def testSignVerify(self): h = SHA1.new() h.update(b('blah blah blah')) class RNG(object): def __init__(self): self.asked = 0 def __call__(self, N): self.asked += N return Random.get_random_bytes(N) key = RSA.generate(1024) # Helper function to monitor what's request from MGF global mgfcalls def newMGF(seed,maskLen): global mgfcalls mgfcalls += 1 return bchr(0x00)*maskLen # Verify that PSS is friendly to all ciphers for hashmod in (MD2,MD5,SHA1,SHA224,SHA256,SHA384,RIPEMD160): h = hashmod.new() h.update(b('blah blah blah')) # Verify that sign() asks for as many random bytes # as the hash output size rng = RNG() signer = PKCS.new(key, randfunc=rng) s = signer.sign(h) signer.verify(h, s) self.assertEqual(rng.asked, h.digest_size) h = SHA1.new() h.update(b('blah blah blah')) # Verify that sign() uses a different salt length for sLen in (0,3,21): rng = RNG() signer = PKCS.new(key, saltLen=sLen, randfunc=rng) s = signer.sign(h) self.assertEqual(rng.asked, sLen) signer.verify(h, s) # Verify that sign() uses the custom MGF mgfcalls = 0 signer = PKCS.new(key, newMGF) s = signer.sign(h) self.assertEqual(mgfcalls, 1) signer.verify(h, s) # Verify that sign() does not call the RNG # when salt length is 0, even when a new MGF is provided key.asked = 0 mgfcalls = 0 signer = PKCS.new(key, newMGF, 0) s = signer.sign(h) self.assertEqual(key.asked,0) self.assertEqual(mgfcalls, 1) signer.verify(h, s)
def testSignVerify(self): h = SHA1.new() h.update(b('blah blah blah')) rng = Random.new().read key = MyKey(RSA.generate(1024,rng)) # Helper function to monitor what's request from MGF global mgfcalls def newMGF(seed,maskLen): global mgfcalls mgfcalls += 1 return bchr(0x00)*maskLen # Verify that PSS is friendly to all ciphers for hashmod in (MD2,MD5,SHA1,SHA224,SHA256,SHA384,RIPEMD160): h = hashmod.new() h.update(b('blah blah blah')) # Verify that sign() asks for as many random bytes # as the hash output size key.asked = 0 signer = PKCS.new(key) s = signer.sign(h) self.failUnless(signer.verify(h, s)) self.assertEqual(key.asked, h.digest_size) h = SHA1.new() h.update(b('blah blah blah')) # Verify that sign() uses a different salt length for sLen in (0,3,21): key.asked = 0 signer = PKCS.new(key, saltLen=sLen) s = signer.sign(h) self.assertEqual(key.asked, sLen) self.failUnless(signer.verify(h, s)) # Verify that sign() uses the custom MGF mgfcalls = 0 signer = PKCS.new(key, newMGF) s = signer.sign(h) self.assertEqual(mgfcalls, 1) self.failUnless(signer.verify(h, s)) # Verify that sign() does not call the RNG # when salt length is 0, even when a new MGF is provided key.asked = 0 mgfcalls = 0 signer = PKCS.new(key, newMGF, 0) s = signer.sign(h) self.assertEqual(key.asked,0) self.assertEqual(mgfcalls, 1) self.failUnless(signer.verify(h, s))
def generateQ(randfunc): S=randfunc(20) hash1=SHA1.new(S).digest() hash2=SHA1.new(long_to_bytes(bytes_to_long(S)+1)).digest() q = bignum(0) for i in range(0,20): c=bord(hash1[i])^bord(hash2[i]) if i==0: c=c | 128 if i==19: c= c | 1 q=q*256+c while (not isPrime(q)): q=q+2 if pow(2,159) < q < pow(2,160): return S, q raise RuntimeError('Bad q value generated')
def test_negative_unapproved_hashes(self): """Verify that unapproved hashes are rejected""" from Crypto.Hash import SHA1 self.description = "Unapproved hash (SHA-1) test" hash_obj = SHA1.new() signer = DSS.new(self.key_priv, 'fips-186-3') self.assertRaises(ValueError, signer.sign, hash_obj) self.assertRaises(ValueError, signer.verify, hash_obj, b("\x00") * 40)
