Differences
This shows you the differences between two versions of the page.
|
cns:lectures:lecture-09 [2014/11/30 19:34] razvan.deaconescu [RSA in the Shell] |
cns:lectures:lecture-09 [2019/12/07 14:08] (current) razvan.deaconescu |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Lecture 09 - Encryption. Hashing. APIs ====== | + | ====== Lecture 09 - Code Reuse (part 2) ====== |
| - | * [[http://elf.cs.pub.ro/cns/res/lectures/lecture-09.pdf | Slides]] | + | * [[http://elf.cs.pub.ro/cns/res/lectures/09-code-reuse-2-handout.pdf|Slides]] |
| - | * **Keywords**: encryption, symmetric encryption, public key encryption, digital signatures, hash, fingerprinting, certificate, RSA, MAC, ''openssl'', ''gnutls'', ''crypt'', ''libgcrypt'', ''botan'', side channel attack, Heartbleed | + | * **Keywords**: multi-phase attack, ASLR bypass, ROP chain, stack pivoting |
| <html> | <html> | ||
| - | <iframe src="http://docs.google.com/viewer?url=http://elf.cs.pub.ro/cns/res/lectures/lecture-09.pdf&embedded=true" width="600" height="470" style="border: none;"></iframe> | + | <center> |
| + | <iframe src="https://docs.google.com/viewer?url=http://elf.cs.pub.ro/cns/res/lectures/09-code-reuse-2-handout.pdf&embedded=true" width="600" height="470" style="border: none;"></iframe> | ||
| + | </center> | ||
| </html> | </html> | ||
| - | ===== Demos ===== | + | ===== Demo ===== |
| - | For demos, we will use the [[http://elf.cs.pub.ro/cns/res/lectures/lecture-09-demo.zip|demo archive]]. We will a Linux system to run the demos. We download the archive using the command<code bash> | + | [[http://elf.cs.pub.ro/oss/res/lectures/09-code-reuse-2-demo.zip|Demo archive]] |
| - | wget http://elf.cs.pub.ro/cns/res/lectures/lecture-09-demo.zip | + | |
| - | </code> | + | |
| - | and then we unpack the archive<code bash> | + | |
| - | unzip lecture-09-demo.zip | + | |
| - | </code> | + | |
| - | and then access the demo folder that resulted after the unpack operation<code bash> | + | |
| - | cd lecture-09-demo/ | + | |
| - | </code> | + | |
| - | We will now pass through the demos below. | + | |
| - | The demos show various ways of using the RSA algorithm: generating keys, encrypting a message and decrypting the message. | + | /* |
| - | ==== RSA in the Shell ==== | + | ====== Lecture 09 - Strings ====== |
| - | We will first start using RSA inside the shell. We will do key generation, key inspection, encryption and decryptions using shell commands embedded in a shell script. | + | * [[http://elf.cs.pub.ro/cns/res/lectures/lecture-09.pdf | Slides]] |
| + | * **Keywords**: string, character, ''char'', ''signed char'', ''unsigned char'', NTBS, null character, character operators, string operations, bounds, overflow, truncation, sanitization, ''gets'', exploit, input validation, memory model, | ||
| - | We will go to the ''shell/'' subfolder in the lab archive folder:<code> | + | <html> |
| - | student@mjolnir:~/lecture-09-demo$ cd shell/ | + | <center> |
