def main():
"""主函数"""
# p = int(input("请输入p:"))
# q = int(input("请输入q:"))
# 调用p,q生成函数
pq = dsa.gen_pq(1000000, 99999999)
p = pq[0]
q = pq[1]
# 测试签名的正确性,更改不符合规则的q就会签名失败
# q = 1000
print("生成p:{p}\n生成q:{q}".format(p=p, q=q))
# 生成私钥、公钥、g
keys = dsa.generateKeys(p, q)
private_key = keys[0]
# print(type(private_key), private_key)
public_key = keys[1]
g = keys[2]
# 返回 消息-签名对 (m,(r, s))
sign = dsa.signature(g, private_key, p, q)
# 返回True或False
flag = dsa.verify(sign, g, public_key, p, q)
if flag == True:
print("Verify Success!")
elif flag == False:
print("Verify invalid")
def test_challenge43():
message = b'you know me'
pub, priv = dsa.gen_key_pair()
signature = dsa.sign(priv, message)
assert dsa.verify(pub, message, signature)
x = set6.challenge43()
assert x == 125489817134406768603130881762531825565433175625
def run():
"""消息签名验证
通过启动run()执行以下功能:
-----------------------
1) 通过访问data/message.txt获取消息和签名对;
2) 对签名进行验证
"""
# 获取消息-签名对
with open("../data/message.txt", "r", encoding="utf-8") as msg:
sign_list = [x.split(":")[1].strip() for x in msg.readlines()]
m = sign_list[0]
r = int(sign_list[1])
s = int(sign_list[2])
sign = (m, (r, s))
# 获取公钥
with open("../data/public_key.txt", "r") as pub:
pub_keys = [x.split(":")[1].strip() for x in pub.readlines()]
p = int(pub_keys[0])
q = int(pub_keys[1])
g = int(pub_keys[2])
public_key = int(pub_keys[3])
# 传入公钥和签名对,进行验证
flag = dsa.verify(sign, g, public_key, p, q)
if flag == True:
print("签名验证成功!")
elif flag == False:
print("签名验证失败!")
def do_GET(self):
self.send_response(200)
self.send_header('Content-type', 'text/plain')
self.end_headers()
params = self.path[1:]
[data, sig] = [x.decode('hex') for x in params.split(',')]
try:
if verify(data, int(sig)):
if data == "flag":
ret = FLAG
else:
ret = 'ok'
else:
ret = "bad sig"
except:
ret = 'error'
self.wfile.write(ret)
def tamper(m, g):
y = pow(g, x, p)
[r, s] = sign(m, g, p, q, x)
print "m ", m
print "g ", print_long(g)
print "x (shh!) ", x
print "y ", print_long(y)
print "sig ", r
print " ", s
return [r,s,y]
for g in [g_original, 0, p+1]:
for message in m:
[r,s,y] = tamper(message, g)
answer = verify(message, g, p, q, r, s, y)
print "verifies?", answer
assert answer
print
if g == p+1:
z = 42 # arbitrary
r_magic = pow(y, z, p) % q
s_magic = r * invmod(z, q) % q
print "Made magic signature that will validate against any string."
print "r", r_magic
print "s", s_magic
for string in m + ["I fooled you", "asdfswe", "xcvbnm"]:
print "Signing:", string
answer = verify(string, g, p, q, r_magic, s_magic, y)
print "verifies?", answer
assert answer
from dsa import gen_param, gen_keypair, sign, verify
import sys
print("algorithm parameter generation: ")
if (len(sys.argv) > 1):
q, p, g = gen_param(int(sys.argv[1]), int(sys.argv[2]))
else:
# default inputs are (160, 1024)
q, p, g = gen_param()
print("q: {}\np: {}\ng: {}\n".format(q, p, g))
print("keypair generation:")
privkey, pubkey = gen_keypair(q, p, g)
print("privkey: {}\npubkey: {}\n".format(privkey, pubkey))
message = int(input("enter your message (as an integer): "))
