コード例 #1
0
def aes_encode(block, key):
    block = pad_bits_append(block, len(key))
    # the pycrypto library expects the key and block in 8 bit ascii 
    # encoded strings so we have to convert from the bit array
    block = bits_to_string(block)
    key = bits_to_string(key)
    ecb = AES.new(key.encode("latin-1"), AES.MODE_ECB)
    return string_to_bits(str(ecb.encrypt(block.encode("latin-1")), encoding="latin-1"))
コード例 #2
0
def aes_encode(block, key):
    block = pad_bits_append(block, len(key))
    # the pycrypto library expects the key and block in 8 bit ascii
    # encoded strings so we have to convert from the bit array
    block = bits_to_string(block)
    key = bits_to_string(key)
    ecb = AES.new(key.encode("latin-1"), AES.MODE_ECB)
    return string_to_bits(
        str(ecb.encrypt(block.encode("latin-1")), encoding="latin-1"))
コード例 #3
0
def deliver_hint(recipient, hint_str):
    """
    Establish an encrypted session with the specified recipient
    and send hint_str.
    """
    initialization_response = initialize(recipient[0])
    session_token = initialization_response['token']

    pg = get_pg()
    p = int(pg['p'], 16)
    g = int(pg['g'], 16)

    eve_key_response_int = pow(g, X_EVE, p)
    eve_key_response = hex(eve_key_response_int)[2:]  # chop off the "0x"

    key_received_response = send_key(recipient[0], session_token,
                                     eve_key_response, "Eve")

    (ctr_key,
     ctr_nonce) = get_ctr_info(X_EVE, int(initialization_response['public'],
                                          16))

    initial_message = receive_msg(recipient[0], session_token)

    decrypted_message = counter_mode_encrypt(initial_message['msg'], ctr_key,
                                             initial_message['iv'], ctr_nonce)
    decrypted_message_str = bits_to_string(decrypted_message)
    print("decrypted_message_str", decrypted_message_str)

    hint_hex = hex(bits_to_int(string_to_bits(hint_str)))[2:]
    encrypted_hint = counter_mode_encrypt(hint_hex, ctr_key,
                                          initial_message['iv'], ctr_nonce)
    encrypted_hint_hex = hex(bits_to_int(encrypted_hint))[2:]

    response = send_msg(recipient[0], session_token, encrypted_hint_hex,
                        initial_message['iv'])

    decrypted_message = counter_mode_encrypt(response['reply']['msg'], ctr_key,
                                             response['reply']['iv'],
                                             ctr_nonce)
    decrypted_message_str = bits_to_string(decrypted_message)
    print("decrypted_message_str", decrypted_message_str)
コード例 #4
0
def deliver_hint(recipient, hint_str):
    """
    Establish an encrypted session with the specified recipient
    and send hint_str.
    """
    initialization_response = initialize(recipient[0])
    session_token = initialization_response['token']
    
    pg = get_pg()
    p = int(pg['p'], 16)
    g = int(pg['g'], 16)

    eve_key_response_int = pow(g, X_EVE, p)
    eve_key_response = hex(eve_key_response_int)[2:] # chop off the "0x"
    
    key_received_response = send_key(recipient[0], session_token,
            eve_key_response, "Eve")
    
    (ctr_key, ctr_nonce) = get_ctr_info(X_EVE, int(initialization_response['public'], 16))
    
    initial_message = receive_msg(recipient[0], session_token)
    
    
    decrypted_message = counter_mode_encrypt(initial_message['msg'], ctr_key, initial_message['iv'], ctr_nonce)
    decrypted_message_str = bits_to_string(decrypted_message)
    print("decrypted_message_str", decrypted_message_str)
    
    hint_hex = hex(bits_to_int(string_to_bits(hint_str)))[2:]
    encrypted_hint = counter_mode_encrypt(hint_hex, ctr_key, initial_message['iv'], ctr_nonce)
    encrypted_hint_hex = hex(bits_to_int(encrypted_hint))[2:]
    
