def checkOutcomeOfAuction(sock, clientCert, symmetricEncryption, sessionId):
clientId, clientName = getUserInfo(clientCert)
mutex.acquire()
if clientId not in CLIENTS.keys():
mutex.release()
sendEncryptedMessage(sock, {"participatedAuctionList": []},
symmetricEncryption, sessionId, 4)
return
auctions = []
for auctionId in CLIENTS[clientId]:
auctions.append(CLOSED_AUCTIONS[auctionId].getAuctionInfo())
sendEncryptedMessage(sock, {"participatedAuctionList": auctions},
symmetricEncryption, sessionId, 4)
mandatoryFields = []
mandatoryFields.append(Field("auctionId", int))
msg = readMessage(sock, mandatoryFields, symmetricEncryption, sessionId, 5)
auctionId = msg["auctionId"]
if auctionId not in CLOSED_AUCTIONS.keys():
mutex.release()
sendEncryptedMessage(sock, {"error": "Invalid auctionId"}, sessionId,
6)
return
sendEncryptedMessage(sock, CLOSED_AUCTIONS[auctionId].getWinnerBid(),
symmetricEncryption, sessionId, 6)
mutex.release()
def validateAuction(sock, symmetricEncryption, sessionId):
auctionsList = []
mutex.acquire()
for auction in OPEN_AUCTIONS.values():
auctionsList.append(auction.getAuctionInfo())
for auction in CLOSED_AUCTIONS.values():
auctionsList.append(auction.getAuctionInfo())
#sends list with all closed auctions
sendEncryptedMessage(sock, {"auctionList": auctionsList},
symmetricEncryption, sessionId, 4)
mandatoryFields = []
mandatoryFields.append(Field("auctionId", int))
msg = readMessage(sock, mandatoryFields, symmetricEncryption, sessionId, 5)
auctionId = msg["auctionId"]
if auctionId in OPEN_AUCTIONS.keys():
sendEncryptedMessage(
sock, {"allData": OPEN_AUCTIONS[auctionId].getAllData()},
symmetricEncryption, sessionId, 6)
elif auctionId in CLOSED_AUCTIONS.keys():
sendEncryptedMessage(
sock, {"allData": CLOSED_AUCTIONS[auctionId].getAllData()},
symmetricEncryption, sessionId, 6)
else:
sendEncryptedMessage(sock, {"error": "No auction with that id"},
symmetricEncryption, sessionId, 6)
mutex.release()
def validateReceipt(sock, clientCert, symmetricEncryption, sessionId):
mandatoryFields = []
mandatoryFields.append(Field("auctionId", int))
msg = readMessage(sock, mandatoryFields, symmetricEncryption, sessionId, 4)
auctionId = msg["auctionId"]
clientId, clientName = getUserInfo(clientCert)
mutex.acquire()
if clientId not in CLIENTS.keys() or auctionId not in CLIENTS[clientId]:
mutex.release()
sendEncryptedMessage(
sock, {"error": "No participation of the client on the auction"},
symmetricEncryption, sessionId, 5)
return
if auctionId in OPEN_AUCTIONS.keys():
sendEncryptedMessage(
sock, {"dataToValidate": OPEN_AUCTIONS[auctionId].getAllData()},
symmetricEncryption, sessionId, 5)
elif auctionId in CLOSED_AUCTIONS.keys():
sendEncryptedMessage(
sock, {"dataToValidate": CLOSED_AUCTIONS[auctionId].getAllData()},
symmetricEncryption, sessionId, 5)
else:
sendEncryptedMessage(sock, {"error": "No auction with that id"},
symmetricEncryption, sessionId, 5)
mutex.release()
def listAllClientBids(sock, symmetricEncryption, sessionId):
mandatoryFields = []
mandatoryFields.append(Field("clientId", str))
msg = readMessage(sock, mandatoryFields, symmetricEncryption, sessionId, 4)
clientId = msg["clientId"]
mutex.acquire()
if clientId not in CLIENTS.keys():
sendEncryptedMessage(sock, {"auctionsList": []}, symmetricEncryption,
sessionId, 5)
else:
auctionsList = []
for auctionId in CLIENTS[clientId]:
bids = []
if auctionId in OPEN_AUCTIONS.keys():
bids = OPEN_AUCTIONS[auctionId].getClientBids(clientId)
else: #auctionId in CLOSED_AUCTIONS.keys()
bids = CLOSED_AUCTIONS[auctionId].getClientBids(clientId)
if bids != []:
auctionsList.append(bids)
sendEncryptedMessage(sock, {"auctionsList": auctionsList},
symmetricEncryption, sessionId, 5)
mutex.release()
def to_entity(entity_type, value, fields):
"""
Internal API: Returns an instance of an entity of type entity_type with the specified value and fields (stored in
dict). This is only used by the local transform runner as a helper function.
