public static byte[] Decrypt()
{
// Determine block size of encryption oracle
var blockSize = FindBlockSize();
// Ensure encryption oracle is using ECB mode
if (!ConfirmEcbMode(blockSize))
{
throw new InvalidOperationException("Encryption oracle is not encrypting in ECB mode.");
}
var knownBytes = new List <byte>();
var blockIndex = 0;
while (true)
{
var b = DecryptNextByte(blockSize, knownBytes, blockIndex);
if (b == -1)
{
break;
}
knownBytes.Add((byte)b);
if (knownBytes.Count % blockSize == 0)
{
blockIndex++;
}
}
var unpadded = PaddingUtil.RemovePad(knownBytes.ToArray());
return(unpadded);
}
public static byte[] Decrypt()
{
// Determine block size of encryption oracle
var blockSize = FindBlockSize();
// Determine prefix size of encryption oracle
var prefixSize = FindPrefixSize(blockSize);
var knownBytes = new List <byte>();
var blockIndex = (int)Math.Ceiling((double)prefixSize / blockSize);
while (true)
{
var b = DecryptNextByte(blockSize, prefixSize, knownBytes, blockIndex);
if (b == -1)
{
break;
}
knownBytes.Add((byte)b);
if (knownBytes.Count % blockSize == 0)
{
blockIndex++;
}
}
var unpadded = PaddingUtil.RemovePad(knownBytes.ToArray());
return(unpadded);
}
public static Dictionary <string, string> DecryptProfile(byte[] encrypted)
{
var decrypted = AesEcb.Decrypt(Key, encrypted);
var encoded = PaddingUtil.RemovePad(decrypted);
var decoded = KvpParser.Decode(System.Text.Encoding.ASCII.GetString(encoded));
return(decoded);
}
public static byte[] EncryptProfileFor(string email)
{
var profile = ProfileFor(email);
var bytes = System.Text.Encoding.ASCII.GetBytes(profile);
var padded = PaddingUtil.Pad(bytes, BlockSizeBytes);
return(AesEcb.Encrypt(Key, padded));
}
public void TestPaddingInputSizeSmallerThanBlockSize()
{
int blockSize = 4;
var input = new byte[] { 0x01, 0x02 };
var expected = new byte[] { 0x01, 0x02, 0x02, 0x02 };
var actual = PaddingUtil.Pad(input, blockSize);
CollectionAssert.AreEqual(expected, actual);
}
private static byte[] EncryptionOracle(byte[] data)
{
var combined = new List <byte>();
combined.AddRange(data);
combined.AddRange(Convert.FromBase64String(EncodedSuffix));
var padded = PaddingUtil.Pad(combined.ToArray(), BlockSizeBytes);
return(AesEcb.Encrypt(Key, padded));
}
public void Challenge7()
{
var keyStr = "YELLOW SUBMARINE";
var key = System.Text.Encoding.ASCII.GetBytes(keyStr);
var data = Convert.FromBase64String(Set1Data.Challenge7Input);
var decrypted = AesEcb.Decrypt(key, data);
decrypted = PaddingUtil.RemovePad(decrypted);
var clearText = System.Text.Encoding.ASCII.GetString(decrypted);
Assert.AreEqual(Set1Data.Challenge7Solution, clearText);
}
public void TestPaddingInputSizeEqualsBlockSize()
{
int blockSize = 5;
var input = new byte[] { 0x01, 0x02, 0x03, 0x04, 0x05 };
var expected = new byte[]
{
0x01, 0x02, 0x03, 0x04, 0x05,
0x05, 0x05, 0x05, 0x05, 0x05
};
var actual = PaddingUtil.Pad(input, blockSize);
CollectionAssert.AreEqual(expected, actual);
}
public void TestChallenge9()
{
int blockSize = 20;
var input = "YELLOW SUBMARINE";
var inputBytes = System.Text.Encoding.ASCII.GetBytes(input);
var padding = new byte[] { 0x04, 0x04, 0x04, 0x04 };
var expected = new List <byte>(inputBytes);
expected.AddRange(padding);
var actual = PaddingUtil.Pad(inputBytes, blockSize);
CollectionAssert.AreEqual(expected, actual);
}
private static byte[] EncryptionOracle(byte[] data)
{
if (_randomPrefix == null || _randomPrefix.Length == 0)
{
var r = new Random();
