From dc8d7dbabaf6253e8dbf7e07f5cf86009b7795c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arve=20Nyg=C3=A5rd?= Date: Tue, 2 Jun 2015 16:35:18 -0700 Subject: [PATCH] remove rsa-server and attacker executables since we are doing this in python --- CMakeLists.txt | 2 - src/attacker/attacker.cpp | 215 -------------------------------------- src/attacker/attacker.h | 69 ------------ src/rsa-server.cpp | 127 ---------------------- 4 files changed, 413 deletions(-) delete mode 100644 src/attacker/attacker.cpp delete mode 100644 src/attacker/attacker.h delete mode 100644 src/rsa-server.cpp diff --git a/CMakeLists.txt b/CMakeLists.txt index 8dfda3c..fbbf8bf 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -4,6 +4,4 @@ SET(CMAKE_BUILD_TYPE Release) SET(PROJECT_SOURCE_DIR src) SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11") # for gcc >= 4.7 INCLUDE_DIRECTORIES(BEFORE ${PROJECT_SOURCE_DIR}/lib) -ADD_EXECUTABLE(rsa-server src/rsa.cpp src/rsa-server.cpp) -ADD_EXECUTABLE(attacker src/attacker/attacker.cpp src/rsa.cpp) ADD_EXECUTABLE(csv src/csv.cpp src/rsa.cpp) diff --git a/src/attacker/attacker.cpp b/src/attacker/attacker.cpp deleted file mode 100644 index 54d2e47..0000000 --- a/src/attacker/attacker.cpp +++ /dev/null @@ -1,215 +0,0 @@ -#include "attacker.h" - - -int main(int argc, char *argv[]){ - // Print usage - if (argc != 7) { - printf("Usage: ./attacker \n"); - exit(1); - } - - Attacker a = Attacker(argv[1], atoi(argv[2])); - a.public_e = argv[3]; - a.public_n = argv[4]; - a.messages_per_bit = argv[5]; - a.derived_exponent = argv[6]; - printf("Attacking server %s:%s. Using public exponent %s and modulus %s\n", argv[1], argv[2], argv[3], argv[4]); - printf("So far, we have derived the exponent up to %d\n", atoi(argv[6])); - a.perform_attack(); - return 0; -} - -/* - * Performs a timing attack on the server - */ -void Attacker::perform_attack(){ - if(!key_found()){ - attack_next_bit(); - } - else { - std::cout << "We found the key! It's: " << derived_exponent << std::endl; -// printf("We found the key! It's %d!\n", derived_exponent); - } -} - - -bool Attacker::key_found() { - num test = Rsa::ModExp(12345, derived_exponent, public_n); - num actual = sign_message(12345).response; - return test == actual; -} - -/* - * Ask the server to sign @message, recording the time spent by the server. - */ -TimedResponse Attacker::sign_message(const std::string &message){ - // Record start and end time in nanoseconds. - std::chrono::time_point > > start, end; - TimedResponse result; - result.message = message; - ssize_t n; - char response[255]; - // Send mesage! - start = std::chrono::system_clock::now(); - sendto(sock,message.c_str(),message.size(), 0, (struct sockaddr *)&server_addr,sizeof(server_addr)); - // Receive response! - n = recv(sock,response,255,0); - end = std::chrono::system_clock::now(); - response[n] = 0; // Null terminate received string - result.response = response; - result.duration = std::chrono::duration_cast(end - start); - return result; -} - -TimedResponse Attacker::sign_message(const num &message){ - std::stringstream StrStream; - StrStream << message; - return sign_message(StrStream.str()); -} - -/* - * Simulates Montgomery Modular exponentiation. Returns whether the MonPro calculation involved a - * subtraction or not, on the last bit. - */ -bool Attacker::ModExpBoolean(const num &M, const num &d, const num &n){ - if (n%2 != 1) { - std::cout << "Warning! Exponentiation failed. Modulus must be odd!" << std::endl; - return false; - } - bool step4 = false, _ = false; - num r, nprime; - Rsa::nPrime(n, r, nprime); - num M_bar = (M * r) % n; - num x_bar = r%n; - - long k = Rsa::numBits(d) - 1; // Loop over bit indices. [0, k-1] - for (; k >= 0 ; k--) { - x_bar = MontgomeryProduct(x_bar, x_bar, nprime, r, n, _); - if (d.GetBit(k) == 1){ - x_bar = MontgomeryProduct(M_bar, x_bar, nprime, r, n, _); - if (k == 0) { - step4 = _; - } - } - } - return step4; -} - -num Attacker::MontgomeryProduct(const num &a, const num &b, const num &nprime, const num &r, const num &n, bool &step4){ - num t = a * b; - num m = t * nprime % r; - num u = (t + m*n)/r; - if(u >=n) { - step4 = true; - return u-n; - } - else { - step4 = false; - return u; - } -} - - -TimedResponse sign_message2(const std::string &message){ - int sock; - int