chg: [workshop] smallkey crypto hands-on

docs/workshop/5-snake-oil-crypto/hands-on-support/.gitignore

@@ -0,0 +1 @@
+*.venv

docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/CREDIT.md

@@ -0,0 +1,2 @@
+Parts of this material (the key) has been borrowed to Sjoerd Langkemper
+https://www.sjoerdlangkemper.nl/2019/06/19/attacking-rsa/

docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/checkPrivateKey.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+openssl rsa -in privateSmallKey.pem -text -check -noout

docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/crackSmallKey.sage

@@ -0,0 +1,6 @@
+n = 8464481006489090994506453371545747140045883416875197642486592854169
+print("Factorizing n = {}".format(n))
+p, q = factor(n)
+print("p = {}".format(p[0]))
+print("q = {}".format(q[0]))
+print("{} * {} = {}".format(p[0], q[0], p[0]*q[0]))

docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/crackSmallKey.sage.py

@@ -0,0 +1,13 @@
+
+
+# This file was *autogenerated* from the file crackSmallKey.sage
+from sage.all_cmdline import *   # import sage library
+
+_sage_const_8464481006489090994506453371545747140045883416875197642486592854169 = Integer(8464481006489090994506453371545747140045883416875197642486592854169); _sage_const_0 = Integer(0)
+n = _sage_const_8464481006489090994506453371545747140045883416875197642486592854169 
+print("Factorizing n = {}".format(n))
+p, q = factor(n)
+print("p = {}".format(p[_sage_const_0 ]))
+print("q = {}".format(q[_sage_const_0 ]))
+print("{} * {} = {}".format(p[_sage_const_0 ], q[_sage_const_0 ], p[_sage_const_0 ]*q[_sage_const_0 ]))
+

docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/genPrivateKey.py

@@ -0,0 +1,43 @@
+#!/usr/bin/env python3
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.hazmat.primitives import serialization
+from cryptography import x509
+
+def egcd(a, b):
+    if a == 0:
+        return (b, 0, 1)
+    else:
+        g, y, x = egcd(b % a, a)
+        return (g, x - (b // a) * y, y)
+
+def modinv(a, m):
+    gcd, x, y = egcd(a, m)
+    if gcd != 1:
+        return None  # modular inverse does not exist
+    else:
+        return x % m
+
+n = 8464481006489090994506453371545747140045883416875197642486592854169 
+p = 2209828846356855715679030504831459
+#p = 3830378547390089828095201542724691
+e = 3
+
+q = int(n // p)
+phi_n = (p-1)*(q-1)
+
+d = modinv(e, phi_n)
+dmp1 = rsa.rsa_crt_dmp1(d, p)
+dmq1 = rsa.rsa_crt_dmq1(d, q)
+iqmp = rsa.rsa_crt_iqmp(p, q)
+pn = rsa.RSAPublicNumbers(e, n)
+compositen = rsa.RSAPrivateNumbers(p, q, d, dmp1, dmq1, iqmp, pn)
+compositek = compositen.private_key(backend=default_backend())
+pem = compositek.private_bytes(
+        encoding=serialization.Encoding.PEM,
+        format=serialization.PrivateFormat.TraditionalOpenSSL,
+        encryption_algorithm=serialization.NoEncryption()
+        )
+f = open("privateSmallKey.pem", "wb")
+f.write(pem)
+f.close()

docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/getModulus.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+openssl rsa -in ../smallkey.pem -pubin -modulus -noout

docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/getModulusBase10.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+openssl rsa -in ../smallkey.pem -pubin -modulus -noout | awk '{print substr($1 ,9)}' | xargs -I {} echo 'ibase=16; {}' | bc 

docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/privateSmallKey.pem

@@ -0,0 +1,6 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIGTAgEAAhxQYAN2VlMPtKrui/RsMRcuEm/IG9yv2ZJfsFiZAgEDAhw1lVekOYy1
+IxyfB/hIH/OVSn0/9RK1C2sDZSxDAg5s8/YaxE3yp2QRpeu54wIPALzaLJkj3k34
+5GA0rNxTAg5IoqQR2DP3GkK2bp0mlwIOfebIZhfpiVCYQCMd6DcCDhNdZhgUmUdJ
+GqvHAVkq
+-----END RSA PRIVATE KEY-----

docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/smallkey.pem

@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MDUwDQYJKoZIhvcNAQEBBQADJAAwIQIcUGADdlZTD7Sq7ov0bDEXLhJvyBvcr9mS
+X7BYmQIBAw==
+-----END PUBLIC KEY-----

docs/workshop/5-snake-oil-crypto/soc.tex

@@ -1,6 +1,7 @@
 \documentclass{beamer}
 \usetheme[numbering=progressbar]{focus}
 \usepackage{tikz}
+\usepackage{listings}
 \usetikzlibrary{positioning}
 \usetikzlibrary{shapes,arrows}
 \usepackage{transparent}
@@ -198,6 +199,7 @@ plaintext, $P_2$ , is related to $P_1$ in a meaningful way.''
         \begin{figure}
           \centering
           \includegraphics[width=\textwidth]{d4-ecb.pdf}
+          \caption{Image encrypted with AES-ECB}
         \end{figure}
         
 \end{frame}
@@ -205,14 +207,20 @@ plaintext, $P_2$ , is related to $P_1$ in a meaningful way.''
 
 \begin{frame}
         \frametitle{Semantic Security}
-For instance AES-ECB is not semantically secure - An attacker can build a
-codebook to crack it.
-        No Semantic Security without randomness
+
+        IND-CPA should not leak information about the PlainText as long as the
+        key is secret:
 
         \begin{itemize}
-          \item
+          \item $C^1 = E(K, P^1)$, $C^2 = E(K, P^2)$, what are the couples?
+          \item the same message encrypted twice should return two different CipherText,
+          \item one way to achieve this is to introduce randomness in the
+            encryption process: $C = E(K ,R ,P )$ where R is fresh random bits,
+          \item C should not be distinguishable from random bits.
         \end{itemize}
 
+        {\bf No Semantic Security without randomness}
+
 \end{frame}
 
 \begin{frame}
@@ -261,12 +269,12 @@ codebook to crack it.
 \end{frame}
 
 
-
 \begin{frame}
         \frametitle{Type of encryption}
 
         \begin{itemize}
-          \item
+          \item Symmetric encryption,
+          \item Asymmetric encryption.
         \end{itemize}
 
 \end{frame}
@@ -413,16 +421,87 @@ codebook to crack it.
        
 \end{frame}
 
+\begin{frame}
+        \frametitle{When cryptography helps investigations}
+        \begin{itemize}
+          \item crypto provides authentication mechanisms.
+          \item
+          \item
+          \item
+        \end{itemize}
 
+\end{frame}
+
+\begin{frame}
+  \begin{center}
+    {\bf Hands-on: Understanding RSA}
+  \end{center}
+\end{frame}
+
+\begin{frame}
+  \frametitle{With only one key}
+  Several potential weaknesses:
+  \begin{itemize}
+    \item Key size too small: keys up to 1024 bits are breakable given the
+      right means,
+    \item  
+    \item
+    \item
+    \item
+  \end{itemize}
+
+\end{frame}
+
+
+\begin{frame}
+  \frametitle{With a bunch of  keys}
+\end{frame}
 
 
 
 \begin{frame}
   \begin{center}
-    {\bf Cryptography and Network captures}
+    {\bf Hands-on: Exploiting Weaknesses in RSA}
   \end{center}
 \end{frame}
 
+\begin{frame}
+  \frametitle{Using Sage}
+\end{frame}
+
+\begin{frame}[fragile]
+  \frametitle{Breaking small keys}
+  \begin{itemize}
+  \item Go into:
+
+\begin{lstlisting}
+~/smallKey
+\end{lstlisting}
+
+   \item what is the key size of smallkey?
+   \item what is n?
+   \item what is the public exponent?
+   \item what is n in base10?
+   \item what are p and q?
+   
+  \end{itemize}
+
+  \vspace{8mm}
+  {\bf Let's generate the private key.}
+  
+\end{frame}
+
+
+\begin{frame}
+  \frametitle{Using Snake-Oil-Crypto}
+\end{frame}
+
+
+
+
+
+
+
 \begin{frame}
   \begin{center}
     {\bf D4 passiveSSL Collection}