Changeset 20

Timestamp:

12/06/12 18:35:28 (12 years ago)

Author:

tmorgan

Message:

added simple encode/decode command line tools

fixed problem with percent encoding by allowing for a third result of tests

implemented (untested) resumption of decryption for POA

more POA documentation and logging

Files:

• bin/bletchley-decode (added)
• bin/bletchley-encode (added)
• doc/TODO (modified) (1 diff)
• lib/bletchley/CBC/__init__.py (modified) (6 diffs)
• lib/bletchley/blobtools.py (modified) (4 diffs)

doc/TODO

@@ -3 +3 @@
 
 * PaddingOracle
-  - change print statements to configurable debug statements
-
-* New tools for easy scripted encoding/decoding at command line
+  - Enable resumption of decryption in case of failure
 
 

lib/bletchley/CBC/__init__.py

@@ -35 +35 @@
       WTLS" by Serge Vaudenay (2002)
 
-    POA objects are not thread-safe.  If multiple threads need to work
+    POA objects are not caller thread-safe.  If multiple threads need to work
     simultaneously on the same ciphertext and oracle, create a
-    separate instance.
+    separate instance. POA objects can execute tasks internally using
+    multiple threads, however.
 
     """
@@ -63 +64 @@
          results in a correct padding upon decryption and False
          otherwise.  This function should implement the prototype:
-           def myOracle(ciphertext, iv)
+           def myOracle(ciphertext, iv): ...
          If the initialization vector (iv) is unknown is not included in
          the ciphertext message, it can be ignored in the oracle
@@ -210 +211 @@
         
         if self._thread_result == None:
+            self.log_message("Value of a byte could not be determined.  Current plaintext suffix: "+ repr(self.decrypted))
             raise Exception
 
@@ -230 +232 @@
     # XXX: Add logic to begin where decryption previously left off
     def decrypt(self):
-        """Decrypts a message using CBC mode. If the IV is not provided,
-        it assumes a null IV.
+        """Decrypts the previously supplied ciphertext. If the IV was
+        not provided, it assumes a IV of zero bytes.
 
         """
@@ -237 +239 @@
         blocks = buffertools.splitBuffer(self._ciphertext, self.block_size)
 
-        final = blocks[-1]
-        iv = self._iv
-        if iv == None:
-            iv = '\x00'*self.block_size
-        if len(blocks) == 1:
-            # If only one block present, then try to use IV as prior
-            prior = iv
-        else:
-            prior = blocks[-2]
-
-        # Decrypt last block, starting with padding (quicker to decrypt)
-        pad_bytes = self.probe_padding(prior, final)
-        decrypted = self.decrypt_block(prior, final, pad_bytes)
-
-        # Now decrypt all other blocks except first block
-        for i in range(len(blocks)-2, 0, -1):
-            decrypted = self.decrypt_block(blocks[i-1], blocks[i]) + decrypted
-
-        # Finally decrypt first block
-        decrypted = self.decrypt_block(iv, blocks[0]) + decrypted
-        
+        if len(self.decrypted) == 0:
+            
+            final = blocks[-1]
+            iv = self._iv
+            if iv == None:
+                iv = '\x00'*self.block_size
+            if len(blocks) == 1:
+                # If only one block present, then try to use IV as prior
+                prior = iv
+            else:
+                prior = blocks[-2]
+
+            # Decrypt last block, starting with padding (quicker to decrypt)
+            pad_bytes = self.probe_padding(prior, final)
+            decrypted = self.decrypt_block(prior, final, pad_bytes)
+
+            # Now decrypt all other blocks except first block
+            for i in range(len(blocks)-2, 0, -1):
+                decrypted = self.decrypt_block(blocks[i-1], blocks[i]) + decrypted
+
+            # Finally decrypt first block
+            decrypted = self.decrypt_block(iv, blocks[0]) + decrypted
+        
+        # Start where we left off last
+        # XXX: test this
+        else: 
+            num_partial = len(self.decrypted) % self.block_size
+            finished_blocks = len(self.decrypted) / self.block_size
+            partial = self.decrypted[0:num_partial]
+            decrypted = self.decrypted[num_partial:]
+
+            for i in range(-1-finished_blocks, 0, -1):
+                decrypted = self.decrypt_block(blocks[i-1], blocks[i], partial)
+                partial = ''
+
+            # Finally decrypt first block
+            decrypted = self.decrypt_block(iv, blocks[0]) + decrypted
+            
         return buffertools.stripPKCS7Pad(decrypted)
 
 
     def encrypt_block(self, plaintext, ciphertext):
+        """Encrypts a block of plaintext.  This is accomplished by
+        decrypting the supplied ciphertext and then computing the prior
+        block needed to create the desired plaintext at the ciphertext's
+        location. 
+
+        Returns the calculated prior block and the provided ciphertext
+        block as a tuple.
+
+        """
         if len(plaintext) != self.block_size or len(plaintext) != len(ciphertext):
             raise InvalidBlockError(self.block_size,len(plaintext))
@@ -270 +298 @@
     
     
-    # XXX: Add option to encrypt only the last N blocks.  Supplying a shorter
-    #      plaintext and subsequent concatenation can easily achieve this as well...
     def encrypt(self,plaintext):
+        """Encrypts a plaintext value through "CBC-R" style prior-block
+        propagation.
+        
+        Returns a tuple of the IV and ciphertext.  
+
+        NOTE: If your target messages do not include an IV with the
+        ciphertext, you can instead opt to encrypt a suffix of the
+        message and include the IV as if it were a ciphertext block.
+        This block will decrypt to an uncontrollable random value, but
+        with careful placement, this might be ok.
+
+        """
+
         blocks = buffertools.splitBuffer(buffertools.pkcs7PadBuffer(plaintext, self.block_size), 
                                          self.block_size)

lib/bletchley/blobtools.py

@@ -41 +41 @@
     def isExample(self, blob):
         sblob = frozenset(blob)
-        return ((self.charset == None or sblob.issubset(self.charset)) and self.extraTests(blob))
+        if self.charset != None and not sblob.issubset(self.charset):
+            return False
+        return self.extraTests(blob)
     
     def extraTests(self, blob):
+        """May return True, False, or None, for is an example, isn't an
+        example, or unknown, respectively. 
+
+        """
         return True
 
@@ -254 +260 @@
         chunks = blob.split('%')
         if len(chunks) < 2:
-            return False
+            return None
         for c in chunks[1:]:
             if len(c) < 2:
@@ -320 +326 @@
 
 def possibleEncodings(blob):
-    ret_val = set()
+    likely = set()
+    possible = set()
     for name,encoding in encodings.items():
-        if encoding.isExample(blob):
-            ret_val.add(name)
-    return ret_val
+        result = encoding.isExample(blob)
+        if result == True:
+            likely.add(name)
+        elif result == None:
+            possible.add(name)
+    return likely,possible
 
 
 def encodingIntersection(blobs):
     ret_val = set(encodings.keys())
+    p = set(encodings.keys())
     for b in blobs:
-        ret_val &= possibleEncodings(b)
-
-    return ret_val
+        likely,possible = possibleEncodings(b)
+        ret_val &= likely | possible
+        p &= possible
+    return ret_val - p
 
 
@@ -404 +416 @@
 
 
+#XXX: move this to buffertools
 def smartPermutateBlobs(blobs, block_size=8):
     """