attack

func CloneMT19937FromOutput ¶

func CloneMT19937FromOutput(output []uint32) *rand.MT19937

CloneMT19937FromOutput takes 624 numbers consecutively output from a 32-bit MT19937 PRNG and returns a new MT19937 PRNG whose internal state is identical to the one that produced the given ouput. It panics if len(output) < 624.

func CrackECBOracleByteAtATime ¶

func CrackECBOracleByteAtATime(maxBlockSize int, oracle EncryptionOracle) ([]byte, error)

CrackECBOracleByteAtATime attempts to decrypt, without knowledge of the key, any data appended immediately after the user input by an encryption oracle using ECB mode, even if the oracle also prepends data to the user input.

Note: There are simpler ways to implement this, but this function aims to perform the attack with as few calls to the oracle as possible.

func DetectECBMode ¶

func DetectECBMode(ciphertext []byte, blockSize int) float64

DetectECBMode returns a number in the range [0, 1] indicating the fraction of ciphertext blocks that are duplicated. A higher score indicates a higher likelihood that the ciphertext was encrypted with ECB. It panics if ciphertext is not a multiple of BlockSize.

func DetectOracleBlockSize ¶

func DetectOracleBlockSize(maxBlockSize int, encrypt EncryptionOracle) (int, error)

TODO: Improve so this will always work for oracles that add other data.

func DetectRepeatingByteXORKey ¶

func DetectRepeatingByteXORKey(ciphertext []byte) (key byte, score float64)

DetectRepeatingByteXORKey returns a single byte and a score representing the most promising (highest scoring) byte that could have been used as a reapeating key in an XOR cipher with the given ciphertext.

func DetectRepeatingXORKey ¶

func DetectRepeatingXORKey(ciphertext []byte, minKeySize, maxKeySize int) (key []byte, score float64)

DetectRepeatingXORKey returns a key and a score representing the most promising (highest scoring) key that could have been used as a reapeating key in an XOR cipher with the given cipher text. It will attempt to detect a key no shorter than minKeySize and no longer than maxKeySize. It panics if minKeySize or maxKeySize are <= 0, if maxKeySize is < minKeySize, or if maxKeySize is > len(ciphertext)/2.

func ExploitTimingLeak ¶

func ExploitTimingLeak(
	ctx context.Context,
	targetValueSize int,
	timeRequest func(ctx context.Context, targetValue []byte) (d time.Duration, valid bool, err error),
	maxConcurrentRequests,
	topCandidateCount,
	topCandidateSampleCount int,
	logf func(format string, a ...any),
) ([]byte, error)

ExploitTimingLeak attempts to recover a value of targetValueSize length via a timing attack. Possible values are tested via calls to timeRequest, which may be made concurrently. The maximum number of concurrent requests is controlled via maxConcurrentRequests.

When attempting to recover a particular byte of the target value, topCandidateCount controls how many of the most promising byte values should be subjected to additional timing before choosing a final candidate. The total number of timings that should be taken for each of those candidates is controlled by topCandidateSampleCount.

An error is returned if timeRequest returns an error or if no valid value is found. Note that not every possible value is necessarily tested.

When not nil, logf is used to log the attack's progress.

It panics if maxConcurrentRequests is less than 1, if topCandidateCount is less than 1 or greater than 256, or if topCandidateSampleCount is less than 1.

func IsOracleECBMode ¶

func IsOracleECBMode(blockSize int, encrypt EncryptionOracle) (bool, error)

IsOracleECBMode detects whether an encryption oracle is using ECB mode.