"""
e = entity_type(value)
for k, v in fields.iteritems():
e.fields[k] = Field(k, v)
return e
def closeAuction(sock, clientCert, symmetricEncryption, sessionId):
# Gets clientID to receive open auctions
clientID, clientName = getUserInfo(clientCert)
# Verify if the current client has auction open
if clientID not in CLIENTS.keys() or len(CLIENTS[clientID]) == 0:
sendEncryptedMessage(sock, {"openAuctionList": []},
symmetricEncryption, sessionId, 4)
return
# Gather info of all open auction of the client
openAuctionList = []
for auctionId in CLIENTS[clientID]:
openAuctionList.append(AUCTIONS[auctionId].auctionInfo)
# Sends open auctions
sendEncryptedMessage(sock, {'openAuctionList': openAuctionList},
symmetricEncryption, sessionId, 4)
# Gets auctionID to close
mandatoryFields = []
mandatoryFields.append(Field("auctionID", int))
msgRecv = readMessage(sock, mandatoryFields, symmetricEncryption,
sessionId, 5)
auctionID = msgRecv['auctionID']
auction = AUCTIONS[auctionID]
# Connect to the repository to close the auction
sock2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock2.connect(constants.REPOSITORY_ADDR)
symmetricEncryption2, sessionId2 = handshake.clientHandShake(
sock2, privateKey, certificate, POSSIB_CIPHERS, POSSIB_MODES,
POSSIB_PADDING)
key = b64encode(auction.key).decode("ascii")
# Sends the request to Repository
sendEncryptedMessage(sock2, {'action': ActionTypes.CLOSE_AUCTION},
symmetricEncryption2, sessionId2, 3)
sendEncryptedMessage(sock2, {
"auctionID": auctionID,
'key': key
}, symmetricEncryption2, sessionId2, 4)
# Receive the winner bid
msgRecv = readMessage(sock2, [], symmetricEncryption2, sessionId2, 5)
# Send the winner bid to the creator
sendEncryptedMessage(sock, {
'winnerBid': msgRecv["winnerBid"],
"key": key
}, symmetricEncryption, sessionId, 6)
# Remove local info
AUCTIONS.pop(auctionID)
CLIENTS[clientID].remove(auctionID)
def run(self):
symmetricEncryption, clientCert, clientIsServer, sessionId = handshake.serverHandShake(
self.conn, privateKey, certificate)
mandatoryFields = []
mandatoryFields.append(Field("action", int))
msg = readMessage(self.conn, mandatoryFields, symmetricEncryption,
sessionId, 3)
# client's requests
if msg["action"] == ActionTypes.CREATE_AUCTION:
if clientIsServer:
sendEncryptedMessage(self.conn,
{"error": "Action not allowed"},
symmetricEncryption, sessionId, 4)
return
createAuction(self.conn, clientCert, symmetricEncryption,
sessionId)
elif msg["action"] == ActionTypes.CLOSE_AUCTION:
if clientIsServer:
sendEncryptedMessage(self.conn,
{"error": "Action not allowed"},
symmetricEncryption, sessionId, 4)
return
closeAuction(self.conn, clientCert, symmetricEncryption, sessionId)
# repository's requests
elif msg["action"] == ActionTypes.VALIDATE_BID:
if not clientIsServer:
sendEncryptedMessage(self.conn,
{"error": "Action not allowed"},
symmetricEncryption, sessionId, 4)
return
validateBid(self.conn, symmetricEncryption, sessionId)
elif msg["action"] == ActionTypes.CLOSE_AUCTION_TIME:
if not clientIsServer:
sendEncryptedMessage(self.conn,
{"error": "Action not allowed"},
symmetricEncryption, sessionId, 4)
return
closeAuctionTime(self.conn, symmetricEncryption, sessionId)
else:
sendEncryptedMessage(self.conn, {"error": "Invalid action field"},
