def break_dh_gps1():
# Mallory intercepts the group negotiation and sets g=1
alice = Node(prime, prime - 1)
mallory = Node(prime, prime - 1)
bob = Node(prime, prime - 1)
# Mallory doesn't tamper with the public keys
alice_symkey = alice.negotiate_key(peer_pubkey=bob.pubkey)
bob_symkey = alice.negotiate_key(peer_pubkey=alice.pubkey)
# Alice encrypts a message with her symmetric key
message = b"alice: *******\nalice: thats what I see"
iv = os.urandom(16)
ciphertext = aes_cbc_encrypt(message, alice_symkey, iv)
# Mallory intercepts the message. He knows the secret is either 1 or p-1,
# so he calculates both keys and finds out which one can decrypt the
# message.
mallory_symkey = mallory.negotiate_key(secret=1)
try:
plaintext = aes_cbc_decrypt(ciphertext, mallory_symkey, iv)
except InvalidPadding:
mallory_symkey = mallory.negotiate_key(secret=prime - 1)
plaintext = aes_cbc_decrypt(ciphertext, mallory_symkey, iv)
return str(plaintext, 'utf8')
def main():
# test cbc encryption and decryption
key = b'YELLOW SUBMARINE'
iv = b"\x00" * 16
pt = b'A' * 156
ct = aes_cbc_encrypt(pt, key, iv)
print(b64encode(ct).decode('utf8'))
pt = aes_cbc_decrypt(ct, key, iv)
print(pt.decode('utf8'))
# decrypt the actual answer
plaintext = aes_cbc_decrypt(b64decode(ciphertext), key, iv)
print(plaintext.decode("utf8"))
def main():
# Alice wants to encrypt a top-secret cookie recipe to Bob. They decide to
# negotiate a symmetric encryption key using the Diffie-Hellman Key Exchange.
alice = Node(prime, generator)
# Alice sends her public key to Bob. Bob calculates the symmetric key from
# Alice's public key. But wait, Mallory is on the network and replaced her
# public key with her prime number! D:
mallory = Node(prime, generator)
bob = Node(alice.prime, mallory.generator)
bob_symkey = bob.negotiate_key(peer_pubkey=mallory.prime)
# Bob sends his public key to Alice, and Mallory does the same thing.
alice_symkey = alice.negotiate_key(peer_pubkey=mallory.prime)
# Alice encrypts the message
recipe = b'6 eggs\n2 cups flower\n1 cup brown sugar\n1 tbsp vanilla ice'
iv = os.urandom(16)
ciphertext = aes_cbc_encrypt(recipe, alice_symkey, iv)
# Mallory knows the secret value because p ** n % p = 0, and from it can
# calculate the key.
mallory_symkey = mallory.negotiate_key(secret=0)
# Mallory intercepts and then decrypts the ciphertext
plaintext = aes_cbc_decrypt(ciphertext, mallory_symkey, iv)
print("Succesfully MITM'd the DH key exchange! Plaintext:")
print(str(plaintext, 'utf8'))
def decrypt_data(data):
pt = aes_cbc_decrypt(data, p27_key, p27_iv, pkcs7_unpad)
for ch in pt:
if ch > 127:
raise InvalidAscii(dedent("""Bad decrypt! I'm going to print the
decrypted data for no particular reason now: %s""") %
b16encode(pt).decode('utf8'))
return pt
def break_dh_gp():
# Mallory intercepts the group negotiation and sets g=1
alice = Node(prime, prime)
mallory = Node(prime, prime)
bob = Node(prime, prime)
# Mallory doesn't tamper with the public keys
alice_symkey = alice.negotiate_key(peer_pubkey=bob.pubkey)
bob_symkey = alice.negotiate_key(peer_pubkey=alice.pubkey)
# Bob encrypts a message with his symmetric key
message = b"bob: hunter2.\nbob: doesnt look like stars to me"
iv = os.urandom(16)
ciphertext = aes_cbc_encrypt(message, bob_symkey, iv)
# Mallory intercepts the message. He knows the secret is 0, so he
# calculates the key and decrypts the message.
mallory_symkey = mallory.negotiate_key(secret=0)
plaintext = aes_cbc_decrypt(ciphertext, mallory_symkey, iv)
return str(plaintext, 'utf8')
def break_dh_g1():
# Mallory intercepts the group negotiation and sets g=1
alice = Node(prime, 1)
mallory = Node(prime, 1)
bob = Node(prime, 1)
# Mallory doesn't tamper with the public keys
alice_symkey = alice.negotiate_key(peer_pubkey=bob.pubkey)
bob_symkey = alice.negotiate_key(peer_pubkey=alice.pubkey)
# Alice encrypts a message with her symmetric key
message = b"alice: hey, if you type in your pw, it will show as stars.\nalice: ********* see!"
iv = os.urandom(16)
ciphertext = aes_cbc_encrypt(message, alice_symkey, iv)
# Mallory intercepts the message. He knows the secret is 1, so he
# calculates the key and decrypts the message.
mallory_symkey = mallory.negotiate_key(secret=1)
plaintext = aes_cbc_decrypt(ciphertext, mallory_symkey, iv)
return str(plaintext, 'utf8')
def decrypt_data(data):
pt = aes_cbc_decrypt(data, p16_key, p16_iv)
return pt
def decryption_oracle(ct, iv):
try:
aes_cbc_decrypt(ct, key, iv, pkcs7_unpad)
return True
except InvalidPadding as e:
return False