def generate_py(bits, randfunc, progress_func=None): """generate(bits:int, randfunc:callable, progress_func:callable) Generate a DSA key of length 'bits', using 'randfunc' to get random data and 'progress_func', if present, to display the progress of the key generation. """ if bits<160: raise ValueError('Key length < 160 bits') obj=DSAobj() # Generate string S and prime q if progress_func: progress_func('p,q\n') while (1): S, obj.q = generateQ(randfunc) n=divmod(bits-1, 160)[0] C, N, V = 0, 2, {} b=(obj.q >> 5) & 15 powb=pow(bignum(2), b) powL1=pow(bignum(2), bits-1) while C<4096: for k in range(0, n+1): V[k]=bytes_to_long(SHA1.new(S+bstr(N)+bstr(k)).digest()) W=V[n] % powb for k in range(n-1, -1, -1): W=(W<<160)+V[k] X=W+powL1 p=X-(X%(2*obj.q)-1) if powL1<=p and isPrime(p): break C, N = C+1, N+n+1 if C<4096: break if progress_func: progress_func('4096 multiples failed\n') obj.p = p power=divmod(p-1, obj.q)[0] if progress_func: progress_func('h,g\n') while (1): h=bytes_to_long(randfunc(bits)) % (p-1) g=pow(h, power, p) if 1<h<p-1 and g>1: break obj.g=g if progress_func: progress_func('x,y\n') while (1): x=bytes_to_long(randfunc(20)) if 0 < x < obj.q: break obj.x, obj.y = x, pow(g, x, p) return obj
def runTest(self): key = RSA.importKey(PKCS1_15_NoParams.rsakey) hashed = SHA1.new(b("Test")) good_signature = PKCS1_v1_5.new(key).sign(hashed) verifier = PKCS1_v1_5.new(key.publickey()) self.assertEqual(verifier.verify(hashed, good_signature), True) # Flip a few bits in the signature bad_signature = strxor(good_signature, bchr(1) * len(good_signature)) self.assertEqual(verifier.verify(hashed, bad_signature), False)
def runTest(self): key = RSA.generate(1024) hashed = SHA1.new(b("Test")) good_signature = PKCS1_PSS.new(key).sign(hashed) verifier = PKCS1_PSS.new(key.publickey()) self.assertEqual(verifier.verify(hashed, good_signature), True) # Flip a few bits in the signature bad_signature = strxor(good_signature, bchr(1) * len(good_signature)) self.assertEqual(verifier.verify(hashed, bad_signature), False)
def test_wrong_signature(self): key = RSA.generate(1024) msg_hash = SHA1.new(b("Message")) signer = PKCS.new(key) s = signer.sign(msg_hash) verifier = PKCS.new(key.publickey()) # The signature s should be OK verifier.verify(msg_hash, s) # Construct an incorrect signature and ensure that the check fails wrong_s = s[:-1] + bchr(bord(s[-1]) ^ 0xFF) self.assertRaises(ValueError, verifier.verify, msg_hash, wrong_s)
def test_asn1_encoding(self): """Verify ASN.1 encoding""" self.description = "ASN.1 encoding test" hash_obj = SHA1.new() signer = DSS.new(self.key_priv, 'fips-186-3', 'der') signature = signer.sign(hash_obj) # Verify that output looks like a SEQUENCE self.assertEqual(bord(signature[0]), 48) signer.verify(hash_obj, signature) # Verify that ASN.1 parsing fails as expected signature = bchr(7) + signature[1:] self.assertRaises(ValueError, signer.verify, hash_obj, signature)
def test_streaming(self): """Verify that an arbitrary number of bytes can be encrypted/decrypted""" from Crypto.Hash import SHA1 segments = (1, 3, 5, 7, 11, 17, 23) total = sum(segments) pt = b("") while len(pt) < total: pt += SHA1.new(pt).digest() cipher1 = ChaCha20.new(key=b("7") * 32, nonce=b("t") * 8) ct = cipher1.encrypt(pt) cipher2 = ChaCha20.new(key=b("7") * 32, nonce=b("t") * 8) cipher3 = ChaCha20.new(key=b("7") * 32, nonce=b("t") * 8) idx = 0 for segment in segments: self.assertEqual(cipher2.decrypt(ct[idx:idx+segment]), pt[idx:idx+segment]) self.assertEqual(cipher3.encrypt(pt[idx:idx+segment]), ct[idx:idx+segment]) idx += segment
