def func(s: sock.socket.socket):
send_user(s, own_pub)
# Receive server public key.
while alive:
data = s.recv(1024)
if data: # ??!
remote_user = name.User.from_bytes(data)
print('The server identifies as', remote_user)
break
handle_input((s,), own_priv, (remote_user.pub,))
# Accept text messages.
q = Queue(maxsize=1)
while alive:
data = s.recv(1024) # TODO: handle longer packets
if data:
packet = pack.Packet.from_bytes(data)
text = crypto.decrypt(packet.encrypted, own_priv)
crypto.verify(text, packet.signature, remote_user.pub)
assert(q.empty())
q.put(text)
#print(text)
time.sleep(0.1)
# TODO: mirror bot logic into serve()
bot_threads = spawn_bots(q)
assert(q.full())
q.get() # drop()
while False:
insult = bot.curse()
send(insult, s, own_priv, remote_pub)
time.sleep(bot.random.randint(1,8))
def _validate_block(self, block):
miner_id = block["header"]["miner_id"]
miner_public_key = self.get_block(0)["content"]["miners"][str(
miner_id)]["public_key"].encode('ascii')
crypto.verify(block["header"]["signature"],
json.dumps(block["content"], sort_keys=True),
crypto.load_public_key(miner_public_key))
def process_command(self, input_data: bytes) -> str:
args = input_data.decode().split(' ') # split signature
command = args[0]
complete_command = input_data.decode()
banned_words = ["select", "from", "union"]
for word in banned_words:
if word.lower() in complete_command.lower():
return 'Nice try'
if command == 'receive':
#checking signature
if len(args) != 5:
return "Entered line must have format \"receive category data tick signature\""
signature = args[-1]
args = args[1:-1]
checker_key = RSA.importKey(open('checker.pubkey', 'r').read())
if not verify(' '.join(args), signature, checker_key):
return "invalid signature"
return self.receive(*args)
elif command == 'send':
try:
tick = int(args[1])
except ValueError:
print('First argument must be integer')
return self.send(args[1])
elif command == 'send_pubkey':
return self.key.publickey().export_key().decode()
else:
return 'Unknown command'
def new_transaction():
if request.method == 'POST':
tx_data = request.get_json()
forwarder = tx_data['forwarder']
receiver = tx_data['receiver']
amount = tx_data['amount']
publickey = tx_data['publickey']
signature = tx_data['signature']
hashed = tx_data['hash']
transaction = blockchain.Transaction(forwarder, receiver, amount, publickey)
print("Checking: " + str(transaction.overview()))
if not has_transaction(transaction):
# two step verification
# transaction comes from publickey owner
condition = crypto.verify(publickey, str(transaction), signature)
print ('tx condition: ' + str(condition))
# value can be spend
# TODO get_balance(fingerprint)
if condition:
advertise_transaction(transaction)
add_transaction(transaction)
if not transaction_thread.is_alive():
transaction_thread = threading.Thread(name='transaction', target=process_transaction)
transaction_thread.start()
return 'Transaction registered'
else:
return 'Verification fail, requester is a teapot', 418
else:
return 'Transaction already registered'
def verify(self):
if self.signed_by_id != self.id:
return False
key = self.get_public_key()
try:
return crypto.verify(self._hashable_representation(), crypto.decode_base64(self.signature), key)
except:
return False
def validate_vote(self, vote):
genesis_block = self.blockchain.get_block(0)
# check proof
proofs = genesis_block["content"]["electronic_ballot_proofs"]
if not vote["header"]["hash_of_proof"] in proofs:
raise Exception("Invalid proof")
# check VCM
vcm_id = vote["header"]["vcm_id"]
vcm_public_key = genesis_block["content"]["vcms"][vcm_id][
"public_key"].encode('ascii')
crypto.verify(vote["header"]["signature"],
json.dumps(vote["content"], sort_keys=True),
crypto.load_public_key(vcm_public_key))
def test_sign():
for _ in range(5):
privkey = RSA.generate(2048)
pubkey = privkey.publickey()
for str_len in range(2, 200):
message = 'ENO{%s}' % ''.join(
[random.choice(string.printable[:95]) for _ in range(str_len)])
signature = sign(message, privkey)
assert verify(message, signature, pubkey)
def verifyAdd(self, s):
if self.code == None:
if crypto.verify(s, self._hash):
self.code = s
return self
else:
raise ValueError("Verification failed, string '%s' did not match hash %s"%(s, self._hash))
else:
raise Exception("Code already loaded into object")
def verifyAdd(self, s):
if self.code == None:
if crypto.verify(s, self._hash):
self.code = s
return self
else:
raise ValueError(
"Verification failed, string '%s' did not match hash %s" %
(s, self._hash))
else:
raise Exception("Code already loaded into object")
def is_valid(self):
signature_valid = crypto.verify(self.utxos[0].public_key,
self.signature, self.get_hash())
spent = 0
for msg in self.messages:
spent = spent + msg
balance = 0
for utxo in self.utxos:
balance = balance + utxo.message
amount_enough = balance == spent
return signature_valid and amount_enough
def new_block():
global lock
lock.acquire()
if request.method == 'POST':
tx_data = request.get_json()
transactions.append(tx_data)
index = tx_data['index']
timestamp = tx_data['timestamp']
previous_hash = tx_data['previous_hash']
hashed = tx_data['hash']
nonce = tx_data['nonce']
miner = tx_data['miner']
forwarder = tx_data['transaction']['forwarder']
receiver = tx_data['transaction']['receiver']
amount = tx_data['transaction']['amount']
publickey = tx_data['transaction']['publickey']
signature = tx_data['transaction']['signature']
hashed = tx_data['transaction']['hash']
transaction = blockchain.Transaction(forwarder, receiver, amount, publickey)
print(blockchain.verify_proof(transaction, nonce, miner))
print(crypto.verify(publickey, str(transaction), signature))
# verify proof of work had place and transaction is from publickey owner
condition = blockchain.verify_proof(transaction, nonce, miner) and \
crypto.verify(publickey, str(transaction), signature)
if condition:
advertise_block(block)
#node.add_transaction(transaction)
add_block(block)
lock.release()
return 'Transaction registered'
else:
return 'Verification fail, requester is a teapot', 418
else:
lock.release()
def validate_transaction(tx):
"""
Checks a single transaction to make sure its valid by making sure the transaction is a valid signature of the coin's previous owner
"""
if tx.previous_transaction == None:
#This is a special case representing transactions created by mint_coin that create the coin
to_hash = tx.current_owner_pubkey
else:
to_hash = combine_hex(tx.previous_transaction.transaction_signature,
tx.current_owner_pubkey)
to_verify = crypto_hash(to_hash)
return verify(to_verify, tx.transaction_signature,
tx.previous_owner_pubkey)
def forever(s):
# Handshake.
while True:
data = s.recv(1024)
if data:
remote_user = name.User.from_bytes(data)
remote_sockets.append(s)
remote_keys.append(remote_user.pub)
ip = sock.Server(0, '').ip
us = name.User('a chat server', own_pub, ip, 'wellcome')
s.sendall(us.to_bytes())
break
# Accept text messages.
while True:
data = s.recv(1024)
if data:
assert(len(data) < 1024)
packet = pack.Packet.from_bytes(data)
text = crypto.decrypt(packet.encrypted, own_priv)
crypto.verify(text, packet.signature, remote_user.pub)
print(text)
time.sleep(0.1)
def is_valid_transaction(transaction: Transaction) -> bool:
sender_state = get_state(transaction.sender)
if sender_state.nonce >= transaction.nonce:
print('invalid nonce. Sender nonce:', sender_state.nonce,
'transactions nonce:', transaction.nonce)
return False
if sender_state.balance < transaction.value:
print('no money')
return False
message = transaction.sender + ' ' + transaction.to + ' ' + str(
transaction.value) + ' ' + str(transaction.nonce)
if not verify(transaction.sender, message, transaction.signature):
print('invalid signature')
return False
return True
async def process_command(self, input_data: bytes) -> str:
args = input_data.decode().split(' ') # split signature
command = args[0]
complete_command = input_data.decode()
banned_words = ["select", "from", "union"]
for word in banned_words:
if word.lower() in complete_command.lower():
return 'Nice try'
if command == 'receive':
#checking signature
if len(args) != 5:
self.tx.write(
b"Entered line must have format \"receive category data tick signature\"\n"
)
return
signature = args[-1]
args = args[1:-1]
if not verify(' '.join(args), signature, CHECKER_KEY):
self.tx.write(b"invalid signature\n")
return
await self.receive(*args)
elif command == 'send':
try:
tick = int(args[1])
except ValueError:
self.tx.write(b'First argument must be integer\n')
await self.send(args[1])
elif command == 'send_pubkey':
self.tx.write(PUBLIC_KEY + b'\n')
else:
self.tx.write(b'Unknown command\n')
def verify(self):
# if nobody signed it, verification fails
if not self.signed_by_id:
