def p34():
alice = DiffieHellman()
bob = DiffieHellman()
sha1 = SHA1()
bob.derive_shared_secret(alice.p)
alice.derive_shared_secret(bob.p)
a_msg = 'build a protocol and an "echo" bot'
a_iv = urandom(16)
a_key = unhexlify(sha1.hash(alice.shared))[:16]
a_sends = aes_cbc_encrypt(a_msg, a_key, a_iv), a_iv
print 'Encrypted message "{}"'.format(a_msg)
e_key = unhexlify(sha1.hash(0))[:16]
e_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], e_key, a_iv))
if e_msg != a_msg:
return 'Intercepted Traffic Incorrectly Decrypted'
b_iv = urandom(16)
b_key = unhexlify(sha1.hash(bob.shared))[:16]
b_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], b_key, a_iv))
b_sends = aes_cbc_encrypt(b_msg, b_key, b_iv), b_iv
e_msg = validate_pkcs7(aes_cbc_decrypt(b_sends[0], e_key, b_iv))
if e_msg != b_msg:
return 'Intercepted Traffic Incorrectly Decrypted'
return 'Intercepted and decrypted message "{}"'.format(e_msg)
def p34() -> str:
alice = DiffieHellman()
bob = DiffieHellman()
bob.derive_shared_secret(alice.p)
alice.derive_shared_secret(bob.p)
a_msg = b'build a protocol and an "echo" bot'
a_iv = urandom(16)
a_key = sha1(str(alice.shared).encode()).digest()[:16]
a_sends = aes_cbc_encrypt(a_msg, a_key, a_iv), a_iv
print(f'Encrypted message "{a_msg.decode()}"')
e_key = sha1(b'0').digest()[:16]
e_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], e_key, a_iv))
if e_msg != a_msg:
return 'Intercepted Traffic Incorrectly Decrypted'
b_iv = urandom(16)
b_key = sha1(str(bob.shared).encode()).digest()[:16]
b_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], b_key, a_iv))
b_sends = aes_cbc_encrypt(b_msg, b_key, b_iv), b_iv
e_msg = validate_pkcs7(aes_cbc_decrypt(b_sends[0], e_key, b_iv))
if e_msg != b_msg:
return 'Intercepted Traffic Incorrectly Decrypted'
return f'Intercepted and decrypted message "{e_msg.decode()}"'
def _break_cbc(ctxt, key, iv):
ptxt = ''
prevblock = iv
for block in range(len(ctxt) / AES.block_size):
ctxtblock = ctxt[block * AES.block_size:(block + 1) * AES.block_size]
cipherout = ''
for cur_pad_byte in range(1, AES.block_size + 1):
mask = ''.join([chr(cur_pad_byte ^ ord(s)) for s in cipherout])
for byt in range(0xff + 1):
validpad = True
block = 'A' * (AES.block_size - len(mask) -
1) + chr(byt) + mask
out = aes_cbc_decrypt(ctxtblock, key, block)
# server would be doing this
try:
validate_pkcs7(out)
except ValueError:
validpad = False
# back to client now
if validpad:
cipherout = chr(byt ^ cur_pad_byte) + cipherout
break
ptxt += xor(prevblock, cipherout)
prevblock = ctxtblock
return ptxt
def _decrypt_and_parse(ctxt: bytes, key: bytes, iv: bytes) -> Dict[bytes, bytes]:
plaintext = validate_pkcs7(aes_cbc_decrypt(ctxt, key, iv))
data = {}
for pairs in plaintext.split(b';'):
key, value = pairs.split(b'=')
data[key] = value
return data
def _decrypt_and_parse(ctxt, key, iv):
plaintext = validate_pkcs7(aes_cbc_decrypt(ctxt, key, iv))
data = {}
for pairs in plaintext.split(';'):
key, value = pairs.split('=')
data[key] = value
return data
def p35():
p = DiffieHellman.default_p
sha1 = SHA1()
for (g, sk) in [(1, 1), (p, 0), (p - 1, p - 1)]:
alice = DiffieHellman(g=g)
bob = DiffieHellman(g=g)
alice.derive_shared_secret(bob.public)
bob.derive_shared_secret(alice.public)
a_msg = 'When does this ever happen?'