    response = send_msg(recipient[0], session_token,
            encrypted_hint_hex, initial_message['iv'])
    
    decrypted_message = counter_mode_encrypt(response['reply']['msg'], ctr_key, response['reply']['iv'], ctr_nonce)
    decrypted_message_str = bits_to_string(decrypted_message)
    print("decrypted_message_str", decrypted_message_str)
コード例 #5
0
ファイル: breakRSA.py プロジェクト: UrsaEli/miscellaneous
def retrieve_plaintext(ciphertext, private_key, n):
    """
    Given the specified ciphertext string encrypted using the specified private_key
    and n value, returns the decrypted plaintext.  Removes oaep if necessary.
    """
    ciphertext_bits = pad_bits(string_to_bits(ciphertext), MESSAGE_CHARS * ASCII_BITS)
    ciphertext_int = bits_to_int(ciphertext_bits)
    padded_plaintext_int = pow(ciphertext_int, private_key, n)

    # If the message wasn't padded, we'll detect that here.
    padded_plaintext_bits = pad_bits(convert_to_bits(padded_plaintext_int), len(ciphertext_bits))
    plaintext_string = bits_to_string(padded_plaintext_bits).strip('\x00')
    if is_valid_message(plaintext_string):
        return plaintext_string
    else:
        return remove_oaep_from_plaintext(padded_plaintext_int, n)
コード例 #6
0
def get_ctr_info(private_value, received_public_value):
    """
    Calculates shared secret and returns (key, nonce) for use with AES-CTR
    Expects parameters to be ints.  Returns key and nonce as hex strings.
    """
    pg = get_pg()
    p = int(pg['p'], 16)    

    shared_secret = pow(received_public_value, private_value, p)
    shared_secret_bits = pad_to_block(convert_to_bits(shared_secret), ASCII_BITS)
    shared_secret_bytestring = bits_to_string(shared_secret_bits).encode(encoding='latin-1')
    shared_secret_hash = sha1(shared_secret_bytestring).hexdigest()
    assert len(shared_secret_hash) == 40
    
    # sha1 generates hash of 20 bytes.  Use first 16 bytes for the key and last 4 for the nonce
    key = shared_secret_hash[0:32]
    nonce = shared_secret_hash[32:40]
    return (key, nonce)
コード例 #7
0
ファイル: breakRSA.py プロジェクト: emmonspired/miscellaneous
def retrieve_plaintext(ciphertext, private_key, n):
    """
    Given the specified ciphertext string encrypted using the specified private_key
    and n value, returns the decrypted plaintext.  Removes oaep if necessary.
    """
    ciphertext_bits = pad_bits(string_to_bits(ciphertext),
                               MESSAGE_CHARS * ASCII_BITS)
    ciphertext_int = bits_to_int(ciphertext_bits)
    padded_plaintext_int = pow(ciphertext_int, private_key, n)

    # If the message wasn't padded, we'll detect that here.
    padded_plaintext_bits = pad_bits(convert_to_bits(padded_plaintext_int),
                                     len(ciphertext_bits))
    plaintext_string = bits_to_string(padded_plaintext_bits).strip('\x00')
    if is_valid_message(plaintext_string):
        return plaintext_string
    else:
        return remove_oaep_from_plaintext(padded_plaintext_int, n)
コード例 #8
0
def _verify(bills, nonces, value):
    """
    # Returns True if all of the bills have the value specified,
    # False otherwise
    """
    print("Doing verification for", len(bills), "bills")
    for bill, nonce in zip(bills, nonces):
        unblinded_bill = unblind_bill(bill, nonce, cutchoose.BANK_PUBLIC_KEY[0],
                cutchoose._BANK_PRIVATE_KEY, cutchoose.BANK_PUBLIC_KEY[1])
        unblinded_bill_str = bits_to_string(pad_to_block(convert_to_bits(unblinded_bill), ASCII_BITS))
        unblinded_bill_value = cutchoose.bill_value(unblinded_bill_str)
        print("unblinded bill_str is", unblinded_bill_str)
        
        if not unblinded_bill_value == value:
            print("bill", unblinded_bill_str, "has value", unblinded_bill_value, "but expected", value)
            return False
    
    print("Bills passed verification")
    return True
コード例 #9
0
def get_ctr_info(private_value, received_public_value):
    """
    Calculates shared secret and returns (key, nonce) for use with AES-CTR
    Expects parameters to be ints.  Returns key and nonce as hex strings.
    """
    pg = get_pg()
    p = int(pg['p'], 16)

    shared_secret = pow(received_public_value, private_value, p)
    shared_secret_bits = pad_to_block(convert_to_bits(shared_secret),
                                      ASCII_BITS)
    shared_secret_bytestring = bits_to_string(shared_secret_bits).encode(
        encoding='latin-1')
    shared_secret_hash = sha1(shared_secret_bytestring).hexdigest()
    assert len(shared_secret_hash) == 40

    # sha1 generates hash of 20 bytes.  Use first 16 bytes for the key and last 4 for the nonce
    key = shared_secret_hash[0:32]
    nonce = shared_secret_hash[32:40]
    return (key, nonce)
コード例 #10
0
def lfsr_decrypt(ciphertext, lfsr):
    """
    Attempts to obtain the plaintext string corresponding
    to the encrypted hexadecimal string in ciphertext by xoring
    with a keystream produced by lfsr.
    Returns the resulting plaintext string.
    """
    ciphertext_bits = hex_string_to_bits(ciphertext)
    keystream_bits = lfsr.get_output_bits(len(ciphertext_bits))
    assert len(keystream_bits) == len(ciphertext_bits)
    assert keystream_bits == SAMPLE_LFSR_OUTPUT[:len(ciphertext_bits)]
    
    for i in range(LFSR_DECRYPTION_ATTEMPTS):
        potential_plaintext_bits = xor(ciphertext_bits, keystream_bits)
        potential_plaintext_str = bits_to_string(potential_plaintext_bits)
        if is_valid_message(potential_plaintext_str):
            return potential_plaintext_str
            
        keystream_bits = keystream_bits[1:] + [lfsr.get_next_output()]
    
    return None
コード例 #11
0
def lfsr_decrypt(ciphertext, lfsr):
    """
    Attempts to obtain the plaintext string corresponding
    to the encrypted hexadecimal string in ciphertext by xoring
    with a keystream produced by lfsr.
    Returns the resulting plaintext string.
    """
    ciphertext_bits = hex_string_to_bits(ciphertext)
    keystream_bits = lfsr.get_output_bits(len(ciphertext_bits))
    assert len(keystream_bits) == len(ciphertext_bits)
    assert keystream_bits == SAMPLE_LFSR_OUTPUT[:len(ciphertext_bits)]

    for i in range(LFSR_DECRYPTION_ATTEMPTS):
        potential_plaintext_bits = xor(ciphertext_bits, keystream_bits)
        potential_plaintext_str = bits_to_string(potential_plaintext_bits)
        if is_valid_message(potential_plaintext_str):
            return potential_plaintext_str

        keystream_bits = keystream_bits[1:] + [lfsr.get_next_output()]

    return None
コード例 #12
0
ファイル: breakRSA.py プロジェクト: UrsaEli/miscellaneous
def decrypt_by_public_key_root(public_key, n, ciphertext):
    ciphertext_bits = string_to_bits(ciphertext)
    ciphertext_int = bits_to_int(ciphertext_bits)
    
