Code Whisperering and Coding For All … The Days of CodeStack Are Numbered
Code Whisperering and Coding For All … The Days of Stack Overflow Are Numbered?
Today I will be presenting some live demonstrations on the power of AI and Cybersecurity:
The Cyber Academy's flagship conference, on Big Data & Cybersecurity, extends to Critical Infrastructur & Digital Twins…www.eventbrite.co.uk
As part of this I will be demonstrating the opportunties and limits of AI in cybersecurity, privacy and trust. One area of the demonstration I will be using is AWS’s Code Whisperer, and where we will be able to create an advanced cybersecurity program within just a few minutes.
CodeWhisperer is a free new AWS service and integrates into a number of IDEs, including Microsoft Visual Code. It has been trained on billions of line of code, and can give suggestions based on comments that the user adds.
So, let’s give it a try. In the following, I want to create a program which encrypts a message using AES encryption and with ECB mode:
The code works well, in a matter of minutes we have:
from Crypto.Cipher import AES
import os
# Function to encrypt a message with AES encryption and ECB mode
def encrypt_message(message, key):
cipher = AES.new(key, AES.MODE_ECB)
return cipher.encrypt(message)
# Function to decrypt a message with AES encryption and ECB mode
def decrypt_message(message, key):
cipher = AES.new(key, AES.MODE_ECB)
return cipher.decrypt(message)
# Function to pad a message with PKCS7 padding
def pad_message(message):
length = 16 - (len(message) % 16)
return message + bytes([length])*length
# Function to unpad a message with PKCS7 padding
def unpad_message(message):
return message[:-message[-1]]
# Function to generate a random key
def generate_key():
return os.urandom(16)
# Function to generate a random IV
def generate_iv():
return os.urandom(16)
key=generate_key()
iv=generate_iv()
print(key)
print(iv)
message=b"Hello World"
padded_message=pad_message(message)
print(padded_message)
print(unpad_message(padded_message))
encrypted_message=encrypt_message(padded_message,key)
print(encrypted_message)
decrypted_message=decrypt_message(encrypted_message,key)
print(decrypted_message)
print(unpad_message(decrypted_message))
print(padded_message==decrypted_message)
print(padded_message==unpad_message(decrypted_message))
print(padded_message==unpad_message(encrypted_message))
print(padded_message==unpad_message(message))
print(padded_message==unpad_message(b"Hello World"))
print(padded_message==unpad_message(b"Hello World\x05\x05\x05\x05"))
print(padded_message==unpad_message(b"Hello World\x01\x01\x01\x01"))The output is:
b'3\xd6\xd0J\xfb\x11P\xc7\xdb\ne\x93\x02\xdc7I'
b'\xb6\x83\x9cs.\x07xA\xcf]j\xb3\xbb@0\x9b'
b'Hello World\x05\x05\x05\x05\x05'
b'Hello World'
b'\xaa\x8d\xa2{\x04\x19@\x8d\xc6\x0e\x87:%\x11,f'
b'Hello World\x05\x05\x05\x05\x05'
b'Hello World'
True
False
False
False
False
False
FalseNow, let’s try some public key encryption, and create an ECDSA signature with CodeWhisperer:
Again, it (nearly) managed to create the code all by itself. All I had to do, was to convert a message string to an array of bytes, and using the encode() method:
# Create a function to create an ECDSA signature.
def create_signature(private_key, message):
# Sign the message
signature = private_key.sign(message)
return signature
# Return the signature
# Create a function to verify an ECDSA signature.
def verify_signature(public_key, message, signature):
# Verify the signature
public_key.verify(signature, message)
# Return True
return True
# Return False
# import ec library for secp256k1
import ecdsa
# Create a function to generate a private key.
def generate_private_key():
# Create a new key pair
private_key = ecdsa.SigningKey.generate(curve=ecdsa.SECP256k1)
# Return the private key
return private_key
# create a function to generate a public key from a private key.
def generate_public_key(private_key):
# Create the public key from the private key
public_key = private_key.get_verifying_key()
# Return the public key
return public_key
# create a function to input message from console
def input_message():
# Get the message from the user
message = input("Enter a message: ")
# Return the message
return message
# create private key.
private_key = generate_private_key()
# create public key from private key.
public_key = generate_public_key(private_key)
# create message from console.
message = input_message().encode()
# create signature from private key and message.
signature = create_signature(private_key, message)
# verify signature from public key and message.
# verify signature from public key and message.
is_valid = verify_signature(public_key, message, signature)
# print result.
print("Signature is valid: ", is_valid)
# print private key.
print("Private key: ", private_key)
# print public key.
print("Public key: ", public_key)
# print signature.
print("Signature: ", signature)
# print message.
print("Message: ", message)
# print result.
print("Signature is valid: ", is_valid)
A sample run shows everything works well:
Enter a message: fred
Signature is valid: True
Private key: <ecdsa.keys.SigningKey object at 0x7f98f00552e0>
Public key: VerifyingKey.from_string(b'\x02\x02\xad\xd2\xeb\xc3{.Q\x04.\x9f^G\x15\xf9\x14\x92\x0fG\xcb\xd5\xf0,T\xa1W\xd2\x02\xcf\x97#\x93', SECP256k1, sha1)
Signature: b'\xcb\xaf\x15\xdc#9y\x7f\xd0e\xadaY\x1a\xc4\xf1\xa5\xe3\xb5\x91<\x11\x10\xee5\x15\x08\x12\xef[g\xf2\xcfP\x98#\x1c\x94pv\x93\x91\x15\xda\xcc\x86\x14\xa9*\xe5~0\xa8\x86\x8f)\xc7|\xd9\xe4\x99\xcc\x0f\x83'
Message: b'fred'
Signature is valid: TrueWhile I did not include an AWS Cloud integration, CodeWhisperer knows how to integrate lambda code, and will integrate with in the Boto3 library.
Conclusions
This is a helper program, and certainly needs to be used with care, especially in areas of cybersecurity. To blindly add code is not a good thing, so make sure you understand the code that is being generated.
Go code!