Changeset 21 for lib


Ignore:
Timestamp:
12/09/12 14:27:47 (12 years ago)
Author:
tmorgan
Message:

fixed IV propagation to the oracle
documentation

File:
1 edited

Legend:

Unmodified
Added
Removed
  • lib/bletchley/CBC/__init__.py

    r20 r21  
    100100            raise InvalidBlockError(block_size,len(iv))
    101101
    102         self._oracle = oracle
    103         self._ciphertext = ciphertext
    104         self._iv = iv
    105102        self.block_size = block_size
    106103        self.decrypted = decrypted
    107104        self.threads = threads
    108105        self.log_fh = log_file
     106
     107        self._oracle = oracle
     108        self._ciphertext = ciphertext
     109        if iv == None:
     110            self._iv = '\x00'*self.block_size
     111        else:
     112            self._iv = iv
    109113
    110114
     
    129133            tweaked = struct.unpack("B", prior[i])[0] ^ 0xFF
    130134            tweaked = struct.pack("B", tweaked)
    131             if not self._oracle(self._ciphertext+prior[:i]+tweaked+prior[i+1:]+final):
     135            if not self._oracle(self._ciphertext+prior[:i]+tweaked+prior[i+1:]+final, self._iv):
    132136                break
    133137
     
    139143            tweaked = struct.unpack("B", prior[-1])[0] ^ (pad_length^1)
    140144            tweaked = struct.pack("B", tweaked)
    141             if self._oracle(self._ciphertext+prior[:-1]+tweaked+final):
     145            if self._oracle(self._ciphertext+prior[:-1]+tweaked+final, self._iv):
    142146                ret_val = buffertools.pkcs7Pad(pad_length)
    143147
     
    150154                guess = struct.unpack("B", prior[-2])[0] ^ j
    151155                guess = struct.pack("B", guess)
    152                 if self._oracle(self._ciphertext+prior[:-2]+guess+tweaked+final):
     156                if self._oracle(self._ciphertext+prior[:-2]+guess+tweaked+final, self._iv):
    153157                    # XXX: Save the decrypted byte for later
    154158                    ret_val = buffertools.pkcs7Pad(pad_length)
     
    166170                # Stop if another thread found the result
    167171                break
    168             if self._oracle(str(prefix+struct.pack("B",b)+suffix)):
     172            if self._oracle(str(prefix+struct.pack("B",b)+suffix), self._iv):
    169173                self._thread_result = b
    170174                break
     
    242246           
    243247            final = blocks[-1]
    244             iv = self._iv
    245             if iv == None:
    246                 iv = '\x00'*self.block_size
    247248            if len(blocks) == 1:
    248249                # If only one block present, then try to use IV as prior
    249                 prior = iv
     250                prior = self._iv
    250251            else:
    251252                prior = blocks[-2]
     
    253254            # Decrypt last block, starting with padding (quicker to decrypt)
    254255            pad_bytes = self.probe_padding(prior, final)
     256            if pad_bytes == None:
     257                # XXX: custom exception
     258                raise Exception
     259
    255260            decrypted = self.decrypt_block(prior, final, pad_bytes)
    256261
     
    260265
    261266            # Finally decrypt first block
    262             decrypted = self.decrypt_block(iv, blocks[0]) + decrypted
     267            decrypted = self.decrypt_block(self._iv, blocks[0]) + decrypted
    263268       
    264269        # Start where we left off last
     
    275280
    276281            # Finally decrypt first block
    277             decrypted = self.decrypt_block(iv, blocks[0]) + decrypted
     282            decrypted = self.decrypt_block(self._iv, blocks[0]) + decrypted
    278283           
    279284        return buffertools.stripPKCS7Pad(decrypted)
     
    306311        NOTE: If your target messages do not include an IV with the
    307312        ciphertext, you can instead opt to encrypt a suffix of the
    308         message and include the IV as if it were a ciphertext block.
    309         This block will decrypt to an uncontrollable random value, but
    310         with careful placement, this might be ok.
     313        message and include the IV in the the middle of the ciphertext as
     314        if it were an encrypted block. This one block alone will decrypt
     315        to an uncontrollable random value, but with careful placement,
     316        this might be ok.
    311317
    312318        """
Note: See TracChangeset for help on using the changeset viewer.