import sys
import bitpy as bp
wl = int(sys.argv[1])
system = bp.get_string('./structures/sha_1.txt')
system = bp.simplify_across(system)
bp.store_string('./structures/sha_1_no_assignments.txt', system)
H = bp.get_words('H.txt')
for i in range(len(H)):
for j in range(wl):
system = system.replace(bp.bit('H' + bp.fi(0) + bp.fi(i), j),\
str(bool(H[i] >> j & 1)).lower())
system = bp.simplify_across(system)
bp.store_string('./structures/sha_1_first_block.txt', system)
W = bp.words_from_string(wl, "Chiara")
system = bp.xor_in_standard_syntax(system)
system = bp.not_in_python_syntax(system)
for i in range(len(W)):
for j in range(wl):
system = system.replace(bp.bit('W' + bp.fi(0) + bp.fi(i), j),\
str(bool(W[i] >> j & 1)))
exec(system)
import sys
import bitpy as bp
# r = desired round
r = sys.argv[1]
system = bp.get_string('structures/gf2/sha_1_separated.txt')
equations = system.split('\n')
last = list(filter(lambda x: x[0:7] == 'T00' + r + '31', equations))[0]
equations = equations[0:equations.index(last) + 1]
xors = list(filter(lambda x: '+' in x, equations))
ands = list(filter(lambda x: '*' in x, equations))
bp.store_string('structures/gf2/sha_1_' + r + '.txt', '\n'.join(ands + xors))
for i in range(40, min(rounds, 60)):
system += [f_ind(f2, i)]
system += [expansion_ind(expansion, i)]
system += [round_ind(addition_K2, addition, wl, rotation_A, i)]
for i in range(60, min(rounds, 80)):
system += [f_ind(f1, i)]
system += [expansion_ind(expansion, i)]
system += [round_ind(addition_K3, addition, wl, rotation_A, i)]
if rounds == 80:
system += [final_addition_ind(addition)]
for i in range(len(system)):
bits = re.findall(r'[A-Za-z][0-9]{4}', system[i])
for b in bits:
system[i] = system[i].replace(b, b[0] + '_' + b[1:])
system = '\n'.join(system)
system = system.replace('_', bp.fi(0))
reassignments = reassignments.split('\n')[::-1]
for r in reassignments:
system = system.replace(r[0:7], r[8:])
system = system.replace('~~', '')
H = bp.get_words('H.txt')
for i in range(len(H)):
for j in range(wl):
system = system.replace(bp.bit('H' + bp.fi(0) + bp.fi(i), j),\
str(bool(H[i] >> j & 1)).lower())
system = bp.cnf_simplify_across(system)
bp.store_string('./structures/sha_1_cnf_opt.txt', system)
import sys
import re
import bitpy as bp
wl = int(sys.argv[1])
n = int(sys.argv[2])
systems = [''] * n
systems[0] = bp.get_string('./structures/sha_1.txt')
system = bp.get_string('./structures/sha_1_handy.txt')
for i in range(1, n):
systems[i] = system.replace('H_', 'Z' + bp.fi(i - 1))
systems[i] = systems[i].replace('_', bp.fi(i))
sha_1 = '\n'.join(systems)
bp.store_string('./structures/sha_1_' + str(n) + '_blocks.txt', sha_1)
H = bp.get_words('H.txt')
for i in range(len(H)):
for j in range(wl):
sha_1 = sha_1.replace(bp.bit('H' + bp.fi(0) + bp.fi(i), j),\
str(bool(H[i] >> j & 1)))
test_check = input('Do you want to test it? [y/n] ')
if test_check == 'y':
low = 56 + (n - 2) * 64
high = 119 + (n - 2) * 64
string = input('Type a string (escapes not allowed) with a x number of ' +\
'chars such that ' + str(low) + ' ≤ x ≤ ' + str(high) + '.\n')
W = bp.words_from_string(32, string)
for i in range(n):
for j in range(16):
steps[j] = steps[j].replace(sides[0], '(' + sides[1] + ')')
addition = list(filter(lambda x: x[3] == '=', steps[1:]))
return '\n'.join(addition)
wl = int(sys.argv[1])
depth = int(sys.argv[2])
K_depth = int(sys.argv[3])
addition = bp.get_string('models/equations/addition.txt')
addition_K0 = bp.get_string('models/equations/addition_K0.txt')
addition_K1 = bp.get_string('models/equations/addition_K1.txt')
addition_K2 = bp.get_string('models/equations/addition_K2.txt')
addition_K3 = bp.get_string('models/equations/addition_K3.txt')
new_addition = simplify_sumalg(wl, addition, depth)
new_addition_K0 = simplify_sumalg(wl, addition_K0, K_depth)
new_addition_K1 = simplify_sumalg(wl, addition_K1, K_depth)
new_addition_K2 = simplify_sumalg(wl, addition_K2, K_depth)
new_addition_K3 = simplify_sumalg(wl, addition_K3, K_depth)
bp.store_string('models/equations/addition' + str(depth) + '.txt',
new_addition)
bp.store_string('models/equations/addition' + str(K_depth) + '_K0.txt',
new_addition_K0)
bp.store_string('models/equations/addition' + str(K_depth) + '_K1.txt',
new_addition_K1)
bp.store_string('models/equations/addition' + str(K_depth) + '_K2.txt',
new_addition_K2)
bp.store_string('models/equations/addition' + str(K_depth) + '_K3.txt',
new_addition_K3)
''' This module takes SHA-1 system and create two files containing the
CNF form. The first (sha_1_total_cnf.txt) contains the ordinary CNF
form, the second (sha_1_cnf.txt) contains the version for speed up
about xor clauses in CryptoMiniSat.
