def main():
start = 0
end = 0
s = socket.socket()
host = socket.gethostname()
port = 5964
s.connect((host,port))
key = []
key.append(int(s.recv(4096))) # e
s.send('ok')
key.append(int(s.recv(4096))) # n
print '--- Public key received ---'
print key
command = input('Choose:\n1.Receive Message from server\n2.Send Message to server\n0.Exit\n')
while command != 0:
if command == 1:
s.send(str(command))
cipher = []
# wait until server is ready
s.recv(128)
s.send('ok')
data = s.recv(4096)
print '--- Receiving ciphertext from server... ---'
start = time.time()
while data != '-1':
cipher.append(int(data))
s.send('ok')
data = s.recv(4096)
end = time.time()
print '--- Ciphertext received',end-start,'sec ---'
print '--- Decrypting ciphertext using Public key... ---'
start = time.time()
print rsalib.decrypt('client',cipher,key)
end = time.time()
print '--- Done',end-start,'sec ---'
elif command == 2:
s.send(str(command))
# wait until server is ready
s.recv(128)
print '--- Encrypting... ---'
start = time.time()
cipher = rsalib.encrypt('client',key)
end = time.time()
print '--- Ciphertext prepared',end-start,'sec ---'
print '--- Sending to server... ---'
start = time.time()
for i in cipher:
s.send(str(i))
# wait until server prepared
s.recv(128)
s.send(str(-1))
end = time.time()
print '--- Ciphertext sent out',end-start,'sec ---'
command = input('Choose:\n1.Receive Message from server\n2.Send Message to server\n0.Exit\n')
s.send(str(0))
s.close()
def main_6_47():
global k, _k, K
k = 1 << 5 # byte length of the key (article notation)
_k, K = rsalib.gen_key(8 * k)
print(f'Key size = {K.n.bit_length()}')
_MSG = b'kick it, CC'
CIPH = rsalib.encrypt(K, int.from_bytes(_MSG, 'big'))
deciph = int_to_bytes(attack(CIPH)) # attack
print(f'\n{deciph}')
assert deciph == _MSG
def main_6_48():
global k, _k, K
k = 96
_k, K = rsalib.gen_key(8 * k)
print(f'Key size = {K.n.bit_length()}')
_MSG = b"That's why I found you don't play around with the Funky Cold Medina"
# this time we pad to save time
CIPH = rsalib.encrypt(K, int.from_bytes(pad(_MSG, k), 'big'))
deciph = unpad(attack(CIPH).to_bytes(k, 'big')) # attack
print(f'\n{deciph}')
assert deciph == _MSG
def sanity_check():
global k, _k, K
print('Sanity check...', end=' ', flush=True)
k = 96 # byte length of the key (article notation)
_k, K = rsalib.gen_key(8 * k)
m0 = b'simple_test'
p = pad(m0, k)
assert is_PKSC1_conform(p)
c = rsalib.encrypt(K, int.from_bytes(p, 'big'))
assert oracle(c)
d = rsalib.decrypt(_k, c).to_bytes(k, 'big')
assert is_PKSC1_conform(d)
m1 = unpad(d)
assert m1 == m0
print('ok')
def rsa_sign(k, h: bytes) -> bytes:
ph = pkcs115_pad(k.n.bit_length() - 1, h)
return int_to_bytes(rsalib.encrypt(k, int.from_bytes(ph, 'big')))
Known bugs: crashes when trying to decrypt something that is
not encrypted using this program
'''
import sys
import rsalib
def usage():
print ("usage: rsa.py keygen")
print (" rsa.py encrypt \"plaintext\"")
print (" rsa.py decrypt \"encrypted text\"")
if (len(sys.argv)) < 2:
usage()
else:
if sys.argv[1] == "keygen" or sys.argv[1] == "key-gen":
print("key: N=%d, e=%d, d=%d" % rsalib.keygen())
elif sys.argv[1] == "encrypt" or sys.argv[1] == "decrypt":
if len(sys.argv) < 3:
usage()
else:
if sys.argv[1] == "encrypt":
print(rsalib.encrypt(sys.argv[2]))
