crypto_toolchain 0.1.0

data/lib/crypto_toolchain/extensions/string_extensions.rb

@@ -0,0 +1,263 @@
+# encoding: ASCII-8BIT
+class String
+  # Not cryptographically secure
+  def self.random_bytes(n)
+    n.times.with_object("") do |_, memo|
+      memo << random_byte
+    end
+  end
+
+  # Obviously not cryptographically secure
+  def self.random_byte
+    (0..255).to_a.sample.chr
+  end
+
+  def from_hex
+    raise StandardError.new("Not hex") unless hex?
+    [self].pack("H*")
+  end
+
+  def to_hex
+    unpack("H*").first
+  end
+
+  def hex?
+    self !~ /[^0-9a-f]/i
+  end
+
+  def swap_endian
+    raise ArgumentError.new("Bytesize must be multiple of 4") unless bytesize % 4 == 0
+    unpack("L<*").pack("L>*")
+  end
+
+  alias_method :swap_endianness, :swap_endian
+
+  def to_base64(strict: true)
+    if strict
+      Base64.strict_encode64(self)
+    else
+      Base64.encode64(self)
+    end
+  end
+
+  def from_base64(strict: true)
+    if strict
+      begin
+        Base64.strict_decode64(self)
+      rescue ArgumentError
+        Base64.decode64(self)
+      end
+    else
+      Base64.decode64(self)
+    end
+  end
+
+  def ^(other)
+    if length != other.length
+      raise ArgumentError.new("Must be same lengths, self: #{self.bytesize}, other: #{other.bytesize}")
+    end
+    each_byte.with_index.with_object("") do |(byte, i), ret|
+      ret << (byte.ord ^ other[i].ord)
+    end
+  end
+
+  def score
+    scan(/[etaoin shrdlu]/i).size
+  end
+
+  def in_blocks(blocksize = CryptoToolchain::AES_BLOCK_SIZE)
+    bytes.map(&:chr).each_slice(blocksize).map(&:join) || [""]
+  end
+
+  def repeat_to(len)
+    ljust(len, self)
+  end
+
+  def to_number
+    to_hex.to_i(16)
+  end
+
+  def hamming_distance(other)
+    (self ^ other).to_bits.count("1")
+  end
+
+  def to_bits
+    self.unpack("B*").first
+  end
+  alias_method :bitstring, :to_bits
+  alias_method :bits, :to_bits
+
+  def potential_repeating_xor_keysizes(take: 3, min: 2, max: 40)
+    (min..max).sort_by do |size|
+      normalized_hamming_distance(self.in_blocks(size)) / size.to_f
+    end.take(take)
+  end
+
+  def potential_repeating_xor_keys(potential_keysizes: self.potential_repeating_xor_keysizes)
+    potential_keysizes.map do |keysize|
+      arr = self.in_blocks(keysize)
+      transposed = (0...keysize).each_with_object([]) do |i, memo|
+        memo << arr.map { |row| row[i] }.join
+      end
+      key = transposed.each_with_object("") do |str, memo|
+        memo << CryptoToolchain::Tools.detect_single_character_xor(str)
+      end
+      key
+    end
+  end
+
+  # unique blocks.  block size is in _bytes_
+  def unique_blocks(blocksize = CryptoToolchain::AES_BLOCK_SIZE)
+    in_blocks(blocksize).each_with_object({}) do |block, found|
+      found[block] ||= true
+    end.keys
+  end
+
+  def pad_pkcs7(blocksize = CryptoToolchain::AES_BLOCK_SIZE)
+    _blocks = in_blocks(blocksize)
+    pad_num = blocksize - _blocks.last.bytesize
+    if pad_num == 0
+      "#{self}#{blocksize.chr * blocksize}"
+    else
+      "#{self}#{pad_num.chr * pad_num}"
+    end
+  end
+
+  def is_pkcs7_padded?(blocksize = CryptoToolchain::AES_BLOCK_SIZE)
+    # if self.size != blocksize
+      return in_blocks(blocksize).last.is_block_pkcs7_padded?(blocksize)
+    # end
+  end
+
+  def without_pkcs7_padding(blocksize = CryptoToolchain::AES_BLOCK_SIZE, raise_error: false)
+    if !is_pkcs7_padded?(blocksize)
+      raise ArgumentError.new("Not PKCS7 padded") unless is_pkcs7_padded?(blocksize) if raise_error
+      return self
+    end
+    self[0..(bytesize - (1 + bytes.last))]
+  end
+
+  def decrypt_ecb(key: , blocksize: CryptoToolchain::AES_BLOCK_SIZE, cipher: 'AES-128')
+    in_blocks(blocksize).each_with_object("") do |block, memo|
+      dec = OpenSSL::Cipher.new("#{cipher}-ECB")
+      dec.decrypt