return False
# if it's not a trusted device...
if not self.signed_by.get_metadata().is_trusted:
# but it's a model class that requires trusted signatures, verification fails
if self.requires_trusted_signature:
return False
if settings.CENTRAL_SERVER:
# if it's not in a zone at all (or its DeviceZone was revoked), verification fails
if not self.signed_by.get_zone():
return False
else:
# or if it's not in the same zone as our device (or the DeviceZone was revoked), verification fails
if self.signed_by.get_zone() != Device.get_own_device().get_zone():
return False
# by this point, we know that we're ok with accepting this model from the device that it says signed it
# now, we just need to check whether or not it is actually signed by that model's private key
key = self.signed_by.get_public_key()
try:
return crypto.verify(self._hashable_representation(), crypto.decode_base64(self.signature), key)
except:
return False
if text is None or text == '':
return None, None
# if not text.startswith('MIME-Version: 1.0'):
# raise Ssm2Exception('Not a valid message.')
# encrypted - this could be nicer
if 'application/pkcs7-mime' in text or 'application/x-pkcs7-mime' in text:
try:
text = crypto.decrypt(text, self._cert, self._key)
except crypto.CryptoException, e:
log.error('Failed to decrypt message: %s' % e)
return None, None
# always signed
try:
message, signer = crypto.verify(text, self._capath, self._check_crls)
except crypto.CryptoException, e:
log.error('Failed to verify message: %s' % e)
return None, None
if signer not in self._valid_dns:
log.error('Message signer not in the valid DNs list: %s' % signer)
return None, signer
else:
log.info('Valid signer: %s' % signer)
return message, signer
def _send_msg(self, message, msgid):
'''
Send one message using stomppy. The message will be signed using
def verify(self, data, signature):
return crypto.verify(self._key, data, signature)
def verify_image():
global message_label
message_label.destroy()
# retrieve image path using file dialog
image = filedialog.askopenfilename()
# load the image using the path
load_image = Image.open(image)
# set the image into the gui using the thumbnail function from tkinter
load_image.thumbnail(image_size, Image.ANTIALIAS)
# load the image as a numpy array for efficient computation and change the type to unsigned integer
np_load_image = np.asarray(load_image)
np_load_image = Image.fromarray(np.uint8(np_load_image))
render = ImageTk.PhotoImage(np_load_image)
img = Label(app, image=render)
img.image = render
img.pack()
# used for performance metric
intime = time.time_ns()
# get a new reference to the image
img = cv2.imread(image)
#### FACIAL DETECTION ####
# establish initial bounds
# [x, y, width, height] where x, y is for the top left bounding pixel
bounds = [0, 0, img.shape[0], img.shape[1]]
# update our bounds based on the largest face detected
bounds = facedetect.getFace(image)
# narrow our facial bounds to:
# - improve performance during verification
# - focus our manipulation onto the main facial area
bounds = [
bounds[0] + bounds[2] // 4, bounds[1] + bounds[3] // 4, bounds[2] // 2,
bounds[3] // 2
]
#### STEGANOGRAPHY ####
# strip the signature from the image by inverting our LSB algorithm
bin_data = '' # a string of our binary data, initially empty
stop_found = False # true if we have found our stop sequence (5 underscores)
# loop through each pixel within our facial bounds
for x in range(bounds[1], bounds[1] + bounds[3]):
for y in range(bounds[0], bounds[0] + bounds[2]):
# get red, green, blue LSBs and append to the data string
r, g, b = helper.to_binary(img[x][y])
bin_data += r[-1] + g[-1] + b[-1]
# convert string of bits into array of byte-length strings
byte_data = [bin_data[i:i + 8] for i in range(0, len(bin_data), 8)]
# convert byte array to character string
data_str = ''
for byte in byte_data:
data_str += chr(int(byte, 2))
#check for stop sequence of 5 underscores ('_____') in last 5 characters added
if data_str[-5:] == '_____':
# remove the stop sequence from the data
data_str = data_str[:-5]
stop_found = True
break
# check if we ever found the stop sequence
if not stop_found:
# signature must be invalid since it was never terminated with the stop sequence
message = 'Failed Authentication...'
