def initiatehandshake(): if request.method == "POST": global nonce, session_key_with_alice, session_key_with_bob response_text = config.get_response("GET", "/getpublickey", {}, config.BOB_PORT) response_text = json.loads(response_text) bob_public_key = response_text["public_key"] c_priv_key = RSA.importKey(charlie_private_key) c_pub_key = RSA.importKey(charlie_public_key) b_pub_key = RSA.importKey(bob_public_key) a_pub_key = RSA.importKey(alice_public_key) message = request.form["message"] message = base64.b64decode(message) message = c_priv_key.decrypt(message) message = json.loads(message) user_name = message['message'] session_key_with_alice = message['session_key'] session_key_with_bob = config.generate_key() data = json.dumps({ "message": str(user_name), "session_key": session_key_with_bob }) data = b_pub_key.encrypt(data, None) data = data[0] data = base64.b64encode(data) data = {"message": data} response_text = config.get_response("POST", "/initiatehandshake", data, config.BOB_PORT) response_text = json.loads(response_text) if response_text['success']: message = response_text['message'] message = config.aes_decrypt(message, session_key_with_bob) message = json.loads(message) nonce = message['nonce'] message = message['message'] data = json.dumps({'message': message, 'nonce': nonce}) encrypted_message = config.aes_encrypt(data, session_key_with_alice) response = make_response( json.dumps({ 'success': True, 'message': encrypted_message }), status.HTTP_200_OK) return response response = make_response( json.dumps({ 'success': False, 'error': 'Handshake Failed' }), status.HTTP_200_OK) return response
def chat_with_bob(): if request.method == "POST": user_name = request.form["user_name"] response_text = config.get_response("GET", "/getpublickey", {}, config.BOB_PORT) response_text = json.loads(response_text) bob_public_key = response_text["public_key"] a_priv_key = RSA.importKey(alice_private_key) a_pub_key = RSA.importKey(alice_public_key) b_pub_key = RSA.importKey(bob_public_key) session_key = config.generate_key() data = json.dumps({"message": str(user_name), "session_key": session_key}) data = b_pub_key.encrypt(data, None) data = data[0] data = base64.b64encode(data) data = {"message": data} response_text = config.get_response("POST", "/initiatehandshake", data, config.BOB_PORT) response_text = json.loads(response_text) if response_text['success']: message = response_text['message'] message = config.aes_decrypt(message, session_key) message = json.loads(message) nonce = message['nonce'] message = message['message'] if message != user_name: response = make_response(json.dumps({'success': False, 'error': "This Isn't Bob."})) return response else: signature = a_priv_key.sign(nonce, None) signature = signature[0] data = json.dumps({'message': message, 'signature': signature}) data = config.aes_encrypt(data, session_key) data = {'message': data} response_text = config.get_response("POST", "/verifyhandshake", data, config.BOB_PORT) response_text = json.loads(response_text) if response_text['success']: response = make_response(json.dumps({'success': True}), status.HTTP_200_OK) return response response = make_response(json.dumps({'success': False, 'error': 'Handshake Failed'}), status.HTTP_200_OK) return response
def verifyhandshake(): if request.method == "POST": global nonce, session_key_with_alice, session_key_with_bob message = request.form['message'] signature = request.form['signature'] signature = (long(signature), ) nonce = int(nonce) a_pub_key = RSA.importKey(alice_public_key) verified = a_pub_key.verify(int(nonce), signature) if verified: signature = signature[0] data = json.dumps({'message': message, 'signature': signature}) data = config.aes_encrypt(data, session_key_with_bob) data = {'message': data} response_text = config.get_response("POST", "/verifyhandshake", data, config.BOB_PORT) response_text = json.loads(response_text) if response_text['success']: response = make_response(json.dumps({'success': True}), status.HTTP_200_OK) return response response = make_response( json.dumps({ 'success': False, 'error': 'Handshake Failed' }), status.HTTP_200_OK) return response
signature = message['signature'] signature = (long(signature), ) nonce = int(nonce) a_pub_key = RSA.importKey(alice_public_key) verified = a_pub_key.verify(int(nonce), signature) response = make_response(json.dumps({'success': verified}), status.HTTP_200_OK) return response @app.route("/getpublickey", methods=["GET"]) def get_public_key(): return make_response(json.dumps({"public_key": bob_public_key})) if __name__ == "__main__": private_key = RSA.generate(config.KEY_SIZE) bob_private_key = private_key.exportKey('PEM') bob_public_key = private_key.publickey().exportKey('PEM') response_text = config.get_response("GET", "/getpublickey", {}, config.ALICE_PORT) response_text = json.loads(response_text) alice_public_key = response_text["public_key"] app.run(config.HOST, config.BOB_PORT) # cookie = {nonce} # userid, Ru<H(pwd, nonce)>