func encryptOracle(src []byte) []byte {
key := util.RandAes128()
block, _ := aes.NewCipher(key)
out := make([]byte, len(src))
copy(out, src)
// random prepend and append
prefixSize := util.RandByte()%10 + 5
postfixSize := util.RandByte()%10 + 5
postfix := util.RandBytes(int(postfixSize))
out = append(util.RandBytes(int(prefixSize)), out...)
out = append(out, postfix...)
// padding
out = util.PadTo(out, 16)
// fmt.Println("before enc", out)
// random encryption mode
mode := util.RandByte()
if mode%2 == 0 {
// ecb
fmt.Println("ecb")
util.ECBEncrypt(block, out, out)
} else {
// cbc
fmt.Println("cbc")
iv := util.RandAes128()
util.CBCEncrypt(block, iv, out, out)
}
return out
}
func getMsg() (ct, iv []byte) {
ct, err := base64.StdEncoding.DecodeString(msgs[util.RandByte()%10])
if err != nil {
log.Fatal("Cannot decode", err)
}
iv = util.RandAes128()
block, _ := aes.NewCipher(key)
ct = util.PadTo(ct, block.BlockSize())
util.CBCEncrypt(block, iv, ct, ct)
return ct, iv
}
Encrypt the encoded user profile under the key; "provide" that to the "attacker".
Decrypt the encoded user profile and parse it.
Using only the user input to profile_for() (as an oracle to generate "valid" ciphertexts) and the ciphertexts themselves, make a role=admin profile.
*/
import (
"crypto/aes"
"cryptopals/util"
"fmt"
"net/url"
)
type oracleFunc func(src []byte) []byte
var key = util.RandAes128()
func encryptProfile(email string) []byte {
block, _ := aes.NewCipher(key)
profile := profileFor(string(email))
out := make([]byte, len(profile))
copy(out, profile)
out = util.PadTo(out, 16)
fmt.Println("before enc:", out)
util.ECBEncrypt(block, out, out)
return out
}
func decryptProfile(ct []byte) url.Values {
Completely scrambles the block the error occurs in
Produces the identical 1-bit error(/edit) in the next ciphertext block.
Stop and think for a second.
Before you implement this attack, answer this question: why does CBC mode have this property?
*/
import (
"bytes"
"crypto/aes"
"cryptopals/util"
"fmt"
)
var (
key = util.RandAes128()
iv = util.RandAes128()
prefix = []byte("comment1=cooking%20MCs;userdata=")
postfix = []byte(";comment2=%20like%20a%20pound%20of%20bacon")
)
func crypt(userdata []byte) []byte {
res := bytes.Replace(userdata, []byte("="), []byte("%3D"), -1)
res = bytes.Replace(res, []byte(";"), []byte("%3B"), -1)
res = append(prefix, res...)
res = append(res, postfix...)
block, _ := aes.NewCipher(key)
res = util.PadTo(res, 16)
util.CBCEncrypt(block, iv, res, res)
return res
}
Completely scrambles the block the error occurs in
Produces the identical 1-bit error(/edit) in the next ciphertext block.
Stop and think for a second.
Before you implement this attack, answer this question: why does CBC mode have this property?
*/
import (
"bytes"
"crypto/aes"
"cryptopals/util"
"fmt"
)
var (
key = util.RandAes128()
nonce = util.RandAes128()
prefix = []byte("comment1=cooking%20MCs;userdata=")
postfix = []byte(";comment2=%20like%20a%20pound%20of%20bacon")
)
func crypt(userdata []byte) []byte {
res := bytes.Replace(userdata, []byte("="), []byte("%3D"), -1)
res = bytes.Replace(res, []byte(";"), []byte("%3B"), -1)
res = append(prefix, res...)
res = append(res, postfix...)
block, _ := aes.NewCipher(key)
res = util.PadTo(res, 16)
fmt.Println("crypt peek:", string(res))
util.CTREncrypt(block, nonce, res, res)
return res