    PUBLIC_KEY_ROOT_ATTEMPTS = 10
    for i in range(PUBLIC_KEY_ROOT_ATTEMPTS):
        plaintext_root_result = gmpy2.iroot(gmpy2.mpz(ciphertext_int + i * n), public_key)
        if plaintext_root_result[1]:
            plaintext_int = int(plaintext_root_result[0])
            assert pow(plaintext_int, public_key) == ciphertext_int + i * n              
            print("Found integer root of message")
                
            plaintext_bits = pad_bits(convert_to_bits(plaintext_int), MESSAGE_CHARS * ASCII_BITS)
            plaintext_string = bits_to_string(plaintext_bits).strip('\x00')

            assert is_valid_message(plaintext_string)
            return plaintext_string
        else:
            print("Root result is non-integer")

    print("Unable to decrypt by taking private key root")
    return None
コード例 #13
0
ファイル: breakRSA.py プロジェクト: UrsaEli/miscellaneous
def remove_oaep_from_plaintext(oaep_padded_plaintext_int, n):
    """
    Given the specified plaintext integer padded using OAEP, returns the
    corresponding plaintext string with OAEP removed.  n gives the parameter from
    the RSA operation ciphertext = plaintext ^ public_key (mod n) used to encrypt
    the message.  This parameter is required because the message produced by the RSA
    decryption operation m = plaintext ^ private_key (mod n) can be any of
    plaintext + i * n where i is in {0, 1, 2, ...}.
    Therefore we'll keep trying different guesses of i until one of them
    (hopefully) produces a valid message.
    Returns None if unable to recover a valid plaintext string.
    """
    MAX_OAEP_REMOVAL_TRIES = 10
    for i in range(MAX_OAEP_REMOVAL_TRIES):
        g = (MESSAGE_CHARS * ASCII_BITS) // 2
        h = (MESSAGE_CHARS * ASCII_BITS) // 2
        plaintext_bits = oaep.decode_oaep(int(oaep_padded_plaintext_int + n * i), g, h)

        plaintext_string = bits_to_string(plaintext_bits).strip('\x00')
        if is_valid_message(plaintext_string):
            return plaintext_string
            
    return None
コード例 #14
0
def _verify(bills, nonces, value):
    """
    # Returns True if all of the bills have the value specified,
    # False otherwise
    """
    print("Doing verification for", len(bills), "bills")
    for bill, nonce in zip(bills, nonces):
        unblinded_bill = unblind_bill(bill, nonce,
                                      cutchoose.BANK_PUBLIC_KEY[0],
                                      cutchoose._BANK_PRIVATE_KEY,
                                      cutchoose.BANK_PUBLIC_KEY[1])
        unblinded_bill_str = bits_to_string(
            pad_to_block(convert_to_bits(unblinded_bill), ASCII_BITS))
        unblinded_bill_value = cutchoose.bill_value(unblinded_bill_str)
        print("unblinded bill_str is", unblinded_bill_str)

        if not unblinded_bill_value == value:
            print("bill", unblinded_bill_str, "has value",
                  unblinded_bill_value, "but expected", value)
            return False

    print("Bills passed verification")
    return True
コード例 #15
0
ファイル: breakRSA.py プロジェクト: emmonspired/miscellaneous
def remove_oaep_from_plaintext(oaep_padded_plaintext_int, n):
    """
    Given the specified plaintext integer padded using OAEP, returns the
    corresponding plaintext string with OAEP removed.  n gives the parameter from
    the RSA operation ciphertext = plaintext ^ public_key (mod n) used to encrypt
    the message.  This parameter is required because the message produced by the RSA
    decryption operation m = plaintext ^ private_key (mod n) can be any of
    plaintext + i * n where i is in {0, 1, 2, ...}.
    Therefore we'll keep trying different guesses of i until one of them
    (hopefully) produces a valid message.
    Returns None if unable to recover a valid plaintext string.
    """
    MAX_OAEP_REMOVAL_TRIES = 10
    for i in range(MAX_OAEP_REMOVAL_TRIES):
        g = (MESSAGE_CHARS * ASCII_BITS) // 2
        h = (MESSAGE_CHARS * ASCII_BITS) // 2
        plaintext_bits = oaep.decode_oaep(
            int(oaep_padded_plaintext_int + n * i), g, h)

        plaintext_string = bits_to_string(plaintext_bits).strip('\x00')
        if is_valid_message(plaintext_string):
            return plaintext_string

    return None
コード例 #16
0
ファイル: breakRSA.py プロジェクト: emmonspired/miscellaneous
def decrypt_by_public_key_root(public_key, n, ciphertext):
    ciphertext_bits = string_to_bits(ciphertext)
    ciphertext_int = bits_to_int(ciphertext_bits)