PAY ATTENTION
It could take long time to return.
'''
import sys
import bitpy as bp
preserve_xor = sys.argv[1]
system_file = sys.argv[2]
system = bp.get_string(system_file)
## total
cnf_form = bp.to_total_cnf(system)
bp.store_string('./structures/sha_1_total_cnf.txt', cnf_form)
## preserving xors
if preserve_xor:
cnf_form = bp.to_cnf(system)
bp.store_string('./structures/sha_1_cnf.txt', cnf_form)
for i in range(5):
for j in range(wl):
system = system.replace(\
bp.bit('T' + bp.fi(0) + bp.fi(round_to_attack - 5 + i), j),\
str(bool(states[i] >> j & 1)).lower())
fixed, system = bp.fix_bits(wl, system, preimage_length)
system = bp.cnf_simplify_across(system)
system = system.replace('~', '-')
system = system.replace('|', ' ')
system = system.replace('Xor(', 'x')
system = system.replace(')', '')
system = system.replace(',', ' ')
system = system.replace('\n', ' 0\n') + ' 0'
clauses = system.split('\n')
variables = []
for i in range(len(clauses)):
vars_temp = re.findall(r'[A-Za-z][0-9]{6}', clauses[i])
for v in vars_temp:
if v not in variables:
variables += [v]
for i in range(len(variables)):
system = system.replace(variables[i], str(i + 1))
num_of_variables = len(variables)
num_of_clauses = len(system.split('\n'))
sat_form = 'p cnf ' + str(num_of_variables) + ' ' + str(num_of_clauses) + '\n'
sat_form += system
bp.store_string('./temp/fixed_' + file_id + '.txt', '\n'.join(fixed))
bp.store_string('./temp/variables_' + file_id + '.txt', '\n'.join(variables))
bp.store_string('./temp/to_solve_' + file_id + '.cnf', sat_form)
import sys
import bitpy as bp
addition_depth = int(sys.argv[1])
addition_K_depth = int(sys.argv[2])
## functions F to cnf
for i in range(3):
model = bp.get_string('./models/equations/f' + str(i) + '.txt')
cnf = bp.to_total_cnf(model)
bp.store_string('./models/cnf/f' + str(i) + '.txt', cnf)
## expansion to cnf
model = bp.get_string('./models/equations/expansion.txt')
cnf = bp.to_total_cnf(model)
bp.store_string('./models/cnf/expansion.txt', cnf)
## addition to cnf
if addition_depth != 0:
model = bp.get_string('./models/equations/addition' + str(addition_depth) + '.txt')
cnf = bp.to_total_cnf(model)
bp.store_string('./models/cnf/addition' + str(addition_depth) + '.txt', cnf)
## addition with K to cnf
if addition_K_depth != 0:
for i in range(4):
model = bp.get_string('./models/equations/addition' + str(addition_K_depth) + '_K' + str(i) + '.txt')
return '\n'.join(bp.wequal(w0, w1))
wl = int(sys.argv[1])
rW = int(sys.argv[2])
rB = int(sys.argv[3])
# Relabeling states
r = [''] * 5
r[0] = relabel_model(wl, 'Aa', 'Tb', 0)
r[1] = relabel_model(wl, 'Ba', 'Ab', 0)
r[2] = relabel_model(wl, 'Ca', 'Bb', rB)
r[3] = relabel_model(wl, 'Da', 'Cb', 0)
r[4] = relabel_model(wl, 'Ea', 'Db', 0)
bp.store_string('./models/equations/state_relabel.txt', '\n'.join(r))
# Round functions f
F = bp.word(wl, 'F')
B = bp.word(wl, 'B')
C = bp.word(wl, 'C')
D = bp.word(wl, 'D')
f0 = bp.wequal(F, bp.wor([bp.wand([B, C], 1), bp.wand([bp.wnot(B), D], 1)]))
bp.store_string('./models/equations/f0.txt', '\n'.join(f0))
f1 = bp.wequal(F, bp.wxor([B, C, D]))
bp.store_string('./models/equations/f1.txt', '\n'.join(f1))
f2 = bp.wequal(F, bp.wor(\
[bp.wand([B, C], 1), bp.wand([B, D], 1), bp.wand([C, D], 1)]))
bp.store_string('./models/equations/f2.txt', '\n'.join(f2))
import sys
import bitpy as bp
