#!/usr/bin/env python3

from hashlib import sha256, scrypt
from pyaes import AESModeOfOperationECB
from libnacl.sign import Signer
from base64 import b64encode
from binascii import unhexlify

# verify this test data along the way
v_seed = 'bfa3f6e322cf21d0e652f79a69df9498fdf5347665e5646d9041f756496a1143'
v_pubkey = '17df9d2b59cdd2825955691e3a783e6da403148ddebb1144d1a9b9e545f23710'
v_dewif = 'AAAAARAAAAGfFDAs+jVZYkfhBlHZZ2fEQIvBqnG16g5+02cY18wSOjW0cUg2JV3SUTJYN2CrbQeRDwGazWnzSFBphchMmiL0'

version = int(1).to_bytes(4, 'big')
#currency = int(1).to_bytes(4, 'big')        # g1
currency = int(268435457).to_bytes(4, 'big') # g1-test

password = b'password'
salt = b'salt'
n, r, p = 4096, 16, 1
seed = scrypt(password, salt=salt, n=n, r=r, p=p, dklen=32)
pubkey = Signer(seed).vk

#assert seed.hex() == v_seed		# this fails, err in docs
#assert pubkey.hex() == v_pubkey	# this fails, err in docs
# since following docs does not produce same seed/pubkey, just use test seed
seed = unhexlify(v_seed)
pubkey = Signer(seed).vk
assert seed.hex() == v_seed
#assert pubkey.hex() == v_pubkey	# this fails, err in docs

aes_pw = b'toto titi tata'		# err in docs? do not use 'passphrase'
aes_key = scrypt(aes_pw, salt=sha256(b'dewif' + aes_pw).digest(), 
                 n=n, r=r, p=p, dklen=32)

aes = AESModeOfOperationECB(aes_key)
parts = []
parts.append(aes.encrypt(seed[:16]))
parts.append(aes.encrypt(seed[16:]))
parts.append(aes.encrypt(pubkey[:16]))
parts.append(aes.encrypt(pubkey[16:]))
encrypted_data = b''.join(parts)

b64_dewif = b64encode(version + currency + encrypted_data).decode('utf-8')

print('generated: %s\ntargeted:  %s' % (b64_dewif, v_dewif))
assert b64_dewif == v_dewif