def cbc_avalanche_effect():
print('---------- CBC ----------')
plaintext = 'From:Lucas\nTo:Pedro\nContent:the CBC mode of encryption is vulnerable to bit flipping'
print('Original plaintext:', plaintext, sep='\n', end='\n\n')
ciphertext = cbc.encrypt(plaintext, KEY)
print('Ciphertext:', ciphertext, end="\n\n")
print('List of bytes of the ciphertext:',
list(ciphertext),
sep='\n',
end="\n\n")
plaintext = cbc.decrypt(ciphertext, KEY)
print('Decrypted ciphertext:', plaintext, sep='\n', end="\n\n")
plaintext = 'From:Lucas\nTo:Pedro\nContent:the CBC mode of encription is vulnerable to bit flipping'
print('Modified plaintext:', plaintext, sep='\n', end='\n\n')
ciphertext = cbc.encrypt(plaintext, KEY)
print('Ciphertext:', ciphertext, end="\n\n")
print('List of bytes of the ciphertext:',
list(ciphertext),
sep='\n',
end="\n\n")
plaintext = cbc.decrypt(ciphertext, KEY)
print('Decrypted ciphertext:', plaintext, sep='\n', end="\n\n")
def main():
random.seed(time.time())
# regular communication
message = "This is a secret message".decode("base64")
alice = DiffieHellman(NIST_GENERATOR, NIST_PRIME)
bob = DiffieHellman(NIST_GENERATOR, NIST_PRIME)
bob.get_response(alice.make_secret())
alice.get_response(bob.make_secret())
print "Alice's key:"
print "%r" % (alice.session_key(),)
print "Bob's key:"
print "%r" % (bob.session_key(),)
assert bob.session_key() == alice.session_key()
bob_iv = os.urandom(16)
alice_iv = os.urandom(16)
alice_message = alice_iv + cbc.encrypt(alice.session_key()[:16], message, IV = alice_iv)
bob_message = bob_iv + cbc.encrypt(bob.session_key()[:16], cbc.decrypt(bob.session_key()[:16], alice_message)[16:], IV = bob_iv)
# mitm'd
message = "Tm8gb25lIGNhbiByZWFkIHRoaXM=".decode("base64")
alice = DiffieHellman(NIST_GENERATOR, NIST_PRIME)
bob = DiffieHellman(NIST_GENERATOR, NIST_PRIME)
mitm = DiffieHellman(NIST_GENERATOR, NIST_PRIME)
alice.make_secret()
bob.make_secret()
bob.get_response(NIST_PRIME)
alice.get_response(NIST_PRIME)
assert bob.session_key() == alice.session_key()
real_key = bob.session_key()
alice_message = alice_iv + cbc.encrypt(alice.session_key()[:16], message, IV = alice_iv)
relayed_msg = alice_message
bob_message = bob_iv + cbc.encrypt(bob.session_key()[:16], cbc.decrypt(bob.session_key()[:16], relayed_msg)[16:], IV = bob_iv)
injected_key = sha1.sha1(hex(0).strip("0xL")).hexdigest().decode("hex")
print "Alice and Bob's secret message:"
print "%r" % (cbc.decrypt(injected_key[:16], relayed_msg)[16:],)
def pcbc_bitflipping():
print('---------- PCBC ----------')
plaintext = 'From:Lucas\nTo:Pedro\nContent:the PCBC mode of encryption is NOT vulnerable to bit flipping'
print('Original plaintext:', plaintext, sep='\n', end='\n\n')
ciphertext = cbc.encrypt(plaintext, KEY)
##### modifying the IV to bitflip the first block #####
iv = bytearray(ciphertext[:pcbc.IV_SIZE])
iv[5:] = common.xor(iv[5:], common.xor(b'Lucas', b'Mario'))
ciphertext = bytes(iv) + ciphertext[pcbc.IV_SIZE:]
#######################################################
print('Bitflipping Lucas to Mario...')
plaintext = pcbc.decrypt(ciphertext, KEY)
print('Decrypted ciphertext:', plaintext, sep='\n', end="\n\n")
print('List of bytes of the plaintext:',
list(bytes(plaintext, 'utf-8')),
sep='\n',
end="\n\n")
##### modifying the second block #####
block = bytearray(ciphertext[pcbc.BLOCK_SIZE:pcbc.BLOCK_SIZE * 2])
block[4:9] = common.xor(block[4:9], common.xor(b'Pedro', b'Mario'))
ciphertext = ciphertext[:pcbc.
