def padding_oracle(ciphertext): key, iv = deterministic_random_key_and_iv() try: challenge_10.AES_CBC(key, iv).decrypt(ciphertext) except challenge_09.PaddingError: return False return True
def encryption_oracle(plaintext): key = random_key_or_iv() plaintext = random_padding() + plaintext + random_padding() # Use ECB half the time and CBC the other half of the time if secrets.randbelow(2) == 1: return AES_ECB(key).encrypt(plaintext) else: iv = random_key_or_iv() return challenge_10.AES_CBC(key, iv).encrypt(plaintext)
def read_comment(ciphertext): key = deterministic_random_key() comment = challenge_10.AES_CBC(key, key).decrypt(ciphertext) # Verify ASCII compliance. Any character >= 0x80 will throw an exception # containing the plaintext. try: return comment.decode('ascii') except UnicodeDecodeError: error_msg = comment.decode('iso-8859-1') raise Exception("Invalid Message: {}".format(error_msg)) from None
def get_ciphertext_and_iv(): key, iv = deterministic_random_key_and_iv() ciphertext = challenge_10.AES_CBC(key, iv).encrypt(select_random_string()) return ciphertext, iv
def is_admin_comment(ciphertext): key, iv = deterministic_random_key_and_iv() plaintext = challenge_10.AES_CBC(key, iv).decrypt(ciphertext) return b";admin=true;" in plaintext
def new_comment(user_input): key, iv = deterministic_random_key_and_iv() comment = comment_for(user_input) return challenge_10.AES_CBC(key, iv).encrypt(comment)