def myhmac(hash_function, message, key):
if (len(key) > 64):
key = hash(key)
if (len(key) < 64):
key += (b'\x00' * (64 - len(key)))
opad = raw_xor(b'\x5c' * 64, key)
ipad = raw_xor(b'\x36' * 64, key)
return (hash_function(opad + hexToRaw(hash_function(ipad + message))))
def myhmac(hash_function, message, key):
if len(key) > 64:
key = hash(key)
if len(key) < 64:
key += b"\x00" * (64 - len(key))
opad = raw_xor(b"\x5c" * 64, key)
ipad = raw_xor(b"\x36" * 64, key)
return hash_function(opad + hexToRaw(hash_function(ipad + message)))
def myhmac(hash_function, message, key):
if (len(key) > BLOCKSIZE):
key = hash(key)
if (len(key) < BLOCKSIZE):
key += (b'\x00' * (BLOCKSIZE - len(key)))
opad = raw_xor(b'\x5c' * BLOCKSIZE, key)
ipad = raw_xor(b'\x36' * BLOCKSIZE, key)
return hash_function(opad + hexToRaw(hash_function(ipad + message)))
def myhmac(hash_function, message, key):
if (len(key) > BLOCKSIZE):
key = hash(key)
if (len(key) < BLOCKSIZE):
key += (b'\x00' * (BLOCKSIZE - len(key)));
opad = raw_xor(b'\x5c' * BLOCKSIZE, key);
ipad = raw_xor(b'\x36' * BLOCKSIZE, key);
return hash_function(opad + hexToRaw(hash_function(ipad + message)));
def myhmac(hash_function, message, key):
blocksize = hash_function().block_size;
if (len(key) > blocksize):
key = hash_function(key).digest()
if (len(key) < blocksize):
key += (b'\x00' * (blocksize - len(key)));
opad = raw_xor(b'\x5c' * blocksize, key);
ipad = raw_xor(b'\x36' * blocksize, key);
return hash_function(opad + hash_function(ipad + message).digest()).digest();
def myhmac(hash_function, message, key):
blocksize = hash_function().block_size
if (len(key) > blocksize):
key = hash_function(key).digest()
if (len(key) < blocksize):
key += (b'\x00' * (blocksize - len(key)))
opad = raw_xor(b'\x5c' * blocksize, key)
ipad = raw_xor(b'\x36' * blocksize, key)
return hash_function(opad +
hash_function(ipad + message).digest()).digest()
def recoverPlaintext():
# start with the cipher
originalCipher = cipher;
# edit the plaintext to be all 0, recovering the raw keystream
newPlain = b'\x00' * len(originalCipher);
keystream = editAPI(originalCipher, 0, newPlain);
# xor out the keystream from the original plaintext
originalPlain = raw_xor(originalCipher, keystream);
return originalPlain;
def recoverPlaintext():
# start with the cipher
originalCipher = cipher
# edit the plaintext to be all 0, recovering the raw keystream
newPlain = b'\x00' * len(originalCipher)
keystream = editAPI(originalCipher, 0, newPlain)
# xor out the keystream from the original plaintext
originalPlain = raw_xor(originalCipher, keystream)
return originalPlain
def generateEncryptedAdminProfile():
desiredComment = b';admin=true;';
firstComment = b'\x00' * len(desiredComment);
# encrypt my harmless plaintext
firstEncProfile = encryptString(firstComment);
# locate the encrypted version of my comment, extract encrypted form of comment
offset = len(prefix);
firstCipher = firstEncProfile[offset:offset+len(firstComment)];
# make new profile
newEncProfile = firstEncProfile[0:len(prefix)] + raw_xor(firstCipher, desiredComment) + firstEncProfile[len(prefix)+len(desiredComment):];
return newEncProfile;
def generateEncryptedAdminProfile():
desiredComment = b';admin=true;';
firstComment = b'\x00' * len(desiredComment);
# encrypt my harmless plaintext
firstEncProfile = encryptString(firstComment);
# locate the encrypted version of my comment, extract encrypted form of comment
offset = len(prefix);
firstCipher = firstEncProfile[offset:offset+len(firstComment)];
# make new profile
newEncProfile = firstEncProfile[0:len(prefix)] + raw_xor(firstCipher, desiredComment) + firstEncProfile[len(prefix)+len(desiredComment):];
return newEncProfile;
def solve20():
keystream = b'';