BLOCK_SIZE] + block + ciphertext[pcbc.BLOCK_SIZE *
2:]
######################################
print('Bitflipping Pedro to Mario...')
plaintext = pcbc.decrypt(ciphertext, KEY)
print('Decrypted ciphertext:', plaintext, end="\n\n")
def sendData(self, obj):
plaintext = self.data_to_send.text
ciphertext = CBC.encrypt(self.cipher, plaintext)
self.console.text = self.console.text + '\n' + 'Text to be sent: ' + self.data_to_send.text
hmacVal = hmac_gen.genHmac(self.shared_secret_hash, plaintext)
print "[Outgoing] encrypted ciphertext to send: " + ciphertext
print "[Outgoing] hmac value " + hmacVal
self.socket.sendall(MSG_TYPE_REGULAR + hmacVal + ciphertext + TERMINATORS)
self.data_to_send.text = ''
def sendData(self, obj):
plaintext = self.data_to_send.text
ciphertext = CBC.encrypt(self.cipher, plaintext)
self.console.text = self.console.text + '\n' + 'Text to be sent: ' + self.data_to_send.text
hmacVal = hmac_gen.genHmac(self.shared_secret_hash, plaintext)
print "[Outgoing] encrypted ciphertext to send: " + ciphertext
print "[Outgoing] hmac value " + hmacVal
self.socket.sendall(MSG_TYPE_REGULAR + hmacVal + ciphertext +
TERMINATORS)
self.data_to_send.text = ''
def encryption_oracle(ptext):
key = get_random_AES_key()
random.seed(None)
before = random.randint(5, 10)
after = random.randint(5, 10)
btext = get_random_bytes(before)
btext += ptext.encode('UTF-8')
btext += get_random_bytes(after)
if (random.randint(0, 1) == 0):
if ((len(btext) % 16) != 0):
btext = padding.padding(btext, len(btext) + 16 - (len(btext) % 16))
obj = AES.new(bytes(key), AES.MODE_ECB)
cip = obj.encrypt(bytes(btext))
#print ("ECB")
else:
iv = get_random_bytes(16)
cip = cbc.encrypt(btext, bytes(key), iv)
#print ("CBC")
return cip
def encryption_oracle(ptext):
key=get_random_AES_key()
random.seed(None)
before = random.randint(5, 10)
after = random.randint(5, 10)
btext = get_random_bytes(before)
btext += ptext.encode('UTF-8')
btext += get_random_bytes(after)
if(random.randint(0, 1)==0):
if ((len(btext)%16)!=0):
btext = padding.padding(btext, len(btext)+ 16 -(len(btext)%16))
obj = AES.new(bytes(key), AES.MODE_ECB)
cip = obj.encrypt(bytes(btext))
#print ("ECB")
else:
iv=get_random_bytes(16)
cip = cbc.encrypt(btext, bytes(key), iv)
#print ("CBC")
return cip
def test(self): cipherText = cbc.encrypt(self.encryptCipher, self.message) print cipherText plainText = cbc.decrypt(self.decryptCipher, cipherText) print plainText self.assertEqual(plainText, self.message)
import cbc
inp = "Yellow Submarine is cool"
key = ("YELLOW SUBMARINE").encode('UTF-8')
iv = bytes(16)
ip = inp.encode('UTF-8')
a = cbc.encrypt(ip, key, iv)
print(a)
b = cbc.decrypt(a, key, iv)
print(b)
def get_ciphertext():
return cbc.encrypt(random_key, random.choice(plaintexts).decode("base64"))
def test(self):
cipherText = cbc.encrypt(self.encryptCipher, self.message)
print cipherText
plainText = cbc.decrypt(self.decryptCipher, cipherText)
print plainText
self.assertEqual(plainText, self.message)
import cbc
inp = "Yellow Submarine is cool"
key= ("YELLOW SUBMARINE").encode('UTF-8')
iv = bytes(16)
ip = inp.encode('UTF-8')
a = cbc.encrypt(ip, key, iv)
print (a)
b = cbc.decrypt(a, key, iv)
print (b)
def main():
