def pkcs1_oracle(priv, cipher):
plain = rsa.raw_decrypt(priv, cipher)
N = priv[1]
modlen = rsa.bit_len(N)
topbyte = (plain >> (modlen - 8)) & 0xff
topbyte2 = (plain >> (modlen - 16)) & 0xff
return topbyte == 0x00 and topbyte2 == 0x02
def pkcs1_oracle(priv, cipher):
plain = rsa.raw_decrypt(priv, cipher)
N = priv[1]
modlen = rsa.bit_len(N)
topbyte = (plain >> (modlen - 8)) & 0xff
topbyte2 = (plain >> (modlen - 16)) & 0xff
return topbyte == 0x00 and topbyte2 == 0x02
def decrypt_once(priv, ct):
global ciphers
if ct in ciphers:
return None
ciphers.append(ct)
return rsa.raw_decrypt(priv, ct)
def decrypt_once(priv, ct):
global ciphers
if ct in ciphers:
return None
ciphers.append(ct)
return rsa.raw_decrypt(priv, ct)
def pkcs1_sign(priv, msg):
d, n = priv
modlen = rsa.byte_len(n)
h = sha1(msg).hexdigest()
npad = modlen - 2 - 1 - len(asn1_sha1_prefix + h) / 2
mr = '0001' + ('ff' * npad) + '00' + asn1_sha1_prefix + h
mr = long(mr, 16)
return rsa.raw_decrypt(priv, mr)
def pkcs1_sign(priv, msg):
d, n = priv
modlen = rsa.byte_len(n)
h = sha1(msg).hexdigest()
npad = modlen - 2 - 1 - len(asn1_sha1_prefix + h) / 2
mr = "0001" + ("ff" * npad) + "00" + asn1_sha1_prefix + h
mr = long(mr, 16)
return rsa.raw_decrypt(priv, mr)
def oracle(priv, cipher):
pt = rsa.raw_decrypt(priv, cipher)
return pt & 1
def oracle(priv, cipher):
pt = rsa.raw_decrypt(priv, cipher)
return pt & 1
import rsa
if __name__ == '__main__':
pub, priv = rsa.gen_rsa(1024, rsa.PUBLIC_EXP)
m = 0x1235123
e = rsa.raw_encrypt(pub, m)
assert rsa.raw_decrypt(priv, e) == m
print 'ok'
