def do_dsa_g0(message_hash):
x = 8675309
k = 24601
y = mypow(prob45_g0, x, prob45_p)
r = mypow(prob45_g0, k, prob45_p) % prob45_q
s = (invmod(k, prob45_p) * (message_hash + x * r)) % prob45_q
return (y, r, s)
def do_dsa_g0(message_hash):
x = 8675309;
k = 24601;
y = mypow(prob45_g0, x, prob45_p);
r = mypow(prob45_g0, k, prob45_p) % prob45_q;
s = (invmod(k, prob45_p) * (message_hash + x*r)) % prob45_q;
return (y,r,s)
def validate_dsa_g1(y, r, s, message_hash):
w = invmod(s, prob45_q)
u1 = (message_hash * w) % prob45_q
u2 = (r * w) % prob45_q
v = (mypow(prob45_g1, u1, prob43_p) * mypow(y, u2, prob45_p) %
prob45_p) % prob45_q
return v == r
def generate_rsa_key(bits, e=65537):
result = {"e": e}
p = (e + 1)
q = (e + 1)
while ((p % e) == 1):
p = generatePrime(bits // 2)
while ((q % e) == 1):
q = generatePrime(bits // 2)
result["p"] = p
result["q"] = q
result["N"] = p * q
result["d"] = invmod(e, (p - 1) * (q - 1))
return result
def generate_rsa_key(bits, e=65537):
result = { "e" : e }
p = (e+1)
q = (e+1)
while ((p % e) == 1):
p = generatePrime(bits//2);
while ((q%e) == 1):
q = generatePrime(bits//2);
result["p"] = p;
result["q"] = q;
result["N"] = p*q;
result["d"] = invmod(e, (p-1)*(q-1));
return result;
def do_unpadded_rsa_attack():
rsaparams = generate_rsa_key(2048);
e = rsaparams['e']
N = rsaparams['N']
messageBytes = b'Oh captain my captain'
messageInt = int.from_bytes(messageBytes, byteorder="big")
capturedCipher = capture_ciphertext(messageInt, N, e);
S = 8675309
C_prime = (mypow(S, e, N) * capturedCipher) % N;
P_prime = decrypt_cipher(C_prime, rsaparams);
plain = (P_prime * invmod(S, N)) % N;
assert(plain == messageInt);
def do_unpadded_rsa_attack():
rsaparams = generate_rsa_key(2048)
e = rsaparams['e']
N = rsaparams['N']
messageBytes = b'Oh captain my captain'
messageInt = int.from_bytes(messageBytes, byteorder="big")
capturedCipher = capture_ciphertext(messageInt, N, e)
S = 8675309
C_prime = (mypow(S, e, N) * capturedCipher) % N
P_prime = decrypt_cipher(C_prime, rsaparams)
plain = (P_prime * invmod(S, N)) % N
assert (plain == messageInt)
def validate_dsa_g1(y, r, s, message_hash):
w = invmod(s, prob45_q);
u1 = (message_hash * w) % prob45_q;
u2 = (r*w) % prob45_q;
v = (mypow(prob45_g1, u1, prob43_p) * mypow(y, u2, prob45_p) % prob45_p) % prob45_q
return v == r;
def get_dsa_key_from_known_k(r, s, k, msg_hash, q=prob43_q):
top = ((s*k) - msg_hash) % q;
x = top * invmod(r, q);
return x;
def recover_dsa_k(hash1, hash2, r1, s1, r2, s2, q=prob43_q):
top = (hash1 - hash2) % q;
k = top * invmod((s1 - s2)%q, q);
return k;
def recover_dsa_k(hash1, hash2, r1, s1, r2, s2, q=prob43_q):
top = (hash1 - hash2) % q
k = top * invmod((s1 - s2) % q, q)
return k
def get_dsa_key_from_known_k(r, s, k, msg_hash, q=prob43_q):
top = ((s*k) - msg_hash) % q;
x = top * invmod(r, q);
return x;