From 39ba5a7dacb5d8ca4d52600e96a49ad46936238c Mon Sep 17 00:00:00 2001 From: cyfraeviolae Date: Wed, 24 Aug 2022 16:15:46 -0400 Subject: work --- app.py | 46 ++++++++++++++++++++++++++++++++++++---------- 1 file changed, 36 insertions(+), 10 deletions(-) (limited to 'app.py') diff --git a/app.py b/app.py index 2177e9c..d573efc 100644 --- a/app.py +++ b/app.py @@ -1,6 +1,9 @@ import binascii from flask import Flask, render_template, request, redirect, url_for +from flask_wtf import FlaskForm +from wtforms import StringField +from wtforms.validators import DataRequired, Length, ValidationError from aesgcmanalysis import xor, gmac, gcm_encrypt, nonce_reuse_recover_secrets, gf128_to_bytes @@ -10,18 +13,41 @@ app = Flask(__name__) def index(): return render_template('index.html') +def hex_check(form, field): + if len(field.data) % 2 != 0: + raise ValidationError(f'not valid hex; must have even length') + if not all(c in '1234567890abcdef' for c in field.data): + raise ValidationError(f'not valid hex; contains non-hex character') + +def not_equal_to(other): + def helper(form, field): + print(other, form['m1'], field) + if other not in form: + return + if form[other].data == field.data: + raise ValidationError(f'must not be equal to {other}') + return helper + +class NonceReuseForm(FlaskForm): + key = StringField('key', validators=[DataRequired(), Length(min=32, max=32), hex_check]) + nonce = StringField('nonce', validators=[DataRequired(), Length(min=24, max=24), hex_check]) + m1 = StringField('first message', validators=[DataRequired(), Length(min=1, max=64)]) + m2 = StringField('second message', validators=[DataRequired(), Length(min=1, max=64), not_equal_to('m1')]) + mf = StringField('forged message', validators=[DataRequired(), Length(min=1, max=64)]) + @app.route('/nonce-reuse', methods=['GET', 'POST']) def nonce_reuse(): - key = nonce = c_forged = macs = None - m1 = m2 = mf = '' - if request.method == 'POST': - key = binascii.unhexlify(request.form['key']) - nonce = binascii.unhexlify(request.form['nonce']) - m1 = request.form['m1'] - m2 = request.form['m2'] - mf = request.form['mf'] - c_forged, macs = solve(key, nonce, bytes(m1, 'ascii'), bytes(m2, 'ascii'), bytes(mf, 'ascii')) - return render_template('nonce-reuse.html', key=key, nonce=nonce, m1=m1, m2=m2, mf=mf, c_forged=c_forged, macs=macs) + form = NonceReuseForm(meta={'csrf': False}) + key = nonce = None + m1 = m2 = mf = c_forged = '' + macs = None + if form.is_submitted(): + key, nonce, m1, m2, mf = form.key.data, form.nonce.data, form.m1.data, form.m2.data, form.mf.data + if form.validate(): + skey = binascii.unhexlify(key) + snonce = binascii.unhexlify(nonce) + c_forged, macs = solve(skey, snonce, bytes(m1, 'utf-8'), bytes(m2, 'utf-8'), bytes(mf, 'utf-8')) + return render_template('nonce-reuse.html', form=form, key=key, nonce=nonce, m1=m1, m2=m2, mf=mf, c_forged=c_forged, macs=macs) def solve(k, nonce, m1, m2, mf): aad1 = aad2 = b"" -- cgit v1.2.3