def createDatabase(self, count = 100, startFrom=1000):
"""
Description: creates the database
"""
# only allow 4 digit PINs
if startFrom + count > 9999:
startFrom = 1000
if count > 1000:
count = 100
# 'privatekeys : where private keys are stored'
if not os.path.exists('privatekeys'):
os.makedirs('privatekeys')
# database is again Database.pkl
serverDB = open('Database.pkl','ab')
for counter in range(startFrom, startFrom + count):
# generates RSAkey pair, length = 1024 bits
rsakey = RSAKeyHandling.generateRSAkeypair()
# now we can write the public and private keys to different files
# for the efficiency in verification and debugging, the values
# have been chosen as such.
# One must NOT confuse them as real values as they will be entirely different and generated
# using a different set of algorithms
voterID = 'voteid' + str(counter)
PIN = counter
# generate privatekey file name for voter
keyfilename = 'privatekeys/' + voterID +'.pem'
rsakey.save_pem(keyfilename, None, empty_callback)
# public key part of RSA in base64
publickey_inbase64 = RSAKeyHandling.save_public_rsakey_to_b64string(rsakey)
# sha256 of VoterID || PIN in base64
hash_of_voterID_PIN = RSAKeyHandling.sha256hash_base64( voterID + str(PIN) )
# create dictionary for a particular userID
userDict = {
hash_of_voterID_PIN : {
'pkey' : publickey_inbase64 ,
'voted' : 0
}
}
# save dictionary; save userID info in the database
pickle.dump(userDict, serverDB)
serverDB.flush()
serverDB.close()
def main():
# seeding the PRNG with 1024 random bytes from OS
# from M2Crypto
Rand.rand_seed (os.urandom (1024))
while 1:
#======================================================
# draw MAIN SCREEN
mainScreen = MainScreen()
centerWindow(mainScreen, WINDOW_WIDTH_MS, WINDOW_HEIGHT_MS)
mainScreen.mainloop()
#======================================================
### begin connecting to the srver
# buffer length
buffer_length = 5000
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# require a certificate from the server
myhost = 'localhost'
myport = 4321
try:
# ssl.CERT_NONE : cause we are using a self signed certificate
ssl_sock = ssl.wrap_socket(s,cert_reqs=ssl.CERT_NONE,ssl_version=ssl.PROTOCOL_TLSv1)
ssl_sock.connect((myhost, myport))
#print repr(ssl_sock.getpeername())
#print ssl_sock.cipher()
#begin to receive DH key exchange data from server
#in order of p,g,g^a
serverDH_p = base64.b64decode(ssl_sock.read(buffer_length))
serverDH_g = base64.b64decode(ssl_sock.read(buffer_length))
serverDH_pub = base64.b64decode(ssl_sock.read(buffer_length))
myDHobject = DH.set_params(serverDH_p, serverDH_g)
# pick random p and generate g^b in myDhobject.pub
myDHobject.gen_key()
ssl_sock.sendall(base64.b64encode(myDHobject.pub))
# generate shared AES Key
sharedAESkey = myDHobject.compute_key(serverDH_pub)
# print 'shared AES Key ', hexlify(sharedAESkey)
# now we have a secure shared 256-bit AES key to send data around
# it was Diffie Hellman, so even if TLS was borked, hopefully noone knows it
except:
#ZZZ change to msgbox
tkMessageBox.showwarning(title = "Connection Error",
message = "Cannot connect to server.")
ssl_sock.close()
# mainScreen.destroy()
# print 'Cannot connect to server', myhost , ':' , myport
continue
#======================================================
# draw AUTHENTICATION SCREEN
authScreen = AuthScreen()
centerWindow(authScreen, WINDOW_WIDTH_AUTH, WINDOW_HEIGHT_AUTH)
authScreen.mainloop()
# voterID, privateRSAKey and PIN are valid
#======================================================
# start validating login
# get the chosen IV in base64
chosen_IV_inbase64 = ssl_sock.read(buffer_length)
# decode it from base64
chosen_IV = b64decode(chosen_IV_inbase64)
# print 'got chosen_IV ', hexlify(chosen_IV)
# voterID || PIN
voterID_PIN = voterID + voterPIN
# print 'voterID_PIN ', str(voterID_PIN)
# calculate sha256 hash of voterID || PIN in base64
hash_of_voterID_PIN_inbase64 = RSAKeyHandling.sha256hash_base64(voterID_PIN)
# print 'hash of voterID_PIN in base 64 ', hash_of_voterID_PIN_inbase64
# encrypt it using AES 256
# key = sharedAESKey
# IV = chosen_IV
encrypted_AES_hash = RSAKeyHandling.AES_encryptor(sharedAESkey, hash_of_voterID_PIN_inbase64, chosen_IV)
# convert it into base64
encrypted_AES_hash_inbase64 = base64.b64encode(encrypted_AES_hash)
# send it to the server
ssl_sock.sendall(encrypted_AES_hash_inbase64)
# print 'sent to server encrypted_AES_hash_inbase64 ', encrypted_AES_hash_inbase64
# wait for server to return user_exists or user_has_voted
user_exists_base64 = ssl_sock.read(buffer_length)
# decode it from base64
user_exists = base64.b64decode(user_exists_base64)
# print hexlify(user_exists)
# decrypt it from AES using sharedAESkey and chosenIV
user_exists = RSAKeyHandling.AES_decryptor(sharedAESkey, user_exists, chosen_IV)
# print user_exists
if user_exists == 'LOL_NO_WAY':
# ZZZ change to msgbox
tkMessageBox.showerror(title = "Not Eligible User",
message = "Sorry, User Not Eligible to Vote")
#print 'Sorry, user not eligible to vote'
ssl_sock.close()