def sign_bytes_dsa(byte_array, path_to_private_key_pem_file): # Use this method for DSA keys key = open(path_to_private_key_pem_file, 'r').read() # Import the key dsa_key = DSA.importKey(key) # Create a digest of nonce + cnonce # This only seems to work with SHA1 (SHA256 gives us a 401 error) buf = buffer(byte_array) digest = SHA1.new(buf).digest() # Digitally sign the digest with our private key # The corresponding public key is in our admin handle on the server k = random.StrongRandom().randint(1, dsa_key.q-1) sign = dsa_key.sign(digest, k) # Signature bytes from a DSA key need to be DER-encoded # This signature is in two parts (r and s) seq = DerSequence() seq.append(sign[0]) seq.append(sign[1]) return seq.encode()
def runTest(self): verifier = pkcs1_15.new(RSA.importKey(self.rsakey)) hashed = SHA1.new(self.msg) verifier.verify(hashed, self.signature)
def testVerify(self): verifier = PKCS.new(RSA.importKey(self.rsakey)) h = SHA1.new(self.msg) result = verifier.verify(h, t2b(self.signature)) self.failUnless(result)
def testVerify(self): verifier = PKCS.new(RSA.importKey(self.rsakey)) h = SHA1.new(self.msg) verifier.verify(h, t2b(self.signature))
def getDigesto(self, texto): return SHA1.new(texto)
decipher = '' for letra in cipher: if letra in letras: index = letras.index(letra) - nro_casas decipher += letras[index] else: decipher += letra # Gravando texto decifrado decipher = decipher.lower() arq_json['decifrado'] = decipher print(arq_json['decifrado']) # Gravando hash SHA1 decipher = decipher.encode('utf-8') hashSHA1 = SHA1.new(decipher).hexdigest() arq_json['resumo_criptografico'] = hashSHA1 print(arq_json['resumo_criptografico']) print(arq_json) # Salvando arquivo resposta with open('answer.json', 'w', encoding='utf-8') as f: json.dump(obj=arq_json, fp=f, indent=4, sort_keys=False) f.close() # Submeter post do arquivo json resultante urlpost = 'https://api.codenation.dev/v1/challenge/dev-ps/submit-solution?token={0}'.format(s_token) file = {"answer": open("answer.json", "rb")} response = requests.post(urlpost, files=file) print(response.status_code) print(response.content)
def testSignVerify(self): h = SHA1.new() h.update(b('blah blah blah')) class RNG(object): def __init__(self): self.asked = 0 def __call__(self, N): self.asked += N return Random.get_random_bytes(N) key = RSA.generate(1024) # Helper function to monitor what's request from MGF global mgfcalls def newMGF(seed,maskLen): global mgfcalls mgfcalls += 1 return bchr(0x00)*maskLen # Verify that PSS is friendly to all hashes for hashmod in (MD2,MD5,SHA1,SHA224,SHA256,SHA384,RIPEMD160): h = hashmod.new() h.update(b('blah blah blah')) # Verify that sign() asks for as many random bytes # as the hash output size rng = RNG() signer = PKCS.new(key, randfunc=rng) s = signer.sign(h) signer.verify(h, s) self.assertEqual(rng.asked, h.digest_size) # Blake2b has variable digest size for digest_bits in (160, 256, 384): # 512 is too long hobj = BLAKE2b.new(digest_bits=digest_bits) hobj.update(b("BLAKE2b supports several digest sizes")) signer = PKCS.new(key) signature = signer.sign(hobj) signer.verify(hobj, signature) # Blake2s too for digest_bits in (128, 160, 224, 256): hobj = BLAKE2s.new(digest_bits=digest_bits) hobj.update(b("BLAKE2s supports several digest sizes")) signer = PKCS.new(key) signature = signer.sign(hobj) signer.verify(hobj, signature) h = SHA1.new() h.update(b('blah blah blah')) # Verify that sign() uses a different salt length for sLen in (0,3,21): rng = RNG() signer = PKCS.new(key, saltLen=sLen, randfunc=rng) s = signer.sign(h) self.assertEqual(rng.asked, sLen) signer.verify(h, s) # Verify that sign() uses the custom MGF mgfcalls = 0 signer = PKCS.new(key, newMGF) s = signer.sign(h) self.assertEqual(mgfcalls, 1) signer.verify(h, s) # Verify that sign() does not call the RNG # when salt length is 0, even when a new MGF is provided key.asked = 0 mgfcalls = 0 signer = PKCS.new(key, newMGF, 0) s = signer.sign(h) self.assertEqual(key.asked,0) self.assertEqual(mgfcalls, 1) signer.verify(h, s)
