def forward_and_decrypt(self, key: bytes) -> bytes:
key = SHA1(key).digest()[:16]
iv = self.received_cyphertext[-16:]
message = de_pkcs7(decrypt_aes_cbc(key, iv,
self.received_cyphertext[:-16]))
self.peer.receive_message(self.received_cyphertext)
return message
def forge_hash(m: bytes, m_prime: bytes, key: bytes, iv: bytes) -> bytes:
t = cbc_mac(key, iv, pkcs7(m))
t_prime = cbc_mac(key, iv, m_prime)
# We need to find m'' such that E_k(m'' xor t') = t
# by solving D_k(t) xor t' = m''.
m_prime_suffix = decrypt_aes_cbc(key, t_prime, t)
return m_prime + m_prime_suffix
def padding_oracle(cyphertext, k = RANDOM_KEY, iv = IV):
plaintext = decrypt_aes_cbc(cyphertext, k, iv)
pad_length = plaintext[-1]
return pad_length * bytes([pad_length]) == plaintext[-pad_length:]
def is_admin(cyphertext: bytes, key: bytes = RANDOM_KEY) -> bool:
plaintext = decrypt_aes_cbc(key, iv=bytes(16), cyphertext=cyphertext)
plaintext_str = plaintext.decode(errors="replace")
return "admin=true" in plaintext_str
def receive_message(self, cyphertext: bytes) -> None:
self.received_cyphertext = cyphertext
iv = cyphertext[-16:]
message = de_pkcs7(decrypt_aes_cbc(self._aes_key(), iv,
cyphertext[:-16]))
self.received_message = message
def is_admin(cyphertext, k = RANDOM_KEY):
plaintext = decrypt_aes_cbc(cyphertext, k, iv = bytes(16))
plaintext = plaintext.decode(errors = "replace")
return "admin=true" in plaintext
def oracle(cyphertext: bytes) -> Optional[bytes]:
key = RANDOM_KEY
plaintext = decrypt_aes_cbc(key, iv=key, cyphertext=cyphertext)
if not ascii_compliant(plaintext):
return plaintext
return None
def padding_oracle(cyphertext: bytes) -> bool:
plaintext = decrypt_aes_cbc(RANDOM_KEY, IV, cyphertext)
pad_length = plaintext[-1]
return pad_length * bytes([pad_length]) == plaintext[-pad_length:]
def decrypt(self, cyphertext: bytes = None) -> bytes:
cyphertext = cyphertext or self._message_buffer.pop()
iv = cyphertext[-16:]
message = de_pkcs7(
decrypt_aes_cbc(self._aes_key(), iv, cyphertext[:-16]))
return message
