def ctr_break():
key = urandom(16)
ct = [ctr(i, key, nonce) for i in pt]
x = repeated_xor(b''.join(
[j for i in ct for j in split_blocks(i) if (len(j) == 16)]))
key = split_blocks(x.find_key(x.find_key_size()))[0]
return [xor(i, key) for i in ct] == pt
def decrypt(self, ct: bytes) -> bytes: blks = ([self.IV]+split_blocks(ct, 16))[::-1] prev = self.decrypt_ecb(blks[0]) for i in blks[1:]: self.pt += [xor(i,prev)] prev = self.decrypt_ecb(i) return pkcs7_unpad(b''.join(self.pt[::-1]))
def encrypt(self, pt: bytes) -> bytes: blks = [self.IV]+split_blocks(pkcs7_pad(pt, 16), 16) prev = blks[0] for i in blks[1:]: self.ct += [self.encrypt_ecb(xor(prev,i))] prev = self.ct[-1] return b''.join(self.ct)
def find_key_size(cip: bytes) -> bytes:
normalized_val_list = []
for key_size in KEYSIZE:
blocks = split_blocks(cip, key_size)[:-1]
avg_ham_dist = sum(func_blocks(blocks,
hamming_dist)) / (len(blocks) - 1)
normalized_val_list += [avg_ham_dist / key_size]
return normalized_val_list.index(min(normalized_val_list)) + KEYSIZE[0]
def ctr(ct: bytes, key: bytes, counter) -> bytes:
ret = b''
for j, i in enumerate(split_blocks(ct)):
ret += xor(ecb_encrypt(counter(j), key, False), i)
return ret[:len(ct)]
def detective(ct: bytes) -> int:
blks = split_blocks(ct)
if (blks[0] == blks[1]):
return 1
return 0
def find_key(cip: bytes, key_size: bytes) -> bytes:
blocks = split_blocks(cip, key_size)[:-1]
return b"".join(
[solve_xor(byte_split_blocks(blocks, i)) for i in range(key_size)])
def is_ECB(self) -> int:
ct = self.oracle(b'\x00' * 32)
blks = split_blocks(ct)
if (blks[0] == blks[1]):
return True
return False
def __init__(self, oracle):
self.oracle = oracle
self.oracle_blks = lambda pt: split_blocks(oracle(pt))
self.unknown = b''