Golang programs for Padding Oracle attack for AES CBC mode.
-
encrypt-authcontainsmain.goprogram to perform AES encryption in CBC mode with HMAC. Here the AES and SHA256 functions are used from the standard package, but the CBC mode encryption and HMAC calculations are performed in program.To build the binary, the following command can be performed:
go buildThe encryption/decryption can be performed with the following command:
./encrypt <mode> -k <32-byte key in hexadecimal> -i <input file> -o <output file>mode =
encryptordecryptand first 16 bytes of the key is used for encryption and last 16 bytes of MAC calculation. -
decrypt-testcontainsmain.goprogram that works like the oracle. The program./decrypt-testthat has the key K hardcoded into it. It performs decryption of the provided cipher text and it will not return the decrypted ciphertext, but instead only a single one of the following three response messages:- “SUCCESS”
- “INVALID PADDING”
- “INVALID MAC”
The command-line profile for decrypt-test will be as follows:
./decrypt-test -i <ciphertext file> -
decrypt-attackcontainsmain.goprogram that performs the padding oracle attack. The program takes a cipher text as the input programmatically decrypts and returns the plain text of any ciphertext produced by your encryption utility fromencrypt-authwith the help of./decrypt-test. It will not have access to a decrypt-key. The command-line profile for decrypt-test will be as follows:./decrypt-attack -i <ciphertext file>