print(f'AUTHENTICATION FAILED\nReason: no stop sequence found')
# used for performance metrics
verifytime = (time.time_ns() - intime) // 1000000
testout(image, img, original_message, verifytime, "fake")
# display failed authentication message
message_label = Label(app,
text=message,
bg='red',
font=("arial", 20),
wraplength=500)
message_label.pack()
return
print(f'-\nBase64 Signature:\n{data_str}')
# Decode the base64 signature into its original format, removing the residual " b' " from the beginning and " ' " from the end
try:
signature = base64.b64decode(data_str[2:-1])
except:
# part of our base64 string can't be decoded
message = 'Failed Authentication...'
print(
f'AUTHENTICATION FAILED\nReason: invalid characters found in signature'
)
# used for performance metrics
verifytime = (time.time_ns() - intime) // 1000000
testout(image, img, original_message, verifytime, "fake")
#display failed authentication message
message_label = Label(app,
text=message,
bg='red',
font=("arial", 20),
wraplength=500)
message_label.pack()
return
print(f'-\nDecoded Signature:\n{signature}\n-')
# Attempt to authenticate the image by verifying the signature is valid
try:
print('Verifying image...')
message = crypto.verify(signature, original_message)
print(f'AUTHENTICATION SUCCESSFUL!')
verifytime = (time.time_ns() - intime) // 1000000
testout(image, img, original_message, verifytime, "real")
message_label = Label(app,
text='Authentication Succesful!',
bg='light green',
font=("arial", 20),
wraplength=500)
except crypto.cryptography.exceptions.InvalidSignature:
message = 'AUTHENTICATION FAILED'
print(f'{message}\nReason: signature did not match expected result')
verifytime = (time.time_ns() - intime) // 1000000
testout(image, img, original_message, verifytime, "fake")
message_label = Label(app,
text=message,
bg='red',
font=("arial", 20),
wraplength=500)
message_label.pack()
from note import Note # à coder
from crypto import sign, verify # à coder
import requests
# pour l'exemple
URL_SERVER = 'http://localhost'
MY_PRIVATE_KEY = 'XXXX'
# get data for payment # à coder
merchant_key = 'YYYY'
data = {'montant': 1, 'cle': merchant_key}
# send a request to the server and get back the note
r = requests.get(url, data = data)
response_from_server = r.content() # ou r.json() ?
note = Note(response_from_server) # il faudra surement reformater response
# verify note signature
if not verify(note, note.transactions[-1]['signature']):
raise SignatureError # à coder
# create new transaction and sign
new_transaction = {'cle': merchant_key, 'hash_info_payment': None, 'signature': None}
note.transactions.append(new_transaction)
my_sig = sign(note, MY_PRIVATE_KEY)
note.transactions[-1]['signature'] = my_sig
# send to merchant
note.display_QR_code() # une manière de faire parmi d'autres
def verify_signature(signed_binary_data, pubkey_data):
(sig_len, ) = struct.unpack("<I", signed_binary_data[-4:])
sig_start = len(signed_binary_data) - 4 - sig_len
signature = signed_binary_data[sig_start:-4]
binary = signed_binary_data[0:sig_start]
return crypto.verify(binary, signature, pubkey_data, False)
def valid_signature(self):
if self.owner == "mined":
return True
return crypto.verify(self.comp(), self.owner, self.signature)
def verify_signature(self):
"""Verify that the incoming request includes a valid signature."""
if not crypto.verify(
self.xsrf_key, self.user.user_id(), self.request.get('signature')):
raise ErrorMessage(400, 'Invalid signature.')
def _verify_genesis_block(self):
crypto.verify(self.genesis_block["header"]["signature"], json.dumps(self.genesis_block["content"], sort_keys=True), self.election_public_key)
def _verify_signature(self, device, signature):
return crypto.verify(self._hashable_representation(), crypto.decode_base64(signature), device.get_public_key())
