From 39ba5a7dacb5d8ca4d52600e96a49ad46936238c Mon Sep 17 00:00:00 2001
From: cyfraeviolae
Date: Wed, 24 Aug 2022 16:15:46 -0400
Subject: work
---
templates/nonce-reuse.html | 160 ++++++++++++++++++++++++---------------------
1 file changed, 87 insertions(+), 73 deletions(-)
(limited to 'templates/nonce-reuse.html')
diff --git a/templates/nonce-reuse.html b/templates/nonce-reuse.html
index 9761955..2637d50 100644
--- a/templates/nonce-reuse.html
+++ b/templates/nonce-reuse.html
@@ -31,6 +31,88 @@
Forbidden Attack in order to recover the authentication key and
forge arbitrary ciphertext.
+
+ {% if form.errors %}
+
+ Errors:
+
+ {% for name, errors in form.errors.items() %}
+ {% for error in errors %}
+ - {{name}}: {{ error }}
+ {% endfor %}
+ {% endfor %}
+
+
+ {% endif %}
+
+
+ {% if macs %}
+
+
+ Forged ciphertext: {{ c_forged.hex() }}
+ {% if macs|length == 1 %}
+
+ Forged MAC: {{macs[0][2].hex()}}
+
+ Authentication key: {{macs[0][0].hex()}}
+ {% endif %}
+
+ {% if macs|length != 1 %}
+ Forged MAC candidates:
+
+ {% for h, _, mac in macs %}
+ -
+ MAC:
{{mac.hex()}}
+
+ - Authentication key:
{{h.hex()}}
+
+
+ {% endfor %}
+
+ {% endif %}
+
+ {% endif %}
@@ -84,61 +166,6 @@
in this case, one can check each possibility online.
-
-
- {% if macs %}
-
-
- Forged ciphertext: {{ c_forged.hex() }}
-
- Forged MAC candidates:
-
- {% for h, _, mac in macs %}
- -
- MAC:
{{mac.hex()}}
-
- - Authentication key:
{{h.hex()}}
-
-
- {% endfor %}
-
-
-
- {% endif %}
-
Show me the code.
@@ -148,10 +175,8 @@ from aesgcmanalysis import xor, gmac, g
k = b"tlonorbistertius"
nonce = b"jorgelborges"
-m1 = b"The universe (which others call the Library)"
-aad1 = b"The Anatomy of Melancholy"
-m2 = b"From any of the hexagons one can see, interminably"
-aad2 = b"Letizia Alvarez de Toledo"
+m1, aad1 = b"The universe (which others call the Library)", b""
+m2, aad2 = b"From any of the hexagons one can see, interminably", b""
c1, mac1 = gcm_encrypt(k, nonce, aad1, m1)
c2, mac2 = gcm_encrypt(k, nonce, aad2, m2)
@@ -161,21 +186,10 @@ possible_secrets = nonce_reuse_recover_secrets(nonce, aad1, aad2, c1, c2, mac1,
# Forge the ciphertext
m_forged = b"As was natural, this inordinate hope"
-assert len(m_forged) <= len(m1)
-c_forged = xor(c1, xor(m1, m_forged))
-aad_forged = b"You who read me, are You sure of understanding my language?"
+c_forged, aad_forged = xor(c1, xor(m1, m_forged)), b""
-# Check possible candidates for authentication key
-succeeded = False
for h, s in possible_secrets:
- mac_forged = gmac(h, s, aad_forged, c_forged)
- try:
- assert gcm_decrypt(k, nonce, aad_forged, c_forged, mac_forged) == m_forged
- succeeded = True
- print(c_forged.hex(), mac_forged.hex())
- except AssertionError:
- pass
-assert succeeded
+ print("MAC candidate": gmac(h, s, aad_forged, c_forged))
Show me the math.
@@ -219,7 +233,7 @@ for factor, _ in p.factor():
- The gcd of two polynomials is unique only up to multiplication by a non-zero constant because “greater” is defined for polynomials in terms of degree. When used in algorithms, gcd refers to the monic gcd, which is unique.
- - The inverse Frobenius automorphism (i.e., square root) in \(\mathbb{F}_{2^{128}}\) is given by \(\sqrt{x} = x^{2^{127}})\).
+ - The inverse Frobenius automorphism (i.e., square root) in \(\mathbb{F}_{2^{128}}\) is given by \(\sqrt{x} = x^{2^{127}}\).