def main():
result = pkcs7_padding(b"YELLOW SUBMARINE", 20)
assert len(result) % 20 == 0
assert result == b"YELLOW SUBMARINE" + b"\x04" * 4, result
result = pkcs7_padding(b"YELLOW SUBMARINE!", 20)
assert len(result) % 20 == 0
assert result == b"YELLOW SUBMARINE!" + b"\x03" * 5, result
result = pkcs7_padding(b"YELLOW SUBMARINE" * 2, 20)
assert len(result) % 20 == 0
assert result == b"YELLOW SUBMARINE" * 2 + b"\x08" * 8, result
def test_padding(self):
eq = self.assertEqual
eq(
pkcs7_padding(b"abcde", 16),
b"abcde" + bytes([11] * 11),
)
eq(
pkcs7_unpad(pkcs7_padding(b"abcde", 16), 16),
b"abcde",
)
eq(
pkcs7_padding(b"", 16),
b"" + bytes([16] * 16),
)
eq(
pkcs7_padding(b"a" * 16, 16),
b"a" * 16 + bytes([16] * 16),
)
eq(
pkcs7_padding(b"a" * 32, 16),
b"a" * 32 + bytes([16] * 16),
)
eq(
pkcs7_unpad(pkcs7_padding(b"", 16), 16),
b"",
)
eq(
pkcs7_unpad(pkcs7_padding(b"a" * 16, 16), 16),
b"a" * 16,
)
eq(
pkcs7_unpad(pkcs7_padding(b"a" * 32, 16), 16),
b"a" * 32,
)
self.assertRaises(BlockSizeError, pkcs7_unpad, b"abcde", 16)
self.assertRaises(PaddingError, pkcs7_unpad, b"a" * 16, 16)
self.assertRaises(PaddingError, pkcs7_unpad, b"a" * 15 + bytes([0x02]),
16)
self.assertFalse(pkcs7_padding_valid(b"a" * 16, 16))
self.assertFalse(pkcs7_padding_valid(b"", 16))
self.assertTrue(pkcs7_padding_valid(bytes([16] * 16), 16))
self.assertTrue(pkcs7_padding_valid(b"a" * 15 + bytes([1]), 16))
self.assertFalse(pkcs7_padding_valid(b"a" * 15 + bytes([2]), 16))
self.assertFalse(pkcs7_padding_valid(b"a" * 15 + b"\x00", 16))
def encryption_oracle(plaintext: bytes):
key = random_AES_key()
pre = random_bytes(random.randint(5, 10))
post = random_bytes(random.randint(5, 10))
text = pre + plaintext + post
padded = pkcs7_padding(text, 16)
if random.random() < 0.5:
return cbc_encrypt(key, padded)
else:
return ecb_encrypt(key, padded)
def encrypt(who: bytes, key: bytes, msg: bytes) -> Tuple[bytes, bytes]:
iv = random_bytes(16)
padded = pkcs7_padding(msg, 16)
ct = cbc_encrypt(key, padded, iv)
print(b" ".join([
who + b":",
b"encrypting",
msg,
b"using",
binascii.hexlify(key),
b"=>",
binascii.hexlify(ct),
b",",
binascii.hexlify(iv),
]).decode())
return ct, iv
def main():
"""
123456789012345612345678901234561234567890123456
1 2 3
email= admin &uid=10&role=user
123456789012345612345678901234561234567890123456
1 2 3
[email protected]&uid=10&role=user
"""
p = encrypt_profile(b" " * 10 + pkcs7_padding(b"admin", 16))
admin = get_blocks(p, 1)
p2 = encrypt_profile(b"*****@*****.**")
start = get_blocks(p2, 0, 1)
forged = start + admin
# Check solution
decoded = decrypt(forged)
assert decoded['role'] == 'admin'
def encrypted_userdata(s: bytes) -> bytes:
data = userdata(s)
padded = pkcs7_padding(data, 16)
em = cbc_encrypt(KEY, padded)
return em
def get_cookie():
padded = pkcs7_padding(s, 16)
iv = util.random_bytes(16)
em = cbc_encrypt(KEY, padded, iv=iv)
return em, iv
def encrypt(m: bytes) -> bytes:
padded = pkcs7_padding(m, 16)
return cbc_encrypt(c16.KEY, padded)
def encrypt_profile(email: bytes) -> bytes:
data = profile_for(email, b"10", b"user")
padded = pkcs7_padding(data, 16)
return ecb_encrypt(KEY, padded)
def oracle(key: bytes, unknown_string: bytes, your_string: bytes) -> bytes:
padded = pkcs7_padding(your_string + unknown_string, 16)
return ecb_encrypt(key, padded)