def close(self):
self.open = False
rsa_kg = RSAKGen()
for bid in self.blockchain:
# decipher first sym key with second sym key
fernet = Fernet(bid.second_symmetric_key)
sym_key = fernet.decrypt(bid.first_symmetric_key)
# decipher first sym key with auction pub key
sym_key = rsa_kg.decipher_with_private_key(
self.auction_private_key, sym_key)
bid.first_symmetric_key = sym_key
def close_auction(self, client, message_json):
# VERIFYES THE message integrity
if not HMAC_Conf.verify_function("message", message_json, client.session_key_repository):
return base64.b64encode("{ \"type\" : \"Tempered data\"}".encode('utf-8'))
# Decrypts the message
data = decrypt_data(client.session_key_repository,
message_json["message"], base64.b64decode(message_json["iv"]),
base64.b64decode(message_json["Key"]),
client.private_key)
data_json = json.loads(data, strict="false")
something = unpadd_data(data_json["blockchain"], client.session_key_repository)
blockchain = pickle.loads(something)
rsa_kg = RSAKGen()
for bid in blockchain:
bid.second_symmetric_key = rsa_kg.decipher_with_private_key(client.auction_private_key, bid.second_symmetric_key)
bloc_chain_enc = encrypt_message_sk(pickle.dumps(blockchain), client.session_key_repository)
message = "{ \"type\" : \"close_auction\" ,\n"
message += "\"username\" : \"" + client.username + "\" ,\n"
message_interm = "{"
message_interm += "\"auction_id\" : \"" + data_json["auction_id"]+ "\",\n"
message_interm += "\"blockchain\" : \"" + bloc_chain_enc + "\"\n"
message_interm += "}"
enc_json_message = encrypt_message_complete(base64.b64encode(message_interm.encode("utf-8")), client.session_key_repository, client.server_public_key_repository)
key = enc_json_message[0]
iv = enc_json_message[2]
data = enc_json_message[1]
hmac = HMAC_Conf.integrity_control(data.encode(),client.session_key_repository)
message += "\"message\" : \"" + data + "\" ,\n"
message += "\"Key\" : \"" + str(base64.b64encode(key), 'utf-8') + "\",\n"
message += "\"iv\" : \"" + str(base64.b64encode(iv), 'utf-8') + "\",\n"
message += "\"hmac\" : \"" + str(base64.b64encode(hmac), 'utf-8') + "\"\n"
message += "}"
return message, AR_ADDRESS
def create_session_key_user_server(self, message_json):
rsa_kg = RSAKGen()
username = message_json["username"]
random_key = rsa_kg.decipher_with_private_key(
self.auction_repository.private_key,
base64.b64decode(message_json["random_key"]))
# VERIFIES THE message integrity
if not HMAC_Conf.verify_function("message", message_json, random_key):
return base64.b64encode(
"{ \"type\" : \"Tempered data\"}".encode('utf-8'))
# Decrypts the message
data = decrypt_data("", message_json["message"],
base64.b64decode(message_json["iv"]),
base64.b64decode(message_json["Key"]),
self.auction_repository.private_key)
# Loads the messsage to json
internal_json = json.loads(data, strict="False")
rsa_signature = internal_json["rsa_signature"]
certificate = base64.b64decode(
internal_json["certificate"]
) #PENSO QUE TENS DE FAZER BASE64 DECODE
digital_signature = base64.b64decode(
internal_json["digital_signature"])
citizen = CitizenCard()
certificate = x509.load_pem_x509_certificate(certificate,
default_backend())
if not citizen.check_signature(
certificate, digital_signature,
self.auction_repository.clients_challenge[base64.b64decode(
message_json["username"])].encode()):
return base64.b64encode(
"{ \"type\" : \"No valid signature\"}".encode('utf-8'))
if not citizen.validate_certificate(certificate):
return base64.b64encode(
"{ \"type\" : \"No valid certificate\"}".encode('utf-8'))
self.auction_repository.clients_challenge.pop(
base64.b64decode(message_json["username"]))
# Get the parameters
parameters = pickle.loads(
codecs.decode(message_json["params"].encode(), "base64"))
par = load_pem_parameters(parameters, backend=default_backend())
# Generate our DH public/private key
private_key = par.generate_private_key()
public_key = private_key.public_key()
# Get the public key bytes from the user
peer_public_key_bytes = message_json["pk"].encode()
peer_public_key = serialization.load_pem_public_key(
peer_public_key_bytes, default_backend())
calendar_date = str(datetime.datetime.now())
shared_key = private_key.exchange(peer_public_key)
derived_key = HKDF(algorithm=hashes.SHA256(),
length=DH_HKDF_KEY,
salt=None,
info=calendar_date.encode("utf-8"),
backend=default_backend()).derive(shared_key)
# Construct the message with the keys
message = "{ \"type\" : \"session\" ,\n"
# Now send our DH public key to the client
pk_dh = public_key.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo).decode(
'utf-8')
message += "\"pk\" : \"" + pk_dh + "\" ,\n"
message += "\"info\" : \"" + calendar_date + "\",\n"
message += "\"server_key\" : \"" + self.auction_repository.public_key.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo).decode(
'utf-8') + "\""
message += "}"
# Get the username and set the session key
self.auction_repository.session_key_clients[
message_json["username"]] = derived_key
# Get the public key from the user key from the user
_dir = os.getcwd() + "/Clients/" + message_json["username"]
if not check_directory(_dir):
if not check_directory(os.getcwd() + "/Clients"):
os.mkdir(os.getcwd() + "/Clients")
os.mkdir(_dir)
with open(_dir + "/" + PK_NAME, "wb") as file:
file.write(message_json["public"].encode("utf-8"))
return base64.b64encode(message.encode('utf-8'))