symmetricEncryption, sessionId, 4)
self.conn.close()
def listAllAuctionBids(sock, symmetricEncryption, sessionId):
mutex.acquire()
auctionList = []
for auction in OPEN_AUCTIONS.values():
auctionList.append(auction.getAuctionInfo())
for auction in CLOSED_AUCTIONS.values():
auctionList.append(auction.getAuctionInfo())
sendEncryptedMessage(sock, {"auctionList": auctionList},
symmetricEncryption, sessionId, 4)
mandatoryFields = []
mandatoryFields.append(Field("auctionID", int))
msg = readMessage(sock, mandatoryFields, symmetricEncryption, sessionId, 5)
auctionId = msg["auctionID"]
bidsList = []
if auctionId in OPEN_AUCTIONS.keys():
sendEncryptedMessage(
sock, {"bidsList": OPEN_AUCTIONS[auctionId].getAuctionBids()},
symmetricEncryption, sessionId, 6)
elif auctionId in CLOSED_AUCTIONS.keys():
auction = CLOSED_AUCTIONS[auctionId]
bids = auction.getAuctionBids()
key = auction.getKey()
toSend = {"bidsList": bids, "key": key}
sendEncryptedMessage(sock, toSend, symmetricEncryption, sessionId, 6)
else:
sendEncryptedMessage(sock, {"error": "No auction with that auctionID"},
symmetricEncryption, sessionId, 6)
mutex.release()
def serverHandShake(sock, privKey, cert):
"""
Function used by server's. They execute them
after they receive a connection from a client
to negotiate encrypt parameter and to
authenticate both sides
"""
mandatoryFields = []
verification = lambda v: all(type(s) == str for s in v)
mandatoryFields.append(Field("supportedCiphers", list, verification))
mandatoryFields.append(Field("supportedModes", list, verification))
mandatoryFields.append(Field("supportedPaddings", list, verification))
msg = readMessage(sock, mandatoryFields)
cipherAlg = ""
for cipher in POSSIB_CIPHERS:
if cipher in msg["supportedCiphers"]:
cipherAlg = cipher
break
if cipherAlg == "":
raise UnkownAlgorithm("Unkown cipher algorithm")
mode = paddingAlg = ""
authEncryption = True
if cipher not in POSSIB_AUTH_CIPHERS:
authEncryption = False
if cipher != "ChaCha20":
for mod in POSSIB_MODES:
if mod in msg["supportedModes"] and not (cipher == "CAST5"
and mode == "CTR"):
mode = mod
break
if mode == "":
raise UnkownAlgorithm("Unkown cipher mode")
if mode == "CBC":
for padd in POSSIB_PADDING:
if padd in msg["supportedPaddings"]:
paddingAlg = padd
break
if paddingAlg == "":
raise UnkownAlgorithm("Unkown padding algorithm")
authenticationData = urandom(64)
sendMessage(
sock, {
"chosenCipher":
cipherAlg,
"chosenMode":
mode,
"chosenPadding":
paddingAlg,
"certificate":
b64encode(cert.public_bytes(Encoding.PEM)).decode("ascii"),
"authenticationData":
b64encode(authenticationData).decode("ascii")
})
##################################################
mandatoryFields = []
mandatoryFields.append(BytesField("sharedKey"))
mandatoryFields.append(BytesField("sessionId"))
mandatoryFields.append(BytesField("certificate"))
mandatoryFields.append(BytesField("signature"))
mandatoryFields.append(BytesField("macKey"))
msg = readMessage(sock, mandatoryFields)
certBytes = b64decode(bytes(msg["certificate"], "ascii"))
valid, cause, clientCert, clientIsServer = assymetric.validCertificate(
certBytes)
if not valid:
raise InvalidCertificate("Client's invalid certificate")
if clientIsServer:
