Exemple #1
0
def SRP_step5(state):
    xH = sha256(intToBytes(state["salt"]) + state["P"]).hexdigest()
    x = int(xH, 16)
    S = mypow((state["B"] - state["k"] * mypow(state["g"], x, state["p"])),
              (state["a"] + state["u"] * x), state["p"])
    state["C_K"] = sha256(intToBytes(S)).digest()
    return state
Exemple #2
0
def message5_5_gp1(state):
    # (p-1) is essentially (-1)
    # B's secret is (-1)^b which is either (+1) or (-1) (and also B)
    # A's secret is (-1)^b^a, which is either (+1) or (-1),
    # but not necessarily the same as B's secret
    # thus, we may need to modify cipher
    # use CBC padding to check validity of key
    # check validity of cbc padding to determine which
    # B's secret
    cipherkey_plus1, mackey_plus1 = secretToKeys(intToBytes(1))
    cipherkey_minus1, mackey_minus1 = secretToKeys(intToBytes(state["p"] - 1))
    plain_plus1 = aes_cbc_dec(state["a_cipher"], cipherkey_plus1,
                              state["a_iv"])
    plain_minus1 = aes_cbc_dec(state["a_cipher"], cipherkey_minus1,
                               state["a_iv"])
    plain = None
    try:
        plain = checkAndRemovePKCS7Padding(plain_plus1)
        state["m_key_a"] = cipherkey_plus1
    except ValueError:
        plain = checkAndRemovePKCS7Padding(plain_minus1)
        state["m_key_a"] = cipherkey_minus1
    state["m_plain_a"] = plain
    # encrypt to B's key
    state["m_key_b"], b_mackey = secretToKeys(intToBytes(state["B"]))
    state["a_cipher"] = aes_cbc_enc(addPKCS7Padding(plain, 16),
                                    state["m_key_b"], state["a_iv"])
    return state
def message5_5_gp1(state):
    # (p-1) is essentially (-1)
    # B's secret is (-1)^b which is either (+1) or (-1) (and also B)
    # A's secret is (-1)^b^a, which is either (+1) or (-1),
    # but not necessarily the same as B's secret
    # thus, we may need to modify cipher
    # use CBC padding to check validity of key
    # check validity of cbc padding to determine which
    # B's secret 
    cipherkey_plus1, mackey_plus1 = secretToKeys(intToBytes(1));
    cipherkey_minus1, mackey_minus1 = secretToKeys(intToBytes(state["p"]-1));
    plain_plus1 = aes_cbc_dec(state["a_cipher"], cipherkey_plus1, state["a_iv"])
    plain_minus1 = aes_cbc_dec(state["a_cipher"], cipherkey_minus1, state["a_iv"])
    plain = None;
    try:
        plain = checkAndRemovePKCS7Padding(plain_plus1)
        state["m_key_a"] = cipherkey_plus1
    except ValueError:
        plain = checkAndRemovePKCS7Padding(plain_minus1)
        state["m_key_a"] = cipherkey_minus1
    state["m_plain_a"] = plain;
    # encrypt to B's key
    state["m_key_b"], b_mackey = secretToKeys(intToBytes(state["B"]))
    state["a_cipher"] = aes_cbc_enc(addPKCS7Padding(plain, 16), state["m_key_b"], state["a_iv"]);
    return state;
def message4_5(state):
    # message 3.5 in the opposite order
    cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
    plain = removePKCS7Padding(aes_cbc_dec(state["b_cipher"], cipherkey, state["b_iv"]));
    cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
    cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["b_iv"]);
    state["b_cipher"] = cipher;
    return state;
Exemple #5
0
def message4_5(state):
    # message 3.5 in the opposite order
    cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
    plain = removePKCS7Padding(
        aes_cbc_dec(state["b_cipher"], cipherkey, state["b_iv"]))
    cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
    cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["b_iv"])
    state["b_cipher"] = cipher
    return state
def message3_5(state):
    # A's secret is p^a = (g^1) ^ a = A
    cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
    plain = removePKCS7Padding(aes_cbc_dec(state["a_cipher"], cipherkey, state["a_iv"]));
    # B's secret is p^b = (g^1)^b = B
    cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
    cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["a_iv"]);