    PUBLIC_KEY_ROOT_ATTEMPTS = 10
    for i in range(PUBLIC_KEY_ROOT_ATTEMPTS):
        plaintext_root_result = gmpy2.iroot(gmpy2.mpz(ciphertext_int + i * n),
                                            public_key)
        if plaintext_root_result[1]:
            plaintext_int = int(plaintext_root_result[0])
            assert pow(plaintext_int, public_key) == ciphertext_int + i * n
            print("Found integer root of message")

            plaintext_bits = pad_bits(convert_to_bits(plaintext_int),
                                      MESSAGE_CHARS * ASCII_BITS)
            plaintext_string = bits_to_string(plaintext_bits).strip('\x00')

            assert is_valid_message(plaintext_string)
            return plaintext_string
        else:
            print("Root result is non-integer")

    print("Unable to decrypt by taking private key root")
    return None
コード例 #17
0
import lfsr
import binascii
import unit4_util

given_prng = [0, 0, 1, 0, 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0]

def xor(word1, word2):
    key = []
    for i in xrange(0, len(word1)):
        key.append(word1[i] ^ word2[i])
    return key

message = '8d801f00c7554d3980b0c4f400c1ebc572d86f57f48d322b8e7c3a1f01c531dbe772b77be5acd34bf1979b70089615ace253c4b01350f36f82215f164b7934fdd48a30'
m_bytes = binascii.unhexlify(message)
message_bits = unit4_util.string_to_bits(m_bytes)

# Use LFSR_A51_1 to generate another 200 bits for the PRNG
lfsr = lfsr.LFSR_A51_1(given_prng[1000-19:])
new_prng = given_prng[0:1000-19]
for _ in range(0, 2000):
    new_prng.append(lfsr.next_output_bit())

# Loop through each 2000 bit range of the PRNG and use it to try and decrypt the
# message. Examine each output message visually to find the interesting one
# (which is message 1000 incidentally)
for i in range(0, 2000):
    otp = new_prng[i:len(message_bits) + i]
    plaintext = xor(message_bits, otp)
    print i, unit4_util.bits_to_string(plaintext)
コード例 #18
0
    key corresponding to the specified private_key.
    """
    ciphertext_int = bits_to_int(ciphertext)
    plaintext_int = pow(ciphertext_int, private_key, n)
    return decode_oaep(plaintext_int + n, g, h)
    
def decode_oaep(oaep_padded_int, g, h):
    """
    Given the specified OAEP-padded plaintext as an integer (with OAEP using parameters
    g and h), returns the corresponding plaintext bits with the padding removed.
    """
    plaintext_bits = pad_bits(convert_to_bits(oaep_padded_int), g + h)
    
    first_chunk = plaintext_bits[0:g]
    second_chunk = plaintext_bits[g:g + h]

    assert len(plaintext_bits) == g + h
    assert len(first_chunk) == g
    assert len(second_chunk) == h

    first_chunk_H = hash(first_chunk, h)
    r = xor(first_chunk_H, second_chunk)
    G_r = hash(r, g)
    m_prime = xor(first_chunk, G_r)
    return m_prime    
    
if __name__ == "__main__":
    print("Decrypting...")
    plaintext_bits = decrypt(ciphertext, n, d, g, h)
    plaintext = bits_to_string(plaintext_bits).strip('\x00')
    print("Message:", plaintext)
コード例 #19
0
                                          initial_message['iv'], ctr_nonce)
    encrypted_hint_hex = hex(bits_to_int(encrypted_hint))[2:]

    response = send_msg(recipient[0], session_token, encrypted_hint_hex,
                        initial_message['iv'])

    decrypted_message = counter_mode_encrypt(response['reply']['msg'], ctr_key,
                                             response['reply']['iv'],
                                             ctr_nonce)
    decrypted_message_str = bits_to_string(decrypted_message)
    print("decrypted_message_str", decrypted_message_str)


if __name__ == "__main__":

    assert bits_to_string(hex_string_to_bits("53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67")) == \
            "Single block msg"

    print("Trying Test Vector #1")
    assert counter_mode_encrypt("53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67",
            "AE 68 52 F8 12 10 67 CC 4B F7 A5 76 55 77 F3 9E",
            "00 00 00 00 00 00 00 00",
            "00 00 00 30") == \
            hex_string_to_bits("E4 09 5D 4F B7 A7 B3 79 2D 61 75 A3 26 13 11 B8")

    print("Trying Test Vector #2")
    assert counter_mode_encrypt(
            "00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F" +
            "10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F",
            "7E 24 06 78 17 FA E0 D7 43 D6 CE 1F 32 53 91 63",
            "C0 54 3B 59 DA 48 D9 0B",
コード例 #20
0
def hash(input_, length):
    input_string = bits_to_string(input_).encode(encoding='latin-1')
    h = sha512(input_string).digest()
    return string_to_bits(h)[:length]
コード例 #21
0
def run_mitm_session(first, second):
    """
    Run a message exchange between the specified parties, but
    perform a MITM attack using a known private key for the
    exchange with each in order to snoop on the contents
    of the messages.
    """
    first_initialization_response = initialize(first[0])
    first_session_token = first_initialization_response['token']
    
    second_initialization_response = initialize(second[0])
    second_session_token = second_initialization_response['token']
    
    pg = get_pg()
    p = int(pg['p'], 16)
    g = int(pg['g'], 16)
    
    eve_key_response_int = pow(g, X_EVE, p)
    eve_key_response = hex(eve_key_response_int)[2:] # chop off the "0x"
    
    first_key_received_response = send_key(first[0], first_session_token,
            eve_key_response, second[1])
    second_key_received_response = send_key(second[0], second_session_token,
            eve_key_response, first[1])
    
    (first_ctr_key, first_ctr_nonce) = get_ctr_info(X_EVE, int(first_initialization_response['public'], 16))
    (second_ctr_key, second_ctr_nonce) = get_ctr_info(X_EVE, int(second_initialization_response['public'], 16))
    
    first_person_message = receive_msg(first[0], first_session_token)
    
    first_person_decrypted_message = counter_mode_encrypt(first_person_message['msg'], first_ctr_key, first_person_message['iv'], first_ctr_nonce)
    first_person_decrypted_message_str = bits_to_string(first_person_decrypted_message)
    first_person_decrypted_message_hex = hex(bits_to_int(first_person_decrypted_message))[2:]

    test_encrypted_message_bits = counter_mode_encrypt(first_person_decrypted_message_hex, first_ctr_key, first_person_message['iv'], first_ctr_nonce)
    test_encrypted_message_str = hex(bits_to_int(test_encrypted_message_bits))[2:]
    assert test_encrypted_message_str == first_person_message['msg']    

