Exemplo n.º 1
0
    def test_gauntlet(self):
        for _ in range(10):
            bits = max(16, Bytes.random(2).int() >> 4)
            rsa = RSA(bits, e=65537)

            for _ in range(10):
                plaintext = Bytes.random((bits // 8) - 1)
                ciphertext = rsa.encrypt(plaintext)

                self.assertEqual(
                    rsa.decrypt(ciphertext).zfill(len(plaintext)), plaintext)
Exemplo n.º 2
0
    def _run_oaep(self, e, d, modulus, bits, message, seed,
                  expected_ciphertext):
        rsa = RSA(bits)
        rsa.e = e
        rsa.d = d
        rsa.n = modulus

        oaep = OAEP(rsa.bits)
        padded_plain = oaep.pad(message, seed=seed)
        ciphertext = Bytes(rsa.encrypt(padded_plain))

        self.assertEqual(ciphertext, expected_ciphertext)
        self.assertEqual(oaep.unpad(rsa.decrypt(ciphertext.int())), message)
Exemplo n.º 3
0
    def test_kat(self):
        plaintext = Bytes(
            0xEB7A19ACE9E3006350E329504B45E2CA82310B26DCD87D5C68F1EEA8F55267C31B2E8BB4251F84D7E0B2C04626F5AFF93EDCFB25C9C2B3FF8AE10E839A2DDB4CDCFE4FF47728B4A1B7C1362BAAD29AB48D2869D5024121435811591BE392F982FB3E87D095AEB40448DB972F3AC14F7BC275195281CE32D2F1B76D4D353E2D
        )
        ciphertext = 0x1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955
        modulus = 0xBBF82F090682CE9C2338AC2B9DA871F7368D07EED41043A440D6B6F07454F51FB8DFBAAF035C02AB61EA48CEEB6FCD4876ED520D60E1EC4619719D8A5B8B807FAFB8E0A3DFC737723EE6B4B7D93A2584EE6A649D060953748834B2454598394EE0AAB12D7B61A51F527A9A41F6C1687FE2537298CA2A8F5946F8E5FD091DBDCB
        prime = 0xC97FB1F027F453F6341233EAAAD1D9353F6C42D08866B1D05A0F2035028B9D869840B41666B42E92EA0DA3B43204B5CFCE3352524D0416A5A441E700AF461503
        e = 17

        rsa = RSA(512, p=prime, q=modulus // prime, e=e)

        self.assertEqual(rsa.decrypt(ciphertext), plaintext)
        self.assertEqual(rsa.encrypt(plaintext), ciphertext)
Exemplo n.º 4
0
    def test_recover_plaintext(self):
        rsa = RSA(2048)
        oaep = OAEP(rsa.bits)

        plaintext = b'Super secret ;)'
        padded_plain = oaep.pad(plaintext)
        ciphertext = Bytes(rsa.encrypt(padded_plain))

        def oracle_func(attempt):
            pt = rsa.decrypt(attempt.int())
            try:
                oaep.unpad(pt, True)
                return False
            except ValueError as e:
                return "First byte is not zero" in str(e)
            except Exception as e:
                print(e)
                return False

        oracle = PaddingOracle(oracle_func)
        attack = MangersAttack(oracle, rsa)
        recovered_plaintext = oaep.unpad(attack.execute(ciphertext))
        self.assertEqual(recovered_plaintext, plaintext)