    state["a_cipher"] = cipher;
    return state;
Exemple #7
0
def message3_5(state):
    # A's secret is p^a = (g^1) ^ a = A
    cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
    plain = removePKCS7Padding(
        aes_cbc_dec(state["a_cipher"], cipherkey, state["a_iv"]))
    # B's secret is p^b = (g^1)^b = B
    cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
    cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["a_iv"])
    state["a_cipher"] = cipher
    return state
Exemple #8
0
def message4_5(state):
    # message 3.5 in the opposite order
    cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
    plain = removePKCS7Padding(aes_cbc_dec(state["b_cipher"], cipherkey, state["b_iv"]));
    cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
    cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["b_iv"]);
    state["b_cipher"] = cipher;
    print("B->M            Send AES-CBC(SHA1(s)[0:16], iv=random(16), A's msg) + iv");
    print("M->A            Relay that to A");
    #print(state);
    print('-'*64);
    return state;
Exemple #9
0
def message3_5(state):
    # A's secret is p^a = (g^1) ^ a = A
    cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
    plain = removePKCS7Padding(aes_cbc_dec(state["a_cipher"], cipherkey, state["a_iv"]));
    # B's secret is p^b = (g^1)^b = B
    cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
    cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["a_iv"]);
    state["a_cipher"] = cipher;
    print("A->M            Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv");
    #print(state);
    print('-'*64);
    return state;
Exemple #10
0
def try_simplified_SRP_password(state, guess):
    # hmac(K, salt) =
    # hmac(sha256(S), salt) =
    # hmac(sha256((A * v ** u)**b % n), salt) =
    # hmac(sha256((A * ((g**x)** u))**b % n), salt) =
    # hmac(sha256((A * ((g**SHA256(salt|password))** u))**b % n), salt) =
    # and now we're down to thinks we know (minus password)
    x = sha256(intToBytes(state["salt"]) + guess).hexdigest();
    v = mypow(state["g"], int(x, 16), state["p"]);
    v_u = mypow(v, state["u"], state["p"]);
    S = mypow(state["A"] * v_u, state["b"], state["p"]);
    mychal = myhmac(sha256, sha256(intToBytes(S)).digest(), intToBytes(state["salt"]));
    return mychal == state["challenge"];
Exemple #11
0
def message3_5(state):
    # A's secret is p^a = (g^1) ^ a = A
    cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
    plain = removePKCS7Padding(
        aes_cbc_dec(state["a_cipher"], cipherkey, state["a_iv"]))
    # B's secret is p^b = (g^1)^b = B
    cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
    cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["a_iv"])
    state["a_cipher"] = cipher
    print(
        "A->M            Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv")
    #print(state);
    print('-' * 64)
    return state
Exemple #12
0
def message4_5(state):
    # message 3.5 in the opposite order
    cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
    plain = removePKCS7Padding(
        aes_cbc_dec(state["b_cipher"], cipherkey, state["b_iv"]))
    cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
    cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["b_iv"])
    state["b_cipher"] = cipher
    print(
        "B->M            Send AES-CBC(SHA1(s)[0:16], iv=random(16), A's msg) + iv"
    )
    print("M->A            Relay that to A")
    #print(state);
    print('-' * 64)
    return state
def message5(state):
    message = b"Thomas, he's the cheeky one.  James is vain but lots of fun!";
    secret = mypow(state["B"], state["a"], group5_p);
    state["a_cipherkey"], state["a_mackey"] = secretToKeys(intToBytes(secret));
    state["a_iv"] = generateAESKey();
    state["a_cipher"] = aes_cbc_enc(addPKCS7Padding(message, 16), state["a_cipherkey"], state["a_iv"]);
    return state;
Exemple #14
0
def message5(state):
    message = b"Thomas, he's the cheeky one.  James is vain but lots of fun!"
