def main(): start = 0 end = 0 s = socket.socket() host = socket.gethostname() port = 5964 s.connect((host,port)) key = [] key.append(int(s.recv(4096))) # e s.send('ok') key.append(int(s.recv(4096))) # n print '--- Public key received ---' print key command = input('Choose:\n1.Receive Message from server\n2.Send Message to server\n0.Exit\n') while command != 0: if command == 1: s.send(str(command)) cipher = [] # wait until server is ready s.recv(128) s.send('ok') data = s.recv(4096) print '--- Receiving ciphertext from server... ---' start = time.time() while data != '-1': cipher.append(int(data)) s.send('ok') data = s.recv(4096) end = time.time() print '--- Ciphertext received',end-start,'sec ---' print '--- Decrypting ciphertext using Public key... ---' start = time.time() print rsalib.decrypt('client',cipher,key) end = time.time() print '--- Done',end-start,'sec ---' elif command == 2: s.send(str(command)) # wait until server is ready s.recv(128) print '--- Encrypting... ---' start = time.time() cipher = rsalib.encrypt('client',key) end = time.time() print '--- Ciphertext prepared',end-start,'sec ---' print '--- Sending to server... ---' start = time.time() for i in cipher: s.send(str(i)) # wait until server prepared s.recv(128) s.send(str(-1)) end = time.time() print '--- Ciphertext sent out',end-start,'sec ---' command = input('Choose:\n1.Receive Message from server\n2.Send Message to server\n0.Exit\n') s.send(str(0)) s.close()
def main_6_47(): global k, _k, K k = 1 << 5 # byte length of the key (article notation) _k, K = rsalib.gen_key(8 * k) print(f'Key size = {K.n.bit_length()}') _MSG = b'kick it, CC' CIPH = rsalib.encrypt(K, int.from_bytes(_MSG, 'big')) deciph = int_to_bytes(attack(CIPH)) # attack print(f'\n{deciph}') assert deciph == _MSG
def main_6_48(): global k, _k, K k = 96 _k, K = rsalib.gen_key(8 * k) print(f'Key size = {K.n.bit_length()}') _MSG = b"That's why I found you don't play around with the Funky Cold Medina" # this time we pad to save time CIPH = rsalib.encrypt(K, int.from_bytes(pad(_MSG, k), 'big')) deciph = unpad(attack(CIPH).to_bytes(k, 'big')) # attack print(f'\n{deciph}') assert deciph == _MSG
def sanity_check(): global k, _k, K print('Sanity check...', end=' ', flush=True) k = 96 # byte length of the key (article notation) _k, K = rsalib.gen_key(8 * k) m0 = b'simple_test' p = pad(m0, k) assert is_PKSC1_conform(p) c = rsalib.encrypt(K, int.from_bytes(p, 'big')) assert oracle(c) d = rsalib.decrypt(_k, c).to_bytes(k, 'big') assert is_PKSC1_conform(d) m1 = unpad(d) assert m1 == m0 print('ok')
def rsa_sign(k, h: bytes) -> bytes: ph = pkcs115_pad(k.n.bit_length() - 1, h) return int_to_bytes(rsalib.encrypt(k, int.from_bytes(ph, 'big')))
Known bugs: crashes when trying to decrypt something that is not encrypted using this program ''' import sys import rsalib def usage(): print ("usage: rsa.py keygen") print (" rsa.py encrypt \"plaintext\"") print (" rsa.py decrypt \"encrypted text\"") if (len(sys.argv)) < 2: usage() else: if sys.argv[1] == "keygen" or sys.argv[1] == "key-gen": print("key: N=%d, e=%d, d=%d" % rsalib.keygen()) elif sys.argv[1] == "encrypt" or sys.argv[1] == "decrypt": if len(sys.argv) < 3: usage() else: if sys.argv[1] == "encrypt": print(rsalib.encrypt(sys.argv[2])) else: print(rsalib.decrypt(sys.argv[2])) else: usage()
#!/usr/bin/env python3 import rsalib from rsalib import int_to_bytes import base64, decimal from itertools import takewhile ## DATA _k, K = rsalib.gen_key(1<<10) _MSG = int.from_bytes(base64.b64decode(b'VGhhdCdzIHdoeSBJIGZvdW5kIHlvdSBkb24ndCBwbGF5IGFyb3VuZCB3aXRoIHRoZSBGdW5reSBDb2xkIE1lZGluYQ=='), 'big') CIPH = rsalib.encrypt(K, _MSG) def odd_oracle(x: int): return rsalib.decrypt(_k, x) & 1 ## Attack c2 = CIPH # = m^e mod n p2 = rsalib.encrypt(K, 2) # = 2^e mod n decimal.getcontext().prec = K.n.bit_length()//3 l, r = decimal.Decimal(0), decimal.Decimal(K.n-1) d2 = decimal.Decimal(2) for i in range(K.n.bit_length()): c2 = (p2*c2) % K.n # let d(i) = decrypted c2(i) # = (2^i * msg) mod n # if 2*d(i) < n, d(i) = 2*d(i-1) even # if 2*d(i) >=n, d(i) = 2*d(i-1) - n odd # as n is odd (and not prime as the statement says...) if odd_oracle(c2):
def gen_encrypt(m): _, K = rsalib.gen_key(m.bit_length() + 3) e, n = K assert e == 3 return n, rsalib.encrypt(K, m)
