def message6_5_gp1(state):
# decrypt message from B's key, encrypt to A's key
state["m_plain_b"] = removePKCS7Padding(
aes_cbc_dec(state["b_cipher"], state["m_key_b"], state["b_iv"]))
state["b_cipher"] = aes_cbc_enc(addPKCS7Padding(state["m_plain_b"], 16),
state["m_key_a"], state["b_iv"])
return state
def message5_5_gp1(state):
# (p-1) is essentially (-1)
# B's secret is (-1)^b which is either (+1) or (-1) (and also B)
# A's secret is (-1)^b^a, which is either (+1) or (-1),
# but not necessarily the same as B's secret
# thus, we may need to modify cipher
# use CBC padding to check validity of key
# check validity of cbc padding to determine which
# B's secret
cipherkey_plus1, mackey_plus1 = secretToKeys(intToBytes(1));
cipherkey_minus1, mackey_minus1 = secretToKeys(intToBytes(state["p"]-1));
plain_plus1 = aes_cbc_dec(state["a_cipher"], cipherkey_plus1, state["a_iv"])
plain_minus1 = aes_cbc_dec(state["a_cipher"], cipherkey_minus1, state["a_iv"])
plain = None;
try:
plain = checkAndRemovePKCS7Padding(plain_plus1)
state["m_key_a"] = cipherkey_plus1
except ValueError:
plain = checkAndRemovePKCS7Padding(plain_minus1)
state["m_key_a"] = cipherkey_minus1
state["m_plain_a"] = plain;
# encrypt to B's key
state["m_key_b"], b_mackey = secretToKeys(intToBytes(state["B"]))
state["a_cipher"] = aes_cbc_enc(addPKCS7Padding(plain, 16), state["m_key_b"], state["a_iv"]);
return state;
def message5(state):
message = b"Thomas, he's the cheeky one. James is vain but lots of fun!";
secret = mypow(state["B"], state["a"], group5_p);
state["a_cipherkey"], state["a_mackey"] = secretToKeys(intToBytes(secret));
state["a_iv"] = generateAESKey();
state["a_cipher"] = aes_cbc_enc(addPKCS7Padding(message, 16), state["a_cipherkey"], state["a_iv"]);
return state;
def message5_5_gp1(state):
# (p-1) is essentially (-1)
# B's secret is (-1)^b which is either (+1) or (-1) (and also B)
# A's secret is (-1)^b^a, which is either (+1) or (-1),
# but not necessarily the same as B's secret
# thus, we may need to modify cipher
# use CBC padding to check validity of key
# check validity of cbc padding to determine which
# B's secret
cipherkey_plus1, mackey_plus1 = secretToKeys(intToBytes(1))
cipherkey_minus1, mackey_minus1 = secretToKeys(intToBytes(state["p"] - 1))
plain_plus1 = aes_cbc_dec(state["a_cipher"], cipherkey_plus1,
state["a_iv"])
plain_minus1 = aes_cbc_dec(state["a_cipher"], cipherkey_minus1,
state["a_iv"])
plain = None
try:
plain = checkAndRemovePKCS7Padding(plain_plus1)
state["m_key_a"] = cipherkey_plus1
except ValueError:
plain = checkAndRemovePKCS7Padding(plain_minus1)
state["m_key_a"] = cipherkey_minus1
state["m_plain_a"] = plain
# encrypt to B's key
state["m_key_b"], b_mackey = secretToKeys(intToBytes(state["B"]))
state["a_cipher"] = aes_cbc_enc(addPKCS7Padding(plain, 16),
state["m_key_b"], state["a_iv"])
return state
def padAndEncryptString(s):
s = s.replace(";", "';'").replace("=", "'='")
strInput = prefix + s + suffix
rawInput = bytes(strInput, 'UTF-8')
rawOutput = aes_cbc_enc(addPKCS7Padding(rawInput, 16), global_aes_key,
global_iv)
return rawOutput
def message4_5(state):
# message 3.5 in the opposite order
cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
plain = removePKCS7Padding(aes_cbc_dec(state["b_cipher"], cipherkey, state["b_iv"]));
cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["b_iv"]);
state["b_cipher"] = cipher;
return state;
def message5(state):
message = b"Thomas, he's the cheeky one. James is vain but lots of fun!"
