Created
February 22, 2013 22:47
-
-
Save HarryR/5017218 to your computer and use it in GitHub Desktop.
Injects 2 blocks into a CBC-MAC stream with the resulting MAC being the same. Aka the 'CBC-MAC splicing attack'
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from Crypto.Cipher import AES | |
| from Crypto.Util.strxor import strxor | |
| from binascii import hexlify | |
| K = '0123456789abcdef' | |
| cipher = AES.new(K, AES.MODE_ECB) | |
| # Original Message | |
| M1 = K | |
| M2 = K | |
| Cm0 = cipher.encrypt('\0' * AES.block_size) | |
| Cm1 = cipher.encrypt(strxor(Cm0,M1)) | |
| Tm = Cm2 = cipher.encrypt(strxor(Cm1,M2)) | |
| N1 = 'iheiowehfiowehfw' | |
| # Inject second message after the first message | |
| Cx0 = cipher.encrypt('\0' * AES.block_size) | |
| Cx1 = cipher.encrypt(strxor(Cx0,M1)) | |
| Cx2 = cipher.encrypt(strxor(Cx1,N1)) | |
| # X needs to *encrypt* to the same value as Cm1 | |
| X = strxor(cipher.decrypt(Cx1),Cx2) | |
| Cx3 = cipher.encrypt(strxor(Cx2,X)) | |
| Tx = Cx4 = cipher.encrypt(strxor(Cx3,M2)) | |
| print "Tm = '%s'" % hexlify(Tm) | |
| print "Tx = '%s'" % hexlify(Tx) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment