Exception as e: err_msg = '\n' + '!' * 64 + '\nSBB terminating with exception:\n' + str(traceback.format_exc()) err_msg += '\n' + '!' * 64 + '\n' self.log.error(err_msg) finally: self._teardown()
def genkeys(sk_hex): sk = SigningKey(seed=bytes.fromhex(sk_hex)) vk = sk.verify_key.encode().hex() public_key = VerifyKey(bytes.fromhex(vk)).to_curve25519_public_key()._public_key private_key = crypto_sign_ed25519_sk_to_curve25519(sk._signing_key) return { 'sk': sk_hex, 'vk': vk, 'public_key': public_key.hex(), 'private_key': encode(private_key), 'curve_key': encode(public_key) }
def generate_serval_keys(name): node_hash = HexEncoder.decode(nacl.hash.sha256(name.encode("utf-8"))) sign_pk, sign_sk = crypto_sign_seed_keypair(node_hash) box_sk = crypto_sign_ed25519_sk_to_curve25519(sign_sk) box_pk = crypto_scalarmult_base(box_sk) rhiz_pk = HexEncoder.decode(nacl.hash.sha256(("rhizome"+name).encode("utf-8"))) keys = { "sign_pk": HexEncoder.encode(sign_pk).decode("ascii").upper(), "box_sk": HexEncoder.encode( box_sk).decode("ascii").upper(), "sign_sk": HexEncoder.encode(sign_sk).decode("ascii").upper(), "box_pk": HexEncoder.encode( box_pk).decode("ascii").upper(), "sid": HexEncoder.encode( box_pk).decode("ascii").upper(), "rhiz_pk": HexEncoder.encode(rhiz_pk).decode("ascii").upper(), } return keys
def make_subkey(sk, subuser_pk: VerifyKey): # Typically we'll do this, though in theory we can generate any old 32-byte value for c: a = sodium.crypto_sign_ed25519_sk_to_curve25519(sk.encode() + sk.verify_key.encode()) c = blake2b(sk.verify_key.encode() + subuser_pk.encode(), digest_size=32, encoder=RawEncoder) d = sodium.crypto_core_ed25519_scalar_mul( a, sodium.crypto_core_ed25519_scalar_add( c, blake2b(c + sk.verify_key.encode(), key=b'OxenSSSubkey', digest_size=32, encoder=RawEncoder))) D = sodium.crypto_scalarmult_ed25519_base_noclamp(d) return c, d, D