def mallory(to_alice, from_alice, to_bob, from_bob):
"""
Simulates the man-in-the-middle attack by sending bad values
and decrypting the messages being passed.
Args:
to_alice: queue for sending messages to alice
from_alice: queue for messages from alice
to_bob: queue for sending messages to bob
from_bob: queue for messages from bob
"""
# A->M Send p,g
p, g = from_alice.get()
# M->B Send p,g
to_bob.put([p, g])
# B->A Send ACK
to_alice.put(from_bob.get())
# A->M Send A
A = from_alice.get()
# M->B Send A
to_bob.put(A)
# B->M Send B
B = from_bob.get()
# M->A Send B
to_alice.put(B)
session_key = c33.make_session_key(g, 1, p)
alt_session_key = c33.make_session_key(g, 2, p)
key = session_key[0:16]
alt_key = alt_session_key[0:16]
# A->M Send AES-CBC(blah blah)
msg = from_alice.get()
dec_msgs = []
while msg:
# M->B Relay to B
to_bob.put(msg)
## Decrypt the message
d_msg = b''
try:
d_msg = c10.aes_128_cbc_decrypt(msg[16:], key, msg[0:16])
d_msg = c9.pkcs7_unpad(d_msg)
except:
d_msg = c10.aes_128_cbc_decrypt(msg[16:], alt_key, msg[0:16])
d_msg = c9.pkcs7_unpad(d_msg)
dec_msgs.append(d_msg)
to_alice.put(from_bob.get())
try:
msg = from_alice.get(timeout=0.5)
except:
msg = False
return dec_msgs
def bob(to_alice, from_alice):
"""
Simulates Bob's communication with Alice via DH. Bob decrypts the messages
then sends them back after re-encrypting under a new IV.
Args:
to_alice: a queue for sending messages to alice
from_alice: a queue for receiving messages from alice
"""
# A->B Send p,g,A
p, g, A = from_alice.get()
b, B = c33.diffie_hellman(p, g)
# B->A Send B
to_alice.put(B)
session_key = c33.make_session_key(A, b, p)
key = session_key[0:16]
msg = from_alice.get(0.5)
while msg:
msg_iv = msg[0:16]
msg = msg[16:]
d_msg = c10.aes_128_cbc_decrypt(msg, key, msg_iv)
d_msg = c9.pkcs7_unpad(d_msg)
iv = os.urandom(16)
d_msg = c9.pkcs7_pad(
d_msg) # i know this weird but it does perform a check
echo = c10.aes_128_cbc_encrypt(d_msg, key, iv)
echo = iv + echo
to_alice.put(echo)
try:
msg = from_alice.get(timeout=0.5)
except:
msg = False
def is_admin(cookie):
"""
Decryption oracle. Decrypts the cookie and searches for the admin token.
Args:
cookie: The encrypted cookie containing the user data
Returns:
True if the cookie contains ';admin=true;'
"""
data = c10.aes_128_cbc_decrypt(cookie, key)
data = c9.pkcs7_unpad(data)
return b';admin=true;' in data
def verify_url(data):
"""
Verifies that a URL is valid by decrypting the data, and checking all
bytes are below 128 in value.
Args:
data: The encrypted URL
Returns:
True if the plaintext is valid, and the plaintext
"""
pt = c10.aes_128_cbc_decrypt(data, key, key)
valid = True
for c in pt:
valid &= c < 128
return valid, pt
def alice(to_bob, from_bob, msgs):
"""
Simulates Alice's communication to Bob with DH. Alice checks that
the echo she receives back is the same as the message she sent.
Args:
to_bob: a queue for sending messages out to bob
from_bob: a queue for receiving messages from bob
msgs: list of messages to send to bob
"""
p = "0xffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024"
p += "e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd"
p += "3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec"
p += "6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f"
p += "24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361"
p += "c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552"
p += "bb9ed529077096966d670c354e4abc9804f1746c08ca237327fff"
p += "fffffffffffff"
p = int(p, 16)
g = 2
a, A = c33.diffie_hellman(p, g)
# A->B Send p,g,A
to_bob.put([p, g, A])
# B->A Send B
B = from_bob.get()
session_key = c33.make_session_key(B, a, p)
key = session_key[0:16]
for msg in msgs:
if DEBUG:
print('Sending msg: ' + str(msg))
iv = os.urandom(16)
e_msg = iv + c10.aes_128_cbc_encrypt(c9.pkcs7_pad(msg), key, iv)
# A->B Send AES-CBC(key,msg,iv) + iv
to_bob.put(e_msg)
# B->A echo
echo = from_bob.get()
echo_msg = echo[16:]
echo_iv = echo[0:16]
d_echo = c10.aes_128_cbc_decrypt(echo_msg, key, echo_iv)
d_echo = c9.pkcs7_unpad(d_echo)
if DEBUG:
print('Alice got echo: ' + str(d_echo))
assert d_echo == msg, d_echo
def decryption_oracle(txt):
"""
Decrypts the given ciphertext and determines if the padding is valid
for it.
Args:
txt: The encrypted ciphertext
Returns:
True if the padding is valid.
"""
ct = c10.aes_128_cbc_decrypt(txt, key, iv)
try:
if DEBUG:
print('Pad byte: ' + str(ct[-1]))
ct = c9.pkcs7_unpad(ct)
return True
except:
return False
def alice(to_bob, from_bob, msgs):
"""
Simulates Alice's communication to Bob with DH. Alice checks that
the echo she receives back is the same as the message she sent.
Args:
to_bob: a queue for sending messages out to bob
from_bob: a queue for receiving messages from bob
msgs: list of messages to send to bob
"""
p = P
g = G
a, A = c33.diffie_hellman(p, g)
# A->B Send p,g
to_bob.put([p, g])
# B->A Send ACK
ack = from_bob.get()
assert ack == "ACK"
# A->B Send A
to_bob.put(A)
# B->A Send B
B = from_bob.get()
session_key = c33.make_session_key(B, a, p)
key = session_key[0:16]
for msg in msgs:
if DEBUG:
print('Sending msg: ' + str(msg))
iv = os.urandom(16)
e_msg = iv + c10.aes_128_cbc_encrypt(c9.pkcs7_pad(msg), key, iv)
# A->B Send AES-CBC(key,msg,iv) + iv
to_bob.put(e_msg)
# B->A echo
echo = from_bob.get()
echo_msg = echo[16:]
echo_iv = echo[0:16]
d_echo = c10.aes_128_cbc_decrypt(echo_msg, key, echo_iv)
d_echo = c9.pkcs7_unpad(d_echo)
if DEBUG:
print('Alice got echo: ' + str(d_echo))
assert d_echo == msg, d_echo
def setUp(self):
f = open('../../testdata/10.txt')
self.ctxt = c1.base64toascii(f.read())
self.key = b'YELLOW SUBMARINE'
self.pt = c10.aes_128_cbc_decrypt(self.ctxt, self.key)
f.close()
