def testForge(self): e = 17 n = 3233 d = 2753 m1 = 11 m2 = 19 bm1 = crypto.rsaBlind(m1, 11, e, n) bs1 = pow(bm1, d, n) s1 = crypto.rsaUnblind(11, n, bs1) self.assertTrue(crypto.rsaVerify(s1, m1, e, n)) bm2 = crypto.rsaBlind(m2, 13, e, n) bs2 = pow(bm2, d, n) s2 = crypto.rsaUnblind(13, n, bs2) self.assertTrue(crypto.rsaVerify(s2, m2, e, n)) self.assertTrue(crypto.rsaVerify((s1 * s2) % n, (m1 * m2) % n, e, n)) self.assertTrue(crypto.rsaVerify(crypto.modInverse(s1, n), crypto.modInverse(m1, n), e, n))
def testRsa(self): e = 17 n = 3233 d = 2753 m = 3000 s = crypto.rsaSign(m, d, n) self.assertTrue(crypto.rsaVerify(s, m, e, n)) r = 11 bm = crypto.rsaBlind(m, r, e, n) bs = crypto.rsaSign(bm, d, n) s = crypto.rsaUnblind(r, n, bs) self.assertTrue(crypto.rsaVerify(s, m, e, n))
def blind(publicKey, sigTime, data): keyID = publicKey.packets[TAG_PUBKEY].keyID() n = publicKey.packets[TAG_PUBKEY].n e = publicKey.packets[TAG_PUBKEY].e if sigTime is None: sigTime = _randomTime(publicKey.creationTime(), publicKey.expirationTime()) sigPacket = _prepareSignature(crypto.HASH_SHA256, sigTime, keyID) sigdata = data + sigPacket.hashdata() plainhash = crypto.hash(sigdata, sigPacket.hashAlgorithm.value) codedhash = encoding.pkcs15(plainhash, n.bits(), sigPacket.hashAlgorithm.value) m = elements.ScalarElement(codedhash).value while True: r = elements.ScalarElement(crypto.randomBytes(n.octets())).value if r > 1 and r < n.value and crypto.gcd(n.value, r) == 1: break packet = packets.BlindMessagePacket() packet.m = elements.MPIElement(crypto.rsaBlind(m, r, e.value, n.value)) return r, plainhash[0:2], sigTime, messages.BlindMessageMessage.fromPackets((packet,))