Exemple #1
0
def test_challenge47():
    pub, priv = rsa.gen_key_pair(256)

    def padding_oracle(ciphernum):
        plainnum = rsa.decrypt(priv, ciphernum)
        plaintext = util.to_bytes(plainnum)
        return plaintext[:2] == b'\x00\x02'
Exemple #2
0
def init_connection(conn, hosting, recv_callback, dc_callback):
    global aes_key, hmac_key
    if hosting:
        partner_rsa_pub = rsa.byte_decode_public(conn.recv(132))
        print("Received public key")
        aes_key = aes.gen_key()  # 16 byte
        hmac_key = hmac.gen_key()  # 32 byte
        payload = rsa.encrypt(aes_key + hmac_key, partner_rsa_pub)  # 128 byte
        print("48? " + str(len(payload)))
        print("Sending keys...")
        conn.sendall(payload)
        print("Done")
    else:
        public, private = rsa.gen_key_pair()
        print("Sending public key...")
        conn.sendall(rsa.byte_encode_public(public))
        print("Receiving keys...")
        payload = conn.recv(128)
        print("Done")
        keys = rsa.decrypt(payload, private)
        aes_key = keys[:16]
        hmac_key = keys[16:]
    print("Secure channel established")
    #Thread(target=send_loop(conn), name="SEND").start()
    Thread(target=recv_loop(conn, recv_callback, dc_callback),
           name="RECV").start()
Exemple #3
0
def test_challenge46():
    pub, priv = rsa.gen_key_pair(1024)

    def parity_oracle(ciphernum):
        plainnum = rsa.decrypt(priv, ciphernum)
        return plainnum & 1

    data = b'VGhhdCdzIHdoeSBJIGZvdW5kIHlvdSBkb24ndCBwbGF5IGFyb3VuZCB3aXRoIHRoZSBGdW5reSBDb2xkIE1lZGluYQ=='
    ciphertext = rsa.encrypt(pub, base64.b64decode(data))
    assert set6.challenge46(pub, ciphertext,
                            parity_oracle) == base64.b64decode(data)
Exemple #4
0
def test_challenge41():
    msg_set = set()
    pub, priv = rsa.gen_key_pair()

    def decrypt_once(ciphertext):
        if ciphertext in msg_set:
            raise RuntimeError('You cannot decrypt a message twice')
        msg_set.add(ciphertext)
        return rsa.decrypt(priv, ciphertext)

    message = b'user secret data'
    ciphertext = rsa.encrypt(pub, message)
    assert message == decrypt_once(ciphertext)
    assert message == set6.challenge41(ciphertext, pub, decrypt_once)
Exemple #5
0
def test_challenge42():
    pub, priv = rsa.gen_key_pair(1024)

    def signature(message):
        md = hashlib.sha1(message).digest()
        md = b'\x00\x01' + (b'\xff' * (125 - len(md))) + b'\x00' + md
        return rsa.decrypt(priv, md)

    def verify(message, signature):
        md = b'\x00' + rsa.encrypt(pub, signature)
        if md[:2] != b'\x00\x01':
            return False
        i = 3
        while md[i] == 0xff:
            i += 1
        if md[i] != 0:
            return False
        md = md[i + 1:i + 21]
        return md == hashlib.sha1(message).digest()

    message = b'hello'
    assert verify(message, signature(message))
    assert verify(message, set6.challenge42(pub, message))
Exemple #6
0
 def __init__(self):
     self._seen = set()
     self._d, self._e, self._n = rsa.gen_key_pair(256)
Exemple #7
0
import number_theory
import rsa
import util

#see: https://people.freebsd.org/~lstewart/references/apple_tr_kt32_cuberoot.pdf
#for computing cube roots

if __name__ == '__main__':
    #get 3 RSA keys all with e = 3
    _, e1, n1 = rsa.gen_key_pair(64)
    _, e2, n2 = rsa.gen_key_pair(64)
    _, e3, n3 = rsa.gen_key_pair(64)
    assert ({e1, e2, e3} == {3})

    #if same message is encrypted with all keys
    m = "hello"
    c1 = rsa.rsa_encrypt(m, 3, n1)
    c2 = rsa.rsa_encrypt(m, 3, n2)
    c3 = rsa.rsa_encrypt(m, 3, n3)

    #then
    #c_i = m^3 (mod n_i)
    #So by CTR we can find m^3  (mod n_1*n_2*n_3)
    m_cubed = number_theory.crt([c1, c2, c3], [n1, n2, n3])

    #m < n_i ==> m^3 < n_1*n_2*n_3
    #==> we can find m by taking a normal cube root
    mp = util.bigint_to_bytes(number_theory.ith_root(m_cubed, 3))
    assert (m == mp)
    print 'Recovered message:', mp