def pkcs1_oracle(priv, cipher): plain = rsa.raw_decrypt(priv, cipher) N = priv[1] modlen = rsa.bit_len(N) topbyte = (plain >> (modlen - 8)) & 0xff topbyte2 = (plain >> (modlen - 16)) & 0xff return topbyte == 0x00 and topbyte2 == 0x02
def decrypt_once(priv, ct): global ciphers if ct in ciphers: return None ciphers.append(ct) return rsa.raw_decrypt(priv, ct)
def pkcs1_sign(priv, msg): d, n = priv modlen = rsa.byte_len(n) h = sha1(msg).hexdigest() npad = modlen - 2 - 1 - len(asn1_sha1_prefix + h) / 2 mr = '0001' + ('ff' * npad) + '00' + asn1_sha1_prefix + h mr = long(mr, 16) return rsa.raw_decrypt(priv, mr)
def pkcs1_sign(priv, msg): d, n = priv modlen = rsa.byte_len(n) h = sha1(msg).hexdigest() npad = modlen - 2 - 1 - len(asn1_sha1_prefix + h) / 2 mr = "0001" + ("ff" * npad) + "00" + asn1_sha1_prefix + h mr = long(mr, 16) return rsa.raw_decrypt(priv, mr)
def oracle(priv, cipher): pt = rsa.raw_decrypt(priv, cipher) return pt & 1
import rsa if __name__ == '__main__': pub, priv = rsa.gen_rsa(1024, rsa.PUBLIC_EXP) m = 0x1235123 e = rsa.raw_encrypt(pub, m) assert rsa.raw_decrypt(priv, e) == m print 'ok'