publicKeyClient = assymetric.PublicKeyServer(clientCert.public_key())
else:
publicKeyClient = assymetric.PublicKeyClient(clientCert.public_key())
signature = b64decode(bytes(msg["signature"], "ascii"))
try:
publicKeyClient.verify(authenticationData, signature)
except InvalidSignature:
raise FailedClientAuthentication("Failed to authenticate client")
try:
sharedKey = privKey.decrypt(b64decode(bytes(msg["sharedKey"],
"ascii")))
sessionId = privKey.decrypt(b64decode(bytes(msg["sessionId"],
"ascii")))
sessionId = int(sessionId.hex(), 16)
macKey = None
if not authEncryption:
macKey = privKey.decrypt(b64decode(bytes(msg["macKey"], "ascii")))
except:
raise FailedDescrytingKeys("Decryption of shared keys failed")
symmetricEncryption = None
if cipherAlg in POSSIB_AUTH_CIPHERS:
symmetricEncryption = symetric.AuthenticatedEncryption(
getattr(aead, cipherAlg), sharedKey)
else:
if cipherAlg == "ChaCha20":
symmetricEncryption = symetric.StreamEncryption(sharedKey, macKey)
else:
if mode == "CBC":
symmetricEncryption = symetric.PaddedEncryption(
getattr(algorithms, cipherAlg), sharedKey, macKey,
getattr(padding, paddingAlg))
else:
symmetricEncryption = symetric.NonPaddedEncryption(
getattr(algorithms, cipherAlg), sharedKey, macKey,
getattr(modes, mode))
##################################################
mandatoryFields = []
mandatoryFields.append(Field("handshake finish", str))
msg = readMessage(sock, mandatoryFields, symmetricEncryption, sessionId, 1)
sendEncryptedMessage(sock, {"handshake finish": ""}, symmetricEncryption,
sessionId, 2)
return symmetricEncryption, clientCert, clientIsServer, sessionId
def clientHandShake(sock, privKey, cert, supportCiphers, supportModes,
supportPadding):
"""
"""
sendMessage(
sock, {
"supportedCiphers": supportCiphers,
"supportedModes": supportModes,
"supportedPaddings": supportPadding
})
##################################################
mandatoryFields = []
mandatoryFields.append(BytesField("certificate"))
mandatoryFields.append(BytesField("authenticationData"))
mandatoryFields.append(Field("chosenCipher", str))
mandatoryFields.append(Field("chosenMode", str))
mandatoryFields.append(Field("chosenPadding", str))
msg = readMessage(sock, mandatoryFields)
certBytes = b64decode(bytes(msg["certificate"], "ascii"))
valid, cause, serverCert, clientIsServer = assymetric.validCertificate(
certBytes)
if not clientIsServer:
raise Exception #TODO
if not valid:
raise InvalidCertificate("Server's certificate not valid")
cipher = msg["chosenCipher"]
mode = msg["chosenMode"]
paddingAlg = msg["chosenPadding"]
sharedKey = macKey = symmetricEncryption = None
if cipher not in supportCiphers:
raise UnkownAlgorithm("Unkown cipher algorithm")
elif cipher in POSSIB_AUTH_CIPHERS: #see if it's a cipher algorithm with authentication
cipher = getattr(aead, cipher)
sharedKey = urandom(32)
symmetricEncryption = symetric.AuthenticatedEncryption(
cipher, sharedKey)
else: # if it's a valid algorithm
macKey = urandom(SHA256.digest_size)
if cipher == "ChaCha20":
cipher = algorithms.ChaCha20
sharedKey = urandom(int(max(cipher.key_sizes) / 8))
symmetricEncryption = symetric.StreamEncryption(sharedKey, macKey)
else:
cipher = getattr(algorithms, cipher)
if cipher == algorithms.AES:
