def crt(cn1,cn2,cn3):
c1, n1 = cn1
c2, n2 = cn2
c3, n3 = cn3
gcd,x,y = extended_euclidean(n1,n2)
if(gcd != 1):
logging.error("gcd(n1,n2) != 1 ")
return -1
gcd,x,y = extended_euclidean(n1,n3)
if(gcd != 1):
logging.error("gcd(n1,n3) != 1 ")
return -1
gcd,x,y = extended_euclidean(n2,n3)
if(gcd != 1):
logging.error("gcd(n2,n3) != 1 ")
return -1
# section 1
x1 = (n2 * n3)
logging.debug("x1: {x}".format(x=x1))
z = inverse_modulo(x1,n1)
logging.debug("x1,n1^-1 = {z}".format(z=z))
s1 = c1 * x1 * inverse_modulo(x1,n1)
logging.debug("s1: {s}".format(s=s1))
# section 2
x2 = (n1 * n3)
logging.debug("x2: {x}".format(x=x2))
z = inverse_modulo(x2,n2)
logging.debug("x2,n2^-1 = {z}".format(z=z))
s2 = c2 * x2 * z
logging.debug("s2: {s}".format(s=s2))
# section 3
x3 = (n1 * n2)
logging.debug("x3: {x}".format(x=x3))
z = inverse_modulo(x3,n3)
logging.debug("x3,n3^-1 = {z}".format(z=z))
s3 = c3 * x3 * inverse_modulo(x3,n3)
logging.debug("s3: {s}".format(s=s3))
n = n1 * n2 * n3
r = (s1 + s2 + s3) % n
return r, n
def dsa_sign_insecure(pkey, msg):
p, q, g, key = pkey
r = 0
k = 0
s = 0
while s == 0:
while r == 0:
k = random.randint(1, pow(2, 16))
r = modexp(g, k, p) % q
h = hashlib.sha1(msg).digest()
h = str2int16(h)
np1 = inverse_modulo(k, q)
np2 = (h + r * key) % q
s = (np1 * np2) % q
return (r, s, k)
def dsa_verify(pkey, sig, msg):
p, q, g, key = pkey
r, s = sig
if r < 0 or r > q:
return False
if s < 0 or s > q:
return False
w = inverse_modulo(s, q)
h = int(hashlib.sha1(msg).hexdigest(), 16)
u1 = (h * w) % q
u2 = (r * w) % q
# (A*B) Mod C == (A Mod C * B Mod C ) Mod C
part1 = modexp(g, u1, p)
part2 = modexp(key, u2, p)
v = ((part1 * part2) % p) % q
logging.debug("v: {}".format(v))
logging.debug("r: {}".format(r))
return v == r
def dsa_sign(pkey, msg, fixedk=0):
p, q, g, key = pkey
r = 0
k = 0
s = 0
while s == 0:
if fixedk:
k = fixedk
r = modexp(g, fixedk, p) % q
else:
while r == 0:
k = random.randint(1, q)
r = modexp(g, k, p) % q
h = hashlib.sha1(msg).digest()
h = str2int16(h)
np1 = inverse_modulo(k, q)
np2 = (h + r * key) % q
s = (np1 * np2) % q
return (r, s, k)
def nonce_recover_key(msg, r, s, q, k):
t = (s * k) - int(hashlib.sha1(msg).hexdigest(), 16)
ir = inverse_modulo(r, q)
x = (t * ir) % q
return x