From 1e4713cb3a505e30e5c169bc8249c08d988a84bb Mon Sep 17 00:00:00 2001
From: mwiegand <mwiegand@seibert-media.net>
Date: Tue, 15 Feb 2022 16:43:27 +0100
Subject: [PATCH] some sanity check and comments

---
 libs/ssh.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/libs/ssh.py b/libs/ssh.py
index 5dd2009..1c3c884 100644
--- a/libs/ssh.py
+++ b/libs/ssh.py
@@ -6,6 +6,9 @@ from cryptography.hazmat.primitives.serialization import Encoding, PrivateFormat
 
 
 def generate_ed25519_key_pair(secret):
+
+    # PRIVATE KEY
+    
     privkey_bytes = Ed25519PrivateKey.from_private_bytes(secret)
     
     nondeterministic_privatekey = privkey_bytes.private_bytes(
@@ -16,14 +19,23 @@ def generate_ed25519_key_pair(secret):
 
     # handle random 32bit number, occuring twice in a row
     nondeterministic_bytes = b64decode(''.join(nondeterministic_privatekey.split('\n')[1:-2]))
+    
+    # sanity check
+    if nondeterministic_bytes[98:102] != nondeterministic_bytes[102:106]:
+        raise Exception("checksums should be the same: whats going on here?")
+    
+    # replace random bytes with deterministic values
     random_bytes = sha3_224(secret).digest()[0:4]
     deterministic_bytes = nondeterministic_bytes[:98] + random_bytes + random_bytes + nondeterministic_bytes[106:]
+    
     deterministic_privatekey = '\n'.join([
         '-----BEGIN OPENSSH PRIVATE KEY-----',
         b64encode(deterministic_bytes).decode(),
         '-----END OPENSSH PRIVATE KEY-----',
     ])
 
+    # PUBLIC KEY
+
     public_key = privkey_bytes.public_key().public_bytes(
         encoding=Encoding.OpenSSH,
         format=PublicFormat.OpenSSH,