sharedKey = urandom(32)
else:
sharedKey = urandom(int(max(cipher.key_sizes) / 8))
if mode not in supportModes:
raise UnkownAlgorithm("Unkown cipher mode")
elif mode == "CBC":
if paddingAlg not in supportPadding:
raise UnkownAlgorithm("Unkown padding algorithm")
symmetricEncryption = symetric.PaddedEncryption(
cipher, sharedKey, macKey, getattr(padding, paddingAlg))
else:
symmetricEncryption = symetric.NonPaddedEncryption(
cipher, sharedKey, macKey, getattr(modes, mode))
publicKeyServer = assymetric.PublicKeyServer(serverCert.public_key())
encryptedSharedKey = publicKeyServer.encrypt(sharedKey)
authenticationData = b64decode(bytes(msg["authenticationData"], "ascii"))
signature = privKey.sign(authenticationData)
sessionId = urandom(32)
encryptedSessionId = publicKeyServer.encrypt(sessionId)
msg = {
"sharedKey": b64encode(encryptedSharedKey).decode("ascii"),
"sessionId": b64encode(encryptedSessionId).decode("ascii"),
"certificate":
b64encode(cert.public_bytes(Encoding.PEM)).decode("ascii"),
"signature": b64encode(signature).decode("ascii")
}
if macKey != None:
encryptedMacKey = publicKeyServer.encrypt(macKey)
msg["macKey"] = b64encode(encryptedMacKey).decode("ascii")
else:
msg["macKey"] = ""
sendMessage(sock, msg)
##################################################
sessionId = int(sessionId.hex(), 16)
sendEncryptedMessage(sock, {"handshake finish": ""}, symmetricEncryption,
sessionId, 1)
##################################################
mandatoryFields = []
mandatoryFields.append(Field("handshake finish", str))
msg = readMessage(sock, mandatoryFields, symmetricEncryption, sessionId, 2)
return symmetricEncryption, sessionId
def local_transform_runner(transform,
value,
fields,
params,
config,
message_writer=message):
"""
Internal API: The local transform runner is responsible for executing the local transform.
Parameters:
transform - The name or module of the transform to execute (i.e sploitego.transforms.whatismyip).
value - The input entity value.
fields - A dict of the field names and their respective values.
params - The extra parameters passed into the transform via the command line.
config - The Canari configuration object.
message_writer - The message writing function used to write the MaltegoTransformResponseMessage to stdout. This is
can either be the console_message or message functions. Alternatively, the message_writer function
can be any callable object that accepts the MaltegoTransformResponseMessage as the first parameter
and writes the output to a destination of your choosing.
This helper function is only used by the run-transform, debug-transform, and dispatcher commands.
"""
transform_module = None
try:
transform_module = transform if isinstance(
transform, ModuleType) else import_transform(transform)
if os.name == 'posix' and hasattr(transform_module.dotransform,
'privileged') and os.geteuid():
rc = sudo(sys.argv)
if rc == 1:
message_writer(MaltegoTransformResponseMessage() +
UIMessage('User cancelled transform.'))
elif rc == 2:
message_writer(
MaltegoTransformResponseMessage() +
UIMessage('Too many incorrect password attempts.'))
elif rc:
message_writer(MaltegoTransformResponseMessage() +
UIMessage('Unknown error occurred.'))
