source: test/myweb.py @ 85

Last change on this file since 85 was 1, checked in by tmorgan, 12 years ago

moved to dedicated repository

File size: 1.6 KB
Line 
1'''
2Created on Sep 21, 2010
3
4Copyright (C) 2010 ELOI SANFÈLIX
5@author: Eloi Sanfelix < eloi AT limited-entropy.com >
6
7 This program is free software: you can redistribute it and/or modify
8 it under the terms of the GNU Lesser General Public License, version 3,
9 as published by the Free Software Foundation.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program.  If not, see <http://www.gnu.org/licenses/>.
18'''
19
20import web
21import struct
22from Crypto.Cipher import AES
23from base64 import b64decode,b64encode
24import time
25
26urls = ( '/padding/', 'padding')
27app = web.application(urls, globals())
28
29key = "cacacacacacacaca"
30
31def oracle(ctext):
32        oracleCipher = AES.new(key,AES.MODE_CBC,"\x00"*16)
33        ptext = oracleCipher.decrypt(ctext)
34        paddingLen = struct.unpack("B",ptext[-1])[0]
35        goodPadding = (ptext[-paddingLen:] == struct.pack("B",paddingLen)*paddingLen)
36       
37        return goodPadding
38
39def encrypt(data):
40        paddingLen = 16 - len(data) % 16
41        data = data + struct.pack("B",paddingLen)*paddingLen
42        cipher = AES.new(key,AES.MODE_CBC,"\x00"*16)
43        return b64encode(cipher.encrypt(data))
44
45class padding:
46        def GET(self):         
47                i = web.input(msg='secret!')
48                return encrypt(i.msg)
49       
50        def POST(self):
51                i = web.input(ctext=None)
52                if(i.ctext!=None and oracle(b64decode(i.ctext))):
53                        time.sleep(1)
54                return "Yeah!"
55
56if __name__ == "__main__": app.run()
Note: See TracBrowser for help on using the repository browser.