class CryptoToolbox::Oracles::CbcMutatingEncryptionOracle
Attributes
prefix[R]
suffix[R]
Public Class Methods
new(key = SecureRandom.random_bytes(16) )
click to toggle source
# File lib/crypto-toolbox/oracles/cbc_mutating_encryption_oracle.rb, line 7 def initialize(key = SecureRandom.random_bytes(16) ) @key = key @prefix = "comment1=cooking%20MCs;userdata=" @suffix = ";comment2=%20like%20a%20pound%20of%20bacon" @iv = SecureRandom.random_bytes(16) end
Public Instance Methods
encrypted_message_for(user)
click to toggle source
# File lib/crypto-toolbox/oracles/cbc_mutating_encryption_oracle.rb, line 27 def encrypted_message_for(user) Ciphers::Aes.new.encipher_cbc(@key,message_for(user),iv: @iv) end
is_admin?(ciphertext)
click to toggle source
# File lib/crypto-toolbox/oracles/cbc_mutating_encryption_oracle.rb, line 31 def is_admin?(ciphertext) data = decrypt_message(ciphertext) data.has_key?(:admin) && data[:admin] == "true" end
message_for(user)
click to toggle source
make sure this attack is not possible
fake_user="admin=true;admin=true;" ciphertext = oracle.encrypted_message_for(fake_user) oracle.is_admin?(ciphertext)
# File lib/crypto-toolbox/oracles/cbc_mutating_encryption_oracle.rb, line 18 def message_for(user) user.gsub!(/[;=]/,"") # sanitize meta chars @prefix + user + @suffix end
parse_message(string)
click to toggle source
# File lib/crypto-toolbox/oracles/cbc_mutating_encryption_oracle.rb, line 23 def parse_message(string) string.split(";").each_with_object({}){|pair,hsh| k,v = pair.split("="); hsh[k.to_sym] = v } end
Private Instance Methods
decrypt_message(ciphertext)
click to toggle source
# File lib/crypto-toolbox/oracles/cbc_mutating_encryption_oracle.rb, line 37 def decrypt_message(ciphertext) plaintext = Ciphers::Aes.new.decipher_cbc(@key,ciphertext,iv: @iv).to_crypt_buffer.strip_padding.str parse_message(plaintext) end