def expansion_ind(model, i):
model = model.replace('a', bp.fi(i))
model = model.replace('b', bp.fi(i - 3))
model = model.replace('c', bp.fi(i - 8))
model = model.replace('d', bp.fi(i - 14))
model = model.replace('e', bp.fi(i - 16))
return model
def initial_relabel(wl):
state_words = ['A', 'B', 'C', 'D', 'E']
initial_relabels = [''] * 5
for i in range(5):
w0 = bp.word(wl, state_words[i] + bp.fi(0))
w1 = bp.word(wl, 'H' + bp.fi(i))
relabels = bp.wequal(w0, w1)
initial_relabels[i] = '\n'.join(relabels)
return '\n'.join(initial_relabels)
def f_ind(f, i):
i = bp.fi(i)
f = f.replace('F', 'F' + i)
f = f.replace('B', 'B' + i)
f = f.replace('C', 'C' + i)
f = f.replace('D', 'D' + i)
return f
def round_ind(addition_K, addition, wl, rotation_A, i):
i = bp.fi(i)
add_K = addition_K.replace('x', 'E' + i)
add_K = add_K.replace('c', 'a' + i)
add_K = add_K.replace('z', 'b' + i)
add_0 = addition.replace('x', 'b' + i)
add_0 = add_0.replace('y', 'F' + i)
add_0 = add_0.replace('c', 'c' + i)
add_0 = add_0.replace('z', 'd' + i)
add_1 = addition
add_1 = add_1.replace('x', 'd' + i)
A = bp.word(wl, 'A' + i, rotation_A)
for j in range(wl):
add_1 = add_1.replace('y' + bp.fi(j), A[j])
add_1 = add_1.replace('c', 'e' + i)
add_1 = add_1.replace('z', 'f' + i)
add_2 = addition.replace('x', 'f' + i)
add_2 = add_2.replace('y', 'W' + i)
add_2 = add_2.replace('c', 'g' + i)
add_2 = add_2.replace('z', 'T' + i)
return '\n'.join((add_K, add_0, add_1, add_2))
import sys
import bitpy as bp
wl = int(sys.argv[1])
system = bp.get_string('./structures/sha_1.txt')
system = bp.simplify_across(system)
bp.store_string('./structures/sha_1_no_assignments.txt', system)
H = bp.get_words('H.txt')
for i in range(len(H)):
for j in range(wl):
system = system.replace(bp.bit('H' + bp.fi(0) + bp.fi(i), j),\
str(bool(H[i] >> j & 1)).lower())
system = bp.simplify_across(system)
bp.store_string('./structures/sha_1_first_block.txt', system)
W = bp.words_from_string(wl, "Chiara")
system = bp.xor_in_standard_syntax(system)
system = bp.not_in_python_syntax(system)
for i in range(len(W)):
for j in range(wl):
system = system.replace(bp.bit('W' + bp.fi(0) + bp.fi(i), j),\
str(bool(W[i] >> j & 1)))
exec(system)
import sys
import re
import bitpy as bp
wl = int(sys.argv[1])
n = int(sys.argv[2])
systems = [''] * n
systems[0] = bp.get_string('./structures/sha_1.txt')
system = bp.get_string('./structures/sha_1_handy.txt')
for i in range(1, n):
systems[i] = system.replace('H_', 'Z' + bp.fi(i - 1))
systems[i] = systems[i].replace('_', bp.fi(i))
sha_1 = '\n'.join(systems)
bp.store_string('./structures/sha_1_' + str(n) + '_blocks.txt', sha_1)
H = bp.get_words('H.txt')
for i in range(len(H)):
for j in range(wl):
sha_1 = sha_1.replace(bp.bit('H' + bp.fi(0) + bp.fi(i), j),\
str(bool(H[i] >> j & 1)))
test_check = input('Do you want to test it? [y/n] ')
if test_check == 'y':
low = 56 + (n - 2) * 64
high = 119 + (n - 2) * 64
string = input('Type a string (escapes not allowed) with a x number of ' +\
'chars such that ' + str(low) + ' ≤ x ≤ ' + str(high) + '.\n')
W = bp.words_from_string(32, string)
for i in range(n):
for j in range(16):
