crypto-toolbox 0.2.7 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4b760901ea5c2ae1dea432a632e4d9d48e3bb58f
-  data.tar.gz: 866e4c2c574a4ad9f8a43891574087e74022d55f
+  metadata.gz: ac647d6b3c258b6a0f67e6f842c417e05fa9d432
+  data.tar.gz: b23897bb84b56a1ca9ad119a87bd562568ff555e
 SHA512:
-  metadata.gz: 90b498603ff15a35d88d7c37295f9d45146ba69b58e3ca3c0348a45d40a61d053e9ea962d8388fa8e31e9879bdce5516857ca696c00e86217011c08585246a40
-  data.tar.gz: 4453d964ccd6f3c10dbf39102ee1cadabf1273d2e7cd0ac3c736bf7eeea0081448a27d716eb56edc19c901134622c0b4743ae8944f1dd96426b7e3feade1e794
+  metadata.gz: 48140f890a028bf4f43c9f482141edc90c4617b5fba729a958b6b621cbe51e6775c5820611930b474cb0c7ef0a06e8bce0a06d574420fbca77f870a6aa7ad848
+  data.tar.gz: 448b241d14ca70b2b8b8a5174da29d5a79664c8ccc1b29523b5390e41be20495b504ae8aa41017c5d0c028d61499e15d5dcd4bf3291c86a540d4ff0145497756

data/bin/break-padding-oracle

@@ -7,5 +7,7 @@ if ARGV[0].nil?
 else
   ciphertext = ARGV[0]
   
-  Analyzers::PaddingOracle::Analyzer.new.analyze(ciphertext)
+  result = Analyzers::PaddingOracle::Analyzer.new.analyze(ciphertext)
+  puts "result: "
+  puts result.str
 end

data/lib/crypto-toolbox.rb

@@ -1,10 +1,17 @@
-# coding: utf-8
+require 'base64'
+
 require 'crypto-toolbox/utils/reporting/console.rb'
 require 'crypto-toolbox/utils/hamming_distance_filter.rb'
 require 'crypto-toolbox/utils/ecb_detector.rb'
 require 'crypto-toolbox/utils/ecb_oracle.rb'
 
 require 'crypto-toolbox/oracles/user_profile_encryption_oracle.rb'
+require 'crypto-toolbox/oracles/cbc_mutating_encryption_oracle.rb'
+
+require 'crypto-toolbox/oracles/padding_oracle/tcp_oracle.rb'
+require 'crypto-toolbox/oracles/padding_oracle/http_oracle.rb'
+require 'crypto-toolbox/oracles/padding_oracle/memory_oracle.rb'
+
 
 
 
@@ -22,6 +29,7 @@ require 'crypto-toolbox/analyzers/padding_oracle.rb'
 require 'crypto-toolbox/analyzers/cbc_mac.rb'
 require 'crypto-toolbox/analyzers/vigenere_xor.rb'
 require 'crypto-toolbox/analyzers/ecb_string_appender.rb'
+require 'crypto-toolbox/analyzers/cbc_mutating_encryption.rb'
 
 
 require 'crypto-toolbox/ciphers/aes.rb'

data/lib/crypto-toolbox/analyzers/cbc_mutating_encryption.rb

@@ -0,0 +1,20 @@
+module CryptoToolbox
+  module Analyzers
+    class CbcMutatingEncryption
+      attr_reader :oracle
+      def initialize(oracle)
+        @oracle = oracle
+      end
+
+      def assemble_attack_message
+        # we are lazy thus we use 0 as a byte which is neutral to xor,
+        # thus we dont have to cancel it before adding admin=true. 
+        input = "\0" * 32
+        blocks = @oracle.encrypted_message_for(input).chunks_of(16)
+        fake   = blocks[2].xor(";admin=true;",expand_input: false )
+        blocks[2] = fake
+        ciphertext = blocks.map(&:str).join
+      end
+    end
+  end
+end