# for the 0th, 1st, 2nd byte...
for i in range(shortestCipherLength):
# combine those cipher bytes into one long keystream
cipher = b''.join([tc[i].to_bytes(1, byteorder='big') for tc in truncatedCiphers]);
maxMG = 0;
maxKey = -1;
# for each potential keystream byte
for j in range(256):
# try that byte as a keystream
potentialPlain = raw_xor(cipher, j.to_bytes(1, byteorder='big')*len(cipher));
mg = calculateMG(potentialPlain);
if (mg > maxMG):
maxMG = mg;
maxKey = j;
# assume highest-scoring key is right
keystream += maxKey.to_bytes(1, byteorder='big');
printSolution(keystream, truncatedCiphers);
def recoverKey():
# Use your code to encrypt a message that is at least 3 blocks long:
# AES-CBC(P_1, P_2, P_3) -> C_1, C_2, C_3
plaintext = (b'A' * 48)
cipher = aes_cbc_enc(plaintext, global_aes_key, global_iv)
#Modify the message (you are now the attacker):
# C_1, C_2, C_3 -> C_1, 0, C_1
modifiedCipher = cipher[0:16] + (b'\x00' * 16) + cipher[0:16]
# Decrypt the message (you are now the receiver) and raise the
# appropriate error if high-ASCII is found.
(checkAsciiResult, errorString) = decryptAndCheckAscii(modifiedCipher)
# As the attacker, recovering the plaintext from the error, extract the key:
# P'_1 XOR P'_3
if (checkAsciiResult):
raise Exception("Unlucky")
key = raw_xor(errorString[0:16], errorString[32:48])
return key
def recoverKey():
# Use your code to encrypt a message that is at least 3 blocks long:
# AES-CBC(P_1, P_2, P_3) -> C_1, C_2, C_3
plaintext = (b'A' * 48);
cipher = aes_cbc_enc(plaintext, global_aes_key, global_iv);
#Modify the message (you are now the attacker):
# C_1, C_2, C_3 -> C_1, 0, C_1
modifiedCipher = cipher[0:16] + (b'\x00' * 16) + cipher[0:16];
# Decrypt the message (you are now the receiver) and raise the
# appropriate error if high-ASCII is found.
(checkAsciiResult, errorString) = decryptAndCheckAscii(modifiedCipher);
# As the attacker, recovering the plaintext from the error, extract the key:
# P'_1 XOR P'_3
if (checkAsciiResult):
raise Exception("Unlucky");
key = raw_xor(errorString[0:16], errorString[32:48]);
return key;
def solve20():
keystream = b''
# for the 0th, 1st, 2nd byte...
for i in range(shortestCipherLength):
# combine those cipher bytes into one long keystream
cipher = b''.join(
[tc[i].to_bytes(1, byteorder='big') for tc in truncatedCiphers])
maxMG = 0
maxKey = -1
# for each potential keystream byte
for j in range(256):
# try that byte as a keystream
potentialPlain = raw_xor(
cipher,
j.to_bytes(1, byteorder='big') * len(cipher))
mg = calculateMG(potentialPlain)
if (mg > maxMG):
maxMG = mg
maxKey = j
# assume highest-scoring key is right
keystream += maxKey.to_bytes(1, byteorder='big')
printSolution(keystream, truncatedCiphers)
def printSolution(guess, ciphers):
print("------------------------------")
print("Guess: ", guess)
for i in range(len(ciphers)):
print("Plain ", i, ": ", raw_xor(ciphers[i], guess))
def printSolution(guess, ciphers):
print("------------------------------")
print("Guess: ", guess)
for i in range(len(ciphers)):
print("Plain ", i, ": ", raw_xor(ciphers[i], guess))