def state_relabel_ind(model, i):
model = model.replace('b', bp.fi(i))
model = model.replace('a', bp.fi(i + 1))
return model
W = bp.get_words(string)
system = bp.get_string('./structures/sha_1.txt')
system = bp.xor_in_standard_syntax(system)
system = bp.not_in_python_syntax(system)
#K = bp.get_words('K.txt')
H = bp.get_words('H.txt')
#for i in range(len(K)):
# for j in range(wl):
# system = system.replace(bp.bit('K' + bp.fi(i), j),\
# str(bool(K[i] >> j & 1)))
for i in range(len(H)):
for j in range(wl):
system = system.replace(bp.bit('H' + bp.fi(0) + bp.fi(i), j),\
str(bool(H[i] >> j & 1)))
for i in range(len(W)):
for j in range(wl):
system = system.replace(bp.bit('W' + bp.fi(0) + bp.fi(i), j),\
str(bool(W[i] >> j & 1)))
exec(system)
W += [0] * 64
for i in range(16, 80):
for j in range(wl):
W[i] ^= eval(bp.bit('W' + bp.fi(0) + bp.fi(i), j)) << j
bp.store_words('./maps/block_' + file_id + '.txt', wl, W)
states = [0] * 82
for i in range(40, min(rounds, 60)):
system += [f_ind(f2, i)]
system += [expansion_ind(expansion, i)]
system += [round_ind(addition_K2, addition, wl, rotation_A, i)]
for i in range(60, min(rounds, 80)):
system += [f_ind(f1, i)]
system += [expansion_ind(expansion, i)]
system += [round_ind(addition_K3, addition, wl, rotation_A, i)]
if rounds == 80:
system += [final_addition_ind(addition)]
for i in range(len(system)):
bits = re.findall(r'[A-Za-z][0-9]{4}', system[i])
for b in bits:
system[i] = system[i].replace(b, b[0] + '_' + b[1:])
system = '\n'.join(system)
system = system.replace('_', bp.fi(0))
reassignments = reassignments.split('\n')[::-1]
for r in reassignments:
system = system.replace(r[0:7], r[8:])
system = system.replace('~~', '')
H = bp.get_words('H.txt')
for i in range(len(H)):
for j in range(wl):
system = system.replace(bp.bit('H' + bp.fi(0) + bp.fi(i), j),\
str(bool(H[i] >> j & 1)).lower())
system = bp.cnf_simplify_across(system)
bp.store_string('./structures/sha_1_cnf_opt.txt', system)
import sys
import re
import bitpy as bp
system_path = sys.argv[1]
system = bp.get_string(system_path)
system = system.replace('*', '&')
system = system.replace('+', '^')
string = sys.argv[2]
W = bp.words_from_string(32, string)
for i in range(len(W)):
for j in range(32):
system = system.replace(bp.bit('W' + bp.fi(0) + bp.fi(i), j),\
str(bool(W[i] >> j & 1)))
exec(system)
digest = 0
for j in range(32):
digest ^= eval(bp.bit('Z' + bp.fi(0) + bp.fi(0), j)) << j + 128
digest ^= eval(bp.bit('Z' + bp.fi(0) + bp.fi(1), j)) << j + 96
digest ^= eval(bp.bit('Z' + bp.fi(0) + bp.fi(2), j)) << j + 64
digest ^= eval(bp.bit('Z' + bp.fi(0) + bp.fi(3), j)) << j + 32
digest ^= eval(bp.bit('Z' + bp.fi(0) + bp.fi(4), j)) << j
print(f'{digest:040x}')
import sys
import re
import bitpy as bp
wl = int(sys.argv[1])
round_to_attack = int(sys.argv[2])
file_id = sys.argv[3]
preimage_length = int(sys.argv[4])
cnf = sys.argv[5]
system = bp.get_string(cnf)
clauses = system.split('\n')
last_carry = 'g' + bp.fi(0) + bp.fi(round_to_attack - 1) + bp.fi(wl - 2)
last_clause = list(filter(lambda x: last_carry in x, clauses))[-1]
system = '\n'.join(clauses[0:clauses.index(last_clause) + 1])