secret = mypow(state["B"], state["a"], group5_p)
state["a_cipherkey"], state["a_mackey"] = secretToKeys(intToBytes(secret))
state["a_iv"] = generateAESKey()
state["a_cipher"] = aes_cbc_enc(addPKCS7Padding(message, 16),
state["a_cipherkey"], state["a_iv"])
return state
def message5(state):
message = b"Thomas, he's the cheeky one. James is vain but lots of fun!";
secret = mypow(state["B"], state["a"], group5_p);
state["a_cipherkey"], state["a_mackey"] = secretToKeys(intToBytes(secret));
state["a_iv"] = generateAESKey();
state["a_cipher"] = aes_cbc_enc(addPKCS7Padding(message, 16), state["a_cipherkey"], state["a_iv"]);
print('A->B Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv');
return state;
def message4_5(state):
# message 3.5 in the opposite order
cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
plain = removePKCS7Padding(
aes_cbc_dec(state["b_cipher"], cipherkey, state["b_iv"]))
cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["b_iv"])
state["b_cipher"] = cipher
return state
def message3(state):
a_shared = mypow(state["B"], state["a"], state["p"]);
state["a_cipherkey"], state["a_mackey"] = secretToKeys(intToBytes(a_shared));
a_iv = generateAESKey();
message = b"mary had a little lamb"
a_cipher = aes_cbc_enc(addPKCS7Padding(message, 16), state["a_cipherkey"], a_iv);
state["a_cipher"] = a_cipher;
state["a_iv"] = a_iv;
return state;
def message3_5(state):
# A's secret is p^a = (g^1) ^ a = A
cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
plain = removePKCS7Padding(aes_cbc_dec(state["a_cipher"], cipherkey, state["a_iv"]));
# B's secret is p^b = (g^1)^b = B
cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["a_iv"]);
state["a_cipher"] = cipher;
return state;
def message3_5(state):
# A's secret is p^a = (g^1) ^ a = A
cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
plain = removePKCS7Padding(
aes_cbc_dec(state["a_cipher"], cipherkey, state["a_iv"]))
# B's secret is p^b = (g^1)^b = B
cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["a_iv"])
state["a_cipher"] = cipher
return state
def message5(state):
message = b"Thomas, he's the cheeky one. James is vain but lots of fun!"
secret = mypow(state["B"], state["a"], group5_p)
state["a_cipherkey"], state["a_mackey"] = secretToKeys(intToBytes(secret))
state["a_iv"] = generateAESKey()
state["a_cipher"] = aes_cbc_enc(addPKCS7Padding(message, 16),
state["a_cipherkey"], state["a_iv"])
print(
'A->B Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv')
return state
def message6(state):
secret = mypow(state["A"], state["b"], state["p"]);
state["b_cipherkey"], state["b_mackey"] = secretToKeys(intToBytes(secret));
b_iv = generateAESKey();
received_message = removePKCS7Padding(aes_cbc_dec(state["a_cipher"], state["b_cipherkey"], state["a_iv"]));
b_cipher = aes_cbc_enc(addPKCS7Padding(received_message, 16), state["b_cipherkey"], b_iv);
state["b_cipher"] = b_cipher;
state["b_iv"] = b_iv;
state["b_received_plain"] = received_message;
return state;
def message3(state):
a_shared = mypow(state["B"], state["a"], state["p"])
state["a_cipherkey"], state["a_mackey"] = secretToKeys(
intToBytes(a_shared))
a_iv = generateAESKey()
message = b"mary had a little lamb"
a_cipher = aes_cbc_enc(addPKCS7Padding(message, 16), state["a_cipherkey"],
a_iv)
state["a_cipher"] = a_cipher
state["a_iv"] = a_iv
return state
def message6(state):
secret = mypow(state["A"], state["b"], state["p"]);
state["b_cipherkey"], state["b_mackey"] = secretToKeys(intToBytes(secret));
b_iv = generateAESKey();
received_message = removePKCS7Padding(aes_cbc_dec(state["a_cipher"], state["b_cipherkey"], state["a_iv"]));
b_cipher = aes_cbc_enc(addPKCS7Padding(received_message, 16), state["b_cipherkey"], b_iv);
state["b_cipher"] = b_cipher;
state["b_iv"] = b_iv;
state["b_received_plain"] = received_message;
print("B->A Send AES-CBC(SHA1(s)[0:16], iv=random(16), A's msg) + iv");
return state;
def encryption_oracle(rawInput):
key = generateAESKey();
iv = generateAESKey();
prependAmount = 5 + (getOneRandomByte() % 6); #slight bias...
