From 70cd550be6f30ba9c67abd7235377e9496cb290f Mon Sep 17 00:00:00 2001
From: Jesse Luehrs <doy@tozt.net>
Date: Tue, 9 Apr 2019 04:40:00 -0400
Subject: add a web server that's weak to timing attacks

---
 src/bin/timing_attack.rs | 61 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 src/bin/timing_attack.rs

(limited to 'src')

diff --git a/src/bin/timing_attack.rs b/src/bin/timing_attack.rs
new file mode 100644
index 0000000..ffcfac9
--- /dev/null
+++ b/src/bin/timing_attack.rs
@@ -0,0 +1,61 @@
+use rand::RngCore;
+use serde_derive::Deserialize;
+
+#[derive(Deserialize)]
+struct Info {
+    file: String,
+    signature: String,
+}
+
+fn gen_key() -> Vec<u8> {
+    let mut key = [0u8; 80];
+    rand::thread_rng().fill_bytes(&mut key);
+    key.to_vec()
+}
+
+fn insecure_compare(a: &[u8], b: &[u8]) -> bool {
+    if a.len() != b.len() {
+        return false;
+    }
+
+    for i in 0..a.len() {
+        if a[i] != b[i] {
+            return false;
+        }
+        std::thread::sleep(std::time::Duration::from_millis(50));
+    }
+
+    true
+}
+
+fn index(info: actix_web::Query<Info>, key: &[u8]) -> String {
+    let hmac = matasano::sha1_hmac(&info.file.clone().into_bytes(), key);
+    if insecure_compare(
+        &hex::decode(info.signature.clone()).unwrap(),
+        &hmac[..],
+    ) {
+        "true".to_string()
+    } else {
+        "false".to_string()
+    }
+}
+
+fn main() {
+    let sys = actix::System::new("timing_attack");
+
+    let key = gen_key();
+    println!("{}", hex::encode(&key));
+
+    actix_web::server::HttpServer::new(move || {
+        let key = key.clone();
+        actix_web::App::new().resource("/", |r| {
+            r.method(actix_web::http::Method::GET)
+                .with(move |info: actix_web::Query<Info>| index(info, &key))
+        })
+    })
+    .bind("127.0.0.1:9000")
+    .unwrap()
+    .start();
+
+    let _ = sys.run();
+}
-- 
cgit v1.2.3-54-g00ecf