| - | student@mjolnir:~/lecture-09-demo/shell$ ls -F | + | <iframe src="https://docs.google.com/viewer?url=http://elf.cs.pub.ro/cns/res/lectures/lecture-09.pdf&embedded=true" width="600" height="470" style="border: none;"></iframe> |
| - | rsa-ctl* | + | </center> |
| - | </code> | + | </html> |
| - | + | ||
| - | The ''rsa-ctl'' file is an executable shell script that allows us to do common RSA operations. We run it with no arguments to check what arguments we can pass to it:<code> | + | |
| - | student@mjolnir:~/lecture-09-demo/shell$ ./rsa-ctl | + | |
| - | Provide one argument. | + | |
| - | Usage: ./rsa-ctl genkey | encrypt | decrypt | inspect | + | |
| - | </code> | + | |
| - | + | ||
| - | The arguments are quite clear: we can generate the RSA keys, we can encrypt messages, we can decrypt messages and we can inspect the keys. | + | |
| - | + | ||
| - | First, use an editor or pager (such as ''vim'' or ''less'') to explore the script. Check the four functions implementing the required functionality: ''rsa_genkey'', ''rsa_encrypt'', ''rsa_decrypt'' and ''rsa_inspect''. All fuctions use the ''openssl'' command, the front-end command for the OpenSSL library. | + | |
| - | + | ||
| - | First, let's generate the private and public keys:<code> | + | |
| - | student@mjolnir:~/lecture-09-demo/shell$ ./rsa-ctl genkey | + | |
| - | Generate private key in rsa.private ... | + | |
| - | Generate public key in rsa.public ... | + | |
| - | student@mjolnir:~/lecture-09-demo/shell$ ls | + | |
| - | rsa-ctl rsa.private rsa.public | + | |
| - | </code> | + | |
| - | + | ||
| - | The keys are generated in the ''rsa.private'' and ''rsa.public'' files. Two ''openssl'' commands are used in the ''rsa_genkey'' funciton in the ''rsa-ctl'' script. The first command generates all required parameters and saves them in the private key file (''rsa.private''). The second command extract the public key information (the modulus ''n'' and the public exponent ''e'') and places the public key in the ''rsa.public'' file. Both keys are stored in [[http://www.faqs.org/qa/qa-14736.html|PEM format]]:<code> | + | |
| - | student@mjolnir:~/lecture-09-demo/shell$ cat rsa.private | + | |
| - | -----BEGIN RSA PRIVATE KEY----- | + | |
| - | MIICXAIBAAKBgQDfa9+gSRjtsHLNYo6fk4OHwp/ZkM2p7UQM9zMbQ3T8Ql+ST0li | + | |
| - | /GWx02zGD085eqIzzofZYEEn8/qm2l3iH94QofrbArTrERre4QGrNwUxBehYJKwo | + | |
| - | malJ0mvPJqY+rVt2lNYPXCgcnC4aDSMgFKsgf2UzGif9pI7sE9Xzlgo8WQIDAQAB | + | |
| - | AoGAaQG4Xws8DirKKkHSKqoYPax5mLX4E4+SVk2w1XWE/DLt3EQrh7x8x3FJRGVZ | + | |
| - | pPhAV/0P2FjnBrIi8lzblzXHFkUQyFGOH+oyizIwDhFznb/XBt6VpEJZXDe278PP | + | |
| - | 2Mtr0pGzmUMTYdzDXLxg267C4zPRJyqI3z1my9Vdljj03KkCQQD7vFTOdjkN+HZK | + | |
| - | hJN90leDuGE9HhyFR0nErfPJFbMtXUXHXn7/MsB0N3R61FD0zSR0RcHRouYkAUwk | + | |
| - | JEUx7S6vAkEA4zTBZK24V7iyHmpXMQPILQ7hVP3oggsT14bXZzVzHwNo/WvFTK4K | + | |
| - | 43Pqo6o27xNxMQkLSp0t7GG7S5ZCAllHdwJBALWyVqf6zu2Vg5P/oxFy6/XH9G+P | + | |
| - | t1g/fzA1ujtOrVg19XKUcyexsxVvHWS2sIQxOXmvC9lLMb+VLCb+Au+pWUMCQDAN | + | |
| - | x11o1JVRDfMa4KgQObU18XiNXzCp8R9jeIlup5OGoB0BPzBxmwHyUU0eQhIclZMe | + | |
| - | a5HzXnQhU4CwHfPrOA8CQD9TTziWkpYAvcFQNhyvjeJIBVODkBKZx9d3qoSzq9bn | + | |