    secret = mypow(state["B"], state["a"], group5_p)
    state["a_cipherkey"], state["a_mackey"] = secretToKeys(intToBytes(secret))
    state["a_iv"] = generateAESKey()
    state["a_cipher"] = aes_cbc_enc(addPKCS7Padding(message, 16),
                                    state["a_cipherkey"], state["a_iv"])
    return state
Exemple #15
0
def message5(state):
    message = b"Thomas, he's the cheeky one.  James is vain but lots of fun!";
    secret = mypow(state["B"], state["a"], group5_p);
    state["a_cipherkey"], state["a_mackey"] = secretToKeys(intToBytes(secret));
    state["a_iv"] = generateAESKey();
    state["a_cipher"] = aes_cbc_enc(addPKCS7Padding(message, 16), state["a_cipherkey"], state["a_iv"]);
    print('A->B            Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv');
    return state;
Exemple #16
0
def SRP_step1(state):
    salt = randrange(2, state["p"] - 2)
    xH = sha256(intToBytes(salt) + state["P"]).hexdigest()
    x = int(xH, 16)
    v = mypow(state["g"], x, state["p"])
    state["v"] = v
    state["salt"] = salt
    return state
def SRP_step1(state):
    salt = randrange(2, state["p"]-2);
    xH = sha256(intToBytes(salt) + state["P"]).hexdigest();
    x = int(xH, 16);
    v = mypow(state["g"], x, state["p"]);
    state["v"] = v;
    state["salt"] = salt;
    return state;
def message3(state):
    a_shared = mypow(state["B"], state["a"], state["p"]);
    state["a_cipherkey"], state["a_mackey"] = secretToKeys(intToBytes(a_shared));
    a_iv = generateAESKey();
    message = b"mary had a little lamb"
    a_cipher = aes_cbc_enc(addPKCS7Padding(message, 16), state["a_cipherkey"], a_iv);
    state["a_cipher"] = a_cipher;
    state["a_iv"] = a_iv;
    return state;
Exemple #19
0
def message5(state):
    message = b"Thomas, he's the cheeky one.  James is vain but lots of fun!"
    secret = mypow(state["B"], state["a"], group5_p)
    state["a_cipherkey"], state["a_mackey"] = secretToKeys(intToBytes(secret))
    state["a_iv"] = generateAESKey()
    state["a_cipher"] = aes_cbc_enc(addPKCS7Padding(message, 16),
                                    state["a_cipherkey"], state["a_iv"])
    print(
        'A->B            Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv')
    return state
def message6(state):
    secret = mypow(state["A"], state["b"], state["p"]);
    state["b_cipherkey"], state["b_mackey"] = secretToKeys(intToBytes(secret));
    b_iv = generateAESKey();
    received_message = removePKCS7Padding(aes_cbc_dec(state["a_cipher"], state["b_cipherkey"], state["a_iv"]));
    b_cipher = aes_cbc_enc(addPKCS7Padding(received_message, 16), state["b_cipherkey"], b_iv);
    state["b_cipher"] = b_cipher;
    state["b_iv"] = b_iv;
    state["b_received_plain"] = received_message;
    return state;
Exemple #21
0
def message3(state):
    a_shared = mypow(state["B"], state["a"], state["p"])
    state["a_cipherkey"], state["a_mackey"] = secretToKeys(
        intToBytes(a_shared))
    a_iv = generateAESKey()
    message = b"mary had a little lamb"
    a_cipher = aes_cbc_enc(addPKCS7Padding(message, 16), state["a_cipherkey"],
                           a_iv)
    state["a_cipher"] = a_cipher
    state["a_iv"] = a_iv
    return state
Exemple #22
0
def message6(state):
    secret = mypow(state["A"], state["b"], state["p"]);
    state["b_cipherkey"], state["b_mackey"] = secretToKeys(intToBytes(secret));
    b_iv = generateAESKey();
