## An ECB/CBC detection oracle

Now that you have ECB and CBC working:

Write a function to generate a random AES key; that's just 16 random bytes.

Write a function that encrypts data under an unknown key --- that is, a function that generates a random key and encrypts under it.

The function should look like: 

```
encryption_oracle(your-input)
=> [MEANINGLESS JIBBER JABBER]
```

Under the hood, have the function append 5-10 bytes (count chosen randomly) before the plaintext and 5-10 bytes after the plaintext.

Now, have the function choose to encrypt under ECB 1/2 the time, and under CBC the other half (just use random IVs each time for CBC). Use `rand(2)` to decide which to use.

Detect the block cipher mode the function is using each time. You should end up with a piece of code that, pointed at a block box that might be encrypting ECB or CBC, tells you which one is happening.


In [1]:
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
from os import urandom
from random import randint

In [2]:
# Returns 5-10 random bytes (count chosen randomly).
def random_bytes():
    count = randint(5, 10)
    return urandom(count)

In [3]:
def encryption_oracle(plaintext):
    key = urandom(AES.block_size) # Generate a random AES key.
    # Append 5-10 bytes (count chosen randomly) before the plaintext and 5-10 bytes after the plaintext.
    plaintext = random_bytes() + plaintext + random_bytes()
    
    # Encrypt under ECB 1/2 the time, and under CBC the other half.
    cipher = None
    if randint(0, 1) == 0:
        cipher = AES.new(key, AES.MODE_ECB)
    else:
        cipher = AES.new(key, AES.MODE_CBC)

    padded = pad(plaintext, cipher.block_size)
    return cipher.encrypt(padded)

In [5]:
encryption_oracle(b'test')

b'\xa4u\x82\x87\x07\xcf\x1d:}\xae\x01;\\S\x1a\x7f\xd0f\x12\xc6\x17:[n\x00ge\x13nO\xb9\xd4'