diff options
| author | Jesse Luehrs <doy@tozt.net> | 2019-04-09 04:51:56 -0400 |
|---|---|---|
| committer | Jesse Luehrs <doy@tozt.net> | 2019-04-09 04:51:56 -0400 |
| commit | a2f948d53fc22c3d6dd724adfee8ceb685179784 (patch) | |
| tree | e88e96ad28e68a53e15dc1eb9766738f68a019d0 | |
| parent | 70cd550be6f30ba9c67abd7235377e9496cb290f (diff) | |
| download | matasano-a2f948d53fc22c3d6dd724adfee8ceb685179784.tar.gz matasano-a2f948d53fc22c3d6dd724adfee8ceb685179784.zip | |
use http response codes
| -rw-r--r-- | src/bin/timing_attack.rs | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/bin/timing_attack.rs b/src/bin/timing_attack.rs index ffcfac9..ac9c895 100644 --- a/src/bin/timing_attack.rs +++ b/src/bin/timing_attack.rs @@ -28,15 +28,19 @@ fn insecure_compare(a: &[u8], b: &[u8]) -> bool { true } -fn index(info: actix_web::Query<Info>, key: &[u8]) -> String { +fn index( + info: actix_web::Query<Info>, + key: &[u8], +) -> actix_web::Result<String> { let hmac = matasano::sha1_hmac(&info.file.clone().into_bytes(), key); + println!("hmac for {} is {}", info.file, hex::encode(hmac)); if insecure_compare( &hex::decode(info.signature.clone()).unwrap(), &hmac[..], ) { - "true".to_string() + Ok("ok".to_string()) } else { - "false".to_string() + Err(actix_web::error::ErrorBadRequest("hmac failed")) } } @@ -50,7 +54,7 @@ fn main() { let key = key.clone(); actix_web::App::new().resource("/", |r| { r.method(actix_web::http::Method::GET) - .with(move |info: actix_web::Query<Info>| index(info, &key)) + .with(move |info| index(info, &key)) }) }) .bind("127.0.0.1:9000") |