Curve25519 ECDH (Using bn.c)

```\$ a="486662"; b="1"; p="57896044618658097711785492504343953926634992332820282019728792003956564819949"
\$ x="9"; y="43114425171068552920764898935933967039370386198203806730763910166200978582548"
\$ ./ec.out "\$a" "\$b" "\$p" "\$x" "\$y"

1*(y^2) = x^3 + 486662*(x^2) + x (mod 57896044618658097711785492504343953926634992332820282019728792003956564819949)
25401056036235045220436215630227531782477232918721757282083167532085
* P(x, y) = (9, 43114425171068552920764898935933967039370386198203806730763910166200978582548)

= Q(x, y) = (2152181765955508802144811366391548358206596269149408838626058763387933371482, 11578758651574146923540708489424215527254544219548915855368449621649032022464)

\$ ./ec.out "\$a" "\$b" "\$p" "\$x" "\$y"

1*(y^2) = x^3 + 486662*(x^2) + x (mod 57896044618658097711785492504343953926634992332820282019728792003956564819949)
14923829837058818803507170043209691418601607100463140519943405743260
* P(x, y) = (9, 43114425171068552920764898935933967039370386198203806730763910166200978582548)

= Q(x, y) = (10616717952671290844210554362351196131260739681824015303968067548318407877443, 44474405861832920486283648404346377112839096552743000067399554821542048806382)

\$ x="10616717952671290844210554362351196131260739681824015303968067548318407877443"; y="44474405861832920486283648404346377112839096552743000067399554821542048806382"
\$ ./ec.out "\$a" "\$b" "\$p" "\$x" "\$y" "25401056036235045220436215630227531782477232918721757282083167532085"

1*(y^2) = x^3 + 486662*(x^2) + x (mod 57896044618658097711785492504343953926634992332820282019728792003956564819949)
25401056036235045220436215630227531782477232918721757282083167532085
* P(x, y) = (10616717952671290844210554362351196131260739681824015303968067548318407877443, 44474405861832920486283648404346377112839096552743000067399554821542048806382)

= Q(x, y) = (5796465362698668629448044005371479448781495853974848652041497206752313461872, 30198337259834952114045673142150509214022566212693868468740722556827195886413)

\$ x="2152181765955508802144811366391548358206596269149408838626058763387933371482"; y="11578758651574146923540708489424215527254544219548915855368449621649032022464"
\$ ./ec.out "\$a" "\$b" "\$p" "\$x" "\$y" "14923829837058818803507170043209691418601607100463140519943405743260"

1*(y^2) = x^3 + 486662*(x^2) + x (mod 57896044618658097711785492504343953926634992332820282019728792003956564819949)
14923829837058818803507170043209691418601607100463140519943405743260
* P(x, y) = (2152181765955508802144811366391548358206596269149408838626058763387933371482, 11578758651574146923540708489424215527254544219548915855368449621649032022464)

= Q(x, y) = (5796465362698668629448044005371479448781495853974848652041497206752313461872, 30198337259834952114045673142150509214022566212693868468740722556827195886413)

\$
```
```#include "bn.c"

struct ecurve {
bnum *a, *b, *p, *x, *y;
};

#define ecc struct ecurve

struct ectemp {
bnum *i, *s, *xr, *yr;
bnum *t, *u, *v;
bnum *w, *h, *g;
};

#define ect struct ectemp

ecc *ecinit(bnum *a, bnum *b, bnum *p, bnum *x, bnum *y)
{
ecc *r = malloc(1 * sizeof(ecc));
r->a = a; r->b = b; r->p = p;
r->x = x; r->y = y;
return r;
}

ecc *ecdup(ecc *e)
{
ecc *r = malloc(1 * sizeof(ecc));
r->a = bndup(e->a); r->b = bndup(e->b); r->p = bndup(e->p);
r->x = bndup(e->x); r->y = bndup(e->y);
return r;
}

void ecfree(ecc *e)
{
bnfree(e->a); bnfree(e->b); bnfree(e->p);
bnfree(e->x); bnfree(e->y);
free(e);
}

void ecout(int d, char *s, ecc *e, char *t)
{
char *a = bnstr(e->a), *b = bnstr(e->b), *p = bnstr(e->p);
char *x = bnstr(e->x), *y = bnstr(e->y);
char as[2], bs[2];
as[0] = '+'; as[1] = '\0';
bs[0] = '\0'; bs[1] = '\0';
if ((e->a)->sign == 1) { as[0] = '-'; }
if ((e->b)->sign == 1) { bs[0] = '-'; }
if (d == 1) { printf("  %s%s*(y^2) = x^3 %s %s*(x^2) + x (mod %s)\n", bs, b, as, a, p); }
printf("%s", s);
printf("(x, y) = (%s, %s)", x, y);
printf("%s", t);
free(a); free(b); free(p);
free(x); free(y);
}

ect *etinit(ecc *e)
{
ect *t = malloc(1 * sizeof(ect));
int ss = max(1, (e->b)->size);
ss = max(((e->a)->size * 2) + 2, ((e->p)->size * 2) + 2);
ss = max(((e->x)->size * 2) + 2, ((e->y)->size * 2) + 2);
t->i = bninit(ss); t->s = bninit(ss); t->xr = bninit(ss); t->yr = bninit(ss);
t->t = bninit(ss); t->u = bninit(ss); t->v = bninit(ss);
int tt = ((ss * 2) + 2);
t->w = bninit(tt); t->h = bninit(tt); t->g = bninit(tt + 4);
return t;
}

void etfree(ect *t)
{
bnfree(t->i); bnfree(t->s); bnfree(t->xr); bnfree(t->yr);
bnfree(t->t); bnfree(t->u); bnfree(t->v);
bnfree(t->w); bnfree(t->h); bnfree(t->g);
free(t);
}

// modular multiplicative inverse

void egcd(bnum *a, bnum *b, bnum *g)
{
int size = ((a->size + b->size) * 3);
// s = 0; news = 1
bnum *s = bninit(size);
bnum *news = bninit(size); news->nums[0] = 1;
// r = b; newr = a
bnum *r = bninit(size); bncopy(b, r);
bnum *newr = bninit(size); bncopy(a, newr);
// init some temp vars
bnum *prev = bninit(size), *quot = bninit(size), *temp = bninit(size);
while ((r->leng > 1) || (r->nums[0] > 0))
{
// quot = (newr / r)
if ((r->leng == 1) && (r->nums[0] < 3))
{
bncopy(newr, quot);
if (r->nums[0] > 1) { bnrshift(quot, 1); }
}
else { bndiv(newr, r, quot, temp); }
// prev = s
bncopy(s, prev);
// s = (news - (quot * prev))
bnzero(temp); bnmul(quot, prev, temp);
bnsub(news, temp, s, 0);
// news = prev
bncopy(prev, news);
// prev = r
bncopy(r, prev);
// r = (newr - (quot * prev))
bnzero(temp); bnmul(quot, prev, temp);
bnsub(newr, temp, r, 0);
// newr = prev
bncopy(prev, newr);
}
if (news->sign == 1)
{
// news = news + b
}
bncopy(news, g);
bnfree(s); bnfree(news);
bnfree(r); bnfree(newr);
bnfree(prev); bnfree(quot); bnfree(temp);
}

// modular square root

int sqrtmod(bnum *a, bnum *p, bnum *r)
{
bnum *o = bninit(1);
o->nums[0] = 1; o->leng = 1; o->sign = 0;