+      dec.key = key
+      dec.padding = 0
+      plain = dec.update(block) + dec.final
+      memo << plain
+    end.without_pkcs7_padding(blocksize)
+  end
+
+  def encrypt_ecb(key: , blocksize: CryptoToolchain::AES_BLOCK_SIZE, cipher: 'AES-128')
+    self.pad_pkcs7(blocksize).in_blocks(blocksize).each_with_object("").with_index do |(block, memo), i|
+
+      enc = OpenSSL::Cipher.new("#{cipher}-ECB")
+      enc.encrypt
+      enc.key = key
+      enc.padding = 0
+      plain = enc.update(block) + enc.final
+
+      memo << plain
+    end
+  end
+
+  def decrypt_cbc(key: , iv: , blocksize: CryptoToolchain::AES_BLOCK_SIZE, cipher: 'AES-128', strip_padding: true)
+    _blocks = in_blocks(blocksize)
+    decrypted = _blocks.each_with_object("").with_index do |(block, memo), i|
+      dec = OpenSSL::Cipher.new("#{cipher}-ECB")
+      dec.decrypt
+      dec.key = key
+      dec.padding = 0
+      unciphered = dec.update(block) + dec.final
+      chain_block = i == 0 ? iv : _blocks[i - 1]
+      memo << (unciphered ^ chain_block)
+    end
+    if strip_padding
+      decrypted.without_pkcs7_padding(blocksize)
+    else
+      decrypted
+    end
+  end
+
+  def encrypt_cbc(key: , iv: , blocksize: CryptoToolchain::AES_BLOCK_SIZE, cipher: 'AES-128')
+    _blocks = pad_pkcs7(blocksize).in_blocks(blocksize)
+    _blocks.each_with_object("").with_index do |(block, memo), i|
+      chain_block = i == 0 ? iv : memo[(blocksize * -1)..-1]
+      intermediate = block ^ chain_block
+      enc = OpenSSL::Cipher.new("#{cipher}-ECB")
+      enc.encrypt
+      enc.key = key
+      enc.padding = 0
+      crypted = enc.update(intermediate) + enc.final
+      memo << crypted
+    end
+  end
+
+  # Bitstring is indexed as a normal string, ie:
+  #
+  # 'd' = 0x64 = 01100100
+  #              01234567
+  # 'd'.bitflip(7) => 'e'
+  def bitflip(bit_index, byte_index: 0)
+    byte_offset, bit_offset = bit_index.divmod(8)
+    byte_offset += byte_index
+    target = self.dup
+    target[byte_offset] = (target[byte_offset].ord ^  (1 << (7-bit_offset))).chr
+    target
+  end
+  alias_method :bit_flip, :bitflip
+  alias_method :flipbit, :bitflip
+  alias_method :flip_bit, :bitflip
+  alias_method :flip, :bitflip
+
+  def encrypt_ctr(key: , nonce: , cipher: 'AES-128', start_counter: 0)
+    each_byte.with_index(start_counter).with_object("") do |(byte, i), memo|
+      ctr = i / 16
+      ctr_params = [nonce, ctr].pack("Q<Q<")
+      enc = OpenSSL::Cipher.new("#{cipher}-ECB")
+      enc.encrypt
+      enc.key = key
+      enc.padding = 0
+      keystream = enc.update(ctr_params) + enc.final
+      memo << (byte.chr ^ keystream[i % 16])
+    end
+  end
+  alias_method :decrypt_ctr, :encrypt_ctr
+
+  def contains_duplicate_blocks?(blocksize = CryptoToolchain::AES_BLOCK_SIZE)
+    _blocks = in_blocks(blocksize)
+    _blocks.length > _blocks.uniq.length
+  end
+  alias_method :is_ecb_encrypted?, :contains_duplicate_blocks?
+
+  # Thanks Ruby Facets!
+  def snakecase
+    gsub(/([A-Z]+)([A-Z][a-z])/,'\1_\2').
+      gsub(/([a-z\d])([A-Z])/,'\1_\2').
+      tr('-', '_').
+      gsub(/\s/, '_').
+      gsub(/__+/, '_').
+      downcase
+  end
+  alias_method :snake_case, :snakecase
+  alias_method :underscore, :snakecase
+
+  protected
+
+  def is_block_pkcs7_padded?(blocksize = CryptoToolchain::AES_BLOCK_SIZE)
+    return true if self == blocksize.chr * blocksize
+    (1...blocksize).each do |padding|
+      return true if self[(blocksize - padding)..-1] == padding.chr * padding
+    end
+    false
+  end
+
+  def normalized_hamming_distance(blocks)
+    raise ArgumentError.new("arg should be an array") unless blocks.is_a?(Array)
+    (
+      blocks[0].hamming_distance(blocks[1]) +
+      blocks[0].hamming_distance(blocks[2]) +
+      blocks[0].hamming_distance(blocks[3])
+    ) / 3.0
+  end
+end

