problem 30

author: Jesse Luehrs <doy@tozt.net> 2015-05-14 16:33:47 -0400
committer: Jesse Luehrs <doy@tozt.net> 2015-05-14 16:33:47 -0400
commit: 0cf3044d1262610680790f3353c97a59968aafdc (patch)
tree: 9438bf337e5cc1cc4d54597f33a7033a194e8c32
parent: 514c5542652b447857223ab645ee0b3c5260d374 (diff)
download: matasano-0cf3044d1262610680790f3353c97a59968aafdc.tar.gz
matasano-0cf3044d1262610680790f3353c97a59968aafdc.zip
3 files changed, 45 insertions, 0 deletions
diff --git a/src/crack.rs b/src/crack.rs
index a05155f..acc059b 100644
--- a/src/crack.rs
+++ b/src/crack.rs
@@ -496,6 +496,28 @@ pub fn crack_sha1_mac_length_extension (input: &[u8], mac: [u8; 20], extension:
     }).collect()
 }
 
+pub fn crack_md4_mac_length_extension (input: &[u8], mac: [u8; 16], extension: &[u8]) -> Vec<(Vec<u8>, [u8; 16])> {
+    let mut md4_state: [u32; 4] = unsafe { ::std::mem::transmute(mac) };
+    for word in md4_state.iter_mut() {
+        *word = u32::from_le(*word);
+    }
+
+    (0..100).map(|i| {
+        let new_input: Vec<u8> = input
+            .iter()
+            .chain(::md4::md4_padding(i + input.len() as u64).iter())
+            .chain(extension.iter())
+            .map(|x| *x)
+            .collect();
+        let new_hash = ::md4::md4_with_state(
+            extension,
+            md4_state,
+            i + new_input.len() as u64
+        );
+        (new_input, new_hash)
+    }).collect()
+}
+
 fn crack_single_byte_xor_with_confidence (input: &[u8]) -> (u8, f64) {
     let mut min_diff = 100.0;
     let mut best_key = 0;
diff --git a/src/lib.rs b/src/lib.rs
index ec1dc61..b659d01 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -58,3 +58,4 @@ pub use crack::crack_aes_128_ctr_random_access;
 pub use crack::crack_ctr_bitflipping;
 pub use crack::crack_cbc_iv_key;
 pub use crack::crack_sha1_mac_length_extension;
+pub use crack::crack_md4_mac_length_extension;
diff --git a/tests/set4.rs b/tests/set4.rs
index 1d31a85..d6fbeb5 100644
--- a/tests/set4.rs
+++ b/tests/set4.rs
@@ -155,3 +155,25 @@ fn problem_29 () {
         })
     );
 }
+
+#[test]
+fn problem_30 () {
+    let key: Vec<u8> = ::rand::thread_rng()
+        .gen_iter()
+        .take(::rand::thread_rng().gen_range(5, 25))
+        .collect();
+
+    let valid_input = b"comment1=cooking%20MCs;userdata=foo;comment2=%20like%20a%20pound%20of%20bacon";
+    let valid_mac = matasano::md4_mac(valid_input, &key[..]);
+    let possibles = matasano::crack_md4_mac_length_extension(valid_input, valid_mac, b";admin=true");
+    assert!(
+        possibles.iter().all(|&(ref input, _)| {
+            input.ends_with(b";admin=true")
+        })
+    );
+    assert!(
+        possibles.iter().any(|&(ref input, ref mac)| {
+            &matasano::md4_mac(&input[..], &key[..])[..] == &mac[..]
+        })
+    );
+}
author	Jesse Luehrs <doy@tozt.net>	2015-05-14 16:33:47 -0400
committer	Jesse Luehrs <doy@tozt.net>	2015-05-14 16:33:47 -0400
commit	0cf3044d1262610680790f3353c97a59968aafdc (patch)
tree	9438bf337e5cc1cc4d54597f33a7033a194e8c32
parent	514c5542652b447857223ab645ee0b3c5260d374 (diff)
download	matasano-0cf3044d1262610680790f3353c97a59968aafdc.tar.gz matasano-0cf3044d1262610680790f3353c97a59968aafdc.zip