def test_fixed_nonce_ctr(self):
from base64 import b64decode
texts = list(map(b64decode,
open("res/19.txt", "r").read().split("\n")))
key = cryplib.random_bytes(16)
ciphertexts = [
cryplib.aes_ctr(text, key,
bytes([0]) * 8) for text in texts
]
maximum_len = max(list(map(len, ciphertexts)))
# for debug
plain = bytes([0]) * maximum_len
encrypted_plain = cryplib.aes_ctr(plain, key, bytes([0]) * 8)
keystream = cryplib.xor(plain, encrypted_plain)
# end for debug
# p1 + k = c1
# c1 + c2 = p1 + p2
decrypted_keystream = b""
# decrypted_keystream = cryplib.xor(ciphertexts[0], b"I ")[:2]
# decrypted_keystream = cryplib.xor(ciphertexts[27], b"He ")[2:3]
# decrypted_keystream = cryplib.xor(ciphertexts[20], b"What ")[:len(b"What ")]
# decrypted_keystream = cryplib.xor(ciphertexts[1], b"Coming ")[:len(b"Coming ")]
# decrypted_keystream = cryplib.xor(ciphertexts[21], b"When you")[:len(b"When you")]
# decrypted_keystream = cryplib.xor(ciphertexts[28], b"So sensitive")[:len(b"So sensitive")]
# decrypted_keystream = cryplib.xor(ciphertexts[27], b"He might have")[:len(b"He might have")]
# decrypted_keystream = cryplib.xor(ciphertexts[13], b"But lived where")[:len(b"But lived where")]
# decrypted_keystream = cryplib.xor(ciphertexts[0], b"I have met them ")[:len(b"I have met them ")]
# decrypted_keystream = cryplib.xor(ciphertexts[4], b"I have passed with")[:len(b"I have passed with")]
# decrypted_keystream = cryplib.xor(ciphertexts[12], b"Being certain that ")[:len(b"Being certain that ")]
# decrypted_keystream = cryplib.xor(ciphertexts[34], b"Yet I number him in ")[:len(b"Yet I number him in ")]
# decrypted_keystream = cryplib.xor(ciphertexts[15], b"A terrible beauty is ")[:len(b"A terrible beauty is ")]
# decrypted_keystream = cryplib.xor(ciphertexts[11], b"Around the fire at the")[:len(b"Around the fire at the")]
# decrypted_keystream = cryplib.xor(ciphertexts[16], b"That woman's days were ")[:len(b"That woman's days were ")]
# decrypted_keystream = cryplib.xor(ciphertexts[12], b"Being certain that they ")[:len(b"Being certain that they ")]
# decrypted_keystream = cryplib.xor(ciphertexts[8], b"And thought before I had ")[:len(b"And thought before I had ")]
# decrypted_keystream = cryplib.xor(ciphertexts[35], b"He, too, has resigned his ")[:len(b"He, too, has resigned his ")]
# decrypted_keystream = cryplib.xor(ciphertexts[8], b"And thought before I had done")[:len(b"And thought before I had done")]
# decrypted_keystream = cryplib.xor(ciphertexts[27], b"He might have won fame in the ")[:len(b"He might have won fame in the ")]
# decrypted_keystream = cryplib.xor(ciphertexts[4], b"I have passed with a nod of the")[:len(b"I have passed with a nod of the")]
# decrypted_keystream = cryplib.xor(ciphertexts[25], b"This other his helper and friend")[:len(b"This other his helper and friend")]
# decrypted_keystream = cryplib.xor(ciphertexts[27], b"He might have won fame in the end")[:len(b"He might have won fame in the end")]
# decrypted_keystream = cryplib.xor(ciphertexts[4], b"I have passed with a nod of the head")[:len(b"I have passed with a nod of the head")]
decrypted_keystream = cryplib.xor(
ciphertexts[37], b"He, too, has been changed in his turn,"
