Clean up asssignment 36 and prepare for 37
parent
7a9225ccb0
commit
eae126f4cd
|
@ -58,10 +58,10 @@ fn main() {
|
|||
set4::challenge30();
|
||||
set4::challenge31();
|
||||
set4::challenge32();
|
||||
set5::challenge33();
|
||||
set5::challenge34();
|
||||
set5::challenge35();
|
||||
}
|
||||
set5::challenge33();
|
||||
set5::challenge34();
|
||||
set5::challenge35();
|
||||
set5::challenge36();
|
||||
set5::challenge37();
|
||||
}
|
||||
|
|
56
src/set5.rs
56
src/set5.rs
|
@ -1,10 +1,10 @@
|
|||
use crate::bytes::Bytes;
|
||||
use crate::rsa;
|
||||
use crate::sha1;
|
||||
use crate::sha1::Sha1;
|
||||
use num_bigint::BigUint;
|
||||
use num_bigint::RandBigInt;
|
||||
use num_bigint::ToBigUint;
|
||||
use openssl::sha::sha256;
|
||||
use rand::Rng;
|
||||
|
||||
mod challenge33 {
|
||||
|
@ -138,7 +138,7 @@ mod challenge34 {
|
|||
message.pad_pkcs7(BLOCK_SIZE);
|
||||
|
||||
// AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv
|
||||
let mut cipher = cbc::encrypt(&key, &iv, &message).0;
|
||||
let mut cipher = cbc::encrypt(key, &iv, &message).0;
|
||||
cipher.append(&mut iv.0);
|
||||
Bytes(cipher)
|
||||
}
|
||||
|
@ -152,7 +152,7 @@ mod challenge34 {
|
|||
|
||||
let iv = Bytes(cipher.0[(cipher_len - BLOCK_SIZE)..cipher_len].to_vec());
|
||||
let cipher = Bytes(cipher.0[0..cipher_len - BLOCK_SIZE].to_vec());
|
||||
let mut message = cbc::decrypt(&key, &iv, &cipher);
|
||||
let mut message = cbc::decrypt(key, &iv, &cipher);
|
||||
message.remove_pkcs7(BLOCK_SIZE);
|
||||
message
|
||||
}
|
||||
|
@ -180,7 +180,7 @@ pub fn challenge34() {
|
|||
let mut a = challenge34::Bot::new(p.clone(), &g);
|
||||
|
||||
// A->B: Send "p", "g", "A"
|
||||
let mut b = challenge34::Bot::new(p.clone(), &g);
|
||||
let mut b = challenge34::Bot::new(p, &g);
|
||||
|
||||
// B->A: Send "B"
|
||||
a.exchange_keys(&b.exchange_keys(&a.get_public_key()));
|
||||
|
@ -209,7 +209,7 @@ pub fn challenge34() {
|
|||
|
||||
// M->B Send "p", "g", "p"
|
||||
// B->M Send "B"
|
||||
let mut b = challenge34::Bot::new(p.clone(), &g);
|
||||
let mut b = challenge34::Bot::new(p, &g);
|
||||
b.exchange_keys(&p_public);
|
||||
|
||||
// M->A Send "p"
|
||||
|
@ -248,12 +248,12 @@ pub fn challenge34() {
|
|||
|
||||
pub fn challenge35() {
|
||||
fn echo(message: &Bytes, g: &BigUint, p: &BigUint) -> (Bytes, Bytes) {
|
||||
let mut a = challenge34::Bot::new(p.clone(), &g);
|
||||
let mut b = challenge34::Bot::new(p.clone(), &g);
|
||||
let mut a = challenge34::Bot::new(p.clone(), g);
|
||||
let mut b = challenge34::Bot::new(p.clone(), g);
|
||||
a.exchange_keys(&b.exchange_keys(&a.get_public_key()));
|
||||
assert_eq!(a.s, b.s, "crypto is broken");
|
||||
|
||||
let cipher_a = a.encrypt(&message);
|
||||
let cipher_a = a.encrypt(message);
|
||||
let message_b = b.decrypt(&cipher_a);
|
||||
let cipher_b = b.encrypt(&message_b);
|
||||
let roundtrip = a.decrypt(&cipher_b);
|
||||
|
@ -328,9 +328,6 @@ pub fn challenge36() {
|
|||
let _i = Bytes::from_utf8("john1337@wayne.com");
|
||||
let p = Bytes::from_utf8("horse planet carpet country");
|
||||
|
||||
|
||||
// We will use SHA1 instead of SHA256 for the whole exercise because I am lazy.
