def encryptionOracle(): global persistentKey if persistentKey == "": persistentKey = aes.generateRandomKey() plaintext = 'The West Grestin border checkpoint is now open. Glory to Arstotzka!' return cbcKIVEncrypt(plaintext, persistentKey)
def _parse_dropbox(self):
self.dropboxAccessToken = self.configParser.get(self.DropboxSection, "access_token")
if self.backupWithDropbox != gEmptyStr and self.backupWithDropbox:
# get dropbox auth info
self.dropboxUser = self.configParser.get(self.DropboxSection, "User")
if self.dropboxUser:
self.dropboxUser = self.dropboxUser.strip()
self.dropboxPassStr = self.configParser.get(self.DropboxSection, "Password")
if self.dropboxPassStr:
self.dropboxPassStr = self.dropboxPassStr.strip()
if not self.dropboxUser or gEmptyStr == self.dropboxUser:
self.dropboxUser = raw_input("Your user name for dropbox: ")
self.configParser.set(self.DropboxSection, "User", self.dropboxUser)
self.dropboxPassStr = ""
if not self.dropboxPassStr or self.dropboxPassStr == gEmptyStr:
self.dropboxPassStr = getpass.getpass("Your password for dropbox user %s: " % (self.dropboxUser))
self.dropboxPassKey = aes.generateRandomKey(16)
# set password with aes encryption
tmpPass = aes.encryptData(dropboxPassKey, dropboxPassStr)
self.configParser.set(self.DropboxSection, "Password", tmpPass.encode("hex") + gSepChar + self.dropboxPassKey.encode("hex"))
# reset access token when username or password changes
self.dropboxAccessToken = gEmptyStr
else:
self.dropboxPass, self.dropboxPassKey = self.dropboxPassStr.split(":")
self.dropboxPass = aes.decryptData(binascii.unhexlify(self.dropboxPassKey), binascii.unhexlify(self.dropboxPass))
self.dropboxAppKey = self.configParser.get(self.DropboxSection, "APP_KEY")
self.dropboxAppSecret = self.configParser.get(self.DropboxSection, "APP_SECRET")
self.dropboxAccessType = "dropbox"
self.dropboxBackupDir = self.configParser.get(self.DropboxSection, "target_dir")
if not self.dropboxBackupDir:
self.dropboxBackupDir = "/"
else:
self.dropboxBackupDir = self.dropboxBackupDir.rstrip("/")
def generateCiphertexts():
plaintextFile = open("20.txt")
ciphertexts = []
key = aes.generateRandomKey()
for line in plaintextFile:
ciphertexts.append(aes.aesCTREncrypt(convert.b64ToByteString(line), key, 0))
plaintextFile.close()
return ciphertexts
def sendAESMessage(self, ciphertext, IV): try: plaintext = aes.aesCBCDecrypt(ciphertext, self.aesKey, IV) except Exception: plaintext = "Invalid Message" #Same as an IV newIV = aes.generateRandomKey() newCiphertext = aes.aesCBCEncrypt(plaintext, self.aesKey, newIV) return (newCiphertext, newIV)
def upload_to_dropbox(backupConfig, backupArchive):
print("Login to dropbox...")
try:
try:
from dropbox import client, rest, session
except ImportError, e:
print("Dropbox sdk not found, please download and install the \
latest dropbox sdk from https://www.dropbox.com/developers/reference/sdk"
)
raise e
sess = session.DropboxSession(backupConfig.dropboxAppKey,
backupConfig.dropboxAppSecret,
backupConfig.dropboxAccessType)
if backupConfig.dropboxAccessToken == gEmptyStr or not backupConfig.dropboxAccessToken:
requestToken = sess.obtain_request_token()
url = sess.build_authorize_url(requestToken)
# Make the user sign in and authorize this token
print("url: %s" % url)
print(
"Please visit this website and press the 'Allow' button, then hit 'Enter' here."