def XeCryptSha(*args: Union[bytes, bytearray]) -> bytes: hasher = SHA1.new() [hasher.update(x) for x in args] return hasher.digest()
alg = que[que.find('that'):que.find('(X)')][5:] last6 = que.strip()[-6:] print 'alg : {}, last6 : {}'.format(alg, last6) payload = 'CCTF' next_payload = '' while 1: if alg == 'sha512': h = SHA512.new() elif alg == 'sha224': h = SHA224.new() elif alg == 'sha384': h = SHA384.new() elif alg == 'sha1': h = SHA1.new() elif alg == 'md5': h = MD5.new() elif alg == 'sha256': h = SHA256.new() h.update(payload) next_payload = h.hexdigest() #print payload[-6:] if next_payload[-6:] == last6: break else: payload = next_payload print payload r.sendline(payload)
def main(): parser = argparse.ArgumentParser( description='Lenovo UEFI signing tool, (C) 2019 Stefan Schmidt') parser.add_argument('file', metavar='INPUT_FILE', nargs=1, help='input file') parser.add_argument('-o', '--output', dest='outfile', metavar='OUTPUT_FILE', required=True, help='signed output file') args = parser.parse_args() input_file = open(args.file[0], "rb") data = input_file.read() input_file.close() # Find public RSA key location in the input file pubkey_location = find_pubkey_location(data) # Extract the FFSv2 volume offset ffsv2_offset = find_first_ffsv2_volume_offset(data) # Get all TCPA blocks to update signature on each tcpa_volume_blocks = find_tcpa_volume_blocks(data) # Generate a new RSA key-pair print("INFO: Generating new 1024 bit key with 3 as public exponent...") key = RSA.generate(1024, e=3) for tcpa_volume_block in tcpa_volume_blocks: # Warning: We assume volume size and offset are still correct here, that may not be the case! tcpa_volume_offset = int.from_bytes(tcpa_volume_block[1][52:56], byteorder='little') tcpa_volume_size = int.from_bytes(tcpa_volume_block[1][56:62], byteorder='little') print("INFO: Volume offset: " + str(tcpa_volume_offset)) print("INFO: Volume size: " + str(tcpa_volume_size)) # Shift the offsets so that they're relative to the FFSv2 volume tcpa_volume_offset += ffsv2_offset # Calculate actual volume hash volume_data = data[tcpa_volume_offset:tcpa_volume_offset + tcpa_volume_size] volume_hash = SHA1.new(data=volume_data) # Insert calculated hash into TCPA volume block tcpa_volume_block[1] = tcpa_volume_block[1][:32] + volume_hash.digest( ) + tcpa_volume_block[1][32 + 20:] print("INFO: Volume hash updated") # Extract the block of data that is to be hashed for the signature block_to_hash = tcpa_volume_block[1][:tcpa_volume_block_length - 131] # Calculate SHA hash of the block tcpa_hash = SHA1.new(data=block_to_hash).digest() # Pad the block to the correct length for RSA padded_tcpa_hash = (b'\x00' * 108) + tcpa_hash # Calculate the signature sig = key._decrypt(int.from_bytes(padded_tcpa_hash, byteorder='big')) # Convert the raw signature number to a block of bytes signature_block = number.long_to_bytes( sig, number.ceil_div(number.size(key.n), 8)) print("INFO: Signature calculated") assert (len(signature_block) == 128) # Insert new signature into TCPA volume block tcpa_volume_block[1] = tcpa_volume_block[1][:tcpa_volume_block_length - 128] + signature_block # Insert modified block into data data = data[:tcpa_volume_block[0]] + tcpa_volume_block[1] + data[ tcpa_volume_block[0] + tcpa_volume_block_length:] print("INFO: TCPA volume block signed") # Signatures updated, now insert public key modulus_block = key.n.to_bytes(length=pubkey_modulus_length, byteorder='big') data = data[:pubkey_location] + modulus_block + data[ pubkey_location + pubkey_modulus_length:] print("INFO: Public key stored") # Write updated data output file output_file = open(args.outfile, "wb") output_file.write(data) output_file.close() print("\nIMAGE SIGNED!")
