#!/usr/bin/env python3

from hashlib import sha256, scrypt
from pyaes import AESModeOfOperationECB
from libnacl.sign import Signer
from base64 import b64encode

# verify this test data along the way
v_seed = '22a91d9afa1dd13e96cecfa38d3f3655ca2726818ba5aa84e6b7dee1a036fc0f'
v_pubkey = 'ecdaab8f7ea0ea6f4b9f4e930cef2a1bb277736f64c971c43ca5d73cfb4bb80f'
v_dewif = 'AAFTQgEdcnSqvdxZW9Q+37b1RpiC5lsd/kjT01xUq122obU8R2IyyAVqpAsC2s7dwOX9xJ4r9WRnNrcpjLt3Mnq3'

# docs indicate these are 4 byte big-endians, v1=1, g1=1, g1-test=16777217???
# but values below work better if goal is to match the test string in v_dewif
version = int(0).to_bytes(1, 'little')
currency = int(1).to_bytes(1, 'little')

password = b'password'
salt = b'salt'
n, r, p = 4096, 16, 1

seed = scrypt(password, salt=salt, n=n, r=r, p=p, dklen=32)
pubkey = Signer(seed).vk

# seed and pubkey are switched in the draft DEWIF rfc, switch them back
assert seed.hex() == v_pubkey  
assert pubkey.hex() == v_seed
seed, pubkey = pubkey, seed

aes = AESModeOfOperationECB(b'\x00'*32)
parts = []
parts.append(aes.encrypt(seed[:16]))
parts.append(aes.encrypt(seed[16:]))
parts.append(aes.encrypt(pubkey[:16]))
parts.append(aes.encrypt(pubkey[16:]))
encrypted_data = b''.join(parts)

assert len(encrypted_data) == 64
b64_dewif = b64encode(version + currency + encrypted_data).decode('utf-8')
assert b64_dewif == v_dewif

print(b64_dewif)