def __init__(self, sock):
# Create the Entity and socket
self.auction_repository = AuctionRepositoryEntity()
self.sock = sock
# Create the Public key and Private key
rsa_kg = RSAKGen()
# Check for the existence of the directory
if check_directory(self._server_path):
try:
# Get the keys from the folders
self.auction_repository.private_key, self.auction_repository.public_key = rsa_kg.load_key_servers(
self._server_path, self._server_password)
# Get the server public key
self.auction_repository.manager_public = rsa_kg.load_public_key(
self._server_path, "manager_server.pem")
except ValueError:
# Exits
sys.exit(
"The password is incorrect! All information has been deleted and the server will"
"now become unstable")
else:
# Since it doesn't exist, we create the folders
os.mkdir(self._server_path)
os.mkdir(os.getcwd() + "/Clients")
self.auction_repository.private_key, self.auction_repository.public_key = rsa_kg.generate_key_pair_server(
)
rsa_kg.save_keys_server(self._server_path, self._server_password)
def __init__(self, sock):
self.sock = sock
self.auction_manager = AuctionManagerEntity()
# Create the Public key and Private key
rsa_kg = RSAKGen()
# Check for the existence of the directory
if check_directory(self._server_path):
try:
self.auction_manager.private_key, self.auction_manager.public_key = rsa_kg.load_key_servers(
self._server_path,self._server_password)
self.auction_manager.public_repository_key = rsa_kg.load_public_key(os.getcwd()+"/server",
"repository_server.pem")
except ValueError:
print("The password is incorrect!"
"All information has been deleted and the server will now become instable")
sys.exit(0)
else:
os.mkdir(self._server_path)
self.auction_manager.private_key, self.auction_manager.public_key = rsa_kg.generate_key_pair_server()
rsa_kg.save_keys_server(self._server_path, self._server_password)
# Create the sessionKey with the other Repository
self.create_session_key_server()
def auction_to_view(self, message_json):
username = message_json["username"]
sk = self.auction_repository.session_key_clients[username]
hm = base64.b64decode(message_json["hmac"])
cr = message_json["message"].encode()
if not HMAC_Conf.verify_integrity(hm, cr, sk):
return base64.b64encode(
"{ \"type\" : \"Tempered data\"}".encode('utf-8'))
# Decrypts the message
data = decrypt_data(sk, message_json["message"],
base64.b64decode(message_json["iv"]),
base64.b64decode(message_json["Key"]),
self.auction_repository.private_key)
auction_id = unpadd_data(data, sk)
auction = self.auction_repository.auctions[str(auction_id, "utf-8")]
blockchain = pickle.dumps(auction.blockchain)
# cipher first the blockchain
enc_bl = encrypt_message_sk(
blockchain, self.auction_repository.session_key_clients[username])
message = "{ \"type\" : \"auction_to_view\", \n"
message_int = "{\n\"auction_id\" : \"" + encrypt_message_sk(
auction_id, sk) + "\" ,\n"
message_int += "\"blockchain\" : \"" + enc_bl + "\", \n"
message_int += "\"auct_type\" : \"" + encrypt_message_sk(
auction.type, sk) + "\",\n"
message_int += "\"avail\" : \"" + encrypt_message_sk(
str(auction.open), sk) + "\"\n"
message_int += "}"
rsa_kg = RSAKGen()
client_pub = rsa_kg.load_public_key(os.getcwd() + "/Clients/" +
username)
enc_json_message = encrypt_message_complete(
base64.b64encode(message_int.encode("utf-8")), sk, client_pub)
key = enc_json_message[0]
iv = enc_json_message[2]
data = enc_json_message[1]
hmac = HMAC_Conf.integrity_control(
data.encode(),
self.auction_repository.session_key_clients[username])
message += "\"message\" : \"" + data + "\",\n"
message += "\"Key\" : \"" + str(base64.b64encode(key),
'utf-8') + "\",\n"
message += "\"hmac\" : \"" + str(base64.b64encode(hmac),
'utf-8') + "\", \n"
message += "\"iv\" : \"" + str(base64.b64encode(iv), 'utf-8') + "\"\n"
message += "}"
return base64.b64encode(message.encode("utf-8"))
def create_session_key_server(self, message_json, address):
# decode the params
parameters = pickle.loads(
codecs.decode(message_json["params"].encode(), "base64"))