else:
print(rsalib.decrypt(sys.argv[2]))
else:
usage()
#!/usr/bin/env python3
import rsalib
from rsalib import int_to_bytes
import base64, decimal
from itertools import takewhile
## DATA
_k, K = rsalib.gen_key(1<<10)
_MSG = int.from_bytes(base64.b64decode(b'VGhhdCdzIHdoeSBJIGZvdW5kIHlvdSBkb24ndCBwbGF5IGFyb3VuZCB3aXRoIHRoZSBGdW5reSBDb2xkIE1lZGluYQ=='), 'big')
CIPH = rsalib.encrypt(K, _MSG)
def odd_oracle(x: int):
return rsalib.decrypt(_k, x) & 1
## Attack
c2 = CIPH # = m^e mod n
p2 = rsalib.encrypt(K, 2) # = 2^e mod n
decimal.getcontext().prec = K.n.bit_length()//3
l, r = decimal.Decimal(0), decimal.Decimal(K.n-1)
d2 = decimal.Decimal(2)
for i in range(K.n.bit_length()):
c2 = (p2*c2) % K.n
# let d(i) = decrypted c2(i)
# = (2^i * msg) mod n
# if 2*d(i) < n, d(i) = 2*d(i-1) even
# if 2*d(i) >=n, d(i) = 2*d(i-1) - n odd
# as n is odd (and not prime as the statement says...)
if odd_oracle(c2):
def gen_encrypt(m):
_, K = rsalib.gen_key(m.bit_length() + 3)
e, n = K
assert e == 3
return n, rsalib.encrypt(K, m)
def main():
if len(sys.argv) < 2:
print 'Need the length of key'
return
# timer
start = 0
end = 0
print '--- Generating key pairs ---'
start = time.time()
mid = int(sys.argv[1]) // 2
p = rsalib.generate_prime(mid - 5)
print '--- prime p ---\n', p
q = rsalib.generate_prime(mid + 5)
print '--- prime q ---\n', q
n = p * q
print '--- n ---\n', n
t = (p - 1) * (q - 1) # totient
print '--- totient ---\n', t
e = random.randint(1, t)
while rsalib.gcd(t, e) != 1:
e = random.randint(1, t)
print '--- e ---\n', e
d = rsalib.modular_multiplicative_inverse(e, t)
print '--- d ---\n', d
puk = open('rsa/PUK', 'w')
puk.write(str(e) + '\n')
puk.write(str(n))
puk.close()
prk = open('rsa/PRK', 'w')
prk.write(str(d) + '\n')
prk.write(str(n))
prk.close()
end = time.time()
key = [d, n]
print '--- Key pairs have been generated. ', end - start, 'sec ---'
s = socket.socket()
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
host = socket.gethostname()
port = 5964
s.bind((host, port))
s.listen(5)
print '--- Wait for client connection ---'
c, addr = s.accept()
print '--- Got connection from ', addr, ' ---'
print '--- Distribute public key ---'
start = time.time()
c.send(str(e))
# wait until client received, and send back ack 'ok'
c.recv(128)
c.send(str(n))
end = time.time()
print '--- Key distribution done.', end - start, 'sec ---'
command = c.recv(128)
while command != '0':
print '--- Command from client:', command
if command == '1':
print '--- Encrypting... ---'
start = time.time()
c.send('ok')
c.recv(128)
cipher = rsalib.encrypt('server', key)
end = time.time()
print '--- Ciphertext prepared', end - start, 'sec ---'
# print cipher
print '--- Sending to client... ---'
start = time.time()
for i in cipher:
c.send(str(i))
# wait until client prepared
c.recv(128)
end = time.time()
print '--- Ciphertext sent out', end - start, 'sec ---'
c.send(str(-1))
elif command == '2':
cipher_client = []
c.send('ok')
data = c.recv(4096)
print '--- Receiving ciphertext from client... ---'
start = time.time()
while data != '-1':
cipher_client.append(int(data))
c.send('ok')
data = c.recv(4096)
end = time.time()
print '--- Ciphertext received', end - start, 'sec ---'
print '--- Decrypting ciphertext using Private key... ---'
start = time.time()
