def test_challenge47(): pub, priv = rsa.gen_key_pair(256) def padding_oracle(ciphernum): plainnum = rsa.decrypt(priv, ciphernum) plaintext = util.to_bytes(plainnum) return plaintext[:2] == b'\x00\x02'
def init_connection(conn, hosting, recv_callback, dc_callback): global aes_key, hmac_key if hosting: partner_rsa_pub = rsa.byte_decode_public(conn.recv(132)) print("Received public key") aes_key = aes.gen_key() # 16 byte hmac_key = hmac.gen_key() # 32 byte payload = rsa.encrypt(aes_key + hmac_key, partner_rsa_pub) # 128 byte print("48? " + str(len(payload))) print("Sending keys...") conn.sendall(payload) print("Done") else: public, private = rsa.gen_key_pair() print("Sending public key...") conn.sendall(rsa.byte_encode_public(public)) print("Receiving keys...") payload = conn.recv(128) print("Done") keys = rsa.decrypt(payload, private) aes_key = keys[:16] hmac_key = keys[16:] print("Secure channel established") #Thread(target=send_loop(conn), name="SEND").start() Thread(target=recv_loop(conn, recv_callback, dc_callback), name="RECV").start()
def test_challenge46(): pub, priv = rsa.gen_key_pair(1024) def parity_oracle(ciphernum): plainnum = rsa.decrypt(priv, ciphernum) return plainnum & 1 data = b'VGhhdCdzIHdoeSBJIGZvdW5kIHlvdSBkb24ndCBwbGF5IGFyb3VuZCB3aXRoIHRoZSBGdW5reSBDb2xkIE1lZGluYQ==' ciphertext = rsa.encrypt(pub, base64.b64decode(data)) assert set6.challenge46(pub, ciphertext, parity_oracle) == base64.b64decode(data)
def test_challenge41(): msg_set = set() pub, priv = rsa.gen_key_pair() def decrypt_once(ciphertext): if ciphertext in msg_set: raise RuntimeError('You cannot decrypt a message twice') msg_set.add(ciphertext) return rsa.decrypt(priv, ciphertext) message = b'user secret data' ciphertext = rsa.encrypt(pub, message) assert message == decrypt_once(ciphertext) assert message == set6.challenge41(ciphertext, pub, decrypt_once)
def test_challenge42(): pub, priv = rsa.gen_key_pair(1024) def signature(message): md = hashlib.sha1(message).digest() md = b'\x00\x01' + (b'\xff' * (125 - len(md))) + b'\x00' + md return rsa.decrypt(priv, md) def verify(message, signature): md = b'\x00' + rsa.encrypt(pub, signature) if md[:2] != b'\x00\x01': return False i = 3 while md[i] == 0xff: i += 1 if md[i] != 0: return False md = md[i + 1:i + 21] return md == hashlib.sha1(message).digest() message = b'hello' assert verify(message, signature(message)) assert verify(message, set6.challenge42(pub, message))
def __init__(self): self._seen = set() self._d, self._e, self._n = rsa.gen_key_pair(256)
import number_theory import rsa import util #see: https://people.freebsd.org/~lstewart/references/apple_tr_kt32_cuberoot.pdf #for computing cube roots if __name__ == '__main__': #get 3 RSA keys all with e = 3 _, e1, n1 = rsa.gen_key_pair(64) _, e2, n2 = rsa.gen_key_pair(64) _, e3, n3 = rsa.gen_key_pair(64) assert ({e1, e2, e3} == {3}) #if same message is encrypted with all keys m = "hello" c1 = rsa.rsa_encrypt(m, 3, n1) c2 = rsa.rsa_encrypt(m, 3, n2) c3 = rsa.rsa_encrypt(m, 3, n3) #then #c_i = m^3 (mod n_i) #So by CTR we can find m^3 (mod n_1*n_2*n_3) m_cubed = number_theory.crt([c1, c2, c3], [n1, n2, n3]) #m < n_i ==> m^3 < n_1*n_2*n_3 #==> we can find m by taking a normal cube root mp = util.bigint_to_bytes(number_theory.ith_root(m_cubed, 3)) assert (m == mp) print 'Recovered message:', mp