Remove padding in decrypted string by default, add option not to; refactoring

Author: hckr

PaddingOracleDecryptor.cs

@@ -11,10 +11,10 @@ class PaddingOracleDecryptor
         public PaddingOracleDecryptor(RemoteServerMock oracle)
         {
             this.oracle = oracle;
-            paddingValueProvider = PaddingValueProviders.GetFromMode(oracle.Padding);
+            paddingValueProvider = PaddingUtils.GetPaddingValueProviderFromMode(oracle.Padding);
         }
 
-        public string DecryptBlock(byte[] block, byte[] previousBlock)
+        public byte[] DecryptBlock(byte[] block, byte[] previousBlock)
         {
             byte[] decrypted = new byte[block.Length];
             byte[] manipulatedPrevious = new byte[16];
@@ -48,7 +48,7 @@ public string DecryptBlock(byte[] block, byte[] previousBlock)
                 }
             }
 
-            return Encoding.UTF8.GetString(decrypted, 0, decrypted.Length);
+            return decrypted;
         }
 
     }

PaddingUtils.cs

@@ -0,0 +1,99 @@
+using System;
+using System.Security.Cryptography;
+
+namespace Padding_Oracle_Attack
+{
+    public delegate byte PaddingValueProvider(int pos, int paddingLength, int blockLength);
+    public delegate byte[] PaddingRemover(byte[] block);
+
+    class PaddingUtils
+    {
+        public static PaddingValueProvider GetPaddingValueProviderFromMode(PaddingMode paddingMode)
+        {
+            switch (paddingMode)
+            {
+                case PaddingMode.PKCS7:
+                    return PKCS7_ValueProvider;
+
+                case PaddingMode.ANSIX923:
+                    return ANSIX923_ValueProvider;
+            }
+            throw new NotImplementedException(Enum.GetName(typeof(PaddingMode), paddingMode) + " is not supported");
+        }
+
+        public static PaddingRemover GetPaddingRemoverFromMode(PaddingMode paddingMode)
+        {
+            switch (paddingMode)
+            {
+                case PaddingMode.PKCS7:
+                    return PKCS7_Remover;
+
+                case PaddingMode.ANSIX923:
+                    return ANSIX923_Remover;
+            }
+            throw new NotImplementedException(Enum.GetName(typeof(PaddingMode), paddingMode) + " is not supported");
+        }
+
+        public static byte PKCS7_ValueProvider(int pos, int paddingLength, int blockLength)
+        {
+            return (byte)paddingLength;
+        }
+
+        public static byte[] PKCS7_Remover(byte[] block)
+        {
+            var paddingLength = block[block.Length - 1];
+
+            if (paddingLength <= 1 && paddingLength >= block.Length)
+            {
+                throw new Exception("Incorrect padding");
+            }
+
+            var contentLength = block.Length - paddingLength;
+
+            for (int i = block.Length - 2; i >= contentLength; --i)
+            {
+                if (block[i] != paddingLength)
+                {
+                    throw new Exception("Incorrect padding");
+                }
+            }
+
+            var result = new byte[contentLength];
+
+            Array.Copy(block, 0, result, 0, contentLength);
+
+            return result;
+        }
+
+        public static byte ANSIX923_ValueProvider(int pos, int paddingLength, int blockLength)
+        {
+            return (byte)((pos == blockLength - 1) ? paddingLength : 0);
+        }
+
+        public static byte[] ANSIX923_Remover(byte[] block)
+        {
+            var paddingLength = block[block.Length - 1];
+
+            if (paddingLength <= 1 && paddingLength >= block.Length)
+            {
+                throw new Exception("Incorrect padding");
+            }
+
+            var contentLength = block.Length - paddingLength;
+
+            for (int i = block.Length - 2; i >= contentLength; --i)
+            {
+                if (block[i] != 0)
+                {
+                    throw new Exception("Incorrect padding");
+                }
+            }
+
+            var result = new byte[contentLength];
+
+            Array.Copy(block, 0, result, 0, contentLength);
+
+            return result;
+        }
+    }
+}