data/lib/crypto-toolbox/analyzers/ecb_string_appender.rb

@@ -105,6 +105,7 @@ module Analyzers
       dict[result].tap do |match|
         jot(match,debug: true,raw: true) unless match.nil?
         if match.nil?
+	  binding.pry
           raise "Could not find dictonary entry for block #{block_id}, pos: #{pos}"
         end
       end
@@ -182,7 +183,7 @@ module Analyzers
         total_length = oracle.encipher(@prefix_pad + (DUMMY * i) ).length
         result       = total_length - (@prefix_blocks * block_size )
         if result > minimum_length
-          return minimum_length - (i-1)
+          return minimum_length - i
         end
       end
     end

data/lib/crypto-toolbox/analyzers/padding_oracle/analyzer.rb

@@ -1,6 +1,3 @@
-require 'crypto-toolbox/analyzers/padding_oracle/oracles/http_oracle.rb'
-require 'crypto-toolbox/analyzers/padding_oracle/oracles/tcp_oracle.rb'
-
 
 module Analyzers
   module PaddingOracle
@@ -10,7 +7,7 @@ module Analyzers
       attr_reader :result
       include ::Utils::Reporting::Console
       
-      def initialize(oracle = ::Analyzers::PaddingOracle::Oracles::TcpOracle.new)
+      def initialize(oracle = CryptoToolbox::Oracles::PaddingOracle::TcpOracle.new)
         @result      = [ ]
         @oracle      = oracle
       end
@@ -25,21 +22,21 @@ module Analyzers
       def analyze(cipher)
         blocks = CryptBuffer.from_hex(cipher).chunks_of(16)
 
-        # for whatever reason ranges cant be from high to low
+        # ranges cant be from high to low
         (1..(blocks.length() -1)).reverse_each do |block_index|
           result.unshift analyse_block(blocks,block_index)
         end
-        
-        report_result(result)
-      end
-
 
+        plaintext = CryptBuffer(result.flatten)
+        report_result(plaintext)
+        plaintext.strip_padding
+      end
       
       private
 
       def analyse_block(blocks,block_index)
         block_result = []
-        
+
         # manipulate each byte of the 16 byte block
         1.upto(blocks[block_index -1].length) do |pad_index|
           with_oracle_connection do
@@ -52,9 +49,9 @@ module Analyzers
       end
 
       def report_result(result)
-        jot(CryptBuffer(result.flatten).chars.inspect,debug: false)
+        jot(result.chars.inspect,debug: true)
         jot("stripping padding!",debug: true)
-        jot(CryptBuffer(result.flatten).strip_padding.str,debug: false)
+        jot(result.strip_padding.str,debug: true)
       end
 
       def with_oracle_connection
@@ -83,15 +80,14 @@ module Analyzers
         # and store the result in a buffer we will mess with
         forge_buf = apply_found_bytes(blocks[block_index - 1],cur_result,pad_index)
         
-        1.upto 256 do |guess|
+        1.upto 255 do |guess|
           input = assemble_oracle_input(forge_buf,blocks,block_index,pad_index,guess)
           
           next if skip?(pad_index,block_index,guess,cur_result)
-
-          return guess if@oracle.valid_padding?(input,block_amount(block_index))
+          return guess if @oracle.valid_padding?(input,block_amount(block_index))
         end
 
-        raise FailedAnalysis, "No padding found... this should neve happen..."
+        raise FailedAnalysis, "No padding found... this should never happen..."
       end
       private
 

data/lib/crypto-toolbox/ciphers/aes.rb

@@ -1,3 +1,4 @@
+# coding: utf-8
 module Ciphers
   class Aes
 
@@ -8,32 +9,48 @@ module Ciphers
     end
 
     # NOTE convert ECB encryption to AES gem or both to openssl
-    def decipher_ecb(key,input)
-      decipher_ecb_blockwise(CryptBuffer(key),CryptBuffer(input).chunks_of(@block_size_bytes))
+    def decipher_ecb(key,input,strip_padding: true)
+      plain = decipher_ecb_blockwise(CryptBuffer(key),CryptBuffer(input).chunks_of(@block_size_bytes)).to_crypt_buffer
+      strip_padding ? plain.strip_padding : plain
     end
 
     def encipher_ecb(key,input)
-      encipher_ecb_blockwise(CryptBuffer(key),CryptBuffer(input).chunks_of(@block_size_bytes))
+      encipher_ecb_blockwise(CryptBuffer(key),pad_message(input).chunks_of(@block_size_bytes))
     end
     
     def encipher_cbc(key_str,input_str,iv: nil)
-      unicipher_cbc(:encipher,key_str,input_str,iv)
+      unicipher_cbc(:encipher,key_str,pad_message(input_str),iv)
     end
     