sys.exit(rc)
if hasattr(transform_module, 'onterminate'):
onterminate(transform_module.onterminate)
else:
transform_module.__setattr__('onterminate',
lambda *args: sys.exit(-1))
input_entity = to_entity(guess_entity_type(transform_module, fields),
value, fields)
msg = transform_module.dotransform(
MaltegoTransformRequestMessage(
entities=[input_entity.__entity__],
parameters={
'canari.local.arguments':
Field(name='canari.local.arguments', value=params)
}),
MaltegoTransformResponseMessage()) if get_transform_version(
transform_module.dotransform
) == 2 else transform_module.dotransform(
MaltegoTransformRequestMessage(
entities=[input_entity.__entity__],
parameters={
'canari.local.arguments':
Field(name='canari.local.arguments', value=params)
}), MaltegoTransformResponseMessage(), config)
if isinstance(msg, MaltegoTransformResponseMessage):
message_writer(msg)
elif isinstance(msg, basestring):
raise MaltegoException(msg)
else:
raise MaltegoException(
'Could not resolve message type returned by transform.')
except MaltegoException, me:
croak(str(me), message_writer)
def run(self):
symmetricEncryption, clientCert, clientIsServer, sessionId = handshake.serverHandShake(
self.conn, privateKey, certificate)
mandatoryFields = []
mandatoryFields.append(Field("action", int))
msg = readMessage(self.conn, mandatoryFields, symmetricEncryption,
sessionId, 3)
#client's requests
if msg["action"] == ActionTypes.NEW_BID:
if clientIsServer:
sendEncryptedMessage(self.conn,
{"error": "Action not allowed"},
symmetricEncryption, sessionId, 4)
return
newBid(self.conn, clientCert, symmetricEncryption, sessionId)
elif msg["action"] == ActionTypes.LIST_ALL_OPEN_AUCTIONS:
if clientIsServer:
sendEncryptedMessage(self.conn,
{"error": "Action not allowed"},
symmetricEncryption, sessionId, 4)
return
listAllOpenAuctions(self.conn, symmetricEncryption, sessionId)
elif msg["action"] == ActionTypes.LIST_ALL_CLOSED_AUCTIONS:
if clientIsServer:
sendEncryptedMessage(self.conn,
{"error": "Action not allowed"},
symmetricEncryption, sessionId, 4)
return
listAllClosedAuctions(self.conn, symmetricEncryption, sessionId)
elif msg["action"] == ActionTypes.LIST_ALL_CLIENT_BIDS:
if clientIsServer:
sendEncryptedMessage(self.conn,
{"error": "Action not allowed"},
symmetricEncryption, sessionId, 4)
return
listAllClientBids(self.conn, symmetricEncryption, sessionId)
elif msg["action"] == ActionTypes.LIST_ALL_AUCTION_BIDS:
if clientIsServer:
sendEncryptedMessage(self.conn,
{"error": "Action not allowed"},
symmetricEncryption, sessionId, 4)
return
listAllAuctionBids(self.conn, symmetricEncryption, sessionId)
elif msg["action"] == ActionTypes.CHECK_OUTCOME_OF_AUCTION:
if clientIsServer:
sendEncryptedMessage(self.conn,
{"error": "Action not allowed"},
symmetricEncryption, sessionId, 4)
return
checkOutcomeOfAuction(self.conn, clientCert, symmetricEncryption,
sessionId)
elif msg["action"] == ActionTypes.VALIDATE_RECEIPT:
if clientIsServer:
sendEncryptedMessage(self.conn,
{"error": "Action not allowed"},
symmetricEncryption, sessionId, 4)
return
validateReceipt(self.conn, clientCert, symmetricEncryption,
sessionId)
elif msg["action"] == ActionTypes.VALIDATE_AUCTION:
if clientIsServer:
sendEncryptedMessage(self.conn,
{"error": "Action not allowed"},
symmetricEncryption, sessionId, 4)
return
validateAuction(self.conn, symmetricEncryption, sessionId)
#manager's requests
elif msg["action"] == ActionTypes.CREATE_AUCTION:
if not clientIsServer:
sendEncryptedMessage(self.conn,
{"error": "Action not allowed"},
symmetricEncryption, sessionId, 4)
return
createAuction(self.conn, symmetricEncryption, sessionId)
elif msg["action"] == ActionTypes.CLOSE_AUCTION:
if not clientIsServer:
sendEncryptedMessage(self.conn,
{"error": "Action not allowed"},
symmetricEncryption, sessionId, 4)
return
closeAuction(self.conn, symmetricEncryption, sessionId)
else:
sendEncryptedMessage(self.conn, {"error": "Invalid action field"},
symmetricEncryption, sessionId, 4)
return
self.conn.close()
def newBid(sock, clientCert, symmetricEncryption, sessionId):
mutex.acquire()
openAuctionList = []
for auction in OPEN_AUCTIONS.values():
openAuctionList.append(auction.getAuctionInfo())
#Sends lists with all open auctions
sendEncryptedMessage(sock, {"openAuctionList": openAuctionList},
symmetricEncryption, sessionId, 4)
mandatoryFields = []
mandatoryFields.append(Field("auctionId", int))
mandatoryFields.append(Field("timestamp", int))
mandatoryFields.append(Field("amount", float))
mandatoryFields.append(BytesField("nonce"))
mandatoryFields.append(BytesField("signature"))
msg = readMessage(sock, mandatoryFields, symmetricEncryption, sessionId, 5)
auctionId = msg["auctionId"]
if auctionId not in OPEN_AUCTIONS.keys():
sendEncryptedMessage(sock, {"error": "No auction with that id"},
symmetricEncryption, sessionId, 6)
return
clientId, clientName = getUserInfo(clientCert)
clientCertBytes = b64encode(clientCert.public_bytes(
Encoding.PEM)).decode("ascii")
bid = {
"timestamp": msg["timestamp"],
"clientId": clientId,
"clientName": clientName,
"clientCertificate": clientCertBytes,
"amount": msg["amount"],
"nonce": msg["nonce"],
"auctionId": auctionId,
"auctionType": OPEN_AUCTIONS[auctionId].getAuctionInfo()["type"]
}
if not PublicKeyClient(clientCert.public_key()).verify(
calculateHashOverFields(bid),
b64decode(bytes(msg["signature"], "ascii"))):
mutex.release()
sendEncryptedMessage(sock, {"error": "Invalid signature over bid"},
symmetricEncryption, sessionId, 6)
return
sock2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock2.connect(constants.MANAGER_ADDR)
symmetricEncryption2, sessionId2 = handshake.clientHandShake(
sock2, privateKey, certificate, POSSIB_CIPHERS, POSSIB_MODES,
POSSIB_PADDING)
sendEncryptedMessage(sock2, {"action": ActionTypes.VALIDATE_BID},
symmetricEncryption2, sessionId2, 3)
toValidate = {"clientValidation": msg["signature"], "bid": bid}
auction = OPEN_AUCTIONS[auctionId]
if auction.getAuctionInfo()["type"] == "BlindShown":
if clientId not in CLIENTS_BIDS_COUNT.keys():
CLIENTS_BIDS_COUNT[clientId] = dict()
if auctionId not in CLIENTS_BIDS_COUNT[clientId].keys():
CLIENTS_BIDS_COUNT[clientId][auctionId] = 0
toValidate["countBidsDone"] = CLIENTS_BIDS_COUNT[clientId][auctionId]
sendEncryptedMessage(sock2, toValidate, symmetricEncryption2, sessionId2,
4)
exceptionHappen = False
try:
msg = readMessage(sock2, [], symmetricEncryption2, sessionId2, 5)
except ErrorMessage as e:
exceptionHappen = True
sendEncryptedMessage(sock, {"error": e.args[0]}, symmetricEncryption,
sessionId, 6)
if exceptionHappen:
mutex.release()
return
sock2.close()
blockNum, prevHash = auction.lastBlockInfo()
blockNum += 1
cryptopuzzleChallange = {
"difficulty": auction.getAuctionInfo()["difficulty"],
"toMine": {
"blockNumber": blockNum,
"previousHash": prevHash,
"data": msg
}
}
sendEncryptedMessage(sock, cryptopuzzleChallange, symmetricEncryption,
sessionId, 6)