data/lib/crypto_toolchain/extensions.rb

@@ -0,0 +1,8 @@
+require "crypto_toolchain/extensions/string_extensions"
+require "crypto_toolchain/extensions/integer_extensions"
+require "crypto_toolchain/extensions/object_extensions"
+
+module CryptoToolchain
+  module Extensions
+  end
+end

data/lib/crypto_toolchain/srp/client.rb

@@ -0,0 +1,51 @@
+module CryptoToolchain
+  module SRP
+    class Client
+      include SRP::Framework
+
+      attr_reader :server_pubkey, :authenticated
+      alias_method :authenticated?, :authenticated
+
+      def initialize(**kargs)
+        provided_pubkey = kargs.delete(:pubkey)
+        super(**kargs)
+        @pubkey = provided_pubkey || g.modpow(privkey, n)
+      end
+
+      def send_hello
+        write_message("hello", email, pubkey)
+      end
+
+      def send_verify
+        hmac = OpenSSL::HMAC.hexdigest("SHA256", key.to_s, salt.to_s)
+        write_message("verify", hmac)
+      end
+
+      def hello_received(_salt, _server_pubkey)
+        @salt = _salt.to_i
+        @server_pubkey = _server_pubkey.to_i
+        secret = calculate_secret
+        puts "Client generated secret #{secret}" if DEBUG
+        @key = Digest::SHA256.hexdigest(secret.to_s)
+        send_verify
+      end
+
+      def authentication_success_received
+        @authenticated = true
+        write_message("shutdown")
+        raise ShutdownSignal
+      end
+
+      def calculate_secret
+        return 0 if [0, n, n**2, n**3].include?(pubkey)
+
+        xH = Digest::SHA256.hexdigest("#{salt}#{password}")
+        x = xH.to_i(16)
+        uH = Digest::SHA256.hexdigest("#{pubkey}#{server_pubkey}")
+        u = uH.to_i(16)
+        # S = (B - k * g**x)**(a + u * x) % N
+        (server_pubkey - k * g.modpow(x, n)).modpow(privkey + u * x, n)
+      end
+    end
+  end
+end

