felixm
/
cryptopals
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Start with challenge 17.

main
Felix Martin 2022-07-02 10:42:36 -04:00
parent 956d75ab4e
commit d1be95cbe1
4 changed files with 68 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
data/17.txt Normal file
View File

@ -0,0 +1,10 @@
MDAwMDAwTm93IHRoYXQgdGhlIHBhcnR5IGlzIGp1bXBpbmc=
MDAwMDAxV2l0aCB0aGUgYmFzcyBraWNrZWQgaW4gYW5kIHRoZSBWZWdhJ3MgYXJlIHB1bXBpbic=
MDAwMDAyUXVpY2sgdG8gdGhlIHBvaW50LCB0byB0aGUgcG9pbnQsIG5vIGZha2luZw==
MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==
MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl
MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==
MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==
MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=
MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=
MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93

2
src/main.rs
View File

@ -5,6 +5,7 @@ mod ecb;
mod parser;
mod set1;
mod set2;
mod set3;
fn main() {
set1::challenge1();
@ -23,4 +24,5 @@ fn main() {
set2::challenge14();
set2::challenge15();
set2::challenge16();
set3::challenge17();
}

40
src/set2.rs
View File

@ -146,10 +146,10 @@ pub fn challenge12() {
fn decode(key: &Bytes) -> Bytes {
let block_size = get_block_size(&key);
let block_count = encryption_oracle(&key, &Bytes(vec![])).0.len() / block_size;
let mut clear_text = vec![];
let mut cleartext = vec![];
for block_index in 0..block_count {
let mut clear_text_block = vec![];
let mut cleartext_block = vec![];
for padding_length in (0..block_size).rev() {
let padding_text = vec![b'-'; padding_length];
let expected = encryption_oracle(&key, &Bytes(padding_text.to_vec()));
@ -158,11 +158,11 @@ pub fn challenge12() {
let mut known_text = if block_index == 0 {
padding_text.to_vec()
} else {
let clear_text_offset =
let cleartext_offset =
((block_index - 1) * block_size) + (block_size - padding_length);
clear_text[clear_text_offset..(clear_text_offset + padding_length)].to_vec()
cleartext[cleartext_offset..(cleartext_offset + padding_length)].to_vec()
};
known_text.append(&mut clear_text_block.to_vec());
known_text.append(&mut cleartext_block.to_vec());
for i in 0..255 {
let mut guess_text = known_text.to_vec();
@ -170,27 +170,27 @@ pub fn challenge12() {
let cipher_block =
encryption_oracle(&key, &Bytes(guess_text)).get_block(0, block_size);
if cipher_block.0 == expected_block.0 {
clear_text_block.push(i);
cleartext_block.push(i);
break;
}
}
}
clear_text.append(&mut clear_text_block);
cleartext.append(&mut cleartext_block);
}
Bytes(clear_text)
Bytes(cleartext)
}
let key = Bytes::random(16); // consistent but unknown key
assert_eq!(get_block_size(&key), 16); // 1. discover block size
assert_eq!(is_encryption_ecb(&key), true); // 2. confirm oracle uses ecb
let roundtrip_text = decode(&key); // 3.-6.
let clear_text = read("data/12.txt");
let cleartext = read("data/12.txt");
// 138 (instead of 139); I think we get one additional byte because we guess
// the first padding byte. The right approach would be to remove the last
// byte, encrypt it, and then compare it to the result of the encryption
// oracle, but this approach is fine too.
assert_eq!(roundtrip_text.0[..138], clear_text.0);
assert_eq!(roundtrip_text.0[..138], cleartext.0);
println!(
"[okay] Challenge 12: {}",
roundtrip_text.to_utf8()[..17].to_string()
@ -331,7 +331,7 @@ pub fn challenge14() {
let prefix_padding = Bytes(vec![b'a'; prefix_padding_size]);
let block_count = encryption_oracle(&prefix, &key, &prefix_padding).len() / block_size;
let first_block_index = (prefix_size + prefix_padding_size) / block_size;
let mut clear_text = vec![];
let mut cleartext = vec![];
// AES-128-ECB(random-prefix || attacker-controlled || target-bytes, random-key)
// rrrrrrrrrrrrrrrrrrrpppppppppppppaaaaaaaaaaaaaaathe real text
@ -340,7 +340,7 @@ pub fn challenge14() {
// | ^ first_block_index
// \ prefix_padding
for block_index in first_block_index..block_count {
let mut clear_text_block = vec![];
let mut cleartext_block = vec![];
for padding_length in (0..block_size).rev() {
let full_padding_text = vec![b'-'; prefix_padding_size + padding_length];
let expected = encryption_oracle(prefix, key, &Bytes(full_padding_text.to_vec()));
@ -350,15 +350,15 @@ pub fn challenge14() {
full_padding_text.to_vec()
} else {
let mut prefix_padding = vec![b'-'; prefix_padding_size];
let clear_text_offset = ((block_index - first_block_index - 1) * block_size)
let cleartext_offset = ((block_index - first_block_index - 1) * block_size)
+ (block_size - padding_length);
prefix_padding.append(
&mut clear_text[clear_text_offset..(clear_text_offset + padding_length)]
&mut cleartext[cleartext_offset..(cleartext_offset + padding_length)]
.to_vec(),
);
prefix_padding
};
known_text.append(&mut clear_text_block.to_vec());
known_text.append(&mut cleartext_block.to_vec());
for i in 0..255 {
let mut guess_text = known_text.to_vec();
@ -366,15 +366,15 @@ pub fn challenge14() {
let cipher_block = encryption_oracle(prefix, key, &Bytes(guess_text))
.get_block(first_block_index, block_size);
if cipher_block.0 == expected_block.0 {
clear_text_block.push(i);
cleartext_block.push(i);
break;
}
}
}
clear_text.append(&mut clear_text_block);
cleartext.append(&mut cleartext_block);
}
// We get last byte from cbs padding so remove it.
Bytes(clear_text[0..(clear_text.len() - 1)].to_vec())
Bytes(cleartext[0..(cleartext.len() - 1)].to_vec())
}
let prefix = Bytes::random_range(0, 200);
@ -383,8 +383,8 @@ pub fn challenge14() {
let prefix_len = get_prefix_size(&prefix, &key);
assert_eq!(prefix.len(), prefix_len);
let roundtrip_text = decode(&prefix, &key);
let clear_text = read("data/12.txt");
assert_eq!(roundtrip_text, clear_text);
let cleartext = read("data/12.txt");
assert_eq!(roundtrip_text, cleartext);
println!(
"[okay] Challenge 14: {}",
roundtrip_text.to_utf8()[..17].to_string()