    # Set up the message to be sent through the MITM session with second person
    first_re_encrypted_message_bits = counter_mode_encrypt(first_person_decrypted_message_hex, second_ctr_key, first_person_message['iv'], second_ctr_nonce)
    first_re_encrypted_message_str = hex(bits_to_int(first_re_encrypted_message_bits))[2:]
    
    response = send_msg(second[0], second_session_token,
            first_person_message['msg'], first_person_message['iv'])
    
    recipient, sender = first, second
    recipient_session_token, sender_session_token = first_session_token, second_session_token
    recipient_ctr_key, sender_ctr_key = first_ctr_key, second_ctr_key
    recipient_ctr_nonce, sender_ctr_nonce = first_ctr_nonce, second_ctr_nonce
    
    while 'reply' in response and 'iv' in response['reply'] and len(response['reply']['iv']) > 0:    

        decrypted_response = counter_mode_encrypt(response['reply']['msg'],
                sender_ctr_key, response['reply']['iv'], sender_ctr_nonce)
        decrypted_response_str = bits_to_string(decrypted_response)
        print(sender[1], "decrypted_response_str", decrypted_response_str)
    
        response = send_msg(recipient[0], recipient_session_token,
                response['reply']['msg'], response['reply']['iv'])
        
        # Switch places
        recipient, sender = sender, recipient
        recipient_session_token, sender_session_token = sender_session_token, recipient_session_token
        recipient_ctr_key, sender_ctr_key = sender_ctr_key, recipient_ctr_key
        recipient_ctr_nonce, sender_ctr_nonce = sender_ctr_nonce, recipient_ctr_nonce
コード例 #22
0
def run_mitm_session(first, second):
    """
    Run a message exchange between the specified parties, but
    perform a MITM attack using a known private key for the
    exchange with each in order to snoop on the contents
    of the messages.
    """
    first_initialization_response = initialize(first[0])
    first_session_token = first_initialization_response['token']

    second_initialization_response = initialize(second[0])
    second_session_token = second_initialization_response['token']

    pg = get_pg()
    p = int(pg['p'], 16)
    g = int(pg['g'], 16)

    eve_key_response_int = pow(g, X_EVE, p)
    eve_key_response = hex(eve_key_response_int)[2:]  # chop off the "0x"

    first_key_received_response = send_key(first[0], first_session_token,
                                           eve_key_response, second[1])
    second_key_received_response = send_key(second[0], second_session_token,
                                            eve_key_response, first[1])

    (first_ctr_key, first_ctr_nonce) = get_ctr_info(
        X_EVE, int(first_initialization_response['public'], 16))
    (second_ctr_key, second_ctr_nonce) = get_ctr_info(
        X_EVE, int(second_initialization_response['public'], 16))

    first_person_message = receive_msg(first[0], first_session_token)

    first_person_decrypted_message = counter_mode_encrypt(
        first_person_message['msg'], first_ctr_key, first_person_message['iv'],
        first_ctr_nonce)
    first_person_decrypted_message_str = bits_to_string(
        first_person_decrypted_message)
    first_person_decrypted_message_hex = hex(
        bits_to_int(first_person_decrypted_message))[2:]

    test_encrypted_message_bits = counter_mode_encrypt(
        first_person_decrypted_message_hex, first_ctr_key,
        first_person_message['iv'], first_ctr_nonce)
    test_encrypted_message_str = hex(
        bits_to_int(test_encrypted_message_bits))[2:]
    assert test_encrypted_message_str == first_person_message['msg']

    # Set up the message to be sent through the MITM session with second person
    first_re_encrypted_message_bits = counter_mode_encrypt(
        first_person_decrypted_message_hex, second_ctr_key,
        first_person_message['iv'], second_ctr_nonce)
    first_re_encrypted_message_str = hex(
        bits_to_int(first_re_encrypted_message_bits))[2:]

    response = send_msg(second[0], second_session_token,
                        first_person_message['msg'],
                        first_person_message['iv'])

    recipient, sender = first, second
    recipient_session_token, sender_session_token = first_session_token, second_session_token
    recipient_ctr_key, sender_ctr_key = first_ctr_key, second_ctr_key
    recipient_ctr_nonce, sender_ctr_nonce = first_ctr_nonce, second_ctr_nonce

    while 'reply' in response and 'iv' in response['reply'] and len(
            response['reply']['iv']) > 0:

        decrypted_response = counter_mode_encrypt(response['reply']['msg'],
                                                  sender_ctr_key,
                                                  response['reply']['iv'],
                                                  sender_ctr_nonce)
        decrypted_response_str = bits_to_string(decrypted_response)
        print(sender[1], "decrypted_response_str", decrypted_response_str)

        response = send_msg(recipient[0], recipient_session_token,
                            response['reply']['msg'], response['reply']['iv'])