PaddingValueProviders.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Diagnostics;
 using System.Security.Cryptography;
+using System.Text;
 using Mono.Options;
 
 namespace Padding_Oracle_Attack
@@ -9,21 +10,22 @@ class PaddingOracleAttack
     {
         // change the padding used by the oracle below (decryptor uses the same as the server/oracle)
         private const PaddingMode paddingMode = PaddingMode.PKCS7;
-        private static RemoteServerMock server = new RemoteServerMock(paddingMode);
-        private static PaddingOracleDecryptor decryptor = new PaddingOracleDecryptor(server);
+        private static RemoteServerMock oracle = new RemoteServerMock(paddingMode);
+        private static PaddingOracleDecryptor decryptor = new PaddingOracleDecryptor(oracle);
+        private static bool removePadding = true; // can be set to false by HandleConfigurationArguments
 
         public static void Main(String[] args)
         {
             Console.WriteLine("~~ Padding Oracle Attack Demo ~~");
 
             HandleConfigurationArguments(args);
 
-            Console.WriteLine("Oracle response delay set to {0} ms.", server.OracleDelayMilliseconds);
+            Console.WriteLine("Oracle response delay set to {0} ms.", oracle.OracleDelayMilliseconds);
 
             Console.WriteLine("\nEnter plaintext:");
             string plaintext = Console.ReadLine();
 
-            byte[] encrypted = server.Encrypt(plaintext);
+            byte[] encrypted = oracle.Encrypt(plaintext);
             var blocks = ByteUtils.SliceIntoBlocks(encrypted);
 
             Console.WriteLine("\nCiphertext blocks (base64):\n{0}", String.Join("\n", blocks.ConvertAll(block => Convert.ToBase64String(block))));
@@ -33,15 +35,22 @@ public static void Main(String[] args)
 
             var stopwatch = new Stopwatch();
 
-            for (int blockIndex = 1; blockIndex < blocks.Count; ++blockIndex)
+            var lastBlockIndex = blocks.Count - 1;
+            for (int blockIndex = 1; blockIndex <= lastBlockIndex; ++blockIndex)
             {
                 stopwatch.Start();
 
-                string decryptedPlaintext = decryptor.DecryptBlock(blocks[blockIndex], blocks[blockIndex - 1]);
+                var decrypted = decryptor.DecryptBlock(blocks[blockIndex], blocks[blockIndex - 1]);
 
                 stopwatch.Stop();
 
-                Console.WriteLine(decryptedPlaintext[0] != 16 ? decryptedPlaintext : "(padding-only block)");
+                if (removePadding && blockIndex == lastBlockIndex)
+                {
+                    decrypted = PaddingUtils.GetPaddingRemoverFromMode(oracle.Padding).Invoke(decrypted);
+                }
+
+                var decryptedPlaintext = Encoding.UTF8.GetString(decrypted, 0, decrypted.Length);
+                Console.WriteLine(decryptedPlaintext.Length > 0 ? decryptedPlaintext : "(padding-only block)");
             }
 
             var decodedBlocksCount = blocks.Count - 1;
@@ -57,7 +66,8 @@ public static void Main(String[] args)
         private static void HandleConfigurationArguments(String[] args)
         {
             OptionSet arguments = new OptionSet();
-            arguments.Add("d|delay=", "oracle delay in milliseconds for each padding request", (uint d) => server.OracleDelayMilliseconds = d);
+            arguments.Add("d|delay=", "oracle delay in milliseconds for each padding request", (uint d) => oracle.OracleDelayMilliseconds = d);
+            arguments.Add("p|preserve-padding", "don't remove padding from decoded string", _ => removePadding = false);
             arguments.Add("h|help", "displays this message", _ =>
             {
                 arguments.WriteOptionDescriptions(Console.Out);