    received_message = removePKCS7Padding(aes_cbc_dec(state["a_cipher"], state["b_cipherkey"], state["a_iv"]));
    b_cipher = aes_cbc_enc(addPKCS7Padding(received_message, 16), state["b_cipherkey"], b_iv);
    state["b_cipher"] = b_cipher;
    state["b_iv"] = b_iv;
    state["b_received_plain"] = received_message;
    print("B->A            Send AES-CBC(SHA1(s)[0:16], iv=random(16), A's msg) + iv");
    return state;
Exemple #23
0
def message3(state):
    a_shared = mypow(state["B"], state["a"], state["p"]);
    state["a_cipherkey"], state["a_mackey"] = secretToKeys(intToBytes(a_shared));
    a_iv = generateAESKey();
    message = b"mary had a little lamb"
    a_cipher = aes_cbc_enc(addPKCS7Padding(message, 16), state["a_cipherkey"], a_iv);
    state["a_cipher"] = a_cipher;
    state["a_iv"] = a_iv;
    print("3.A->B Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv");
    #print(state);
    print('-'*64);
    return state;
Exemple #24
0
def message6(state):
    secret = mypow(state["A"], state["b"], state["p"])
    state["b_cipherkey"], state["b_mackey"] = secretToKeys(intToBytes(secret))
    b_iv = generateAESKey()
    received_message = removePKCS7Padding(
        aes_cbc_dec(state["a_cipher"], state["b_cipherkey"], state["a_iv"]))
    b_cipher = aes_cbc_enc(addPKCS7Padding(received_message, 16),
                           state["b_cipherkey"], b_iv)
    state["b_cipher"] = b_cipher
    state["b_iv"] = b_iv
    state["b_received_plain"] = received_message
    return state
def check_protocol_g1(state):
    # B's public key is 1^b = 1.
    # A's secret is (1)^a = 1.
    # B's secret is (1)^b = 1
    # In this case, Mallory doesn't need to modify ciphers,
    # becasue A and B have the same shared secret.
    # But Mallory gets to know their messages (and potentially
    # inject her own)
    m_secret = 1;
    m_cipherkey, m_mackey = secretToKeys(intToBytes(m_secret));
    m_plain_a = removePKCS7Padding(aes_cbc_dec(state["a_cipher"], m_cipherkey, state["a_iv"]));
    m_plain_b = removePKCS7Padding(aes_cbc_dec(state["b_cipher"], m_cipherkey, state["b_iv"]));
    assert(m_plain_a == state["a_received_plain"]);
    assert(m_plain_b == state["b_received_plain"]);
Exemple #26
0
def message3(state):
    a_shared = mypow(state["B"], state["a"], state["p"])
    state["a_cipherkey"], state["a_mackey"] = secretToKeys(
        intToBytes(a_shared))
    a_iv = generateAESKey()
    message = b"mary had a little lamb"
    a_cipher = aes_cbc_enc(addPKCS7Padding(message, 16), state["a_cipherkey"],
                           a_iv)
    state["a_cipher"] = a_cipher
    state["a_iv"] = a_iv
    print("3.A->B Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv")
    #print(state);
    print('-' * 64)
    return state
Exemple #27
0
def message6(state):
    secret = mypow(state["A"], state["b"], state["p"])
    state["b_cipherkey"], state["b_mackey"] = secretToKeys(intToBytes(secret))
    b_iv = generateAESKey()
    received_message = removePKCS7Padding(
        aes_cbc_dec(state["a_cipher"], state["b_cipherkey"], state["a_iv"]))
    b_cipher = aes_cbc_enc(addPKCS7Padding(received_message, 16),
                           state["b_cipherkey"], b_iv)
    state["b_cipher"] = b_cipher
    state["b_iv"] = b_iv
    state["b_received_plain"] = received_message
    print(
        "B->A            Send AES-CBC(SHA1(s)[0:16], iv=random(16), A's msg) + iv"
    )
    return state
Exemple #28
0
def check_protocol_g1(state):