// legendre symbol
// define if a is a quadratic residue modulo odd prime

// g = (p - 1) / 2

// p - 1
bnum *qq = bndup(p);
bnsub(qq, o, qq, 1);
// (p - 1) / 2
bnum *g = bndup(qq);
bnrshift(g, 1);

// l = pow(a, g, p)

// pow(a, g, p)
bnum *l = bninit(max(max(a->size, g->size), p->size) * 3);
bnpowmod(a, g, p, l);
if (bncmp(l, qq) == 0)
{
bnfree(o); bnfree(qq); bnfree(g); bnfree(l);
return -1;
}

// factor p - 1 on the form q * (2 ^ s) (with Q odd)
// q = p - 1; s = 0
bnum *q = bndup(qq);
bnum *s = bninit(p->size);
while ((q->nums[0] % 2) == 0)
{
// s += 1; q /= 2
bnrshift(q, 1);
}

// select a z which is a quadratic non resudue modulo p
// z = 1
bnum *z = bninit(p->size);
z->nums[0] = 1; z->leng = 1; z->sign = 0;
while (1)
{
// while (lsym(z, p) != -1)
bnpowmod(z, g, p, l);
if (bncmp(l, qq) == 0) { break; }
// z += 1
}
// c = pow(z, q, p)
bnum *c = bninit(max(max(z->size, q->size), p->size) * 3);
bnpowmod(z, q, p, c);

// search for a solution
// f = ((q + 1) / 2)
bnum *f = bndup(q);
bnadd(f, o, f, 1); bnrshift(f, 1);
// x = pow(a, f, p)
bnpowmod(a, f, p, r);
// t = pow(a, q, p)
bnum *t = bninit(max(max(a->size, q->size), p->size) * 3);
bnpowmod(a, q, p, t);
// m = s
bnum *m = bninit(p->size), *i = bninit(p->size), *e = bninit(p->size);
bncopy(s, m);
// u = 2
bnum *u = bninit(1);
u->nums[0] = 2; u->leng = 1; u->sign = 0;
bnum *b = bninit(p->size * 4), *v = bninit(p->size * 4), *w = bninit(p->size * 4);
while ((t->leng > 1) || (t->nums[0] != 1))
{
// find the lowest i such that t ^ (2 ^ i) = 1
// i = 1; e = 2
i->nums[0] = 1; i->leng = 1; i->sign = 0;
e->nums[0] = 2; e->leng = 1; e->sign = 0;
while (bncmp(i, m) < 0)
{
bnpowmod(t, e, p, l);
if ((l->leng == 1) && (l->nums[0] == 1)) { break; }
bnlshift(e, 1);
}
// update next value to iterate
// (m - i - 1)
bnsub(m, i, v, 0);
bnsub(v, o, v, 0);
// 2 ^ (m - i - 1)
bnpowmod(u, v, p, l);
// b = (c ^ (2 ^ (m - i - 1))) % p
bnpowmod(c, l, p, b);
// x = ((x * b) % p)
bnzero(v); bnmul(r, b, v);
bndiv(v, p, w, r);
// b = (b * b) % p
bnzero(v); bnmul(b, b, v);
bndiv(v, p, w, b);
// t = ((t * b) % p)
bnzero(v); bnmul(t, b, v);
bndiv(v, p, w, t);
// c = b; m = i
bncopy(b, c);
bncopy(i, m);
}

bnfree(o); bnfree(qq); bnfree(g); bnfree(l);
bnfree(q); bnfree(s); bnfree(z); bnfree(c);
bnfree(f); bnfree(t); bnfree(m);
bnfree(i); bnfree(e); bnfree(b);
bnfree(u); bnfree(v); bnfree(w);

// r = [x, p - x]

return 0;
}

// montgomery curve arithmetic

void nmod(bnum *a, bnum *b)
{
if (a->sign == 1) { bnadd(b, a, a, 0); }
}

void pdub(ecc *p, ecc *r, ect *t)
{
// printf("2P=\n");

// l = 3*x^2 + 2*a*x + 1 / 2*b*y

// x^2
bnzero(t->w); bnmul(p->x, p->x, t->w); bndiv(t->w, p->p, t->t, t->v);
// 3*x^2
// 2*a*x
bnzero(t->h); bnmul(p->a, p->x, t->h); bnlshift(t->h, 1);
bndiv(t->h, p->p, t->t, t->u); nmod(t->u, p->p);
// 3*x^2 + 2*a*x + 1
int x, o = 1;
for (x = 0; (x < (t->g)->leng) && (o == 1); ++x)
{
o = 0; if ((t->g)->nums[x] == 0xffffffff) { o = 1; } (t->g)->nums[x] += 1;
}
if (o == 1) { (t->g)->nums[x] = 1; (t->g)->leng += 1; }
bndiv(t->g, p->p, t->t, t->yr);
// 1 / 2*b*y
bnzero(t->w); bnmul(p->b, p->y, t->w); bnlshift(t->w, 1);
bndiv(t->w, p->p, t->t, t->u); nmod(t->u, p->p); egcd(t->u, p->p, t->i);
// 3*x^2 + 2*a*x + 1 / 2*b*y
bnzero(t->w); bnmul(t->yr, t->i, t->w); bndiv(t->w, p->p, t->t, t->s);

// xr = b*l^2 - a - 2*x

// l^2
bnzero(t->g); bnmul(t->s, t->s, t->g);
// b*l^2 - a
bnzero(t->w); bnmul(p->b, t->g, t->w);
bnsub(t->w, p->a, t->w, 0);
// 2*x
bnzero(t->h); bncopy(p->x, t->h); bnlshift(t->h, 1);
// b*l^2 - a - 2*x
bnsub(t->w, t->h, t->w, 0);
bndiv(t->w, p->p, t->t, t->xr); nmod(t->xr, p->p);

// yr = ((3*x + a) * l) - b*l^3 - y

// (3*x + a) * l
bndiv(t->w, p->p, t->t, t->u); nmod(t->u, p->p);
bnzero(t->w); bnmul(t->u, t->s, t->w);
// l^3
bncopy(t->g, t->h);
bnzero(t->g); bnmul(t->h, t->s, t->g); bndiv(t->g, p->p, t->t, t->u);
// b*l^3
bnzero(t->h); bnmul(p->b, t->u, t->h);
bndiv(t->h, p->p, t->t, t->u); nmod(t->u, p->p);
// ((3*x + a) * l) - b*l^3 - y
bnsub(t->w, t->u, t->w, 0); bnsub(t->w, p->y, t->w, 0);
bndiv(t->w, p->p, t->t, t->yr); nmod(t->yr, p->p);

(t->xr)->leng = (p->p)->size; bncopy(t->xr, r->x);
(t->yr)->leng = (p->p)->size; bncopy(t->yr, r->y);
}

void padd(ecc *p, ecc *q, ecc *r, ect *t)
{
// printf("P+Q=\n");

// l = (Qy - Py) / (Qx - Px)

// Qy - Py
bnsub(q->y, p->y, t->yr, 0);
// Qx - Px
bnsub(q->x, p->x, t->xr, 0);
bndiv(t->xr, p->p, t->t, t->u); nmod(t->u, p->p);
// 1 / (Qx - Px)
egcd(t->u, p->p, t->i);
// (Qy - Py) / (Qx - Px)
bnzero(t->w); bnmul(t->yr, t->i, t->w);
bndiv(t->w, p->p, t->t, t->s);

// xr = b*l^2 - a - Px - Qx

// b*l^2 - a - Px - Qx
bnzero(t->w); bnmul(t->s, t->s, t->w);
bnzero(t->g); bnmul(p->b, t->w, t->g);
bnsub(t->g, p->a, t->g, 0);
bnsub(t->g, p->x, t->g, 0);
bnsub(t->g, q->x, t->g, 0);
bndiv(t->g, p->p, t->t, t->xr); nmod(t->xr, p->p);

// yr = ((2*Px + Qx + a) * l) - b*l^3 - Py

// 2*Px + Qx + a
bndiv(t->t, p->p, t->u, t->v); nmod(t->v, p->p);
// (2*Px + Qx + a) * l
bnzero(t->w); bnmul(t->v, t->s, t->w); bndiv(t->w, p->p, t->t, t->u);
// b*l^3
bnzero(t->w); bnmul(t->s, t->s, t->w);
bnzero(t->g); bnmul(t->w, t->s, t->g); bndiv(t->g, p->p, t->t, t->v);
bnzero(t->w); bnmul(t->v, p->b, t->w);
// ((2*Px + Qx + a) * l) - b*l^3 - Py
bnsub(t->u, t->w, t->v, 0);
bnsub(t->v, p->y, t->v, 0);
bndiv(t->v, p->p, t->t, t->yr); nmod(t->yr, p->p);

(t->xr)->leng = (p->p)->size; bncopy(t->xr, r->x);
(t->yr)->leng = (p->p)->size; bncopy(t->yr, r->y);
}

void pmul(bnum *m, ecc *p, ecc *r)
{
int init = 0;
bnum *mul = bndup(m);
ecc *b = ecdup(p);
ect *t = etinit(p);
while ((mul->leng > 1) || (mul->nums[0] > 0))
{
if ((mul->nums[0] % 2) == 1)
{
if (init == 0)
{
bnfree(r->x); r->x = bndup(b->x);
bnfree(r->y); r->y = bndup(b->y);
}
else
{
}
init = 1;
}
pdub(b, b, t);
bnrshift(mul, 1);
}
bnfree(mul);
ecfree(b);
etfree(t);
}