states = bp.get_words('./maps/states_' + file_id + '.txt')
for i in range(5):
states[i] = states[round_to_attack - 4 + i] >> (wl * 4)
for i in range(5):
for j in range(wl):
system = system.replace(\
bp.bit('T' + bp.fi(0) + bp.fi(round_to_attack - 5 + i), j),\
str(bool(states[i] >> j & 1)).lower())
fixed, system = bp.fix_bits(wl, system, preimage_length)
system = bp.cnf_simplify_across(system)
system = system.replace('~', '-')
system = system.replace('|', ' ')
system = system.replace('Xor(', 'x')
import re
import sys
import bitpy as bp
## data retrieve
wl = int(sys.argv[1])
value = sys.argv[2]
key_string = sys.argv[3]
key_length = len(key_string)
system = bp.get_string('./structures/sha_1_handy.txt')
system0 = system1 = system2 = system3 = system
H = bp.get_words('H.txt')
key = [bp.bit('K' + bp.fi(0) + bp.fi(i // wl), wl - 1 - i % wl)\
for i in range(wl * 16)]
## system0
ipad = [0x36363636] * 16
k = 0
for i in range(key_length):
k = k << 8 ^ ord(key_string[i])
k <<= (512 - 8 * key_length)
W = [(k >> (15 - i) * 32 ^ ipad[i]) & 0xffffffff for i in range(16)]
for i in range(len(H)):
for j in range(wl):
system0 = system0.replace(bp.bit('H_' + bp.fi(i), j),\
str(bool(H[i] >> j & 1)).lower())
sol_bits = sol_bits.split()
var_lines = bp.get_string('./temp/variables_' + file_id + '.txt').split('\n')
fin_dict = {}
for i in range(len(sol_bits)):
if var_lines[i][0] == 'W':
fin_dict[var_lines[i]] = sol_bits[i]
var_lines = bp.get_string('./temp/fixed_' + file_id + '.txt').split('\n')
for i in range(len(var_lines)):
if var_lines[i][0] == '0':
fin_dict[var_lines[i][1:]] = '-1'
else:
fin_dict[var_lines[i][1:]] = '1'
preimage = ''
for i in range(wl * 16):
if fin_dict[bp.bit('W' + bp.fi(0) + bp.fi(i // wl),\
(wl - 1) - i % wl)][0] == '-':
preimage += '0'
else:
preimage += '1'
M1 = int(preimage, base = 2)
W = [0] * 16
for i in range(16):
W[i] = (M1 >> (15 - i) * wl) & 0xFFFFFFFF
W[i] = f'{W[i]:08x}'
bp.store_string('./temp/preimage_' + file_id + '.txt', '\n'.join(W))
for i in range(20, min(rounds, 40)):
system += [f_ind(f1, i)]
system += [expansion_ind(expansion, i)]
system += [round_ind(addition_K1, addition, wl, rotation_A, i)]
system += [state_relabel_ind(relabel, i)]
for i in range(40, min(rounds, 60)):
system += [f_ind(f2, i)]
system += [expansion_ind(expansion, i)]
system += [round_ind(addition_K2, addition, wl, rotation_A, i)]
system += [state_relabel_ind(relabel, i)]
for i in range(60, min(rounds, 80)):
system += [f_ind(f1, i)]
system += [expansion_ind(expansion, i)]
system += [round_ind(addition_K3, addition, wl, rotation_A, i)]
system += [state_relabel_ind(relabel, i)]
if rounds == 80:
system += [final_addition_ind(addition)]
for i in range(len(system)):
bits = re.findall(r'[A-Za-z][0-9]{4}', system[i])
for b in bits:
system[i] = system[i].replace(b, b[0] + '_' + b[1:])
system = '\n'.join(system)
system0 = system.replace('_', bp.fi(0))
temp, relabels = bp.get_assignments(system0)
bp.store_string('./structures/relabels.txt', '\n'.join(relabels))
bp.store_string('./structures/sha_1.txt', system0)
bp.store_string('./structures/sha_1_handy.txt', system)