def sum_to_xor(expr):
variables = expr.split('+')
if variables[-1] == '1':
variables = variables[:-1]
variables[-1] = '~' + variables[-1]
variables = ','.join(variables)
return variables.join(('Xor(', ')'))
to_translate = sys.argv[1]
translated = sys.argv[2]
system = bp.get_string(to_translate)
system = system.replace('*', '&')
equations = system.split('\n')
for i in range(len(equations)):
if '+' in equations[i]:
equations[i] = equations[i][:8] + sum_to_xor(equations[i][8:])
system = '\n'.join(equations)
xor_ext_form = bp.to_cnf(system)
bp.store_string(translated, xor_ext_form)
ipad = [0x36363636] * 16
k = 0
for i in range(key_length):
k = k << 8 ^ ord(key_string[i])
k <<= (512 - 8 * key_length)
W = [(k >> (15 - i) * 32 ^ ipad[i]) & 0xffffffff for i in range(16)]
for i in range(len(H)):
for j in range(wl):
system0 = system0.replace(bp.bit('H_' + bp.fi(i), j),\
str(bool(H[i] >> j & 1)).lower())
system0 = system0.replace('_', bp.fi(0))
system0 = bp.simplify_across(system0)
bp.store_string('./structures/hmac_sha_1_00.txt', system0)
system0 = bp.xor_in_standard_syntax(system0)
system0 = bp.not_in_python_syntax(system0)
for i in range(16):
for j in range(wl):
system0 = system0.replace(bp.bit('W' + bp.fi(0) + bp.fi(i), j),\
str(bool(W[i] >> j & 1)))
## system1
W = bp.words_from_string(wl, value)
W[15] = 0x00000230
for i in range(len(W)):
for j in range(wl):
system1 = system1.replace(bp.bit('W_' + bp.fi(i), j),\
sol_bits = sol_bits.split()
var_lines = bp.get_string('./temp/variables_' + file_id + '.txt').split('\n')
fin_dict = {}
for i in range(len(sol_bits)):
if var_lines[i][0] == 'W':
fin_dict[var_lines[i]] = sol_bits[i]
var_lines = bp.get_string('./temp/fixed_' + file_id + '.txt').split('\n')
for i in range(len(var_lines)):
if var_lines[i][0] == '0':
fin_dict[var_lines[i][1:]] = '-1'
else:
fin_dict[var_lines[i][1:]] = '1'
preimage = ''
for i in range(wl * 16):
if fin_dict[bp.bit('W' + bp.fi(0) + bp.fi(i // wl),\
(wl - 1) - i % wl)][0] == '-':
preimage += '0'
else:
preimage += '1'
M1 = int(preimage, base = 2)
W = [0] * 16
for i in range(16):
W[i] = (M1 >> (15 - i) * wl) & 0xFFFFFFFF
W[i] = f'{W[i]:08x}'
bp.store_string('./temp/preimage_' + file_id + '.txt', '\n'.join(W))
for i in range(20, min(rounds, 40)):
system += [f_ind(f1, i)]
system += [expansion_ind(expansion, i)]
system += [round_ind(addition_K1, addition, wl, rotation_A, i)]
system += [state_relabel_ind(relabel, i)]
for i in range(40, min(rounds, 60)):
system += [f_ind(f2, i)]
system += [expansion_ind(expansion, i)]
system += [round_ind(addition_K2, addition, wl, rotation_A, i)]
system += [state_relabel_ind(relabel, i)]
for i in range(60, min(rounds, 80)):
system += [f_ind(f1, i)]
system += [expansion_ind(expansion, i)]
system += [round_ind(addition_K3, addition, wl, rotation_A, i)]
system += [state_relabel_ind(relabel, i)]
if rounds == 80:
system += [final_addition_ind(addition)]
for i in range(len(system)):
bits = re.findall(r'[A-Za-z][0-9]{4}', system[i])
for b in bits:
system[i] = system[i].replace(b, b[0] + '_' + b[1:])
system = '\n'.join(system)
system0 = system.replace('_', bp.fi(0))
temp, relabels = bp.get_assignments(system0)
bp.store_string('./structures/relabels.txt', '\n'.join(relabels))
bp.store_string('./structures/sha_1.txt', system0)
bp.store_string('./structures/sha_1_handy.txt', system)