feat: finish p18, implment aes ctr mode

common/src/lib.rs

@@ -482,3 +482,23 @@ pub fn gen_random_key() -> [u8; 16] {
     rng.fill(&mut key);
     key
 }
+
+pub fn aes_ctr_enc(input: &[u8], key: &[u8; 16], nonce: u64) -> Result<Vec<u8>> {
+    let mut key_stream = Vec::new();
+    for round in 0..=(input.len() / 16) as u64 {
+        let input: Vec<u8> = nonce
+            .to_le_bytes()
+            .into_iter()
+            .chain(round.to_le_bytes())
+            .collect();
+        let stream_block = aes_ecb_enc(&input, key)?;
+        key_stream.extend(stream_block);
+    }
+    let output: Vec<u8> = input.iter().zip(key_stream).map(|(&a, b)| a ^ b).collect();
+
+    Ok(output)
+}
+
+pub fn aes_ctr_dec(input: &[u8], key: &[u8; 16], nonce: u64) -> Result<Vec<u8>> {
+    aes_ctr_enc(input, key, nonce)
+}

problems/p14/Cargo.toml

@@ -4,3 +4,7 @@ version = "0.1.0"
 edition = "2024"
 
 [dependencies]
+common = { path = "../../common" }
+rand = { workspace = true }
+base64 = { workspace = true }
+anyhow = { workspace = true }

problems/p14/src/main.rs

@@ -1,3 +1,96 @@
-fn main() {
+use std::process::exit;
-    println!("Hello, world!");
+
+use anyhow::Result;
+use base64::{Engine, engine::general_purpose::STANDARD};
+use common::{aes_ecb_enc, gen_random_key, pkcs7_padding};
+use rand::random;
+
+fn oracle(
+    unknown_prefix: &[u8],
+    controlled_input: &[u8],
+    key: &[u8; 16],
+    unknown_string: &[u8],
+) -> Vec<u8> {
+    let mut data = Vec::new();
+    data.extend_from_slice(unknown_prefix);
+    data.extend_from_slice(controlled_input);
+    data.extend_from_slice(unknown_string);
+
+    pkcs7_padding(&mut data, 16);
+
+    aes_ecb_enc(&data, key).unwrap()
 }
+
+fn main() -> Result<()> {
+    let b64_unknown_string = "Um9sbGluJyBpbiBteSA1LjAKV2l0aCBteSByYWctdG9wIGRvd24gc28gbXkgaGFpciBjYW4gYmxvdwpUaGUgZ2lybGllcyBvbiBzdGFuZGJ5IHdhdmluZyBqdXN0IHRvIHNheSBoaQpEaWQgeW91IHN0b3A/IE5vLCBJIGp1c3QgZHJvdmUgYnkK";
+    let unknown_string = STANDARD.decode(b64_unknown_string)?;
+    let key = gen_random_key();
+
+    let prefix_len = random::<u8>();
+    let unknown_prefix = vec![6u8; prefix_len as usize];
+
+    // step1. find padding length and unknown_string length.
+    let mut padding_len = 0;
+
+    let prev_cipher = oracle(
+        &unknown_prefix,
+        &vec![0; padding_len],
+        &key,
+        &unknown_string,
+    );
+    while prev_cipher.len() + 16
+        != oracle(
+            &unknown_prefix,
+            &vec![0; padding_len],
+            &key,
+            &unknown_string,
+        )
+        .len()
+    {
+        padding_len += 1;
+    }
+    println!("padding_len: {padding_len}"); // 6
+    let unknown_str_len = prev_cipher.len() - padding_len;
+    println!("unknown_str_len: {unknown_str_len}");
+
+    assert_eq!(unknown_str_len, unknown_string.len()); // debug use
+
+    let mut cracked: Vec<u8> = Vec::new();
+
+    let mut flag = false;
+
+    while cracked.len() != unknown_str_len {
+        padding_len += 1;
+        for i in 0..=255u8 {
+            let mut block = Vec::new();
+            block.push(i);
+            block.extend_from_slice(&cracked[..cracked.len().min(15)]);
+
+            pkcs7_padding(&mut block, 16);
+            block.extend(b"1".repeat(padding_len));
+            let cipher = oracle(&unknown_prefix, &block, &key, &unknown_string);
+
+            let chunks: Vec<&[u8]> = cipher.chunks(16).collect();
+            let first_16 = chunks[0];
+            let need_crack_16 = chunks[chunks.len() - 1 - ((cracked.len() + 1) / 16)];
+            if first_16 == need_crack_16 {
+                cracked.insert(0, i);
+                flag = true;
+                break;
+            }
+        }
+        if flag {
+            flag = false;
+        } else {
+            println!("Error. Some byte not found.");
+            println!("Cerrent length: {}", cracked.len());
+            exit(0)
+        }
+    }
+    println!("{}", String::from_utf8_lossy(&cracked));
+    // println!("{}", String::from_utf8_lossy(&plaintext));
+    assert_eq!(cracked, unknown_string);
+
+    Ok(())
+}
+

problems/p15/src/main.rs

@@ -1,5 +1,6 @@
 use anyhow::{Result, anyhow};
 
+#[allow(dead_code)]
 fn pkcs7_unpadding(input: &[u8]) -> Result<Vec<u8>> {
     if input.is_empty() {
         return Err(anyhow!("Input cannot be empty"));

problems/p18/Cargo.toml

@@ -4,3 +4,7 @@ version = "0.1.0"
 edition = "2024"
 
 [dependencies]
+anyhow = { workspace = true }
+common = { path = "../../common" }
+base64 = { workspace = true }
+rayon = { workspace = true }

problems/p18/src/main.rs

@@ -1,3 +1,42 @@
-fn main() {
+use anyhow::Result;
-    println!("Hello, world!");
+use base64::{Engine as _, engine::general_purpose::STANDARD};
+use rayon::prelude::*;
+
+use common::aes_ecb_enc;
+
+fn aes_ctr_enc(input: &[u8], key: &[u8; 16], nonce: u64) -> Result<Vec<u8>> {
+    let mut key_stream = Vec::new();
+    for round in 0..=(input.len() / 16) as u64 {
+        let input: Vec<u8> = nonce
+            .to_le_bytes()
+            .into_iter()
+            .chain(round.to_le_bytes())
+            .collect();
+        let stream_block = aes_ecb_enc(&input, key)?;
+        key_stream.extend(stream_block);
+    }
+    let output: Vec<u8> = input
+        .par_iter()
+        .zip(key_stream)
+        .map(|(&a, b)| a ^ b)
+        .collect();
+
+    Ok(output)
+}
+
+fn aes_ctr_dec(input: &[u8], key: &[u8; 16], nonce: u64) -> Result<Vec<u8>> {
+    aes_ctr_enc(input, key, nonce)
+}
+
+fn main() -> Result<()> {
+    let cipher = STANDARD
+        .decode("L77na/nrFsKvynd6HzOoG7GHTLXsTVu9qvY/2syLXzhPweyyMTJULu/6/kXX0KSvoOLSFQ==")?;
+
+    let key: [u8; 16] = "YELLOW SUBMARINE".as_bytes().try_into()?;
+
+    let plain = aes_ctr_dec(&cipher, &key, 0)?;
+    let plain = String::from_utf8(plain)?;
+    println!("{plain}");
+
+    Ok(())
 }