```

bn.c – A Basic Big Number/Integer Calculator

```\$ time ./bn.out
35052111338673026690212423937053328511880760811579981620642802346685810623109850235943049080973386241113784040794704193978215378499765413083646438784740952306932534945195080183861574225226218879827232453912820596886440377536082465681750074417459151485407445862511023472235560823053497791518928820272257787786
^
89489425009274444368228545921773093919669586065884257445497854456487674839629818390934941973262879616797970608917283679875499331574161113854088813275488110588247193077582527278437906504015680623423550067240042466665654232383502922215493623289472138866445818789127946123407807725702626644091036502372545139713
%
145906768007583323230186939349070635292401872375357164399581871019873438799005358938369571402670149802121818086292467422828157022922076746906543401224889672472407926969987100581290103199317858753663710862357656510507883714297115637342788911463535102712032765166518411726859837988672111837205085526346618740053
=
1976620216402300889624482718775150

real	0m0.783s
user	0m0.774s
sys	0m0.005s
```
```struct bigint {
int sign, leng, size;
unsigned int *nums;
};

#define bnum struct bigint

int min(int a, int b)
{
if (a < b) { return a; }
return b;
}

int max(int a, int b)
{
if (a > b) { return a; }
return b;
}

int oshift(char **a, int b, char c)
{
// right shift string a ("234") and insert overflow char c ('1')
int x, n = (b + 1);
char *s = *a;
s = realloc(s, n * sizeof(char));
for (x = (n - 2); x > 0; --x) { s[x] = s[x - 1]; }
s[0] = c; s[n - 1] = '\0';
*a = s;
return n;
}

char *bnstr(bnum *bint)
{
int x, y, w, z, o, n;
int r = 2, t = 2;
char *result = malloc(r * sizeof(char));
char *twos = malloc(t * sizeof(char));
// result = 0
result[0] = '0'; result[1] = '\0';
// twos = 1
twos[0] = '1'; twos[1] = '\0';
// loop through the bn binary
for (x = 0; x < bint->leng; ++x)
{
for (y = 0; y < 32; ++y)
{
// if bn binary[n] == 1 then add the 2^n to result
if (((bint->nums[x] >> y) & 0x1) == 1)
{
o = 0; w = (t - 2); z = (r - 2);
// if the length of twos is bigger than length of result then realloc result
if (t > r)
{
result = realloc(result, t * sizeof(char));
result[t - 1] = '\0';
r = t;
}
while ((w > -1) || (z > -1))
{
int a = 0; if (w > -1) { a = (twos[w] - '0'); }
int b = 0; if (z > -1) { b = (result[z] - '0'); }
n = (a + b + o);
result[w] = ('0' + (n % 10));
o = (n / 10);
--w; --z;
}
if (o > 0) { r = oshift(&result, r, '0' + o); }
}
// multiply twos * 2
o = 0; w = (t - 2);
while (w > -1)
{
n = (o + ((twos[w] - '0') * 2));
twos[w] = ('0' + (n % 10));
o = (n / 10);
--w;
}
if (o > 0) { t = oshift(&twos, t, '0' + o); }
}
}
free(twos);
return result;
}

void bnout(char *s, bnum *p, char *t)
{
char *o = bnstr(p);
printf("%s[%d][%d][%d]=[%s]%s", s, p->sign, p->leng, p->size, o, t);
free(o);
}

void bnzero(bnum *a)
{
a->sign = 0;
bzero(a->nums, a->size * sizeof(unsigned int));
a->leng = 1;
}

void bncopy(bnum *src, bnum *dst)
{
dst->sign = src->sign;
bcopy(src->nums, dst->nums, src->leng * sizeof(unsigned int));
dst->leng = src->leng;
}

void bnfree(bnum *bint)
{
//todo:zero out all values
free(bint->nums);
free(bint);
}

void bndfree(bnum **bint)
{
bnfree(bint[0]);
bnfree(bint[1]);
free(bint);
}

int bncmp(bnum *a, bnum *b)
{
int x = (a->leng - 1), y = (b->leng - 1);
while ((x > -1) && (a->nums[x] < 1)) { --x; }
while ((y > -1) && (b->nums[y] < 1)) { --y; }
if (x > y) { return 1; }
if (y > x) { return -1; }
while (x > -1)
{
if (a->nums[x] > b->nums[x]) { return 1; }
if (b->nums[x] > a->nums[x]) { return -1; }
--x;
}
return 0;
}

int bnhigh(bnum *a)
{
int x, y, f = 0, hib = -1;
for (x = (a->leng - 1); (x > -1) && (f == 0); --x)
{
for (y = 31; (y > -1) && (f == 0); --y)
{
if (((a->nums[x] >> y) & 0x1) == 1)
{
hib = ((x * 32) + y);
f = 1;
}
}
}
return hib;
}

void bnrshift(bnum *a, int s)
{
int x, leng = 0, i = (s / 32);
s = (s % 32);
for (x = 0; x < (a->leng - i); ++x)
{
if (i > 0)
{
a->nums[x] = a->nums[x + i];
}
if (s > 0)
{
if (x > 0)
{
a->nums[x - 1] = ((a->nums[x] << (32 - s)) | a->nums[x - 1]);
if (a->nums[x - 1] > 0) { leng = x; }
}
a->nums[x] = (a->nums[x] >> s);
}
if (a->nums[x] > 0) { leng = (x + 1); }
}
if (leng < 1)
{
a->nums[0] = 0;
leng = 1;
}
a->leng = leng;
}

void bnlshift(bnum *a, int s)
{
int x, o = 0, i = (s / 32);
unsigned int over = (a->nums[a->leng - 1] >> (32 - (s % 32)));
s = (s % 32);
// check to see if the left shift will have any carry over bits
if ((s > 0) && (over > 0)) { o = 1; }
// pre adjust the size of the bn to hold the left shift bits
if (a->size < (a->leng + o + i))
{
a->size = (a->leng + o + i);
a->nums = realloc(a->nums, a->size * sizeof(unsigned int));
}
a->leng += (o + i);
// shift the bits from left to right (last to first) minus the overflow spot
for (x = (a->leng - o - 1); x > -1; --x)
{
if (i > 0)
{
if ((x - i) > -1) { a->nums[x] = a->nums[x - i]; }
else { a->nums[x] = 0; }
}
if (s > 0)
{
if ((x + 1) < (a->leng - o)) { a->nums[x + 1] = (a->nums[x + 1] | (a->nums[x] >> (32 - s))); }
a->nums[x] = (a->nums[x] << s);
}
}
// if we have some overflow bits then set them last now
if (o == 1) { a->nums[a->leng - 1] = over; }
}

bnum *bninit(int ssiz)
{
int x;
bnum *a = malloc(1 * sizeof(bnum));
a->sign = 0; a->leng = 1, a->size = ssiz;
a->nums = malloc(ssiz * sizeof(unsigned int));
for (x = 0; x < ssiz; ++x) { a->nums[x] = 0; }
return a;
}

bnum *bndup(bnum *a)
{
int x;
bnum *r = malloc(1 * sizeof(bnum));
r->sign = a->sign; r->leng = a->leng; r->size = a->size;
r->nums = malloc(a->size * sizeof(unsigned int));
for (x = 0; x < a->size; ++x) { r->nums[x] = a->nums[x]; }
return r;
}

bnum *bndec(char *decstr)
{
int x, y, r, n;
int i = 0;
unsigned long m, l = strlen(decstr);
char numstr[l + 1], outstr[l + 1];
// result = 0
bnum *result = bninit(1);
// copy the input decimal string into a temp num str
strncpy(numstr, decstr, l);
numstr[l] = '\0';
m = l;
// while there are numbers left to be divided by 2
while ((m > 1) || (numstr[0] > '0'))
{
// if we are shifting above 32 bits then append a new bit block
if (i > 31)
{
result->leng += 1; result->size += 1;
result->nums = realloc(result->nums, result->size * sizeof(unsigned int));
result->nums[result->leng - 1] = 0;
i = 0;
}
// divide the number by 2 and store the result in a temp string
r = 0;
outstr[0] = '\0';
for (x = 0, y = 0; (x < m) && (y < l); ++x, ++y)
{
// get the last remainder and the current digit
n = ((r * 10) + (numstr[x] - '0'));
// if the digit num is less than the divider 2 then add on the next digit
if ((n < 2) && ((x + 1) < m) && ((y + 1) < l))
{
n = ((n * 10) + (numstr[x + 1] - '0'));
if (y > 0) { outstr[y] = '0'; ++y; }
++x;
}
// store the division and the remainder
outstr[y] = ('0' + (n / 2));
outstr[y + 1] = '\0';
r = (n % 2);
}
// save the binary result
result->nums[result->leng - 1] = ((r << i) | result->nums[result->leng - 1]);
++i;
// copy the divided result into the temp num str
strncpy(numstr, outstr, l);
numstr[y] = '\0';
m = strlen(numstr);
}
return result;
}

int bnsub(bnum *, bnum *, bnum *, int);

int bnadd(bnum *a, bnum *b, bnum *r, int s)
{
int x = 0, y = 0, z = 0, g = 0;
unsigned int over = 0;
if (s == 0)
{
if ((a->sign == 0) && (b->sign == 1))
{
b->sign = 0;
bnsub(a, b, r, 0); g = r->sign;
b->sign = 1;
r->sign = g;
return 0;
}
else if ((a->sign == 1) && (b->sign == 0))
{
a->sign = 0;
bnsub(b, a, r, 0); g = r->sign;
a->sign = 1;
r->sign = g;
return 0;
}
}
while ((x < a->leng) || (y < b->leng))
{
unsigned int c = 0; if (x < a->leng) { c = a->nums[x]; }
unsigned int d = 0; if (y < b->leng) { d = b->nums[y]; }
unsigned int lo = ((c & 0xffff) + (d & 0xffff) + (over & 0xffff));
unsigned int hi = (((c >> 16) & 0xffff) + ((d >> 16) & 0xffff) + ((over >> 16) & 0xffff) + ((lo >> 16) & 0xffff));
over = ((hi >> 16) & 0xffff);
r->nums[z] = (((hi << 16) & 0xffff0000) | (lo & 0xffff));
++x; ++y; ++z;
}
if (over > 0) { r->nums[z] = over; ++z; }
r->sign = (a->sign | b->sign);
r->leng = z;
return 1;
}

int bnsub(bnum *a, bnum *b, bnum *r, int s)
{
int x = 0, y = 0;
int n = 1, g = 0;
bnum *t = a, *m = b, *temp;
if (s == 0)
{
if ((a->sign == 0) && (b->sign == 1))
{
b->sign = 0;
bnadd(a, b, r, 0); g = r->sign;
b->sign = 1;
r->sign = g;
return 0;
}
else if ((a->sign == 1) && (b->sign == 0))
{
a->sign = 0;
a->sign = 1;
r->sign = 1;
return 0;
}
else if ((a->sign == 1) && (b->sign == 1))
{
t = b; m = a;
}
s = bncmp(t, m);
if (s < 0)
{
g = 1;
temp = t;
t = m;
m = temp;
}
else if (s == 0)
{
r->sign = 0; r->leng = 1;
r->nums[0] = 0;
return 2;
}
}
int indx = -1;
unsigned int over = 0;
while ((x < t->leng) || (y < m->leng))
{
unsigned int c = 0; if (x < t->leng) { c = t->nums[x]; }
unsigned int d = 0; if (y < m->leng) { d = m->nums[y]; }
if (x == indx) { c = over; indx = -1; }
if (c < d)
{
int i = x, z;
for (z = (x + 1); z < t->leng; ++z)
{
if (t->nums[z] > 0)
{
unsigned int hic = ((1 << 16) + (c >> 16)), loc = (c & 0xffff);
unsigned int hid = (d >> 16)              , lod = (d & 0xffff);
if (loc < lod) { hic -= 1; loc += (1 << 16); }
r->nums[i] = (((hic - hid) << 16) + (loc - lod));
indx = z; over = (t->nums[z] - 1);
if (r->nums[i] > 0) { n = max(n, (i + 1)); }
break;
}
++x; ++y;
if (y < m->leng) { r->nums[z] = (0xffffffff - m->nums[y]); }
else { r->nums[z] = 0xffffffff; }
if (r->nums[z] > 0) { n = max(n, (z + 1)); }
}
}
else { r->nums[x] = (c - d); }
if (r->nums[x] > 0) { n = max(n, (x + 1)); }
++x; ++y;
}
r->sign = g;
r->leng = n;
return 1;
}

void bnmul(bnum *a, bnum *b, bnum *r)
{
int x, y;
bnum *dub = bninit(r->size);
bncopy(b, dub);
for (x = 0; x < a->leng; ++x)
{
for (y = 0; y < 32; ++y)
{
if (((a->nums[x] >> y) & 0x1) == 1)
{
}
}
}
r->sign = (a->sign ^ b->sign);
bnfree(dub);
}

void bndiv(bnum *a, bnum *b, bnum *r, bnum *m)
{
int s = 0, d = 0, c = bncmp(a, b);
bnum *t = bninit(max(a->size, b->size) * 2);
bncopy(a, t);
r->nums[0] = 0; r->leng = 1;
m->nums[0] = 0; m->leng = 1;
if (c < 0)
{
//printf("return <\n");
r->nums[0] = 0; r->leng = 1;
bncopy(a, m);
}
else if (c == 0)
{
//printf("return ==\n");
r->nums[0] = 1; r->leng = 1;
m->nums[0] = 0; m->leng = 1;
}
else if ((b->leng == 1) && (b->nums[0] == 0))
{
//printf("return /0!\n");
}
else if (c > 0)
{
int hir = 0;

//printf("> right shift the number to match the divider\n");
int hia = bnhigh(a), hib = bnhigh(b), hid = (hia - hib - 1);
bnrshift(t, hid + 1);
c = bncmp(t, b);
if (c < 0) { s = 1; }

while (1)
{
if (s == 1)
{
//printf("equal bit length but number < divider\n");
int abyte = (hid / 32), abit = (hid % 32);
int bitv = ((a->nums[abyte] & (1 << abit)) >> abit);
bnlshift(t, 1); t->nums[0] |= bitv;
--hid;
if (d > 0) { bnlshift(r, 1); ++hir; }
}
s = 0;

//printf("substract num - div and shift 1 into result\n");
bnsub(t, b, t, 1);
bnlshift(r, 1); r->nums[0] |= 1; ++hir;

int hit = bnhigh(t);
d = 0;
while ((hit < hib) && (hid > -1))
{
int abyte = (hid / 32), abit = (hid % 32);
int diff = min(hib - hit, 32);
if ((hid + 1) >= diff)
{
//printf("large: shift another bit into the number to match the divider\n");
hid -= (diff - 1);
int bbyte = (hid / 32), bbit = (hid % 32);
--hid;
bnlshift(t, diff);
t->nums[0] = (t->nums[0] | ((a->nums[abyte] << (31 - abit)) >> (32 - diff)));
if (abyte != bbyte) { t->nums[0] = (t->nums[0] | (a->nums[bbyte] >> bbit)); }
d += diff;
}
else
{
//printf("small: shift another bit into the number to match the divider\n");
int bitv = ((a->nums[abyte] & (1 << abit)) >> abit);
bnlshift(t, 1); t->nums[0] |= bitv;
--hid;
++d;
}
hit = bnhigh(t);
}
if (d > 1) { bnlshift(r, d - 1); hir += (d - 1); }

//printf("check resulting number and break if done dividing else repeat\n");
c = bncmp(t, b);
if (c < 0)
{
if (hid < 0)
{
//printf("exiting <\n");
if (d > 0) { bnlshift(r, 1); ++hir; }
bncopy(t, m);
break;
}
s = 1;
}
else if (c == 0)
{
if (hid < 0)
{
//printf("exiting ==\n");
bnlshift(r, 1); r->nums[0] |= 1; ++hir;
break;
}
}
}
}
r->sign = (a->sign ^ b->sign);
m->sign = r->sign;
bnfree(t);
}

void bnpowmod(bnum *b, bnum *e, bnum *m, bnum *r)
{
int s = max(max(b->size, e->size), max(m->size, r->size));
bnum *t = bninit(s * 3), *u = bninit(s * 3);
bnum *base = bninit(s * 3), *exp = bninit(s * 3);
bncopy(b, base); bncopy(e, exp);
r->nums[0] = 1; r->leng = 1;
while ((exp->leng > 1) || (exp->nums[0] > 0))
{
if ((exp->nums[0] % 2) == 1)
{
// r = r * base
bnzero(t); bnmul(r, base, t);
// r = r % m
bndiv(t, m, u, r);
}
// exp = exp / 2
bnrshift(exp, 1);
// b = b * b
bnzero(t); bnmul(base, base, t);
// b = b % m
bndiv(t, m, u, base);
}
// free the rest
bnfree(base); bnfree(exp);
bnfree(t); bnfree(u);
}

```

Helping people study – my recurring job in life (Python, Classes, LinkedLists, QuickSort, BinarySearch)

```\$ python study.py
Unsorted:[
{'last': 'Chiappetta', 'user': 'johnny', 'key': 'abcxyz', 'first': 'Jonathan'}
{'last': 'Xray', 'user': 'yx', 'key': 'xy', 'first': 'Yvan'}
{'last': 'Bob', 'user': 'abob', 'key': 'zyxcba', 'first': 'Alex'}
{'last': 'Bob', 'user': 'bchar', 'key': 'hmmm', 'first': 'Charlie'}
]
Sorted:[
{'last': 'Bob', 'user': 'abob', 'key': 'zyxcba', 'first': 'Alex'}
{'last': 'Bob', 'user': 'bchar', 'key': 'hmmm', 'first': 'Charlie'}
{'last': 'Chiappetta', 'user': 'johnny', 'key': 'abcxyz', 'first': 'Jonathan'}
{'last': 'Xray', 'user': 'yx', 'key': 'xy', 'first': 'Yvan'}
]
('Search=Dave:', None)
('Search=Jon:', {'last': 'Chiappetta', 'user': 'johnny', 'key': 'abcxyz', 'first': 'Jonathan'})
('Search=J Chi:', {'last': 'Chiappetta', 'user': 'johnny', 'key': 'abcxyz', 'first': 'Jonathan'})
('Search=J Chip:', None)
```
```class contact:
def __init__(self, firstName, lastName, username, pubKey):
self.data = {"first":firstName, "last":lastName, "user":username, "key":pubKey}
self.next = None

def getData(self):
return self.data

def setData(self, dataContact):
self.data = dataContact

def getNext(self):
return self.next

def setNext(self, nextContact):
self.next = nextContact

class contactList:
def __init__(self):

def append(self, contact):
else:
while (temp.getNext() != None):
temp = temp.getNext()
temp.setNext(contact)

def get(self):
contacts = ""
while (temp != None):
contacts += ("  " + str(temp.getData()) + "\n")
temp = temp.getNext()
return ("[\n" + contacts + "]")

def leng(self):
indx = 0
while (temp != None):
indx += 1
temp = temp.getNext()
return indx

def getin(self, gind):
indx = 0
while (temp != None):
if (indx == gind):
return temp
temp = temp.getNext()
indx += 1
return None

def swap(self, a, b):
ac = self.getin(a)
bc = self.getin(b)
temp = ac.getData()
ac.setData(bc.getData())
bc.setData(temp)

def sort(self, beg=-1, end=-1):
if (beg < 0):
beg = 0
if (end < 0):
end = self.leng()
if ((end - beg) < 2):
return 0
pivot = beg
p = self.getin(pivot)
z = p.getData()
indx = (pivot + 1)
hi = -1
while (indx < end):
a = self.getin(indx)
b = a.getData()
if ((b["first"] + b["last"]) < (z["first"] + z["last"])):
if (hi > -1):
self.swap(hi, indx)
hi += 1
else:
if (hi < 0):
hi = indx
indx += 1
if (hi < 0):
hi = (end - 1)
elif (hi > 0):
hi = (hi - 1)
self.swap(pivot, hi)
self.sort(beg, hi)
self.sort(hi + 1, end)

def search(self, fullname, beg=-1, end=-1):
if (beg < 0):
beg = 0
if (end < 0):
end = self.leng()
if ((end - beg) < 1):
return None
fulllist = fullname.split(" ")
fulllist.append("")
first = fulllist[0]; flen = len(first)
last = fulllist[1]; llen = len(last)
mid = (((end - beg) / 2) + beg)
mc = self.getin(mid)
md = mc.getData()
fname = md["first"][:flen]
lname = md["last"][:llen]
if ((fname == first) and (lname == last)):
return mc
if ((fname > first) or (lname > last)):
end = (mid - 1)
mid = -1
elif ((fname < first) or (lname < last)):
beg = (mid + 1)
mid = -1
if (mid != -1):
return None
return self.search(fullname, beg=beg, end=end)

def main():
contactBook = contactList()

newContact = contact("Jonathan", "Chiappetta", "johnny", "abcxyz")
contactBook.append(newContact)

contactBook.append(newContact)

newContact = contact("Yvan", "Xray", "yx", "xy")
contactBook.append(newContact)

newContact = contact("Alex", "Bob", "abob", "zyxcba")
contactBook.append(newContact)

newContact = contact("Charlie", "Bob", "bchar", "hmmm")
contactBook.append(newContact)

print("Unsorted:" + contactBook.get())

contactBook.sort()
print("Sorted:" + contactBook.get())

print("Search=Dave:", contactBook.search("Charlie"))
print("Search=Jon:", contactBook.search("Jon").getData())
print("Search=J Chi:", contactBook.search("J Chi").getData())
print("Search=J Chip:", contactBook.search("J Chip"))

if (__name__ == "__main__"):
main()

```

AES 256 CTR Mode Hash Function

Proof of concept, do not use, just for theory!

With the recent news of SHA1 everybody should be switching to SHA2 or SHA3 by now. I tried turning AES 256 in CTR mode into a 256 bit hash function by XORing the encrypted outputs together. For example, splitting your message into 32 byte blocks and using it as the keys (m0, m1, …, mN):

```hash(m) = [AES256(nonce || counter0, m0) || AES256(nonce || counter1, m0)]
XOR [AES256(nonce || counter2, m1) || AES256(nonce || counter3, m1)]
...
XOR [AES256(nonce || counterN, mN) || AES256(nonce || counterO, mN)]
```
```('test', '8ea2b7ca516745bfeafc49904b496089')
-
('', '09975b45dc8ecebd1519328dbec1c54d66b7fa7a2a4b762368497f81d864819b')
('cba', '76cdfb5e58e06b5bf191656986aa35e405d3f582f307ea3847fe2a48136bf34e')
('the quick brown fox jumps over the lazy dog', '205639b3097f25a1c3a7bee4a3a66c4c3786129dd92c57fdddafc81568ab66f5')
('the quick brown fox jumps over the lazy eog', '3a7a025b5eb99f93caffd09331786cf6a15e1cb5bf41ae68342ea6b2208cf539')
```
```import sys

def subbytes(matrix):
sbox = [0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
]
for i in range(0, len(matrix)):
matrix[i] = sbox[matrix[i]]
return matrix

def transform(matrix):
t = []
y = 0
for x in range(0, 16):
z = (x % 4)
if ((x > 0) and (z == 0)):
y += 1
t.append(matrix[(z * 4) + y])
return t

def shiftrows(matrix):
val = matrix.pop(4)
matrix.insert(7, val)
# end row 1
val = matrix.pop(8)
matrix.insert(11, val)
val = matrix.pop(8)
matrix.insert(11, val)
# end row 2
val = matrix.pop(15)
matrix.insert(12, val)
# end row 3
return matrix

def gmul(a, b):
p = 0
for c in range(0, 8):
if ((b & 1) != 0):
p = (p ^ a)
hi_bit_set = (a & 0x80)
a = ((a << 1) & 0xff)
if (hi_bit_set != 0):
a = (a ^ 0x1b)
b = (b >> 1)
return p

def mixcols(s):
t = []
for c in range(0, 16):
t.append(0)
for c in range(0, 4):
t[c +  0] = (gmul(0x02, s[c + 0]) ^ gmul(0x03, s[c + 4]) ^ s[c + 8] ^ s[c + 12]);
t[c +  4] = (s[c + 0] ^ gmul(0x02, s[c + 4]) ^ gmul(0x03, s[c + 8]) ^ s[c + 12]);
t[c +  8] = (s[c + 0] ^ s[c + 4] ^ gmul(0x02, s[c + 8]) ^ gmul(0x03, s[c + 12]));
t[c + 12] = (gmul(0x03, s[c + 0]) ^ s[c + 4] ^ s[c + 8] ^ gmul(0x02, s[c + 12]));
return t

for i in range(0, 16):
matrix[i] = (matrix[i] ^ keyval[i])
return matrix

def rcon(ind):
c = 1
if (ind == 0):
return 0
while (ind != 1):
c = gmul(c, 2)
ind -= 1
return c

def keycore(subkey, i):
val = subkey.pop(0)
subkey.append(val)
subkey = subbytes(subkey)
subkey[0] = (subkey[0] ^ rcon(i))
return subkey

def keyexp(matrix):
c = 32
i = 1
t = [0, 0, 0, 0]
while (c < 240):
for a in range(0, 4):
t[a] = matrix[a + c - 4]
if ((c % 32) == 0):
t = keycore(t, i)
i += 1
if ((c % 32) == 16):
t = subbytes(t)
for a in range(0, 4):
if (c >= len(matrix)):
matrix.append(0)
matrix[c] = (matrix[c - 32] ^ t[a])
c += 1
return matrix

def hexout(matrix):
o = ""
for d in matrix:
h = hex(d)
h = str(h)
h = h[2:]
if (len(h) < 2):
h = ("0" + h)
o += h
return o

def aescoree(msg, key):
out = []

t = []
i = 0
l = len(key)
for x in range(0, 32):
t.append(0)
if (i < l):
t[x] = ord(key[i])
i += 1
keyval = keyexp(t)

i = 0
l = len(msg)
while (i < l):
input = []
for x in range(0, 16):
input.append(0)
for x in range(0, 16):
if (i < l):
input[x] = ord(msg[i])
i += 1

for r in range(0, 15):
if (r == 0):

if (r > 0):
input = subbytes(input)
input = transform(input)
input = shiftrows(input)

if (r < 14):
input = mixcols(input)

input = transform(input)

if ((r > 0) and (r < 15)):

for o in input:
out.append(o)

return out

def aesctr_hash(message):
x = 0
l = len(message)
n = 0
h = []
c = "aesctrhash31337!"
d = 0
for e in c:
d = ((d << 8) + ord(e))
while ((x == 0) or (x < l)):
u = ((d + n) & 0xffffffffffffffffffffffffffffffff); n += 1
v = ((d + n) & 0xffffffffffffffffffffffffffffffff); n += 1
r = ""
s = ""
while (u > 0):
r = (chr(u & 0xff) + r)
u = (u >> 8)
while (v > 0):
s = (chr(v & 0xff) + s)
v = (v >> 8)
m = message[x:x+32]
a = aescoree(r, m)
b = aescoree(s, m)
t = (a + b)
if (x == 0):
h = t
else:
for i in range(0, 32):
h[i] = (h[i] ^ t[i])
x += 32
print(message, hexout(h))
return h

print("test", hexout(aescoree("\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff", "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f")))
print("-")
aesctr_hash("")
aesctr_hash("a")
aesctr_hash("abc")
aesctr_hash("cba")
aesctr_hash("the quick brown fox jumps over the lazy dog")
aesctr_hash("the quick brown fox jumps over the lazy eog")

```

The Monty Hall Problem

I was watching MythBusters and they visited this problem which at Seneca we discussed briefly as well (I might have done this one before but thought I’d repost it anyway):

1. There are 3 doors, 2 are losers and 1 is a winner
2. You pick a door (2/3 chance it’s a loser)
3. They show you the other loser door (leaving the winner door [1/3 chance] and the loser door [2/3 chance])
4. You decide to switch your door (since it was 2/3 likely you originally chose a losing door and they took the other losing door away, switching increases your odds since the other door is likely to be the winner door)
5. You win! (still a small chance of losing though)

```\$ python monty.py 0 100 1

('Doors:', {1: 'win', 2: 'lose', 3: 'lose'})
('Pick:', 1, 'win')
('Show:', 2, 'lose')
('Final:', 1, 'win')

('Doors:', {1: 'lose', 2: 'lose', 3: 'win'})
('Pick:', 2, 'lose')
('Show:', 1, 'lose')
('Final:', 2, 'lose')

('Doors:', {1: 'lose', 2: 'lose', 3: 'win'})
('Pick:', 1, 'lose')
('Show:', 2, 'lose')
('Final:', 1, 'lose')

('Wins:', 32, '/', 100, '=', 0.32)

\$ python monty.py 1 100 1

('Doors:', {1: 'lose', 2: 'win', 3: 'lose'})
('Pick:', 2, 'win')
('Show:', 1, 'lose')
('Switching:', 2, 'to', 3)
('Final:', 3, 'lose')

('Doors:', {1: 'lose', 2: 'win', 3: 'lose'})
('Pick:', 3, 'lose')
('Show:', 1, 'lose')
('Switching:', 3, 'to', 2)
('Final:', 2, 'win')

('Doors:', {1: 'lose', 2: 'win', 3: 'lose'})
('Pick:', 1, 'lose')
('Show:', 3, 'lose')
('Switching:', 1, 'to', 2)
('Final:', 2, 'win')

('Wins:', 74, '/', 100, '=', 0.74)
```
```import random
import sys
try:
switch = int(sys.argv[1])
except:
switch = 0
try:
rounds = int(sys.argv[2])
except:
rounds = 0
try:
debug = int(sys.argv[3])
except:
debug = 0
wins = 0
for x in range(0, rounds):
doors = ["lose", "lose", "win"]
random.shuffle(doors)
doors = {1:doors[0], 2:doors[1], 3:doors[2]}
if (debug != 0):
print("Doors:", doors)
pick = random.randint(1, 3)
if (debug != 0):
print("Pick:", pick, doors[pick])
show = 1
for k in doors.keys():
if ((k != pick) and (doors[k] == "lose")):
show = k
break
if (debug != 0):
print("Show:", show, doors[show])
if (switch != 0):
for k in doors.keys():
if ((k != pick) and (k != show)):
other = k
break
print("Switching:", pick, "to", other)
pick = other
print("Final:", pick, doors[pick])
if (doors[pick] != "lose"):
wins += 1
if (debug != 0):
print("")
print("")
print("Wins:", wins, "/", rounds, "=", float(wins) / float(rounds))

```

My first “hardware” creation

I normally write about code I find interesting but I got bored at home and decided to make something new and different (for me anyways) [a little Knex V4 engine, no camshaft]:

Updated the crankshaft again to be more realistic:

Updated the crankshaft to run a bit smoother:

Original post:

Numerical divider function

```def div(num, den):
s = str(num); o = ""
x = 0; l = len(s)
f = 0; t = []
while (x < l):
d = int(s[x]); p = o
while (d < den):
if ((x + 1) < l):
d = ((d * 10) + int(s[x + 1]))
x += 1
else:
if (p == ""):
p += "0"
if (not "." in p):
p += "."
f = len(p)
d = (d * 10)
if (d < den):
p += "0"
i = (d / den)
r = (i * den)
if (f > 0):
if (d in t):
p = o[f+t.index(d):]
break
else:
t.append(d)
o = (p + str(i)); p = ""
if (r != d):
s = str(d - r)
x = 0; l = len(s)
else:
x += 1
if (p == ""):
p = "0"
print(str(num) + " / " + str(den) + " = " + o + " (" + p + ") ")
div(2, 4)
div(7, 22)
div(1, 999)
div(22, 7)
div(1, 3)

```
```2 / 4 = 0.5 (0)
7 / 22 = 0.318 (18)
1 / 999 = 0.001 (001)
22 / 7 = 3.142857 (142857)
1 / 3 = 0.3 (3)
```

