Authenticated Encryption (AE)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

# https://github.com/jvdsn/crypto-attacks/blob/master/attacks/cbc_and_cbc_mac/etm_key_reuse.py

def attack(encrypt_oracle, decrypt_oracle, iv, c, t):
    """
    Uses a chosen-ciphertext attack to decrypt the ciphertext.
    :param encrypt_oracle: the encryption oracle
    :param decrypt_oracle: the decryption oracle
    :param iv: the initialization vector
    :param c: the ciphertext
    :param t: the tag corresponding to the ciphertext
    :return: the plaintext
    """
    p_ = bytes(16) + iv + c
    iv_, c_, t_ = encrypt_oracle(p_)
    c__ = iv + c
    p__ = decrypt_oracle(iv_, c__, c_[-32:-16])
    return p__[16:]

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

# https://github.com/jvdsn/crypto-attacks/blob/master/attacks/cbc_and_cbc_mac/eam_key_reuse.py

def attack(decrypt_oracle, iv, c, t):
    """
    Uses a chosen-ciphertext attack to decrypt the ciphertext.
    :param decrypt_oracle: the decryption oracle
    :param iv: the initialization vector
    :param c: the ciphertext
    :param t: the tag corresponding to the ciphertext
    :return: the plaintext
    """
    c_ = iv + c
    p_ = decrypt_oracle(bytes(16), c_, c[-16:])
    return p_[16:]

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

# https://github.com/jvdsn/crypto-attacks/blob/master/attacks/cbc_and_cbc_mac/mte_key_reuse.py

def attack(decrypt_oracle, iv, c, encrypted_zeroes):
    """
    Uses a chosen-ciphertext attack to decrypt the ciphertext.
    Prior knowledge of E_k(0^16) is required for this attack to work.
    :param decrypt_oracle: the decryption oracle
    :param iv: the initialization vector
    :param c: the ciphertext
    :param encrypted_zeroes: a full zero block encrypted using the key
    :return: the plaintext
    """
    c_ = iv + c[:-16] + encrypted_zeroes
    p_ = decrypt_oracle(bytes(16), c_)
    return p_[16:]