def forward_and_decrypt(self, key: bytes) -> bytes: key = SHA1(key).digest()[:16] iv = self.received_cyphertext[-16:] message = de_pkcs7(decrypt_aes_cbc(key, iv, self.received_cyphertext[:-16])) self.peer.receive_message(self.received_cyphertext) return message
def forge_hash(m: bytes, m_prime: bytes, key: bytes, iv: bytes) -> bytes: t = cbc_mac(key, iv, pkcs7(m)) t_prime = cbc_mac(key, iv, m_prime) # We need to find m'' such that E_k(m'' xor t') = t # by solving D_k(t) xor t' = m''. m_prime_suffix = decrypt_aes_cbc(key, t_prime, t) return m_prime + m_prime_suffix
def padding_oracle(cyphertext, k = RANDOM_KEY, iv = IV): plaintext = decrypt_aes_cbc(cyphertext, k, iv) pad_length = plaintext[-1] return pad_length * bytes([pad_length]) == plaintext[-pad_length:]
def is_admin(cyphertext: bytes, key: bytes = RANDOM_KEY) -> bool: plaintext = decrypt_aes_cbc(key, iv=bytes(16), cyphertext=cyphertext) plaintext_str = plaintext.decode(errors="replace") return "admin=true" in plaintext_str
def receive_message(self, cyphertext: bytes) -> None: self.received_cyphertext = cyphertext iv = cyphertext[-16:] message = de_pkcs7(decrypt_aes_cbc(self._aes_key(), iv, cyphertext[:-16])) self.received_message = message
def is_admin(cyphertext, k = RANDOM_KEY): plaintext = decrypt_aes_cbc(cyphertext, k, iv = bytes(16)) plaintext = plaintext.decode(errors = "replace") return "admin=true" in plaintext
def oracle(cyphertext: bytes) -> Optional[bytes]: key = RANDOM_KEY plaintext = decrypt_aes_cbc(key, iv=key, cyphertext=cyphertext) if not ascii_compliant(plaintext): return plaintext return None
def padding_oracle(cyphertext: bytes) -> bool: plaintext = decrypt_aes_cbc(RANDOM_KEY, IV, cyphertext) pad_length = plaintext[-1] return pad_length * bytes([pad_length]) == plaintext[-pad_length:]
def decrypt(self, cyphertext: bytes = None) -> bytes: cyphertext = cyphertext or self._message_buffer.pop() iv = cyphertext[-16:] message = de_pkcs7( decrypt_aes_cbc(self._aes_key(), iv, cyphertext[:-16])) return message