diff options
author | Jesse Luehrs <doy@tozt.net> | 2015-03-27 00:16:51 -0400 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2015-03-27 00:16:51 -0400 |
commit | f0af2c1b75c366b228925a8b88cf3bf19066dc41 (patch) | |
tree | f86c4fb0cf696db2e411ef95e591b3a543d0d309 /src/aes.rs | |
parent | b466bae50a91da358f9e4264d312fb836c7cd829 (diff) | |
download | matasano-f0af2c1b75c366b228925a8b88cf3bf19066dc41.tar.gz matasano-f0af2c1b75c366b228925a8b88cf3bf19066dc41.zip |
make the decrypt primitives return options based on valid padding
Diffstat (limited to 'src/aes.rs')
-rw-r--r-- | src/aes.rs | 18 |
1 files changed, 10 insertions, 8 deletions
@@ -12,21 +12,23 @@ pub enum BlockCipherMode { CBC, } -pub fn decrypt_aes_128_ecb (bytes: &[u8], key: &[u8]) -> Vec<u8> { - return openssl::crypto::symm::decrypt( +pub fn decrypt_aes_128_ecb (bytes: &[u8], key: &[u8]) -> Option<Vec<u8>> { + // openssl already doesn't return differentiable results for invalid + // padding, so we can't either + return Some(openssl::crypto::symm::decrypt( openssl::crypto::symm::Type::AES_128_ECB, key, vec![], bytes - ) + )); } -pub fn decrypt_aes_128_cbc (bytes: &[u8], key: &[u8], iv: &[u8]) -> Vec<u8> { +pub fn decrypt_aes_128_cbc (bytes: &[u8], key: &[u8], iv: &[u8]) -> Option<Vec<u8>> { let mut prev = iv.clone(); let mut plaintext = vec![]; for block in bytes.chunks(16) { let plaintext_block = fixed_xor( - &decrypt_aes_128_ecb(&pad_pkcs7(block, 16)[..], key)[..], + &decrypt_aes_128_ecb(&pad_pkcs7(block, 16)[..], key).unwrap()[..], prev ); for c in plaintext_block { @@ -34,7 +36,7 @@ pub fn decrypt_aes_128_cbc (bytes: &[u8], key: &[u8], iv: &[u8]) -> Vec<u8> { } prev = block.clone(); } - return unpad_pkcs7(&plaintext[..]).expect("invalid padding").to_vec(); + return unpad_pkcs7(&plaintext[..]).map(|v| v.to_vec()); } pub fn encrypt_aes_128_ecb (bytes: &[u8], key: &[u8]) -> Vec<u8> { @@ -318,8 +320,8 @@ fn test_encrypt_decrypt () { let ciphertext_ecb = encrypt_aes_128_ecb(&plaintext[..], &key[..]); let ciphertext_cbc = encrypt_aes_128_cbc(&plaintext[..], &key[..], &iv[..]); - let plaintext2_ecb = decrypt_aes_128_ecb(&ciphertext_ecb[..], &key[..]); - let plaintext2_cbc = decrypt_aes_128_cbc(&ciphertext_cbc[..], &key[..], &iv[..]); + let plaintext2_ecb = decrypt_aes_128_ecb(&ciphertext_ecb[..], &key[..]).unwrap(); + let plaintext2_cbc = decrypt_aes_128_cbc(&ciphertext_cbc[..], &key[..], &iv[..]).unwrap(); let ciphertext2_ecb = encrypt_aes_128_ecb(&plaintext2_ecb[..], &key[..]); let ciphertext2_cbc = encrypt_aes_128_cbc(&plaintext2_cbc[..], &key[..], &iv[..]); |