-    def decipher_cbc(key_str,input_str,iv: nil)
-      unicipher_cbc(:decipher,key_str,input_str,iv)
+    def decipher_cbc(key_str,input_str,iv: nil,strip_padding: true)
+      plain = unicipher_cbc(:decipher,key_str,CryptBuffer(input_str),iv).to_crypt_buffer
+      strip_padding ? plain.strip_padding : plain
     end
 
 
     private
 
+    def pad_message(input)
+      buffer=CryptBuffer(input)
+      final_block_size = buffer.length % @block_size_bytes
+      delta = @block_size_bytes - final_block_size
+      if delta > 0
+        buffer.pad(delta)
+      else
+        buffer
+      end
+    end
+    
+    def pad_block(block)
+      return block
+    end
+    
     def encipher_ecb_blockwise(key,blocks)
       blocks.map{|block| encipher_ecb_block(key,block)  }.join 
     end
 
     def encipher_ecb_block(key,block)
-      need_padding = block.length < @block_size_bytes
-      _,out = AES.encrypt(block.str, key.hex, {:format => :plain,:padding => need_padding,:cipher => "AES-#{@key_size}-ECB"})
+      _,out = AES.encrypt(block.str, key.hex, {:format => :plain,:padding => false,:cipher => "AES-#{@key_size}-ECB"})
       out
     end
 
@@ -42,22 +59,23 @@ module Ciphers
     end
 
     def decipher_ecb_block(key,block)
-      need_padding = block.length < @block_size_bytes
+      need_padding = (block.length < @block_size_bytes)
       AES.decrypt(["",block.str], key.hex, {:format => :plain,:padding => need_padding,:cipher => "AES-#{@key_size}-ECB"})
     end
     
     # this method is used for encipher and decipher since most of the code is identical
     # only the value of the previous block and the internal ecb method differs
-    def unicipher_cbc(direction,key_str,input_str,iv)
+    def unicipher_cbc(direction,key_str,input_buf,iv)
+
       method="#{direction.to_s}_cbc_block"
-      blocks = CryptBuffer(input_str).chunks_of(@block_size_bytes)
+      blocks = input_buf.chunks_of(@block_size_bytes)
       iv   ||= blocks.shift.str
       key    = CryptBuffer(key_str).hex
       
       prev_block=iv.to_crypt_buffer
 
-      blocks.map do |block|
-        ctext_block = send(method,key,block,prev_block) #encipher_cbc_block(key,block,prev_block)
+      strings = blocks.map.with_index do |block,i|
+        ctext_block = send(method,key,block,prev_block)
         if direction == :encipher
           prev_block  = ctext_block
         else
@@ -65,22 +83,24 @@ module Ciphers
         end
 
         ctext_block.str
-      end.join.to_crypt_buffer
+      end
+
+      CryptBuffer(strings.join)
     end
     
     def encipher_cbc_block(key,block,prev_block)
       xored =  block ^ prev_block
-      need_padding = block.length != @block_size_bytes
-      
-      _,out = AES.encrypt(xored.str, key, {:format => :plain,:padding => need_padding,:cipher => "AES-#{@key_size}-ECB",:iv => prev_block.str })
+
+      _,out = AES.encrypt(xored.str, key, {:format => :plain,:padding => false,:cipher => "AES-#{@key_size}-ECB",:iv => prev_block.str })
       ecb_block = CryptBuffer(out)
     end
+    
     def decipher_cbc_block(key,block,prev_block)
-      need_padding = block.length != @block_size_bytes
-      
-      out = ::AES.decrypt([prev_block.str,block.str] , key, {:format => :plain,:padding => need_padding,:cipher => "AES-#{@key_size}-ECB",:iv => prev_block.str })
+
+      out = ::AES.decrypt([prev_block.str,block.str] , key, {:format => :plain,:padding => false,:cipher => "AES-#{@key_size}-ECB",:iv => prev_block.str })
       ecb_block = CryptBuffer(out)
-      ecb_block ^ prev_block
+
+      xored = ecb_block ^ prev_block
     end
     