)[:len(b"He, too, has been changed in his turn,")]
assert decrypted_keystream == keystream
def test_random_access_ctr(self):
plain = open("res/7_result.txt", "rb").read()
oracle = cryplib.CtrOracle()
ciphertext = oracle.encrypt(plain)
keystream = oracle.edit(ciphertext, 0, bytes([0]) * len(ciphertext))
decrypted_plain = cryplib.xor(ciphertext, keystream)
print(decrypted_plain)
def test_repeatxor(self):
answ = cryplib.xor(
b"Burning 'em, if you ain't quick and nimble\nI go crazy when I hear a cymbal",
b"ICE")
assert (
bytes.hex(answ) ==
"0b3637272a2b2e63622c2e69692a23693a2a3c6324202d623d63343c2a2622632427276527"
"2a282b2f20430a652e2c652a3124333a653e2b2027630c692b20283165286326302e27282f"
)
def test_fixed_nonce_ctr_(self):
from base64 import b64decode
texts = list(map(b64decode,
open("res/19.txt", "r").read().split("\n")))
key = cryplib.random_bytes(16)
ciphertext = [
cryplib.aes_ctr(text, key,
bytes([0]) * 8) for text in texts
]
maximum_len = max(list(map(len, ciphertext)))
plain = bytes([0]) * maximum_len
encrypted_plain = cryplib.aes_ctr(plain, key, bytes([0]) * 8)
keystream = cryplib.xor(plain, encrypted_plain)
flag = True
for i in range(len(ciphertext)):
hacked = cryplib.xor(ciphertext[i], keystream)
if hacked != texts[i]:
flag = False
assert flag is True
def test_recover_key_attack(self):
oracle = cryplib.RecoverKeyOracle()
block_size = cryplib.AES.block_size
ciphertext = oracle.encrypt(b's' * block_size + b'c' * block_size +
b'r' * block_size)
status, fail_plain = oracle.decrypt(ciphertext[:block_size] +
bytes([0]) * block_size +
ciphertext[:block_size])
if not status:
key = cryplib.xor(fail_plain[:block_size],
fail_plain[-block_size:])
assert key == oracle.key
def test_fixed_nonce_ctr_stat(self):
from base64 import b64decode, b64encode
texts = list(map(b64decode,
open("res/19.txt", "r").read().split("\n")))
key = cryplib.random_bytes(16)
ciphertexts = {
texts.index(text): cryplib.aes_ctr(text, key,
bytes([0]) * 8)
for text in texts
}
# for debug
maximum_len = max(list(map(len, ciphertexts.values())))
plain = bytes([0]) * maximum_len
encrypted_plain = cryplib.aes_ctr(plain, key, bytes([0]) * 8)
keystream = cryplib.xor(plain, encrypted_plain)
# end for debug
answer = {i: b'' for i in range(len(ciphertexts.values()))}
not_empty_ciphertexts = {
k: v
for k, v in ciphertexts.items() if len(v) != 0
}
my_keystream = bytes()
prev_min_len = 0
for _ in range(len(ciphertexts.values())):
not_empty_ciphertexts = {
k: v
for k, v in not_empty_ciphertexts.items() if len(v) != 0
}
try:
min_len = min(map(len, not_empty_ciphertexts.values()))
except ValueError:
break
concated = bytes()
used_indexes = list()
for k, v in not_empty_ciphertexts.items():
concated += v[:min_len]
used_indexes.append(k)
concated_decrypted = cryplib.attack_repeatingxor(
b64encode(concated))
list_decrypted = [
concated_decrypted['plain'][i:i + min_len]
for i in range(0, len(concated_decrypted['plain']), min_len)
]
j = 0
for i in used_indexes:
answer[i] += list_decrypted[j]
j += 1
not_empty_ciphertexts = {
k: (v if len(v) > min_len else '')
for k, v in not_empty_ciphertexts.items()
}
my_keystream += concated_decrypted['key'][prev_min_len:]
prev_min_len = min_len
assert keystream[:20] == my_keystream[:20]