-
Notifications
You must be signed in to change notification settings - Fork 7
/
kciattacks.go
47 lines (32 loc) · 1.23 KB
/
kciattacks.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
package dhpals
import (
"crypto/rand"
"fmt"
"math/big"
"github.com/dnkolegov/dhpals/dhgroup"
)
func runKCIAttack() ([]byte, error) {
var dhGroup, _ = dhgroup.GroupForGroupID(dhgroup.ModP2048)
static, _ := dhGroup.GenerateKey(rand.Reader)
ephemeral, _ := dhGroup.GenerateKey(rand.Reader)
kem := dhkemScheme{group: dhGroup}
discovery, handshake, transport, isKeyCorrect, getPrivate := newToxOracle(dhgroup.ModP2048)
_, err := discovery("Alice", "set", static.Public.Bytes())
peerPublicStatic, err := discovery("Bob", "get", nil)
if err != nil {
panic("unknown receiver")
}
ct := kem.Encap(static.Private, new(big.Int).SetBytes(peerPublicStatic), ephemeral.Public.Bytes())
payload, _ := handshake("Alice", ct)
peerPublicEphemeral := kem.Decap(static.Private, new(big.Int).SetBytes(peerPublicStatic), payload)
key := new(big.Int).Exp(new(big.Int).SetBytes(peerPublicEphemeral), ephemeral.Private, dhGroup.DHParams().P).Bytes()
if !isKeyCorrect(key) {
panic("wrong shared key in KCI KEM")
}
// Suppose we have performed a cool attack and found Bob's private key.
// Go ahead and impersonate Alice.
secret := getPrivate()
fmt.Println("Found private key:", secret)
panic("not implemented")
return transport("Alice", payload)
}