   end

data/lib/crypto-toolbox/crypt_buffer/concerns/padding.rb

@@ -1,14 +1,17 @@
+
+
 module CryptBufferConcern
+  # This module extends functionality the CryptBuffer to
+  # handle PKCS7 padding.
+  # It has the ability to detect, replace, add and strip a
+  # padding from a CryptBuffer to return a new one without
+  # mutating the existing buffer.
+  #
+  # The purpose is making crypto analysis of cbc and other
+  # cipher modes that use pkcs7 padding easier.
   module Padding
-    # This module extends functionality the CryptBuffer to
-    # handle PKCS7 padding.
-    # It has the ability to detect, replace, add and strip a
-    # padding from a CryptBuffer to return a new one without
-    # mutating the existing buffer.
-    #
-    # The purpose is making crypto analysis of cbc and other
-    # cipher modes that use pkcs7 padding easier.
-
+    class InvalidPkcs7Padding < RuntimeError; end
+    
     # Return any existing padding
     def padding
       last   = bytes.last
@@ -32,7 +35,16 @@ module CryptBufferConcern
       end
       self.class.new(subset)
     end
+    
+    def strip_padding!
+      validate_padding! 
+      strip_padding
+    end
 
+    def validate_padding!
+      raise InvalidPkcs7Padding, "No valid pkcs#7 padding present" unless padding?
+      true
+    end
     
     def padding?
       !padding.empty?

data/lib/crypto-toolbox/crypt_buffer_input_converter.rb

@@ -1,6 +1,8 @@
 
-
 class CryptBufferInputConverter
+  class ImpossibleConversion < RuntimeError; end
+  class InvalidHexstring < RuntimeError; end
+  
   def convert(input)
     bytes_from_any(input)
   end
@@ -9,6 +11,7 @@ class CryptBufferInputConverter
   # This is especially useful for unknown or uncertain inputs like
   # strings with or without leading 0x
   def from_hex(input)
+    raise InvalidHexstring, "input: #{input} is not a valid hexadicimal string" unless valid_hexstring?(input)
     hexstr =""
     unless input.nil?
       hexstr = normalize_hex(input)
@@ -63,7 +66,11 @@ class CryptBufferInputConverter
     tmp = pad_hex_char(str)
     tmp.gsub(/(^0x|\s)/,"").upcase
   end
-
+  private
+  
+  def valid_hexstring?(input)
+    input =~ /^(0x)?[a-fA-F0-9]+$/
+  end
 end
 
 def CryptBuffer(input)

data/lib/crypto-toolbox/matasano/sets/set2.rb

@@ -57,6 +57,15 @@ module Matasano
         Analyzers::EcbStringAppender.new(oracle).analyze
       end
 
+      def solve15(input)
+        CryptBuffer(input).strip_padding!.str
+      end
+
+      def solve16(oracle)
+        analyzer   = CryptoToolbox::Analyzers::CbcMutatingEncryption.new(oracle)
+        analyzer.assemble_attack_message
+      end
+      
     end
   end
 end

data/lib/crypto-toolbox/matasano/sets/set3.rb

@@ -0,0 +1,11 @@
+
+module Matasano
+  module Sets
+    module Set3
+      def solve17(oracle)
+        ciphertext = oracle.sample_ciphertext
+        result     = Analyzers::PaddingOracle::Analyzer.new(oracle).analyze(ciphertext)
+      end
+    end
+  end
+end

data/lib/crypto-toolbox/matasano/solver.rb

@@ -1,9 +1,11 @@
 require 'crypto-toolbox/matasano/sets/set1.rb'
 require 'crypto-toolbox/matasano/sets/set2.rb'
+require 'crypto-toolbox/matasano/sets/set3.rb'
 
 module Matasano
   class Solver
     include Matasano::Sets::Set1
     include Matasano::Sets::Set2
+    include Matasano::Sets::Set3
   end
 end