server_addr; - // Record start and end time in nanoseconds. - std::chrono::time_point > > start, end; - TimedResponse result; - result.message = message; - ssize_t n; - char response[255]; - // Send mesage! - start = std::chrono::system_clock::now(); - sendto(sock,message.c_str(),message.size(), 0, (struct sockaddr *)&server_addr,sizeof(server_addr)); - // Receive response! - n = recv(sock,response,255,0); - end = std::chrono::system_clock::now(); - response[n] = 0; // Null terminate received string - result.response = response; - result.duration = std::chrono::duration_cast(end - start); - return result; -} - -/* -* Divide messages into two list. -*/ -void Attacker::attack_next_bit() { - //The two sets - std::vector set_true; - std::vector set_false; - std::vector trueResponses; - std::vector falseResponses; - - //Simulate messages - num guess = (derived_exponent << 1) + 1; // Guess that the next bit is 1. - std::cout << "current guess: " << guess << std::endl; - std::cout << "simulating exponentiation of " << messages_per_bit << "messages - dividing messages into two sets." << std::endl; - for( num i = 0; i < messages_per_bit; i++ ) { - num random_message(rand()) ; - bool v = ModExpBoolean(random_message, guess, public_n); - if(v){ - set_true.push_back(random_message); - } - else{ - set_false.push_back(random_message); - } - } - - /* - * Calculate mean time for each set - */ - std::cout<<"Requsting signatures from server...\n"; - long long tTrue = 0,tFalse = 0; - for(num message: set_true){ - TimedResponse t = sign_message(message); - tTrue += t.duration.count(); - trueResponses.push_back(t); - } - - for( num message: set_false){ - TimedResponse t = sign_message(message); - tFalse+=t.duration.count(); - falseResponses.push_back(t); - } - tTrue /= set_true.size(); - tFalse /= set_false.size(); - - /* At this point we should decide whether we guessed correctly or not. - * If the bit was indeed 1, set derived_exponent = guess. - * Otherwise, set derived_exponent = guess-1. - */ - - printf("Average time true set: \t\t%lld ns.\n", tTrue); - printf("Average time false set: \t%lld ns. \n", tFalse); - printf("Ratio True/False time: \t\t%f\n", (tTrue*1.0)/tFalse); - - // Save the results as a CSV table, so we can graph it using R - std::stringstream filename; - filename << guess << ".csv"; - saveCSV(filename.str(), trueResponses, falseResponses); - std::cout << "If the bit was 1, our derived exponent should now be: " << guess << "." << std::endl; - std::cout << "Otherwise, it should be " << guess-1 << "."<< std::endl; -} - -void Attacker::saveCSV(const std::string filename, const std::vector trueSet, const std::vector falseSet) const{ - std::ofstream myfile; - myfile.open (filename); - myfile << "message,duration,step4" << std::endl; - for (auto e: trueSet) { - myfile << e << ",1" << std::endl; - } - for (auto e: falseSet) { - myfile << e << ",2" << std::endl; - } - myfile.close(); -} - - - - - - - - - diff --git a/src/attacker/attacker.h b/src/attacker/attacker.h deleted file mode 100644 index 180df03..0000000 --- a/src/attacker/attacker.h +++ /dev/null @@ -1,69 +0,0 @@ -// -// attacker.h -// rsa -// -// Created by Arve Nygård on 07/05/15. -// Copyright (c) 2015 Arve Nygård. All rights reserved. -// - -#ifndef __rsa__attacker__ -#define __rsa__attacker__ - -#include -#include -#include -#include -#include -#include -#include -#include -#include "../lib/ttmath.h" -#include "../rsa.h" - -typedef ttmath::Int<16> num; -struct TimedResponse { - std::string message; - std::string response; - std::chrono::duration > duration; -}; - -std::ostream& operator<<(std::ostream& os, const TimedResponse& ts){ - os - << ts.message << "," << ts.duration.count(); -// << "Message: " << ts.message -// << "\nSigned: " << ts.response -// << "\nDuration:" << ts.duration.count() << " nanoseconds\n"; - return os; -} - -class Attacker { -private: - struct sockaddr_in server_addr; - int sock; - TimedResponse sign_message(const std::string &message); - TimedResponse sign_message(const num &message); - int current_bit; - -public: - num public_n, public_e; - num derived_exponent; - num messages_per_bit; - Attacker(const char* host, const int port):messages_per_bit(100){ - hostent *hp = gethostbyname(host); - bzero(&server_addr,sizeof(server_addr)); - memcpy((void *)&server_addr.sin_addr, hp->h_addr_list[0], hp->h_length); - server_addr.sin_family = AF_INET; - server_addr.sin_port=htons(port); - sock = socket(AF_INET,SOCK_DGRAM,0); - } - bool key_found(); - void perform_attack(); - void simulate_attack(int number_messages,int exponent,int index); - bool ModExpBoolean(const num &M, const num &d, const num &n); - num MontgomeryProduct(const num &a, const num &b, const num &nprime, const num &r, const num &n, bool &step4); - void attack_next_bit(); - void saveCSV(const std::string filename, const std::vector trueSet, const std::vector falseSet) const; - -}; - -#endif /* defined(__rsa__attacker__) */ diff --git a/src/rsa-server.cpp b/src/rsa-server.cpp deleted file mode 100644 index 90538cd..0000000 --- a/src/rsa-server.cpp +++ /dev/null @@ -1,127 +0,0 @@ -// -// main.cpp -// rsa -// -// Created by Arve Nygård on 06/05/15. -// Copyright (c) 2015 Arve Nygård. All rights reserved. -// - -#include -#include -#include -#include -#include -#include -#include "rsa.h" - - - -#define BUFSIZE 255 - -void test(); -int vulnerable_sign(); -int serve(int port); -Rsa rsa; - -int main(int argc, const char * argv[]) { - if (argc != 5) { - std::cout << "Usage: ./rsa-server

" << std::endl; - std::cout << "Feed messages as lines to stdin, signed messages will come as output" << std::endl; - return 1; - } - - // Initiate RSA object with primes from command line. - rsa = Rsa(argv[2], argv[3], argv[4]); - std::cout << "Starting signing server on port " << argv[1] << ". " << std::endl << std::endl; - std::cout << std::endl << "Using Montgomery with (5ms) sleep for exponentiation" << std::endl; - rsa.setExpFunc(MODEXP_SLEEP); - - std::cout << "Using the following keys:" << std::endl; - rsa.printKeys(); - serve(atoi(argv[1])); - - return 0; -} - -/* - * Start the server. - * - * It reads UDP datagrams for messages, signs the message and sends back - * the signature on the same port. - */ -int serve(const int portno){ - int sockfd; - ssize_t bytes; - struct sockaddr_in servaddr,cliaddr; - socklen_t len; - char mesg[1024]; - - sockfd=socket(AF_INET,SOCK_DGRAM,0); - - bzero(&servaddr,sizeof(servaddr)); - servaddr.sin_family = AF_INET; - servaddr.sin_addr.s_addr=htonl(INADDR_ANY); - servaddr.sin_port=htons(portno); - bind(sockfd,(struct sockaddr *)&servaddr,sizeof(servaddr)); - - while (true){ - len = sizeof(cliaddr); - bytes = recvfrom(sockfd,mesg,1024,0,(struct sockaddr *)&cliaddr,&len); - mesg[bytes] = 0; // Null terminate the received string - std::cout << "Asked to sign message: " << mesg; - num signature = rsa.sign(mesg); - std::string string_result; - signature.ToString(string_result); - sendto(sockfd,string_result.c_str(),string_result.size(),0,(struct sockaddr *)&cliaddr,sizeof(cliaddr)); - bzero(mesg, 1024); - - std::cout << ". Sending response: " << signature << std::endl; - - } -} - - - - -void test(){ - num p,q,e; - // p = "72921395523034486567525736371230370633973787029153043254895253767587177948354404505015843041682240089"; - // q = "27028138044587582353904781804159356623304801440906159575368078211171173680092726609842044176970728203"; - // e = (1<<16)+1; - p = 97; - q = 103; - e = 31; - Rsa rsa = Rsa(p,q, e); - - // rsa.printKeys(); - - num M = 25; - std::cout << "Using Montgomery Exponentiation" << std::endl; // This is default. - num C = rsa.encrypt(M); - num S = rsa.decrypt(C); - - std::cout << "Message: " << M << std::endl; - std::cout << "Expected Ciphertext: 9943" << std::endl; - std::cout << "Ciphertext: " << C << std::endl; - std::cout << "Decrypted: " << S << std::endl; - - std::cout << std::endl << "Using Powering Ladder" << std::endl; - rsa.setExpFunc(POWERLADDER); - C = rsa.encrypt(M); - S = rsa.decrypt(C); - - std::cout << "Message: " << M << std::endl; - std::cout << "Expected Ciphertext: 9943" << std::endl; - std::cout << "Ciphertext: " << C << std::endl; - std::cout << "Decrypted: " << S << std::endl; - - std::cout << std::endl << "Using Montgomery with sleep" << std::endl; - rsa.setExpFunc(MODEXP_SLEEP); - C = rsa.encrypt(M); - S = rsa.decrypt(C); - - std::cout << "Message: " << M << std::endl; - std::cout << "Expected Ciphertext: 9943" << std::endl; - std::cout << "Ciphertext: " << C << std::endl; - std::cout << "Decrypted: " << S << std::endl; -} \ No newline at end of file