diff --git a/src/main.rs b/src/main.rs index 16f65b4..ced6911 100644 --- a/src/main.rs +++ b/src/main.rs @@ -58,10 +58,10 @@ fn main() { set4::challenge30(); set4::challenge31(); set4::challenge32(); + set5::challenge33(); + set5::challenge34(); + set5::challenge35(); } - set5::challenge33(); - set5::challenge34(); - set5::challenge35(); set5::challenge36(); set5::challenge37(); } diff --git a/src/set5.rs b/src/set5.rs index 49a1bde..ed52866 100644 --- a/src/set5.rs +++ b/src/set5.rs @@ -1,10 +1,10 @@ use crate::bytes::Bytes; use crate::rsa; use crate::sha1; -use crate::sha1::Sha1; use num_bigint::BigUint; use num_bigint::RandBigInt; use num_bigint::ToBigUint; +use openssl::sha::sha256; use rand::Rng; mod challenge33 { @@ -138,7 +138,7 @@ mod challenge34 { message.pad_pkcs7(BLOCK_SIZE); // AES-CBC(SHA1(s)[0:16], iv=random(16), msg) + iv - let mut cipher = cbc::encrypt(&key, &iv, &message).0; + let mut cipher = cbc::encrypt(key, &iv, &message).0; cipher.append(&mut iv.0); Bytes(cipher) } @@ -152,7 +152,7 @@ mod challenge34 { let iv = Bytes(cipher.0[(cipher_len - BLOCK_SIZE)..cipher_len].to_vec()); let cipher = Bytes(cipher.0[0..cipher_len - BLOCK_SIZE].to_vec()); - let mut message = cbc::decrypt(&key, &iv, &cipher); + let mut message = cbc::decrypt(key, &iv, &cipher); message.remove_pkcs7(BLOCK_SIZE); message } @@ -180,7 +180,7 @@ pub fn challenge34() { let mut a = challenge34::Bot::new(p.clone(), &g); // A->B: Send "p", "g", "A" - let mut b = challenge34::Bot::new(p.clone(), &g); + let mut b = challenge34::Bot::new(p, &g); // B->A: Send "B" a.exchange_keys(&b.exchange_keys(&a.get_public_key())); @@ -209,7 +209,7 @@ pub fn challenge34() { // M->B Send "p", "g", "p" // B->M Send "B" - let mut b = challenge34::Bot::new(p.clone(), &g); + let mut b = challenge34::Bot::new(p, &g); b.exchange_keys(&p_public); // M->A Send "p" @@ -248,12 +248,12 @@ pub fn challenge34() { pub fn challenge35() { fn echo(message: &Bytes, g: &BigUint, p: &BigUint) -> (Bytes, Bytes) { - let mut a = challenge34::Bot::new(p.clone(), &g); - let mut b = challenge34::Bot::new(p.clone(), &g); + let mut a = challenge34::Bot::new(p.clone(), g); + let mut b = challenge34::Bot::new(p.clone(), g); a.exchange_keys(&b.exchange_keys(&a.get_public_key())); assert_eq!(a.s, b.s, "crypto is broken"); - let cipher_a = a.encrypt(&message); + let cipher_a = a.encrypt(message); let message_b = b.decrypt(&cipher_a); let cipher_b = b.encrypt(&message_b); let roundtrip = a.decrypt(&cipher_b); @@ -328,9 +328,6 @@ pub fn challenge36() { let _i = Bytes::from_utf8("john1337@wayne.com"); let p = Bytes::from_utf8("horse planet carpet country"); - - // We will use SHA1 instead of SHA256 for the whole exercise because I am lazy. - // S // Generate salt as random integer // Generate string xH=SHA256(salt|password) @@ -340,13 +337,9 @@ pub fn challenge36() { let salt: u32 = rng.gen(); let mut salt_password = salt.to_be_bytes().to_vec(); salt_password.append(&mut p.0.clone()); - let mut sha1 = Sha1::default(); - let xh = sha1.hash(&Bytes(salt_password)); - let x = BigUint::from_bytes_be(xh.0[0..4].try_into().unwrap()); + let xh = sha256(&salt_password); + let x = BigUint::from_bytes_be(xh[0..4].try_into().unwrap()); let v = g.modpow(&x, &n); - std::mem::drop(xh); - std::mem::drop(x); - std::mem::drop(sha1); // C->S // Send I, A=g**a % N (a la Diffie Hellman) @@ -362,9 +355,8 @@ pub fn challenge36() { // Compute string uH = SHA256(A|B), u = integer of uH let mut a_b = a_public.to_bytes_be(); a_b.append(&mut b_public.to_bytes_be()); - let mut sha1 = Sha1::default(); - let uh = sha1.hash(&Bytes(a_b)); - let u = BigUint::from_bytes_be(uh.0[0..4].try_into().unwrap()); + let uh = sha256(&a_b); + let u = BigUint::from_bytes_be(uh[0..4].try_into().unwrap()); // C // Generate string xH=SHA256(salt|password) @@ -373,35 +365,41 @@ pub fn challenge36() { // Generate K = SHA256(S) let mut salt_password = salt.to_be_bytes().to_vec(); salt_password.append(&mut p.0.clone()); - let mut sha1 = Sha1::default(); - let xh = sha1.hash(&Bytes(salt_password)); - let x = BigUint::from_bytes_be(xh.0[0..4].try_into().unwrap()); + let xh = sha256(&salt_password); + let x = BigUint::from_bytes_be(xh[0..4].try_into().unwrap()); let s = (b_public - k * g.modpow(&x, &n)).modpow(&(a + &u * x), &n); - let mut sha1 = Sha1::default(); - let k_client = sha1.hash(&Bytes(s.to_bytes_be())); + let k_client = sha256(&s.to_bytes_be()); // S // Generate S = (A * v**u) ** b % N // Generate K = SHA256(S) let s = (a_public * v.modpow(&u, &n)).modpow(&b, &n); - let mut sha1 = Sha1::default(); - let k_server = sha1.hash(&Bytes(s.to_bytes_be())); + let k_server = sha256(&s.to_bytes_be()); assert_eq!(k_client, k_server); + // I don't have HMAC-SHA256, so I will use HMAC-SHA1 instead. + // C->S // Send HMAC-SHA256(K, salt) let salt = Bytes(salt.to_be_bytes().to_vec()); - let mac_server = sha1::hmac_sha1(&k_server, &salt); + let mac_server = sha1::hmac_sha1(&Bytes(k_server.to_vec()), &salt); // S->C // Send "OK" if HMAC-SHA256(K, salt) validates - let mac_client = sha1::hmac_sha1(&k_server, &salt); + let mac_client = sha1::hmac_sha1(&Bytes(k_client.to_vec()), &salt); assert_eq!(mac_server, mac_client, "HMAC verification failed"); println!("[okay] Challenge 36: implement secure remote password"); } pub fn challenge37() { + // Get your SRP working in an actual client-server setting. "Log in" with a + // valid password using the protocol. + + // Now log in without your password by having the client send 0 as its "A" + // value. What does this to the "S" value that both sides compute? + + // Now log in without your password by having the client send N, N*2, &c. println!("[xxxx] Challenge 37: TBD"); }