#include "../lib/lib.h" #include "../lib/lib2.h" #include "../lib/lib3.h" #include "../lib/lib4.h" #include "../lib/lib5.h" #include "../lib/lib6.h" /** * you do not have the secrect key to sign the message * but you try to find a number which gives a "valid" padding * if the number is e-th rooted * to verfiy the signature the message is exponiated with e * when this didn't wrap around then it is a "valid" padding * * make the littlest possible number and exponiated it with e * hope that it did not wrap around and the e-th root is * **/ int main() { struct rsa_key_bignum public, private; SHA1Context sha1; BIGNUM *mess = BN_new(); BIGNUM *forged = BN_new(); BIGNUM *signed_mess = BN_new(); BIGNUM *restored = BN_new(); out = BIO_new(BIO_s_file()); BIO_set_fp(out, stdout, BIO_NOCLOSE); ctx = BN_CTX_new(); char *str_mess = "hi mom"; char *sha1_hash[20]; int pk_mess_len = 20 + strlen(str_mess) + 4 + 50; char *pk_mes = malloc(pk_mess_len); rsa_generate_key_bignum(&public, &private); SHA1Reset(&sha1); SHA1Input(&sha1, str_mess, strlen(str_mess)); SHA1Result(&sha1); memcpy(sha1_hash, &(sha1.Message_Digest), 20); pk_mes[0] = 0x00; pk_mes[1] = 0x01; pk_mes[2] = 0xff; pk_mes[3] = 0x00; memcpy(&pk_mes[4], sha1_hash, 20); // does this padding verify? printf("padding verfied: %i\n", shitty_pkcs1_5_padding_verify(pk_mes, pk_mess_len, str_mess)); BN_bin2bn(pk_mes, pk_mess_len, mess); // sign with knowing the private key //rsa_encrypt_bignum(mess, signed_mess, &private); // "sign" without knowing the private key BIGNUM *n3 = BN_new(); BN_set_word(n3, 3); nth_root_bignum(signed_mess, mess, n3); // verfiy rsa_decrypt_bignum(signed_mess, restored, &public); char *rest_mess = malloc(BN_num_bytes(restored)); BN_bn2bin(restored, rest_mess); printf("\nverfied after cube root and exp: %i\n", shitty_pkcs1_5_padding_verify(rest_mess, BN_num_bytes(restored), str_mess)); printf("padding from better verifier function: %i\n", pkcs1_5_padding_verify(pk_mes, pk_mess_len, str_mess)); }