Private Decentralized Communication Network
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
Onionr/src/onionrcrypto/generate.py

63 lines
2.1 KiB

"""Onionr - Private P2P Communication.
functions to generate ed25519 key pairs
"""
import nacl.signing
import nacl.encoding
import nacl.pwhash
import onionrexceptions
from onionrutils import bytesconverter
import onionrvalues
"""
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
"""
def generate_pub_key():
"""Generate a Ed25519 public key pair.
return tuple of base32encoded pubkey, privkey
"""
private_key = nacl.signing.SigningKey.generate()
public_key = private_key.verify_key
return (public_key, private_key)
def generate_deterministic(passphrase, bypassCheck=False):
"""Generate a Ed25519 public key pair from a phase.
not intended for human-generated key
"""
passStrength = onionrvalues.PASSWORD_LENGTH
# Convert to bytes if not already
passphrase = bytesconverter.str_to_bytes(passphrase)
# Validate passphrase length
if not bypassCheck:
if len(passphrase) < passStrength:
raise onionrexceptions.PasswordStrengthError(
"Passphase must be at least %s characters" % (passStrength,))
# KDF values
kdf = nacl.pwhash.argon2id.kdf
# Does not need to be secret, but must be 16 bytes
salt = b"U81Q7llrQcdTP0Ux"
ops = nacl.pwhash.argon2id.OPSLIMIT_SENSITIVE
mem = nacl.pwhash.argon2id.MEMLIMIT_SENSITIVE
# Generate seed for ed25519 key
key = kdf(32, passphrase, salt, opslimit=ops, memlimit=mem)
key = nacl.signing.SigningKey(key)
return (
key.verify_key.encode(nacl.encoding.Base32Encoder).decode(),
key.encode(nacl.encoding.Base32Encoder).decode())