Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python3
- import cgi
- import os
- import json
- from base64 import b64decode, b64encode
- from Crypto.Cipher import AES
- from Crypto.Util.strxor import strxor
- from Crypto.Util.Padding import pad, unpad
- from Crypto.Util.number import long_to_bytes
- from secret import key, secret_message
- block_length = 16
- aes = AES.new(key, AES.MODE_ECB)
- def chunk(data, length):
- return [data[i:i+length] for i in range(0, len(data), length)]
- def sign(msg, iv=None):
- msg = pad(msg, block_length)
- if not iv:
- iv = os.urandom(block_length)
- blocks = chunk(msg, block_length)
- signature = iv
- for block in [long_to_bytes(len(blocks), block_length)] + blocks:
- signature = aes.encrypt(strxor(signature, block))
- return iv, signature
- def verify(msg, iv, signature):
- _, computed_signature = sign(msg, iv)
- return computed_signature == signature
- msg_ = b'{"authenticated":false,"text":"oto_przyklad_uzycia_podpisu"}'
- iv_, sig_ = sign(msg_)
- print("Content-type: text/html")
- print()
- print( """
- <html>
- <head><title>Zadanie 2: AES CBC MAC</title></head>
- <meta charset="utf-8">
- <body>
- """)
- print("""
- <p> sign(%r) == b64decode(%r), b64decode(%r) </p>
- """ % (msg_, b64encode(iv_), b64encode(sig_)))
- form = cgi.FieldStorage()
- message = form.getvalue('message', '')
- iv = form.getvalue('iv', '')
- signature = form.getvalue('signature', '')
- print('<p>')
- def x(message, iv, signature):
- try:
- message = b64decode(message)
- iv = b64decode(iv)
- signature = b64decode(signature)
- except Exception as e:
- print('niepoprawne kodowanie: ', e)
- if len(iv) != 16 or len(signature) != 16:
- print('Zła długość.')
- return
- try:
- if verify(message, iv, signature):
- d = json.loads(message)
- if d['authenticated']:
- print('Oto sekretna wiadomość: ', secret_message)
- else:
- print('Tym razem niestety nic')
- else:
- print('Niepoprawny podpis.')
- except Exception as e:
- print(e)
- if message and iv and signature:
- x(message, iv, signature)
- print('</p>')
- print("""
- <p>Wszystkie rzeczy trzeba najpierw zakodować za pomocą base64!
- <form method="post">
- <p>message: <input type="text" name="message"/></p>
- <p>iv: <input type="text" name="iv"/></p>
- <p>signature: <input type="text" name="signature"/></p>
- <input type="submit">
- </form>
- </body>
- </html>
- """)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement