1
import os
2
import sys
3
from math import gcd
4
from random import getrandbits
5
from random import randrange
6
from unittest import TestCase
7

8
path = os.path.dirname(os.path.dirname(os.path.realpath(os.path.abspath(__file__))))
9
if sys.path[1] != path:
10
    sys.path.insert(1, path)
11

12
from attacks.elgamal_signature import nonce_reuse
13

14

15
class TestElgamalSignature(TestCase):
16
    def test_nonce_reuse(self):
17
        # Safe prime.
18
        p = 16902648776703029279
19
        g = 3
20
        x = randrange(1, p - 1)
21
        k = p - 1
22
        while gcd(k, p - 1) != 1:
23
            k = randrange(2, p - 1)
24

25
        r = pow(g, k, p)
26
        m1 = getrandbits(p.bit_length())
27
        s1 = pow(k, -1, p - 1) * (m1 - r * x) % (p - 1)
28
        m2 = getrandbits(p.bit_length())
29
        s2 = pow(k, -1, p - 1) * (m2 - r * x) % (p - 1)
30
        for k_, x_ in nonce_reuse.attack(p, m1, r, s1, m2, r, s2):
31
            self.assertIsInstance(k_, int)
32
            self.assertIsInstance(x_, int)
33
            if k_ == k and x_ == x:
34
                break
35
        else:
36
            self.fail()
37

38