continue
## ZZZ restart GUI , how ?
# if user is eligible to vote
# load privatekey
rsakey = RSA.load_key(privateRSAKey, RSAKeyHandling.empty_callback)
try:
# user_exists must contain the hash_normal encrypted with public key
# decrypt it
decrypted_hash = rsakey.private_decrypt(user_exists, RSA.pkcs1_padding)
except:
# decryption didn't work
# ZZZ change to msgbox
tkMessageBox.showerror(title = "Decyption Error",
message = "Sorry, Wrong User Credentials")
ssl_sock.close()
continue
## ZZZ restart GUI , how ?
if decrypted_hash != hash_of_voterID_PIN_inbase64:
# ZZZ change to msgbox
tkMessageBox.showerror(title = "Decryption Error",
message = "Sorry, Wrong User Credentials")
# print 'Sorry, wrong user credentials'
ssl_sock.close()
continue
# sys.exit()
# now the user is authenticated and we can go on
# start voting
#======================================================
#draw choice screen for president/congress/counsel/
polls = {
"president" : (1, 3),
"congress" : (1, 5),
"counsel" : (2, 4)
}
votes = {
"president" : None,
"congress" : None,
"counsel" : None
}
for poll in polls:
window = Group(poll, polls[poll][0], polls[poll][1]) # def __init__(self, _vf, _ms, _mo, master=None):
centerWindow(window, WINDOW_WIDTH_MAIN, WINDOW_HEIGHT_MAIN)
window.mainloop()
votes[poll] = tuple(userVote) # store user vote
del userVote[:] # clear user vote
# send the votes to server
# print votes
votes_string = json.dumps(votes)
# convert votes to base64
votes_string_inbase64 = base64.b64encode(votes_string)
# to load it later
# votes_n = json.loads(vote_str)
# begin to encrypt votes
encrypted_votes_string = RSAKeyHandling.AES_encryptor(sharedAESkey, votes_string_inbase64, chosen_IV)
# convert it to base64
encrypted_votes_string_inbase64 = base64.b64encode(encrypted_votes_string)
# send it to the server
ssl_sock.sendall(encrypted_votes_string_inbase64)
# wait for the thank you note
encrypted_thankyou_inbase64 = ssl_sock.read(buffer_length)
# decode it from base64
encrypted_thankyou = base64.b64decode(encrypted_thankyou_inbase64)
# decrypt it using AES
decrypted_thankyou = RSAKeyHandling.AES_decryptor(sharedAESkey, encrypted_thankyou, chosen_IV)
print decrypted_thankyou
# draw END SCREEN
endScreen = EndScreen()
centerWindow(endScreen, WINDOW_WIDTH_ES, WINDOW_HEIGHT_MS)
endScreen.mainloop()
# note that closing the SSLSocket will also close the underlying socket
ssl_sock.close()
def generate_voters(count=100,startfrom=1000):
# only allow 4 digit PINs
if startfrom+count > 9999:
startfrom = 1000
if count > 100:
count = 100
'privatekeys : where private keys are stores'
if not os.path.exists('privatekeys'):
os.makedirs('privatekeys')
# 'publickeys : where the server DB will be saved'
# if not os.path.exists('publickeys'):
# os.makedirs('publickeys')
serverDB = open('Database.pkl','ab')
# start generating count RSA keypairs
for counter in range(startfrom,startfrom+count):
# generates RSAkey pair, length = 1024 bits
rsakey = RSAKeyHandling.generateRSAkeypair()
# now we can write the public and private keys to different files
voterID = 'voters' + str(counter)
PIN = counter
# generate privatekey file name for voter
keyfilename = 'privatekeys/' + voterID +'.pem'
rsakey.save_pem(keyfilename, None, empty_callback)
# public key part of RSA in base64
publickey_inbase64 = RSAKeyHandling.save_public_rsakey_to_b64string(rsakey)
# sha256 of VoterID || PIN in base64
hash_of_voterID_PIN = RSAKeyHandling.sha256hash_base64( voterID + str(PIN) )
# final string to write to DB in a line
# public key in base 64 SPACE hash of voterID||PIN SPACE 0 (0 because he has not voted yet)
# final_db_record = publickey_inbase64 + ' ' + hash_of_voterID_PIN + ' '+'0\n'
# print final_db_record
# serverDB.write(final_db_record)
userdict = {
hash_of_voterID_PIN : {
'pkey' : publickey_inbase64 ,
'voted' : 0
}
}
pickle.dump(userdict, serverDB)
serverDB.flush()
serverDB.close()
return 1