36
src/set3.rs Normal file
View File

@ -0,0 +1,36 @@
use crate::bytes::Bytes;
use crate::bytes_base64::BytesBase64;
use crate::cbc;
use rand::Rng;
use std::io::{BufRead, BufReader};
pub fn challenge17() {
fn read(path: &str) -> Vec<Bytes> {
let file = std::fs::File::open(path).unwrap();
let br = BufReader::new(file);
br.lines()
.map(|line| BytesBase64::from_base64(&line.unwrap()).to_bytes())
.collect()
}
fn encrypt(ten_strings: &Vec<Bytes>, key: &Bytes) -> (Bytes, Bytes) {
// The first function should select at random one of the ten strings
let index: usize = rand::thread_rng().gen_range(0..ten_strings.len());
let mut cleartext = Bytes(ten_strings[index].0.to_vec());
// pad the string out to the 16-byte AES block size and
cleartext.pad_pkcs7(16);
// CBC-encrypt it under that key, providing the caller the ciphertext
// and IV.
let iv = Bytes::random(16);
(cbc::encrypt(&key, &iv, &cleartext), iv)
}
let cleartexts = read("data/17.txt");
// generate a random AES key (which it should save for all future encryptions)
let key = Bytes::random(16);
let (cipher, _iv) = encrypt(&cleartexts, &key);
println!("[xxxx] Challenge 17: {}", cipher.len());
}