def padding_is_valid(ciphertext, iv):
key = open('unknown_key.txt', 'r').read().splitlines()[0]
cipher = AES.new(key, AES.MODE_CBC, iv)
plaintext = cipher.decrypt(ciphertext)
try:
x = (strip_padding(plaintext))
except cryptopals.BadPadding as err:
return False
else:
return True
def padding_is_valid(ciphertext, iv):
key = open('unknown_key.txt', 'r').read().splitlines()[0]
cipher = AES.new(key, AES.MODE_CBC, iv)
plaintext = cipher.decrypt(ciphertext)
try:
x = (strip_padding(plaintext))
except cryptopals.BadPadding as err:
return False
else:
return True
def check_ciphertext(ciphertext):
key = open('unknown_key.txt', 'r').read().splitlines()[0]
my_iv = key
cipher = AES.new(key, AES.MODE_CBC, IV=my_iv)
blocksize = 16
plaintext = strip_padding(cipher.decrypt(my_iv + ciphertext)[blocksize:])
for character in plaintext:
if ord(character) > 127:
raise BadCharacter(plaintext)
if 'AUTHORIZED ADMIN' in plaintext:
print "Server thinks that:" + plaintext
return True
else:
print "Server thinks you are a normal user. Welcome!"
return False
def check_ciphertext(ciphertext):
key = open('unknown_key.txt', 'r').read().splitlines()[0]
my_iv = key
cipher = AES.new(key, AES.MODE_CBC, IV = my_iv)
blocksize = 16
plaintext = strip_padding(cipher.decrypt(my_iv + ciphertext)[blocksize:])
for character in plaintext:
if ord(character) > 127:
raise BadCharacter(plaintext)
if 'AUTHORIZED ADMIN' in plaintext:
print "Server thinks that:" + plaintext
return True
else:
print "Server thinks you are a normal user. Welcome!"
return False
# TODO: Problem 2.5 (13): ECB cut-and-paste
cryptopals.copypasta_attack()
# TODO: Problem 2.6 (14): Byte-at-a-time ECB decryption (Harder)
# Googling ``stimulus'' and ``response'' totally helped here :P
# http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Eng.pdf
consistent_key = cryptopals.random_aes_key()
random_prepend = cryptopals.random_length_bytes()
assert equals(
cryptopals.decrypt_magic_text_harder(solutions.problem_12, consistent_key, random_prepend),
solutions.soln_12
)
# TODO: Problem 2.7 (15): PKCS#7 padding validation
assert equals(
cryptopals.strip_padding(b'ICE ICE BABY\x04\x04\x04\x04'),
b'ICE ICE BABY'
)
try:
cryptopals.strip_padding(b'ICE ICE BABY\x05\x05\x05\x05')
assert equals(1,2)
except cryptopals.PaddingException:
pass
try:
cryptopals.strip_padding(b'ICE ICE BABY\x01\x02\x03\x04')
assert equals(1,2)
except cryptopals.PaddingException:
pass
for blocknum in range(len(ciph) / blocksize):
if blocknum == 0:
Ca = iv # There is smarter way, without the IF.
else:
Ca = ciph[blocksize * (blocknum - 1):blocksize * blocknum]
Cb = ciph[blocksize * blocknum:blocksize * (blocknum + 1)]
for n_bytes in range(1, blocksize + 1):
guess = ""
for charnum in range(2, 256): # Might be screwed if it is \x01
guess = chr(charnum)
b = Ca[-(n_bytes):]
g = guess + plaintext[blocknum] # p[b] will be incomplete
x = chr(n_bytes) * (n_bytes)
Cac = Ca[:-(n_bytes)] + cryptopals.xor_str(
cryptopals.xor_str(b, g), x)
if fakeserver.padding_is_valid(Cac + Cb, iv):
break
plaintext[blocknum] = guess + plaintext[blocknum]
output = cryptopals.strip_padding(''.join(plaintext))
print output
#### tests ####
assert (cryptopals.strip_padding(fakeserver.cheat(ciph, iv)) == output)
for i in range(100):
[ciph, iv] = fakeserver.random_ciphertext_iv()
assert (fakeserver.padding_is_valid(ciph, iv))
cryptopals.warn("Passed assertions (" + __file__ + ")")