print rsalib.decrypt('server', cipher_client, key)
end = time.time()
print '--- Done', end - start, 'sec ---'
#print cipher_client
# c.recv(128)
command = c.recv(128)
c.close()
s.close()
print '--- Connection closed ---'
def main():
if len(sys.argv) < 2:
print 'Need the length of key'
return
# timer
start = 0
end = 0
print '--- Generating key pairs ---'
start = time.time()
mid = int(sys.argv[1])//2
p = rsalib.generate_prime(mid-5)
print '--- prime p ---\n',p
q = rsalib.generate_prime(mid+5)
print '--- prime q ---\n',q
n = p*q
print '--- n ---\n',n
t = (p-1)*(q-1) # totient
print '--- totient ---\n',t
e = random.randint(1,t)
while rsalib.gcd(t,e) != 1:
e = random.randint(1,t)
print '--- e ---\n',e
d = rsalib.modular_multiplicative_inverse(e,t)
print '--- d ---\n',d
puk = open('rsa/PUK','w')
puk.write(str(e)+'\n')
puk.write(str(n))
puk.close()
prk = open('rsa/PRK','w')
prk.write(str(d)+'\n')
prk.write(str(n))
prk.close()
end = time.time()
key = [d,n]
print '--- Key pairs have been generated. ',end-start,'sec ---'
s = socket.socket()
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
host = socket.gethostname()
port = 5964
s.bind((host, port))
s.listen(5)
print '--- Wait for client connection ---'
c, addr = s.accept()
print '--- Got connection from ', addr,' ---'
print '--- Distribute public key ---'
start = time.time()
c.send(str(e))
# wait until client received, and send back ack 'ok'
c.recv(128)
c.send(str(n))
end = time.time()
print '--- Key distribution done.',end-start,'sec ---'
command = c.recv(128)
while command != '0':
print '--- Command from client:',command
if command == '1':
print '--- Encrypting... ---'
start = time.time()
c.send('ok')
c.recv(128)
cipher = rsalib.encrypt('server',key)
end = time.time()
print '--- Ciphertext prepared',end-start,'sec ---'
# print cipher
print '--- Sending to client... ---'
start = time.time()
for i in cipher:
c.send(str(i))
# wait until client prepared
c.recv(128)
end = time.time()
print '--- Ciphertext sent out',end-start,'sec ---'
c.send(str(-1))
elif command == '2':
cipher_client = []
c.send('ok')
data = c.recv(4096)
print '--- Receiving ciphertext from client... ---'
start = time.time()
while data != '-1':
cipher_client.append(int(data))
c.send('ok')
data = c.recv(4096)
end = time.time()
print '--- Ciphertext received',end-start,'sec ---'
print '--- Decrypting ciphertext using Private key... ---'
start = time.time()
print rsalib.decrypt('server',cipher_client,key)
end = time.time()
print '--- Done',end-start,'sec ---'
#print cipher_client
# c.recv(128)
command = c.recv(128)
c.close()
s.close()
print '--- Connection closed ---'
class Server:
def __init__(self):
self.k, self.K = rsalib.gen_key(1<<10)
self.Seen = {}
def decrypt(self, c):
assert c not in self.Seen
self.Seen[c] = time.time()
return rsalib.decrypt(self.k, c)
if __name__=='__main__':
S = Server()
e, n = K = S.K
mess0 = b'platypus:'+base64.b64encode(get_random_bytes(12))
m0 = int.from_bytes(mess0, 'big')
print(mess0, hex(m0))
c0 = rsalib.encrypt(K, m0) # intercepted
print('Server:', hex(S.decrypt(c0)))
s = randint(2, n-1)
c1 = (pow(s, e, n) * c0) % n
# c1 = s^e * c0 = (s*m)^e
# c1^d = s*m
m1 = S.decrypt(c1)
m2 = (m1 * pow(s, -1, n)) % n
mess2 = int_to_bytes(m2)
print(mess2, hex(m2))
assert mess2 == mess0