data/lib/crypto-toolbox/oracles/cbc_mutating_encryption_oracle.rb

@@ -0,0 +1,44 @@
+module CryptoToolbox
+  module Oracles
+    class CbcMutatingEncryptionOracle
+      attr_reader :prefix,:suffix
+
+      
+      def initialize(key = SecureRandom.random_bytes(16) )
+        @key     = key
+        @prefix  = "comment1=cooking%20MCs;userdata="
+        @suffix  = ";comment2=%20like%20a%20pound%20of%20bacon"
+        @iv      = SecureRandom.random_bytes(16)
+      end
+
+      #make sure this attack is not possible
+      # fake_user="admin=true;admin=true;"
+      # ciphertext = oracle.encrypted_message_for(fake_user)
+      # oracle.is_admin?(ciphertext)
+      def message_for(user)
+        user.gsub!(/[;=]/,"") # sanitize meta chars
+        @prefix + user + @suffix
+      end
+    
+      def parse_message(string)
+        string.split(";").each_with_object({}){|pair,hsh| k,v = pair.split("="); hsh[k.to_sym] = v }
+      end
+      
+      def encrypted_message_for(user)
+        Ciphers::Aes.new.encipher_cbc(@key,message_for(user),iv: @iv)
+      end
+      
+      def is_admin?(ciphertext)
+        data = decrypt_message(ciphertext)
+        data.has_key?(:admin) && data[:admin] == "true"
+      end
+      
+      private
+      def decrypt_message(ciphertext)
+        plaintext = Ciphers::Aes.new.decipher_cbc(@key,ciphertext,iv: @iv).to_crypt_buffer.strip_padding.str
+        parse_message(plaintext)
+      end
+
+    end
+  end
+end

data/lib/crypto-toolbox/{analyzers/padding_oracle/oracles → oracles/padding_oracle}/http_oracle.rb

@@ -1,7 +1,6 @@
-
-module Analyzers
-  module PaddingOracle
-    module Oracles
+module CryptoToolbox
+  module Oracles
+    module PaddingOracle
       class HttpOracle
         def initialize
           require 'net/http'

data/lib/crypto-toolbox/oracles/padding_oracle/memory_oracle.rb

@@ -0,0 +1,69 @@
+module CryptoToolbox
+  module Oracles
+    module PaddingOracle
+      
+      class PlaintextSelection
+        PLAIN_TEXTS= %w(
+MDAwMDAwTm93IHRoYXQgdGhlIHBhcnR5IGlzIGp1bXBpbmc=
+MDAwMDAxV2l0aCB0aGUgYmFzcyBraWNrZWQgaW4gYW5kIHRoZSBWZWdhJ3MgYXJlIHB1bXBpbic=
+MDAwMDAyUXVpY2sgdG8gdGhlIHBvaW50LCB0byB0aGUgcG9pbnQsIG5vIGZha2luZw==
+MDAwMDAzQ29va2luZyBNQydzIGxpa2UgYSBwb3VuZCBvZiBiYWNvbg==
+MDAwMDA0QnVybmluZyAnZW0sIGlmIHlvdSBhaW4ndCBxdWljayBhbmQgbmltYmxl
+MDAwMDA1SSBnbyBjcmF6eSB3aGVuIEkgaGVhciBhIGN5bWJhbA==
+MDAwMDA2QW5kIGEgaGlnaCBoYXQgd2l0aCBhIHNvdXBlZCB1cCB0ZW1wbw==
+MDAwMDA3SSdtIG9uIGEgcm9sbCwgaXQncyB0aW1lIHRvIGdvIHNvbG8=
+MDAwMDA4b2xsaW4nIGluIG15IGZpdmUgcG9pbnQgb2g=
+MDAwMDA5aXRoIG15IHJhZy10b3AgZG93biBzbyBteSBoYWlyIGNhbiBibG93
+).freeze
+        def self.sample
+          samples.sample
+        end
+        def self.samples
+          PLAIN_TEXTS
+        end
+      end
+      
+      class MemoryOracle
+        attr_reader :secret_plaintext # for result validation only. I can trust myself
+        
+        def initialize
+          @key   = SecureRandom.random_bytes(16)
+          @iv    = SecureRandom.random_bytes(16)
+          @secret_plaintext = CryptBuffer.from_base64(PlaintextSelection::sample).str
+        end
+
+        def sample_ciphertext
+          @ciphertext ||= generate_ciphertext
+        end
+        
+        def connect; end
+        def disconnect; end
+        
+        def valid_padding?(input,custom_block_amount=nil)
+          # openssl will throw on invalid padding
+          begin
+            block  = CryptBuffer(input)
+            result = CryptBuffer(decrypt(block))
+            result.validate_padding!
+          rescue CryptBufferConcern::Padding::InvalidPkcs7Padding => ex
+            false
+          end
+        end
+
+        private
+
+        def generate_ciphertext
+          CryptBuffer(@iv + Ciphers::Aes.new.encipher_cbc(@key,@secret_plaintext,iv: @iv).str).hex
+        end
+
+        def decrypt(msg)
+          Ciphers::Aes.new.decipher_cbc(@key,msg,iv: @iv,strip_padding: false)
+        end
+        
+        def check_padding(msg)
+          
+        end
+      end
+    end
+  end
+end

