Implement Bleichenbacher PKCS padding oracle in Python
This commit is contained in:
16
src/main.rs
16
src/main.rs
@@ -62,15 +62,15 @@ fn main() {
|
||||
set4::challenge30();
|
||||
set4::challenge31();
|
||||
set4::challenge32();
|
||||
set5::challenge33();
|
||||
set5::challenge34();
|
||||
set5::challenge35();
|
||||
set5::challenge36().unwrap_or_else(|| println!("[fail] challenge 36"));
|
||||
set5::challenge37().unwrap_or_else(|| println!("[fail] challenge 37"));
|
||||
set5::challenge38().unwrap_or_else(|| println!("[fail] challenge 38"));
|
||||
set5::challenge39().unwrap_or_else(|| println!("[fail] challenge 39"));
|
||||
set5::challenge40().unwrap_or_else(|| println!("[fail] challenge 40"));
|
||||
}
|
||||
set5::challenge33();
|
||||
set5::challenge34();
|
||||
set5::challenge35();
|
||||
set5::challenge36().unwrap_or_else(|| println!("[fail] challenge 36"));
|
||||
set5::challenge37().unwrap_or_else(|| println!("[fail] challenge 37"));
|
||||
set5::challenge38().unwrap_or_else(|| println!("[fail] challenge 38"));
|
||||
set5::challenge39().unwrap_or_else(|| println!("[fail] challenge 39"));
|
||||
set5::challenge40().unwrap_or_else(|| println!("[fail] challenge 40"));
|
||||
set6::challenge41().unwrap_or_else(|_| println!("[fail] challenge 41"));
|
||||
set6::challenge42().unwrap_or_else(|_| println!("[fail] challenge 42"));
|
||||
set6::challenge43().unwrap_or_else(|| println!("[fail] challenge 43"));
|
||||
|
||||
26
src/set6.rs
26
src/set6.rs
@@ -410,12 +410,17 @@ pub fn challenge46() -> Result<(), ErrorStack> {
|
||||
pub fn challenge47() -> Result<(), ErrorStack> {
|
||||
// Generate a 256 bit keypair (that is, p and q will each be 128 bit primes), [n, e, d].
|
||||
let (public_key, private_key) = rsa::rsa_gen_keys_with_size(128, 128)?;
|
||||
println!("e={:?}", public_key.e);
|
||||
println!("d={:?}", private_key.d);
|
||||
println!("n={:?}", private_key.n);
|
||||
|
||||
// PKCS1.5-pad a short message, like "kick it, CC", and call it "m". Encrypt to to get "c".
|
||||
let m = Bytes::from_utf8("kick it, CC");
|
||||
let m = BigNum::from_slice(&m.0)?;
|
||||
let n = bnclone(&public_key.n);
|
||||
let n_bytes = n.num_bytes();
|
||||
println!("m={:?}", m);
|
||||
println!("n_bytes={}", n_bytes);
|
||||
|
||||
// Build an oracle function, just like you did in the last exercise, but have it check for
|
||||
// plaintext[0] == 0 and plaintext[1] == 2.
|
||||
@@ -428,15 +433,20 @@ pub fn challenge47() -> Result<(), ErrorStack> {
|
||||
// Decrypt "c" using your padding oracle.
|
||||
let c_unpadded = rsa::rsa_encrypt_unpadded(&m, &public_key)?;
|
||||
let c = rsa::rsa_encrypt(&m, &public_key)?;
|
||||
println!("c={:?}", c);
|
||||
|
||||
assert!(!oracle(&c_unpadded), "oracle wrongly thinks unpadded message is padded");
|
||||
assert!(oracle(&c), "oracle wrongly thinks padded message is not padded");
|
||||
|
||||
// B = 2^(8(k−2)); k is the length of n in bytes;
|
||||
// let mut ctx = BigNumContext::new()?;
|
||||
// let mut p = BigNum::new()?;
|
||||
// let k = BigNum::from_u32(n_bytes.try_into().unwrap())?;
|
||||
// p.checked_sub(&k, &BigNum::from_u32(2)?);
|
||||
// p = &p * BigNum::from_u32(8);
|
||||
|
||||
// b.exp(&BigNum::from_u32(2)?, &BigNum::from_u32(8)? * &(&n_bytes - &BigNum::from_u32(2)), &mut ctx);
|
||||
|
||||
assert!(
|
||||
!oracle(&c_unpadded),
|
||||
"oracle wrongly thinks unpadded message is padded"
|
||||
);
|
||||
assert!(
|
||||
oracle(&c),
|
||||
"oracle wrongly thinks padded message is not padded"
|
||||
);
|
||||
|
||||
println!("[xxxx] Challenge 47: Bleichenbacher's PKCS 1.5 Padding Oracle (Simple Case)");
|
||||
Ok(())
|
||||
|
||||
Reference in New Issue
Block a user