diff options
| author | Jesse Luehrs <doy@tozt.net> | 2019-04-11 00:13:16 -0400 |
|---|---|---|
| committer | Jesse Luehrs <doy@tozt.net> | 2019-04-11 00:21:39 -0400 |
| commit | c48a2b579673d4f4034bb7275165b72077e60fbd (patch) | |
| tree | c40c6c58f90ba7aef0d844c10c02d01679815697 | |
| parent | 47f666beb8c88408af55bf832fe507f959d34374 (diff) | |
| download | matasano-c48a2b579673d4f4034bb7275165b72077e60fbd.tar.gz matasano-c48a2b579673d4f4034bb7275165b72077e60fbd.zip | |
make the amount of delay variable
| -rw-r--r-- | src/bin/timing_attack.rs | 13 | ||||
| -rw-r--r-- | tests/set4.rs | 1 |
2 files changed, 10 insertions, 4 deletions
diff --git a/src/bin/timing_attack.rs b/src/bin/timing_attack.rs index b9f9b7f..e6137dd 100644 --- a/src/bin/timing_attack.rs +++ b/src/bin/timing_attack.rs @@ -13,7 +13,7 @@ fn gen_key() -> Vec<u8> { key.to_vec() } -fn insecure_compare(a: &[u8], b: &[u8]) -> bool { +fn insecure_compare(a: &[u8], b: &[u8], delay: u64) -> bool { if a.len() != b.len() { return false; } @@ -22,7 +22,7 @@ fn insecure_compare(a: &[u8], b: &[u8]) -> bool { if a[i] != b[i] { return false; } - std::thread::sleep(std::time::Duration::from_millis(50)); + std::thread::sleep(std::time::Duration::from_millis(delay)); } true @@ -31,11 +31,13 @@ fn insecure_compare(a: &[u8], b: &[u8]) -> bool { fn index( info: actix_web::Query<Info>, key: &[u8], + delay: u64, ) -> actix_web::Result<String> { let hmac = matasano::sha1_hmac(&info.file.clone().into_bytes(), key); if insecure_compare( &hex::decode(info.signature.clone()).unwrap(), &hmac[..], + delay, ) { Ok("ok".to_string()) } else { @@ -49,11 +51,14 @@ fn main() { let key = gen_key(); println!("{}", hex::encode(&key)); + let delay: u64 = std::env::args().nth(1).unwrap().parse().unwrap(); + actix_web::server::HttpServer::new(move || { let key = key.clone(); - actix_web::App::new().resource("/", |r| { + let delay = delay.clone(); + actix_web::App::new().resource("/", move |r| { r.method(actix_web::http::Method::GET) - .with(move |info| index(info, &key)) + .with(move |info| index(info, &key, delay)) }) }) .bind("127.0.0.1:9000") diff --git a/tests/set4.rs b/tests/set4.rs index ebcbd76..5095b6a 100644 --- a/tests/set4.rs +++ b/tests/set4.rs @@ -197,6 +197,7 @@ fn problem_31() { let (kill_w, kill_r) = std::sync::mpsc::channel(); std::thread::spawn(move || { let mut child = std::process::Command::new(server_bin) + .args(&["50"]) .stdout(std::process::Stdio::piped()) .spawn() .unwrap(); |