crypto-toolbox 0.1.12 → 0.1.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6d44c3eb26aa94b3c7b941235ae67cfd42d1d7e4
|
|
4
|
+
data.tar.gz: 9e9c64094502898955d362e5fe5ff30d7563c056
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6b72ad40abe63b30723d5bc392ab470cdca4e4bf9d24fa5fbf7ad2ecb1b280b5a1d66c8753a548a9922c9df61e834e7f61d77bfd888fd6dd5780baf5ce862883
|
|
7
|
+
data.tar.gz: be527c12832e261bc5223262034ac8774b030383cb9ba1b28f751417ca68cb990e3f83e06f7951225c57a2d429ed4a3e12d9defc4a0acb3dd5c94de47b54aa1c
|
data/lib/crypto-toolbox.rb
CHANGED
|
@@ -6,6 +6,7 @@ require 'crypto-toolbox/crypt_buffer.rb'
|
|
|
6
6
|
require 'crypto-toolbox/analyzers/utils/key_filter.rb'
|
|
7
7
|
require 'crypto-toolbox/analyzers/utils/spell_checker.rb'
|
|
8
8
|
require 'crypto-toolbox/analyzers/padding_oracle.rb'
|
|
9
|
+
require 'crypto-toolbox/analyzers/cbc_mac.rb'
|
|
9
10
|
require 'crypto-toolbox/analyzers/vigenere_xor.rb'
|
|
10
11
|
|
|
11
12
|
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
require 'crypto-toolbox/analyzers/cbc_mac/variable_length/analyzer.rb'
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
require 'crypto-toolbox/analyzers/cbc_mac/variable_length/oracles/tcp.rb'
|
|
2
|
+
|
|
3
|
+
module Analyzers
|
|
4
|
+
module CbcMac
|
|
5
|
+
module VariableLength
|
|
6
|
+
|
|
7
|
+
class Analyzer
|
|
8
|
+
# This class implements an attack on CBC-MAC with variable length.
|
|
9
|
+
# This issue is known for a long time and thus should be avoided by any implementation.
|
|
10
|
+
# However this code shows how to forge a tag in this mode and can be seen das a PoC.
|
|
11
|
+
#
|
|
12
|
+
#
|
|
13
|
+
# Thanks to Matthew Green for this great article about the potential implementation problems
|
|
14
|
+
# of CBC-MAC: http://blog.cryptographyengineering.com/2013/02/why-i-hate-cbc-mac.html
|
|
15
|
+
#
|
|
16
|
+
# This class has the VL (variable length) suffix it its name
|
|
17
|
+
# to make100% clear that this attack works only on this condition
|
|
18
|
+
def initialize(oracle_class = ::Analyzers::CbcMac::VariableLength::Oracles::Tcp,block_length=32)
|
|
19
|
+
@oracle = oracle_class.new
|
|
20
|
+
end
|
|
21
|
+
# NOTE: handle too short messages properly
|
|
22
|
+
|
|
23
|
+
def analyze(target_message)
|
|
24
|
+
@oracle.connect
|
|
25
|
+
|
|
26
|
+
#target_msg = "I, the server, hereby agree that I will pay $100 to this student"
|
|
27
|
+
target_bufs = CryptBuffer(target_message).chunks_of(32)
|
|
28
|
+
|
|
29
|
+
# add to_crypt_buffer to String!
|
|
30
|
+
target_tag1 = CryptBuffer(@oracle.mac(target_bufs[0].chars,target_bufs[0].length)) #.split("").map{|i| i.bytes.first }
|
|
31
|
+
|
|
32
|
+
# NOTE t'' = m || [ (m_1' + t ) ||m_2'||...||m_x']
|
|
33
|
+
m2_blocks = target_bufs[1].chunks_of(16)
|
|
34
|
+
msg2 = CryptBuffer((m2_blocks[0].xor(target_tag1)).bytes + m2_blocks[1].bytes)
|
|
35
|
+
|
|
36
|
+
# @oracle.tag_for(msg2.chars,msg2.length)
|
|
37
|
+
forge_tag = @oracle.mac(msg2.chars,msg2.length)
|
|
38
|
+
|
|
39
|
+
# @oracle.verify(target_msg.chars, target_msg.length, forge_tag)
|
|
40
|
+
ret = @oracle.verify(target_message.chars, target_message.length, forge_tag)
|
|
41
|
+
|
|
42
|
+
|
|
43
|
+
if forge_successfull?(ret)
|
|
44
|
+
puts "result is: #{CryptBuffer(forge_tag).hex}"
|
|
45
|
+
puts "Message verified successfully!"
