def check_protocol_g1(state): # B's public key is 1^b = 1. # A's secret is (1)^a = 1. # B's secret is (1)^b = 1 # In this case, Mallory doesn't need to modify ciphers, # becasue A and B have the same shared secret. # But Mallory gets to know their messages (and potentially # inject her own) m_secret = 1; m_cipherkey, m_mackey = secretToKeys(intToBytes(m_secret)); m_plain_a = removePKCS7Padding(aes_cbc_dec(state["a_cipher"], m_cipherkey, state["a_iv"])); m_plain_b = removePKCS7Padding(aes_cbc_dec(state["b_cipher"], m_cipherkey, state["b_iv"])); assert(m_plain_a == state["a_received_plain"]); assert(m_plain_b == state["b_received_plain"]);
def check_protocol_g1(state): # B's public key is 1^b = 1. # A's secret is (1)^a = 1. # B's secret is (1)^b = 1 # In this case, Mallory doesn't need to modify ciphers, # becasue A and B have the same shared secret. # But Mallory gets to know their messages (and potentially # inject her own) m_secret = 1 m_cipherkey, m_mackey = secretToKeys(intToBytes(m_secret)) m_plain_a = removePKCS7Padding( aes_cbc_dec(state["a_cipher"], m_cipherkey, state["a_iv"])) m_plain_b = removePKCS7Padding( aes_cbc_dec(state["b_cipher"], m_cipherkey, state["b_iv"])) assert (m_plain_a == state["a_received_plain"]) assert (m_plain_b == state["b_received_plain"])
def message6_5_gp1(state): # decrypt message from B's key, encrypt to A's key state["m_plain_b"] = removePKCS7Padding( aes_cbc_dec(state["b_cipher"], state["m_key_b"], state["b_iv"])) state["b_cipher"] = aes_cbc_enc(addPKCS7Padding(state["m_plain_b"], 16), state["m_key_a"], state["b_iv"]) return state
def message4_5(state): # message 3.5 in the opposite order cipherkey, mackey = secretToKeys(intToBytes(state["B"])) plain = removePKCS7Padding(aes_cbc_dec(state["b_cipher"], cipherkey, state["b_iv"])); cipherkey, mackey = secretToKeys(intToBytes(state["A"])) cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["b_iv"]); state["b_cipher"] = cipher; return state;
def message4_5(state): # message 3.5 in the opposite order cipherkey, mackey = secretToKeys(intToBytes(state["B"])) plain = removePKCS7Padding( aes_cbc_dec(state["b_cipher"], cipherkey, state["b_iv"])) cipherkey, mackey = secretToKeys(intToBytes(state["A"])) cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["b_iv"]) state["b_cipher"] = cipher return state
def message3_5(state): # A's secret is p^a = (g^1) ^ a = A cipherkey, mackey = secretToKeys(intToBytes(state["A"])) plain = removePKCS7Padding(aes_cbc_dec(state["a_cipher"], cipherkey, state["a_iv"])); # B's secret is p^b = (g^1)^b = B cipherkey, mackey = secretToKeys(intToBytes(state["B"])) cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["a_iv"]); state["a_cipher"] = cipher; return state;
def message6(state): secret = mypow(state["A"], state["b"], state["p"]); state["b_cipherkey"], state["b_mackey"] = secretToKeys(intToBytes(secret)); b_iv = generateAESKey(); received_message = removePKCS7Padding(aes_cbc_dec(state["a_cipher"], state["b_cipherkey"], state["a_iv"])); b_cipher = aes_cbc_enc(addPKCS7Padding(received_message, 16), state["b_cipherkey"], b_iv); state["b_cipher"] = b_cipher; state["b_iv"] = b_iv; state["b_received_plain"] = received_message; return state;
def message3_5(state): # A's secret is p^a = (g^1) ^ a = A cipherkey, mackey = secretToKeys(intToBytes(state["A"])) plain = removePKCS7Padding( aes_cbc_dec(state["a_cipher"], cipherkey, state["a_iv"])) # B's secret is p^b = (g^1)^b = B cipherkey, mackey = secretToKeys(intToBytes(state["B"])) cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["a_iv"]) state["a_cipher"] = cipher return state
def message6(state): secret = mypow(state["A"], state["b"], state["p"]); state["b_cipherkey"], state["b_mackey"] = secretToKeys(intToBytes(secret)); b_iv = generateAESKey(); received_message = removePKCS7Padding(aes_cbc_dec(state["a_cipher"], state["b_cipherkey"], state["a_iv"])); b_cipher = aes_cbc_enc(addPKCS7Padding(received_message, 16), state["b_cipherkey"], b_iv); state["b_cipher"] = b_cipher; state["b_iv"] = b_iv; state["b_received_plain"] = received_message; print("B->A Send AES-CBC(SHA1(s)[0:16], iv=random(16), A's msg) + iv"); return state;