        # Switch places
        recipient, sender = sender, recipient
        recipient_session_token, sender_session_token = sender_session_token, recipient_session_token
        recipient_ctr_key, sender_ctr_key = sender_ctr_key, recipient_ctr_key
        recipient_ctr_nonce, sender_ctr_nonce = sender_ctr_nonce, recipient_ctr_nonce
コード例 #23
0
    
    hint_hex = hex(bits_to_int(string_to_bits(hint_str)))[2:]
    encrypted_hint = counter_mode_encrypt(hint_hex, ctr_key, initial_message['iv'], ctr_nonce)
    encrypted_hint_hex = hex(bits_to_int(encrypted_hint))[2:]
    
    response = send_msg(recipient[0], session_token,
            encrypted_hint_hex, initial_message['iv'])
    
    decrypted_message = counter_mode_encrypt(response['reply']['msg'], ctr_key, response['reply']['iv'], ctr_nonce)
    decrypted_message_str = bits_to_string(decrypted_message)
    print("decrypted_message_str", decrypted_message_str)
    
    
if __name__ == "__main__":
    
    assert bits_to_string(hex_string_to_bits("53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67")) == \
            "Single block msg"
            
    print("Trying Test Vector #1")
    assert counter_mode_encrypt("53 69 6E 67 6C 65 20 62 6C 6F 63 6B 20 6D 73 67",
            "AE 68 52 F8 12 10 67 CC 4B F7 A5 76 55 77 F3 9E",
            "00 00 00 00 00 00 00 00",
            "00 00 00 30") == \
            hex_string_to_bits("E4 09 5D 4F B7 A7 B3 79 2D 61 75 A3 26 13 11 B8")
            
    print("Trying Test Vector #2")
    assert counter_mode_encrypt(
            "00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F" +
            "10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F",
            "7E 24 06 78 17 FA E0 D7 43 D6 CE 1F 32 53 91 63",
            "C0 54 3B 59 DA 48 D9 0B",
コード例 #24
0
ファイル: hw_4_6.py プロジェクト: dfrezell/dfrezell
ii = [0, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]
ee = [e0, e2, e3, e4, e5, e6, e7, e8, e9, e10, e11, e12, e13, e14, e15]
nn = [n0, n2, n3, n4, n5, n6, n7, n8, n9, n10, n11, n12, n13, n14, n15]
cc = [c0, c2, c3, c4, c5, c6, c7, c8, c9, c10, c11, c12, c13, c14, c15]

import gmpy

# solution for message 1
for i, (e, c, n) in enumerate(zip(ee, cc, nn)):
    if e != 3:
        continue
    c = gmpy.mpz(c)
    (m, r) = gmpy.root(c, e)
    if r == 1:
        bm = convert_to_bits(m)
        print bits_to_string(pad_bits(bm, len(bm) + pad(len(bm))))

# solution for message 9
for i, (e, c, n) in enumerate(zip(ee, cc, nn)):
    if e != 3:
        continue
    for k in range(1, 32):
        c = gmpy.mpz(c) + k * gmpy.mpz(n)
        (m, r) = gmpy.root(c, e)
        if r == 1:
            bm = convert_to_bits(m)
            print bits_to_string(pad_bits(bm, len(bm) + pad(len(bm))))

# solution for 11 and 12
#for i, n_i in enumerate(nn):
#    for j, n_j in enumerate(nn):
コード例 #25
0
ファイル: 5.py プロジェクト: rrampage/udacity-code
def hash(input_, length):
    h = sha512(bits_to_string(input_)).digest()
    return string_to_bits(h)[:length]