def sign_hash(pub_algorithm_type, secret_key, hash_, k=None):
if pub_algorithm_type in (1, 3):
# RSA
sig_string = PKCS1_v1_5.new(secret_key).sign(hash_)
return (bytes_to_long(sig_string), )
elif pub_algorithm_type == 20:
# ELG
# TODO: Should only be allowed for test purposes
if k is None:
while 1:
# This can be pretty darn slow
k = random.StrongRandom().randint(1, secret_key.p - 1)
if GCD(k, secret_key.p - 1) == 1:
break
print(k)
# TODO: Remove dependence on undocumented method
sig_string = PKCS1_v1_5.EMSA_PKCS1_V1_5_ENCODE(hash_,
secret_key.size())
return secret_key.sign(sig_string, k)
elif pub_algorithm_type == 17:
q = secret_key.q
qbits = int(math.floor(float(math.log(q, 2)))) + 1
qbytes = int(math.ceil(qbits / 8.0))
if k is None:
k = random.StrongRandom().randint(1, q - 1)
digest = hash_.digest()[:qbytes]
return secret_key.sign(bytes_to_long(digest), k)
else:
# TODO: complete
raise ValueError
def elgamal():
#伪随机数生成器
random_generator = Random.new().read
#生成elgamal Key
elgKey = ElGamal.generate(256, random_generator)
#生成私钥
while 1:
alpha = random.StrongRandom().randint(1, elgKey.p - 1)
if GCD(alpha, elgKey.p - 1) == 1:
break
h = mod(elgKey.g, alpha, elgKey.p)
message = [33, 14, 22, 62, 00, 17, 4, 62, 24, 14, 20, 66]
print('message: ', message)
#加密过程
#1.随机选择整数y
y = random.StrongRandom().randint(1, elgKey.p - 1)
#2.计算c1
c1 = mod(elgKey.g, y, elgKey.p)
#3.计算s
s = mod(h, y, elgKey.p)
#4.对message进行加密
ciphertext = [(m * s) % (elgKey.p) for m in message]
print('ciphetext: ', ciphertext)
#解密过程
#1.通过c1计算得到s
de_s = mod(c1, alpha, elgKey.p)
#2.获得明文
x, y, r = ex_gcd(elgKey.p, de_s)
s_reverse = y % (elgKey.p)
if s_reverse < 0:
s_reverse += elgKey.p
plaintext = [(m * s_reverse) % (elgKey.p) for m in ciphertext]
print('plaintext: ', plaintext)
def random_solve(self):
channel_num = self.PUZ['channel_num']
tmp_int = random.StrongRandom().randint(0, channel_num - 1)
while self.available_ans["now"].get('ans') != None and str(
tmp_int) in self.available_ans["now"]["ans"].keys():
tmp_int = random.StrongRandom().randint(0, channel_num - 1)
return self.solve(tmp_int)
def test_nonce_reuse(secret_key=DSA.generate(1024)):
# choose a "random" - k :) this time random is static in order to allow this attack to work
k = random.StrongRandom().randint(1, secret_key.q - 1)
# sign two messages using the same k
samples = (Tests.Dsa.signMessage(secret_key,
"This is a signed message!", k),
Tests.Dsa.signMessage(secret_key,
"Another signed Message - :)",
k))
logger.debug("generated sample signatures: %s" % repr(samples))
signatures = [
DsaSignature(sig, h, pubkey) for h, sig, pubkey in samples
]
logger.debug("Signature Objects: %r" % signatures)
two_sigs = []
for sig in signatures:
two_sigs.append(sig)
if not len(two_sigs) == 2:
continue
sample = two_sigs.pop(0)
logger.debug("%r - recovering privatekey from nonce reuse..." %
sample)
assert (sample.x is None) # not yet resolved
sample.recover_nonce_reuse(two_sigs[0])
assert (sample.x is not None) # privkey recovered
assert (sample.privkey == secret_key)
logger.debug("%r - Private key recovered! \n%s" %
(sample, sample.export_key()))
def generate(self, algorithm, mode):
algorithm = algorithm.get()
modes = mode.get()
mode = get_mode(mode.get())
