def main():
key = b'YELLOW SUBMARINE'
initialisation_vector = bytes(16 * [0])
cipher = AES_CBC(key, initialisation_vector)
assert cipher.decrypt(
loadChallengeData())[:33] == b"I'm back and I'm ringin' the bell"
def diffiehellman_mitm_sim(prime, base):
"""This function simulates an exchange between two parties, first using
Diffie Hillmann to exchange secret keys and then AES CBC to exchange
messages. However, the function uses yield functionality to simulate a man
in the middle attack.
"""
alice = {}
#Alice generates their public key an sends to 'bob'
alice['dh'] = DiffieHellman(prime,
base,
secret_key=secrets.randbelow(prime))
alice_pub = alice['dh'].gen_public_key()
(prime, base, key_for_bob) = yield (prime, base, alice_pub)
#bob recieves 'alice's' public key, generates their own public key and
#the shared key. Sends their public key ot 'alice'
bob = {
'dh': DiffieHellman(prime, base, secret_key=secrets.randbelow(prime))
}
bob_pup = bob['dh'].gen_public_key()
bob['dh'].gen_shared_key(key_for_bob)
key_for_alice = yield bob_pup
### Alice recieves Bob's public key, generates the shared key and encrypts
### message for bob
alice['dh'].gen_shared_key(key_for_alice)
alice['sha1'] = SHA1(bso.int_to_bytes(alice['dh'].shared_key))
alice['cipher'] = AES_CBC(alice['sha1'].digest()[:16],
secrets.token_bytes(16))
alice_ciphertext = alice['cipher'].encrypt(b'Message to Bob')
alice_ciphertext += alice['cipher'].IV
ciphertext_for_bob = yield alice_ciphertext
#Bob recieves the ciphertext, decrypts it and send a reply.
bob['sha1'] = SHA1(bso.int_to_bytes(bob['dh'].shared_key))
bob['cipher'] = AES_CBC(bob['sha1'].digest()[:16], secrets.token_bytes(16))
bob_ciphertext = bob['cipher'].encrypt(b'Message to Alice')
bob_ciphertext += bob['cipher'].IV
ciphertext_for_alice = yield bob_ciphertext
### Finally alice decrypts bobs reply
alice['cipher'].decrypt(ciphertext_for_alice[:-16],
ciphertext_for_alice[-16:])
def simulate_communication_with_dh_key(prime, base):
""" Simulates a communication between two parties who first exhanges key via
diffiehillman and encrypt messages using aes_cbc. Returns two messages, one
encrypted by each party
"""
alice = {}
alice['dh'] = DiffieHellman(prime, base, secret_key=secrets.randbelow(prime))
alice_pub = alice['dh'].gen_public_key()
#bob recieves alice's public key, generates their own public key and
#the shared key. Sends their public key ot alice
bob = {'dh':DiffieHellman(prime, base, secret_key=secrets.randbelow(prime))}
bob_pub = bob['dh'].gen_public_key()
bob['dh'].gen_shared_key(alice_pub)
### Alice recieves Bob's public key, generates the shared key and encrypts
### message for bob
alice['dh'].gen_shared_key(bob_pub)
alice['message'] = b'Message to Bob'
alice['sha1'] = SHA1(bso.int_to_bytes(alice['dh'].shared_key))
alice['cipher'] = AES_CBC(alice['sha1'].digest()[:16], secrets.token_bytes(16))
alice_ciphertext = alice['cipher'].encrypt(alice['message'])
alice_ciphertext += alice['cipher'].IV
#Bob encrypts his own ciphertext.
bob['message'] = b'Message to Alice'
bob['sha1'] = SHA1(bso.int_to_bytes(bob['dh'].shared_key))
bob['cipher'] = AES_CBC(bob['sha1'].digest()[:16], secrets.token_bytes(16))
bob_ciphertext = bob['cipher'].encrypt(bob['message'])
bob_ciphertext += bob['cipher'].IV
### Check decryption works
assert(bso.remove_padding_pkcs7(alice['cipher'].decrypt(bob_ciphertext[:-16], bob_ciphertext[-16:])) == bob['message'])
assert(bso.remove_padding_pkcs7(bob['cipher'].decrypt(alice_ciphertext[:-16], alice_ciphertext[-16:])) == alice['message'])
## return ciphertexts for the man in the middle to decrypt
return alice_ciphertext, bob_ciphertext
def encryption_orcle(plaintext):
"""Encrypts plaintext randomly using eith CBC or ECB with a random key.
