- Timestamp:
- 12/09/12 14:27:47 (12 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
lib/bletchley/CBC/__init__.py
r20 r21 100 100 raise InvalidBlockError(block_size,len(iv)) 101 101 102 self._oracle = oracle103 self._ciphertext = ciphertext104 self._iv = iv105 102 self.block_size = block_size 106 103 self.decrypted = decrypted 107 104 self.threads = threads 108 105 self.log_fh = log_file 106 107 self._oracle = oracle 108 self._ciphertext = ciphertext 109 if iv == None: 110 self._iv = '\x00'*self.block_size 111 else: 112 self._iv = iv 109 113 110 114 … … 129 133 tweaked = struct.unpack("B", prior[i])[0] ^ 0xFF 130 134 tweaked = struct.pack("B", tweaked) 131 if not self._oracle(self._ciphertext+prior[:i]+tweaked+prior[i+1:]+final ):135 if not self._oracle(self._ciphertext+prior[:i]+tweaked+prior[i+1:]+final, self._iv): 132 136 break 133 137 … … 139 143 tweaked = struct.unpack("B", prior[-1])[0] ^ (pad_length^1) 140 144 tweaked = struct.pack("B", tweaked) 141 if self._oracle(self._ciphertext+prior[:-1]+tweaked+final ):145 if self._oracle(self._ciphertext+prior[:-1]+tweaked+final, self._iv): 142 146 ret_val = buffertools.pkcs7Pad(pad_length) 143 147 … … 150 154 guess = struct.unpack("B", prior[-2])[0] ^ j 151 155 guess = struct.pack("B", guess) 152 if self._oracle(self._ciphertext+prior[:-2]+guess+tweaked+final ):156 if self._oracle(self._ciphertext+prior[:-2]+guess+tweaked+final, self._iv): 153 157 # XXX: Save the decrypted byte for later 154 158 ret_val = buffertools.pkcs7Pad(pad_length) … … 166 170 # Stop if another thread found the result 167 171 break 168 if self._oracle(str(prefix+struct.pack("B",b)+suffix) ):172 if self._oracle(str(prefix+struct.pack("B",b)+suffix), self._iv): 169 173 self._thread_result = b 170 174 break … … 242 246 243 247 final = blocks[-1] 244 iv = self._iv245 if iv == None:246 iv = '\x00'*self.block_size247 248 if len(blocks) == 1: 248 249 # If only one block present, then try to use IV as prior 249 prior = iv250 prior = self._iv 250 251 else: 251 252 prior = blocks[-2] … … 253 254 # Decrypt last block, starting with padding (quicker to decrypt) 254 255 pad_bytes = self.probe_padding(prior, final) 256 if pad_bytes == None: 257 # XXX: custom exception 258 raise Exception 259 255 260 decrypted = self.decrypt_block(prior, final, pad_bytes) 256 261 … … 260 265 261 266 # Finally decrypt first block 262 decrypted = self.decrypt_block( iv, blocks[0]) + decrypted267 decrypted = self.decrypt_block(self._iv, blocks[0]) + decrypted 263 268 264 269 # Start where we left off last … … 275 280 276 281 # Finally decrypt first block 277 decrypted = self.decrypt_block( iv, blocks[0]) + decrypted282 decrypted = self.decrypt_block(self._iv, blocks[0]) + decrypted 278 283 279 284 return buffertools.stripPKCS7Pad(decrypted) … … 306 311 NOTE: If your target messages do not include an IV with the 307 312 ciphertext, you can instead opt to encrypt a suffix of the 308 message and include the IV as if it were a ciphertext block. 309 This block will decrypt to an uncontrollable random value, but 310 with careful placement, this might be ok. 313 message and include the IV in the the middle of the ciphertext as 314 if it were an encrypted block. This one block alone will decrypt 315 to an uncontrollable random value, but with careful placement, 316 this might be ok. 311 317 312 318 """
Note: See TracChangeset
for help on using the changeset viewer.