def challenge_27_check_decrypt(ciphertext, key):
# Obtain plaintext
deciphered = set2.decrypt_aes_cbc(ciphertext, key, iv=key, unpad=False)
# Check if text contains high ASCII values
for byte in deciphered:
if byte > 128:
raise ValueError("Invalid ASCII obtained in text", deciphered)
return True
def receive_msg(self, inp):
(ciphertext, iv) = inp
# Decrypt received message
msg = set2.decrypt_aes_cbc(key=hashlib.sha1(long_to_bytes(self.s)).digest()[0:16], iv=iv, text=ciphertext)
# Send plaintext using SHA1 hash of shared secret as key, generated IV as IV
iv = set2.random_bytes(16)
ciphertext = set2.encrypt_aes_cbc(key=hashlib.sha1(long_to_bytes(self.s)).digest()[0:16], iv=iv, text=msg)
# Send ciphertext with IV
return ciphertext, iv
def challenge_17():
# Initialise key
key = set2.random_bytes(16)
# Call function_1 to get random ciphertext with IV used
ciphertext, iv = function_1(key)
# For verification purposes, decrypt given ciphertext with key
expected = set2.decrypt_aes_cbc(ciphertext, key, iv)
print('Expected: {}'.format(expected))
# Initialise oracle function
oracle = lambda x: function_2(x, key, iv)
# Run oracle attack
result = aes_oracle_attack(oracle, ciphertext, iv)
print('Found: {}'.format(bytes(result)))
# Verify found answer equals what we're expecting
assert_true(result == expected)
print("")
def decrypt_message(self):
# We know s = 0, because Alice thinks B = p = 0 (mod p), and Bob thinks A = p = 0 (mod p)
key_candidates = []
if self.g_prime == 1:
# A=g^a, B=g'^b=1
# s_a=B^a=1^a=1, s_b=A^b=?
key_candidates = [1]
if self.g_prime == self.p:
# A=g^a, B=g'^b=0
# s_a=0^a=0^a=0, s_b=A^b=?
key_candidates = [0]
if self.g_prime == self.p-1:
# A=g^a, B=g'^b=(-1)^b={either 1 or -1}
# s_a=B^a={either 1 or -1}, s_b=A^b=?
key_candidates = [1, -1]
for key in key_candidates:
try:
return set2.pkcs7_remove_padding(set2.decrypt_aes_cbc(text=self.msg, key=hashlib.sha1(long_to_bytes(key)).digest()[0:16], iv=self.iv, unpad=False))
except ValueError:
continue
return None #raise ValueError("Decryption failed (keys tried: {})".format(key_candidates))
def verify_echo(self, inp):
(ciphertext, iv) = inp
# Decrypt received message
msg = set2.decrypt_aes_cbc(key=hashlib.sha1(long_to_bytes(self.s)).digest()[0:16], iv=iv, text=ciphertext)
# Verify message is the one that was sent
return msg == self.msg
def decrypt_message(self):
# We know s = 0, because Alice thinks B = p = 0 (mod p), and Bob thinks A = p = 0 (mod p)
return set2.decrypt_aes_cbc(text=self.msg, key=hashlib.sha1(long_to_bytes(0)).digest()[0:16], iv=self.iv)