def produce(txt):
# Random 16 bytes.
key = rbytes.count(16)
# Append and prepend some random bytes to the input txt.
before_count = random.randrange(5, 11)
after_count = random.randrange(5, 11)
before = rbytes.count(before_count)
after = rbytes.count(after_count)
plain = before + txt + after
# Pad the plaintext to a blocksize of 16.
plain = pad.pkcs7(plain, 16)
# Choose a mode to use.
mode = 'ecb' if random.randrange(0, 2) == 0 else 'cbc'
# Now do the encryption.
if mode == 'ecb':
cipher = aes.encrypt_ecb(plain, key)
elif mode == 'cbc':
random_iv = rbytes.count(16)
cipher = aes.encrypt_cbc(plain, key, iv=random_iv)
return cipher
def encryption_oracle(m):
key = gen_key()
prefix = os.urandom(random.randint(5, 10))
suffix = os.urandom(random.randint(5, 10))
pt = prefix + m + suffix
#use ECB half the time and CBC the other half
if ord(os.urandom(1)) % 2:
print 'ECB'
return aes.encrypt_ecb(pt, key)
else:
print 'CBC'
iv = os.urandom(16)
#don't return iv (otherwise length will give difference away
return aes.encrypt_cbc(pt, key, iv)[16:]
def encryption_oracle_cbc(m):
iv = os.urandom(16)
return aes.encrypt_cbc(m + secret, key, iv)[16:]
def get_ciphertext(): iv = os.urandom(16) return aes.encrypt_cbc(random.choice(pts), key, iv)
def oracle():
#this value does not matter (as long as it's long enough)
userdata = 'bs' * 48
ct = aes.encrypt_cbc(urllib.quote(userdata), key, key)
#iv = key ==> don't send iv
return ct[16:]
def send_ct(con, msg, key):
'''sends <len> <aes cbc encrypted msg>'''
iv = urandom(16)
return send_len_payload(con, aes.encrypt_cbc(msg, key, iv))
def oracle(userdate): iv = os.urandom(16) return aes.encrypt_cbc(prefix + urllib.quote(userdate) + sufix, key, iv)
def cbc_mac_tag(m, k, iv):
return aes.encrypt_cbc(m, k, iv)[-16:]