def test_aes_fail_for_wrong_key(self):
k1 = utils.generate_aes_key(128)
k2 = utils.generate_aes_key(128)
clear_text = b'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod ' \
b'tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim ' \
b'veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea' \
b' commodo consequat. Duis aute irure dolor in reprehenderit in voluptate ' \
b'velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat' \
b' cupidatat non proident, sunt in culpa qui officia deserunt mollit anim ' \
b'id est laborum.'
encrypted = utils.aes_encrypt(clear_text, k1)
self.assertRaises(ValueError, lambda: utils.aes_decrypt(encrypted, k2))
def encryption_oracle(plain_text):
plain_text_ext = append_random_bytes(plain_text)
key = generate_aes_key()
if randint(0, 1):
cipher_text = aes128_ecb_encrypt(plain_text_ext, key)
print(info(f"Oracle: {lpurple('ECB')}"))
else:
iv = generate_aes_key()
cipher_text = aes128_cbc_encrypt(plain_text_ext, iv, key)
print(info(f"Oracle: {lblue('CBC')}"))
return cipher_text
async def execute(self):
await send_proto_msg(self._writer, self._make_hello())
peer_hello = PeerHello()
await recv_proto_msg(self._reader, peer_hello)
self.peer_pub_key = proto_to_pubkey(peer_hello.pub_key)
self.peer_serving_port = \
peer_hello.serving_port if peer_hello.serving_port > 0 else None
decrypted_challenge, challenge = make_rsa_challenge(self.peer_pub_key)
await send_proto_msg(self._writer, challenge)
rsa_challenge = RsaChallenge()
await recv_proto_msg(self._reader, rsa_challenge)
await send_proto_msg(self._writer, solve_rsa_challenge(self.own_rsa_key, rsa_challenge))
solved_challenge = RsaChallengeResponse()
await recv_proto_msg(self._reader, solved_challenge)
if not verify_rsa_challenge(decrypted_challenge, solved_challenge):
raise ConnectionError('RSA challenge solved incorrectly')
if self._is_key_smaller_than(self.own_rsa_key, self.peer_pub_key):
self.session_key = generate_aes_key(PEER_CONNECTION_KEY_SIZE)
cipher_rsa = PKCS1_OAEP.new(self.peer_pub_key)
await send_proto_msg(self._writer, AESKey(key=cipher_rsa.encrypt(self.session_key)))
else:
key_message = AESKey()
await recv_proto_msg(self._reader, key_message)
cipher_rsa = PKCS1_OAEP.new(self.own_rsa_key)
self.session_key = cipher_rsa.decrypt(key_message.key)
def encrypt_data():
key = generate_aes_key()
nonce = bytes([0]) * 8 # nonce forced to 0
f = open('sources/19.txt', 'r')
cipher_texts = []
n = 0
for line in f:
# print(n, a2b_base64(line), len(a2b_base64(line)))
cipher_text = aes128_ctr_cipher(a2b_base64(line), nonce, key)
cipher_texts.append(cipher_text)
n += 1
# Return an array of cipher_texts encrypted with the same key and nonce in CTR mode
return cipher_texts
async def _become_end_node(self, conn_request: bfcp_pb2.ConnectionRequest,
sender_key: RsaKey):
"""
Respond to a ConnectionRequest, saying that "I'll be the end node". And prepare to be one.
"""
# solve the challenge
h = SHA256.new(conn_request.signature_challenge)
solved_challenge = pkcs1_15.new(self._bfc_node.rsa_key).sign(h)
conn_resp = bfcp_pb2.ConnectionResponse()
conn_resp.uuid = conn_request.connection_params.uuid
conn_resp.selected_end_node.public_key.CopyFrom(
pubkey_to_proto(self._bfc_node.rsa_key.publickey()))
conn_resp.selected_end_node.last_known_address = self._bfc_node.host[0]
conn_resp.selected_end_node.last_port = self._bfc_node.host[1]
conn_resp.signature_challenge_response = solved_challenge
# Prepare the session key
session_key = utils.generate_aes_key(GLOBAL_VARS['OS_EN_KEY_SIZE'])
original_sender_pub_key = proto_to_pubkey(
conn_request.sender_connection_key)
cipher_rsa = PKCS1_OAEP.new(original_sender_pub_key)
encrypted_session_key = cipher_rsa.encrypt(session_key)
conn_resp.session_key.key = encrypted_session_key
# TODO: prev hops and en_conn are bound. This is quite nasty and hard to read.
prev_hops = []
en_conn = EndNodeConnection(self._traffic_manager,
conn_request.connection_params.uuid,
prev_hops, session_key)
self._en_conn[conn_request.connection_params.uuid] = (en_conn,
prev_hops)
await self._traffic_manager.send(conn_resp, sender_key)
ensure_future(
en_conn.initiate_connection((conn_request.target_server_address,
conn_request.target_server_port)))
def __init__(self):
self.key = generate_aes_key()
self.nonce = random_bytes(8)
def __init__(self, plain_text_data):
self.key = generate_aes_key()
self.data = plain_text_data
def __init__(self, data):
self.key = generate_aes_key()
self.data = data
self.random_bytes = urandom(randint(0, 15))
def __init__(self):
self.key = generate_aes_key()
def __init__(self):
self.key = generate_aes_key()
self.iv = random_bytes(16)