Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import random
- import json
- import hashlib
- import binascii
- from ecdsa import VerifyingKey, SigningKey, NIST384p
- from bottle import route, run, request, debug
- from bottle import hook
- from bottle import response as resp
- def secure_rng(seed):
- # Taken from the internet - probably secure
- p = 2147483647
- g = 2255412
- keyLength = 32
- ret = 0
- ths = round((p-1)/2)
- for i in range(keyLength*8):
- seed = pow(g,seed,p)
- if seed > ths:
- ret += 2**i
- return ret
- # Set up the keys
- seed = random.getrandbits(128)
- rand = secure_rng(seed) + 1
- sk = SigningKey.from_secret_exponent(rand, curve=NIST384p)
- vk = sk.get_verifying_key()
- def verify(msg, sig):
- try:
- return vk.verify(binascii.unhexlify(sig), msg)
- except:
- return False
- def sign(msg):
- return binascii.hexlify(sk.sign(msg))
- @route('/', method='GET')
- def web_root():
- response = {'response':
- {
- 'Application': 'Kryptos Test Web Server',
- 'Status': 'running'
- }
- }
- return json.dumps(response, sort_keys=True, indent=2)
- @route('/eval', method='POST')
- def evaluate():
- try:
- req_data = request.json
- expr = req_data['expr']
- sig = req_data['sig']
- # Only signed expressions will be evaluated
- if not verify(str.encode(expr), str.encode(sig)):
- return "Bad signature"
- result = eval(expr, {'__builtins__':None}) # Builtins are removed, this should be pretty safe
- response = {'response':
- {
- 'Expression': expr,
- 'Result': str(result)
- }
- }
- return json.dumps(response, sort_keys=True, indent=2)
- except:
- return "Error"
- # Generate a sample expression and signature for debugging purposes
- @route('/debug', method='GET')
- def debug():
- expr = '2+2'
- sig = sign(str.encode(expr))
- response = {'response':
- {
- 'Expression': expr,
- 'Signature': sig.decode()
- }
- }
- return json.dumps(response, sort_keys=True, indent=2)
- run(host='127.0.0.1', port=81, reloader=True)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