par = load_pem_parameters(parameters, backend=default_backend())
# Get the server public key
manager_pub = message_json["public"].encode()
save_server_key_client(self._server_path, manager_pub,
"/manager_server.pem")
# Load the key
r = RSAKGen()
self.auction_repository.manager_public = r.load_public_key(
self._server_path, "manager_server.pem")
# Generate our public/private key
private_key = par.generate_private_key()
public_key = private_key.public_key()
# Get the public key from the user
peer_public_key_bytes = message_json["pk"].encode()
peer_public_key = serialization.load_pem_public_key(
peer_public_key_bytes, default_backend())
shared_key = private_key.exchange(peer_public_key)
calendar_date = str(datetime.datetime.now())
derived_key = HKDF(algorithm=hashes.SHA256(),
length=DH_HKDF_KEY,
salt=None,
info=calendar_date.encode(),
backend=default_backend()).derive(shared_key)
# Construct the message with the keys
message = "{ \"type\" : \"session_server\" ,\n"
# Now send our DH public key to the client
pk_dh = public_key.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo).decode(
'utf-8')
message += "\"pk\" : \"" + pk_dh + "\" ,\n"
message += "\"info\" : \"" + calendar_date + "\",\n"
message += "\"server_key\" : \"" + self.auction_repository.public_key.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo).decode(
'utf-8') + "\""
message += "}"
# Set the sessionKey as the bytes of the derived_key
self.auction_repository.session_key_server = derived_key
return base64.b64encode(message.encode('utf-8'))
def create_session_key_server(self):
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
# Our parameters
parameters = dh.generate_parameters(generator=5, key_size=utils_app.DH_KEY_SIZE, backend=default_backend())
# Our private key and public key
private_key = parameters.generate_private_key()
public_key = private_key.public_key()
message = codecs.encode(
pickle.dumps(parameters.parameter_bytes(encoding=Encoding.PEM, format=ParameterFormat.PKCS3)),
"base64").decode()
# message construction
json_message = "{ " + "\n"
json_message += "\"type\" : \"session_server\"," + "\n"
json_message += "\"params\" : \"" + message + "\", \n"
json_message += "\"pk\" : \"" + public_key.public_bytes(encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo)\
.decode('utf-8') + "\","
json_message += "\"public\" : \"" + self.auction_manager.public_key.\
public_bytes(encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo)\
.decode('utf-8') + "\""
json_message += "}"
try:
# send type
sock.sendto(base64.b64encode(json_message.encode('utf-8')), utils_app.AR_ADDRESS)
# Receive type
data, server = sock.recvfrom(utils_app.SOCKET_BYTES)
json_message = json.loads(base64.b64decode(data), strict=False)
# derivate the key
peer_public_key_bytes = json_message["pk"].encode()
peer_public_key = serialization.load_pem_public_key(peer_public_key_bytes, default_backend())
shared_key = private_key.exchange(peer_public_key)
derived_key = cryptography.hazmat.primitives.kdf.hkdf.HKDF(algorithm=hashes.SHA256(),
length=utils_app.DH_HKDF_KEY,
salt=None, info=json_message["info"].encode(),
backend=default_backend()).derive(shared_key)
self.auction_manager.session_key_repository = derived_key
save_server_key_client(self._server_path, json_message["server_key"].encode(), "/repository_server.pem")
#Load the key
r = RSAKGen()
self.auction_manager.public_repository_key = r.load_public_key(os.getcwd()+"/server",
"repository_server.pem")
print("Session Set with repository")
finally:
sock.close()
def list_auctions(self, message_json):
sk = self.auction_repository.session_key_clients[
message_json["username"]]
# VERIFYES THE message integrity
if not HMAC_Conf.verify_function("username", message_json, sk):
return base64.b64encode(
"{ \"type\" : \"Tempered data\"}".encode('utf-8'))
# gets the list of auctions and serializes it
auction_list = self.auction_repository.listAuctions()
serialized = pickle.dumps(auction_list)
# loads the shared secret between the server and the user
username = message_json["username"]
