def isMessageValidMAC(message, signature):
sha1 = SHA1()
print(sha1.hash(KEY + b"A" * 100))
hash = binascii.hexlify(sha1.hash(KEY + message))
print(hash)
print(signature)
return hash == signature
def main(random):
h = struct.unpack("IIIII", random[L - 40:L - 20])
randhasher = random[L - 40:L - 20] + random[:44]
sha1_hash = SHA1()
for x in xrange(5):
sha1_hash.hash_[x] = h[x]
res = sha1_hash.sha1(randhasher, len(randhasher))
(v0, v1, v2, v3, v4) = struct.unpack("<IIIII", unhexlify(res))
outstr = hx(v0) + hx(v1) + hx(v2) + hx(v3) + hx(v4)
return outstr
def test_blocks_of(self):
message = b''.join(
[str(chr((i + 0x30) % 0x7f)).encode() for i in range(64 * 10)])
block_list = []
for block in SHA1.blocks_of(message):
with self.subTest(block=block):
self.assertEqual(len(block), 64)
block_list.append(block)
self.assertEqual(message, b''.join(block_list))
def step_by_step(key, data, additional_data):
s = SHA1()
print_internal_state("init", s)
s.update(key)
print_internal_state("key", s)
s.update(data)
print_internal_state("data", s)
s.update(padding(len(key) + len(data)))
print_internal_state("padding", s)
s.update(additional_data)
print_internal_state("additional", s)
print("final", s.finalize().hex())
def extend(data, signature, total_length, additional_data):
h = [int(signature[8 * i:8 * i + 8], 16) for i in range(5)]
s = SHA1(h, total_length + len(padding(total_length)))
s.update(additional_data)
return data + padding(total_length) + additional_data, s.finalize().hex()
def verify_signature(secret, data, signature):
s = SHA1()
valid_sig = s.update(secret).update(data).finalize().hex()
return valid_sig == signature
def sign(secret, data):
s = SHA1()
s.update(secret).update(data)
return s.finalize().hex()
def secureMessageWithMAC(message):
sha1 = SHA1()
hash = binascii.hexlify(sha1.hash(KEY + message))
return (message, hash)
def test_f_3(self):
self.assertEqual(0, SHA1.f(53, 0, 0, 0))
def test_leftrotate(self):
self.assertEqual(0xfe0154ab, SHA1.leftrotate(0xff00aa55, 1))
def test_padding_1(self):
m = b'abcde'
new_m = SHA1.pad_message(m)
correct_padded_message = b'abcde\x80' + b'\x00' * 57 + b'\x28'
self.assertEqual(m, new_m[:len(m)])
self.assertEqual(new_m, correct_padded_message)
def test_padding_message_length_field_2(self):
l = 0xFFFF
m = b'A' * l
new_m = SHA1.pad_message(m)
self.assertEqual(m, new_m[:l])
self.assertEqual(struct.unpack('>Q', new_m[-8:])[0], len(m) * 8)
def test_padding_length_2(self):
l = 64
m = b'A' * l
new_m = SHA1.pad_message(m)
self.assertEqual(m, new_m[:l])
self.assertEqual(len(new_m) % 64, 0)
def test_f_4(self):
self.assertEqual(0, SHA1.f(79, 0xBEADF00D, 0xDEADBEEF, 0x60004EE2))
def test_f_1(self):
self.assertEqual(0, SHA1.f(11, 0xFFFFFFFF, 0, 0xDEADBEEF))
from sha1 import SHA1
from sha1_length_attack import SHA1_Length_Attack
print('----------------------------------------')
# Test data
KEY = "python"
TEXT = "kucku2003@github"
EXTENDED_TEXT = "sha1_length_attack"
print(f'KEY: "{KEY}"')
print(f'TEXT: "{TEXT}"')
print(f'EXTENDED_TEXT: "{EXTENDED_TEXT}"')
print('----------------------------------------')
# Calculate MAC using my own SHA1 implementation "SHA1" from sha1.py
sha1 = SHA1()
original_MAC = sha1.getHash(KEY, TEXT)
print(f'sha1.py MAC (KEY + TEXT): {original_MAC}')
print('')
print('----------------------------------------')
print(
'Using original TEXT (without knowing KEY) and the original MAC value above to calculate new MAC and new TEXT used for the attack'
)
print(
'Length of key is unknown, and has to be wourked out someway, mostly brute-forced'
)
print('Assume, that we already know key length "len(KEY)"')
print('----------------------------------------')
# ----------------------------------------
sha1_attack = SHA1_Length_Attack()
new_TEXT, new_MAC = sha1_attack.attackSHA1(TEXT, original_MAC, EXTENDED_TEXT,
def test_f_2(self):
self.assertEqual(0, SHA1.f(23, 0xBEADF00D, 0x60004EE2, 0xDEADBEEF))