)
raw_input()
accessToken = sess.obtain_access_token(requestToken)
# encrypt access token
dropboxAccessTokenAesKey = aes.generateRandomKey(16)
accessTokenKey = aes.encryptData(dropboxAccessTokenAesKey,
accessToken.key)
accessTokenSecret = aes.encryptData(dropboxAccessTokenAesKey,
accessToken.secret)
backupConfig.configParser.set(
backupConfig.DropboxSection, "access_token", "%s:%s:%s" %
(accessTokenKey.encode("hex"), accessTokenSecret.encode("hex"),
dropboxAccessTokenAesKey.encode("hex")))
client = client.DropboxClient(sess)
else:
# read access token
if not backupConfig.dropboxAccessToken or backupConfig.dropboxAccessToken == gEmptyStr:
raise Exception("Cannot read access_token in config file %s" %
backupConfig.configPath)
accessTokenKey, accessTokenSecret, dropboxAccessTokenAesKey = backupConfig.dropboxAccessToken.split(
":")
accessTokenKey = aes.decryptData(
binascii.unhexlify(dropboxAccessTokenAesKey),
binascii.unhexlify(accessTokenKey))
accessTokenSecret = aes.decryptData(
binascii.unhexlify(dropboxAccessTokenAesKey),
binascii.unhexlify(accessTokenSecret))
sess.set_token(accessTokenKey, accessTokenSecret)
# init client
client = client.DropboxClient(sess)
# send backup file
with open(backupArchive) as f:
print("Upload %s to dropbox..." % (backupArchive))
response = client.put_file(
"%s/%s" % (backupConfig.dropboxBackupDir,
os.path.basename(allBackupArchive)), f)
def setup(mail, pw):
p = server(mail, pw)
p.N = prime
p.g = generator
p.k = 3
p.salt = aes.generateRandomKey(16)
xH = sha256(p.salt + pw).hexdigest()
x = hex_os2i(xH)
p.v = pow(p.g, x, p.N)
return p
def setup(mail, pw):
p = server(mail, pw)
p.N = prime
p.g = generator
p.k = 3
p.salt = aes.generateRandomKey(16)
xH = sha256(p.salt + pw).hexdigest()
x = hex_os2i(xH)
p.v = pow(p.g, x, p.N)
return p
def _parse_dropbox(self):
self.dropboxAccessToken = self.configParser.get(
self.DropboxSection, "access_token")
if self.backupWithDropbox != gEmptyStr and self.backupWithDropbox:
# get dropbox auth info
self.dropboxUser = self.configParser.get(self.DropboxSection,
"User")
if self.dropboxUser:
self.dropboxUser = self.dropboxUser.strip()
self.dropboxPassStr = self.configParser.get(
self.DropboxSection, "Password")
if self.dropboxPassStr:
self.dropboxPassStr = self.dropboxPassStr.strip()
if not self.dropboxUser or gEmptyStr == self.dropboxUser:
self.dropboxUser = raw_input("Your user name for dropbox: ")
self.configParser.set(self.DropboxSection, "User",
self.dropboxUser)
self.dropboxPassStr = ""
if not self.dropboxPassStr or self.dropboxPassStr == gEmptyStr:
self.dropboxPassStr = getpass.getpass(
"Your password for dropbox user %s: " % (self.dropboxUser))
self.dropboxPassKey = aes.generateRandomKey(16)
# set password with aes encryption
tmpPass = aes.encryptData(dropboxPassKey, dropboxPassStr)
self.configParser.set(
self.DropboxSection, "Password",
tmpPass.encode("hex") + gSepChar +
self.dropboxPassKey.encode("hex"))
# reset access token when username or password changes
self.dropboxAccessToken = gEmptyStr
else:
self.dropboxPass, self.dropboxPassKey = self.dropboxPassStr.split(
":")
self.dropboxPass = aes.decryptData(
binascii.unhexlify(self.dropboxPassKey),
binascii.unhexlify(self.dropboxPass))
self.dropboxAppKey = self.configParser.get(self.DropboxSection,
"APP_KEY")
self.dropboxAppSecret = self.configParser.get(self.DropboxSection,
"APP_SECRET")
self.dropboxAccessType = "dropbox"
self.dropboxBackupDir = self.configParser.get(self.DropboxSection,
"target_dir")
if not self.dropboxBackupDir:
self.dropboxBackupDir = "/"
else:
self.dropboxBackupDir = self.dropboxBackupDir.rstrip("/")
def _set_db_info(self):
if not self.dbConf:
return False
for dbtype in self.dbType:
dbConf = self.dbConf.get(dbtype, None)
if dbConf is None or not dbConf.dbList:
continue
# set user and password/key
if not dbConf.dbUser or dbConf.dbUser == gEmptyStr:
dbConf.dbUser = raw_input("Your user name for %s: " % dbtype)
self.configParser.set(dbtype, "User", dbConf.dbUser)
dbConf.dbPass = ""
if not dbConf.dbPass or dbConf.dbPass == gEmptyStr:
dbConf.dbPass = getpass.getpass(
"Your password for %s user %s: " % (dbtype, dbConf.dbUser))
dbConf.dbPassKey = aes.generateRandomKey(16)
# set password with aes encryption
tmpPass = aes.encryptData(dbConf.dbPassKey, dbConf.dbPass)
self.configParser.set(
dbtype, "Password",
tmpPass.encode("hex") + gSepChar +
dbConf.dbPassKey.encode("hex"))
else:
dbConf.dbPass, dbConf.dbPassKey = dbConf.dbPass.split(":")
dbConf.dbPass = aes.decryptData(
binascii.unhexlify(dbConf.dbPassKey),
binascii.unhexlify(dbConf.dbPass))
# set dump command
if dbtype == self.MysqlSection:
dbPort = "-P %s" % dbConf.dbPort if dbConf.dbPort != gEmptyStr else ""
dbConf.dumpCmd = "mysqldump %s -u %s --password=%s -B {0} -r %s/{0}" % \
(dbPort, dbConf.dbUser, dbConf.dbPass, gTmpDir)
elif dbtype == self.MongoDBSection:
dbPort = "--port %s" % dbConf.dbPort if dbConf.dbPort != gEmptyStr else ""
dbConf.dumpCmd = "mongodump %s -u %s -p %s -d {0} -o %s/mongodb" % \
(dbPort, dbConf.dbUser, dbConf.dbPass, gTmpDir)
else:
print("Fatal error: database type %s is not supported" %
dbtype)
sys.exit(1)
return True
def upload_to_dropbox(backupConfig, backupArchive):
print("Login to dropbox...")
