def p34():
alice = DiffieHellman()
bob = DiffieHellman()
sha1 = SHA1()
bob.derive_shared_secret(alice.p)
alice.derive_shared_secret(bob.p)
a_msg = 'build a protocol and an "echo" bot'
a_iv = urandom(16)
a_key = unhexlify(sha1.hash(alice.shared))[:16]
a_sends = aes_cbc_encrypt(a_msg, a_key, a_iv), a_iv
print 'Encrypted message "{}"'.format(a_msg)
e_key = unhexlify(sha1.hash(0))[:16]
e_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], e_key, a_iv))
if e_msg != a_msg:
return 'Intercepted Traffic Incorrectly Decrypted'
b_iv = urandom(16)
b_key = unhexlify(sha1.hash(bob.shared))[:16]
b_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], b_key, a_iv))
b_sends = aes_cbc_encrypt(b_msg, b_key, b_iv), b_iv
e_msg = validate_pkcs7(aes_cbc_decrypt(b_sends[0], e_key, b_iv))
if e_msg != b_msg:
return 'Intercepted Traffic Incorrectly Decrypted'
return 'Intercepted and decrypted message "{}"'.format(e_msg)
def p34() -> str:
alice = DiffieHellman()
bob = DiffieHellman()
bob.derive_shared_secret(alice.p)
alice.derive_shared_secret(bob.p)
a_msg = b'build a protocol and an "echo" bot'
a_iv = urandom(16)
a_key = sha1(str(alice.shared).encode()).digest()[:16]
a_sends = aes_cbc_encrypt(a_msg, a_key, a_iv), a_iv
print(f'Encrypted message "{a_msg.decode()}"')
e_key = sha1(b'0').digest()[:16]
e_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], e_key, a_iv))
if e_msg != a_msg:
return 'Intercepted Traffic Incorrectly Decrypted'
b_iv = urandom(16)
b_key = sha1(str(bob.shared).encode()).digest()[:16]
b_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], b_key, a_iv))
b_sends = aes_cbc_encrypt(b_msg, b_key, b_iv), b_iv
e_msg = validate_pkcs7(aes_cbc_decrypt(b_sends[0], e_key, b_iv))
if e_msg != b_msg:
return 'Intercepted Traffic Incorrectly Decrypted'
return f'Intercepted and decrypted message "{e_msg.decode()}"'
def _break_cbc(ctxt, key, iv):
ptxt = ''
prevblock = iv
for block in range(len(ctxt) / AES.block_size):
ctxtblock = ctxt[block * AES.block_size:(block + 1) * AES.block_size]
cipherout = ''
for cur_pad_byte in range(1, AES.block_size + 1):
mask = ''.join([chr(cur_pad_byte ^ ord(s)) for s in cipherout])
for byt in range(0xff + 1):
validpad = True
block = 'A' * (AES.block_size - len(mask) -
1) + chr(byt) + mask
out = aes_cbc_decrypt(ctxtblock, key, block)
# server would be doing this
try:
validate_pkcs7(out)
except ValueError:
validpad = False
# back to client now
if validpad:
cipherout = chr(byt ^ cur_pad_byte) + cipherout
break
ptxt += xor(prevblock, cipherout)
prevblock = ctxtblock
return ptxt
def _decrypt_and_parse(ctxt: bytes, key: bytes, iv: bytes) -> Dict[bytes, bytes]:
plaintext = validate_pkcs7(aes_cbc_decrypt(ctxt, key, iv))
data = {}
for pairs in plaintext.split(b';'):
key, value = pairs.split(b'=')
data[key] = value
return data
def _decrypt_and_parse(ctxt, key, iv):
plaintext = validate_pkcs7(aes_cbc_decrypt(ctxt, key, iv))
data = {}
for pairs in plaintext.split(';'):
key, value = pairs.split('=')
data[key] = value
return data
def p35():
p = DiffieHellman.default_p
sha1 = SHA1()
for (g, sk) in [(1, 1), (p, 0), (p - 1, p - 1)]:
alice = DiffieHellman(g=g)
bob = DiffieHellman(g=g)
alice.derive_shared_secret(bob.public)
bob.derive_shared_secret(alice.public)
a_msg = 'When does this ever happen?'
