Class: CryptoToolbox::Oracles::CbcMutatingEncryptionOracle

Inherits:

Object

• Object
• CryptoToolbox::Oracles::CbcMutatingEncryptionOracle

Defined in:

lib/crypto-toolbox/oracles/cbc_mutating_encryption_oracle.rb

Instance Attribute Summary

• #prefix ⇒ Object readonly

  Returns the value of attribute prefix.

• #suffix ⇒ Object readonly

  Returns the value of attribute suffix.

Instance Method Summary

• #encrypted_message_for(user) ⇒ Object
• #initialize(key = SecureRandom.random_bytes(16)) ⇒ CbcMutatingEncryptionOracle constructor

  A new instance of CbcMutatingEncryptionOracle.

• #is_admin?(ciphertext) ⇒ Boolean
• #message_for(user) ⇒ Object

  make sure this attack is not possible fake_user=“admin=true;admin=true;” ciphertext = oracle.encrypted_message_for(fake_user) oracle.is_admin?(ciphertext).

• #parse_message(string) ⇒ Object

Constructor Details

#initialize(key = SecureRandom.random_bytes(16)) ⇒ CbcMutatingEncryptionOracle

Returns a new instance of CbcMutatingEncryptionOracle.

# File 'lib/crypto-toolbox/oracles/cbc_mutating_encryption_oracle.rb', line 7

def initialize(key = SecureRandom.random_bytes(16) )
  @key     = key
  @prefix  = "comment1=cooking%20MCs;userdata="
  @suffix  = ";comment2=%20like%20a%20pound%20of%20bacon"
  @iv      = SecureRandom.random_bytes(16)
end

Instance Attribute Details

#prefix ⇒ Object (readonly)

Returns the value of attribute prefix.

# File 'lib/crypto-toolbox/oracles/cbc_mutating_encryption_oracle.rb', line 4

def prefix
  @prefix
end

#suffix ⇒ Object (readonly)

Returns the value of attribute suffix.

# File 'lib/crypto-toolbox/oracles/cbc_mutating_encryption_oracle.rb', line 4

def suffix
  @suffix
end

Instance Method Details

#encrypted_message_for(user) ⇒ Object

# File 'lib/crypto-toolbox/oracles/cbc_mutating_encryption_oracle.rb', line 27

def encrypted_message_for(user)
  Ciphers::Aes.new.encipher_cbc(@key,message_for(user),iv: @iv)
end

#is_admin?(ciphertext) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/crypto-toolbox/oracles/cbc_mutating_encryption_oracle.rb', line 31

def is_admin?(ciphertext)
  data = decrypt_message(ciphertext)
  data.has_key?(:admin) && data[:admin] == "true"
end

#message_for(user) ⇒ Object

make sure this attack is not possible fake_user=“admin=true;admin=true;” ciphertext = oracle.encrypted_message_for(fake_user) oracle.is_admin?(ciphertext)

# File 'lib/crypto-toolbox/oracles/cbc_mutating_encryption_oracle.rb', line 18

def message_for(user)
  user.gsub!(/[;=]/,"") # sanitize meta chars
  @prefix + user + @suffix
end

#parse_message(string) ⇒ Object

# File 'lib/crypto-toolbox/oracles/cbc_mutating_encryption_oracle.rb', line 23

def parse_message(string)
  string.split(";").each_with_object({}){|pair,hsh| k,v = pair.split("="); hsh[k.to_sym] = v }
end