def run_p10(): print('Problem 10') INPUT = b642b(open('set2p10.txt').read()) KEY = b'YELLOW SUBMARINE' IV = bytes(BLOCKSIZE) output = AES128_CBC_decrypt(IV + INPUT, KEY) print('First 3 lines of output:') for line in output.splitlines()[:3]: print(line.decode()) print()
yield c ctr += 1 CTR_TEST = b'hello potato, i am a cheese' def AES128_CTR_crypt(key, nonce, data): """ # Isn't this a hilarious test? >>> AES128_CTR_crypt(b'YELLOW SUBMARINE', 1, CTR_TEST) != CTR_TEST True >>> AES128_CTR_crypt(b'YELLOW SUBMARINE', 1, AES128_CTR_crypt(b'YELLOW SUBMARINE', 1, CTR_TEST)) == CTR_TEST True """ nonce = int2bytes(nonce, BLOCKSIZE//2) return bytes(x^y for x, y in zip(AES128_CTR_keystream(key, nonce), data)) P18_CIPHERTEXT = b642b( 'L77na/nrFsKvynd6HzOoG7GHTLXsTVu9qvY/2syLXzhPweyyMTJULu/6/kXX0KSvoOLSFQ==') P18_KEY = b'YELLOW SUBMARINE' P18_NONCE = 0 def run_p18(): print('Problem 18') print('Decryption:', AES128_CTR_crypt(P18_KEY, P18_NONCE, P18_CIPHERTEXT)) """ // ------------------------------------------------------------ 19. Break fixed-nonce CTR mode using substitions Take your CTR encrypt/decrypt function and fix its nonce value to 0. Generate a random AES key.
that last byte position. d. Make a dictionary of every possible last byte by feeding different strings to the oracle; for instance, "AAAAAAAA", "AAAAAAAB", "AAAAAAAC", remembering the first block of each invocation. e. Match the output of the one-byte-short input to one of the entries in your dictionary. You've now discovered the first byte of unknown-string. f. Repeat for the next byte. """ SECRET_SUFFIX_12 = b642b(""" Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkg aGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBq dXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUg YnkK """) KEY_12 = os.urandom(KEYSIZE) def secret_suffix_oracle(secret_suffix, data): return AES128_encrypt(pkcs7pad(data + secret_suffix, BLOCKSIZE), KEY_12) def p12_oracle(data): return secret_suffix_oracle(SECRET_SUFFIX_12, data) def find_block_size(oracle): def oracle_len(length): return len(oracle(bytes(length)))