def test_common_modulus(s): n = 100160063 e1 = 65537 e2 = 65539 rsa1 = RSA(e1, n) rsa2 = RSA(e2, n) m = random.randint(2, n) c1 = rsa1.encrypt(m) c2 = rsa2.encrypt(m) s.assertEqual(rsautil.common_modulus(rsa1, rsa2, c1, c2), m)
def test_hastads_broadcast(s): # Hastad's Broadcast Attack e = 3 n1 = 100160063 n2 = 100761443 n3 = 101284087 rsa1 = RSA(e, n1) rsa2 = RSA(e, n2) rsa3 = RSA(e, n3) m = random.randint(2, n1) c1 = rsa1.encrypt(m) c2 = rsa2.encrypt(m) c3 = rsa3.encrypt(m) s.assertEqual( rsautil.hastads_broadcast([rsa1, rsa2, rsa3], [c1, c2, c3]), m)
def test_rsa(s): p = 10007 q = 10009 rsa = RSA(65537, p * q, p, q) s.assertEqual(rsa.d, 35910881) s.assertEqual(rsa.encrypt(2), 82696754) s.assertEqual(rsa.decrypt(82696754), 2) s.assertTrue(rsa.verify(2, 82696754)) rsa = RSA(65537, p * q, p) s.assertEqual(rsa.q, q) rsa = RSA(65537, p * q, d=35910881) s.assertEqual(rsa.p, q) s.assertEqual(rsa.q, p) rsa = RSA(7, 17 * 19) s.assertEqual( rsa.to_pem(), '-----BEGIN PUBLIC KEY-----\nMBswDQYJKoZIhvcNAQEBBQADCgAwBwICAUMCAQc=\n-----END PUBLIC KEY-----' ) rsa2 = RSA.import_pem( '-----BEGIN PUBLIC KEY-----\nMBswDQYJKoZIhvcNAQEBBQADCgAwBwICAUMCAQc=\n-----END PUBLIC KEY-----' ) s.assertEqual(rsa2.e, rsa.e) s.assertEqual(rsa2.n, rsa.n) e = 65537L p = 30273475826655122536846983848160550500204682688015809023335848977523483917101160672536270586442050599212388523105658958722156396123018845746524519897609762574658162037605366756637000161968957454056615351809334082634704761148089250864449954659717803085319254163373477692727609686455002524762610294656298153428381789839148893230830373303154974726530963515731262435230022596576929976932822059822740108493930213173446084979361380298692133596613850695825919575790921163545442413558822869237717221629484262019925427510325465282137171976866976076927259517451663508702630142903351619056923348092008357470407045828985216253489L q = 25026899679257977233919368476074789189000606929670669654861099402095931044075373028105218208262296685578570826772027221115087033855782806414326752272221946923970978091610606943532328834829043818742793791659570703198031587772396469259389310570504380927982212739953474927497682617061894024658939438958024879116111361256823069627223346302696674698982817968060190185337364920943089914174684210814700656758036485832973539249277041533028779915256267817918950350116730412069682443355145574251795778432477644290721547104112473654536968151586688673598976960740253777919778270130667057007111142100646026090768853068104238449017L rsa = RSA(e, p * q, p, q) c = "76c2a9315dea6500be226762980173a8d364e6409b2f00911f669628a71943ca348f67adf2ae90c9c0aa0a380793ae977483803b0062399a0dd4704f6bcab0e7240d99b1936c4dd38e029eeae0a309c8eff147d8f57214a28bd2021eb8adf262e57cd7c11c5d4405f93e3e0b2b62bf378d600bd122f4e26c25014aaf3a64b531134ace4fe2daef52ff034e14f9647040bd2aabb9c397118757c329562d1c97cb034b6ff15aa99e89850e5d2098e1a407cc58b1a45f970b965da43377d0259ebd53a91d87025774e925c4abefd9990b9fafd9b194fc87ccc25885dab31afd3f4e4cf8f71bc30129b0acd1ef6aa90e9fc736c609c16561b6975265c390de6ca99e900299fd4b3bfcaa6f1ca0104b99d19bd447a59838e799bb10cee3083131f6a580ac37353fce0c5a5bfca85e988f4a390f17d672639a2d47a7f68e9eda0ad9913440e520ab5d8a91c54de44d325d7c740952e583639dadb5b905d319a5e7a747e102ab2ad600150414567b4610df8f184ed8bdb14cb3100ee09f19dffa29a2a5d91134c5df6f48142691b18b408ebdbd68efe836ba371d06bbd64114dee64a24754822723eaa69d03aceb77448194042630c0cd0e27d5cd5181d0a78689941d5b48d2cb9d3b90368335bf70f020b50fa4729889b30dcff1c7cea2abef25ece73a8d2f6e0a5aeb8986e9e9a0559f16402012735505cc864cdc2b49d0a6ecba217" m = int( "030379ada3f4f7cff7c114fa625abe9a4bbb457eda3f3f58838f116a01300f7d44886c8639e41c52024e12c31bb6d96f", 16) s.assertEqual(rsa.decrypt_PKCS15(int(c, 16)), m)
def test_lsb_oracle(s): p = 10007 q = 10009 rsa = RSA(65537, p * q, p, q) def oracle(c): o = rsa.decrypt(c) % 2 return o s.assertEqual(rsautil.lsb_oracle(rsa, rsa.encrypt(12345678), oracle), 12345678) random.seed(12345) for _ in xrange(20): m = random.getrandbits(24) print '[+] m:', m s.assertEqual( rsautil.lsb_oracle(rsa, rsa.encrypt(m), oracle, quiet=True), m)
def test_ciphertext_homomorphism(s): p = 10007 q = 10009 rsa = RSA(65537, p * q, p, q) s.assertEqual(rsa.d, 35910881) s.assertEqual(rsa.encrypt(2), 82696754) s.assertEqual(rsa.decrypt(82696754), 2) c = rsa.encrypt(2) s.assertEqual(rsa.decrypt(c * c), 4) s.assertEqual(rsa.decrypt(2 * c), 4) s.assertEqual(rsa.decrypt(c * 2), 4) s.assertEqual(rsa.decrypt(-c * -2), 4) s.assertEqual(rsa.decrypt(-c * -2), 4) with s.assertRaises(AssertionError) as cm: rsa.decrypt(c + 1) with s.assertRaises(AssertionError) as cm: rsa.decrypt(c - 1)
def test_franklin_reiter(s): # Franklin-Reiter Related Message Attack e = 255 n = 100160063 rsa = RSA(e, n) m1 = 86452943 m2 = 7 * m1 + 3 c1 = rsa.encrypt(m1) c2 = rsa.encrypt(m2) s.assertEqual(rsautil.franklin_reiter(rsa, 7, 3, c1, c2), m1)