print("\nsigning message with private key {}".format(privkey))
r, s = sign(q, p, g, privkey, message)
print("signature (r, s): {}".format((r, s)))
print("\nverifying message '{}' with signaure {}".format(message, (r, s)))
print(verify(q, p, g, pubkey, r, s, message))
# we need the group and public key. these are copy and pasted
# from gpg --list-keys --with-key-data
group = dsa.group(
0xEFAA7C6712B7051C74B47CB4521833A339B8963AC81C7393D8AF569BCAF42B2403BBF098265394F055604C05F6CA8D355590F4F1FD40BA9A6E6FE4858279C005DD7FD236A5918F73884B8B4F852806C4B759FABBF367721397B6864D7B8820D15296594802A62F673E5BCC5B8A974DB6BFD530F383D3EA63178CDB5CE547532288387344BA0E0288178F81211D099B0A9BF072240F6A0CE4E7029CCA034B7887C3AF8C67C21F767262396ED63A6D61311661AACBC4455325236D58E286131C985DA6D83ADC03FA36921250F678EC1453199933ADC2E1187BA30C0AA13C9D7F1076C42F2F33EFD58E6778CCB81CF09B9D56184F2E5E8B54C0F0BE25C34EE092B7,
0xF4EADB01CE599BE4472A92DD673660733D7A3690C1628D74C4A8AA8739B9577B,
0x8B77977DFCB54A8215E1F899A726F9256340C65AD6481E0075AF770CCBC1143581F7D8F0ADE56FC7AE4F1909B0DEEA88B4F87510A91FB4A88E60EC8E5F6ECDC36274A3D4A34A4AEECC71F6BC5DE3F087E6DCD18BB1BDA5FE8B75C1BBF96BEFC4256C48A10B18DD3C47C80F47455FF1D5BBB8F37D6DCEBD47804062895D2B498E65C23C53D0541868DF2D2E781E8A5F5E34C0E72F78BBCEAB6BCFD5B4B11320C81424FDFA929BB999719BFAFE68F50C4AE93F5BBA5AF68A6D843EACEFABBDB43D4639C40851D2A367B0FFD7C0A47A196DEE67A86EED010483AC2CF0AF30BE799BF19ABF61078DAD7CE254C3565F998392B657F141826C30B666BDB1291DBD51FA
)
pubkey = 0x8E4602D95606287968CD3BDC48D6815304E53818EEB18B2F8D5A1B463747648A1F91DF4EDF7F559F4ABCEEDBD79DAF5CE028322B09B1E7F10C1C8BABC0986F4C94AB3E9FFCE240BA3A13E9B1D46F3D5F3D2ED1DD50803C1CCEFDE9E27A02A27322045F5E2AF6BC05A8544CA01DC3260385EBDC7345FA00D95E73793ED7FC5F86E4C3A8CAB13056A1B276A82E82FC3A3B7D5BE37511CE08F3D67FA8084DCB10C4F81E6E99147C317045E6447FF525721AAF247B2EC262FFD52BEB1B2FAA90430A5F1F48F07D2F02EAA6D0C746E708814D3DDD24DDE045E4864CA909C969B81CC6C5E3002C1E8E8F706FEC9ECF021F922D11BF0592AAED2C1561DDA2344ACA154
sig = (dsa_sig.dsa_r, dsa_sig.dsa_s)
pub = (group, pubkey)
h = long(signed_hash, 16)
dsa.verify(pub, sig, h)
# search for k in chunks of this many values
perjob = 0xffff
def search_k_from(start):
search_k(group, start, start + perjob, sig, h)
# emit invocations of recoverk to do work
for startk in xrange(0, 0xffffffff, perjob):
print './recoverk', '%08x %08x' % (
startk, startk + perjob), '%x %x %x' % (
group.p, group.q,
group.g), '%x' % pubkey, '%x %x' % (sig), '%x' % h
if 0:
def tamper(m, g):
y = pow(g, x, p)
[r, s] = sign(m, g, p, q, x)
print "m ", m
print "g ", print_long(g)
print "x (shh!) ", x
print "y ", print_long(y)
print "sig ", r
print " ", s
return [r, s, y]
for g in [g_original, 0, p + 1]:
for message in m:
[r, s, y] = tamper(message, g)
answer = verify(message, g, p, q, r, s, y)
print "verifies?", answer
assert answer
print
if g == p + 1:
z = 42 # arbitrary
r_magic = pow(y, z, p) % q
s_magic = r * invmod(z, q) % q
print "Made magic signature that will validate against any string."
