-
Notifications
You must be signed in to change notification settings - Fork 18
/
rocatest.py
38 lines (31 loc) · 1.11 KB
/
rocatest.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
#!/usr/bin/python
import sys
# Credit: https://crypto.stackexchange.com/questions/52292/what-is-fast-prime
#https://gist.github.com/marcan/fc87aa78085c2b6f979aefc73fdc381f
generators = [
(2, 11), (6, 13), (8, 17), (9, 19), (3, 37), (26, 53), (20, 61), (35, 71),
(24, 73), (13, 79), (6, 97), (51, 103), (53, 107), (54, 109), (42, 127),
(50, 151), (78, 157),
]
# Precalculate residues to speed up check
# -> calculate all possible n mod p where n ^ r mod p = 1
tests = []
for r, p in generators:
l = []
for i in range(p):
if (i ** r) % p == 1:
l.append(i)
tests.append((p, set(l)))
# tests is equivalent to the original test masks,
# minus red herring entries with all bits set
# Equivalent to the original implementation
def is_vulnerable(modulus):
return all(modulus % p in l for p, l in tests)
# Slower version, but using the generators directly with no precalc
def is_vulnerable_slower(modulus):
return all(pow(modulus, r, p) == 1 for r, p in generators)
if __name__ == "__main__":
if is_vulnerable(int(sys.argv[1],0)):
print("Vuln!")
else:
print("OK!")