$3\mathrm{.}4$ Task $4$: Attack Mitigation using HMAC

In the tasks so far, we have observed the damage caused when a developer computes a MAC in an insecure way by concatenating the key and the message. In this task, we will fix the mistake made by the developer. The standard way to calculate MACs is to use HMAC. Students should modify the server program's verify$\_$mac $()$ function and use Python's hmac module to calculate the MAC. The function resides in lab. py$.$ Given a key and message $($both of type string$),$ the HMAC can be computed as shown below $($if you copy and paste the code from this PDF file, the $\text{'}$ characters might not be copied correctly on some platforms$).$

real$\_$mac $=$ hmac.new $($bytearray $($key$.$encode $(\text{'}$utf$-8\text{'})),$

msg$=$message.encode $(\text{'}$utf$-8\text{'},$ 'surrogateescape'$),$

digestmod$=$hashlib.sha$256).$ hexdigest $()$

After making the changes, stop all the containers, rebuild them, and start all the containers again. The change will then take effect. Students should repeat Task $1$ to send a request to list files while using HMAC for the MAC calculation. Assuming that the chosen key is $123456,$ the HMAC can be computed in the following program.

#$!/$bin$/$env python $3$

import hmac

import hashlib

key$=\text{'}{123456}^{\text{'}}$

message $={?}^{\text{'}}$ lst $cmd=1^{\text{'}}$

mac $=$ hmac. new $($bytearray $($key$.$encode $(\text{'}$ut $f-8^{\text{'}})),$

$msg=$ message.encode $(\text{'}$utf$-8\text{'},$ 'surrogateescape'$),$

digestmod$=$hashlib.sha$256).$ hexdigest $()$

print $($mac$)$

Students should describe why a malicious request using length extension and extra commands will fail MAC verification when the client and server use HMAC.