def close(self): self.open = False rsa_kg = RSAKGen() for bid in self.blockchain: # decipher first sym key with second sym key fernet = Fernet(bid.second_symmetric_key) sym_key = fernet.decrypt(bid.first_symmetric_key) # decipher first sym key with auction pub key sym_key = rsa_kg.decipher_with_private_key( self.auction_private_key, sym_key) bid.first_symmetric_key = sym_key
def close_auction(self, client, message_json): # VERIFYES THE message integrity if not HMAC_Conf.verify_function("message", message_json, client.session_key_repository): return base64.b64encode("{ \"type\" : \"Tempered data\"}".encode('utf-8')) # Decrypts the message data = decrypt_data(client.session_key_repository, message_json["message"], base64.b64decode(message_json["iv"]), base64.b64decode(message_json["Key"]), client.private_key) data_json = json.loads(data, strict="false") something = unpadd_data(data_json["blockchain"], client.session_key_repository) blockchain = pickle.loads(something) rsa_kg = RSAKGen() for bid in blockchain: bid.second_symmetric_key = rsa_kg.decipher_with_private_key(client.auction_private_key, bid.second_symmetric_key) bloc_chain_enc = encrypt_message_sk(pickle.dumps(blockchain), client.session_key_repository) message = "{ \"type\" : \"close_auction\" ,\n" message += "\"username\" : \"" + client.username + "\" ,\n" message_interm = "{" message_interm += "\"auction_id\" : \"" + data_json["auction_id"]+ "\",\n" message_interm += "\"blockchain\" : \"" + bloc_chain_enc + "\"\n" message_interm += "}" enc_json_message = encrypt_message_complete(base64.b64encode(message_interm.encode("utf-8")), client.session_key_repository, client.server_public_key_repository) key = enc_json_message[0] iv = enc_json_message[2] data = enc_json_message[1] hmac = HMAC_Conf.integrity_control(data.encode(),client.session_key_repository) message += "\"message\" : \"" + data + "\" ,\n" message += "\"Key\" : \"" + str(base64.b64encode(key), 'utf-8') + "\",\n" message += "\"iv\" : \"" + str(base64.b64encode(iv), 'utf-8') + "\",\n" message += "\"hmac\" : \"" + str(base64.b64encode(hmac), 'utf-8') + "\"\n" message += "}" return message, AR_ADDRESS
def create_session_key_user_server(self, message_json): rsa_kg = RSAKGen() username = message_json["username"] random_key = rsa_kg.decipher_with_private_key( self.auction_repository.private_key, base64.b64decode(message_json["random_key"])) # VERIFIES THE message integrity if not HMAC_Conf.verify_function("message", message_json, random_key): return base64.b64encode( "{ \"type\" : \"Tempered data\"}".encode('utf-8')) # Decrypts the message data = decrypt_data("", message_json["message"], base64.b64decode(message_json["iv"]), base64.b64decode(message_json["Key"]), self.auction_repository.private_key) # Loads the messsage to json internal_json = json.loads(data, strict="False") rsa_signature = internal_json["rsa_signature"] certificate = base64.b64decode( internal_json["certificate"] ) #PENSO QUE TENS DE FAZER BASE64 DECODE digital_signature = base64.b64decode( internal_json["digital_signature"]) citizen = CitizenCard() certificate = x509.load_pem_x509_certificate(certificate, default_backend()) if not citizen.check_signature( certificate, digital_signature, self.auction_repository.clients_challenge[base64.b64decode( message_json["username"])].encode()): return base64.b64encode( "{ \"type\" : \"No valid signature\"}".encode('utf-8')) if not citizen.validate_certificate(certificate): return base64.b64encode( "{ \"type\" : \"No valid certificate\"}".encode('utf-8')) self.auction_repository.clients_challenge.pop( base64.b64decode(message_json["username"])) # Get the parameters parameters = pickle.loads( codecs.decode(message_json["params"].encode(), "base64")) par = load_pem_parameters(parameters, backend=default_backend()) # Generate our DH public/private key private_key = par.generate_private_key() public_key = private_key.public_key() # Get the public key bytes from the user peer_public_key_bytes = message_json["pk"].encode() peer_public_key = serialization.load_pem_public_key( peer_public_key_bytes, default_backend()) calendar_date = str(datetime.datetime.now()) shared_key = private_key.exchange(peer_public_key) derived_key = HKDF(algorithm=hashes.SHA256(), length=DH_HKDF_KEY, salt=None, info=calendar_date.encode("utf-8"), backend=default_backend()).derive(shared_key) # Construct the message with the keys message = "{ \"type\" : \"session\" ,\n" # Now send our DH public key to the client pk_dh = public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo).decode( 'utf-8') message += "\"pk\" : \"" + pk_dh + "\" ,\n" message += "\"info\" : \"" + calendar_date + "\",\n" message += "\"server_key\" : \"" + self.auction_repository.public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo).decode( 'utf-8') + "\"" message += "}" # Get the username and set the session key self.auction_repository.session_key_clients[ message_json["username"]] = derived_key # Get the public key from the user key from the user _dir = os.getcwd() + "/Clients/" + message_json["username"] if not check_directory(_dir): if not check_directory(os.getcwd() + "/Clients"): os.mkdir(os.getcwd() + "/Clients") os.mkdir(_dir) with open(_dir + "/" + PK_NAME, "wb") as file: file.write(message_json["public"].encode("utf-8")) return base64.b64encode(message.encode('utf-8'))