data/lib/crypto_toolchain/srp/framework.rb

@@ -0,0 +1,55 @@
+module CryptoToolchain
+  module SRP
+    module Framework
+
+      attr_reader :n, :g, :k, :email, :password, :socket, :privkey, :pubkey, :salt, :key
+
+      def initialize(n: CryptoToolchain::NIST_P, g: CryptoToolchain::NIST_G,
+                    k: 3, email: "charles@goodog.com", password: "i<3porkchops",
+                    socket: )
+        @n        = n
+        @g        = g
+        @k        = k
+        @email    = email
+        @password = password
+        @socket   = socket
+        @privkey  = rand(1..0xffffffff) % n
+      end
+
+      EVENT_WHITELIST = %w( hello verify shutdown error authentication_success ).freeze
+      def go!
+        event_loop do |event_string|
+          event_type, *data = event_string.split(DELIMITER)
+          puts "Received #{event_type} #{data}" if DEBUG
+          if !EVENT_WHITELIST.include?(event_type)
+            socket.puts("error|event #{event_type} unknown") and next
+          end
+          send("#{event_type}_received", *data)
+        end
+      end
+
+      def event_loop
+        begin
+          loop do
+            yield socket.readline.strip
+          end
+        rescue ShutdownSignal
+          # Nothing
+        end
+      end
+
+      def shutdown_received(*args)
+        raise ShutdownSignal
+      end
+
+      def write_message(*args)
+        socket.puts args.join(DELIMITER)
+      end
+
+      def error_received(*args)
+        raise StandardError.new(args.join(" "))
+      end
+    end
+
+  end
+end

data/lib/crypto_toolchain/srp/server.rb

@@ -0,0 +1,38 @@
+module CryptoToolchain
+  module SRP
+    class Server
+      include SRP::Framework
+
+      attr_reader :v, :client_pubkey
+
+      def initialize(**kargs)
+        super(**kargs)
+        @salt = rand(1..0xffffffff)
+        xH = Digest::SHA256.hexdigest("#{salt}#{password}")
+        x = xH.to_i(16)
+        @v = g.modpow(x, n)
+        @pubkey = k*v + g.modpow(privkey, n)
+      end
+
+      def hello_received(email, _client_pubkey)
+        @client_pubkey = _client_pubkey.to_i
+        write_message("hello", salt, pubkey)
+        uH = Digest::SHA256.hexdigest("#{client_pubkey}#{pubkey}")
+        u = uH.to_i(16)
+        #  S = (A * v**u) ** b % N
+        secret = (client_pubkey * v.modpow(u, n)).modpow(privkey, n)
+        puts "Server generated secret #{secret}" if DEBUG
+        @key = Digest::SHA256.hexdigest(secret.to_s)
+      end
+
+      def verify_received(hmac)
+        valid_hmac = OpenSSL::HMAC.hexdigest("SHA256", key.to_s, salt.to_s)
+        if hmac == valid_hmac
+          write_message("authentication_success")
+        else
+          write_message("error", "invalid_hmac")
+        end
+      end
+    end
+  end
+end

data/lib/crypto_toolchain/srp/simple_client.rb

@@ -0,0 +1,32 @@
+module CryptoToolchain
+  module SRP
+    class SimpleClient < Client
+      include SRP::Framework
+
+      attr_reader :u
+
+      def initialize(**kargs)
+        provided_pubkey = kargs.delete(:pubkey)
+        super(**kargs)
+        @pubkey = provided_pubkey || g.modpow(privkey, n)
+      end
+
+      def hello_received(_salt, _server_pubkey, _u)
+        @salt = _salt.to_i
+        @server_pubkey = _server_pubkey.to_i
+        @u = _u.to_i
+        secret = calculate_secret
+        puts "SimpleClient generated secret #{secret}" if DEBUG
+        @key = Digest::SHA256.hexdigest(secret.to_s)
+        send_verify
+      end
+
+      def calculate_secret
+        xH = Digest::SHA256.hexdigest("#{salt}#{password}")
+        x = xH.to_i(16)
+        # S = B**(a + ux) % n
+        server_pubkey.modpow(privkey + (u * x), n)
+      end
+    end
+  end
+end

