class oracle:
def __init__(self):
self.rsa = RSA()
self.pub,self.priv = self.rsa.keygen(l=512) # 1024 bits key
def getpubkey(self):
return self.pub
def iseven(self,ct):
return ord(self.rsa.decrypt(ct,self.priv)[-1]) & 1 == 0
def oracle(key, c):
"""
oracle function for c47
"""
rsa = RSA()
try:
m = rsa.decrypt(c, key)
except:
return False
if m[0:2] == '\x00\x02':
return True
return False
#!/usr/bin/env python
from c39 import RSA # RSA
from c36 import i2s, s2i
if __name__ == "__main__":
msg = "attack after the breakfast"
rsa = RSA()
pub,priv = rsa.keygen()
C = rsa.encrypt(msg,pub)
assert rsa.decrypt(C,priv) == msg, "bug in my RSA, decryption didn't provide the same clear text"
S = 3 # lowest possible S
C1 = list() # the cipher text is a list
for ct in C: # lets iterate over the ciphertext
C1.append(i2s((pow(S,pub[0],pub[1])*s2i(ct)) % pub[1])) #
if C1 != C: # the C1 has to be different the C
P1 = rsa.decrypt(C1,priv)
print i2s((s2i(P1)/S)%pub[1])
else:
print "something wrong C1 and C should be different"
def verify(self,msg,sign,key):
pkcs15 = PKCS15()
rsa = RSA()
dgst = hashlib.sha1(message).digest()
return pkcs15.unpad("\x00"+rsa.decrypt(sign,key)) == dgst
if count % 10 == 0:
sys.stdout.write("%s \r" % (count))
sys.stdout.flush()
count += 1
return s1
if __name__ == "__main__":
rsa = RSA()
pkcs = PKCS15t2()
# clear text message
text = "kick it, CC"
# 256 bit key generation
(pubkey, prvkey) = rsa.keygen(256)
# padding PKCS#1 1.5
m = pkcs.pad(text, len(i2s(pubkey[1])))
# encrypting
c = rsa.encrypt(m, pubkey)
m1 = rsa.decrypt(c, prvkey)
assert (m == "\x00"+m1), "PKCS#1 1.5 implementation failure"
assert (text == pkcs.unpad("\x00"+m1)), "RSA implementation failure"
# Bleichenbacher
print b_step2a(pubkey, prvkey, c, oracle)
