def fun1 (self):
msgs = "MDAwMDAwTm93IHRoYXQgdGhlIHBhcnR5IGlzIGp1bXBpbmc=\n\
MDAwMDAxV2l0aCB0aGUgYmFzcyBraWNrZWQgaW4gYW5kIHRoZSBWZWdhJ3MgYXJlIHB1bXBpbic=\n\
MDAwMDAyUXVpY2sgdG8gdGhlIHBvaW50LCB0byB0aGUgcG9pbnQsIG5vIGZha2luZw==\n\
MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==\n\
MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl\n\
MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==\n\
MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==\n\
MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=\n\
MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=\n\
MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93"
return (self.iv,c10.cbcencrypt(base64.b64decode(random.choice(msgs.split("\n"))),self.iv,self.key))
def encryption_oracle(s):
import c10
import random
from Crypto.Cipher import AES
key = open("/dev/urandom").read(16)
prefix = open("/dev/urandom").read(random.randint(5, 10))
suffix = open("/dev/urandom").read(random.randint(5, 10))
s = str(prefix) + str(s) + str(suffix)
if random.randint(0, 1) == 1:
return c10.cbcencrypt(s, open("/dev/urandom").read(16), key)
else:
return AES.new(key, AES.MODE_ECB).encrypt(c10.pkcs7pad(s))
print "############### normal exchange"
##### normal exchange
Alice = c33.dh(random.randint(0,10000),p,g)
# A->B Send "p", "g", "A"
Bob = c33.dh(random.randint(0,10000),p,g)
Bob_secret = Bob.shsecret(Alice.A)
# B->A Send "B"
Alice_secret = Alice.shsecret(Bob.A)
# on Alice
Alice_msg = "Alice says Hi"
Alice_iv = open("/dev/urandom").read(16)
Alice_enc = c10.cbcencrypt(Alice_msg,Alice_iv,c28.sha1(str(Alice_secret)).digest()[:16])
print "msg Alice send: "+Alice_msg
# A->B Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv
# on Bob
print "msg Bob received: "+c10.cbcdecrypt(Alice_enc,Alice_iv,c28.sha1(str(Bob_secret)).digest()[:16])
Bob_msg = "Bob says Hi"
Bob_iv = open("/dev/urandom").read(16)
Bob_enc = c10.cbcencrypt(Bob_msg,Bob_iv,c28.sha1(str(Bob_secret)).digest()[:16])
print "msg Bob send: "+Bob_msg
# B->A Send AES-CBC(SHA1(s)[0:16], iv=random(16), A's msg) + iv
# on Alice
print "msg Alice received: "+c10.cbcdecrypt(Bob_enc,Bob_iv,c28.sha1(str(Alice_secret)).digest()[:16])
# A->M Send "p", "g", "A"
# Mallory changes A to p # A^a mod p = p^a mod p = 0
# M->B Send "p", "g", "p"
Bob = c33.dh(random.randint(0,10000),p,g)
Bob_secret = Bob.shsecret(Alice.A)
# B->M Send "B"
# Mallory changes B to p # B^a mod p = p^a mod p = 0
# M->A Send "p"
Alice_secret = Alice.shsecret(Bob.A)
print "shared key="+binascii.b2a_hex(c28.sha1(str(Alice_secret)).digest()[:16])
print "attack key="+binascii.b2a_hex(c28.sha1(str(1)).digest()[:16])
Alice_msg = "Alice hello OneA"
Alice_iv=''
for i in range(16):
Alice_iv = Alice_iv+chr(random.randint(0,255))
Alice_enc = c10.cbcencrypt(Alice_msg,Alice_iv,c28.sha1(str(Alice_secret)).digest()[:16])
print "Alice发送: "+str(Alice_msg)
# A->M Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv
# the secret is 0
print "攻击者解密出: "+c10.cbcdecrypt(Alice_enc,Alice_iv,c28.sha1(str(1)).digest()[:16])
# M->B Relay that to B
print "Bob收到: "+c10.cbcdecrypt(Alice_enc,Alice_iv,c28.sha1(str(Bob_secret)).digest()[:16])
Bob_msg = "Bob HELLO OneA"
Bob_iv=''
for i in range(16):
Bob_iv = Bob_iv+chr(random.randint(0,255))
Bob_enc = c10.cbcencrypt(Bob_msg,Bob_iv,c28.sha1(str(Bob_secret)).digest()[:16])
print "Bob发送: "+Bob_msg
def exchange(p,g,Mallory=False,mg=0):
# A->B Send "p", "g"
# B->A Send ACK
# with Mallory, M would send NACK to Alice suggesting new p and g values
# and would send the same weak values to Bob, assuming there is no
# check on weak values, the communications would be screwed
if Mallory:
g = mg
Alice = c33.dh(random.randint(0,10000),p,g)
# A->B Send "p", "g", "A"
Bob = c33.dh(random.randint(0,10000),p,g)
Bob_secret = Bob.shsecret(Alice.A)
# B->A Send "B"
Alice_secret = Alice.shsecret(Bob.A)
# on Alice
Alice_msg = "Alice says Hi"
Alice_iv = open("/dev/urandom").read(16)
Alice_enc = c10.cbcencrypt(Alice_msg,Alice_iv,c28.sha1(str(Alice_secret)).digest()[:16])
print "msg Alice send: "+Alice_msg
# A->B Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv
if Mallory:
print "Mallory intercepts:",
if g == 1:
print c10.cbcdecrypt(Alice_enc,Alice_iv,c28.sha1(str(1)).digest()[:16])
elif g == p:
print c10.cbcdecrypt(Alice_enc,Alice_iv,c28.sha1(str(0)).digest()[:16])
elif g == p - 1:
try:
msg = c10.cbcdecrypt(Alice_enc,Alice_iv,c28.sha1(str(1)).digest()[:16])
except:
msg = c10.cbcdecrypt(Alice_enc,Alice_iv,c28.sha1(str(p-1)).digest()[:16])
print msg
else:
print ""
# on Bob
print "msg Bob received: "+c10.cbcdecrypt(Alice_enc,Alice_iv,c28.sha1(str(Bob_secret)).digest()[:16])
Bob_msg = "Bob says Hi"
Bob_iv = open("/dev/urandom").read(16)
Bob_enc = c10.cbcencrypt(Bob_msg,Bob_iv,c28.sha1(str(Bob_secret)).digest()[:16])
print "msg Bob send: "+Bob_msg
# B->A Send AES-CBC(SHA1(s)[0:16], iv=random(16), A's msg) + iv
if Mallory:
print "Mallory intercepts:",
if g == 1:
print c10.cbcdecrypt(Bob_enc,Bob_iv,c28.sha1(str(1)).digest()[:16])
elif g == p:
print c10.cbcdecrypt(Bob_enc,Bob_iv,c28.sha1(str(0)).digest()[:16])
elif g == p - 1:
try:
msg = c10.cbcdecrypt(Bob_enc,Bob_iv,c28.sha1(str(1)).digest()[:16])
except:
msg = c10.cbcdecrypt(Bob_enc,Bob_iv,c28.sha1(str(p-1)).digest()[:16])
print msg
else:
print ""
# on Alice
print "msg Alice received: "+c10.cbcdecrypt(Bob_enc,Bob_iv,c28.sha1(str(Alice_secret)).digest()[:16])