def index():
print('Opening index/login')
# Wipe session on opening
session.pop('username', None)
if request.method == 'POST':
user = request.form['username']
pwd = request.form['password']
# TODO: Session validation, password shouldn't be stored anywhere
try:
symmetric_box = base64.b64decode(db.get_symmetric_box(user))
salt = base64.b64decode(db.get_salt(user))
except:
print('SERVER/LOG: Username not found')
return redirect("/")
if Encrypt.decrypt_key(symmetric_box, pwd.encode(), salt) == -1:
print('SERVER/LOG: Incorrect password')
return redirect("/")
print('SERVER/LOG: Login OK')
session['symkey'] = Encrypt.decrypt_key(symmetric_box, pwd.encode(),
salt)
session['username'] = request.form['username']
Logger.log("Login from " + session['username'])
return redirect('/cards')
return render_template('login.html')
def payload_encryption_test():
password = b'testpwd'
payload = {'ccnum': '1111222233334444', 'expdate': '09/13/2018', 'cvc': '123', 'notes': 'adding user notes'}
salt = Encrypt.generate_salt()
print('ENCRYPT\TEST: salt: ', salt)
sym_key_box = Encrypt.generate_key(password, salt)
print('ENCRYPT\TEST: sym_key_box: ', sym_key_box)
sym_key = Encrypt.decrypt_key(sym_key_box, password, salt)
print('ENCRYPT\TEST: sym_key: ', sym_key)
# Payload encryption (encrypt the payload)
json_payload_string = json.dumps(payload)
print('JSON PAYLOAD:', json_payload_string)
encrypted_payload = Encrypt.encrypt_payload(sym_key, json_payload_string.encode())
print('ENCRYPT\TEST: encrypted_payload: ', encrypted_payload)
decrypted_payload = Encrypt.decrypt_payload(sym_key, encrypted_payload)
print('ENCRYPT\TEST: decrypted_payload: ', decrypted_payload)
payload_dict = json.loads(decrypted_payload)
print(payload_dict)
print(payload_dict["ccnum"])
print(payload_dict["expdate"])
print(payload_dict["cvc"])
print(payload_dict["notes"])
def full_encryption_test():
user = '******'
password = b'testpwd'
ccnum = '1111222233334444'
salt = Encrypt.generate_salt()
print('ENCRYPT\TEST: salt: ', salt)
sym_key_box = Encrypt.generate_key(password, salt)
print('ENCRYPT\TEST: sym_key_box: ', sym_key_box)
sym_key = Encrypt.decrypt_key(sym_key_box, password, salt)
print('ENCRYPT\TEST: sym_key: ', sym_key)
# Payload encryption (encrypt the payload)
encrypted_payload = Encrypt.encrypt_payload(sym_key, ccnum)
print('ENCRYPT\TEST: encrypted_payload: ', encrypted_payload)
decrypted_payload = Encrypt.decrypt_payload(sym_key, encrypted_payload)
print('ENCRYPT\TEST: decrypted_payload: ', decrypted_payload)