appendAmount = 5 + (getOneRandomByte() % 6); #slight bias...
plaintext = (b'x' * prependAmount) + rawInput + (b'y' * appendAmount);
if ((getOneRandomByte() & 0x1)):
return aes_ecb_enc(addPKCS7Padding(plaintext, 16), key);
else:
return aes_cbc_enc(addPKCS7Padding(plaintext, 16), key, iv);
def message3(state):
a_shared = mypow(state["B"], state["a"], state["p"]);
state["a_cipherkey"], state["a_mackey"] = secretToKeys(intToBytes(a_shared));
a_iv = generateAESKey();
message = b"mary had a little lamb"
a_cipher = aes_cbc_enc(addPKCS7Padding(message, 16), state["a_cipherkey"], a_iv);
state["a_cipher"] = a_cipher;
state["a_iv"] = a_iv;
print("3.A->B Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv");
#print(state);
print('-'*64);
return state;
def message4_5(state):
# message 3.5 in the opposite order
cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
plain = removePKCS7Padding(aes_cbc_dec(state["b_cipher"], cipherkey, state["b_iv"]));
cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["b_iv"]);
state["b_cipher"] = cipher;
print("B->M Send AES-CBC(SHA1(s)[0:16], iv=random(16), A's msg) + iv");
print("M->A Relay that to A");
#print(state);
print('-'*64);
return state;
def message3_5(state):
# A's secret is p^a = (g^1) ^ a = A
cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
plain = removePKCS7Padding(aes_cbc_dec(state["a_cipher"], cipherkey, state["a_iv"]));
# B's secret is p^b = (g^1)^b = B
cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["a_iv"]);
state["a_cipher"] = cipher;
print("A->M Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv");
#print(state);
print('-'*64);
return state;
def message6(state):
secret = mypow(state["A"], state["b"], state["p"])
state["b_cipherkey"], state["b_mackey"] = secretToKeys(intToBytes(secret))
b_iv = generateAESKey()
received_message = removePKCS7Padding(
aes_cbc_dec(state["a_cipher"], state["b_cipherkey"], state["a_iv"]))
b_cipher = aes_cbc_enc(addPKCS7Padding(received_message, 16),
state["b_cipherkey"], b_iv)
state["b_cipher"] = b_cipher
state["b_iv"] = b_iv
state["b_received_plain"] = received_message
return state
def encryption_oracle(rawInput):
key = generateAESKey()
iv = generateAESKey()
prependAmount = 5 + (getOneRandomByte() % 6)
#slight bias...
appendAmount = 5 + (getOneRandomByte() % 6)
#slight bias...
