def build_vectors(fips_vectors):
vectors = defaultdict(list)
for vector in fips_vectors:
vectors[vector['digest_algorithm']].append(vector['message'])
for digest_algorithm, messages in vectors.items():
if digest_algorithm not in HASHLIB_HASH_TYPES:
continue
yield ""
yield "[K-256,{0}]".format(digest_algorithm)
yield ""
for message in messages:
# Make a hash context
hash_func = TruncatedHash(HASHLIB_HASH_TYPES[digest_algorithm]())
# Sign the message using warner/ecdsa
secret_key = SigningKey.generate(curve=SECP256k1)
public_key = secret_key.get_verifying_key()
signature = secret_key.sign(message, hashfunc=hash_func,
sigencode=sigencode_der)
r, s = sigdecode_der(signature, None)
yield "Msg = {0}".format(hexlify(message))
yield "d = {0:x}".format(secret_key.privkey.secret_multiplier)
yield "Qx = {0:x}".format(public_key.pubkey.point.x())
yield "Qy = {0:x}".format(public_key.pubkey.point.y())
yield "R = {0:x}".format(r)
yield "S = {0:x}".format(s)
yield ""
def build_vectors(fips_vectors):
vectors = defaultdict(list)
for vector in fips_vectors:
vectors[vector["digest_algorithm"]].append(vector["message"])
for digest_algorithm, messages in vectors.items():
if digest_algorithm not in HASHLIB_HASH_TYPES:
continue
yield ""
yield "[K-256,{0}]".format(digest_algorithm)
yield ""
for message in messages:
# Make a hash context
hash_func = TruncatedHash(HASHLIB_HASH_TYPES[digest_algorithm]())
# Sign the message using warner/ecdsa
secret_key = SigningKey.generate(curve=SECP256k1)
public_key = secret_key.get_verifying_key()
signature = secret_key.sign(
message, hashfunc=hash_func, sigencode=sigencode_der
)
r, s = sigdecode_der(signature, None)
yield "Msg = {0}".format(hexlify(message))
yield "d = {0:x}".format(secret_key.privkey.secret_multiplier)
yield "Qx = {0:x}".format(public_key.pubkey.point.x())
yield "Qy = {0:x}".format(public_key.pubkey.point.y())
yield "R = {0:x}".format(r)
yield "S = {0:x}".format(s)
yield ""
def sign(self, msg):
if self.hash_alg.digest_size * 8 > self.prepared_key.curve.key_size:
raise TypeError("this curve (%s) is too short "
"for your digest (%d)" % (self.prepared_key.curve.name,
8*self.hash_alg.digest_size))
signature = self.prepared_key.sign(msg, ec.ECDSA(self.hash_alg()))
order = (2 ** self.prepared_key.curve.key_size) - 1
return sigencode_string(*sigdecode_der(signature, order), order=order)
def sign(self, msg):
if self.hash_alg.digest_size * 8 > self.prepared_key.curve.key_size:
raise TypeError("this curve (%s) is too short "
"for your digest (%d)" % (self.prepared_key.curve.name,
8*self.hash_alg.digest_size))
signature = self.prepared_key.sign(msg, ec.ECDSA(self.hash_alg()))
order = (2 ** self.prepared_key.curve.key_size) - 1
return sigencode_string(*sigdecode_der(signature, order), order=order)
def sigdecode_der_canonize(signature, n):
"""
Decodes a signature that is encoded using canonical DER
:param signature: signature (bytes)
:param n: order of G, means that n * G = 0 (integer)
:return: r, s (integer)
"""
r, s = sigdecode_der(signature, n)
if (n - s) > n / 2:
return r, (n - s)
return r, s
def sign_digest(hash_hex, privkey_hex, hashfunc=hashlib.sha256):
"""
Given a digest and a private key, sign it.
Return the base64-encoded signature
"""
assert isinstance(hash_hex, (str, unicode))
hash_hex = str(hash_hex)
pk_uncompressed_hex, pubk_uncompressed_hex = get_uncompressed_private_and_public_keys(privkey_hex)
sk = SigningKey.from_string(pk_uncompressed_hex.decode('hex'), curve=SECP256k1)
sig_bin = sk.sign_digest(hash_hex.decode('hex'), sigencode=sigencode_der)
sig_r, sig_s = sigdecode_der( sig_bin, SECP256k1.order )
sigb64 = encode_signature(sig_r, sig_s)
return sigb64
from binascii import hexlify
from hashlib import sha256
import base64
from ecdsa import curves
from ecdsa import SigningKey
from ecdsa.util import sigencode_der
from ecdsa.util import sigdecode_der
from ecdsa.numbertheory import inverse_mod
n = curves.SECP256k1.order
msg1 = 'aaaaa'
sig1 = base64.b64decode(
'MEUCIC+L3k0aByCTVbSnJQpcUSjoi4S93GGat8uo1WmyQO/kAiEAlprboJJ/k+etngA4FXCtMtAF887l4HUECf0G9BM4pnY='
)
sig1 = sigdecode_der(sig1, n)
print "(r1, s1):"
print sig1
msg2 = 'bbbbb'
sig2 = base64.b64decode(
'MEUCIC+L3k0aByCTVbSnJQpcUSjoi4S93GGat8uo1WmyQO/kAiEArTDUzY1BoJHy+DEuLhdJakeQS3INvsR7C2L92wlf8TM='
)
sig2 = sigdecode_der(sig2, n)
print "(r1, s2):"
print sig2
r1 = sig1[0]
s1 = sig1[1]
z1 = int(hexlify(sha256(msg1).digest()), 16)
r2 = sig2[0]
def sig_der_to_string(sig, order):
r, s = sigdecode_der(sig, order)
return sigencode_string(r, s, order)
a = '''
|\\
| \\
()########| ==========================================================*
| /
|/
made by duckie
(github.com/not-duckie)
'''
print(a)
cookie1 = 'ZHVja2llMS0tMEUCIFy98GRuXbTqo5jzZfLqeg49QZt%2BAzDjnOkr3e3KxPm8AiEA5reRV9y7xia8Ciw5EFFDyjb36kK3BCF76Nsb%2FwwZuw0%3D'
m1, sig1 = base64.b64decode(urllib.parse.unquote(cookie1)).split(b'--')
r1, s1 = util.sigdecode_der(sig1, SECP256k1.order)
hash1 = sha256(m1).hexdigest()
cookie2 = 'ZHVja2llMi0tMEUCIFy98GRuXbTqo5jzZfLqeg49QZt%2BAzDjnOkr3e3KxPm8AiEAkLAQI7d4djNdpMf3V%2Ftje2oOa%2BB8waWFbcilXmak2II%3D'
m2, sig2 = base64.b64decode(urllib.parse.unquote(cookie2)).split(b'--')
r2, s2 = util.sigdecode_der(sig2, SECP256k1.order)
hash2 = sha256(m2).hexdigest()
#Start the attack
privateKeyCalculation = attack(SECP256k1.order, (r1, s1), (r2, s2), hash1,
hash2)
print('=' * 25)
print('The private key calculated is: {}'.format(privateKeyCalculation))
print('=' * 25)
'''
this is ruby code i wrote to generate the cookie.