Пример #1
0
import dsa
import rsa

p = 0x800000000000000089e1855218a0e7dac38136ffafa72eda7859f2171e25e65eac698c1702578b07dc2a1076da241c76c62d374d8389ea5aeffd3226a0530cc565f3bf6b50929139ebeac04f48c3c84afb796d61e5a4f9a8fda812ab59494232c7d2b4deb50aa18ee9e132bfa85ac4374d7f9091abc3d015efc871a584471bb1
q = 0xf4f47f05794b256174bba6e9b396a7707e563c5b

if __name__ == '__main__':
    # er, g = 0 means all signature r values will be 0 -- signature generation won't halt
    # because that case is detected and retried with another k value
    #
    # for signature validation, the signature is rejected early because r < 1

    group = dsa.group(p, q, p + 1)
    pub, priv = dsa.gen_pair(group)

    z = 1
    y = pub[1]

    r = pow(y, z, group.p) % group.q
    zinv = rsa.invmod(z, group.q)
    s = (r * zinv) % group.q
    magic_sig = (r, s)

    dsa.verify_sha1(pub, magic_sig, 'hello world')
    dsa.verify_sha1(pub, magic_sig, 'goodbye world')
    print 'ok'
Пример #2
0
import dsa
import rsa

p = 0x800000000000000089e1855218a0e7dac38136ffafa72eda7859f2171e25e65eac698c1702578b07dc2a1076da241c76c62d374d8389ea5aeffd3226a0530cc565f3bf6b50929139ebeac04f48c3c84afb796d61e5a4f9a8fda812ab59494232c7d2b4deb50aa18ee9e132bfa85ac4374d7f9091abc3d015efc871a584471bb1
q = 0xf4f47f05794b256174bba6e9b396a7707e563c5b

if __name__ == '__main__':
    # er, g = 0 means all signature r values will be 0 -- signature generation won't halt
    # because that case is detected and retried with another k value
    #
    # for signature validation, the signature is rejected early because r < 1
    
    group = dsa.group(p, q, p + 1)
    pub, priv = dsa.gen_pair(group)
    
    z = 1
    y = pub[1]
    
    r = pow(y, z, group.p) % group.q
    zinv = rsa.invmod(z, group.q)
    s = (r * zinv) % group.q
    magic_sig = (r, s)
    
    dsa.verify_sha1(pub, magic_sig, 'hello world')
    dsa.verify_sha1(pub, magic_sig, 'goodbye world')
    print 'ok'
Пример #3
0
import dsa

p = 0x800000000000000089e1855218a0e7dac38136ffafa72eda7859f2171e25e65eac698c1702578b07dc2a1076da241c76c62d374d8389ea5aeffd3226a0530cc565f3bf6b50929139ebeac04f48c3c84afb796d61e5a4f9a8fda812ab59494232c7d2b4deb50aa18ee9e132bfa85ac4374d7f9091abc3d015efc871a584471bb1
q = 0xf4f47f05794b256174bba6e9b396a7707e563c5b
g = 0x5958c9d3898b224b12672c0b98e06c60df923cb8bc999d119458fef538b8fa4046c8db53039db620c094c9fa077ef389b5322a559946a71903f990f1f7e0e025e2d7f7cf494aff1a0470f5b64c36b625a097f1651fe775323556fe00b3608c887892878480e99041be601a62166ca6894bdd41a7054ec89f756ba9fc95302291

y = 0x84ad4719d044495496a3201c8ff484feb45b962e7302e56a392aee4abab3e4bdebf2955b4736012f21a08084056b19bcd7fee56048e004e44984e2f411788efdc837a0d2e5abb7b555039fd243ac01f0fb2ed1dec568280ce678e931868d23eb095fde9d3779191b8c0299d6e07bbb283e6633451e535c45513b2d33c99ea17
hash_x = '0954edd5e0afe5542a4adf012611a91912a3ec16'

group = dsa.group(p, q, g)

if __name__ == '__main__':
    # smoke test
    pub, priv = dsa.gen_pair(group)
    msg = 'fart'
    sig = dsa.sign_sha1(priv, msg)
    dsa.verify_sha1(pub, sig, msg)
    
    msg = "For those that envy a MC it can be hazardous to your health\nSo be friendly, a matter of life and death, just like a etch-a-sketch\n"
    pub = (group, y)
    sig = (548099063082341131477253921760299949438196259240, 857042759984254168557880549501802188789837994940)
    dsa.verify_sha1(pub, sig, msg)
    
    # brute force value for k
    for k in range(0, 2**16):
        x = dsa.recover_x_given_sig_k(group, k, sig, msg)
        
        # check using known hash (could also use pubkey = g^x mod p)
        if dsa.sha1('%x' % x).hexdigest() == hash_x:
            print 'k: 0x%x, x: 0x%x' % (k, x)
            break
Пример #4
0
         s=506591325247687166499867321330657300306462367256,
         r=51241962016175933742870323080382366896234169532,
         m='bc7ec371d951977cba10381da08fe934dea80314'),
    dict(msg='Where me a born in are de one Toronto, so ',
         s=458429062067186207052865988429747640462282138703,
         r=228998983350752111397582948403934722619745721541,
         m='d6340bfcda59b6b75b59ca634813d572de800e8f')
]

if __name__ == '__main__':
    pub = (group, y)

    # check signatures for sanity
    for s in sigs:
        sig = (s['r'], s['s'])
        dsa.verify_sha1(pub, sig, s['msg'])

    # look at all pairs for signatures and see if key falls out
    for i1, d1 in enumerate(sigs):
        for i2, d2 in enumerate(sigs):
            if i1 == i2:
                continue
            m1 = dsa.hash(d1['msg'])
            m2 = dsa.hash(d2['msg'])
            s1 = d1['s']
            s2 = d2['s']

            sd = (s1 - s2) % group.q
            invsd = rsa.invmod(sd, group.q)
            k = (((m1 - m2) % group.q) * invsd) % group.q
Пример #5
0
       r = 51241962016175933742870323080382366896234169532,
       m = 'bc7ec371d951977cba10381da08fe934dea80314'),
       
  dict(msg = 'Where me a born in are de one Toronto, so ',
       s = 458429062067186207052865988429747640462282138703,
       r = 228998983350752111397582948403934722619745721541,
       m = 'd6340bfcda59b6b75b59ca634813d572de800e8f')
]

if __name__ == '__main__':
    pub = (group, y)
    
    # check signatures for sanity
    for s in sigs:
        sig = (s['r'], s['s'])
        dsa.verify_sha1(pub, sig, s['msg'])
    
    # look at all pairs for signatures and see if key falls out
    for i1, d1 in enumerate(sigs):
        for i2, d2 in enumerate(sigs):
            if i1 == i2:
                continue
            m1 = dsa.hash(d1['msg'])
            m2 = dsa.hash(d2['msg'])
            s1 = d1['s']
            s2 = d2['s']
            
            sd = (s1 - s2) % group.q
            invsd = rsa.invmod(sd, group.q)
            k = (((m1 - m2) % group.q) * invsd) % group.q