feat: add the gcm crack
Example testcase is working
This commit is contained in:
Alivecow
parent
16b65b0de4
commit
4c9adb9fdc
7 changed files with 253 additions and 24 deletions
|
|
@ -6,6 +6,7 @@ use crate::utils::parse::{Responses, Testcase, Testcases};
|
|||
use tasks01::{
|
||||
block2poly::block2poly,
|
||||
gcm::{gcm_decrypt, gcm_encrypt},
|
||||
gcm_crack::gcm_crack,
|
||||
gfmul::gfmul_task,
|
||||
pad_oracle::padding_oracle,
|
||||
pfmath::{
|
||||
|
|
@ -176,6 +177,12 @@ pub fn task_deploy(testcase: &Testcase) -> Result<Value> {
|
|||
|
||||
Ok(json)
|
||||
}
|
||||
"gcm_crack" => {
|
||||
let result = gcm_crack(args)?;
|
||||
let json = json!({"factors" : result});
|
||||
|
||||
Ok(json)
|
||||
}
|
||||
|
||||
_ => Err(anyhow!(
|
||||
"Fatal. No compatible action found. Json data was {:?}. Arguments were; {:?}",
|
||||
|
|
@ -234,7 +241,7 @@ pub fn task_distribute_st(testcases: &Testcases) -> Result<Responses> {
|
|||
|
||||
pub fn task_distribute(testcases: &Testcases) -> Result<Responses> {
|
||||
let cpus = num_cpus::get();
|
||||
if cpus > 1 {
|
||||
if cpus > 1000000 {
|
||||
task_distribute_mt(testcases)
|
||||
} else {
|
||||
task_distribute_st(testcases)
|
||||
|
|
|
|||
197
src/tasks/tasks01/gcm_crack.rs
Normal file
197
src/tasks/tasks01/gcm_crack.rs
Normal file
|
|
@ -0,0 +1,197 @@
|
|||
use std::{env::args, fs::canonicalize, slice::Chunks};
|
||||
|
||||
use anyhow::{Ok, Result};
|
||||
use base64::{prelude::BASE64_STANDARD, Engine};
|
||||
use openssl::derive;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use serde_json::{map, Value};
|
||||
|
||||
use crate::utils::{
|
||||
self,
|
||||
ciphers::ghash,
|
||||
dff::ddf,
|
||||
edf::edf,
|
||||
field::FieldElement,
|
||||
math::{reverse_bits_in_bytevec, xor_bytes},
|
||||
poly::Polynomial,
|
||||
sff::sff,
|
||||
};
|
||||
|
||||
#[derive(Debug, Serialize, Deserialize, Clone)]
|
||||
pub struct CrackAnswer {
|
||||
tag: String,
|
||||
H: String,
|
||||
mask: String,
|
||||
}
|
||||
|
||||
#[derive(Debug, Serialize, Deserialize, Clone)]
|
||||
struct Message {
|
||||
ciphertext: Vec<u8>,
|
||||
ad: Vec<u8>,
|
||||
tag: Vec<u8>,
|
||||
l_field: Vec<u8>,
|
||||
}
|
||||
|
||||
fn parse_message(val: &Value) -> Result<(Message, Polynomial)> {
|
||||
let ciphertext_text: String = serde_json::from_value(val["ciphertext"].clone())?;
|
||||
let ciphertext_bytes: Vec<u8> = BASE64_STANDARD.decode(ciphertext_text)?;
|
||||
let mut ciphertext_chunks: Vec<FieldElement> = ciphertext_bytes
|
||||
.chunks(16)
|
||||
.into_iter()
|
||||
.map(|chunk| FieldElement::new(chunk.to_vec()))
|
||||
.collect();
|
||||
//ciphertext_chunks;
|
||||
let ciphertext: Polynomial = Polynomial::new(ciphertext_chunks.clone());
|
||||
|
||||
let ad_text: String = serde_json::from_value(val["associated_data"].clone())?;
|
||||
let mut ad_bytes: Vec<u8> = BASE64_STANDARD.decode(ad_text)?;
|
||||
let mut l_field: Vec<u8> = ((ad_bytes.len() * 8) as u64).to_be_bytes().to_vec();
|
||||
|
||||
if ad_bytes.len() % 16 != 0 || ad_bytes.is_empty() {
|
||||
ad_bytes.append(vec![0u8; 16 - (ad_bytes.len() % 16)].as_mut());
|
||||
}
|
||||
let mut ad_chunks: Vec<FieldElement> = ad_bytes
|
||||
.chunks(16)
|
||||
.into_iter()
|
||||
.map(|chunk| FieldElement::new(chunk.to_vec()))
|
||||
.collect();
|
||||
//ad_chunks;
|
||||
let ad: Polynomial = Polynomial::new(ad_chunks.clone());
|
||||
|
||||
let tag_text: String = serde_json::from_value(val["tag"].clone()).unwrap_or("".to_string());
|
||||
let tag_bytes: Vec<u8> = BASE64_STANDARD.decode(tag_text)?;
|
||||
let tag_field: FieldElement = FieldElement::new(tag_bytes.clone());
|
||||
let tag: Polynomial = Polynomial::new(vec![tag_field.clone()]);
|
||||
|
||||
let mut c_len: Vec<u8> = ((ciphertext_bytes.len() * 8) as u64).to_be_bytes().to_vec();
|
||||
l_field.append(c_len.as_mut());
|
||||
|
||||
// Combine all data
|
||||
let mut combined: Vec<FieldElement> =
|
||||
Vec::with_capacity(ad_chunks.len() + ciphertext_chunks.len() + 1);
|
||||
combined.extend(ad_chunks);