data/lib/crypto_toolchain/srp/simple_server.rb

@@ -0,0 +1,68 @@
+module CryptoToolchain
+  module SRP
+    class SimpleServer < Server
+      include SRP::Framework
+
+      def initialize(n: CryptoToolchain::NIST_P, g: CryptoToolchain::NIST_G,
+                    k: 3, email: "charles@goodog.com", password: "i<3porkchops",
+                    privkey: nil, pubkey: nil, u: (rand(1..0x0000ffff)), malicious: false,
+                    salt: rand(1..0xffffffff), socket: )
+        @n        = n
+        @g        = g
+        @k        = k
+        @email    = email,
+        @password = password
+        @socket   = socket
+        @privkey  = privkey || rand(1..0xffffffff) % n
+        @pubkey    = pubkey || g.modpow(@privkey, n)
+        @u         = u
+        @salt      = salt
+        xH         = Digest::SHA256.hexdigest("#{salt}#{password}")
+        x          = xH.to_i(16)
+        @v         = g.modpow(x, n)
+        @malicious = malicious
+      end
+
+      attr_reader :salt, :u, :malicious, :recovered_password
+      alias_method :malicious?, :malicious
+
+      def hello_received(email, _client_pubkey)
+        @client_pubkey = _client_pubkey.to_i
+        write_message("hello", salt, pubkey, u)
+        #  S = (A * v**u) ** b % N
+        secret = (client_pubkey * v.modpow(u, n)).modpow(privkey, n)
+        puts "SimpleServer generated secret #{secret}" if DEBUG
+        @key = Digest::SHA256.hexdigest(secret.to_s)
+      end
+
+      def wordlist
+        return @wordlist if defined? @wordlist
+        _words = File.readlines("/usr/share/dict/words").
+          shuffle[0...100].
+          map(&:strip)
+        _words << "i<3porkchops"
+        @wordlist = _words.shuffle
+      end
+
+      def crack(hmac)
+        wordlist.each_with_index do |word, i|
+          _x = Digest::SHA256.hexdigest("#{salt}#{word}").to_i(16)
+          _v = g.modpow(_x, n)
+          _secret = (client_pubkey * _v.modpow(u, n)).modpow(privkey, n)
+          _key = Digest::SHA256.hexdigest(_secret.to_s)
+          word_hmac = OpenSSL::HMAC.hexdigest("SHA256", _key, salt.to_s)
+          return word if word_hmac == hmac
+        end
+        nil
+      end
+
+      def verify_received(hmac)
+        if malicious?
+          @recovered_password = crack(hmac)
+          puts "Recovered #{@recovered_password}" if DEBUG
+        end
+        super(hmac)
+      end
+    end
+  end
+end

data/lib/crypto_toolchain/srp.rb

@@ -0,0 +1,14 @@
+require "crypto_toolchain/srp/framework"
+require "crypto_toolchain/srp/client"
+require "crypto_toolchain/srp/server"
+require "crypto_toolchain/srp/simple_client"
+require "crypto_toolchain/srp/simple_server"
+
+module CryptoToolchain
+  module SRP
+    ShutdownSignal = Class.new(RuntimeError)
+
+    DELIMITER = "|"
+    DEBUG = false
+  end
+end

data/lib/crypto_toolchain/tools/aes_ctr_recoverer.rb

@@ -0,0 +1,30 @@
+module CryptoToolchain
+  module Tools
+    class AesCtrRecoverer
+
+      attr_reader :ciphertext, :editor
+
+      def initialize(editor)
+        @editor = editor
+        @ciphertext = editor.ciphertext
+      end
+
+      def execute
+        (0...(ciphertext.length)).each_with_object("") do |i, memo|
+          memo << get_character(i)
+        end
+      end
+
+      def get_character(i)
+        (0..255).each do |byte|
+          chr = byte.chr
+          if editor.edit(offset: i, with: chr) == ciphertext
+            return chr
+          end
+        end
+        raise RuntimeError, "Could not recover character"
+      end
+
+    end
+  end
+end

