Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/arvindpj007/aes-ctr-padding-attack

Golang programs for AES-CTR mode encryption with 2 different hashing algorithm and Padding Oracle attack on AES-CTR mode.
https://github.com/arvindpj007/aes-ctr-padding-attack

aes-128 aes-ctr aes-decryption aes-encryption checksum crc32 cryptanalysis ctr-mode golang-programs padding-oracle-attacks

Last synced: 12 days ago
JSON representation

Golang programs for AES-CTR mode encryption with 2 different hashing algorithm and Padding Oracle attack on AES-CTR mode.

Awesome Lists containing this project

README 

          
# AES CTR Padding Attack



## Golang programs for Padding Oracle attack on AES-CTR mode that uses checksum



1. `encrypt-auth-chk` contains `main.go` program to perform AES encryption in CTR mode with HMAC. Here the AES function is used from the standard package, but the CTR mode encryption and checksum calculations are performed in program. 



    The checksum works as follows: 



    On input a message M, first parse M into a sequence of octets M1, . . . , Mn. Then checksum 

    

    T = sum(M_i mod 256) for i= 1 to n

    

    To build the binary, the following command can be performed:

            

        go build

    The encryption/decryption can be performed with the following command:



        ./encrypt  -k <16-byte key in hexadecimal> -i  -o 

    mode = `encrypt` or `decrypt`



2. `decrypt-test-chk` contains `main.go` program that works like the oracle. The program `./decrypt-test-chk` that has the key K hardcoded into it. It performs decryption of the provided cipher text and it will not return the decrypted ciphertext, but instead only a single one of the following three response messages:

    1. “SUCCESS”

    3. “INVALID MAC”



    The command-line profile for decrypt-test will be as follows:



        ./decrypt-test-chk -i 



3. `decrypt-attack-chk` contains `main.go` program that performs the padding oracle attack. The program takes a cipher text as the input programmatically decrypts and returns the plain text of any ciphertext produced by your encryption utility from `encrypt-auth-chk` with the help of `./decrypt-test-chk`. It will not have access to a decrypt-key. The command-line profile for decrypt-test will be as follows:



        ./decrypt-attack-chk -i 



## Golang programs for Padding Oracle attack on AES-CTR mode that uses CRC32



1. `encrypt-auth-crc` contains `main.go` program to perform AES encryption in CTR mode with HMAC. Here the AES and CRC32 function is used from the standard package, but the CTR mode encryption calculation is performed in program. 



    To build the binary, the following command can be performed:

            

        go build

    The encryption/decryption can be performed with the following command:



        ./encrypt  -k <16-byte key in hexadecimal> -i  -o 

    mode = `encrypt` or `decrypt`



2. `decrypt-test-crc` contains `main.go` program that works like the oracle. The program `./decrypt-test-crc` that has the key K hardcoded into it. It performs decryption of the provided cipher text and it will not return the decrypted ciphertext, but instead only a single one of the following three response messages:

    1. “SUCCESS”

    3. “INVALID MAC”



    The command-line profile for decrypt-test will be as follows:



        ./decrypt-test-crc -i 



3. `decrypt-attack-crc` contains `main.go` program that performs the padding oracle attack. The program takes a cipher text as the input programmatically decrypts and returns the plain text of any ciphertext produced by your encryption utility from `encrypt-auth-crc` with the help of `./decrypt-test-crc`. It will not have access to a decrypt-key. The command-line profile for decrypt-test will be as follows:



        ./decrypt-attack-crc -i