mandatoryFields = []
mandatoryFields.append(BytesField("hash"))
mandatoryFields.append(BytesField("nonce"))
msg = readMessage(sock, mandatoryFields, symmetricEncryption, sessionId, 7,
60)
blockInfo = cryptopuzzleChallange["toMine"]
blockInfo["nonce"] = msg["nonce"]
valid, cause = verifyCryptopuzzle(msg["hash"], blockInfo,
auction.getAuctionInfo()["difficulty"])
if not valid:
mutex.release()
sendEncryptedMessage(sock, {"error": cause}, symmetricEncryption,
sessionId, 8)
return
if auction.getAuctionInfo()["type"] == "BlindShown":
if clientId not in CLIENTS.keys():
CLIENTS[clientId] = set()
CLIENTS[clientId].add(auctionId)
auction.newBid(blockInfo["data"], blockInfo["nonce"], msg["hash"])
receipt = auction.getAllData()
signature = privateKey.sign(calculateHashOverFields({"": receipt}))
signature = b64encode(signature).decode("ascii")
cert = b64encode(certificate.public_bytes(Encoding.PEM)).decode("ascii")
sendEncryptedMessage(sock, {
"receipt": receipt,
"signature": signature,
"certificate": cert
}, symmetricEncryption, sessionId, 8)
mutex.release()
def createAuction(sock, clientCert, symmetricEncryption, sessionId):
# Receive auction info
mandatoryFields = []
mandatoryFields.append(Field("name", str))
mandatoryFields.append(Field("duration", int))
mandatoryFields.append(Field("description", str))
mandatoryFields.append(
Field("type", str,
lambda v: v in ["English", "BlindShown", "BlindHidden"]))
mandatoryFields.append(Field("difficulty", int))
mandatoryFields.append(Field("baseAmount", float))
mandatoryFields.append(Field("validationCode", str))
mandatoryFields.append(Field("modificationCode", str))
msgRecv = readMessage(sock, mandatoryFields, symmetricEncryption,
sessionId, 4)
for code in [msgRecv["validationCode"], msgRecv["modificationCode"]]:
with open("dummy.py", "w+") as f:
f.write(code)
#check syntax of validation code
try:
py_compile.compile("dummy.py", doraise=True)
except py_compile.PyCompileError:
sendEncryptedMessage(
sock, {"error": "Dynamic code with syntatic errors"},
symmetricEncryption, sessionId, 5)
return
# Insert client id and name to auction info
clientId, clientName = getUserInfo(clientCert)
msgRecv["creatorId"] = clientId
msgRecv["creatorName"] = clientName
# Connect to repository to instantiate an auction
sock2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock2.connect(constants.REPOSITORY_ADDR)
symmetricEncryption2, sessionId2 = handshake.clientHandShake(
sock2, privateKey, certificate, POSSIB_CIPHERS, POSSIB_MODES,
POSSIB_PADDING)
# Send auction info
sendEncryptedMessage(sock2, {"action": ActionTypes.CREATE_AUCTION},
symmetricEncryption2, sessionId2, 3)
sendEncryptedMessage(sock2, msgRecv, symmetricEncryption2, sessionId2, 4)
# Receive auction Id of the created auction
msgRecv2 = readMessage(sock2, [], symmetricEncryption2, sessionId2, 5)
auctionId = msgRecv2['auctionId']
creationTime = msgRecv2['creationTime']
# Create some info on manager to show if users want to close auctions
auctionInfo = msgRecv
auctionInfo["auctionId"] = auctionId
auctionInfo["creationTime"] = creationTime
# Save that info
AUCTIONS[auctionId] = Auction(auctionInfo, msgRecv["validationCode"],
msgRecv["modificationCode"],
msgRecv["baseAmount"])
if clientId in CLIENTS.keys():
CLIENTS[clientId].append(auctionId)
else:
CLIENTS[clientId] = [auctionId]
sendEncryptedMessage(sock, {
"auctionId": auctionId,
"creationTime": creationTime
}, symmetricEncryption, sessionId, 5)