sim_key = self.HexToByte(get_data(self.sim_key_path, 'Secret key'))
if (algorithm.split('-')[0].upper() == 'AES'):
iv = Random.new().read(AES.block_size)
cipher = AES.new(sim_key, mode, iv)
else:
iv = Random.new().read(DES3.block_size)
cipher = DES3.new(sim_key, mode, iv)
data = get_data(self.input_path, 'Data')
if len(data) % cipher.block_size != 0:
data += ' ' * (cipher.block_size - len(data) % cipher.block_size)
encoded = cipher.encrypt(data)
encoded = b64encode(encoded)
modulus = int(int(get_data(self.public_key_path, 'Modulus'), 16))
public_exp = int(
int(get_data(self.public_key_path, 'Public exponent').strip(), 16))
asimmetric_alg = get_data(self.public_key_path, 'Method')
if asimmetric_alg != 'RSA':
generator = int(
int(get_data(self.public_key_path, 'Generator'), 16))
if (asimmetric_alg == 'RSA'):
RSAEncryptor = RSA.construct((modulus, public_exp))
encrypted_key = RSAEncryptor.encrypt(sim_key, '')
encrypted_key = encrypted_key[0]
else:
ElGamalEncryptor = ElGamal.construct(
(modulus, generator, public_exp))
while 1:
k = random.StrongRandom().randint(1, modulus - 1)
if GCD(k, modulus - 1) == 1: break
encrypted_key = ElGamalEncryptor.encrypt(sim_key, int(k))
k = encrypted_key[1]
encrypted_key = encrypted_key[0]
file = open(self.envelope_path, 'w')
file.write('---BEGIN OS2 CRYPTO DATA---\n')
file.write('Description:\n Envelope\n\n')
file.write('File name:\n ')
file.write(self.envelope_path)
file.write('\n\nMethod:\n ' + algorithm.split('-')[0].upper() +
'\n ' + asimmetric_alg + '\n\n')
if asimmetric_alg != 'RSA':
file.write('Secret number:\n ')
write_to_file(file, self.ByteToHex(k))
file.write('\n\nCrypt Method:\n ' + modes + '\n\n')
file.write('Initialization vector:\n ' + str(self.ByteToHex(iv)))
file.write('\n\nKey length:\n ' +
str(hex(len(sim_key) * 8)).replace('0x', '') + '\n ')
file.write(get_data(self.public_key_path, 'Key length'))
file.write('\n\nEnvelope data:\n ')
write_to_file(file, encoded.decode())
file.write('\n\nEnvelope crypt key:\n ')
write_to_file(file, self.ByteToHex(encrypted_key))
file.write('\n\n---END OS2 CRYPTO DATA---')
def get_message(self, chunk_number, chunk, dst):
m = str(chunk_number) + str(chunk) + str(dst)
h = SHA256.new(m).digest()
k = random.StrongRandom().randint(1, self.dsa_key.q - 1)
sig = self.dsa_key.sign(h, k)
return struct.pack('H1024s40s40s', socket.htons(chunk_number), chunk,
self.long_to_hex(sig[0]), self.long_to_hex(sig[1]))
def sign(self, data):
"""expect data as bytes
"""
if not self.dsa.has_private():
return
k = random.StrongRandom().randint(1,self.dsa.q-1)
return self.dsa.sign(data, k)
def exec_dsa(form):
other_params = {}
message = form.text.data.encode("utf-8")
hash_ = SHA.new(message)
form.sha.data = hash_.hexdigest()
h = hash_.digest()
# 恢复key
if not session.get("key"):
key = DSA.generate(1024)
session["key"] = pickle.dumps(key)
else:
key = pickle.loads(session["key"])
if form.sign.data:
k = random.StrongRandom().randint(1, key.q - 1)
sig = key.sign(h, k)
form.signature.data = "%s, %s" % (hex(sig[0])[2:-1], hex(sig[1])[2:-1])
elif form.verify.data:
ssig = form.signature.data.split(", ")
try:
sig = (int(ssig[0], base=16), int(ssig[1], base=16))
except (IndexError, UnicodeEncodeError):
flash(u"签名格式错误!")