a_iv = urandom(16)
a_key = unhexlify(sha1.hash(alice.shared))[:16]
a_sends = aes_cbc_encrypt(a_msg, a_key, a_iv), a_iv
e_key = unhexlify(sha1.hash(sk))[:16]
try:
e_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], e_key, a_iv))
except ValueError:
sk = pow(p-1, 2, p)
e_key = unhexlify(sha1.hash(sk))[:16]
e_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], e_key, a_iv))
if e_msg != a_msg:
return 'Intercepted Traffic Incorrectly Decrypted'
b_iv = urandom(16)
b_key = sha1.hash(bob.shared).decode('hex')[:16]
b_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], b_key, a_iv))
b_sends = aes_cbc_encrypt(b_msg, b_key, b_iv), b_iv
e_msg = validate_pkcs7(aes_cbc_decrypt(b_sends[0], e_key, b_iv))
if e_msg != b_msg:
return 'Intercepted Traffic Incorrectly Decrypted'
return 'All Traffic Intercepted And Decrypted!'
def p27() -> bytes:
key = urandom(16)
print(f'The key is {hexlify(key).decode()}')
msg = b'Super secret message unfortunately encrypted in a bad manner'
ctxt = aes_cbc_encrypt(msg, key, key)
c1 = ctxt[:AES.block_size]
zeros = b'\x00' * AES.block_size
ctxt = c1 + zeros + c1 + ctxt[3 * AES.block_size:]
try:
plaintext = aes_cbc_decrypt(ctxt, key, key)
return _check_ascii_compliant(plaintext)
except ValueError as e:
ptxt = e.args[0]
p1, p3 = ptxt[:AES.block_size], ptxt[2 * AES.block_size:3 *
AES.block_size]
return b'Recovered ' + hexlify(xor(p1, p3))
def p27():
key = urandom(16)
print 'The key is {}'.format(hexlify(key))
msg = 'Super secret message unfortunately encrypted in a bad manner'
ctxt = aes_cbc_encrypt(msg, key, key)
c1 = ctxt[:AES.block_size]
zeros = '\x00' * AES.block_size
ctxt = c1 + zeros + c1 + ctxt[3 * AES.block_size:]
try:
plaintext = aes_cbc_decrypt(ctxt, key, key)
return _check_ascii_compliant(plaintext)
except ValueError as e:
start = len('Invalid ASCII - ')
ptxt = str(e)[start:]
p1, p3 = ptxt[:AES.block_size], ptxt[2 * AES.block_size:3 *
AES.block_size]
return 'Recovered ' + hexlify(xor(p1, p3))
def _break_cbc(ctxt: bytes, key: bytes, iv: bytes) -> bytes:
ptxt = b''
prevblock = iv
for block in range(len(ctxt) // AES.block_size):
ctxtblock = ctxt[block * AES.block_size:(block + 1) * AES.block_size]
cipherout = b''
for cur_pad_byte in range(1, AES.block_size + 1):
mask = bytes([(cur_pad_byte ^ s) for s in cipherout])
for byte in range(0xff + 1):
validpad = True
byte_str = int.to_bytes(byte, 1, byteorder='little')
block = b'A' * (AES.block_size - len(mask) -
1) + byte_str + mask
out = aes_cbc_decrypt(ctxtblock, key, block)
# server would be doing this
try:
validate_pkcs7(out)
except ValueError:
validpad = False
# back to client now
if validpad:
cipher_byte = int.to_bytes(byte ^ cur_pad_byte,
1,
byteorder='little')
cipherout = cipher_byte + cipherout
break
ptxt += xor(prevblock, cipherout)
prevblock = ctxtblock
return ptxt