data/lib/crypto-toolbox/{analyzers/padding_oracle/oracles → oracles/padding_oracle}/tcp_oracle.rb

@@ -1,15 +1,10 @@
-#!/usr/bin/env ruby
-
-require 'crypto-toolbox'
-
-module Analyzers
-  module PaddingOracle
-    module Oracles
+module CryptoToolbox
+  module Oracles
+    module PaddingOracle
 
       class TcpOracle
         def initialize
           require "socket"
-          require_relative "./tcp_oracle.rb"
 
           @hostname  = '54.165.60.84'
           @port      = 80

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: crypto-toolbox
 version: !ruby/object:Gem::Version
-  version: 0.2.7
+  version: 0.3.0
 platform: ruby
 authors:
 - Dennis Sivia
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-05-27 00:00:00.000000000 Z
+date: 2015-05-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aes
@@ -57,11 +57,10 @@ files:
 - lib/crypto-toolbox/analyzers/cbc_mac.rb
 - lib/crypto-toolbox/analyzers/cbc_mac/variable_length/analyzer.rb
 - lib/crypto-toolbox/analyzers/cbc_mac/variable_length/oracles/tcp.rb
+- lib/crypto-toolbox/analyzers/cbc_mutating_encryption.rb
 - lib/crypto-toolbox/analyzers/ecb_string_appender.rb
 - lib/crypto-toolbox/analyzers/padding_oracle.rb
 - lib/crypto-toolbox/analyzers/padding_oracle/analyzer.rb
-- lib/crypto-toolbox/analyzers/padding_oracle/oracles/http_oracle.rb
-- lib/crypto-toolbox/analyzers/padding_oracle/oracles/tcp_oracle.rb
 - lib/crypto-toolbox/analyzers/utils/ascii_language_detector.rb
 - lib/crypto-toolbox/analyzers/utils/human_language_detector.rb
 - lib/crypto-toolbox/analyzers/utils/key_candidate_map.rb
@@ -86,7 +85,12 @@ files:
 - lib/crypto-toolbox/forgers/stream_ciphers/forge_generator.rb
 - lib/crypto-toolbox/matasano/sets/set1.rb
 - lib/crypto-toolbox/matasano/sets/set2.rb
+- lib/crypto-toolbox/matasano/sets/set3.rb
 - lib/crypto-toolbox/matasano/solver.rb
+- lib/crypto-toolbox/oracles/cbc_mutating_encryption_oracle.rb
+- lib/crypto-toolbox/oracles/padding_oracle/http_oracle.rb
+- lib/crypto-toolbox/oracles/padding_oracle/memory_oracle.rb
+- lib/crypto-toolbox/oracles/padding_oracle/tcp_oracle.rb
 - lib/crypto-toolbox/oracles/user_profile_encryption_oracle.rb
 - lib/crypto-toolbox/utils/ecb_detector.rb
 - lib/crypto-toolbox/utils/ecb_oracle.rb
@@ -112,7 +116,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.6
+rubygems_version: 2.4.7
 signing_key: 
 specification_version: 4
 summary: Toolbox for crypto analysis