def challenge35():
p = 197
g = 3
dh1 = DiffieHellman()
dh2 = DiffieHellman()
for fg in [1, p, p - 1]:
dh1._p = dh2._p = p
dh1._g = dh2._g = fg
A = dh1.gen_pub()
B = dh2.gen_pub()
dh2.gen_secret(A)
dh1.gen_secret(B)
message = b'hello, MITM'
key1 = hashlib.sha1(dh1.secret.to_bytes(64, 'big')).digest()[:16]
iv1 = os.urandom(16)
ct1 = set2.aes_cbc_encrypt(message, key1, iv1)
key2 = hashlib.sha1(dh2.secret.to_bytes(64, 'big')).digest()[:16]
iv2 = os.urandom(16)
message2 = set2.aes_cbc_decrypt(ct1, key2, iv1)
ct2 = set2.aes_cbc_encrypt(message2, key2, iv2)
message3 = set2.aes_cbc_decrypt(ct2, key1, iv2)
assert message == message3
if fg == 1:
s = 1
elif fg == p:
s = 0
else:
if A == p - 1 and B == p - 1:
s = p - 1
else:
s = 1
key3 = hashlib.sha1((s).to_bytes(64, 'big')).digest()[:16]
message4 = set2.aes_cbc_decrypt(ct1, key3, iv1)
assert message == message4
def challenge34():
p = 197
g = 3
dh1 = DiffieHellman()
dh2 = DiffieHellman()
dh1._p = dh2._p = p
dh1._g = dh2._g = g
A = dh1.gen_pub()
B = dh2.gen_pub()
#dh2.gen_secret(A)
dh2.gen_secret(p)
#dh1.gen_secret(B)
dh1.gen_secret(p)
message = b'hello, MITM'
key1 = hashlib.sha1(dh1.secret.to_bytes(64, 'big')).digest()[:16]
iv1 = os.urandom(16)
ct1 = set2.aes_cbc_encrypt(message, key1, iv1)
key2 = hashlib.sha1(dh2.secret.to_bytes(64, 'big')).digest()[:16]
iv2 = os.urandom(16)
message2 = set2.aes_cbc_decrypt(ct1, key2, iv1)
ct2 = set2.aes_cbc_encrypt(message2, key2, iv2)
message3 = set2.aes_cbc_decrypt(ct2, key1, iv2)
assert message == message3
key3 = hashlib.sha1((0).to_bytes(64, 'big')).digest()[:16]
message4 = set2.aes_cbc_decrypt(ct1, key3, iv1)
assert message == message4
def encryption_oracle(plaintext, key, blocksize=16):
app = ";comment2=%20like%20a%20pound%20of%20bacon"
prefix = "comment1=cooking%20MCs;userdata="
plaintext = clean(plaintext)
iv = Random.new().read(blocksize)
return iv + aes_cbc_encrypt(paddpkcs7(prefix + plaintext + app, blocksize),
key, iv)
def serve_cookie(iv=None):
'''
This function approximates AES-CBC encryption on a webserver. It serves up
a "new" cookie to the user so when they make a request on the server the server
can figure out who is talking to it.
'''
string_to_encode = challenge_17_strings[random.randint(0, len(challenge_17_strings) - 1)]
return aes_cbc_encrypt(string_to_encode, GLOBAL_RANDOM_KEY, iv=iv), iv
def encryption_oracle(plaintext, key, blocksize=16):
app = ";comment2=%20like%20a%20pound%20of%20bacon"
prefix = "comment1=cooking%20MCs;userdata="
plaintext = clean(plaintext)
# check 7bit ascii
iv = key
return aes_cbc_encrypt(paddpkcs7(prefix + plaintext + app, blocksize), key,
iv)
def aes_cbc_enc_oracle(k, plaintext):
s1 = "comment1=cooking%20MCs;userdata="
s2 = ";comment2=%20like%20a%20pound%20of%20bacon"
# strip ';' and '=' from plaintext
plaintext = plaintext.replace(';','')
plaintext = plaintext.replace('=','')
iv = k
return aes_cbc_encrypt(k, s1 + plaintext + s2, iv)
def test_challenge10():
text = b'We choose to go to the moon.'
key = b'YELLOW SUBMARINE'
iv = os.urandom(len(key))
ciphertext = set2.aes_cbc_encrypt(text, key, iv)
assert text == set2.aes_cbc_decrypt(ciphertext, key, iv)
with open('10.txt') as f:
b64string = f.read()
ciphertext = base64.b64decode(b64string.encode())
plaintext = set2.aes_cbc_decrypt(ciphertext, key, bytes(len(key)))
assert plaintext.startswith(b"I'm back and I'm ringin' the bell \n") and plaintext.endswith(b'funky music \n')
def challenge_27_encrypt(string_in):
for char_in in string_in:
if ord(char_in) > 127:
raise RuntimeError
to_return = 'comment1=cooking%20MCs;userdata=' + string_in.replace(
'=', '%3d').replace(
';', '%3b') + ';comment2=%20like%20a%20pound%20of%20bacon'
to_return = str.encode(to_return)
return aes_cbc_encrypt(to_return,
challenge_27_aes_key,
iv=challenge_27_aes_key)
def challenge27_encrypt(user_input):
user_input = user_input.replace(b';', b'%3B')
user_input = user_input.replace(b'=', b'%3D')
plaintext = b'comment1=cooking%20MCs;userdata=' + user_input
plaintext += b';comment2=%20like%20a%20pound%20of%20bacon'
return set2.aes_cbc_encrypt(plaintext, constants.key, constants.key)
def produce_ciphertext(plaintext, key):
blocksize = len(key)
iv = Random.new().read(blocksize)
return iv + aes_cbc_encrypt(paddpkcs7(plaintext, blocksize), key, iv)
def challange17_encrypt(plaintext):
iv = os.urandom(16)
ciphertext = set2.aes_cbc_encrypt(plaintext, constants.key, iv)
return ciphertext, iv
