def test_challenge16(self): key = encryption_key() init_vector = iv() ciphertext = encrypt_kvps('admin=true', key, init_vector) self.assertFalse( is_admin(ciphertext, key, init_vector), 'Should have escaped the =' ) # 0 1 2 3 4 # comment1=cooking%20MCs;userdata=true;comment2=%20like%20a%20pound%20of%20bacon # comment1=cooking%20MCs;us;admin=true;comment2=%20like%20a%20pound%20of%20bacon ciphertext = encrypt_kvps('true', key, init_vector) # Block 0 ciphertext is XOR'ed against the decryptor output of block 1 # to produce the plaintext output. Twiddling a bit in the block 0 # ciphertext will invert the corresponding bit in the block 1 plaintext combined = zip( ciphertext[:16], '%20MCs;userdata=', '%20MCs;us;admin=' ) twiddled = ''.join( twiddle_bits(iv_byte, actual_char, target_char) for iv_byte, actual_char, target_char in combined ) ciphertext = twiddled + ciphertext[16:] self.assertTrue(is_admin(ciphertext, key, init_vector))
def encrypt_random_choice(key): selection = secret_messages[random.randint(0, len(secret_messages) - 1)] init_vector = iv() return ( cbc_encrypt(selection, key, init_vector), init_vector, )
def multimode_oracle(plaintext, mode): tampered = random_padding() + plaintext + random_padding() key = encryption_key() if mode == 'ecb': return ecb_encrypt(tampered, key) elif mode == 'cbc': return cbc_encrypt(tampered, key, iv()) raise ValueError('Unknown mode')
def echo(self, message): s = pow(self.A, self.b, self.p) key = Sha1Hash().update(to_bytes_le(s)).digest()[:16] ciphertext = message[:-16] iv = message[-16:] plaintext = crypto.cbc_decrypt(ciphertext, key, iv) self.messages.append(plaintext) iv = crypto.iv() return crypto.cbc_encrypt(plaintext, key, iv) + iv
def send(self, receiver, message): self.messages.append(message) B = receiver.handshake(self.p, self.g, self.A) s = pow(B, self.a, self.p) key = Sha1Hash().update(to_bytes_le(s)).digest()[:16] iv = crypto.iv() ciphertext = crypto.cbc_encrypt(message, key, iv) + iv returned_message = receiver.echo(ciphertext) returned_ciphertext = returned_message[:-16] returned_iv = returned_message[-16:] decrypted = crypto.cbc_decrypt( returned_ciphertext, key, returned_iv ) return decrypted