diff options
author | siddharth <s@ricketyspace.net> | 2021-10-09 18:53:30 -0400 |
---|---|---|
committer | siddharth <s@ricketyspace.net> | 2021-10-09 18:53:30 -0400 |
commit | 76817030d36bcf4e446e404ac8147c4a7ecd6617 (patch) | |
tree | 355f9e1d1370373455a618cf4f71fd5230d6e9f1 /challenge/c29.go | |
parent | 4c4ee93669148605688cf3f7f2d435fcd75b3369 (diff) |
challenge: do challenge 29
Diffstat (limited to 'challenge/c29.go')
-rw-r--r-- | challenge/c29.go | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/challenge/c29.go b/challenge/c29.go new file mode 100644 index 0000000..4bcc721 --- /dev/null +++ b/challenge/c29.go @@ -0,0 +1,76 @@ +// Copyright © 2021 rsiddharth <s@ricketyspace.net> +// SPDX-License-Identifier: ISC + +package challenge + +import ( + "fmt" + + "ricketyspace.net/cryptopals/lib" +) + +func C29() { + // Original message. + msg := lib.StrToBytes("comment1=cooking%20MCs;userdata=foo;" + + "comment2=%20like%20a%20pound%20of%20bacon") + + // Random secret (unknown to attacker) + sec, err := lib.RandomBytes(int(lib.RandomInt(8, 100))) + if err != nil { + fmt.Printf("Error: unable generate secret\n") + } + + // `m` is the original message. + // `hvs` is the hash values. + // `sl` is the secret key length (guess). + genForgedMsgMac := func(m []byte, hvs []uint32, sl int) ([]byte, []byte) { + mf := make([]byte, len(m)) + copy(mf, m) + mf = append(mf, lib.MDPadding(sl+len(m))...) + mf = append(mf, lib.StrToBytes(";admin=true")...) + + // Generate SHA1 MAC for forged message. + sha1 := lib.Sha1{} + sha1.Init(hvs) + sha1.Message(lib.StrToBytes(";admin=true")) + // Fudge message length to forged message length. + sha1.MsgLen = sl + len(mf) + + return mf, sha1.Hash() + } + + // Returns true if the message is forged. + isForged := func(msg, mac []byte) bool { + sha1 := lib.Sha1{} + sha1.Init([]uint32{}) + if sha1.MacVerify(sec, msg, mac) { + return true + } + return false + } + + // Generate SHA1 MAC of original message and get the hash + // values. + sha1 := lib.Sha1{} + sha1.Init([]uint32{}) + msgHVs := lib.BytesToUint32s(sha1.Mac(sec, msg)) // Hash values. + + // Try to forge message with different secret prefix lengths. + sl := 1 + for { + mf, mac := genForgedMsgMac(msg, msgHVs, sl) + if isForged(mf, mac) { + fmt.Printf("SHA1-MAC successfully forged: %x\n", mac) + fmt.Printf("Forged Message: %s\n", mf) + fmt.Printf("Secret prefix length: %v\n", sl) + break + } + sl += 1 + } + +} + +// Output: +// SHA1-MAC successfully forged: 0cb8bbbaa6090c86a8b7110788d6241b20df7c99 +// Forged Message: comment1=cooking%20MCs;userdata=foo;comment2=%20like%20a%20pound%20of%20baconh;admin=true +// Secret prefix length: 96 |