def index(): print('Opening index/login') # Wipe session on opening session.pop('username', None) if request.method == 'POST': user = request.form['username'] pwd = request.form['password'] # TODO: Session validation, password shouldn't be stored anywhere try: symmetric_box = base64.b64decode(db.get_symmetric_box(user)) salt = base64.b64decode(db.get_salt(user)) except: print('SERVER/LOG: Username not found') return redirect("/") if Encrypt.decrypt_key(symmetric_box, pwd.encode(), salt) == -1: print('SERVER/LOG: Incorrect password') return redirect("/") print('SERVER/LOG: Login OK') session['symkey'] = Encrypt.decrypt_key(symmetric_box, pwd.encode(), salt) session['username'] = request.form['username'] Logger.log("Login from " + session['username']) return redirect('/cards') return render_template('login.html')
def payload_encryption_test(): password = b'testpwd' payload = {'ccnum': '1111222233334444', 'expdate': '09/13/2018', 'cvc': '123', 'notes': 'adding user notes'} salt = Encrypt.generate_salt() print('ENCRYPT\TEST: salt: ', salt) sym_key_box = Encrypt.generate_key(password, salt) print('ENCRYPT\TEST: sym_key_box: ', sym_key_box) sym_key = Encrypt.decrypt_key(sym_key_box, password, salt) print('ENCRYPT\TEST: sym_key: ', sym_key) # Payload encryption (encrypt the payload) json_payload_string = json.dumps(payload) print('JSON PAYLOAD:', json_payload_string) encrypted_payload = Encrypt.encrypt_payload(sym_key, json_payload_string.encode()) print('ENCRYPT\TEST: encrypted_payload: ', encrypted_payload) decrypted_payload = Encrypt.decrypt_payload(sym_key, encrypted_payload) print('ENCRYPT\TEST: decrypted_payload: ', decrypted_payload) payload_dict = json.loads(decrypted_payload) print(payload_dict) print(payload_dict["ccnum"]) print(payload_dict["expdate"]) print(payload_dict["cvc"]) print(payload_dict["notes"])
def full_encryption_test(): user = '******' password = b'testpwd' ccnum = '1111222233334444' salt = Encrypt.generate_salt() print('ENCRYPT\TEST: salt: ', salt) sym_key_box = Encrypt.generate_key(password, salt) print('ENCRYPT\TEST: sym_key_box: ', sym_key_box) sym_key = Encrypt.decrypt_key(sym_key_box, password, salt) print('ENCRYPT\TEST: sym_key: ', sym_key) # Payload encryption (encrypt the payload) encrypted_payload = Encrypt.encrypt_payload(sym_key, ccnum) print('ENCRYPT\TEST: encrypted_payload: ', encrypted_payload) decrypted_payload = Encrypt.decrypt_payload(sym_key, encrypted_payload) print('ENCRYPT\TEST: decrypted_payload: ', decrypted_payload)