    # B's public key is 1^b = 1.
    # A's secret is (1)^a = 1.
    # B's secret is (1)^b = 1
    # In this case, Mallory doesn't need to modify ciphers,
    # becasue A and B have the same shared secret.
    # But Mallory gets to know their messages (and potentially
    # inject her own)
    m_secret = 1
    m_cipherkey, m_mackey = secretToKeys(intToBytes(m_secret))
    m_plain_a = removePKCS7Padding(
        aes_cbc_dec(state["a_cipher"], m_cipherkey, state["a_iv"]))
    m_plain_b = removePKCS7Padding(
        aes_cbc_dec(state["b_cipher"], m_cipherkey, state["b_iv"]))
    assert (m_plain_a == state["a_received_plain"])
    assert (m_plain_b == state["b_received_plain"])
Exemple #29
0
def client0_SRP():
    state = { "p" : SRP_p, 
             "g" : SRP_g,
             "k" : SRP_k,
             "I" : b"*****@*****.**",
             "P" : b'GANDALF THE GREY'}
    state = SRP_step1(state);
    state = SRP_step2(state);
    state["A"] = 0;
    state = SRP_step3(state);
    state = SRP_step4(state);
    #state = SRP_step5(state);
    '''Step 5 is the one in the client would use the password.
    This client doesn't know the password, but instead does:'''
    state["C_K"] = sha256(intToBytes(0)).digest();
    state = SRP_step6(state);
    state = SRP_step7(state);
    assert(SRP_validate(state));
def SRP_step5(state):
    xH = sha256(intToBytes(state["salt"]) + state["P"]).hexdigest();
    x = int(xH, 16);
    S = mypow((state["B"] - state["k"] * mypow(state["g"], x, state["p"])), (state["a"] + state["u"] * x), state["p"]);
    state["C_K"] = sha256(intToBytes(S)).digest();
    return state;
Exemple #31
0
def simplified_SRP_step6(state):
    state["challenge"]  = myhmac(sha256, state["C_K"], intToBytes(state["salt"]));
    return state;
def SRP_validate(state):
    expected = myhmac(sha256, state["S_K"], intToBytes(state["salt"]));
    return expected == state["challenge"];
Exemple #33
0
def simplified_SRP_step5(state):
    S = mypow(state["A"] * mypow(state["v"], state["u"], state["p"]), state["b"], state["p"]);
    state["S_K"] = sha256(intToBytes(S)).digest();
    return state;
def SRP_step4(state):
    uH = sha256(intToBytes(state["A"]) + intToBytes(state["B"])).hexdigest();
    state["u"] = int(uH, 16);
    return state;
Exemple #35
0
def SRP_step7(state):
    state["challenge"] = myhmac(sha256, state["C_K"],
                                intToBytes(state["salt"]))
    return state
Exemple #36
0
def SRP_validate(state):
    expected = myhmac(sha256, state["S_K"], intToBytes(state["salt"]))
    return expected == state["challenge"]
def SRP_step6(state):
    S = mypow(state["A"] * mypow(state["v"], state["u"], state["p"]), state["b"], state["p"]);
    state["S_K"] = sha256(intToBytes(S)).digest();
    return state;
Exemple #38
0
def SRP_step4(state):
    uH = sha256(intToBytes(state["A"]) + intToBytes(state["B"])).hexdigest()
    state["u"] = int(uH, 16)
    return state
def SRP_step7(state):
    state["challenge"] = myhmac(sha256, state["C_K"], intToBytes(state["salt"]));
    return state;
Exemple #40
0
def SRP_step6(state):
    S = mypow(state["A"] * mypow(state["v"], state["u"], state["p"]),
              state["b"], state["p"])
    state["S_K"] = sha256(intToBytes(S)).digest()
    return state
Exemple #41
0
def simplified_SRP_step4(state):
    x = sha256(intToBytes(state["salt"]) + state["P"]).hexdigest();
    S = mypow(state["B"], state["a"] + state["u"] * int(x, 16), state["p"]);
    state["C_K"] = sha256(intToBytes(S)).digest();
    return state;