def test_diff_blocks(self): block_size = randint(5, 20) byte_1 = cu.random_bytes(10 * block_size) byte_2 = bytearray(byte_1) byte_2[2 * block_size:3 * block_size] = cu.random_bytes(block_size) byte_2[7 * block_size:8 * block_size] = cu.random_bytes(block_size) diff_blocks = cb.find_diff_blocks(byte_1, byte_2, block_size) self.assertEqual(diff_blocks, [2, 7])
def check_connection(self): """Encrypt a random message, send to server, and check that the response is a valid encrypted echo of that message.""" iv = cu.random_bytes() aes = AES.new(self.key, AES.MODE_CBC, iv) plain = cu.random_bytes(count=256) cipher = aes.encrypt(plain) cipher_server, iv_server = self.server.echo(cipher, iv) aes = AES.new(self.key, AES.MODE_CBC, iv_server) plain_server = aes.decrypt(cipher_server) return plain == plain_server, plain
def encryption_oracle(plain): key = cu.random_bytes() encrypt_ECB = choice([True, False]) before_bytes = cu.random_bytes(count=randint(5, 10)) after_bytes = cu.random_bytes(count=randint(5, 10)) plain = before_bytes + plain + after_bytes if encrypt_ECB: aes = AES.new(key, AES.MODE_ECB) plain = cb.pad_PKCS7(plain) return aes.encrypt(plain) else: iv = cu.random_bytes() return cb.encrypt_AES_CBC(plain, key, iv=iv)
def test_25(self): key = cu.random_bytes() nonce = cu.random_bytes(count=AES.block_size // 2) plain = cu.read_base64('data/Set_1_7.txt') ctr = cb.AES_CTR(key, nonce=nonce) cipher = ctr.process(plain) cipher_len = len(cipher) new_plain = bytes([14] * cipher_len) new_cipher = ctr.edit(cipher, 0, new_plain) keystream = cu.XOR_bytes(new_plain, new_cipher) recovered_plain = cu.XOR_bytes(keystream, cipher) self.assertEqual(recovered_plain, plain)
def test_19_20(self): cipher_list = [] plain_list = [] key = cu.random_bytes() ctr = cb.AES_CTR(key) with open('data/Set_3_19.txt', 'r') as f: for line in f: plain = cu.base64_to_bytes(line) plain_list.append(plain) cipher_list.append(ctr.process(plain)) ctr.reset() with open('data/Set_3_20.txt', 'r') as f: for line in f: plain = cu.base64_to_bytes(line) plain_list.append(plain) cipher_list.append(ctr.process(plain)) ctr.reset() min_len = len(min(cipher_list, key=len)) cipher_trunc = [x[:min_len] for x in cipher_list] cipher_cat = b''.join(cipher_trunc) keystream = cs.get_repeating_XOR_key(cipher_cat, min_len) plain_cat = cu.XOR_bytes(keystream, cipher_cat) plain_trunc = [ plain_cat[x:x + min_len] for x in range(0, len(plain_cat), min_len) ] total, correct = 0, 0 for real, guess in zip(plain_list, plain_trunc): total += 1 correct += real[:min_len].decode('utf-8').lower() == guess.decode( 'utf-8').lower() self.assertTrue(correct / total > 0.95)
def random_stream_encrypt(known): prefix_num = randint(10, 50) prefix = cu.random_bytes(count=prefix_num) plain = prefix + known key = randint(0, 0xffff) cipher = cr.MT19937_cipher(plain, key) return cipher, key
def PKCS1v1p5(plain, N): num_bytes = N // 8 plain_bytes = cu.int_to_bytes(plain) num_pad = num_bytes - 3 - len(plain_bytes) padding = cu.random_bytes(num_pad) padded = bytes([0, 2]) + padding + bytes([0]) + plain_bytes return int.from_bytes(padded, 'big')
def register_user(self, email, password): salt = cu.random_bytes(8) m = sha256() m.update(salt + bytes(password, 'utf-8')) xH = m.digest() x = int.from_bytes(xH, byteorder='big') verifier = pow(self.g, x, self.N) self.login_info[email] = (salt, verifier)
def echo(self, cipher, iv): key = cbc_keygen(self.secret) aes = AES.new(key, AES.MODE_CBC, iv) plain = aes.decrypt(cipher) iv = cu.random_bytes() aes = AES.new(key, AES.MODE_CBC, iv) return aes.encrypt(plain), iv
def test_ctr_edit(self): plain = cu.random_bytes(count=10 * AES.block_size) key = cu.random_bytes() nonce = cu.random_bytes(count=AES.block_size // 2) ctr = cb.AES_CTR(key, nonce=nonce) cipher = ctr.process(plain) new_plain_block = cu.random_bytes(count=2 * AES.block_size + 5) new_plain = bytearray(plain) offset_block = 4 offset = offset_block * AES.block_size new_plain[offset:offset + len(new_plain_block)] = new_plain_block new_cipher = ctr.edit(cipher, offset_block, new_plain_block) ctr.reset() test = ctr.process(new_cipher) self.assertEqual(new_plain, test)