def _sha1_new(*args): from Crypto.Hash import SHA1 _new_funcs['SHA1'] = _new_funcs['sha1'] = _new_funcs['SHA'] = _new_funcs[ 'sha'] = SHA1.new return SHA1.new(*args)
def _sha1_new(*args): from Crypto.Hash import SHA1 _new_funcs['SHA1'] = _new_funcs['sha1'] = _new_funcs['SHA'] = _new_funcs['sha'] = SHA1.new return SHA1.new(*args)
def _connect(self) -> None: acc = Session.Accumulator() # Send ClientHello nonce = os.urandom(0x10) client_hello = Keyexchange.ClientHello( build_info=Version.standard_build_info(), cryptosuites_supported=[ Keyexchange.Cryptosuite.CRYPTO_SUITE_SHANNON ], login_crypto_hello=Keyexchange.LoginCryptoHelloUnion( diffie_hellman=Keyexchange.LoginCryptoDiffieHellmanHello( gc=self._keys.public_key_array(), server_keys_known=1), ), client_nonce=nonce, padding=bytes([0x1e])) client_hello_bytes = client_hello.SerializeToString() length = 2 + 4 + len(client_hello_bytes) self._conn.write_byte(0) self._conn.write_byte(4) self._conn.write_int(length) self._conn.write(client_hello_bytes) self._conn.flush() acc.write_byte(0) acc.write_byte(4) acc.write_int(length) acc.write(client_hello_bytes) # Read APResponseMessage length = self._conn.read_int() acc.write_int(length) buffer = self._conn.read(length - 4) acc.write(buffer) ap_response_message = Keyexchange.APResponseMessage() ap_response_message.ParseFromString(buffer) shared_key = Utils.to_byte_array( self._keys.compute_shared_key( ap_response_message.challenge.login_crypto_challenge. diffie_hellman.gs)) # Check gs_signature rsa = RSA.construct((int.from_bytes(self._serverKey, "big"), 65537)) pkcs1_v1_5 = PKCS1_v1_5.new(rsa) sha1 = SHA1.new() sha1.update(ap_response_message.challenge.login_crypto_challenge. diffie_hellman.gs) # noinspection PyTypeChecker if not pkcs1_v1_5.verify( sha1, ap_response_message.challenge.login_crypto_challenge. diffie_hellman.gs_signature): raise RuntimeError("Failed signature check!") # Solve challenge data = b"" for i in range(1, 6): # noinspection PyTypeChecker mac = HMAC.new(shared_key, digestmod=SHA1) mac.update(acc.array()) mac.update(bytes([i])) data += mac.digest() # noinspection PyTypeChecker mac = HMAC.new(data[:20], digestmod=SHA1) mac.update(acc.array()) challenge = mac.digest() client_response_plaintext = Keyexchange.ClientResponsePlaintext( login_crypto_response=Keyexchange.LoginCryptoResponseUnion( diffie_hellman=Keyexchange.LoginCryptoDiffieHellmanResponse( hmac=challenge)), pow_response=Keyexchange.PoWResponseUnion(), crypto_response=Keyexchange.CryptoResponseUnion()) client_response_plaintext_bytes = client_response_plaintext.SerializeToString( ) length = 4 + len(client_response_plaintext_bytes) self._conn.write_int(length) self._conn.write(client_response_plaintext_bytes) self._conn.flush() try: self._conn.set_timeout(1) scrap = self._conn.read(4) if 4 == len(scrap): length = (scrap[0] << 24) | (scrap[1] << 16) | ( scrap[2] << 8) | (scrap[3] & 0xff) payload = self._conn.read(length - 4) failed = Keyexchange.APResponseMessage() failed.ParseFromString(payload) raise RuntimeError(failed) except socket.timeout: pass finally: self._conn.set_timeout(0) with self._authLock: self._cipherPair = CipherPair(data[20:52], data[52:84]) self._authLockBool = True self._LOGGER.info("Connection successfully!")