a_iv = urandom(16)
a_key = unhexlify(sha1.hash(alice.shared))[:16]
a_sends = aes_cbc_encrypt(a_msg, a_key, a_iv), a_iv
e_key = unhexlify(sha1.hash(sk))[:16]
try:
e_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], e_key, a_iv))
except ValueError:
sk = pow(p-1, 2, p)
e_key = unhexlify(sha1.hash(sk))[:16]
e_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], e_key, a_iv))
if e_msg != a_msg:
return 'Intercepted Traffic Incorrectly Decrypted'
b_iv = urandom(16)
b_key = sha1.hash(bob.shared).decode('hex')[:16]
b_msg = validate_pkcs7(aes_cbc_decrypt(a_sends[0], b_key, a_iv))
b_sends = aes_cbc_encrypt(b_msg, b_key, b_iv), b_iv
e_msg = validate_pkcs7(aes_cbc_decrypt(b_sends[0], e_key, b_iv))
if e_msg != b_msg:
return 'Intercepted Traffic Incorrectly Decrypted'
return 'All Traffic Intercepted And Decrypted!'
def _break_cbc(ctxt: bytes, key: bytes, iv: bytes) -> bytes:
ptxt = b''
prevblock = iv
for block in range(len(ctxt) // AES.block_size):
ctxtblock = ctxt[block * AES.block_size:(block + 1) * AES.block_size]
cipherout = b''
for cur_pad_byte in range(1, AES.block_size + 1):
mask = bytes([(cur_pad_byte ^ s) for s in cipherout])
for byte in range(0xff + 1):
validpad = True
byte_str = int.to_bytes(byte, 1, byteorder='little')
block = b'A' * (AES.block_size - len(mask) -
1) + byte_str + mask
out = aes_cbc_decrypt(ctxtblock, key, block)
# server would be doing this
try:
validate_pkcs7(out)
except ValueError:
validpad = False
# back to client now
if validpad:
cipher_byte = int.to_bytes(byte ^ cur_pad_byte,
1,
byteorder='little')
cipherout = cipher_byte + cipherout
break
ptxt += xor(prevblock, cipherout)
prevblock = ctxtblock
return ptxt
def p17() -> bytes:
strs = [
'MDAwMDAwTm93IHRoYXQgdGhlIHBhcnR5IGlzIGp1bXBpbmc=',
'MDAwMDAxV2l0aCB0aGUgYmFzcyBraWNrZWQgaW4gYW5kIHRoZSBWZWdhJ3MgYXJlIHB'
'1bXBpbic=',
'MDAwMDAyUXVpY2sgdG8gdGhlIHBvaW50LCB0byB0aGUgcG9pbnQsIG5vIGZha2luZw==',
'MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==',
'MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl',
'MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==',
'MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==',
'MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=',
'MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=',
'MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93'
]
key, iv = urandom(16), urandom(16)
ptxt = b64decode(random_choice(strs))
ctxt = aes_cbc_encrypt(ptxt, key, iv)
ptxt = _break_cbc(ctxt, key, iv)
return validate_pkcs7(ptxt)
def p15() -> str:
ice_baby = b'ICE ICE BABY' + b'\x04' * 4
valid_padding = validate_pkcs7(ice_baby)
return f'{repr(ice_baby)} has valid PKCS7 padding - {valid_padding}'
def p15():
ice_baby = 'ICE ICE BABY' + '\x04' * 4
valid_padding = validate_pkcs7(ice_baby)
return '{} has valid PKCS7 padding - {}'.format(repr(ice_baby), valid_padding)