Ejemplo n.º 1
0
def verify(m, g, p, q, r, s, y):
    for j in [r, s]:
        if j <= 0:
            pass  # Bad! Should reject, but breaking on purpose.
        if j >= q:
            return False
    w = invmod(s, q)
    u1 = s2i(sha1(m).digest()) * w % q
    u2 = r * w % q
    v = (pow(g, u1, p) * pow(y, u2, p)) % p % q
    return v == r
Ejemplo n.º 2
0
def verify(m, g, p, q, r, s, y):
    for j in [r, s]:
        if j <= 0:
            pass # Bad! Should reject, but breaking on purpose.
        if j >= q:
            return False
    w = invmod(s, q)
    u1 = s2i(sha1(m).digest()) * w % q
    u2 = r * w % q
    v = (pow(g, u1, p) * pow(y, u2, p)) % p % q
    return v == r
Ejemplo n.º 3
0
def sign(message, g, p, q, x):
    """DSA signing. Deliberately bad max value for k, the nonce. Really,
    max should be = q. Also deliberately bad to give up and allow r =
    0.
    """
    r = 0
    s = 0
    i = 0
    while r == 0 or s == 0:
        i += 1
        if i > 60000:
            return [r,s] # bad!
        k = random.randint(1, 2 ** 16) # bad !
        r = pow(g, k, p) % q
        H = s2i(sha1(message).digest())
        s = ((H + x * r) * invmod(k, q)) % q
    return [r, s]
Ejemplo n.º 4
0
def sign(message, g, p, q, x):
    """DSA signing. Deliberately bad max value for k, the nonce. Really,
    max should be = q. Also deliberately bad to give up and allow r =
    0.
    """
    r = 0
    s = 0
    i = 0
    while r == 0 or s == 0:
        i += 1
        if i > 60000:
            return [r, s]  # bad!
        k = random.randint(1, 2**16)  # bad !
        r = pow(g, k, p) % q
        H = s2i(sha1(message).digest())
        s = ((H + x * r) * invmod(k, q)) % q
    return [r, s]
Ejemplo n.º 5
0
print "Along with signature..."
print signature
print "Does it verify?"
print verify(signature, message, U)
print

#### Forging

msg_to_forge = "hi mom"
hash_mom = sha1(msg_to_forge).digest()
block_mom = ("\x00\x01\xff\xff\x00ASN.1" +
             chr(len(hash_mom)) +
             hash_mom)
bytes_to_add = (bits / 8) - len(block_mom)
block_mom += "\x00" * bytes_to_add
block_mom_cube = "\x00" + rsa.i2s(cuberoot(rsa.s2i(block_mom)) ** 3)
forged_sig = cuberoot(rsa.s2i(block_mom_cube))

#### Check the sig

print "A poor fool received message:", msg_to_forge
print "Along with signature..."
print forged_sig
print "Does it verify?"
result = verify(forged_sig, msg_to_forge, U)
print result
print

#### tests ####
assert result
assert unpad(pkcs_1_5("Hello", 1024)) == "Hello"
Ejemplo n.º 6
0
bounds = [0, n]
start = time.time()
for i in range(2048):
    p = parity(multiply(ciphertext, 2**(i + 1), e, n))
    half_the_dist = (bounds[1] - bounds[0]) / 2
    if p == 0:
        bounds = [bounds[0], bounds[1] - half_the_dist]
    elif p == 1:
        bounds = [bounds[0] + half_the_dist, bounds[1]]
    if i % 16 == 0:
        print p, i, cleanup(rsa.i2s(bounds[1]),
                            '_')  # get 256 char wide screen

end = time.time()
dur = round(end - start, 1)
print "--------"
for b in bounds:
    print rsa.i2s(b)

print "2048 oracularities in", dur, "s =", round(2048 / dur, 1), "per s."

#### tests ####

hi = 'Hi'
c_hi = rsa.encrypt_string(hi, pubkey)
D = multiply(c_hi, 2, pubkey[0], pubkey[1])
assert rsa.s2i(hi) * 2 == rsa.crypt(D, privkey)

warn("Passed assertions:", __file__)
Ejemplo n.º 7
0
# theory, I think we could just cube-root it, but oh well.

bounds = [0, n]
start = time.time()
for i in range(2048):
    p = parity(multiply(ciphertext, 2**(i+1), e, n))
    half_the_dist = (bounds[1] - bounds[0]) / 2
    if p == 0:
        bounds = [bounds[0], bounds[1] -  half_the_dist]
    elif p == 1:
        bounds = [bounds[0] + half_the_dist, bounds[1]]
    if i % 16 == 0:
        print p, i, cleanup(rsa.i2s(bounds[1]), '_') # get 256 char wide screen

end = time.time()
dur = round(end - start, 1)
print "--------"
for b in bounds:
    print rsa.i2s(b)

print "2048 oracularities in", dur, "s =", round(2048 / dur, 1), "per s."

#### tests ####

hi = 'Hi'
c_hi = rsa.encrypt_string(hi, pubkey)
D = multiply(c_hi, 2, pubkey[0], pubkey[1])
assert rsa.s2i(hi) * 2 == rsa.crypt(D, privkey)

warn("Passed assertions:", __file__)
Ejemplo n.º 8
0
breakme = alice.encrypt(secret_for_bob)
E = breakme["pubkey"][0]  # pub key exponent
N = breakme["pubkey"][1]  # public key modulus
C = breakme["ciphertext"]  # long integer, not string

print "Bob calls Alice and receives..."
print alice.decrypt(C)
print

#### Mallory

print "Mallory calls Alice the 1st time and receives..."
print alice.decrypt(C)

print "Mallory calls w/ seemingly different string & receives..."
S = random.randint(2, 100000)
assert S % N > 1
Cp = (pow(S, E, N) * C) % N
Pp_string = alice.decrypt(Cp)
print Pp_string
Pp = rsa.s2i(Pp_string)
print "Alice's hash table suspects nothing..."
print alice.log
P = (Pp * rsa.invmod(S, N)) % N
print "But Mallory now knows..."
print rsa.i2s(P)

#### tests ####
assert rsa.i2s(P) == secret_for_bob
warn("Passed assertions:", __file__)
Ejemplo n.º 9
0
breakme = alice.encrypt(secret_for_bob)
E = breakme['pubkey'][0] # pub key exponent
N = breakme['pubkey'][1] # public key modulus
C = breakme['ciphertext'] # long integer, not string

print "Bob calls Alice and receives..."
print alice.decrypt(C)
print

#### Mallory

print "Mallory calls Alice the 1st time and receives..."
print alice.decrypt(C)

print "Mallory calls w/ seemingly different string & receives..."
S = random.randint(2, 100000)
assert S % N > 1
Cp = (pow(S, E, N) * C) % N
Pp_string = alice.decrypt(Cp)
print Pp_string
Pp = rsa.s2i(Pp_string)
print "Alice's hash table suspects nothing..."
print alice.log
P = (Pp * rsa.invmod(S, N) ) % N
print "But Mallory now knows..."
print rsa.i2s(P)

#### tests ####
assert rsa.i2s(P) == secret_for_bob
warn("Passed assertions:", __file__)