def smoke_test(self):
pt = b'Who lives in a pineapple under the sea?'
pt = c9.pkcs7_pad(pt)
key = b'YELLOW SUBMARINE'
ct = aes_128_cbc_encrypt(pt, key)
pt2 = aes_128_cbc_decrypt(ct, key)
self.assertEqual(pt, pt2)
def bob(to_alice, from_alice):
"""
Simulates Bob's communication with Alice via DH. Bob decrypts the messages
then sends them back after re-encrypting under a new IV.
Args:
to_alice: a queue for sending messages to alice
from_alice: a queue for receiving messages from alice
"""
# A->B Send p,g,A
p, g, A = from_alice.get()
b, B = c33.diffie_hellman(p, g)
# B->A Send B
to_alice.put(B)
session_key = c33.make_session_key(A, b, p)
key = session_key[0:16]
msg = from_alice.get(0.5)
while msg:
msg_iv = msg[0:16]
msg = msg[16:]
d_msg = c10.aes_128_cbc_decrypt(msg, key, msg_iv)
d_msg = c9.pkcs7_unpad(d_msg)
iv = os.urandom(16)
d_msg = c9.pkcs7_pad(
d_msg) # i know this weird but it does perform a check
echo = c10.aes_128_cbc_encrypt(d_msg, key, iv)
echo = iv + echo
to_alice.put(echo)
try:
msg = from_alice.get(timeout=0.5)
except:
msg = False
def encryption_oracle():
"""
Encrypts a random string under AES-128-CBC
Returns:
A random, encrypted bytestring
"""
pt = random.choice(strs)
pt = c1.base64toascii(pt)
pt = c9.pkcs7_pad(pt)
return c10.aes_128_cbc_encrypt(pt, key, iv)
def encryption_oracle(txt):
"""
Black box encryption oracle that appends an unknown string to the given
text, pads it out, and encrypts under AES-128-ECB with an unknown key.
Args:
txt: The plaintext to be encrypted.
Returns:
AES-128-ECB(txt || unknown-string, random-key) as a bytestring
"""
return AES.new(key, AES.MODE_ECB).encrypt(c9.pkcs7_pad(txt + unknown))
def encode_profile(email):
"""
Encrypts the encoded profile cookie for the given email address.
Args:
email: The user's email address
Return:
The encrypted cookie
"""
prof = profile_for(email).encode("utf-8")
return AES.new(key, AES.MODE_ECB).encrypt(c9.pkcs7_pad(prof))
def encryption_oracle(txt):
"""
Encrypts the given text under a secret key with a secret, random prefix, and
and unknown suffix.
Args:
txt: The (attacker-controlled) text to be encrypted
Returns:
AES-128-ECB(random-prefix || txt || unknown-string, random-key)
"""
return AES.new(key,
AES.MODE_ECB).encrypt(c9.pkcs7_pad(rando + txt + unknown))
def encrypt_userdata(data):
"""
Encrypts the given data under AES-128-CBC with a secret key, after
appending and prepending data and quoting out metacharacters.
Args:
data: The user data to be encrypted
Returns:
AES-128-CBC(prefix || user-data || suffix, random-key)
"""
new_c = prefix + data.replace(b';', b'').replace(b'=', b'') + suffix
new_c = c9.pkcs7_pad(new_c)
return c10.aes_128_cbc_encrypt(new_c, key)
def alice(to_bob, from_bob, msgs):
"""
Simulates Alice's communication to Bob with DH. Alice checks that
the echo she receives back is the same as the message she sent.
Args:
to_bob: a queue for sending messages out to bob
from_bob: a queue for receiving messages from bob
msgs: list of messages to send to bob
"""
p = "0xffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024"
p += "e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd"
p += "3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec"
p += "6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f"
p += "24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361"
p += "c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552"
p += "bb9ed529077096966d670c354e4abc9804f1746c08ca237327fff"
p += "fffffffffffff"
p = int(p, 16)
g = 2
a, A = c33.diffie_hellman(p, g)
# A->B Send p,g,A
to_bob.put([p, g, A])
# B->A Send B
B = from_bob.get()
session_key = c33.make_session_key(B, a, p)
key = session_key[0:16]
for msg in msgs:
if DEBUG:
print('Sending msg: ' + str(msg))
iv = os.urandom(16)
e_msg = iv + c10.aes_128_cbc_encrypt(c9.pkcs7_pad(msg), key, iv)
# A->B Send AES-CBC(key,msg,iv) + iv
to_bob.put(e_msg)
# B->A echo
echo = from_bob.get()
echo_msg = echo[16:]
echo_iv = echo[0:16]
d_echo = c10.aes_128_cbc_decrypt(echo_msg, key, echo_iv)
d_echo = c9.pkcs7_unpad(d_echo)
if DEBUG:
print('Alice got echo: ' + str(d_echo))
assert d_echo == msg, d_echo
def alice(to_bob, from_bob, msgs):
"""
Simulates Alice's communication to Bob with DH. Alice checks that
the echo she receives back is the same as the message she sent.
Args:
to_bob: a queue for sending messages out to bob
from_bob: a queue for receiving messages from bob
msgs: list of messages to send to bob
"""
p = P
g = G
a, A = c33.diffie_hellman(p, g)
# A->B Send p,g
to_bob.put([p, g])
# B->A Send ACK
ack = from_bob.get()
assert ack == "ACK"
# A->B Send A
to_bob.put(A)
# B->A Send B
B = from_bob.get()
session_key = c33.make_session_key(B, a, p)
key = session_key[0:16]
for msg in msgs:
if DEBUG:
print('Sending msg: ' + str(msg))
iv = os.urandom(16)
e_msg = iv + c10.aes_128_cbc_encrypt(c9.pkcs7_pad(msg), key, iv)
# A->B Send AES-CBC(key,msg,iv) + iv
to_bob.put(e_msg)
# B->A echo
echo = from_bob.get()
echo_msg = echo[16:]
echo_iv = echo[0:16]
d_echo = c10.aes_128_cbc_decrypt(echo_msg, key, echo_iv)
d_echo = c9.pkcs7_unpad(d_echo)
if DEBUG:
print('Alice got echo: ' + str(d_echo))
assert d_echo == msg, d_echo
def encryption_oracle(txt):
global expected
# GENERATE random key
key = os.urandom(16)
# GENERATE random number for ECB or CBC
ecb = bool(random.getrandbits(1))
expected.append(ecb)
# APPEND random bytes before and after
before = os.urandom(random.randint(5, 10))
after = os.urandom(random.randint(5, 10))
txt = before + txt + after
txt = c9.pkcs7_pad(txt)
ct = b''
# IF CBC
if not ecb:
# GENERATE random IV
iv = os.urandom(16)
ct = c10.aes_128_cbc_encrypt(txt, key, iv)
# ENCRYPT
else:
ct = AES.new(key, AES.MODE_ECB).encrypt(txt)
return ct