def main(): if len(sys.argv) < 2: print 'Need the length of key' return # timer start = 0 end = 0 print '--- Generating key pairs ---' start = time.time() mid = int(sys.argv[1]) // 2 p = rsalib.generate_prime(mid - 5) print '--- prime p ---\n', p q = rsalib.generate_prime(mid + 5) print '--- prime q ---\n', q n = p * q print '--- n ---\n', n t = (p - 1) * (q - 1) # totient print '--- totient ---\n', t e = random.randint(1, t) while rsalib.gcd(t, e) != 1: e = random.randint(1, t) print '--- e ---\n', e d = rsalib.modular_multiplicative_inverse(e, t) print '--- d ---\n', d puk = open('rsa/PUK', 'w') puk.write(str(e) + '\n') puk.write(str(n)) puk.close() prk = open('rsa/PRK', 'w') prk.write(str(d) + '\n') prk.write(str(n)) prk.close() end = time.time() key = [d, n] print '--- Key pairs have been generated. ', end - start, 'sec ---' s = socket.socket() s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) host = socket.gethostname() port = 5964 s.bind((host, port)) s.listen(5) print '--- Wait for client connection ---' c, addr = s.accept() print '--- Got connection from ', addr, ' ---' print '--- Distribute public key ---' start = time.time() c.send(str(e)) # wait until client received, and send back ack 'ok' c.recv(128) c.send(str(n)) end = time.time() print '--- Key distribution done.', end - start, 'sec ---' command = c.recv(128) while command != '0': print '--- Command from client:', command if command == '1': print '--- Encrypting... ---' start = time.time() c.send('ok') c.recv(128) cipher = rsalib.encrypt('server', key) end = time.time() print '--- Ciphertext prepared', end - start, 'sec ---' # print cipher print '--- Sending to client... ---' start = time.time() for i in cipher: c.send(str(i)) # wait until client prepared c.recv(128) end = time.time() print '--- Ciphertext sent out', end - start, 'sec ---' c.send(str(-1)) elif command == '2': cipher_client = [] c.send('ok') data = c.recv(4096) print '--- Receiving ciphertext from client... ---' start = time.time() while data != '-1': cipher_client.append(int(data)) c.send('ok') data = c.recv(4096) end = time.time() print '--- Ciphertext received', end - start, 'sec ---' print '--- Decrypting ciphertext using Private key... ---' start = time.time() print rsalib.decrypt('server', cipher_client, key) end = time.time() print '--- Done', end - start, 'sec ---' #print cipher_client # c.recv(128) command = c.recv(128) c.close() s.close() print '--- Connection closed ---'
def main(): if len(sys.argv) < 2: print 'Need the length of key' return # timer start = 0 end = 0 print '--- Generating key pairs ---' start = time.time() mid = int(sys.argv[1])//2 p = rsalib.generate_prime(mid-5) print '--- prime p ---\n',p q = rsalib.generate_prime(mid+5) print '--- prime q ---\n',q n = p*q print '--- n ---\n',n t = (p-1)*(q-1) # totient print '--- totient ---\n',t e = random.randint(1,t) while rsalib.gcd(t,e) != 1: e = random.randint(1,t) print '--- e ---\n',e d = rsalib.modular_multiplicative_inverse(e,t) print '--- d ---\n',d puk = open('rsa/PUK','w') puk.write(str(e)+'\n') puk.write(str(n)) puk.close() prk = open('rsa/PRK','w') prk.write(str(d)+'\n') prk.write(str(n)) prk.close() end = time.time() key = [d,n] print '--- Key pairs have been generated. ',end-start,'sec ---' s = socket.socket() s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) host = socket.gethostname() port = 5964 s.bind((host, port)) s.listen(5) print '--- Wait for client connection ---' c, addr = s.accept() print '--- Got connection from ', addr,' ---' print '--- Distribute public key ---' start = time.time() c.send(str(e)) # wait until client received, and send back ack 'ok' c.recv(128) c.send(str(n)) end = time.time() print '--- Key distribution done.',end-start,'sec ---' command = c.recv(128) while command != '0': print '--- Command from client:',command if command == '1': print '--- Encrypting... ---' start = time.time() c.send('ok') c.recv(128) cipher = rsalib.encrypt('server',key) end = time.time() print '--- Ciphertext prepared',end-start,'sec ---' # print cipher print '--- Sending to client... ---' start = time.time() for i in cipher: c.send(str(i)) # wait until client prepared c.recv(128) end = time.time() print '--- Ciphertext sent out',end-start,'sec ---' c.send(str(-1)) elif command == '2': cipher_client = [] c.send('ok') data = c.recv(4096) print '--- Receiving ciphertext from client... ---' start = time.time() while data != '-1': cipher_client.append(int(data)) c.send('ok') data = c.recv(4096) end = time.time() print '--- Ciphertext received',end-start,'sec ---' print '--- Decrypting ciphertext using Private key... ---' start = time.time() print rsalib.decrypt('server',cipher_client,key) end = time.time() print '--- Done',end-start,'sec ---' #print cipher_client # c.recv(128) command = c.recv(128) c.close() s.close() print '--- Connection closed ---'
class Server: def __init__(self): self.k, self.K = rsalib.gen_key(1<<10) self.Seen = {} def decrypt(self, c): assert c not in self.Seen self.Seen[c] = time.time() return rsalib.decrypt(self.k, c) if __name__=='__main__': S = Server() e, n = K = S.K mess0 = b'platypus:'+base64.b64encode(get_random_bytes(12)) m0 = int.from_bytes(mess0, 'big') print(mess0, hex(m0)) c0 = rsalib.encrypt(K, m0) # intercepted print('Server:', hex(S.decrypt(c0))) s = randint(2, n-1) c1 = (pow(s, e, n) * c0) % n # c1 = s^e * c0 = (s*m)^e # c1^d = s*m m1 = S.decrypt(c1) m2 = (m1 * pow(s, -1, n)) % n mess2 = int_to_bytes(m2) print(mess2, hex(m2)) assert mess2 == mess0