session_key = self.auction_repository.session_key_clients[username]
list_auc = encrypt_message_sk(serialized, session_key)
rsa_kg = RSAKGen()
client_pub = rsa_kg.load_public_key(os.getcwd() + "/Clients/" +
username)
enc_json_message = encrypt_message_complete(
base64.b64encode(list_auc.encode("utf-8")), sk, client_pub)
message = "{ \"type\" : \"list_auctions\" ,\n"
key = enc_json_message[0]
iv = enc_json_message[2]
data = enc_json_message[1]
hmac = HMAC_Conf.integrity_control(
data.encode(),
self.auction_repository.session_key_clients[username])
message += "\"list\" : \"" + data + "\", \n"
message += "\"Key\" : \"" + str(base64.b64encode(key),
'utf-8') + "\",\n"
message += "\"hmac\" : \"" + str(base64.b64encode(hmac),
'utf-8') + "\", \n"
message += "\"iv\" : \"" + str(base64.b64encode(iv), 'utf-8') + "\"\n"
message += "}"
print("auction_repos", message)
return base64.b64encode(message.encode("utf-8"))
def make_bid(self, message_json):
sk = self.auction_repository.session_key_clients[
message_json["username"]]
# VERIFIES THE message integrity
if not HMAC_Conf.verify_function("message", message_json, sk):
return base64.b64encode(
"{ \"type\" : \"Tempered data\"}".encode('utf-8'))
# Decrypts the message
username = message_json["username"]
data = decrypt_data(
self.auction_repository.session_key_clients[username],
message_json["message"], base64.b64decode(message_json["iv"]),
base64.b64decode(message_json["Key"]),
self.auction_repository.private_key)
# Loads the message to json
message_json = json.loads(data, strict="False")
auction_id = unpadd_data(
message_json["auction_id"],
self.auction_repository.session_key_clients[username])
bidder = unpadd_data(
message_json["bidder"],
self.auction_repository.session_key_clients[username])
amount = unpadd_data(
message_json["amount"],
self.auction_repository.session_key_clients[username])
signature = unpadd_data(
message_json["signature"],
self.auction_repository.session_key_clients[username])
certificate = unpadd_data(
message_json["certificate"],
self.auction_repository.session_key_clients[username])
# validate certificate and signature
cert = x509.load_pem_x509_certificate(certificate, default_backend())
citizen = CitizenCard()
if not citizen.check_signature(cert, signature, amount):
return base64.b64encode(
"{ \"type\" : \"No valid signature\"}".encode('utf-8'))
if not citizen.validate_certificate(cert):
return base64.b64encode(
"{ \"type\" : \"No valid certificate\"}".encode('utf-8'))
auction = self.auction_repository.auctions[str(auction_id, "utf-8")]
response = auction.makeBid(bidder, amount, signature, certificate)
if not response:
return base64.b64encode(
"{ \"type\" : \"No success\"}".encode('utf-8'))
# create receipt
rsa_kg = RSAKGen()
block = auction.blockchain[-1]
server_signature = rsa_kg.sign_message(
block.hash, self.auction_repository.private_key)
server_signature = encrypt_message_sk(server_signature, sk)
uuids = encrypt_message_sk(str(uuid.uuid1()), sk)
last = encrypt_message_sk(block.hash, sk)
bidder = encrypt_message_sk(bidder, sk)
receipt = create_receipt(encrypt_message_sk(str(block.timestamp), sk),
encrypt_message_sk(str(auction_id),
sk), server_signature,
encrypt_message_sk(amount, sk),
encrypt_message_sk(signature, sk), uuids,
last, bidder)
# cipher receipt with pub_key
client_pub = rsa_kg.load_public_key(os.getcwd() + "/Clients/" +
username)
enc_json_message = encrypt_message_complete(
base64.b64encode(receipt.encode("utf-8")), sk, client_pub)
key = enc_json_message[0]
iv = enc_json_message[2]
data = enc_json_message[1]
hmac = HMAC_Conf.integrity_control(
data.encode(),
self.auction_repository.session_key_clients[username])
message = "{ \"type\" : \"receipt\", \n"
message += "\"message\" : \"" + data + "\",\n"
message += "\"Key\" : \"" + str(base64.b64encode(key),
'utf-8') + "\",\n"
message += "\"hmac\" : \"" + str(base64.b64encode(hmac),
'utf-8') + "\", \n"
message += "\"iv\" : \"" + str(base64.b64encode(iv), 'utf-8') + "\"\n"
message += "}"
return base64.b64encode(message.encode("utf-8"))