Ejemplo n.º 1
0
func encryptOracle(src []byte) []byte {
	key := util.RandAes128()
	block, _ := aes.NewCipher(key)
	out := make([]byte, len(src))
	copy(out, src)

	// random prepend and append
	prefixSize := util.RandByte()%10 + 5
	postfixSize := util.RandByte()%10 + 5
	postfix := util.RandBytes(int(postfixSize))
	out = append(util.RandBytes(int(prefixSize)), out...)
	out = append(out, postfix...)
	// padding
	out = util.PadTo(out, 16)
	// fmt.Println("before enc", out)

	// random encryption mode
	mode := util.RandByte()
	if mode%2 == 0 {
		// ecb
		fmt.Println("ecb")
		util.ECBEncrypt(block, out, out)
	} else {
		// cbc
		fmt.Println("cbc")
		iv := util.RandAes128()
		util.CBCEncrypt(block, iv, out, out)
	}
	return out
}
Ejemplo n.º 2
0
func getMsg() (ct, iv []byte) {
	ct, err := base64.StdEncoding.DecodeString(msgs[util.RandByte()%10])
	if err != nil {
		log.Fatal("Cannot decode", err)
	}
	iv = util.RandAes128()
	block, _ := aes.NewCipher(key)
	ct = util.PadTo(ct, block.BlockSize())
	util.CBCEncrypt(block, iv, ct, ct)
	return ct, iv
}
Ejemplo n.º 3
0
Encrypt the encoded user profile under the key; "provide" that to the "attacker".
Decrypt the encoded user profile and parse it.
Using only the user input to profile_for() (as an oracle to generate "valid" ciphertexts) and the ciphertexts themselves, make a role=admin profile.
*/

import (
	"crypto/aes"
	"cryptopals/util"
	"fmt"
	"net/url"
)

type oracleFunc func(src []byte) []byte

var key = util.RandAes128()

func encryptProfile(email string) []byte {
	block, _ := aes.NewCipher(key)
	profile := profileFor(string(email))
	out := make([]byte, len(profile))
	copy(out, profile)

	out = util.PadTo(out, 16)
	fmt.Println("before enc:", out)
	util.ECBEncrypt(block, out, out)

	return out
}

func decryptProfile(ct []byte) url.Values {
Ejemplo n.º 4
0
Completely scrambles the block the error occurs in
Produces the identical 1-bit error(/edit) in the next ciphertext block.

Stop and think for a second.
Before you implement this attack, answer this question: why does CBC mode have this property?
*/

import (
	"bytes"
	"crypto/aes"
	"cryptopals/util"
	"fmt"
)

var (
	key     = util.RandAes128()
	iv      = util.RandAes128()
	prefix  = []byte("comment1=cooking%20MCs;userdata=")
	postfix = []byte(";comment2=%20like%20a%20pound%20of%20bacon")
)

func crypt(userdata []byte) []byte {
	res := bytes.Replace(userdata, []byte("="), []byte("%3D"), -1)
	res = bytes.Replace(res, []byte(";"), []byte("%3B"), -1)
	res = append(prefix, res...)
	res = append(res, postfix...)
	block, _ := aes.NewCipher(key)
	res = util.PadTo(res, 16)
	util.CBCEncrypt(block, iv, res, res)
	return res
}
Ejemplo n.º 5
0
Completely scrambles the block the error occurs in
Produces the identical 1-bit error(/edit) in the next ciphertext block.

Stop and think for a second.
Before you implement this attack, answer this question: why does CBC mode have this property?
*/

import (
	"bytes"
	"crypto/aes"
	"cryptopals/util"
	"fmt"
)

var (
	key     = util.RandAes128()
	nonce   = util.RandAes128()
	prefix  = []byte("comment1=cooking%20MCs;userdata=")
	postfix = []byte(";comment2=%20like%20a%20pound%20of%20bacon")
)

func crypt(userdata []byte) []byte {
	res := bytes.Replace(userdata, []byte("="), []byte("%3D"), -1)
	res = bytes.Replace(res, []byte(";"), []byte("%3B"), -1)
	res = append(prefix, res...)
	res = append(res, postfix...)
	block, _ := aes.NewCipher(key)
	res = util.PadTo(res, 16)
	fmt.Println("crypt peek:", string(res))
	util.CTREncrypt(block, nonce, res, res)
	return res