Finish challenge 30

2022-08-20 15:50:04 -04:00
parent 106b8febaf
commit 9a9b5335f1
4 changed files with 267 additions and 158 deletions
--- a/src/set4.rs
+++ b/src/set4.rs
@@ -228,46 +228,80 @@ pub fn challenge29() {
    }

    assert!(sha1::verify(&Bytes(forged_message), &key, &mac_forged));
-    println!("[okay] Challenge 29: forged SHA-1 keyed MAC successfully");
+    println!("[okay] Challenge 29: extended SHA-1 keyed message successfully");
 }

 pub fn challenge30() {
-    // Second verse, same as the first, but use MD4 instead of SHA-1. Having
-    // done this attack once against SHA-1, the MD4 variant should take much
-    // less time; mostly just the time you'll spend Googling for an
-    // implementation of MD4.
-
+    // test MD4 implementation
    assert_eq!(
        md4::hash(&Bytes::from_utf8("")),
        Bytes::from_hex("31d6cfe0d16ae931b73c59d7e0c089c0"),
    );
-    // assert_eq!(
-    //     md4::hash(&Bytes::from_utf8("a")),
-    //     Bytes::from_hex("bde52cb31de33e46245e05fbdbd6fb24"),
-    // );
-    // assert_eq!(
-    //     md4::hash(&Bytes::from_utf8("abc")),
-    //     Bytes::from_hex("a448017aaf21d8525fc10ae87aa6729d"),
-    // );
-    // assert_eq!(
-    //     md4::hash(&Bytes::from_utf8("message digest")),
-    //     Bytes::from_hex("d9130a8164549fe818874806e1c7014b"),
-    // );
-    // assert_eq!(
-    //     md4::hash(&Bytes::from_utf8("abcdefghijklmnopqrstuvwxyz")),
-    //     Bytes::from_hex("d79e1c308aa5bbcdeea8ed63df412da9"),
-    // );
-    // assert_eq!(
-    //     md4::hash(&Bytes::from_utf8(
-    //         "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
-    //     )),
-    //     Bytes::from_hex("043f8582f241db351ce627e153e7f0e4"),
-    // );
-    // assert_eq!(
-    //     md4::hash(&Bytes::from_utf8(
-    //         "12345678901234567890123456789012345678901234567890123456789012345678901234567890"
-    //     )),
-    //     Bytes::from_hex("e33b4ddc9c38f2199c3e7b164fcc0536"),
-    // );
-    println!("[xxxx] Challenge 30: tbd");
+    assert_eq!(
+        md4::hash(&Bytes::from_utf8("a")),
+        Bytes::from_hex("bde52cb31de33e46245e05fbdbd6fb24"),
+    );
+    assert_eq!(
+        md4::hash(&Bytes::from_utf8("abc")),
+        Bytes::from_hex("a448017aaf21d8525fc10ae87aa6729d"),
+    );
+    assert_eq!(
+        md4::hash(&Bytes::from_utf8("abcdefghijklmnopqrstuvwxyz")),
+        Bytes::from_hex("d79e1c308aa5bbcdeea8ed63df412da9"),
+    );
+    assert_eq!(
+        md4::hash(&Bytes(vec![b'a'; 1337])),
+        Bytes::from_hex("9a4bceae0ae389c4653ad92cfd7bfc3e"),
+    );
+
+    // extend MD4 copy and pasted from SHA-1 #allow!(dont-repeat-yourself)
+    fn hash_fixated(bytes: &Bytes, fixture: &Bytes, byte_len: u64) -> Bytes {
+        let mut m = md4::Md4Core::default();
+        let fixate: Vec<u32> = fixture
+            .0
+            .chunks(4)
+            .map(|c| u32::from_le_bytes(c.try_into().unwrap()))
+            .collect();
+        m.fix(fixate.try_into().unwrap(), byte_len);
+        m.hash(&bytes)
+    }
+
+    let key = Bytes::random_range(2, 64);
+    let message = Bytes::from_utf8(
+        "comment1=cooking%20MCs;userdata=foo;comment2=%20like%20a%20pound%20of%20bacon",
+    );
+    let mac = md4::authenticate(&message, &key);
+    assert!(md4::verify(&message, &key, &mac));
+
+    let mut forged_message = vec![];
+    let mut mac_forged = Bytes(vec![]);
+    for key_len in 1..128 {
+        // get padding for key || orig-message
+        let key_guessed = vec![b'z'; key_len]; // key-guessed
+        let mut bytes = key_guessed.to_vec();
+        bytes.append(&mut message.0.to_vec()); // original-message
+        let md4 = md4::Md4Core::default();
+        let glue_padding = md4.get_padding(&bytes); // glue-padding
+
+        // forget MAC via fixture: make sure to fix md4.state *and* md4.byte_length
+        let byte_length = (key_guessed.len() + message.len() + glue_padding.len()) as u64;
+        let new_message = b"admin=true".to_vec(); // new-message
+        mac_forged = hash_fixated(&Bytes(new_message.to_vec()), &mac, byte_length);
+
+        // forge message: original-message || glue-padding || new-message
+        forged_message = message.0.to_vec();
+        forged_message.append(&mut glue_padding.to_vec());
+        forged_message.append(&mut new_message.to_vec());
+        let r = md4::verify(&Bytes(forged_message.to_vec()), &key, &mac_forged);
+        if r {
+            break;
+        }
+    }
+
+    assert!(md4::verify(&Bytes(forged_message), &key, &mac_forged));
+    println!("[okay] Challenge 30: implemented and extended MD4 successfully");
+}
+
+pub fn challenge31() {
+    println!("[xxxx] Challenge 31: tbd");
 }