-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathclient.py
More file actions
150 lines (112 loc) · 3.97 KB
/
client.py
File metadata and controls
150 lines (112 loc) · 3.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
from decimal import Decimal
import requests
import rsa
import hashlib
import hmac
import json
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad
from base64 import b64encode, b64decode
BASE_URL = 'http://localhost:8000/api'
ENCODING = 'utf-8'
token = ''
def decrypt_message(encrypted_message, username):
with open(f'master_secrets/symmetric_keys/{username}.txt', 'rb') as f:
session_key = f.read()
with open(f'master_secrets/mac_keys/{username}.txt', 'rb') as f:
mac_key = f.read()
message_cipher = AES.new(session_key, AES.MODE_CBC, iv=session_key)
message = unpad(message_cipher.decrypt(b64decode(encrypted_message)), AES.block_size).decode(encoding=ENCODING)
message_dict = json.loads(message)
message_to_verify = message_dict['message']
mac_to_verify = message_dict['mac']
test_mac = hmac.new(mac_key, message_to_verify.encode(), hashlib.sha256).hexdigest()
if not hmac.compare_digest(test_mac, mac_to_verify):
print('mac does not match\n')
else:
print('mac matches')
print(f'response: {message_to_verify}\n')
def login():
global token
username = input('enter your username\n')
password = input('enter your password\n')
body = {
'username': username,
'password': password
}
headers = {"Content-Type": "application/json; charset=utf-8"}
result = requests.post(f'{BASE_URL}/login', headers=headers, json=body)
if result.ok:
token = result.json()['token']
print(token)
print()
return username
else:
print(result.json()['errors'])
print()
def signup():
username = input('enter your username\n')
password = input('enter your password\n')
balance = input('enter your balance\n')
body = {
'username': username,
'password': password,
'balance': balance
}
headers = {"Content-Type": "application/json; charset=utf-8"}
result = requests.post(f'{BASE_URL}/signup', headers=headers, json=body)
if not result.ok:
print(result.json()['errors'])
print()
def do_transaction(inp, username):
session_key = ''
mac_key = ''
with open(f'master_secrets/symmetric_keys/{username}.txt', 'rb') as f:
session_key = f.read()
with open(f'master_secrets/mac_keys/{username}.txt', 'rb') as f:
mac_key = f.read()
ENCODING = 'utf-8'
msg = inp
message_to_encrypt = json.dumps({
'message': msg,
'mac': hmac.new(mac_key, msg.encode(), hashlib.sha256).hexdigest()
})
cipher = AES.new(session_key, AES.MODE_CBC, iv=session_key)
encrypted_input_message = b64encode(cipher.encrypt(pad(bytes(message_to_encrypt, encoding=ENCODING), AES.block_size))).decode()
body = {
'encrypted_message': encrypted_input_message,
}
headers = {
'Content-Type': 'application/json',
'Authorization': f'Bearer {token}'
}
result = requests.post(f'{BASE_URL}/transaction', headers=headers, json=body)
if result.ok:
print(result.json())
encrypted_message = result.json()['encrypted_response']
print()
decrypt_message(encrypted_message, username)
else:
print(result.json()['errors'])
print()
operation = None
while operation != 'exit':
operation = input('login/signup or exit\n')
match operation:
case 'login':
username = login()
case 'signup':
signup()
continue
case _:
continue
inp = None
while inp != 'exit':
if username == 'admin':
inp = input('input an admin command (read x) or exit\n')
if inp != 'exit':
do_transaction(inp, username)
else:
inp = input('input a transaction (deposit x, withdraw x, or inquire) or exit\n')
if inp.startswith('deposit') or inp.startswith('withdraw') or inp.startswith('inquire'):
do_transaction(inp, username)