try:
try:
from dropbox import client, rest, session
except ImportError, e:
print("Dropbox sdk not found, please download and install the \
latest dropbox sdk from https://www.dropbox.com/developers/reference/sdk")
raise e
sess = session.DropboxSession(backupConfig.dropboxAppKey, backupConfig.dropboxAppSecret, backupConfig.dropboxAccessType)
if backupConfig.dropboxAccessToken == gEmptyStr or not backupConfig.dropboxAccessToken:
requestToken = sess.obtain_request_token()
url = sess.build_authorize_url(requestToken)
# Make the user sign in and authorize this token
print("url: %s" % url)
print("Please visit this website and press the 'Allow' button, then hit 'Enter' here.")
raw_input()
accessToken = sess.obtain_access_token(requestToken)
# encrypt access token
dropboxAccessTokenAesKey = aes.generateRandomKey(16)
accessTokenKey = aes.encryptData(dropboxAccessTokenAesKey, accessToken.key)
accessTokenSecret = aes.encryptData(dropboxAccessTokenAesKey, accessToken.secret)
backupConfig.configParser.set(
backupConfig.DropboxSection,
"access_token",
"%s:%s:%s" % (accessTokenKey.encode("hex"), accessTokenSecret.encode("hex"), dropboxAccessTokenAesKey.encode("hex")))
client = client.DropboxClient(sess)
else:
# read access token
if not backupConfig.dropboxAccessToken or backupConfig.dropboxAccessToken == gEmptyStr:
raise Exception("Cannot read access_token in config file %s" % backupConfig.configPath)
accessTokenKey, accessTokenSecret, dropboxAccessTokenAesKey = backupConfig.dropboxAccessToken.split(":")
accessTokenKey = aes.decryptData(binascii.unhexlify(dropboxAccessTokenAesKey), binascii.unhexlify(accessTokenKey))
accessTokenSecret = aes.decryptData(binascii.unhexlify(dropboxAccessTokenAesKey), binascii.unhexlify(accessTokenSecret))
sess.set_token(accessTokenKey, accessTokenSecret)
# init client
client = client.DropboxClient(sess)
# send backup file
with open(backupArchive) as f:
print("Upload %s to dropbox..." % (backupArchive))
response = client.put_file("%s/%s" % (backupConfig.dropboxBackupDir, os.path.basename(allBackupArchive)), f)
def _set_db_info(self):
if not self.dbConf:
return False
for dbtype in self.dbType:
dbConf = self.dbConf.get(dbtype, None)
if dbConf is None or not dbConf.dbList:
continue
# set user and password/key
if not dbConf.dbUser or dbConf.dbUser == gEmptyStr:
dbConf.dbUser = raw_input("Your user name for %s: " % dbtype)
self.configParser.set(dbtype, "User", dbConf.dbUser)
dbConf.dbPass = ""
if not dbConf.dbPass or dbConf.dbPass == gEmptyStr:
dbConf.dbPass = getpass.getpass("Your password for %s user %s: " % (dbtype, dbConf.dbUser))
dbConf.dbPassKey = aes.generateRandomKey(16)
# set password with aes encryption
tmpPass = aes.encryptData(dbConf.dbPassKey, dbConf.dbPass)
self.configParser.set(dbtype, "Password", tmpPass.encode("hex") + gSepChar + dbConf.dbPassKey.encode("hex"))
else:
dbConf.dbPass, dbConf.dbPassKey = dbConf.dbPass.split(":")
dbConf.dbPass = aes.decryptData(binascii.unhexlify(dbConf.dbPassKey), binascii.unhexlify(dbConf.dbPass))
# set dump command
if dbtype == self.MysqlSection:
dbPort = "-P %s" % dbConf.dbPort if dbConf.dbPort != gEmptyStr else ""
dbConf.dumpCmd = "mysqldump %s -u %s --password=%s -B {0} -r %s/{0}" % \
