def challenge_encrypt(p_strings):
fixed_key = rand_n_string(16).encode()
e_strings = []
for plain in p_strings:
ctr = CTRCipher(fixed_key, 0)
e_strings.append(ctr.encrypt(plain))
return e_strings
def test_sha1_message_length(self):
n_string = rand_n_string(100).encode()
h = seal_sha1(random_word(), n_string)
# https://en.wikipedia.org/wiki/SHA-1#SHA-1_pseudocode
# ml = message length in bits (always a multiple of the number of bits in a character).
# append ml, the original message length, as a 64-bit big-endian integer. # Thus, the total length is a multiple of 512 bits.
ml = int.from_bytes(h[-8:], 'big')
print(ml)
def build(self) -> (BBoxType, bytes):
prefix = os.urandom(randint(5, 10))
suffix = os.urandom(randint(5, 10))
test_data = pad16_PKCS7(self.test_data())
bbox_type = self.next_bbox_type()
if bbox_type == BBoxType.ECB:
cipher = AES.new(rand_n_string(16).encode(), AES.MODE_ECB)
box_content = cipher.encrypt(test_data)
elif bbox_type == BBoxType.CBC:
cipher = CBCCipher(
rand_n_string(16).encode(),
rand_n_string(16).encode())
box_content = cipher.encrypt(test_data)
else:
raise NotImplemented("Cannot handle box type: " + str(bbox_type))
return bbox_type, prefix + box_content + suffix
def test_infer_secret(self):
secret = R.randint(
0, 2**
8) # using an 8 bit seed to make the exercise more time friendly
cipher = MersenneTwisterCipher(secret)
s = rand_n_string(R.randint(10, 40)).encode() + b"A" * 14
e = cipher.encrypt(s)
attack_string = b"A" * len(s)
for i in range(2**32):
cipher = MersenneTwisterCipher(i)
e_attack = cipher.encrypt(attack_string)
if e_attack.endswith(e[-14:]):
self.assertEqual(secret, i)
return
self.fail("Didn't find the secret")
def test_edit(self):
cipher = CTRCipher(key=FIXED_KEY, nonce=0)
n_string = rand_n_string(10000).encode()
orig = cipher.encrypt(n_string)
# The string we are going to inject
edit_string = string.ascii_lowercase.encode()[:16]
# Test 20 random edits
for i in range(20):
offset = R.randint(0, 1000)
# make sure its not already there (very unlikely, but lets make sure)
self.assertNotEqual(orig[offset:len(edit_string)], edit_string)
# make the edit
edit = cipher.edit(orig, offset, edit_string)
self.assertNotEqual(edit[offset:len(edit_string)], edit_string)
# decrypt the edit to see if it worked
modified = cipher.decrypt(edit)
# The length should be the same, this was an insert
self.assertEqual(len(n_string), len(modified))
# Did the edit make it in?
self.assertEqual(modified[offset:len(edit_string) + offset],
edit_string)
# Is the ciphertext prefix the same?
self.assertEqual(edit[:offset], orig[:offset])
# Is the plaintext prefix the same?
self.assertEqual(modified[:offset], n_string[:offset])
# Is ciphertext suffix the same?
self.assertEqual(edit[offset + len(edit_string):],
orig[offset + len(edit_string):])
# Is the plaintext suffix the same?
self.assertEqual(n_string[offset + len(edit_string):],
modified[offset + len(edit_string):])
def test_mt_cipher_round_trip(self):
cipher = MersenneTwisterCipher(rint())
s = rand_n_string(10000).encode()
e = cipher.encrypt(s)
d = cipher.decrypt(e)
self.assertEqual(s, d)
import unittest from random import choice from binascii import a2b_base64 from crypto.cbc import CBCCipher from util.somecode import pad16_PKCS7, unpad16_PKCS7, rand_n_string, PaddingException FIXED_KEY = rand_n_string(16).encode() FIXED_IV = rand_n_string(16).encode() PSTRINGS = [ b"MDAwMDAwTm93IHRoYXQgdGhlIHBhcnR5IGlzIGp1bXBpbmc=", b"MDAwMDAxV2l0aCB0aGUgYmFzcyBraWNrZWQgaW4gYW5kIHRoZSBWZWdhJ3MgYXJlIHB1bXBpbic=", b"MDAwMDAyUXVpY2sgdG8gdGhlIHBvaW50LCB0byB0aGUgcG9pbnQsIG5vIGZha2luZw==", b"MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==", b"MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl", b"MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==", b"MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==", b"MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=", b"MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=", b"MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93" ] FIXED_STRING = a2b_base64(choice(PSTRINGS)) PText = int # Plaintext byte Mi = int # The modifier byte that causes a valid pad for the ith byte def cipher_text_provider() -> (bytes, bytes): p = pad16_PKCS7(FIXED_STRING) cipher = CBCCipher(FIXED_KEY, FIXED_IV)
import unittest
from Crypto.Cipher import AES
from util.oracle import oracle_guess_cipher_type, BBoxType, oracle_guess_ecb_block_sizes
from util.somecode import rand_n_string, pad16_PKCS7
from binascii import a2b_base64
from util.sample_text import text as SAMPLE_TEXT
CHALLANGE_CIPHER_TEXT = a2b_base64(
"""Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkg
aGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBq
dXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUg
YnkK""")
FIXED_KEY = rand_n_string(16)
def encrypt(known_text: bytes) -> bytes:
return encrypt_(known_text, CHALLANGE_CIPHER_TEXT)
def encrypt_(known_text: bytes, unknown_text: bytes) -> bytes:
cipher = AES.new(FIXED_KEY, AES.MODE_ECB)
box_content = cipher.encrypt(pad16_PKCS7(known_text + unknown_text))
return box_content
def decrypt_unknown(block_size: int) -> str:
plain_text = ""
num_bytes_to_guess = (len(SAMPLE_TEXT) % block_size) * block_size
for byte_target in reversed(range(0, num_bytes_to_guess)):
oracle_block = b'A' * byte_target