| - | ei0hbY6VL+gCkIHLuv4oBWqCl4EuN319amxzv+bJCAk= | + | |
| - | -----END RSA PRIVATE KEY----- | + | |
| - | + | ||
| - | student@mjolnir:~/lecture-09-demo/shell$ cat rsa.public | + | |
| - | -----BEGIN PUBLIC KEY----- | + | |
| - | MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfa9+gSRjtsHLNYo6fk4OHwp/Z | + | |
| - | kM2p7UQM9zMbQ3T8Ql+ST0li/GWx02zGD085eqIzzofZYEEn8/qm2l3iH94Qofrb | + | |
| - | ArTrERre4QGrNwUxBehYJKwomalJ0mvPJqY+rVt2lNYPXCgcnC4aDSMgFKsgf2Uz | + | |
| - | Gif9pI7sE9Xzlgo8WQIDAQAB | + | |
| - | -----END PUBLIC KEY----- | + | |
| - | </code> | + | |
| - | As the private key stores extensive information it is considerable larger than the public key. | + | |
| - | + | ||
| - | Let's also inspect the keys using the ''inspect'' argument to the ''rsa-ctl'' script. We will be able to see the modulus (''n''), the prime numbers (''p'' and ''q''), the public exponent (''e'') and the private exponent (''d'')). | + | |
| - | + | ||
| - | <spoiler Click to view command output> | + | |
| - | <code> | + | |
| - | student@mjolnir:~/lecture-09-demo/shell$ ./rsa-ctl inspect | + | |
| - | + | ||
| - | ==== Showing private key | + | |
| - | + | ||
| - | + | ||
| - | Private-Key: (1024 bit) | + | |
| - | modulus: | + | |
| - | 00:df:6b:df:a0:49:18:ed:b0:72:cd:62:8e:9f:93: | + | |
| - | 83:87:c2:9f:d9:90:cd:a9:ed:44:0c:f7:33:1b:43: | + | |
| - | 74:fc:42:5f:92:4f:49:62:fc:65:b1:d3:6c:c6:0f: | + | |
| - | 4f:39:7a:a2:33:ce:87:d9:60:41:27:f3:fa:a6:da: | + | |
| - | 5d:e2:1f:de:10:a1:fa:db:02:b4:eb:11:1a:de:e1: | + | |
| - | 01:ab:37:05:31:05:e8:58:24:ac:28:99:a9:49:d2: | + | |
| - | 6b:cf:26:a6:3e:ad:5b:76:94:d6:0f:5c:28:1c:9c: | + | |
| - | 2e:1a:0d:23:20:14:ab:20:7f:65:33:1a:27:fd:a4: | + | |
| - | 8e:ec:13:d5:f3:96:0a:3c:59 | + | |
| - | publicExponent: 65537 (0x10001) | + | |
| - | privateExponent: | + | |
| - | 69:01:b8:5f:0b:3c:0e:2a:ca:2a:41:d2:2a:aa:18: | + | |
| - | 3d:ac:79:98:b5:f8:13:8f:92:56:4d:b0:d5:75:84: | + | |
| - | fc:32:ed:dc:44:2b:87:bc:7c:c7:71:49:44:65:59: | + | |
| - | a4:f8:40:57:fd:0f:d8:58:e7:06:b2:22:f2:5c:db: | + | |
| - | 97:35:c7:16:45:10:c8:51:8e:1f:ea:32:8b:32:30: | + | |
| - | 0e:11:73:9d:bf:d7:06:de:95:a4:42:59:5c:37:b6: | + | |
| - | ef:c3:cf:d8:cb:6b:d2:91:b3:99:43:13:61:dc:c3: | + | |
| - | 5c:bc:60:db:ae:c2:e3:33:d1:27:2a:88:df:3d:66: | + | |
| - | cb:d5:5d:96:38:f4:dc:a9 | + | |
| - | prime1: | + | |
| - | 00:fb:bc:54:ce:76:39:0d:f8:76:4a:84:93:7d:d2: | + | |
| - | 57:83:b8:61:3d:1e:1c:85:47:49:c4:ad:f3:c9:15: | + | |
| - | b3:2d:5d:45:c7:5e:7e:ff:32:c0:74:37:74:7a:d4: | + | |
| - | 50:f4:cd:24:74:45:c1:d1:a2:e6:24:01:4c:24:24: | + | |
| - | 45:31:ed:2e:af | + | |
| - | prime2: | + | |
| - | 00:e3:34:c1:64:ad:b8:57:b8:b2:1e:6a:57:31:03: | + | |
| - | c8:2d:0e:e1:54:fd:e8:82:0b:13:d7:86:d7:67:35: | + | |
| - | 73:1f:03:68:fd:6b:c5:4c:ae:0a:e3:73:ea:a3:aa: | + | |
| - | 36:ef:13:71:31:09:0b:4a:9d:2d:ec:61:bb:4b:96: | + | |
| - | 42:02:59:47:77 | + | |
| - | exponent1: | + | |
| - | 00:b5:b2:56:a7:fa:ce:ed:95:83:93:ff:a3:11:72: | + | |
| - | eb:f5:c7:f4:6f:8f:b7:58:3f:7f:30:35:ba:3b:4e: | + | |