(dbPort, dbConf.dbUser, dbConf.dbPass, gTmpDir)
elif dbtype == self.MongoDBSection:
dbPort = "--port %s" % dbConf.dbPort if dbConf.dbPort != gEmptyStr else ""
dbConf.dumpCmd = "mongodump %s -u %s -p %s -d {0} -o %s/mongodb" % \
(dbPort, dbConf.dbUser, dbConf.dbPass, gTmpDir)
else:
print("Fatal error: database type %s is not supported" % dbtype)
sys.exit(1)
return True
def get_salt(self):
self.b, self.B = keygen(self.N, self.g)
self.u = hex_os2i(aes.generateRandomKey(16).encode('hex'))
return self.salt, self.B, self.u
def get_salt(self):
self.b, self.B = keygen(self.N, self.g)
self.u = hex_os2i(aes.generateRandomKey(16).encode('hex'))
return self.salt, self.B, self.u
import random
import aes
from hashlib import sha256
import hmac
prime = 0xffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff
generator = 2
# our password space
passwords = []
for i in range(128):
passwords.append(aes.generateRandomKey(16))
def keygen(p, g):
a = random.randrange(1, p - 1)
A = pow(g, a, p)
return a, A
def hex_os2i(os):
return long('0x' + os, 16)
class player:
def __init__(self, mail, pw):
self.mail = mail
self.pw = pw
def compute_u(self):
uH = sha256(str(self.A) + str(self.B)).hexdigest()
print maxMessage
return (returnMessage, returnIV)
if __name__ == "__main__":
counterPart = DHEchoer()
privateKey = dh.generatePrivateKey(dh.STANDARD_P)
counterPart.sendGroupParameters(dh.STANDARD_P, dh.STANDARD_G)
publicValue = counterPart.sendPublicDHValue(dh.generatePublicValue(privateKey, dh.STANDARD_G, dh.STANDARD_P))
sharedSecret = dh.deriveSecret(publicValue, privateKey, dh.STANDARD_P)
aesKey = convert.intToByteString(hash.sha1(convert.intToByteString(sharedSecret)))[0:16]
aesIV = aes.generateRandomKey()
returnMessage, returnIV = counterPart.sendAESMessage(aes.aesCBCEncrypt("Test Message", aesKey, aesIV), aesIV)
print aes.aesCBCDecrypt(returnMessage, aesKey, returnIV)
#Now for the MITM attack
# g = 1
newCounterpart = PAlteringDHMITM(counterPart, 1, [1])
newCounterpart.sendGroupParameters(dh.STANDARD_P, dh.STANDARD_G)
publicValue = newCounterpart.sendPublicDHValue(dh.generatePublicValue(privateKey, dh.STANDARD_G, dh.STANDARD_P))
sharedSecret = dh.deriveSecret(publicValue, privateKey, dh.STANDARD_P)
def sendAESMessage(self, ciphertext, IV): plaintext = aes.aesCBCDecrypt(ciphertext, self.aesKey, IV) #Same as an IV newIV = aes.generateRandomKey() newCiphertext = aes.aesCBCEncrypt(plaintext, self.aesKey, newIV) return (newCiphertext, newIV)
def genAESKey(size):
"""generate a new AES key for encryption/decryption"""
return aes.generateRandomKey(size)
import random
import aes
from hashlib import sha256
import hmac
prime = 0xffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca237327ffffffffffffffff
generator = 2
# our password space
passwords = []
for i in range(128):
passwords.append(aes.generateRandomKey(16))
def keygen(p, g):
a = random.randrange(1, p-1)
A = pow(g, a, p)
return a, A
def hex_os2i(os):
return long('0x' + os, 16)
class player:
def __init__(self, mail, pw):
self.mail = mail
self.pw = pw
def compute_u(self):
uH = sha256(str(self.A) + str(self.B)).hexdigest()
self.u = hex_os2i(uH)
def sign_salt(self):