else:
if key.verify(h, sig):
flash(u"签名验证成功!")
else:
flash(u"签名验证失败!")
return form, other_params
def __init__(self, key, *, Fast = False):
if Fast:
from Crypto.PublicKey import RSA
from Crypto.Random import random
try:
self.key = RSA.importKey(key)
except ValueError:
raise
self.random = random.StrongRandom()
if self.key.has_private():
self.encrypt_block = self.fast_private_encrypt_block
self.decrypt_block = self.fast_private_decrypt_block
else:
self.encrypt_block = self.fast_public_encrypt_block
self.decrypt_block = self.fast_public_decrypt_block
self.DecryptBlockSize = (self.key.size() + 1) // 8
self.EncryptBlockSize = self.DecryptBlockSize - 11
else:
try:
self.key = rsa.key.PublicKey.load_pkcs1(key, 'DER')
self.encrypt_block = self.slow_public_encrypt_block
self.decrypt_block = self.slow_public_decrypt_block
except PyAsn1Error:
self.key = rsa.key.PrivateKey.load_pkcs1(key, 'DER')
self.encrypt_block = self.slow_private_encrypt_block
self.decrypt_block = self.slow_private_decrypt_block
self.DecryptBlockSize = rsa.common.byte_size(self.key.n)
self.EncryptBlockSize = self.DecryptBlockSize - 11
def _generate_nonce(self, nonce_length=24):
"""
Generate a nonce used to make a request unique.
- `nonce_length`, length of the generated nonce.
Returns: a nonce.
"""
try:
int(nonce_length)
if nonce_length < APIRequest.min_nonce_length or nonce_length > APIRequest.max_nonce_length:
raise ValueError()
except ValueError:
raise APIRequestError(
"Nonce length must be an int between %d and %d chars" %
(APIRequest.min_nonce_length, APIRequest.max_nonce_length))
rand = random.StrongRandom()
nonce = ""
nonce = [
rand.choice(APIRequest.nonce_allowable_chars)
for i in range(0, nonce_length)
]
return "".join(nonce)
def gen_perm(self, l):
x = list(range(l))
for i in range(l):
d = random.StrongRandom().randint(0, i)
if i != d:
x[i] = x[d]
x[d] = i
return x
def getStrongRandomKey(bits):
sRandom = random.StrongRandom()
randomBits = sRandom.getrandbits(bits)
stringRandomBits = str(randomBits)
sRandomPrivateKey = SHA256.new(stringRandomBits).hexdigest()
return sRandomPrivateKey
def sign(self, message):
h = Hash.SHA.new(message.encode('utf-8')).digest()
while 1:
k = rd.StrongRandom().randint(1, self.__key.p - 1)
if GCD(k, self.__key.p - 1) == 1:
break
sig = self.__key.sign(h, k)
return sig
def Encrypt(g, y, m, p):
#随机生成一个整数r
r = random.StrongRandom().randint(1, p - 1)
c1 = mod(g, r, p)
tmp = mod(y, r, p)
c2 = (m * tmp) % p
