class oracle: def __init__(self): self.rsa = RSA() self.pub,self.priv = self.rsa.keygen(l=512) # 1024 bits key def getpubkey(self): return self.pub def iseven(self,ct): return ord(self.rsa.decrypt(ct,self.priv)[-1]) & 1 == 0
def oracle(key, c): """ oracle function for c47 """ rsa = RSA() try: m = rsa.decrypt(c, key) except: return False if m[0:2] == '\x00\x02': return True return False
#!/usr/bin/env python from c39 import RSA # RSA from c36 import i2s, s2i if __name__ == "__main__": msg = "attack after the breakfast" rsa = RSA() pub,priv = rsa.keygen() C = rsa.encrypt(msg,pub) assert rsa.decrypt(C,priv) == msg, "bug in my RSA, decryption didn't provide the same clear text" S = 3 # lowest possible S C1 = list() # the cipher text is a list for ct in C: # lets iterate over the ciphertext C1.append(i2s((pow(S,pub[0],pub[1])*s2i(ct)) % pub[1])) # if C1 != C: # the C1 has to be different the C P1 = rsa.decrypt(C1,priv) print i2s((s2i(P1)/S)%pub[1]) else: print "something wrong C1 and C should be different"
def verify(self,msg,sign,key): pkcs15 = PKCS15() rsa = RSA() dgst = hashlib.sha1(message).digest() return pkcs15.unpad("\x00"+rsa.decrypt(sign,key)) == dgst
if count % 10 == 0: sys.stdout.write("%s \r" % (count)) sys.stdout.flush() count += 1 return s1 if __name__ == "__main__": rsa = RSA() pkcs = PKCS15t2() # clear text message text = "kick it, CC" # 256 bit key generation (pubkey, prvkey) = rsa.keygen(256) # padding PKCS#1 1.5 m = pkcs.pad(text, len(i2s(pubkey[1]))) # encrypting c = rsa.encrypt(m, pubkey) m1 = rsa.decrypt(c, prvkey) assert (m == "\x00"+m1), "PKCS#1 1.5 implementation failure" assert (text == pkcs.unpad("\x00"+m1)), "RSA implementation failure" # Bleichenbacher print b_step2a(pubkey, prvkey, c, oracle)