Esempio n. 1
0
def s2v(key, ad_list, block_size=16):
    """ SIV mode s2v integrity and iv generation
        ad_list is a list of strings that are included in the integrity check
        """
    if len(ad_list) == 0:
        return aes_cmac(key, (block_size-1)*"\00"+"\01")
    d = aes_cmac(key, block_size*"\00")
    for i in range( len(ad_list)-1 ):
        d = xor( dbl(d), aes_cmac(key, ad_list[i]) )
    
    if len( ad_list[-1] ) >= block_size: # last item
        t = ad_list[-1][:-block_size] + xor( ad_list[-1][-block_size:], d) # xorend
    else:
        t = xor( dbl(d), pad(ad_list[-1]) )
    return aes_cmac(key, t)
Esempio n. 2
0
def main(argv):
    cypher_texts = [common.hex_to_ascii(cypher_text) for cypher_text in files.read_lines(argv[0])]
    key          = encdec.many_time_pad_crack(cypher_texts, len(cypher_texts[10]))

    plain_text   = common.string_to_ascii('The secret message is: When using a stream cipher, never use the key more than once')
    new_key      = common.xor(plain_text, cypher_texts[10])


    print
    print 'Decrypt Many-time Pad Demo'
    print

    for i in xrange(len(cypher_texts)):
        print 'Message %2d = %s' % ((i + 1), common.ascii_to_string(common.xor(cypher_texts[i], key)))

    print
    print 'Make best guess and use to derive key'
    print

    for i in xrange(len(cypher_texts)):
        print 'Message %2d = %s' % ((i + 1), common.ascii_to_string(common.xor(cypher_texts[i], new_key)))

    print
Esempio n. 3
0
def siv_encrypt(key, pt, ad_list):
    """ """
    blksize=16 # AES block size
    keysize = len(key)/2  # SIV key is two keys of equal size for CMAC and CTR
    key1 = key[0:keysize]      # leftmost half of key
    key2 = key[-keysize:]      # rightmost half of key
    ad = ad_list + [pt]
    iv = s2v(key1, ad )
    q = string_to_int(iv) & 0xffffffffffffffff7fffffff7fffffffL # clear 32nd and 64th bits
    m = (len(pt)+blksize-1)/blksize
    x = ''
    aes = AES.new(key2, AES.MODE_ECB)
    for i in range(m):
        x = x + aes.encrypt( int_to_string(q+i, padto=blksize) )
    x = x[0:len(pt)]  #  trim x to leftmost to match plain text which may not be block aligned
    ct = xor(pt,x)
    return iv + ct    # concatenate initialization vector and cipher text
Esempio n. 4
0
def siv_decrypt(key, encrypted_string, ad_list):
    """ """
    blksize = 16 # AES block size
    iv = encrypted_string[:16]    # leftmost 128 bits (16 octets)
    ct = encrypted_string[16:]
    keysize = len(key)/2  # SIV key is two keys of equal size for CMAC and CTR
    key1 = key[0:keysize]      # leftmost half of key
    key2 = key[-keysize:]      # rightmost half of key
    q = string_to_int(iv)  & 0xffffffffffffffff7fffffff7fffffffL
    m = (len(ct)+blksize-1)/blksize
    x = ''
    aes = AES.new(key2, AES.MODE_ECB)
    for i in range(m):
        x = x + aes.encrypt( int_to_string(q+i, padto=blksize) )
    x = x = x[0:len(ct)]
    pt = xor(ct,x)
    ad = ad_list + [pt]
    t = s2v( key1, ad )
    if t == iv:
        return pt
    else:
        raise 'SIV Integrity Check Error'