random.seed(time.time())
# regular communication
message = "This is a secret message".decode("base64")
alice = DiffieHellman(NIST_GENERATOR, NIST_PRIME)
bob = DiffieHellman(NIST_GENERATOR, NIST_PRIME)
bob.get_response(alice.make_secret())
alice.get_response(bob.make_secret())
assert bob.session_key() == alice.session_key()
# g = 1
# 1^x = 1 mod p for any x
message = "ZyA9IDEgc3V4=".decode("base64")
alice = DiffieHellman(1, NIST_PRIME)
bob = DiffieHellman(1, NIST_PRIME)
bob.get_response(alice.make_secret())
alice.get_response(bob.make_secret())
assert bob.session_key() == alice.session_key()
real_key = bob.session_key()
bob_iv = os.urandom(16)
alice_iv = os.urandom(16)
alice_message = alice_iv + cbc.encrypt(alice.session_key()[:16], message, IV = alice_iv)
relayed_msg = alice_message
bob_message = bob_iv + cbc.encrypt(bob.session_key()[:16], cbc.decrypt(bob.session_key()[:16], relayed_msg)[16:], IV = bob_iv)
injected_key = sha1.sha1(hex(1).strip("0xL")).hexdigest().decode("hex")
print "g = 1:"
print "Alice and Bob's secret message:"
print "%r" % (cbc.decrypt(injected_key[:16], relayed_msg)[16:],)
# g = p
# p^x = 0 mod p for any x
message = "ZyA9IHAgaXMgdXNlbGVzcw==".decode("base64")
alice = DiffieHellman(NIST_PRIME, NIST_PRIME)
bob = DiffieHellman(NIST_PRIME, NIST_PRIME)
bob.get_response(alice.make_secret())
alice.get_response(bob.make_secret())
assert bob.session_key() == alice.session_key()
real_key = bob.session_key()
bob_iv = os.urandom(16)
alice_iv = os.urandom(16)
alice_message = alice_iv + cbc.encrypt(alice.session_key()[:16], message, IV = alice_iv)
relayed_msg = alice_message
bob_message = bob_iv + cbc.encrypt(bob.session_key()[:16], cbc.decrypt(bob.session_key()[:16], relayed_msg)[16:], IV = bob_iv)
injected_key = sha1.sha1(hex(0).strip("0xL")).hexdigest().decode("hex")
print "g = p:"
print "Alice and Bob's secret message:"
print "%r" % (cbc.decrypt(injected_key[:16], relayed_msg)[16:],)
# g = p - 1
# If the exponent is even the result will be 1, if odd, it will be (p-1)
# for that reason, in any combination of results, the final session key will always be either 1 or p-1 (only if both a & b turned out odd thus g^a == g^b == p-1 == g^ab)
message = "ZXZlbiBvciBvZGQ/".decode("base64")
alice = DiffieHellman(NIST_PRIME-1 , NIST_PRIME)
bob = DiffieHellman(NIST_PRIME-1, NIST_PRIME)
alice_secret = alice.make_secret()
bob_secret = bob.make_secret()
bob.get_response(alice_secret)
alice.get_response(bob_secret)
assert bob.session_key() == alice.session_key()
real_key = bob.session_key()
bob_iv = os.urandom(16)
alice_iv = os.urandom(16)
alice_message = alice_iv + cbc.encrypt(alice.session_key()[:16], message, IV = alice_iv)
relayed_msg = alice_message
bob_message = bob_iv + cbc.encrypt(bob.session_key()[:16], cbc.decrypt(bob.session_key()[:16], relayed_msg)[16:], IV = bob_iv)
if (alice_secret + bob_secret == 2*(NIST_PRIME-1)):
# 25% chance of the session key being p-1
injected_key = sha1.sha1(hex(NIST_PRIME-1).strip("0xL")).hexdigest().decode("hex")
else:
injected_key = sha1.sha1(hex(1).strip("0xL")).hexdigest().decode("hex")
print "g = p-1:"
print "Alice and Bob's secret message:"
print "%r" % (cbc.decrypt(injected_key[:16], relayed_msg)[16:],)