print "r", r_magic
print "s", s_magic
for string in m + ["I fooled you", "asdfswe", "xcvbnm"]:
print "Signing:", string
answer = verify(string, g, p, q, r_magic, s_magic, y)
print "verifies?", answer
assert answer
# Message hash
message = "hello"
h = hashlib.sha256()
h.update(message.encode("utf-8"))
m = long(h.hexdigest(), 16)
# ALICE ROUND 1
k1, z1, alpha, zeta, rr1, rr2 = alice_round_1(m, x1, y1, ka_pub, ka_priv)
# BOB ROUND 1
k2, r2 = bob_round_1(alpha, zeta)
# ALICE ROUND 2
r, pi = alice_round_2(alpha, zeta, r2, k1, y1, z1, x1, zkpa, ka_pub, rr1,
rr2)
# BOB ROUND 2
zkpb = zkp.gen_params(1024)
br2 = bob_round_2(pi, m, alpha, zeta, r, k2, x2, r2, y1, y2, ka_pub,
kb_pub, zkpa, zkpb)
mu, mup, pi2 = br2
# ALICE ROUND 3 (final)
sig = alice_round_3(pi2, r, r2, y2, mup, mu, alpha, zeta, zkpb, ka_pub,
ka_priv, kb_pub)
print(sig)
r, s = sig
print(dsa.verify(m, sig, y_a))
h = hashlib.sha256()
h.update("an other one".encode("utf-8"))
m = long(h.hexdigest(), 16)
print(dsa.verify(m, sig, y_a))
signed_hash = h.hexdigest()
assert signed_hash.startswith(dsa_sig.hash_hint.encode('hex'))
# we need the group and public key. these are copy and pasted
# from gpg --list-keys --with-key-data
group = dsa.group(0xEFAA7C6712B7051C74B47CB4521833A339B8963AC81C7393D8AF569BCAF42B2403BBF098265394F055604C05F6CA8D355590F4F1FD40BA9A6E6FE4858279C005DD7FD236A5918F73884B8B4F852806C4B759FABBF367721397B6864D7B8820D15296594802A62F673E5BCC5B8A974DB6BFD530F383D3EA63178CDB5CE547532288387344BA0E0288178F81211D099B0A9BF072240F6A0CE4E7029CCA034B7887C3AF8C67C21F767262396ED63A6D61311661AACBC4455325236D58E286131C985DA6D83ADC03FA36921250F678EC1453199933ADC2E1187BA30C0AA13C9D7F1076C42F2F33EFD58E6778CCB81CF09B9D56184F2E5E8B54C0F0BE25C34EE092B7,
0xF4EADB01CE599BE4472A92DD673660733D7A3690C1628D74C4A8AA8739B9577B,
0x8B77977DFCB54A8215E1F899A726F9256340C65AD6481E0075AF770CCBC1143581F7D8F0ADE56FC7AE4F1909B0DEEA88B4F87510A91FB4A88E60EC8E5F6ECDC36274A3D4A34A4AEECC71F6BC5DE3F087E6DCD18BB1BDA5FE8B75C1BBF96BEFC4256C48A10B18DD3C47C80F47455FF1D5BBB8F37D6DCEBD47804062895D2B498E65C23C53D0541868DF2D2E781E8A5F5E34C0E72F78BBCEAB6BCFD5B4B11320C81424FDFA929BB999719BFAFE68F50C4AE93F5BBA5AF68A6D843EACEFABBDB43D4639C40851D2A367B0FFD7C0A47A196DEE67A86EED010483AC2CF0AF30BE799BF19ABF61078DAD7CE254C3565F998392B657F141826C30B666BDB1291DBD51FA)
pubkey = 0x8E4602D95606287968CD3BDC48D6815304E53818EEB18B2F8D5A1B463747648A1F91DF4EDF7F559F4ABCEEDBD79DAF5CE028322B09B1E7F10C1C8BABC0986F4C94AB3E9FFCE240BA3A13E9B1D46F3D5F3D2ED1DD50803C1CCEFDE9E27A02A27322045F5E2AF6BC05A8544CA01DC3260385EBDC7345FA00D95E73793ED7FC5F86E4C3A8CAB13056A1B276A82E82FC3A3B7D5BE37511CE08F3D67FA8084DCB10C4F81E6E99147C317045E6447FF525721AAF247B2EC262FFD52BEB1B2FAA90430A5F1F48F07D2F02EAA6D0C746E708814D3DDD24DDE045E4864CA909C969B81CC6C5E3002C1E8E8F706FEC9ECF021F922D11BF0592AAED2C1561DDA2344ACA154
sig = (dsa_sig.dsa_r, dsa_sig.dsa_s)
pub = (group, pubkey)
h = long(signed_hash, 16)
dsa.verify(pub, sig, h)
# search for k in chunks of this many values
perjob = 0xffff
def search_k_from(start):
search_k(group, start, start + perjob, sig, h)
# emit invocations of recoverk to do work
for startk in xrange(0, 0xffffffff, perjob):
print './recoverk', '%08x %08x' % (startk, startk + perjob), '%x %x %x' % (group.p, group.q, group.g), '%x' % pubkey, '%x %x' % (sig), '%x' % h
if 0:
# doing this in python is possible, but really slow
pool = multiprocessing.Pool(6)
pool.map(search_k_from,
xrange(0, 0xffffffff, perjob))