64 lines
2.1 KiB
Python
64 lines
2.1 KiB
Python
"""Onionr - Private P2P Communication.
|
|
|
|
functions to generate ed25519 key pairs
|
|
"""
|
|
import nacl.signing
|
|
import nacl.encoding
|
|
import nacl.pwhash
|
|
|
|
import onionrexceptions
|
|
from onionrutils import bytesconverter
|
|
import onionrvalues
|
|
"""
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
"""
|
|
|
|
|
|
def generate_pub_key():
|
|
"""Generate a Ed25519 public key pair.
|
|
|
|
return tuple of base32encoded pubkey, privkey
|
|
"""
|
|
private_key = nacl.signing.SigningKey.generate()
|
|
public_key = private_key.verify_key
|
|
return (public_key, private_key)
|
|
|
|
|
|
def generate_deterministic(passphrase, bypassCheck=False):
|
|
"""Generate a Ed25519 public key pair from a phase.
|
|
|
|
not intended for human-generated key
|
|
"""
|
|
passStrength = onionrvalues.PASSWORD_LENGTH
|
|
# Convert to bytes if not already
|
|
passphrase = bytesconverter.str_to_bytes(passphrase)
|
|
# Validate passphrase length
|
|
if not bypassCheck:
|
|
if len(passphrase) < passStrength:
|
|
raise onionrexceptions.PasswordStrengthError(
|
|
"Passphase must be at least %s characters" % (passStrength,))
|
|
# KDF values
|
|
kdf = nacl.pwhash.argon2id.kdf
|
|
# Does not need to be secret, but must be 16 bytes
|
|
salt = b"U81Q7llrQcdTP0Ux"
|
|
ops = nacl.pwhash.argon2id.OPSLIMIT_SENSITIVE
|
|
mem = nacl.pwhash.argon2id.MEMLIMIT_SENSITIVE
|
|
|
|
# Generate seed for ed25519 key
|
|
key = kdf(32, passphrase, salt, opslimit=ops, memlimit=mem)
|
|
key = nacl.signing.SigningKey(key)
|
|
return (
|
|
key.verify_key.encode(nacl.encoding.Base32Encoder).decode(),
|
|
key.encode(nacl.encoding.Base32Encoder).decode())
|