use end_point::{ Client, Server };
+mod utils;
mod crypto;
mod packet;
mod end_point;
fn do_oracle_attack(address: &str, variant: packet::Variant) {
// 16 bytes encrypted data from 'Packet::random_packet_data([4])'.
- let cipher_block: [u8, ..16] = [254, 9, 228, 149, 60, 42, 165, 34, 233, 75, 112, 57, 37, 9, 116, 103]; // Known by the attacker.
- let xor_operand: [u8, ..16] = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3]; // This is the IV or the previous 16 bytes cipherblock. In our case we took the IV.
+ let cipher_block = [191, 192, 149, 84, 202, 163, 109, 230, 173, 249, 170, 248, 83, 60, 228, 111]; // Known by the attacker.
+ let xor_operand = [213, 29, 217, 187, 93, 103, 76, 129, 233, 142, 98, 83, 69, 50, 97, 91]; // This is the IV or the previous 16 bytes cipherblock. In our case we took the previous block.
+ let expected_plain_block = [242, 93, 12, 22, 8, 164, 4, 77, 200, 120, 189, 71, 75, 189, 2, 2]; // To be found by the attacker.
- let expected_clear_block: [u8, ..16] = [44, 92, 31, 98, 220, 84, 226, 53, 58, 94, 45, 25, 242, 6, 199, 1]; // To be found by the attacker.
+ /* Another sample with an IV instead of a previous block.
+ let cipher_block: [u8, ..16] = [254, 9, 228, 149, 60, 42, 165, 34, 233, 75, 112, 57, 37, 9, 116, 103];
+ let xor_operand: [u8, ..16] = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3]; IV.
+ let expected_plain_block: [u8, ..16] = [44, 92, 31, 98, 220, 84, 226, 53, 58, 94, 45, 25, 242, 6, 199, 1];
+ */
match oracle_machine::decipher(address, PORT, &xor_operand, &cipher_block, variant) {
- Some(ref deciphered) if deciphered.as_slice() == expected_clear_block => {
- println!("The oracle machine has found the clear block!:");
- println!(" Expected block: {}", expected_clear_block.to_vec());
+ Some(ref deciphered) if deciphered.as_slice() == expected_plain_block => {
+ println!("The oracle machine has found the plain block!:");
+ println!(" Expected block: {}", expected_plain_block.to_vec());
println!(" Decrypted block: {}", deciphered)
}
Some(ref other) =>
- println!("The oracle machine hasn't found the clear block: {}", other),
+ println!("The oracle machine hasn't found the plain block: {}", other),
_ =>
- println!("The oracle machine hasn't found the clear block"),
+ println!("The oracle machine hasn't found the plain block"),
}
}
+fn print_usage() {
+ println!(
+ r"{} [genkey | tests | oracle-weak | oracle-fixed]
+ genkey: Generate a 256 bits key
+ tests: launch some tests between a client and a weak server
+ oracle-weak: launch a padding oracle attack against a weak server
+ oracle-fixed: launch a padding oracle attack against a fixed server",
+ os::args()[0]
+ );
+}
+
enum Mode {
Help,
ServerAlone,
let args = os::args();
if args.iter().any(|a| a.as_slice() == "--help" || a.as_slice() == "-h") {
- return Help
+ return Mode::Help
}
if args.len() <= 1 {
- ServerAlone
+ Mode::ServerAlone
} else {
match args[1].as_slice() {
- "genkey" => GenKey,
- "tests" => Tests,
- "oracle-weak" => OracleWeak,
- "oracle-fixed" => OracleFixed,
- _ => ServerAlone,
+ "genkey" => Mode::GenKey,
+ "tests" => Mode::Tests,
+ "oracle-weak" => Mode::OracleWeak,
+ "oracle-fixed" => Mode::OracleFixed,
+ _ => Mode::ServerAlone,
}
}
}
-fn print_usage() {
- println!(
- r"{} [genkey | tests | oracle-weak | oracle-fixed]
- genkey: Generate a 256 bits key
- tests: launch some tests between a client and a weak server
- oracle-weak: launch a padding oracle attack against a weak server
- oracle-fixed: launch a padding oracle attack against a fixed server",
- os::args()[0]
- );
-}
-
fn main() {
let mode = mode();
match mode {
- Help => print_usage(),
- GenKey =>
+ Mode::Help => print_usage(),
+ Mode::GenKey =>
match crypto::generate_key(256 / 8) {
Ok(key) => println!("key: {}", key),
Err(e) => println!("Unable to generate a key. Error: {}", e)
let address = "::1";
println!("Starting server on [{}]:{}...", address, PORT);
- match Server::new(address, PORT, match mode { OracleFixed => packet::Fixed, _ => packet::Weak }) {
+ match Server::new(address, PORT, match mode { Mode::OracleFixed => packet::Variant::Fixed, _ => packet::Variant::Weak }) {
Ok(mut server) => {
println!("Server started");
match mode {
- Tests => Client::start_tests(address, PORT, packet::Weak),
- OracleWeak => do_oracle_attack(address, packet::Weak),
- OracleFixed => do_oracle_attack(address, packet::Fixed),
+ Mode::Tests => Client::start_tests(address, PORT, packet::Variant::Weak),
+ Mode::OracleWeak => do_oracle_attack(address, packet::Variant::Weak),
+ Mode::OracleFixed => do_oracle_attack(address, packet::Variant::Fixed),
_ => {
println!("Press any key to quit");
io::stdin().read_line().ok().expect("Failed to read line");