def verifySignature(pub, message, signature): block = b'\x00' + challenge39.encryptbytes(pub, signature) r = re.compile(b'\x00\x01\xff+?\x00(.{20})', re.DOTALL) m = r.match(block) if not m: return False digest = m.group(1) sha1 = hashlib.sha1() sha1.update(message) return digest == sha1.digest()
def encrypt(plaintext): return challenge39.encryptbytes(pub, plaintext)
raise Exception('unexpected') r = minR ai = max(a, (2*B + r*n + s - 1) // s) bi = min(b, (3*B - 1 + r*n) // s) if ai > bi: raise Exception('unexpected') return [(ai, bi)] def deducePlaintext(ciphertext, pub, parityOracle): e, n = pub k = (n.bit_length() + 7) // 8 B = 2**(8*(k-2)) c0 = challenge39.bytestonum(ciphertext) M = [(2*B, 3*B - 1)] (s, c) = computeFirstS(e, n, B, c0, parityOracle) M = getNextInterval(n, M, s, B) while True: if len(M) == 1 and M[0][0] == M[0][1]: m = M[0][0] return b'\x00' + challenge39.numtobytes(m) (s, c) = computeNextS(e, n, M, s, B, c0) M = getNextInterval(n, M, s, B) if __name__ == '__main__': _, n = pub plaintext = padPKCS15(b'kick it, CC', n) ciphertext = challenge39.encryptbytes(pub, plaintext) plaintext2 = deducePlaintext(ciphertext, pub, parityOracle) if plaintext2 != plaintext: raise Exception(plaintext2 + b' != ' + plaintext)