def test_hmac(self): file = 'foo' sig = cu.bytes_to_hex(ch.HMAC(self.secret, file.encode())) bad_sig = cu.bytes_to_hex(cu.random_bytes(count=20)) good_get = f'/test?file={file}&signature={sig}' bad_get = f'/test?file={file}&signature={bad_sig}' response = self.client.get(good_get) self.assertEqual(response.status_code, 200) response = self.client.get(bad_get) self.assertEqual(response.status_code, 500)
def login(self, email, client_public): salt = cu.random_bytes(8) """This is the most important step! Under the simplified SRP protocol, the one bit of info (aside from the password) we don't know is the user's private key. But, it enters in form B**a % N. So, if we set B == g, this turns into the user's public key, which we do know.""" public = self.g scramble = randbelow(2**128) self.login_info[email] = (client_public, salt, scramble) return salt, public, scramble
from datetime import datetime from random import choice, randint from statistics import median from string import printable from time import perf_counter from unittest import TestCase from Crypto.Cipher import AES import crypto.block as cb import crypto.hash as ch import crypto.utils as cu import set4_server as server from test_set2 import encrypt16, decrypt16 SECRET_KEY = cu.random_bytes(count=randint(4, 32)) def encrypt27(): key = cu.random_bytes() plain = b"For you to even touch my skill, you gotta put the one killer bee and he ain't gonna kill" return cb.encrypt_AES_CBC(plain, key, iv=key), key def decrypt27(cipher, key): plain = cb.decrypt_AES_CBC(cipher, key, iv=key) if not all([x > 31 and x < 128 for x in plain]): raise ValueError(plain) def key_MAC(message, algo):
#import crypto_utils as cu from math import inf from random import choice, randint from unittest import TestCase from Crypto.Cipher import AES from Crypto.Util.Padding import pad, unpad import crypto.block as cb import crypto.utils as cu UNKNOWN_KEY = cu.random_bytes() UNKNOWN_PLAIN = cu.base64_to_bytes( 'Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkgaGFpciBjYW4gYm'\ +'xvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBqdXN0IHRvIHNheSBoaQpEaWQgeW91'\ +'IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUgYnkK') UNKNOWN_PREFIX = cu.random_bytes(randint(0, 24)) UNKNOWN_KEY_TWO = cu.random_bytes() UNKNOWN_IV = cu.random_bytes() UNKNOWN_NONCE = cu.random_bytes(count=AES.block_size // 2) PREFIX_TWO = b'comment1=cooking%20MCs;userdata=' SUFFIX_TWO = b';comment2=%20like%20a%20pound%20of%20bacon' def encryption_oracle(plain): key = cu.random_bytes() encrypt_ECB = choice([True, False]) before_bytes = cu.random_bytes(count=randint(5, 10)) after_bytes = cu.random_bytes(count=randint(5, 10)) plain = before_bytes + plain + after_bytes
def test_DSA(self): public, private = ck.gen_DSA_keys() message = cu.random_bytes(count=128) message_hash = get_sha1_int(message) signature = ck.sign_DSA(message_hash, private) self.assertTrue(ck.verify_DSA(message_hash, signature, public))
def encrypt27(): key = cu.random_bytes() plain = b"For you to even touch my skill, you gotta put the one killer bee and he ain't gonna kill" return cb.encrypt_AES_CBC(plain, key, iv=key), key
import crypto.utils as cu RANDOM_PLAINS = [ b'MDAwMDAwTm93IHRoYXQgdGhlIHBhcnR5IGlzIGp1bXBpbmc=', b'MDAwMDAxV2l0aCB0aGUgYmFzcyBraWNrZWQgaW4gYW5kIHRoZSBWZWdhJ3MgYXJlIHB1bXBpbic=', b'MDAwMDAyUXVpY2sgdG8gdGhlIHBvaW50LCB0byB0aGUgcG9pbnQsIG5vIGZha2luZw==', b'MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==', b'MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl', b'MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==', b'MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==', b'MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=', b'MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=', b'MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93' ] UNKNOWN_KEY = cu.random_bytes() UNKNOWN_IV = cu.random_bytes() def encrypt_random(): plain = choice(RANDOM_PLAINS) return UNKNOWN_IV + cb.encrypt_AES_CBC(plain, UNKNOWN_KEY, iv=UNKNOWN_IV) def pad_check(cipher): iv = cipher[:AES.block_size] cipher = cipher[AES.block_size:] plain = cb.decrypt_AES_CBC(cipher, UNKNOWN_KEY, iv=iv) try: _ = cb.unpad_PKCS7(plain) return True