-
Notifications
You must be signed in to change notification settings - Fork 0
/
challenge25.ts
50 lines (46 loc) · 1.71 KB
/
challenge25.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
import {aes128CtrDecrypt, aes128CtrEncrypt} from '../set3/challenge18';
import {BitArray} from '../set1/challenge1';
import {XORBitArrays} from '../set1/challenge2';
export interface Aes128CtrEditOracle {
/**
* Re-encrypt decrypted plaintext modified at offset with edit
* @param ciphertext ciphertext
* @param offset offset in the plaintext
* @param edit change to be made
*/
edit(ciphertext: Buffer, offset: number, edit: Buffer): Buffer;
}
export function initAes128CtrEditOracle(key: Buffer, nonce: Buffer): Aes128CtrEditOracle {
function aes128CtrEdit(ciphertext: Buffer, offset: number, edit: Buffer): Buffer {
if (offset < 0 || offset > ciphertext.length) {
throw Error(`Invalid offset`);
}
const plaintext = aes128CtrDecrypt(ciphertext, key, nonce);
edit.copy(plaintext, offset, 0, edit.length);
return aes128CtrEncrypt(plaintext, key, nonce);
}
return {
edit: aes128CtrEdit
}
}
/**
* Recover plaintext using 'edit oracle'
*
* in AES CTR mode:
* ciphertext = plaintext XOR AES_128_ECB(keystream, key)
* encrypted_zeros = zeros XOR AES_128_ECB(keystream, key)
*
* ciphertext XOR encrypted_zeros = plaintext XOR AES_128_ECB(keystream, key) XOR zeros XOR AES_128_ECB(keystream, key)
* = plaintext XOR zeros = plaintext
*
* @param ciphertext
* @param oracle
*/
export function recoverPlaintextUsingAesCtrEditOracle(
ciphertext: Buffer,
oracle: Aes128CtrEditOracle
): Buffer {
const zeros = Buffer.alloc(ciphertext.length).fill(0x0);
const encryptedZeros = oracle.edit(ciphertext, 0, zeros);
return BitArray.toBuffer(XORBitArrays(BitArray.fromBuffer(ciphertext), BitArray.fromBuffer(encryptedZeros)));
}