def test_forgery(self):
secret = random_word()
msg_to_attack = b"comment1=cooking%20MCs;userdata=foo;comment2=%20like%20a%20pound%20of%20bacon"
seal = seal_sha1(secret, msg_to_attack)
# Get the previous state of the function
blocks = [seal[i:i + 8] for i in range(0, 40, 8)]
self.assertEqual(seal, b''.join(blocks))
h0, h1, h2, h3, h4 = map(lambda x: int(x, 16), blocks)
# We have to guess the pad length
for i in range(400):
key_guess = b'X' * i
p = sha1_pad(key_guess + msg_to_attack)
extra = b";admin=true;"
original_byte_len = len(key_guess) + len(msg_to_attack) + len(
p) + len(extra)
s2 = sha1_restart(extra, original_byte_len, h0, h1, h2, h3, h4)
false_msg = msg_to_attack + p + extra
if confirm_seal_sha1(secret, s2, false_msg):
self.assertTrue("True", "We found a winner!")
return
self.fail("No solution")
def test_forgery(self):
secret = random_word()
msg_to_attack = b"comment1=cooking%20MCs;comment2=%20like%20a%20pound%20of%20bacon;userdata=foo"
seal = seal_md4(secret, msg_to_attack)
# Get the previous state of the function
blocks = [seal[i:i+8] for i in range(0, len(seal), 8)]
self.assertEqual(seal, b''.join(blocks))
A, B, C, D = struct.unpack('<IIII', binascii.unhexlify(seal))
# We have to guess the pad length
for i in range(400):
key_guess = b'X' * i
p = md4_pad(key_guess + msg_to_attack)
extra = b";admin=true;"
original_byte_len = len(key_guess) + len(msg_to_attack) + len(p) + len(extra)
s2 = md4_restart(extra, original_byte_len, A, B, C, D)
false_msg = msg_to_attack + p + extra
if confirm_seal_md4(secret, s2, false_msg):
self.assertTrue("True", "We found a winner!")
return
self.fail("No solution")
def test_sha1_message_length(self):
n_string = rand_n_string(100).encode()
h = seal_sha1(random_word(), n_string)
# https://en.wikipedia.org/wiki/SHA-1#SHA-1_pseudocode
# ml = message length in bits (always a multiple of the number of bits in a character).
# append ml, the original message length, as a 64-bit big-endian integer. # Thus, the total length is a multiple of 512 bits.
ml = int.from_bytes(h[-8:], 'big')
print(ml)
def test_sha1_seal(self):
secret = random_word()
seal = seal_sha1(secret, b"foobar")
self.assertFalse(confirm_seal_sha1(secret, seal, b"foobarr"))
self.assertTrue(confirm_seal_sha1(secret, seal, b"foobar"))
import http.server
import socketserver
from urllib.parse import urlparse
from urllib.parse import parse_qsl
from http import HTTPStatus
from multiprocessing import Process
from crypto.hmac import hmac_sha1
from util.bettercode import random_word
HOST = '127.0.0.1'
PORT = random.randint(7000, 9000)
URL = "http://" + HOST + ":" + str(PORT)
SECRET = random_word()
ARTIFICIAL_DELAY = 0.005
def insecure_compare(hmac: bytes, signature: bytes):
if len(hmac) != len(signature):
return False
for a, b in zip(hmac, signature):
if a != b:
return False
time.sleep(ARTIFICIAL_DELAY)
return True