def message3_5(state): # A's secret is p^a = (g^1) ^ a = A cipherkey, mackey = secretToKeys(intToBytes(state["A"])) plain = removePKCS7Padding(aes_cbc_dec(state["a_cipher"], cipherkey, state["a_iv"])); # B's secret is p^b = (g^1)^b = B cipherkey, mackey = secretToKeys(intToBytes(state["B"])) cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["a_iv"]); state["a_cipher"] = cipher; print("A->M Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv"); #print(state); print('-'*64); return state;
def message6(state): secret = mypow(state["A"], state["b"], state["p"]) state["b_cipherkey"], state["b_mackey"] = secretToKeys(intToBytes(secret)) b_iv = generateAESKey() received_message = removePKCS7Padding( aes_cbc_dec(state["a_cipher"], state["b_cipherkey"], state["a_iv"])) b_cipher = aes_cbc_enc(addPKCS7Padding(received_message, 16), state["b_cipherkey"], b_iv) state["b_cipher"] = b_cipher state["b_iv"] = b_iv state["b_received_plain"] = received_message return state
def message4_5(state): # message 3.5 in the opposite order cipherkey, mackey = secretToKeys(intToBytes(state["B"])) plain = removePKCS7Padding(aes_cbc_dec(state["b_cipher"], cipherkey, state["b_iv"])); cipherkey, mackey = secretToKeys(intToBytes(state["A"])) cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["b_iv"]); state["b_cipher"] = cipher; print("B->M Send AES-CBC(SHA1(s)[0:16], iv=random(16), A's msg) + iv"); print("M->A Relay that to A"); #print(state); print('-'*64); return state;
def message3_5(state): # A's secret is p^a = (g^1) ^ a = A cipherkey, mackey = secretToKeys(intToBytes(state["A"])) plain = removePKCS7Padding( aes_cbc_dec(state["a_cipher"], cipherkey, state["a_iv"])) # B's secret is p^b = (g^1)^b = B cipherkey, mackey = secretToKeys(intToBytes(state["B"])) cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["a_iv"]) state["a_cipher"] = cipher print( "A->M Send AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv") #print(state); print('-' * 64) return state
def message6(state): secret = mypow(state["A"], state["b"], state["p"]) state["b_cipherkey"], state["b_mackey"] = secretToKeys(intToBytes(secret)) b_iv = generateAESKey() received_message = removePKCS7Padding( aes_cbc_dec(state["a_cipher"], state["b_cipherkey"], state["a_iv"])) b_cipher = aes_cbc_enc(addPKCS7Padding(received_message, 16), state["b_cipherkey"], b_iv) state["b_cipher"] = b_cipher state["b_iv"] = b_iv state["b_received_plain"] = received_message print( "B->A Send AES-CBC(SHA1(s)[0:16], iv=random(16), A's msg) + iv" ) return state
def message4_5(state): # message 3.5 in the opposite order cipherkey, mackey = secretToKeys(intToBytes(state["B"])) plain = removePKCS7Padding( aes_cbc_dec(state["b_cipher"], cipherkey, state["b_iv"])) cipherkey, mackey = secretToKeys(intToBytes(state["A"])) cipher = aes_cbc_enc(addPKCS7Padding(plain, 16), cipherkey, state["b_iv"]) state["b_cipher"] = cipher print( "B->M Send AES-CBC(SHA1(s)[0:16], iv=random(16), A's msg) + iv" ) print("M->A Relay that to A") #print(state); print('-' * 64) return state
recoveredPlaintext = x.to_bytes(1, byteorder='big') + recoveredPlaintext; # move to next value of i break; # not the right x, iterate. # if we've gone through all the x values, there's an error if (x == 255): print("ERROR finding good padding"); # end for x in range(256) # end for i in range(len(rawBlock)) return recoveredPlaintext def recoverPlaintext(): targetCipher, iv = encryptString(); targetBlocks = chunks(targetCipher, 16); plaintext = b''; for i in range(len(targetBlocks)): plaintext += recoverBlock(targetBlocks[i], iv); iv = targetBlocks[i]; return plaintext; if __name__ == "__main__": rawPlaintext = recoverPlaintext(); print(b'Raw Plaintext: ' + rawPlaintext); unpaddedPlaintext = removePKCS7Padding(rawPlaintext); print(b'Padding removed: ' + unpaddedPlaintext);
def final(state): state["a_received_plain"] = removePKCS7Padding(aes_cbc_dec(state["b_cipher"], state["a_cipherkey"], state["b_iv"])); return state;
def message6_5_gp1(state): # decrypt message from B's key, encrypt to A's key state["m_plain_b"] = removePKCS7Padding(aes_cbc_dec(state["b_cipher"], state["m_key_b"], state["b_iv"])); state["b_cipher"] = aes_cbc_enc(addPKCS7Padding(state["m_plain_b"], 16), state["m_key_a"], state["b_iv"]); return state;
def final(state): state["a_received_plain"] = removePKCS7Padding( aes_cbc_dec(state["b_cipher"], state["a_cipherkey"], state["b_iv"])) return state