data/lib/crypto_toolchain/tools/cbc_bitflip_attack.rb

@@ -0,0 +1,30 @@
+# encoding; ASCII-8BIT
+module CryptoToolchain
+  module Tools
+    class CbcBitflipAttack
+      def initialize(target: CryptoToolchain::BlackBoxes::CbcBitflipTarget.new)
+        @target = target
+      end
+
+      def flip(block, byte, bit)
+        new_byte = ((1 << (bit - 8)) ^ (block[byte].ord)).chr
+        block[0...byte] + new_byte + block[(byte+1)..-1]
+      end
+
+      def execute
+        easy = ":admin<true:" #only need to flip the last bit of bytes 1, 7, 12
+        blocks = target.encrypt(easy).in_blocks(16)
+        first = flip(blocks[1], 0, 8)
+        equals = flip(first, 6, 8)
+        last = flip(equals, 11, 8)
+        blocks[1] = last
+        blocks.join
+      end
+
+      private
+
+      attr_reader :target
+    end
+
+  end
+end

data/lib/crypto_toolchain/tools/cbc_iv_equals_key_attack.rb

@@ -0,0 +1,30 @@
+# encoding; ASCII-8BIT
+module CryptoToolchain
+  module Tools
+    class CbcIvEqualsKeyAttack
+      attr
+      def initialize(target: CryptoToolchain::BlackBoxes::CbcIvEqualsKeyTarget.new,
+                     message_prefix: "Invalid byte in ")
+        @target = target
+        @message_prefix = message_prefix
+      end
+
+      def execute
+        initial = ("A" * CryptoToolchain::AES_BLOCK_SIZE * 3)
+        blocks = target.encrypt(initial).in_blocks(CryptoToolchain::AES_BLOCK_SIZE)
+        mal = blocks[0] + (0.chr * 16) + blocks[0]
+        begin
+          target.is_admin?(mal)
+        rescue RuntimeError => e
+          blocks = e.message[(message_prefix.length)..-1].in_blocks(CryptoToolchain::AES_BLOCK_SIZE)
+          blocks[0] ^ blocks[2]
+        end
+      end
+
+      private
+
+      attr_reader :target, :message_prefix
+
+    end
+  end
+end

data/lib/crypto_toolchain/tools/cbc_padding_oracle_attack.rb

@@ -0,0 +1,51 @@
+# encoding: ASCII-8BIT
+module CryptoToolchain
+  module Tools
+    class CbcPaddingOracleAttack
+      def initialize(oracle: , blocksize: 16)
+        @oracle = oracle
+        @blocksize = blocksize
+      end
+
+      def execute
+        _blocks = ciphertext.in_blocks(blocksize)
+        _blocks[1..-1].map.with_index(1) do |block, i|
+          preceding = _blocks[i - 1]
+          intermediate = intermediate_block(preceding: preceding, target: block)
+          intermediate ^ preceding
+        end.
+          join.
+          without_pkcs7_padding(blocksize)
+      end
+
+      private
+
+      attr_reader :oracle, :blocksize
+
+      def ciphertext
+        @ciphertext ||= oracle.ciphertext
+      end
+
+      private
+
+      def intermediate_block(preceding: , target: )
+        range = Array(0...blocksize).reverse
+        range.each_with_object(0x00.chr * blocksize) do |index, memo|
+          pad = blocksize - index
+          padding = (pad.chr * pad).rjust(blocksize, 0x00.chr)
+          candidate = padding ^ memo ^ preceding
+          (0..255).each do |guess|
+            next if (preceding.bytes[index] == guess && index == blocksize - 1)
+            candidate = padding ^ memo
+            candidate[index] = guess.chr
+            attempt = candidate + target
+            if oracle.execute(attempt)
+              memo[index] = (guess ^ pad).chr
+              break
+            end
+          end
+        end
+      end
+    end
+  end
+end