|
||||
|
||||
// S
|
||||
// Generate salt as random integer
|
||||
// Generate string xH=SHA256(salt|password)
|
||||
|
@ -340,13 +337,9 @@ pub fn challenge36() {
|
|||
let salt: u32 = rng.gen();
|
||||
let mut salt_password = salt.to_be_bytes().to_vec();
|
||||
salt_password.append(&mut p.0.clone());
|
||||
let mut sha1 = Sha1::default();
|
||||
let xh = sha1.hash(&Bytes(salt_password));
|
||||
let x = BigUint::from_bytes_be(xh.0[0..4].try_into().unwrap());
|
||||
let xh = sha256(&salt_password);
|
||||
let x = BigUint::from_bytes_be(xh[0..4].try_into().unwrap());
|
||||
let v = g.modpow(&x, &n);
|
||||
std::mem::drop(xh);
|
||||
std::mem::drop(x);
|
||||
std::mem::drop(sha1);
|
||||
|
||||
// C->S
|
||||
// Send I, A=g**a % N (a la Diffie Hellman)
|
||||
|
@ -362,9 +355,8 @@ pub fn challenge36() {
|
|||
// Compute string uH = SHA256(A|B), u = integer of uH
|
||||
let mut a_b = a_public.to_bytes_be();
|
||||
a_b.append(&mut b_public.to_bytes_be());
|
||||
let mut sha1 = Sha1::default();
|
||||
let uh = sha1.hash(&Bytes(a_b));
|
||||
let u = BigUint::from_bytes_be(uh.0[0..4].try_into().unwrap());
|
||||
let uh = sha256(&a_b);
|
||||
let u = BigUint::from_bytes_be(uh[0..4].try_into().unwrap());
|
||||
|
||||
// C
|
||||
// Generate string xH=SHA256(salt|password)
|
||||
|
@ -373,35 +365,41 @@ pub fn challenge36() {
|
|||
// Generate K = SHA256(S)
|
||||
let mut salt_password = salt.to_be_bytes().to_vec();
|
||||
salt_password.append(&mut p.0.clone());
|
||||
let mut sha1 = Sha1::default();
|
||||
let xh = sha1.hash(&Bytes(salt_password));
|
||||
let x = BigUint::from_bytes_be(xh.0[0..4].try_into().unwrap());
|
||||
let xh = sha256(&salt_password);
|
||||
let x = BigUint::from_bytes_be(xh[0..4].try_into().unwrap());
|
||||
let s = (b_public - k * g.modpow(&x, &n)).modpow(&(a + &u * x), &n);
|
||||
let mut sha1 = Sha1::default();
|
||||
let k_client = sha1.hash(&Bytes(s.to_bytes_be()));
|
||||
let k_client = sha256(&s.to_bytes_be());
|
||||
|
||||
// S
|
||||
// Generate S = (A * v**u) ** b % N
|
||||
// Generate K = SHA256(S)
|
||||
let s = (a_public * v.modpow(&u, &n)).modpow(&b, &n);
|
||||
let mut sha1 = Sha1::default();
|
||||
let k_server = sha1.hash(&Bytes(s.to_bytes_be()));
|
||||
let k_server = sha256(&s.to_bytes_be());
|
||||
|
||||
assert_eq!(k_client, k_server);
|
||||
|
||||
// I don't have HMAC-SHA256, so I will use HMAC-SHA1 instead.
|
||||
|
||||
// C->S
|
||||
// Send HMAC-SHA256(K, salt)
|
||||
let salt = Bytes(salt.to_be_bytes().to_vec());
|
||||
let mac_server = sha1::hmac_sha1(&k_server, &salt);
|
||||
let mac_server = sha1::hmac_sha1(&Bytes(k_server.to_vec()), &salt);
|
||||
|
||||
// S->C
|
||||
// Send "OK" if HMAC-SHA256(K, salt) validates
|
||||
let mac_client = sha1::hmac_sha1(&k_server, &salt);
|
||||
let mac_client = sha1::hmac_sha1(&Bytes(k_client.to_vec()), &salt);
|
||||
assert_eq!(mac_server, mac_client, "HMAC verification failed");
|
||||
|
||||
println!("[okay] Challenge 36: implement secure remote password");
|
||||
}
|
||||
|
||||
pub fn challenge37() {
|
||||
// Get your SRP working in an actual client-server setting. "Log in" with a
|
||||
// valid password using the protocol.
|
||||
|
||||
// Now log in without your password by having the client send 0 as its "A"
|
||||
// value. What does this to the "S" value that both sides compute?
|
||||
|
||||
// Now log in without your password by having the client send N, N*2, &c.
|
||||
println!("[xxxx] Challenge 37: TBD");
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue