Esempio n. 1
0
print "Along with signature..."
print signature
print "Does it verify?"
print verify(signature, message, U)
print

#### Forging

msg_to_forge = "hi mom"
hash_mom = sha1(msg_to_forge).digest()
block_mom = ("\x00\x01\xff\xff\x00ASN.1" +
             chr(len(hash_mom)) +
             hash_mom)
bytes_to_add = (bits / 8) - len(block_mom)
block_mom += "\x00" * bytes_to_add
block_mom_cube = "\x00" + rsa.i2s(cuberoot(rsa.s2i(block_mom)) ** 3)
forged_sig = cuberoot(rsa.s2i(block_mom_cube))

#### Check the sig

print "A poor fool received message:", msg_to_forge
print "Along with signature..."
print forged_sig
print "Does it verify?"
result = verify(forged_sig, msg_to_forge, U)
print result
print

#### tests ####
assert result
assert unpad(pkcs_1_5("Hello", 1024)) == "Hello"
Esempio n. 2
0
plaintext = base64.b64decode(b64s)
ciphertext = rsa.encrypt_string(plaintext, pubkey)
# um, if e=3, I don't think this string wraps the modulus. So in
# theory, I think we could just cube-root it, but oh well.

bounds = [0, n]
start = time.time()
for i in range(2048):
    p = parity(multiply(ciphertext, 2**(i+1), e, n))
    half_the_dist = (bounds[1] - bounds[0]) / 2
    if p == 0:
        bounds = [bounds[0], bounds[1] -  half_the_dist]
    elif p == 1:
        bounds = [bounds[0] + half_the_dist, bounds[1]]
    if i % 16 == 0:
        print p, i, cleanup(rsa.i2s(bounds[1]), '_') # get 256 char wide screen

end = time.time()
dur = round(end - start, 1)
print "--------"
for b in bounds:
    print rsa.i2s(b)

print "2048 oracularities in", dur, "s =", round(2048 / dur, 1), "per s."

#### tests ####

hi = 'Hi'
c_hi = rsa.encrypt_string(hi, pubkey)
D = multiply(c_hi, 2, pubkey[0], pubkey[1])
assert rsa.s2i(hi) * 2 == rsa.crypt(D, privkey)
Esempio n. 3
0
plaintext = base64.b64decode(b64s)
ciphertext = rsa.encrypt_string(plaintext, pubkey)
# um, if e=3, I don't think this string wraps the modulus. So in
# theory, I think we could just cube-root it, but oh well.

bounds = [0, n]
start = time.time()
for i in range(2048):
    p = parity(multiply(ciphertext, 2**(i + 1), e, n))
    half_the_dist = (bounds[1] - bounds[0]) / 2
    if p == 0:
        bounds = [bounds[0], bounds[1] - half_the_dist]
    elif p == 1:
        bounds = [bounds[0] + half_the_dist, bounds[1]]
    if i % 16 == 0:
        print p, i, cleanup(rsa.i2s(bounds[1]),
                            '_')  # get 256 char wide screen

end = time.time()
dur = round(end - start, 1)
print "--------"
for b in bounds:
    print rsa.i2s(b)

print "2048 oracularities in", dur, "s =", round(2048 / dur, 1), "per s."

#### tests ####

hi = 'Hi'
c_hi = rsa.encrypt_string(hi, pubkey)
D = multiply(c_hi, 2, pubkey[0], pubkey[1])
Esempio n. 4
0
decrypt = rsa.decrypt_string(ciphertext, R)
print
print "Bob gets this message:", decrypt

#### Eve

# Calculate products of the moduli (pubkeys) EXCEPT pubkey number i.
ms = [None] * k
for i in range(k):
    x = copy.copy(n)
    del x[i]
    ms[i] = reduce(lambda a, b: a * b, x)

# Work thru Chinese Remainder Theorem
result = 0
for i in range(k):
    result += c[i] * ms[i] * rsa.invmod(ms[i], n[i])
result = result % reduce(lambda a, b: a * b, n)

# Get final text

overheard = rsa.i2s(cuberoot(result))

print "Eve hears this message:", overheard

#### tests ####
assert message == decrypt
assert message == overheard
assert decrypt == overheard
warn("Passed assertions:", __file__)
Esempio n. 5
0
decrypt = rsa.decrypt_string(ciphertext, R)
print
print "Bob gets this message:", decrypt

#### Eve

# Calculate products of the moduli (pubkeys) EXCEPT pubkey number i.
ms = [None]*k
for i in range(k):
    x = copy.copy(n)
    del x[i]
    ms[i] = reduce(lambda a, b: a*b, x)

# Work thru Chinese Remainder Theorem
result = 0
for i in range(k):
    result += c[i] * ms[i] * rsa.invmod(ms[i], n[i])
result = result % reduce(lambda a, b: a*b, n)

# Get final text

overheard = rsa.i2s(cuberoot(result))

print "Eve hears this message:", overheard

#### tests ####
assert message == decrypt
assert message == overheard
assert decrypt == overheard
warn("Passed assertions:", __file__)
Esempio n. 6
0
breakme = alice.encrypt(secret_for_bob)
E = breakme["pubkey"][0]  # pub key exponent
N = breakme["pubkey"][1]  # public key modulus
C = breakme["ciphertext"]  # long integer, not string

print "Bob calls Alice and receives..."
print alice.decrypt(C)
print

#### Mallory

print "Mallory calls Alice the 1st time and receives..."
print alice.decrypt(C)

print "Mallory calls w/ seemingly different string & receives..."
S = random.randint(2, 100000)
assert S % N > 1
Cp = (pow(S, E, N) * C) % N
Pp_string = alice.decrypt(Cp)
print Pp_string
Pp = rsa.s2i(Pp_string)
print "Alice's hash table suspects nothing..."
print alice.log
P = (Pp * rsa.invmod(S, N)) % N
print "But Mallory now knows..."
print rsa.i2s(P)

#### tests ####
assert rsa.i2s(P) == secret_for_bob
warn("Passed assertions:", __file__)
Esempio n. 7
0
            mhigh =  min(b, (3*B - 1 + r*n) // s[i])
            assert mlow <= mhigh, [mlow, mhigh, mlow - a, b - mhigh,
                                   rlow, rhigh, r]
            this_interval = [mlow, mhigh]
            if this_interval not in m_set:
                m_set.append(this_interval)
        M.append(simplify(m_set))
    
    #### Step 4
    if len(M[i]) == 1 and M[i][0][0] == M[i][0][1]:
        a = M[i][0][0]
        m = a * rsa.invmod(s[0], n) % n
        print
        print
        print "Hooray! m=", m
        result = rsa.i2s(m)
        print "i2s=", [result]
        break
    else:
        if len(M[i]) > 1:
            print "Iterate because len", len(M[i])
        else:
            if i % 20 == 0:
                print "Iterate because interval > 0"
        i += 1

#### tests ####
nc = len(short_message)
assert result[-nc:] == short_message
short_message2 = "du"
m2 = pkcs_1(short_message2, Bits*2)
Esempio n. 8
0
breakme = alice.encrypt(secret_for_bob)
E = breakme['pubkey'][0] # pub key exponent
N = breakme['pubkey'][1] # public key modulus
C = breakme['ciphertext'] # long integer, not string

print "Bob calls Alice and receives..."
print alice.decrypt(C)
print

#### Mallory

print "Mallory calls Alice the 1st time and receives..."
print alice.decrypt(C)

print "Mallory calls w/ seemingly different string & receives..."
S = random.randint(2, 100000)
assert S % N > 1
Cp = (pow(S, E, N) * C) % N
Pp_string = alice.decrypt(Cp)
print Pp_string
Pp = rsa.s2i(Pp_string)
print "Alice's hash table suspects nothing..."
print alice.log
P = (Pp * rsa.invmod(S, N) ) % N
print "But Mallory now knows..."
print rsa.i2s(P)

#### tests ####
assert rsa.i2s(P) == secret_for_bob
warn("Passed assertions:", __file__)