print('Y的加密结果为({0},{1})'.format(c1, c2))
return c1, c2
def vote(key, m, crypt):
while 1:
k = random.StrongRandom().randint(1, key.p - 2)
if GCD(k, key.p - 1) == 1: break
cryptuple = key.encrypt(key.g**m, k)
out = "%s\n" % (cryptuple, )
with open(crypt, 'a') as vote_crypt:
vote_crypt.write(out)
def __init__(self, seed=1012810): self.nState = RandomState(seed) self.cState = random.StrongRandom() # Sampler warmup print "Starting Sampler Warm-up" junk = self.nState.random_sample(10000) print "Warm-up Complete"
def pad(text):
"""
Pads text to be encrypted
"""
pad_length = (blocksize - len(text) % blocksize)
sr = random.StrongRandom()
pad = ''.join(chr(sr.randint(1, 0xFF)) for i in range(pad_length - 1))
# We use chr(0) as a delimiter between text and padding
return text + chr(0) + pad
def _cacu_ans(self, puzzle_attr, server_pk):
if puzzle_attr.get('ans') != None and len(
puzzle_attr["ans"].keys()) > 0:
channel, tmp_ans = random.StrongRandom().choice(
list(puzzle_attr["ans"].items()))
ans = self._exp_and_sqr(server_pk, tmp_ans, puzzle_attr['p'])
ans = self._first_n_bits(ans, 48)
return True, (channel, ans)
else:
return False, ('0', 0)
def sign(message, key, hash_alg):
h = hashes[hash_alg].new(message.encode()).digest()
while True:
k = random.StrongRandom().randint(1, key.key.p-1)
if GCD(k, key.key.p-1) == 1:
break
sign = key.key.sign(h,k)
return {'message': message, 'signature': sign, 'hash_alg':hash_alg}
def dsa_sign(dsakey, message):
dsakey = DSA.construct(dsakey)
h = SHA.new(message).digest()
k = random.StrongRandom().randint(1, dsakey.q-1)
sign = dsakey.sign(h,k)
sign_r = sign[0].to_bytes(20, 'big')
sign_s = sign[1].to_bytes(20, 'big')
signature = struct.pack('<B', 4 + len(sign_r) + len(sign_s)) + b'\x00\x00\x00' + b'\x00' + \
struct.pack('<B', len(sign_r)*8) + sign_r + b'\x00' + struct.pack('<B', len(sign_s)*8) + sign_s
return signature
def create_transaction(self, receiverAddress, amount, password):
"""Create a new transaction."""
allDSAKey = CryptoLib.restoreWalletDSAKey(password, self.encryptedDSAKey)
if isinstance(allDSAKey, str):
return "Password Error"
else:
k = random.StrongRandom().randint(1, allDSAKey.q - 1)
senderSignature = allDSAKey.sign(receiverAddress.encode() + str(amount).encode(), k)
newTransaction = Block.Transaction(senderPublicKey=self.myDSAPublicKey, senderSignature=senderSignature,
receiverWallet=receiverAddress, amount=amount)
return newTransaction
def encrypt(lat, lon, key):
"""TODO: Docstring for encrypt.
:arg1: TODO
:returns: TODO
"""
while True:
k = random.StrongRandom().randint(1, key.p-1)
if GCD(k, key.p-1) == 1:
break
return key.encrypt(lat, k)
def sign(self, user_id, record_id):
session = session_class()
digital_sign = session.query(DDigitalSign).filter_by(
doctor_id=user_id, record_id=record_id).first()
if digital_sign is not None:
session.close()
return False, '该病历已被签名'
user = session.query(DUser).filter_by(id=user_id).first()
if user is None:
session.close()
return False, '用户不存在'
info = session.query(DDoctorInfo).filter_by(
id=user.doctor_info_id).first()
if user is None:
session.close()
return False, '用户信息不存在'
private_key = session.query(DPrivateKey).filter_by(
id=info.private_key_id).first()
if private_key is None:
session.close()
return False, '用户密钥不存在'
record = session.query(DMedicalRecord).filter_by(id=record_id).first()
if record is None:
session.close()
return False, '病历不存在'
plain_text = str(record.id) + record.r_name + record.company + str(
record.gender) + record.address + str(record.age) + str(
record.department_id) + record.nation + record.symptom + str(
record.r_date.year) + '.' + str(
record.r_date.month) + '.' + str(
record.r_date.day) + record.conclusion
print(len(plain_text), plain_text)
hashed_text = SHA256.new(plain_text.encode('utf-8')).digest()
print(len(hashed_text), hashed_text)
key = DSA.construct((int(private_key.key_y), int(private_key.key_g),
int(private_key.key_p), int(private_key.key_q),
int(private_key.key_x)))
k = random.StrongRandom().randint(1, key.q - 1)
sign = key.sign(hashed_text, k)
sign_data = DDigitalSign(doctor_id=user_id,
record_id=record_id,
sign_1=str(sign[0]),
sign_2=str(sign[1]))
try:
session.add(sign_data)
session.commit()
session.close()
return True, '签名成功'
except Exception as e:
print('repr(e):\t', repr(e))
session.rollback()
session.close()
return False, '数据库错误'
def sign(self, h, priv_key=None, nonce=None):
x = self.__x if priv_key is None else priv_key
while True:
k = random.StrongRandom().randint(1, q-1) if nonce is None else nonce
r = pow(g, k, p) % q
s2 = number.inverse(k, q) * (number.bytes_to_long(h) + x * r)
s = pow(k, q-2, q) * (number.bytes_to_long(h) + x * r)
assert(s2 == s)
s = s % q
if r != 0 and s != 0:
self.k = k
return (r, s)
def main():
# Run this until the user exits
while True:
# Take two integers as input
x = int(input("Enter an integer or -1 to exit: "))
if x == -1:
break
y = int(input("Enter another integer: "))
# Generate r for g^r
while 1:
k1 = random.StrongRandom().randint(1, key.p - 1)
if GCD(k1, key.p - 1) == 1:
break
# Encrypt the first integer
encryption_1 = key.encrypt(x, k1)
# Generate another r for g^r
while 1:
k2 = random.StrongRandom().randint(1, key.p - 1)
if GCD(k2, key.p - 1) == 1:
break
# Encrypt the second integer
encryption_2 = key.encrypt(y, k2)
# Make Enc(x)*Enc(y)
mult_enc = (encryption_1[0] * encryption_2[0],
encryption_1[1] * encryption_2[1])
# Decrypt Enc(x)*Enc(y)
new_decryption = key.decrypt(mult_enc)
# Compare the decryption with actual multiplication
if new_decryption != x * y:
print("Encryption not homomorphic")
else:
print(new_decryption, "==", x * y, "Encryption is homomorphic")
def signMessage(privkey,msg,k=None):
'''
create DSA signed message
@arg privkey ... privatekey as DSA obj
@arg msg ... message to sign
@arg k ... override random k
'''
k = k or random.StrongRandom().randint(1, privkey.q-1)
# generate msg hash
# sign the messages using privkey
h = SHA.new(msg).digest()
r,s = privkey.sign(h,k)
return msg,h,(r,s),privkey.publickey()
def initiate_DH(self):
# send first DH parameter to all users
print 'Generating Diffie-Hellman parameters'
self.DH_params = ElGamal.generate(p_size, Random.new().read)
print 'Generated'
params_string = str(self.DH_params.y) + '|' + str(
self.DH_params.g) + '|' + str(self.DH_params.p)
DH_msg1 = DH_INIT + '|' + params_string
self.process_outgoing_message(msg_raw=DH_msg1,
originates_from_console=False)
self.symm_key = number.long_to_bytes(
random.StrongRandom().getrandbits(128))
self.save_symm_key()
def main():
# if g=0, then r=0, s=h/k, verification will always pass, because g**x = 0 forall x
print('=== Forging signature ===')
msg = b"""Hello, world"""
hb = SHA.new(msg).digest()
y = number.bytes_to_long(b'\x08\x4a\xd4\x71\x9d\x04\x44\x95\x49\x6a\x32\x01\xc8\xff\x48\x4f\xeb\x45\xb9\x62\xe7\x30\x2e\x56\xa3\x92\xae\xe4\xab\xab\x3e\x4b\xde\xbf\x29\x55\xb4\x73\x60\x12\xf2\x1a\x08\x08\x40\x56\xb1\x9b\xcd\x7f\xee\x56\x04\x8e\x00\x4e\x44\x98\x4e\x2f\x41\x17\x88\xef\xdc\x83\x7a\x0d\x2e\x5a\xbb\x7b\x55\x50\x39\xfd\x24\x3a\xc0\x1f\x0f\xb2\xed\x1d\xec\x56\x82\x80\xce\x67\x8e\x93\x18\x68\xd2\x3e\xb0\x95\xfd\xe9\xd3\x77\x91\x91\xb8\xc0\x29\x9d\x6e\x07\xbb\xb2\x83\xe6\x63\x34\x51\xe5\x35\xc4\x55\x13\xb2\xd3\x3c\x99\xea\x17')
z = random.StrongRandom().randint(1, q-1)
r = pow(y, z, p) % q
s = (r * number.inverse(z, q)) % q
print('r:', r)
print('s:', s)
myDSA = MyDSASigner()
print("Verification:", myDSA.verify((r, s), hb, y))
def shuffle_decrypt(self, msgs, last=True):
msgs2 = msgs.copy()
msgs3 = []
while msgs2:
n = random.StrongRandom().randint(0, len(msgs2) - 1)
a, b, j, qid = msgs2.pop(n)
clear = self.decrypt((a, b))
if last:
msg = {clear: [j, qid]}
else:
msg = (a, clear, j, qid)
msgs3.append(msg)
return msgs3
def generate(self, hash_function):
data = get_data(self.input_path, 'Data')
modulus = int(int(get_data(self.private_key_path, 'Modulus'), 16))
private_exp = int(
int(get_data(self.private_key_path, 'Private exponent'), 16))
public_exp = int(
int(get_data(self.public_key_path, 'Public exponent').strip(), 16))
private_key_size = get_data(self.private_key_path, 'Key length')
asimmetric_alg = get_data(self.private_key_path, 'Method')
m = hashlib.new(hash_function.get())
m.update(data.encode(encoding='utf-8'))
hash = m.digest()
if (asimmetric_alg == 'RSA'):
RSAEncryptor = RSA.construct((modulus, public_exp, private_exp))
signature = RSAEncryptor.sign(hash, '')[0]
self.signature_second_part = ''
else:
generator = int(
int(get_data(self.private_key_path, 'Generator'), 16))
ElGamalEncryptor = ElGamal.construct(
(modulus, generator, public_exp, private_exp))
while 1:
k = random.StrongRandom().randint(1, int(modulus - 1))
if GCD(k, int(modulus - 1)) == 1: break
signature = ElGamalEncryptor.sign(hash, int(k))
k = signature[1]
signature = signature[0]
self.signature = signature
data = b64encode(data.encode())
signature = hex(signature)
# zapisivanje
file = open(self.signature_path, 'w')
file.write('---BEGIN OS2 CRYPTO DATA---\n')
file.write('Description:\n Signature\n\n')
file.write('File name:\n ')
file.write(self.signature_path)
file.write('\n\nMethod:\n ' + hash_function.get() + '\n ' +
asimmetric_alg)
if asimmetric_alg != 'RSA':
file.write('\n\nSecret number:\n ')
write_to_file(file, str(hex(k).upper()[2:]))
file.write('\n\nKey length:\n ')
file.write(
str(hex(len(hash) * 8)).upper().replace('0X', '') + '\n ')
file.write(private_key_size)
file.write('\n\nData:\n ')
write_to_file(file, data.decode())
file.write('\n\nSignature:\n ')
write_to_file(file, str(signature).upper().replace('0X', ''))
file.write('\n\n---END OS2 CRYPTO DATA---')