示例#1
0
//For simplicity sake, return key and iv too.
func EncryptComment(comment string) (key, iv, ciphertext []byte) {
	pre := []byte("comment1=cooking%20MCs;userdata=")
	//Eat illegal characters
	comment = strings.Split(comment, ";")[0]
	comment = strings.Split(comment, "=")[0]
	combytes := []byte(comment)
	post := []byte(";comment2=%20like%20a%20pound%20of%20bacon")
	plaintext := append(pre, combytes...)
	plaintext = append(plaintext, post...)
	plaintext = aes.Pad(plaintext, 16)
	key = aes.RandBytes(16)
	iv = aes.RandBytes(16)
	ciphertext = aes.CBCEncrypt(key, iv, plaintext)
	return
}
示例#2
0
//Test for set 2 challenge 13
func TestECBCutAndPaste(t *testing.T) {
	key := aes.RandBytes(16)
	oracle := func(in string) []byte { return ProfileFor(key, in) }
	//This payload will give me an padded admin block.
	payload1 := "kelbyXXXXXadmin\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11"
	//This payload will give me a ct with "role=" at a block border.
	payload2 := "kelbyXXXXXXXX"
	ct1 := oracle(payload1)
	ct2 := oracle(payload2)
	new_ct := append(ct2[:32], ct1[16:32]...)
	if !CTIsAdmin(key, new_ct) {
		t.Errorf("ECBCutAndPaste: Failed to create admin profile")
	}

}
//Test for challenge 25
func TestCTREdit(t *testing.T) {
	plaintext := []byte("My shell, mechanical found ghost. But my ghetto is animal found toast")
	key := aes.RandBytes(16)
	nonce := uint64(0)
	ciphertext := aes.CTREncrypt(key, nonce, plaintext)
	oracle := func(ct []byte, offset int, insert []byte) []byte {
		pt := aes.CTRDecrypt(key, nonce, ct)
		begin := pt[0:offset]
		end := pt[offset+len(insert):]
		newPt := append(begin, insert...)
		newPt = append(newPt, end...)
		return aes.CTREncrypt(key, nonce, newPt)
	}
	recoveredPlaintext := CTREditAttack(ciphertext, oracle)
	if string(recoveredPlaintext) != string(plaintext) {
		t.Errorf("CTREdit: Attack failed.")
	}
}
//Test for set 2 challenge 14
func TestECBChosenInfixAttack(t *testing.T) {
	key := make([]byte, 16)
	_, err := rand.Read(key)
	if err != nil {
		t.Errorf("ECBChosenInfixAttack: Failed reading from urandom")
	}
	var prefix uint32
	binary.Read(rand.Reader, binary.LittleEndian, &prefix)
	num := int(prefix % 32)
	random_prefix := aes.RandBytes(num)
	oracle := func(input []byte) []byte { return ECBChosenInfix(random_prefix, input, key) }

	//Determine block size of oracle
	bs := DetermineOracleBlockSize(oracle)
	if bs != 16 {
		t.Errorf("ECBChosenInfixAttack: Failed to determine correct block size")
	}

	//Determine if oracle is using ECB mode

	//TODO: This is silly. You should make your cryptanalysis functions take an oracle function. Will be more reusable.
	data := []byte("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")
	if !DetectECB256Mode(oracle(data)) {
		t.Errorf("ECBChosenInfixAttack: Failed to correctly guess that the oracle used ECB mode.")
	}

	result := ECBSecretInfixAttack(oracle)
	expected_result := `Rollin' in my 5.0
    With my rag-top down so my hair can blow
    The girlies on standby waving just to say hi
    Did you stop? No, I just drove by`
	if result[:12] != expected_result[:12] {
		t.Errorf("ECBChosenInfixAttack: Expected decryption did not actually match real decryption")
	}

}