|
||||
combined.extend(ciphertext_chunks.clone());
|
||||
combined.push(FieldElement::new(l_field.clone()));
|
||||
combined.push(tag_field);
|
||||
|
||||
combined.reverse();
|
||||
|
||||
let h_poly: Polynomial = Polynomial::new(combined);
|
||||
|
||||
Ok((
|
||||
Message {
|
||||
ciphertext: ciphertext_bytes,
|
||||
ad: ad_bytes,
|
||||
tag: tag_bytes,
|
||||
l_field,
|
||||
},
|
||||
h_poly,
|
||||
))
|
||||
}
|
||||
|
||||
pub fn gcm_crack(args: &Value) -> Result<CrackAnswer> {
|
||||
let nonce: String = serde_json::from_value(args["nonce"].clone())?;
|
||||
|
||||
let crack_poly: Polynomial = Polynomial::empty();
|
||||
|
||||
// Prepare first equation
|
||||
let (m1_data, m1_h_poly) = parse_message(&args["m1"])?;
|
||||
|
||||
let (m2_data, m2_h_poly) = parse_message(&args["m2"])?;
|
||||
|
||||
let (m3_data, m3_h_poly) = parse_message(&args["m3"])?;
|
||||
|
||||
eprintln!("m1 poly: {:?}", m1_h_poly.clone().to_c_array());
|
||||
eprintln!("m2 poly: {:?}", m2_h_poly.clone().to_c_array());
|
||||
|
||||
let combine_poly = m1_h_poly + m2_h_poly;
|
||||
|
||||
eprintln!("combine poly: {:?}", combine_poly.clone().to_c_array());
|
||||
|
||||
let combine_sff = sff(combine_poly.monic());
|
||||
|
||||
let mut combine_ddf: Vec<(Polynomial, u128)> = vec![];
|
||||
for (factor, _) in combine_sff {
|
||||
combine_ddf.extend(ddf(factor));
|
||||
}
|
||||
|
||||
eprintln!("combine_ddf: {:?}", combine_ddf);
|
||||
|
||||
let mut combine_edf: Vec<Polynomial> = vec![];
|
||||
for (factor, degree) in combine_ddf {
|
||||
if degree == 1 {
|
||||
combine_edf.extend(edf(factor, degree as u32));
|
||||
}
|
||||
}
|
||||
|
||||
eprintln!("combine_edf: {:?}", combine_edf);
|
||||
|
||||
let mut m3_auth_tag: Vec<u8> = vec![];
|
||||
let mut h_candidate: FieldElement = FieldElement::zero();
|
||||
let mut eky0: Vec<u8> = vec![];
|
||||
for candidate in combine_edf {
|
||||
if candidate.degree() == 1 {
|
||||
h_candidate = candidate.extract_component(0);
|
||||
eprintln!("H candidate: {:02X?}", h_candidate.to_b64());
|
||||
let m1_ghash = ghash(
|
||||
reverse_bits_in_bytevec(h_candidate.to_vec()),
|
||||
m1_data.ad.clone(),
|
||||
m1_data.ciphertext.clone(),
|
||||
m1_data.l_field.clone(),
|
||||
)
|
||||
.unwrap();
|
||||
|
||||
eky0 = xor_bytes(&m1_data.tag, m1_ghash).unwrap();
|
||||
eprintln!("eky0: {:?}", BASE64_STANDARD.encode(eky0.clone()));
|
||||
|
||||
let m3_ghash = ghash(
|
||||
reverse_bits_in_bytevec(h_candidate.to_vec()),
|
||||
m3_data.ad.clone(),
|
||||
m3_data.ciphertext.clone(),
|
||||
m3_data.l_field.clone(),
|
||||
)
|
||||
.unwrap();
|
||||
|
||||
m3_auth_tag = xor_bytes(&eky0, m3_ghash).unwrap();
|
||||
eprintln!(
|
||||
"M3 auth tag: {:02X?}",
|
||||
BASE64_STANDARD.encode(m3_auth_tag.clone())
|
||||
);
|
||||
|
||||
if m3_auth_tag == m3_data.tag {
|
||||
eprintln!("Candidate valid");
|
||||
eprintln!("{:02X?}", m3_auth_tag);
|
||||
break;
|
||||
} else {
|
||||
eprintln!("H candidate not valid");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
eprintln!(
|
||||
"M3 Authentication TAG {:02X?}",
|
||||
BASE64_STANDARD.encode(&m3_auth_tag)
|
||||
);
|
||||
|
||||
if m3_auth_tag.is_empty() {
|
||||
eprintln!("No valid candidate found");
|
||||
}
|
||||
|
||||
let (forgery_data, _) = parse_message(&args["forgery"])?;
|
||||
|
||||
let forgery_ghash = ghash(
|
||||
reverse_bits_in_bytevec(h_candidate.to_vec()),
|
||||
forgery_data.ad.clone(),
|
||||
forgery_data.ciphertext.clone(),
|
||||
forgery_data.l_field.clone(),
|
||||
)
|
||||
.unwrap();
|
||||
|
||||
let forgery_auth_tag = xor_bytes(&eky0, forgery_ghash).unwrap();
|
||||
|
||||
Ok(CrackAnswer {
|
||||
tag: BASE64_STANDARD.encode(forgery_auth_tag),
|
||||
H: h_candidate.to_b64(),
|
||||
mask: BASE64_STANDARD.encode(eky0),
|
||||
})
|
||||
}
|
||||
|
|
@ -1,5 +1,6 @@
|
|||
pub mod block2poly;
|
||||
pub mod gcm;
|
||||
pub mod gcm_crack;
|
||||
pub mod gfmul;
|
||||
pub mod pad_oracle;
|
||||
pub mod pfmath;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue