RubyGems - crypto-toolbox - Versions diffs - 0.1.13 → 0.1.14 - Mend

crypto-toolbox 0.1.13 → 0.1.14

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/crypto-toolbox/analyzers/cbc_mac/variable_length/analyzer.rb +26 -17
data/lib/crypto-toolbox/analyzers/cbc_mac/variable_length/oracles/tcp.rb +4 -4
data/lib/crypto-toolbox/crypt_buffer/concerns/pretty_print.rb +2 -3
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6d44c3eb26aa94b3c7b941235ae67cfd42d1d7e4
-  data.tar.gz: 9e9c64094502898955d362e5fe5ff30d7563c056
+  metadata.gz: 5728516f47174d06b0901a72afa8a499ee5f0662
+  data.tar.gz: 9d83b1da078d82ba3345fb4b8aca1f860aaf1eb5
 SHA512:
-  metadata.gz: 6b72ad40abe63b30723d5bc392ab470cdca4e4bf9d24fa5fbf7ad2ecb1b280b5a1d66c8753a548a9922c9df61e834e7f61d77bfd888fd6dd5780baf5ce862883
-  data.tar.gz: be527c12832e261bc5223262034ac8774b030383cb9ba1b28f751417ca68cb990e3f83e06f7951225c57a2d429ed4a3e12d9defc4a0acb3dd5c94de47b54aa1c
+  metadata.gz: 21c9a10d814988c289b578850e1b769c817e086cd47a369578a01bdd8f5058ea6e1ef0573d311ab4ee6b3ee54f038ddc043475af83ae8f8a5112c02e126351af
+  data.tar.gz: 81601d2d3376c364ef5437b6d5af7c33bd4b3e47658eda3fa68a220439f4a6580fe0e20b3a6030909b9a52c89ad2e8026cb383dd7d2a7f6ebbd1eea84ee521c1

data/lib/crypto-toolbox/analyzers/cbc_mac/variable_length/analyzer.rb CHANGED Viewed

@@ -23,34 +23,43 @@ module Analyzers
         def analyze(target_message)
           @oracle.connect
-          #target_msg = "I, the server, hereby agree that I will pay $100 to this student"
+          # split the target message into chunks of size N (e.g. 32)
           target_bufs = CryptBuffer(target_message).chunks_of(32)
-          # add to_crypt_buffer to String!
-          target_tag1 = CryptBuffer(@oracle.mac(target_bufs[0].chars,target_bufs[0].length)) #.split("").map{|i| i.bytes.first }
+          # receive the valid mac for the first chunk of the target message
+          tag1 = CryptBuffer(@oracle.mac(target_bufs[0]))
-          # NOTE  t''  = m || [ (m_1' + t ) ||m_2'||...||m_x']
-          m2_blocks = target_bufs[1].chunks_of(16)
-          msg2 = CryptBuffer((m2_blocks[0].xor(target_tag1)).bytes + m2_blocks[1].bytes)
+          attack_message = assemble_malicious_message(target_bufs,tag1)
+          forged_tag = @oracle.mac(attack_message)
-          # @oracle.tag_for(msg2.chars,msg2.length)
-          forge_tag = @oracle.mac(msg2.chars,msg2.length)
-          # @oracle.verify(target_msg.chars, target_msg.length, forge_tag)
-          ret = @oracle.verify(target_message.chars, target_message.length, forge_tag)
+          ret = @oracle.verify(target_message, forged_tag)
+          report_result(ret,forged_tag)
+          @oracle.disconnect
+        end
+        private
+          # Create a message that consists of
+          # 1) the first n byte of the second message xored with tag t from the first message
+          # 2) the remaining blocks of the second message
+          # short:  t''  = (m'_0  xor t ) ||m'_1 ||...||m'_n]
+        def assemble_malicious_message(target_bufs,tag1)
+          # split the second chunk into blocks of the size of the tag
+          m2_blocks = target_bufs[1].chunks_of(tag1.length)
+          CryptBuffer((m2_blocks[0].xor(tag1)).bytes + m2_blocks[1].bytes)
+        end
+        def report_result(ret,tag)
           if forge_successfull?(ret)
-            puts "result is: #{CryptBuffer(forge_tag).hex}"
-            puts "Message verified successfully!"
+            puts "[Success] Resulting tag is: #{CryptBuffer(tag).pretty_hexstring}"
           else
-            puts "Message verification failed."
+            puts "[Failure] Message verification failed."
           end
-          @oracle.disconnect
         end
-        private
         def forge_successfull?(retval)
           retval == 1
         end

data/lib/crypto-toolbox/analyzers/cbc_mac/variable_length/oracles/tcp.rb CHANGED Viewed

@@ -23,20 +23,20 @@ module Analyzers
             @mac_socket.close    if @mac_socket
           end
-          def mac(message,len)
+          def mac(message)
             connect unless @mac_socket
-            packet = ([message.length] + message + [0]).map(&:chr).join("")
+            packet = ([message.length] + message.bytes + [0]).map(&:chr).join("")
             @mac_socket.write(packet)
             @mac_socket.read(16)
           end
-          def verify(message,len,tag)
+          def verify(message,tag)
             connect unless @verify_socket
             # Message-length + message-chars + tag-chars + 0
-            packet = ([message.length] + message + tag.split("") + [0]).map(&:chr).join("")
+            packet = ([message.length] + message.bytes + tag.split("") + [0]).map(&:chr).join("")
             @verify_socket.write(packet)
             @verify_socket.read(2).to_i

data/lib/crypto-toolbox/crypt_buffer/concerns/pretty_print.rb CHANGED Viewed

@@ -1,11 +1,10 @@
 module CryptBufferConcern
   module PrettyPrint
     def pp
-      puts pretty_hexstr
+      puts pretty_hexstring
     end
-    private
-    def pretty_hexstr
+    def pretty_hexstring
       str = h.scan(/.{2}/).to_a.join(" ")
       "0x#{h.upcase} (#{str.upcase})"
     end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: crypto-toolbox
 version: !ruby/object:Gem::Version
-  version: 0.1.13
+  version: 0.1.14
 platform: ruby
 authors:
 - Dennis Sivia