Pads each end of the plaintext with random bytes. Use for testing a
function which detects which method is used. Returns a tuple of either
'ECB' or 'CBC' (depending on the method used) and also the
ciphertext"""
IV = bytes(16 * [0])
key = secrets.token_bytes(16)
#Randomly choose the amount of padding for the begining and end of the
# plaintext
front_pad_num = secrets.choice(range(5, 10))
back_pad_num = secrets.choice(range(5, 10))
plaintext = (secrets.token_bytes(front_pad_num) + plaintext +
secrets.token_bytes(back_pad_num))
cipher_mode = secrets.choice(['ECB', 'CBC'])
if cipher_mode == 'ECB':
cipher = AES_ECB(key)
else:
cipher = AES_CBC(key, IV)
return cipher_mode, cipher.encrypt(plaintext)
def main():
prime = 0xffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff
for base in [1, prime, prime - 1]:
messages = simulate_communication_with_dh_key(prime, base)
if base == prime:
secret_key = 0
else:
secret_key = 1
aes_key = SHA1(bso.int_to_bytes(secret_key)).digest()[:16]
malcolm = AES_CBC(aes_key, b'0'*16)
assert bso.remove_padding_pkcs7(malcolm.decrypt(messages[0][:-16], messages[0][-16:])) == b'Message to Bob'
assert bso.remove_padding_pkcs7(malcolm.decrypt(messages[1][:-16], messages[1][-16:])) == b'Message to Alice'
def main():
"""Simulate a man in the middle attack on Diffie Hellman key exchange"""
prime = 0xffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff
base = 2
connection = diffiehellman_mitm_sim(prime, base)
# intercept alices public key
prime, base, _ = next(connection)
# send prime instead of alices public key to bob. Recieve Bobs public key,
# which we forget as it is not needs. The shared kill will be 0.
connection.send((prime, base, prime))
#Send prime as bob's public key to alice. We have ensured that the shared
#hared secret key is 0. Recieve Alice's ciphertext for bob
ciphertext_a2b = connection.send(prime)
# decrypt
malcolm = AES_CBC(SHA1(bso.int_to_bytes(0)).digest()[:16], b'0' * 16)
messages = []
messages.append(
bso.remove_padding_pkcs7(
malcolm.decrypt(ciphertext_a2b[:-16], ciphertext_a2b[-16:])))
#Send the ciphertext to bob. Recieve his response
ciphertext_b2a = connection.send(ciphertext_a2b)
messages.append(
bso.remove_padding_pkcs7(
malcolm.decrypt(ciphertext_b2a[:-16], ciphertext_b2a[-16:])))
assert messages[0] == b'Message to Bob'
assert messages[1] == b'Message to Alice'
return
def decrypt(self, ciphertext):
plaintext = AES_CBC.decrypt(self, ciphertext)
plaintext = bso.remove_padding_pkcs7(plaintext)
return plaintext
def encrypt(self, plaintext):
plaintext = sops.remove_meta_chars(plaintext, "=;").encode()
return AES_CBC.encrypt(self, self.prepad + plaintext + self.postpad)
def __init__(self):
self.prepad = b"comment1=cooking%20MCs;userdata="
self.postpad = b";comment2=%20like%20a%20pound%20of%20bacon"
key = secrets.token_bytes(16)
AES_CBC.__init__(self, key, key)