LivingInSyn · December 8, 2016 22:05
diff --git a/timing_attack.rs b/timing_attack.rs
 //define external crates
 extern crate time;

 //start main function
 fn main() {
    //define the full tokens, immutable str's
    let valid_token = "qCXQ8v73jv8L2m/YXOfWB55mJzDubC0s51r3nHqLsBFTlaPTO8vBDcLJVs/Rt8j4VjiA3VDUMy8gK+eagU9JVw==";
    let invalid_token = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRTSUVWXYZ123456789abcdefghijklmnopqrstuvwxy==";
    //define the arrys which will hold the times for each trial
    let mut correct_times: [u64;200] = [0;200];
    let mut incorrect_times: [u64;200] = [0;200];
    //define the arrays which hold the final values
    let mut correct_avg_times: [f32;88] = [0.0;88];
    let mut incorrect_avg_times: [f32;88] = [0.0;88];
    //increase the length of the string tested
    for i in 1..89 {
        let test_valid_token = pad_string(&valid_token[..i],88);
        let test_invalid_token = pad_string(&invalid_token[..i],88);
        //test 200 times, we'll take the average
        for j in 0..200{
            //timer 1
            let valid_start_time = time::precise_time_ns();
            check_token(valid_token,&test_valid_token);
            correct_times[j] = time::precise_time_ns() - valid_start_time;
            //timer 2
            let invalid_start_time = time::precise_time_ns();
            check_token(valid_token,&test_invalid_token);
            incorrect_times[j] = time::precise_time_ns() - invalid_start_time;
        }
        correct_avg_times[i-1] = calculate_average(&correct_times);
        incorrect_avg_times[i-1] = calculate_average(&incorrect_times);
    }
    println!("Length,Correct Time,Incorrect Time");
    for i in 0..88 {
        println!("{},{},{}",i,correct_avg_times[i],incorrect_avg_times[i]);
    }
 }
 //the bad token checking, vuln to timing attack
 fn check_token(valid_token: &str, test_token: &String) -> bool {
    let valid_bytes = valid_token.as_bytes();
    let invalid_bytes = test_token.as_bytes();
    //I now know this is super ugly in rust, but it's what I need for the timing attack
    for i in 0..valid_bytes.len() {
        if valid_bytes[i] != invalid_bytes[i] {
            return false;
        }
    }
    return true;
 }
 //there must be a build in fn to do this, but I don't know when it is yet
 fn pad_string(string_to_pad: &str, length: i32) -> String {
    let current_len = string_to_pad.len() as i32;
    let mut return_string = string_to_pad.to_string();
    for _ in 0..(length-current_len){
        return_string.push_str(" ");
    }
    return return_string;
 }
 //calculates the average of an array of u64's
 fn calculate_average(array_to_calc:&[u64;200]) -> f32 {
    let sum = array_to_calc.iter().fold(0,|a, &b| a + b);
    return (sum/array_to_calc.len() as u64) as f32;
 }
	//define external crates
	extern crate time;

	//start main function
	fn main() {
	//define the full tokens, immutable str's
	let valid_token = "qCXQ8v73jv8L2m/YXOfWB55mJzDubC0s51r3nHqLsBFTlaPTO8vBDcLJVs/Rt8j4VjiA3VDUMy8gK+eagU9JVw==";
	let invalid_token = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRTSUVWXYZ123456789abcdefghijklmnopqrstuvwxy==";
	//define the arrys which will hold the times for each trial
	let mut correct_times: [u64;200] = [0;200];
	let mut incorrect_times: [u64;200] = [0;200];
	//define the arrays which hold the final values
	let mut correct_avg_times: [f32;88] = [0.0;88];
	let mut incorrect_avg_times: [f32;88] = [0.0;88];
	//increase the length of the string tested
	for i in 1..89 {
	let test_valid_token = pad_string(&valid_token[..i],88);
	let test_invalid_token = pad_string(&invalid_token[..i],88);
	//test 200 times, we'll take the average
	for j in 0..200{
	//timer 1
	let valid_start_time = time::precise_time_ns();
	check_token(valid_token,&test_valid_token);
	correct_times[j] = time::precise_time_ns() - valid_start_time;
	//timer 2
	let invalid_start_time = time::precise_time_ns();
	check_token(valid_token,&test_invalid_token);
	incorrect_times[j] = time::precise_time_ns() - invalid_start_time;
	}
	correct_avg_times[i-1] = calculate_average(&correct_times);
	incorrect_avg_times[i-1] = calculate_average(&incorrect_times);
	}
	println!("Length,Correct Time,Incorrect Time");
	for i in 0..88 {
	println!("{},{},{}",i,correct_avg_times[i],incorrect_avg_times[i]);
	}
	}
	//the bad token checking, vuln to timing attack
	fn check_token(valid_token: &str, test_token: &String) -> bool {
	let valid_bytes = valid_token.as_bytes();
	let invalid_bytes = test_token.as_bytes();
	//I now know this is super ugly in rust, but it's what I need for the timing attack
	for i in 0..valid_bytes.len() {
	if valid_bytes[i] != invalid_bytes[i] {
	return false;
	}
	}
	return true;
	}
	//there must be a build in fn to do this, but I don't know when it is yet
	fn pad_string(string_to_pad: &str, length: i32) -> String {
	let current_len = string_to_pad.len() as i32;
	let mut return_string = string_to_pad.to_string();
	for _ in 0..(length-current_len){
	return_string.push_str(" ");
	}
	return return_string;
	}
	//calculates the average of an array of u64's
	fn calculate_average(array_to_calc:&[u64;200]) -> f32 {
	let sum = array_to_calc.iter().fold(0,\|a, &b\| a + b);
	return (sum/array_to_calc.len() as u64) as f32;
	}