diff options
| -rw-r--r-- | lib/lib2.c | 65 | ||||
| -rw-r--r-- | lib/lib2.h | 3 | ||||
| -rw-r--r-- | set2/Makefile | 6 | ||||
| -rw-r--r-- | set2/task16.c | 48 |
4 files changed, 119 insertions, 3 deletions
@@ -48,6 +48,7 @@ int valid_pkcs7_padding(const char *in, int length_in, char *unpadded, int block return 0; memcpy(unpadded, in, (length_in-padding_length)); + unpadded[length_in-padding_length+1] ='\0'; return 1; } @@ -99,7 +100,6 @@ int aes_cbc(char *in, int length_in, char *out, unsigned char *string_key, char } } } - return 0; } @@ -339,3 +339,66 @@ void send_user(char *encrypted_user, int length) printf("Got user: %s\n", unencrypted_user); parse_key_value(unencrypted_user, strlen(unencrypted_user)); } + + +int challenge16_encrypt(char *input, char **encrypted) +{ + char *prepend = "comment1=cooking\%20MCs;userdata="; + char *append = ";comment2=\%20like\%20a\%20pound\%20of\%20bacon"; + char *unencrypted; + + + char printable_equal[3]; + char printable_semicolon[3]; + int i, count; + int quote_char = 0; + + for(i=0;i<strlen(input);i++) + if(input[i] == ';' || input[i] == '=') + quote_char++; + + // = and ; get %3d and %3b + char *res = malloc(strlen(input-quote_char) + quote_char*3 + + strlen(prepend) + strlen(append)); + + hex_binary_to_string("=", printable_equal, 1); + hex_binary_to_string(";", printable_semicolon, 1); + + + memcpy(res, prepend, strlen(prepend)); + + for (i=0, count = strlen(prepend);i<strlen(input);i++, count++) { + if (input[i] == '=') { + res[count++] = '%'; + res[count++] = printable_equal[0]; + res[count] = printable_equal[1]; + } else if (input[i] == ';') { + res[count++] = '%'; + res[count++] = printable_semicolon[0]; + res[count] = printable_semicolon[1]; + } + else + res[count] = input[i]; + } + + memcpy(&res[strlen(prepend)+strlen(input)+2*quote_char], append, strlen(append)); + res[strlen(prepend)+strlen(input)+strlen(append)+2*quote_char+1] = '\0'; + // padding + unencrypted = pkcs7_padding(res, strlen(res), 16); + printf("%s\n", unencrypted); + *encrypted = malloc(strlen(unencrypted)); + aes_cbc(unencrypted, strlen(unencrypted), *encrypted, key, iv , 1); + return strlen(unencrypted); +} + +void challenge16_decrypt(char *encrypted, int length) +{ + char *unencrypted = malloc(length); + char *unpadd= malloc(length); + + aes_cbc(encrypted, length, unencrypted, key, iv, 0); + // unpadd + valid_pkcs7_padding(unencrypted, length, unpadd, 16); + // look for string ;admin=true; + printf("unencrpyted string: %s\n", unpadd); +} @@ -12,6 +12,7 @@ struct key_value_pair { }; char key[17]; +char iv[17]; char *pkcs7_padding(char *string, int length_string, int blocksize); int aes_cbc(char *in, int length_in, char *out, unsigned char *string_key, char *init_vector, int encrypt); @@ -27,4 +28,6 @@ int crack_aes_ecb(char *text, int length_text, char *plaintext_block, char *key, struct key_value_pair *parse_key_value(char *string, int length_string); char *profile_for(char *email); void send_user(char *encrypted_user, int length); +int challenge16_encrypt(char *input, char **encrypted); +void challenge16_decrypt(char *encrypted, int length); #endif diff --git a/set2/Makefile b/set2/Makefile index a2d66d4..914471a 100644 --- a/set2/Makefile +++ b/set2/Makefile @@ -3,7 +3,7 @@ CC=gcc CFLAGS := -g $(CFLAGS) CLIBS=`pkg-config --cflags --libs libcrypto` -all: task9 task10 task11 task12 task13 task15 +all: task9 task10 task11 task12 task13 task15 task16 task9: $(CC) $(CFLAGS) task9.c $(LIB) $(CLIBS) -o task9 @@ -17,5 +17,7 @@ task13: $(CC) $(CFLAGS) task13.c $(LIB) $(CLIBS) -o task13 task15: $(CC) $(CFLAGS) task15.c $(LIB) $(CLIBS) -o task15 +task16: + $(CC) $(CFLAGS) task16.c $(LIB) $(CLIBS) -o task16 clean: - rm task9 task10 task11 task12 task13 task15 + rm task9 task10 task11 task12 task13 task15 task16 diff --git a/set2/task16.c b/set2/task16.c new file mode 100644 index 0000000..f60205e --- /dev/null +++ b/set2/task16.c @@ -0,0 +1,48 @@ +#include "../lib/lib2.h" +#include "../lib/lib.h" +/** + * produces an identical bit error in the following block + * this means: we can control the whole content of the following + * block, when the counterpart decrpyts it + * If there is a 0 in the second block and we want a 1, then flip + * the bit in the prior block at the same position + * If there is a 0 and we want a null, than do nothing + * For one respectivally. + * + * Since ; and = are escaped we need charecters so that with one flip + * we can get ; and =. + * for ; use : in the plaintext. in the ciphtertext we need to flip the + * last bit of : and the resulting plaintext get ; + * for = we use <. we also need to flip the last bit + * + * so out plaintext we give the orcale function is :admin<true: + * + * + * + */ +int main(int argc, char **argv) +{ + // initialize key + generate_random_bytes(key, 16); + memset(iv, 0, 16); + //generate_random_bytes(iv, 16); + char *encrypted; + // one block of our input + int length = challenge16_encrypt(":admin<true:1234", &encrypted); + + printf("first the unchanged string:\n"); + challenge16_decrypt(encrypted, length); + /** + * change ciphertext here + * we now that our text start a the third block, because the + * challenge16_encrypt function prepends a string + * we need to flip three bits, the 8th bit, 56th bit and the + * 96th bit + */ + encrypted[32-16] ^= 0x01; + encrypted[38-16] ^= 0x01; + encrypted[43-16] ^= 0x01; + + printf("now the changed string:\n"); + challenge16_decrypt(encrypted, length); +} |