def check_protocol_g1(state):
# B's public key is 1^b = 1.
# A's secret is (1)^a = 1.
# B's secret is (1)^b = 1
# In this case, Mallory doesn't need to modify ciphers,
# becasue A and B have the same shared secret.
# But Mallory gets to know their messages (and potentially
# inject her own)
m_secret = 1;
m_cipherkey, m_mackey = secretToKeys(intToBytes(m_secret));
m_plain_a = removePKCS7Padding(aes_cbc_dec(state["a_cipher"], m_cipherkey, state["a_iv"]));
m_plain_b = removePKCS7Padding(aes_cbc_dec(state["b_cipher"], m_cipherkey, state["b_iv"]));
assert(m_plain_a == state["a_received_plain"]);
assert(m_plain_b == state["b_received_plain"]);
def check_protocol_g1(state):
# B's public key is 1^b = 1.
# A's secret is (1)^a = 1.
# B's secret is (1)^b = 1
# In this case, Mallory doesn't need to modify ciphers,
# becasue A and B have the same shared secret.
# But Mallory gets to know their messages (and potentially
# inject her own)
m_secret = 1
m_cipherkey, m_mackey = secretToKeys(intToBytes(m_secret))
m_plain_a = removePKCS7Padding(
aes_cbc_dec(state["a_cipher"], m_cipherkey, state["a_iv"]))
m_plain_b = removePKCS7Padding(
aes_cbc_dec(state["b_cipher"], m_cipherkey, state["b_iv"]))
assert (m_plain_a == state["a_received_plain"])
assert (m_plain_b == state["b_received_plain"])
def message6_5_gp1(state):
# decrypt message from B's key, encrypt to A's key
state["m_plain_b"] = removePKCS7Padding(
aes_cbc_dec(state["b_cipher"], state["m_key_b"], state["b_iv"]))
state["b_cipher"] = aes_cbc_enc(addPKCS7Padding(state["m_plain_b"], 16),
state["m_key_a"], state["b_iv"])
return state
def message4_5(state):
# message 3.5 in the opposite order
cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
plain = removePKCS7Padding(aes_cbc_dec(state["b_cipher"], cipherkey, state["b_iv"]));
cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["b_iv"]);
state["b_cipher"] = cipher;
return state;
def message4_5(state):
# message 3.5 in the opposite order
cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
plain = removePKCS7Padding(
aes_cbc_dec(state["b_cipher"], cipherkey, state["b_iv"]))
cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["b_iv"])
state["b_cipher"] = cipher
return state
def message3_5(state):
# A's secret is p^a = (g^1) ^ a = A
cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
plain = removePKCS7Padding(aes_cbc_dec(state["a_cipher"], cipherkey, state["a_iv"]));
# B's secret is p^b = (g^1)^b = B
cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["a_iv"]);
state["a_cipher"] = cipher;
return state;
def message6(state):
secret = mypow(state["A"], state["b"], state["p"]);
state["b_cipherkey"], state["b_mackey"] = secretToKeys(intToBytes(secret));
b_iv = generateAESKey();
received_message = removePKCS7Padding(aes_cbc_dec(state["a_cipher"], state["b_cipherkey"], state["a_iv"]));
b_cipher = aes_cbc_enc(addPKCS7Padding(received_message, 16), state["b_cipherkey"], b_iv);
state["b_cipher"] = b_cipher;
state["b_iv"] = b_iv;
state["b_received_plain"] = received_message;
return state;
def message3_5(state):
# A's secret is p^a = (g^1) ^ a = A
cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
plain = removePKCS7Padding(
aes_cbc_dec(state["a_cipher"], cipherkey, state["a_iv"]))
# B's secret is p^b = (g^1)^b = B
cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["a_iv"])
state["a_cipher"] = cipher
return state
def message6(state):
secret = mypow(state["A"], state["b"], state["p"]);
state["b_cipherkey"], state["b_mackey"] = secretToKeys(intToBytes(secret));
b_iv = generateAESKey();
received_message = removePKCS7Padding(aes_cbc_dec(state["a_cipher"], state["b_cipherkey"], state["a_iv"]));
b_cipher = aes_cbc_enc(addPKCS7Padding(received_message, 16), state["b_cipherkey"], b_iv);
state["b_cipher"] = b_cipher;
state["b_iv"] = b_iv;
state["b_received_plain"] = received_message;
print("B->A Send AES-CBC(SHA1(s)[0:16], iv=random(16), A's msg) + iv");
return state;
def message3_5(state):
# A's secret is p^a = (g^1) ^ a = A
cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
plain = removePKCS7Padding(aes_cbc_dec(state["a_cipher"], cipherkey, state["a_iv"]));
# B's secret is p^b = (g^1)^b = B
cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["a_iv"]);
state["a_cipher"] = cipher;
print("A->M Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv");
#print(state);
print('-'*64);
return state;
def message6(state):
secret = mypow(state["A"], state["b"], state["p"])
state["b_cipherkey"], state["b_mackey"] = secretToKeys(intToBytes(secret))
b_iv = generateAESKey()
received_message = removePKCS7Padding(
aes_cbc_dec(state["a_cipher"], state["b_cipherkey"], state["a_iv"]))
b_cipher = aes_cbc_enc(addPKCS7Padding(received_message, 16),
state["b_cipherkey"], b_iv)
state["b_cipher"] = b_cipher
state["b_iv"] = b_iv
state["b_received_plain"] = received_message
return state
def message4_5(state):
# message 3.5 in the opposite order
cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
plain = removePKCS7Padding(aes_cbc_dec(state["b_cipher"], cipherkey, state["b_iv"]));
cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["b_iv"]);
state["b_cipher"] = cipher;
print("B->M Send AES-CBC(SHA1(s)[0:16], iv=random(16), A's msg) + iv");
print("M->A Relay that to A");
#print(state);
print('-'*64);
return state;
def message3_5(state):
# A's secret is p^a = (g^1) ^ a = A
cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
plain = removePKCS7Padding(
aes_cbc_dec(state["a_cipher"], cipherkey, state["a_iv"]))
# B's secret is p^b = (g^1)^b = B
cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["a_iv"])
state["a_cipher"] = cipher
print(
"A->M Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv")
#print(state);
print('-' * 64)
return state
def message6(state):
secret = mypow(state["A"], state["b"], state["p"])
state["b_cipherkey"], state["b_mackey"] = secretToKeys(intToBytes(secret))
b_iv = generateAESKey()
received_message = removePKCS7Padding(
aes_cbc_dec(state["a_cipher"], state["b_cipherkey"], state["a_iv"]))
b_cipher = aes_cbc_enc(addPKCS7Padding(received_message, 16),
state["b_cipherkey"], b_iv)
state["b_cipher"] = b_cipher
state["b_iv"] = b_iv
state["b_received_plain"] = received_message
print(
"B->A Send AES-CBC(SHA1(s)[0:16], iv=random(16), A's msg) + iv"
)
return state
def message4_5(state):
# message 3.5 in the opposite order
cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
plain = removePKCS7Padding(
aes_cbc_dec(state["b_cipher"], cipherkey, state["b_iv"]))
cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["b_iv"])
state["b_cipher"] = cipher
print(
"B->M Send AES-CBC(SHA1(s)[0:16], iv=random(16), A's msg) + iv"
)
print("M->A Relay that to A")
#print(state);
print('-' * 64)
return state
recoveredPlaintext = x.to_bytes(1, byteorder='big') + recoveredPlaintext;
# move to next value of i
break;
# not the right x, iterate.
# if we've gone through all the x values, there's an error
if (x == 255):
print("ERROR finding good padding");
# end for x in range(256)
# end for i in range(len(rawBlock))
return recoveredPlaintext
def recoverPlaintext():
targetCipher, iv = encryptString();
targetBlocks = chunks(targetCipher, 16);
plaintext = b'';
for i in range(len(targetBlocks)):
plaintext += recoverBlock(targetBlocks[i], iv);
iv = targetBlocks[i];
return plaintext;
if __name__ == "__main__":
rawPlaintext = recoverPlaintext();
print(b'Raw Plaintext: ' + rawPlaintext);
unpaddedPlaintext = removePKCS7Padding(rawPlaintext);
print(b'Padding removed: ' + unpaddedPlaintext);
def final(state):
state["a_received_plain"] = removePKCS7Padding(aes_cbc_dec(state["b_cipher"], state["a_cipherkey"], state["b_iv"]));
return state;
def message6_5_gp1(state):
# decrypt message from B's key, encrypt to A's key
state["m_plain_b"] = removePKCS7Padding(aes_cbc_dec(state["b_cipher"], state["m_key_b"], state["b_iv"]));
state["b_cipher"] = aes_cbc_enc(addPKCS7Padding(state["m_plain_b"], 16), state["m_key_a"], state["b_iv"]);
return state;
def final(state):
state["a_received_plain"] = removePKCS7Padding(
aes_cbc_dec(state["b_cipher"], state["a_cipherkey"], state["b_iv"]))
return state
