Changeset 21 for lib

Timestamp:

12/09/12 14:27:47 (12 years ago)

Author:

tmorgan

Message:

fixed IV propagation to the oracle
documentation

File:

• lib/bletchley/CBC/__init__.py (modified) (10 diffs)

lib/bletchley/CBC/__init__.py

@@ -100 +100 @@
             raise InvalidBlockError(block_size,len(iv))
 
-        self._oracle = oracle
-        self._ciphertext = ciphertext
-        self._iv = iv
         self.block_size = block_size
         self.decrypted = decrypted
         self.threads = threads
         self.log_fh = log_file
+
+        self._oracle = oracle
+        self._ciphertext = ciphertext
+        if iv == None:
+            self._iv = '\x00'*self.block_size
+        else:
+            self._iv = iv
 
 
@@ -129 +133 @@
             tweaked = struct.unpack("B", prior[i])[0] ^ 0xFF
             tweaked = struct.pack("B", tweaked)
-            if not self._oracle(self._ciphertext+prior[:i]+tweaked+prior[i+1:]+final):
+            if not self._oracle(self._ciphertext+prior[:i]+tweaked+prior[i+1:]+final, self._iv):
                 break
 
@@ -139 +143 @@
             tweaked = struct.unpack("B", prior[-1])[0] ^ (pad_length^1)
             tweaked = struct.pack("B", tweaked)
-            if self._oracle(self._ciphertext+prior[:-1]+tweaked+final):
+            if self._oracle(self._ciphertext+prior[:-1]+tweaked+final, self._iv):
                 ret_val = buffertools.pkcs7Pad(pad_length)
 
@@ -150 +154 @@
                 guess = struct.unpack("B", prior[-2])[0] ^ j
                 guess = struct.pack("B", guess)
-                if self._oracle(self._ciphertext+prior[:-2]+guess+tweaked+final):
+                if self._oracle(self._ciphertext+prior[:-2]+guess+tweaked+final, self._iv):
                     # XXX: Save the decrypted byte for later
                     ret_val = buffertools.pkcs7Pad(pad_length)
@@ -166 +170 @@
                 # Stop if another thread found the result
                 break
-            if self._oracle(str(prefix+struct.pack("B",b)+suffix)):
+            if self._oracle(str(prefix+struct.pack("B",b)+suffix), self._iv):
                 self._thread_result = b
                 break
@@ -242 +246 @@
             
             final = blocks[-1]
-            iv = self._iv
-            if iv == None:
-                iv = '\x00'*self.block_size
             if len(blocks) == 1:
                 # If only one block present, then try to use IV as prior
-                prior = iv
+                prior = self._iv
             else:
                 prior = blocks[-2]
@@ -253 +254 @@
             # Decrypt last block, starting with padding (quicker to decrypt)
             pad_bytes = self.probe_padding(prior, final)
+            if pad_bytes == None:
+                # XXX: custom exception
+                raise Exception
+
             decrypted = self.decrypt_block(prior, final, pad_bytes)
 
@@ -260 +265 @@
 
             # Finally decrypt first block
-            decrypted = self.decrypt_block(iv, blocks[0]) + decrypted
+            decrypted = self.decrypt_block(self._iv, blocks[0]) + decrypted
         
         # Start where we left off last
@@ -275 +280 @@
 
             # Finally decrypt first block
-            decrypted = self.decrypt_block(iv, blocks[0]) + decrypted
+            decrypted = self.decrypt_block(self._iv, blocks[0]) + decrypted
             
         return buffertools.stripPKCS7Pad(decrypted)
@@ -306 +311 @@
         NOTE: If your target messages do not include an IV with the
         ciphertext, you can instead opt to encrypt a suffix of the
-        message and include the IV as if it were a ciphertext block.
-        This block will decrypt to an uncontrollable random value, but
-        with careful placement, this might be ok.
+        message and include the IV in the the middle of the ciphertext as 
+        if it were an encrypted block. This one block alone will decrypt
+        to an uncontrollable random value, but with careful placement,
+        this might be ok.
 
         """