var prefixLength = r.Next(1, MaxPrefixLength + 1);
_randomPrefix = SecureRng.GenerateRandomBytes(prefixLength);
}
var combined = new List <byte>();
combined.AddRange(_randomPrefix);
combined.AddRange(data);
combined.AddRange(Convert.FromBase64String(EncodedSuffix));
var padded = PaddingUtil.Pad(combined.ToArray(), BlockSizeBytes);
return(AesEcb.Encrypt(Key, padded));
}
public void TestChallenge15()
{
var blockSize = 16;
var str = "ICE ICE BABY";
var bytes = System.Text.Encoding.ASCII.GetBytes(str);
var valid = PaddingUtil.Pad(bytes, blockSize);
Assert.IsTrue(PaddingUtil.ValidPadding(valid, blockSize));
var invalid = new List <byte>(bytes);
invalid.AddRange(new byte[] { 0x05, 0x05, 0x05, 0x05 });
Assert.IsFalse(PaddingUtil.ValidPadding(invalid.ToArray(), blockSize));
invalid = new List <byte>(bytes);
invalid.AddRange(new byte[] { 0x01, 0x02, 0x03, 0x04 });
Assert.IsFalse(PaddingUtil.ValidPadding(invalid.ToArray(), blockSize));
}
public static byte[] Decrypt(out int randIndex)
{
var c = EncryptionOracle(out randIndex);
var blocks = c.Chunks(BlockSizeBytes);
blocks.Insert(0, Iv);
var knownBytes = new List <byte>();
for (int i = 0; i < blocks.Count - 1; i++)
{
var previousBlock = blocks[i];
var targetBlock = blocks[i + 1];
var decrypted = Decrypt(targetBlock, previousBlock);
knownBytes.AddRange(decrypted);
}
return(PaddingUtil.RemovePad(knownBytes.ToArray()));
}
public static byte[] Decrypt(byte[] key, byte[] iv, byte[] data, bool removePadding = true)
{
var blocks = data.Chunks(BlockSizeBytes);
var clearText = new byte[data.Length];
int index = 0;
var previousBlock = iv;
foreach (var block in blocks)
{
var blockArray = block.ToArray();
var decrypted = AesEcb.Decrypt(key, blockArray);
var xord = XorUtil.Xor(decrypted, previousBlock);
Array.Copy(xord, 0, clearText, index, BlockSizeBytes);
previousBlock = blockArray;
index += BlockSizeBytes;
}
if (removePadding)
{
return(PaddingUtil.RemovePad(clearText));
}
return(clearText);
}
public static byte[] Encrypt(byte[] key, byte[] iv, byte[] data)
{
int paddingLength = BlockSizeBytes - (data.Length % BlockSizeBytes);
paddingLength = paddingLength == 0 ? BlockSizeBytes : paddingLength;
int cipherTextLength = data.Length + paddingLength;
var cipherText = new byte[cipherTextLength];
var paddedData = PaddingUtil.Pad(data, BlockSizeBytes);
var blocks = paddedData.Chunks(BlockSizeBytes);
int index = 0;
var previousBlock = iv;
foreach (var block in blocks)
{
var xord = XorUtil.Xor(block.ToArray(), previousBlock);
var encrypted = AesEcb.Encrypt(key, xord);
Array.Copy(encrypted, 0, cipherText, index, BlockSizeBytes);
previousBlock = encrypted;
index += BlockSizeBytes;
}
return(cipherText);
}
public static CipherMode EncryptEcbOrCbc(byte[] data, out CipherMode actualMode)
{
actualMode = Rand.Next(0, 2) == 0 ? CipherMode.ECB : CipherMode.CBC;
var key = SecureRng.GenerateRandomBytes(KeySizeBytes);
// Add prefix and suffix to data
data = TransformData(data);
byte[] encrypted;
if (actualMode == CipherMode.ECB)
{
var padded = PaddingUtil.Pad(data, BlockSizeBytes);
encrypted = AesEcb.Encrypt(key, padded);
}
else
{
var iv = SecureRng.GenerateRandomBytes(BlockSizeBytes);
encrypted = AesCbc.Encrypt(key, iv, data);
}
var guessedMode = AesEcb.IsEcbEncrypted(encrypted, BlockSizeBytes)
? CipherMode.ECB
: CipherMode.CBC;
return(guessedMode);
}
public static bool IsValid(byte[] data)
{
var decryted = AesCbc.Decrypt(Key, Iv, data, false);
return(PaddingUtil.ValidPadding(decryted, BlockSizeBytes));
}