|
|
46
|
+
else
|
|
47
|
+
puts "Message verification failed."
|
|
48
|
+
end
|
|
49
|
+
@oracle.disconnect
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
private
|
|
53
|
+
|
|
54
|
+
def forge_successfull?(retval)
|
|
55
|
+
retval == 1
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
|
|
61
|
+
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
end
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
require 'socket'
|
|
2
|
+
|
|
3
|
+
module Analyzers
|
|
4
|
+
module CbcMac
|
|
5
|
+
module VariableLength
|
|
6
|
+
module Oracles
|
|
7
|
+
class Tcp
|
|
8
|
+
def initialize(mac_host = '54.165.60.84', mac_port = 81, verify_host = '54.165.60.84', verify_port = 82)
|
|
9
|
+
@mac_host = mac_host
|
|
10
|
+
@mac_port = mac_port
|
|
11
|
+
@verify_host = verify_host
|
|
12
|
+
@verify_port = verify_port
|
|
13
|
+
@mac_socket = nil
|
|
14
|
+
@verify_socket = nil
|
|
15
|
+
end
|
|
16
|
+
def connect
|
|
17
|
+
@mac_socket = TCPSocket.open(@mac_host,@mac_port)
|
|
18
|
+
@verify_socket = TCPSocket.open(@verify_host,@verify_port)
|
|
19
|
+
#puts "Connected to server successfully."
|
|
20
|
+
end
|
|
21
|
+
def disconnect
|
|
22
|
+
@verify_socket.close if @verfiy_socket
|
|
23
|
+
@mac_socket.close if @mac_socket
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def mac(message,len)
|
|
27
|
+
connect unless @mac_socket
|
|
28
|
+
|
|
29
|
+
packet = ([message.length] + message + [0]).map(&:chr).join("")
|
|
30
|
+
|
|
31
|
+
@mac_socket.write(packet)
|
|
32
|
+
@mac_socket.read(16)
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def verify(message,len,tag)
|
|
36
|
+
connect unless @verify_socket
|
|
37
|
+
|
|
38
|
+
# Message-length + message-chars + tag-chars + 0
|
|
39
|
+
packet = ([message.length] + message + tag.split("") + [0]).map(&:chr).join("")
|
|
40
|
+
|
|
41
|
+
@verify_socket.write(packet)
|
|
42
|
+
@verify_socket.read(2).to_i
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
|
|
53
|
+
|
|
54
|
+
|
|
55
|
+
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: crypto-toolbox
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.13
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dennis Sivia
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-04-
|
|
11
|
+
date: 2015-04-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aes
|
|
@@ -50,6 +50,9 @@ files:
|
|
|
50
50
|
- bin/break-padding-oracle
|
|
51
51
|
- bin/break-vigenere-xor
|
|
52
52
|
- lib/crypto-toolbox.rb
|
|
53
|
+
- lib/crypto-toolbox/analyzers/cbc_mac.rb
|
|
54
|
+
- lib/crypto-toolbox/analyzers/cbc_mac/variable_length/analyzer.rb
|
|
55
|
+
- lib/crypto-toolbox/analyzers/cbc_mac/variable_length/oracles/tcp.rb
|
|
53
56
|
- lib/crypto-toolbox/analyzers/padding_oracle.rb
|
|
54
57
|
- lib/crypto-toolbox/analyzers/padding_oracle/analyzer.rb
|
|
55
58
|
- lib/crypto-toolbox/analyzers/padding_oracle/oracles/http_oracle.rb
|