API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 25th, 2019
81
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.39 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python3
  2. import cgi
  3. import os
  4. import json
  5. from base64 import b64decode, b64encode
  6. from Crypto.Cipher import AES
  7. from Crypto.Util.strxor import strxor
  8. from Crypto.Util.Padding import pad, unpad
  9. from Crypto.Util.number import long_to_bytes
  10.  
  11. from secret import key, secret_message
  12.  
  13. block_length = 16
  14. aes = AES.new(key, AES.MODE_ECB)
  15.  
  16. def chunk(data, length):
  17. return [data[i:i+length] for i in range(0, len(data), length)]
  18.  
  19. def sign(msg, iv=None):
  20. msg = pad(msg, block_length)
  21. if not iv:
  22. iv = os.urandom(block_length)
  23. blocks = chunk(msg, block_length)
  24.  
  25. signature = iv
  26. for block in [long_to_bytes(len(blocks), block_length)] + blocks:
  27. signature = aes.encrypt(strxor(signature, block))
  28. return iv, signature
  29.  
  30. def verify(msg, iv, signature):
  31. _, computed_signature = sign(msg, iv)
  32. return computed_signature == signature
  33.  
  34. msg_ = b'{"authenticated":false,"text":"oto_przyklad_uzycia_podpisu"}'
  35. iv_, sig_ = sign(msg_)
  36.  
  37. print("Content-type: text/html")
  38. print()
  39. print( """
  40. <html>
  41. <head><title>Zadanie 2: AES CBC MAC</title></head>
  42. <meta charset="utf-8">
  43. <body>
  44. """)
  45. print("""
  46. <p> sign(%r) == b64decode(%r), b64decode(%r) </p>
  47. """ % (msg_, b64encode(iv_), b64encode(sig_)))
  48.  
  49. form = cgi.FieldStorage()
  50. message = form.getvalue('message', '')
  51. iv = form.getvalue('iv', '')
  52. signature = form.getvalue('signature', '')
  53.  
  54. print('<p>')
  55. def x(message, iv, signature):
  56. try:
  57. message = b64decode(message)
  58. iv = b64decode(iv)
  59. signature = b64decode(signature)
  60. except Exception as e:
  61. print('niepoprawne kodowanie: ', e)
  62. if len(iv) != 16 or len(signature) != 16:
  63. print('Zła długość.')
  64. return
  65.  
  66. try:
  67. if verify(message, iv, signature):
  68. d = json.loads(message)
  69. if d['authenticated']:
  70. print('Oto sekretna wiadomość: ', secret_message)
  71. else:
  72. print('Tym razem niestety nic')
  73. else:
  74. print('Niepoprawny podpis.')
  75. except Exception as e:
  76. print(e)
  77. if message and iv and signature:
  78. x(message, iv, signature)
  79.  
  80. print('</p>')
  81.  
  82. print("""
  83.  
  84.  
  85. <p>Wszystkie rzeczy trzeba najpierw zakodować za pomocą base64!
  86.  
  87. <form method="post">
  88. <p>message: <input type="text" name="message"/></p>
  89. <p>iv: <input type="text" name="iv"/></p>
  90. <p>signature: <input type="text" name="signature"/></p>
  91. <input type="submit">
  92. </form>
  93.  
  94. </body>
  95.  
  96. </html>
  97. """)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!