| - | ad:58:35:f5:72:94:73:27:b1:b3:15:6f:1d:64:b6: | + | |
| - | b0:84:31:39:79:af:0b:d9:4b:31:bf:95:2c:26:fe: | + | |
| - | 02:ef:a9:59:43 | + | |
| - | exponent2: | + | |
| - | 30:0d:c7:5d:68:d4:95:51:0d:f3:1a:e0:a8:10:39: | + | |
| - | b5:35:f1:78:8d:5f:30:a9:f1:1f:63:78:89:6e:a7: | + | |
| - | 93:86:a0:1d:01:3f:30:71:9b:01:f2:51:4d:1e:42: | + | |
| - | 12:1c:95:93:1e:6b:91:f3:5e:74:21:53:80:b0:1d: | + | |
| - | f3:eb:38:0f | + | |
| - | coefficient: | + | |
| - | 3f:53:4f:38:96:92:96:00:bd:c1:50:36:1c:af:8d: | + | |
| - | e2:48:05:53:83:90:12:99:c7:d7:77:aa:84:b3:ab: | + | |
| - | d6:e7:7a:2d:21:6d:8e:95:2f:e8:02:90:81:cb:ba: | + | |
| - | fe:28:05:6a:82:97:81:2e:37:7d:7d:6a:6c:73:bf: | + | |
| - | e6:c9:08:09 | + | |
| - | Modulus=DF6BDFA04918EDB072CD628E9F938387C29FD990CDA9ED440CF7331B4374FC425F924F4962FC65B1D36CC60F4F397AA233CE87D9604127F3FAA6DA5DE21FDE10A1FADB02B4EB111ADEE101AB37053105E85824AC2899A949D26BCF26A63EAD5B7694D60F5C281C9C2E1A0D232014AB207F65331A27FDA48EEC13D5F3960A3C59 | + | |
| - | + | ||
| - | ==== Showing public key | + | |
| - | + | ||
| - | + | ||
| - | Public-Key: (1024 bit) | + | |
| - | Modulus: | + | |
| - | 00:df:6b:df:a0:49:18:ed:b0:72:cd:62:8e:9f:93: | + | |
| - | 83:87:c2:9f:d9:90:cd:a9:ed:44:0c:f7:33:1b:43: | + | |
| - | 74:fc:42:5f:92:4f:49:62:fc:65:b1:d3:6c:c6:0f: | + | |
| - | 4f:39:7a:a2:33:ce:87:d9:60:41:27:f3:fa:a6:da: | + | |
| - | 5d:e2:1f:de:10:a1:fa:db:02:b4:eb:11:1a:de:e1: | + | |
| - | 01:ab:37:05:31:05:e8:58:24:ac:28:99:a9:49:d2: | + | |
| - | 6b:cf:26:a6:3e:ad:5b:76:94:d6:0f:5c:28:1c:9c: | + | |
| - | 2e:1a:0d:23:20:14:ab:20:7f:65:33:1a:27:fd:a4: | + | |
| - | 8e:ec:13:d5:f3:96:0a:3c:59 | + | |
| - | Exponent: 65537 (0x10001) | + | |
| - | Modulus=DF6BDFA04918EDB072CD628E9F938387C29FD990CDA9ED440CF7331B4374FC425F924F4962FC65B1D36CC60F4F397AA233CE87D9604127F3FAA6DA5DE21FDE10A1FADB02B4EB111ADEE101AB37053105E85824AC2899A949D26BCF26A63EAD5B7694D60F5C281C9C2E1A0D232014AB207F65331A27FDA48EEC13D5F3960A3C59 | + | |
| - | </code> | + | |
| - | </spoiler> | + | |
| - | You can see the large modulus and prime numbers. We generated the key for 1024 bits, so the modulus uses 256 hexadecimal digits (each digit ocuppies 4 bits, for a total or ''256 * 4 = 1024'' bits). We know we have a valid key pair since both the private and public key are using the same modulus. | + | |
| - | + | ||
| - | A quick way of checking a match of a private and public key pair is to compute and compare the MD5 sum of the modulus. We can use the commands below to check the match for our private and public keys:<code> | + | |
| - | student@mjolnir:~/lecture-09-demo/shell$ openssl rsa -noout -modulus -in rsa.private | openssl md5 | + | |
| - | (stdin)= ea86ebad07960a02f630b9eb557ea0b3 | + | |
| - | student@mjolnir:~/lecture-09-demo/shell$ openssl rsa -noout -modulus -pubin -in rsa.public | openssl md5 | + | |
| - | (stdin)= ea86ebad07960a02f630b9eb557ea0b3 | + | |
| - | </code> | + | |
| - | The MD5 sum is the same, so the modulus is the same, so the public and private keys are a pair. | + | |
| - | + | ||
