{
 "cells": [
  {
   "cell_type": "code",
   "execution_count": 31,
   "metadata": {},
   "outputs": [],
   "source": [
    "import os\n",
    "\n",
    "import hashlib\n",
    "import nacl.signing\n",
    "from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes\n",
    "from cryptography.hazmat.backends import default_backend"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 7,
   "metadata": {},
   "outputs": [],
   "source": [
    "sign_key = nacl.signing.SigningKey.generate()"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 44,
   "metadata": {},
   "outputs": [],
   "source": [
    "make_action_string = lambda group, index: f'reset idx={index:08x} g={group}'.encode()\n",
    "def generate_presig(group, index):\n",
    "    action_string = make_action_string(group, index)\n",
    "    sig = sign_key.sign(action_string)[:64] # cut off original message\n",
    "    \n",
    "    key = os.urandom(16)\n",
    "    \n",
    "    cipher = Cipher(algorithms.AES(key), modes.CTR(b'\\0' * 16), backend=default_backend())\n",
    "    enc = cipher.encryptor()\n",
    "    ciphtertext = enc.update(sig)\n",
    "    assert len(enc.finalize()) == 0\n",
    "    \n",
    "    return key, ciphtertext\n",
    "\n",
    "presigs = { group: [ generate_presig(group, index) for index in range(64) ] for group in ['all', 'v=foo', 's=bar', 'l=somewhere'] }"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 46,
   "metadata": {},
   "outputs": [
    {
     "data": {
      "text/plain": [
       "(b'\\x9f\\n\\x8e\\xc9\\x1d\\xaf*\\xac\\x9e\\x1as\\xe8\\xf8\\xe6\\xe9z',\n",
       " b'{\\xd8\\xb4\\xaf\\xb4PK1%*`\\\\\\x8e\\x93;\\x82\\xeaF\\x99\\xe0\\xbfB\\xf1\\x9d\\xae\\x02|\\xae\\\\?\\x97\\xb3\\xa5j.Y\\x83\\xddg\\x7f\\x06\\xd2\\xa47^\\xf3\\xdd\\x08n3\\x90\\x84~\\x96,tO#\\x8e$\\xdc\\xa2\\x1a\\r')"
      ]
     },
     "execution_count": 46,
     "metadata": {},
     "output_type": "execute_result"
    }
   ],
   "source": [
    "presigs['all'][0]"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 69,
   "metadata": {},
   "outputs": [],
   "source": [
    "def validate_presig(group, index, key, presig, verify_key=sign_key.verify_key):\n",
    "    \"\"\" Will raise an error for invalid signature or group/index \"\"\"\n",
    "    action_string = make_action_string(group, index)\n",
    "    \n",
    "    cipher = Cipher(algorithms.AES(key), modes.CTR(b'\\0' * 16), backend=default_backend())\n",
    "    dec = cipher.decryptor()\n",
    "    plaintext = dec.update(presig)\n",
    "    assert len(dec.finalize()) == 0\n",
    "    \n",
    "    return verify_key.verify(plaintext + action_string) == action_string"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 70,
   "metadata": {},
   "outputs": [
    {
     "data": {
      "text/plain": [
       "True"
      ]
     },
     "execution_count": 70,
     "metadata": {},
     "output_type": "execute_result"
    }
   ],
   "source": [
    "validate_presig('all', 0, *presigs['all'][0])"
   ]
  }
 ],
 "metadata": {
  "kernelspec": {
   "display_name": "labenv",
   "language": "python",
   "name": "labenv"
  },
  "language_info": {
   "codemirror_mode": {
    "name": "ipython",
    "version": 3
   },
   "file_extension": ".py",
   "mimetype": "text/x-python",
   "name": "python",
   "nbconvert_exporter": "python",
   "pygments_lexer": "ipython3",
   "version": "3.8.2"
  }
 },
 "nbformat": 4,
 "nbformat_minor": 4
}