plaintext = (b'x' * prependAmount) + rawInput + (b'y' * appendAmount)
if ((getOneRandomByte() & 0x1)):
return aes_ecb_enc(addPKCS7Padding(plaintext, 16), key)
else:
return aes_cbc_enc(addPKCS7Padding(plaintext, 16), key, iv)
def message3(state):
a_shared = mypow(state["B"], state["a"], state["p"])
state["a_cipherkey"], state["a_mackey"] = secretToKeys(
intToBytes(a_shared))
a_iv = generateAESKey()
message = b"mary had a little lamb"
a_cipher = aes_cbc_enc(addPKCS7Padding(message, 16), state["a_cipherkey"],
a_iv)
state["a_cipher"] = a_cipher
state["a_iv"] = a_iv
print("3.A->B Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv")
#print(state);
print('-' * 64)
return state
def message3_5(state):
# A's secret is p^a = (g^1) ^ a = A
cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
plain = removePKCS7Padding(
aes_cbc_dec(state["a_cipher"], cipherkey, state["a_iv"]))
# B's secret is p^b = (g^1)^b = B
cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["a_iv"])
state["a_cipher"] = cipher
print(
"A->M Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv")
#print(state);
print('-' * 64)
return state
def message6(state):
secret = mypow(state["A"], state["b"], state["p"])
state["b_cipherkey"], state["b_mackey"] = secretToKeys(intToBytes(secret))
b_iv = generateAESKey()
received_message = removePKCS7Padding(
aes_cbc_dec(state["a_cipher"], state["b_cipherkey"], state["a_iv"]))
b_cipher = aes_cbc_enc(addPKCS7Padding(received_message, 16),
state["b_cipherkey"], b_iv)
state["b_cipher"] = b_cipher
state["b_iv"] = b_iv
state["b_received_plain"] = received_message
print(
"B->A Send AES-CBC(SHA1(s)[0:16], iv=random(16), A's msg) + iv"
)
return state
def message4_5(state):
# message 3.5 in the opposite order
cipherkey, mackey = secretToKeys(intToBytes(state["B"]))
plain = removePKCS7Padding(
aes_cbc_dec(state["b_cipher"], cipherkey, state["b_iv"]))
cipherkey, mackey = secretToKeys(intToBytes(state["A"]))
cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["b_iv"])
state["b_cipher"] = cipher
print(
"B->M Send AES-CBC(SHA1(s)[0:16], iv=random(16), A's msg) + iv"
)
print("M->A Relay that to A")
#print(state);
print('-' * 64)
return state
def recoverKey():
# Use your code to encrypt a message that is at least 3 blocks long:
# AES-CBC(P_1, P_2, P_3) -> C_1, C_2, C_3
plaintext = (b'A' * 48)
cipher = aes_cbc_enc(plaintext, global_aes_key, global_iv)
#Modify the message (you are now the attacker):
# C_1, C_2, C_3 -> C_1, 0, C_1
modifiedCipher = cipher[0:16] + (b'\x00' * 16) + cipher[0:16]
# Decrypt the message (you are now the receiver) and raise the
# appropriate error if high-ASCII is found.
(checkAsciiResult, errorString) = decryptAndCheckAscii(modifiedCipher)
# As the attacker, recovering the plaintext from the error, extract the key:
# P'_1 XOR P'_3
if (checkAsciiResult):
raise Exception("Unlucky")
key = raw_xor(errorString[0:16], errorString[32:48])
return key
def recoverKey():
# Use your code to encrypt a message that is at least 3 blocks long:
# AES-CBC(P_1, P_2, P_3) -> C_1, C_2, C_3
plaintext = (b'A' * 48);
cipher = aes_cbc_enc(plaintext, global_aes_key, global_iv);
#Modify the message (you are now the attacker):
# C_1, C_2, C_3 -> C_1, 0, C_1
modifiedCipher = cipher[0:16] + (b'\x00' * 16) + cipher[0:16];
# Decrypt the message (you are now the receiver) and raise the
# appropriate error if high-ASCII is found.
(checkAsciiResult, errorString) = decryptAndCheckAscii(modifiedCipher);
# As the attacker, recovering the plaintext from the error, extract the key:
# P'_1 XOR P'_3
if (checkAsciiResult):
raise Exception("Unlucky");
key = raw_xor(errorString[0:16], errorString[32:48]);
return key;
def padAndEncryptString(s):
s = s.replace(";", "';'").replace("=", "'='");
strInput = prefix + s + suffix;
rawInput = bytes(strInput, 'UTF-8');
rawOutput = aes_cbc_enc(addPKCS7Padding(rawInput, 16), global_aes_key, global_iv);
return rawOutput;
def encryptString():
myString = rawStrings[getOneRandomByte() % len(rawStrings)];
iv = generateAESKey(); # it's a 16-byte value...
myOut = aes_cbc_enc(addPKCS7Padding(myString, 16), aeskey, iv);
return myOut, iv;
def message6_5_gp1(state):
# decrypt message from B's key, encrypt to A's key
state["m_plain_b"] = removePKCS7Padding(aes_cbc_dec(state["b_cipher"], state["m_key_b"], state["b_iv"]));
state["b_cipher"] = aes_cbc_enc(addPKCS7Padding(state["m_plain_b"], 16), state["m_key_a"], state["b_iv"]);
return state;