| - | We can use the keys to encrypt and decrypt a message, by passing the ''encrypt'' and ''decrypt'' arguments to the ''rsa-ctl'' script. The input message is passed from standard input, while the output message is written to standard output. | + | |
| - | + | ||
| - | We will encrypt the //all-for-the-empire// string and store it in the ''encrypted.msg'' file:<code> | + | |
| - | student@mjolnir:~/lecture-09-demo/shell$ echo "all-for-the-empire" | ./rsa-ctl encrypt > encrypted.msg | + | |
| - | </code> | + | |
| - | The ''encrypted.msg'' file is a binary file that may only be decrypted by use of the private key. We use ''xxd'' to check its inside and see that it's useless without a private key:<code> | + | |
| - | student@mjolnir:~/lecture-09-demo/shell$ xxd encrypted.msg | + | |
| - | 0000000: 9f7c f947 9232 bf49 788c 81d2 ea21 5dc1 .|.G.2.Ix....!]. | + | |
| - | 0000010: b589 c712 a7f2 cd28 93f4 06a8 d18a fe5d .......(.......] | + | |
| - | 0000020: 25eb 1c8c ee2d 594a 0344 38a6 cef0 aa98 %....-YJ.D8..... | + | |
| - | 0000030: f29a 47b6 c8c3 fe73 4ce3 c7d4 1808 e4dd ..G....sL....... | + | |
| - | 0000040: b797 24eb 2a6a fc68 1230 583f 2e4a 4d2d ..$.*j.h.0X?.JM- | + | |
| - | 0000050: aed6 ae90 19ee 757f 8865 c373 ad59 1369 ......u..e.s.Y.i | + | |
| - | 0000060: ee32 a976 f010 8498 ac6b fbb9 1589 45e7 .2.v.....k....E. | + | |
| - | 0000070: 4e29 5e5a 68e6 78e0 5bcf 889c 5580 4f7c N)^Zh.x.[...U.O| | + | |
| - | </code> | + | |
| - | + | ||
| - | Now we can retrieve the original message by decrypting the ''encrypted.msg'' file. We will pass the ''decrypt'' argument to the ''rsa-ctl'' script:<code> | + | |
| - | student@mjolnir:~/lecture-09-demo/shell$ ./rsa-ctl decrypt < encrypted.msg | + | |
| - | all-for-the-empire | + | |
| - | </code> | + | |
| - | The output message is the initial string //all-for-the-empire// so everything works as expected. | + | |
| - | + | ||
| - | === Manual Running of the openssl Command === | + | |
| - | + | ||
| - | All the above steps can be undertaken directly in the command line, without necessarily using the ''rsa-ctl'' script. | + | |
| - | + | ||
| - | In order to generate a private and public key pair, we will first generate a private key on ''1024'' bits using the ''openssl genrsa'' command:<code> | + | |
| - | student@mjolnir:~/lecture-09-demo/shell$ openssl genrsa 1024 > rsa.private | + | |
| - | Generating RSA private key, 1024 bit long modulus | + | |
| - | .......++++++ | + | |
| - | ......................................................................++++++ | + | |
| - | e is 65537 (0x10001) | + | |
| - | </code> | + | |
| - | Then we extract the public key using the ''openssl rsa'' command:<code> | + | |
| - | student@mjolnir:~/lecture-09-demo/shell$ openssl rsa -in rsa.private -pubout > rsa.public | + | |
| - | writing RSA key | + | |
| - | </code> | + | |
| - | + | ||
| - | We can inspect the two keys using the ''openssl rsa'' command:<code> | + | |
| - | </code> | + | |
| - | ==== RSA in C ==== | + | |
| - | + | ||
| - | TODO | + | |
| - | + | ||
| - | ==== RSA in Python ==== | + | |
| - | TODO | + | */ |