[boredness] ARC4-drop[8192] cipher based on ROT(256) instead of XOR – don’t ask why! :)

`arc4-drop8192-rot256.py`
```import sys
def ksa(key):
s = []
for i in range(0, 256):
s.append(i)
j = 0
for i in range(0, 256):
j = ((j + s[i] + ord(key[i % len(key)])) % 256)
t = s[i]
s[i] = s[j]
s[j] = t
return s
def rot(inp, num):
t = (inp + num)
while (t > 255):
t = (t % 256)
while (t < 0):
t = (t + 256)
return t
def cipher(inp, key, dir):
i = 0
j = 0
x = 0
s = ksa(key)
o = ""
while (x < 8192):
i = ((i + 1) % 256)
j = ((j + s[i]) % 256)
t = s[i]
s[i] = s[j]
s[j] = t
x += 1
x = 0
while (x < len(inp)):
i = ((i + 1) % 256)
j = ((j + s[i]) % 256)
t = s[i]
s[i] = s[j]
s[j] = t
k = s[(s[i] + s[j]) % 256]
o = (o + chr(rot(ord(inp[x]), dir * k)))
x += 1
return o

```
```\$ echo "secret messageAAAA" | python arc4-drop8192-rot256.py "secret kez" "1" | hexdump -C
00000000  0c 06 1d 6c 9f 24 cb 6e  10 5f 5d 87 10 2e 2b 9a  |...l.\$.n._]...+.|
00000010  90 1c b2                                          |...|
00000013
\$ echo "secret messageAAAA" | python arc4-drop8192-rot256.py "secret kez" "1" | python arc4-drop8192-rot256.py "secret kez" "-1"
secret messageAAAA
```

A small simple SSH log watcher && iptables blocker in Python

```TRYTIME = 8#s
TRYNUMB = 10#x
DROPTIME = 60#s
import os
import re
import signal
import subprocess
import sys
import time
os.system("iptables -F INPUT")
p = subprocess.Popen(["tail", "-n", "0", "-f", sys.argv[1]], stdout=subprocess.PIPE)
h = {}
def chek(i, t):
s = int(time.time())
d = pow(2, i[2] - 1)
if (i[3] > 1):
return 2
if ((i[1] > 0) and (i[2] > 0) and (i[3] > 0) and ((s - i[0]) >= (t * d))):
return 1
return 0
while (1):
q = os.fork()
if (q == 0):
while (1):
s = int(time.time())
for a in h.keys():
if (chek(h[a], DROPTIME) == 1):
c = ("iptables -D INPUT -s '%s' -j DROP > /dev/null 2>&1 ; #for %ds" % (a, DROPTIME * pow(2, h[a][2] - 1)))
print("del",s,c)
os.system(c)
del h[a]
time.sleep(1)
sys.exit(0)
else:
s = int(time.time())
for a in h.keys():
if (chek(h[a], DROPTIME) == 1):
h[a][3] = 2
h[a][0] = s
print("~",s,a,h[a])
if (h[a][3] != 1):
if ((s - h[a][0]) > TRYTIME):
h[a][1] = max(0, h[a][1] - int((s - h[a][0]) / TRYTIME))
h[a][0] = s
if (h[a][1] < 1):
print("x",s,a,h[a])
del h[a]
r = re.match("^.*sshd.*fail.*[^0-9]([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*\$", l, re.I)
if (r):
a = str(r.group(1))
s = int(time.time())
if (not a in h.keys()):
h[a] = [s, 0, 0, 0];#address-string->[last-time,try-number,block-number,state-flag]
if ((s - h[a][0]) <= TRYTIME):
h[a][1] += 1
print("+",s,a,h[a])
if ((s - h[a][0]) > TRYTIME):
h[a][1] = max(1, h[a][1] - int((s - h[a][0]) / TRYTIME))
print("-",s,a,h[a])
if (h[a][1] >= TRYNUMB):
h[a][1] = (int(TRYNUMB / 2) + 1)
h[a][2] += 1
h[a][3] = 1
c = ("iptables -A INPUT -s '%s' -j DROP ; #for %ds" % (a, DROPTIME * pow(2, h[a][2] - 1)))
os.system(c)
h[a][0] = s
try:
os.kill(q, signal.SIGKILL)
except:
pass
try:
os.waitpid(q, 0)
except:
pass

```

python sshipt.py /var/log/auth.log

```('+', 1412665540, '1.93.29.79', [1412665540, 1, 0, 0])
('+', 1412665542, '1.93.29.79', [1412665540, 2, 0, 0])
('+', 1412665544, '1.93.29.79', [1412665542, 3, 0, 0])
('+', 1412665545, '1.93.29.79', [1412665544, 4, 0, 0])
('+', 1412665546, '1.93.29.79', [1412665545, 5, 0, 0])
('+', 1412665547, '1.93.29.79', [1412665546, 6, 0, 0])
('+', 1412665548, '1.93.29.79', [1412665547, 7, 0, 0])
('+', 1412665549, '1.93.29.79', [1412665548, 8, 0, 0])
('+', 1412665551, '1.93.29.79', [1412665549, 9, 0, 0])
('+', 1412665552, '1.93.29.79', [1412665551, 10, 0, 0])
('add', 1412665552, "iptables -A INPUT -s '1.93.29.79' -j DROP ; #for 60s")
```

New Buffalo DD-WRT Config && nix box && dnsmasq-dhcpd-tftpd-pxe

I got a new router (for use with Comcast) and I found a Buffalo one at Frys which runs full DD-WRT. Here is some sample configurations I’m using on it at the moment:

• Home Network Goals: (w/ magic help from AP isolation mode)
• Auths to FreeRADIUS with EAP-TTLS-MSCHAPv2 WPA2-CCMP-AES
• Blocks ARP replies not from the correct modem/server/wifi
• Blocks DHCP replies coming in from the wifi lan
• Maps/learns/watches/monitors ARP replies from the correct clients
• Supports IPv6 wan with the same requirements as above for IPv4

```#!/usr/bin/python
import os
import re
import sys
import subprocess
import time
os.system("rm -fv /root/icmp*")
os.system("tcpdump -lnni br0 icmp6 -s65535 -C 1 -W 3 -w /root/icmp6 &")
hist = []
while (1):
pids = []
for x in range(0, 10):
pobj = subprocess.Popen(["tcpdump", "-lnnr", "/root/icmp6"+str(x)], stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
for line in plis:
line = line.strip()
indx = line.find("who has 2601:9:3400:aa9:1337:")
if ((indx > -1) and (not line in hist)):
neih = subprocess.check_output(["ip", "-6", "neigh", "show"])
pidn = os.fork()
if (pidn == 0):
sys.exit()
else:
pids.append(pidn)
hist.append(line)
while (len(hist) > 1000000):
hist.pop(0)
#print("sleeping...")
time.sleep(5)
for pidn in pids:
try:
os.waitpid(pidn, 0)
except:
pass
```
```#!/bin/bash
while true
do
cat /var/lib/misc/dnsmasq.leases | while read line
do
m=`echo "\$line" | awk '{ print \$2 }'`
i=`echo "\$line" | awk '{ print \$3 }'`
c=`echo "\$i" | grep -i '[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*'`
if [ "\$c" == "" ]
then
continue
fi
arp -s "\$i" "\$m"
done
sleep 5
done
```
```#!/bin/bash

echo > /etc/resolv.conf
echo 'nameserver 4.2.2.1' >> /etc/resolv.conf
echo 'nameserver 8.8.8.8' >> /etc/resolv.conf

ip link set dev br0 up
ip link set dev eth0 up
ip link set dev eth1 up
ip link set dev eth2 up

iptables -F ; iptables -X
iptables -F -t nat ; iptables -X -t nat

ip route add 0.0.0.0/0 via 10.0.0.1

iptables -t nat -A POSTROUTING -o br0 -s 10.10.10.0/24 -j SNAT --to 10.0.0.10

echo 1 > /proc/sys/net/ipv4/ip_forward

ip6tables -F ; ip6tables -X
ip6tables -F -t nat ; ip6tables -X -t nat

ip -6 route add ::/0 via 2601:9:3400:aa9::1

ip6tables -t nat -A POSTROUTING -o br0 -s 1337:1337:1337:1337::/64 -j SNAT --to 1337:1337:1337:1337::1337

echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

cat > /etc/dns.cfg << EOF
interface=eth1
port=0
bind-interfaces
dhcp-range=10.10.10.20,10.10.10.90,24,10.10.10.255,1h
dhcp-range=2601:9:3400:aa9:1337:0000:0000:aaaa,2601:9:3400:aa9:1337:ffff:ffff:cccc,80,1h
dhcp-option=3,10.10.10.10
dhcp-option=6,4.2.2.1,8.8.8.8
enable-ra
EOF

killall tcpdump ; killall tcpdump
killall python ; killall python

/usr/sbin/dnsmasq -C /etc/dns.cfg
/bin/bash /root/sarp.sh &
/usr/bin/python /root/ipvs.py &
```
```#firewall

echo > /etc/resolv.conf
echo 'nameserver 4.2.2.1' >> /etc/resolv.conf
echo 'nameserver 8.8.8.8' >> /etc/resolv.conf

ifconfig br0 2601:9:3400:aa9:1337::7331/80 up
ifconfig vlan4 2601:9:3400:aa9::7331/80 up

route -A inet6 add ::/0 gw 2601:9:3400:aa9:1337::1337

ebtables -F ; ebtables -X
ebtables -t nat -F ; ebtables -t nat -X

iptables -F ; iptables -X
iptables -t nat -F ; iptables -t nat -X
```
```#pxe server install

curl -sL 'http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.71.tar.gz' > dns.tgz
tar -xzvf dns.tgz
cd dnsmasq*
make ; ( echo 'dhcp-leasefile=/tmp/dnsmasq.leases' ; echo 'dhcp-range=10.0.0.20,10.0.0.30,255.255.255.0,1h' ; echo 'dhcp-option=3,10.0.0.10' ; echo 'dhcp-boot=pxelinux.0' ; echo 'enable-tftp' ; echo 'tftp-root=/tmp/tftpd' ) > dns.cfg
mkdir -p /tmp/tftpd

curl -sL 'http://ftp.openbsd.org/pub/OpenBSD/5.5/amd64/pxeboot' > /tmp/tftpd/pxeboot ; curl -sL 'http://ftp.openbsd.org/pub/OpenBSD/5.5/amd64/bsd.rd' > /tmp/tftpd/bsd.rd
cp /tmp/tftpd/bsd.rd /tmp/tftpd/bsd

curl -sL 'http://ftp.nl.debian.org/debian/dists/wheezy/main/installer-amd64/current/images/netboot/netboot.tar.gz' > /tmp/tftpd/netboot.tar.gz
tar -xzvf /tmp/tftpd/netboot.tar.gz -C /tmp/tftpd/ ; cp -frv /tmp/tftpd/debian-installer/amd64/* /tmp/tftpd/

#sudo ifconfig en4 inet 10.0.0.10 netmask 255.255.255.0 up
sudo killall dnsmasq
sudo ./src/dnsmasq -C ./dns.cfg
```

Static Secure ARP UDP Broadcast Client/Server

arp.c

```/*

arm-linux-gnueabi-gcc -static -march=armv7 -o arp.arm arp.c ; chmod 700 arp.arm

./arp.arm "s" "br0" "/jffs/etc/freeradius/users" "10.0.0.20" "10.0.0.200"

gcc -Wall -o arp.xes arp.c ; chmod 700 arp.xes

read -p "pwd: " -s p ; echo ; echo "\$p" | ./arp.xes "c" "en0"

*/

#include <arpa/inet.h>
#include <netinet/in.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <strings.h>
#include <sys/socket.h>
#include <time.h>
#include <unistd.h>

#include "sha256.c"

typedef struct userinfo {
char *i;
unsigned long t, l, a;
} infodata;

void strp(char *cstr, int clen)
{
cstr[clen] = '\0';
while ((clen > 0) && ((cstr[clen-1] == '\r') || (cstr[clen-1] == '\n')))
{
--clen;
}
cstr[clen] = '\0';
}

void safe(char *cstr)
{
char *chrs = "0123456789ABCDEFabcdef.:";
int x, y, l = strlen(cstr), m = strlen(chrs), flag;
for (x = 0; x < l; ++x)
{
flag = 0;
for (y = 0; y < m; ++y)
{
if (chrs[y] == cstr[x])
{
flag = 1;
}
}
if (flag == 0)
{
cstr[x] = '0';
}
}
}

{
unsigned long i = 0;
char *p = NULL, *a = strdup(addr), *t = a;
while (1)
{
p = strchr(a, '.');
if (p != NULL) { *p = '\0'; }
i = ((i << 8) + atoi(a));
a = (p + 1);
if (p == NULL) { break; }
}
free(t);
return i;
}

int sign(char *pmsg, int size, unsigned long pres, char *skey)
{
int x;
char hash[SHA256_LENGTH*4];
unsigned char hout[SHA256_LENGTH];
SHA256_CTX hobj;

snprintf(&(pmsg[strlen(pmsg)]), (size / 4) * sizeof(char), " %ld %s", pres, skey);

SHA256_INIT(&hobj);
SHA256_UPDATE(&hobj, (unsigned char *)pmsg, strlen(pmsg));
SHA256_FINAL(&hobj, hout);
for (x = 0; x < SHA256_LENGTH; ++x)
{
sprintf(&(hash[x*2]), "%02x", hout[x]);
}
hash[SHA256_LENGTH*2] = '\0';

char *rptr = strrchr(pmsg, ' ');
++rptr;
strcpy(rptr, hash);
rptr[SHA256_LENGTH*2] = '\0';

return 0;
}

int vrfy(char *pmsg, int size, char *skey, char *sign, unsigned long rate, unsigned long pres, unsigned long last)
{
int x;
char hash[SHA256_LENGTH*4];
unsigned char hout[SHA256_LENGTH];
SHA256_CTX hobj;

snprintf(&(pmsg[strlen(pmsg)]), (size / 4) * sizeof(char), " %ld %s", pres, skey);

SHA256_INIT(&hobj);
SHA256_UPDATE(&hobj, (unsigned char *)pmsg, strlen(pmsg));
SHA256_FINAL(&hobj, hout);
for (x = 0; x < SHA256_LENGTH; ++x)
{
sprintf(&(hash[x*2]), "%02x", hout[x]);
}
hash[SHA256_LENGTH*2] = '\0';

if (strcmp(hash, sign) != 0) { return -1; }
if ((time(NULL) - rate) < 3) { return -1; }
if (pres <= last) { return -1; }

return 0;
}

int find(infodata *objs, int l, char *i)
{
int x;
for (x = 0; x < l; ++x)
{
if (objs[x].i == NULL) { objs[x].i = strdup(i); return x; }
if (strcmp(objs[x].i, i) == 0) { return x; }
}
return -1;
}

int uniq(infodata *objs, int l, int i, unsigned long a)
{
int x;
for (x = 0; x < l; ++x)
{
if ((x != i) && (objs[x].a == a))
{
return x;
}
}
objs[i].a = a;
return -1;
}

char *gnet(char *intf, char mode)
{
char *info = "ifconfig '%s' | sed -e 's/HWaddr/ether/g' -e 's/addr://g' -e 's/Bcast:/broadcast /g' | %s > /tmp/arp.net";
char *inet = "grep -i 'inet ' | sed -e 's/^.*inet[ ]*\\([^ ]*\\).*\$/\\1/g'";
char *maca = "grep -i 'ether ' | sed -e 's/^.*ether[ ]*\\([^ ]*\\).*\$/\\1/g'";
char *brod = "grep -i 'broadcast ' | sed -e 's/^.*broadcast[ ]*\\([^ ]*\\).*\$/\\1/g'";
char comd[2048];
FILE *fobj;

bzero(comd, 2048 * sizeof(char));

if (mode == 'i') { snprintf(comd, 1024 * sizeof(char), info, intf, inet); }
if (mode == 'm') { snprintf(comd, 1024 * sizeof(char), info, intf, maca); }
if (mode == 'b') { snprintf(comd, 1024 * sizeof(char), info, intf, brod); }

system(comd);

fobj = fopen("/tmp/arp.net", "r");
bzero(comd, 2048 * sizeof(char));
fgets(comd, 1024 * sizeof(char), fobj);
strp(comd, strlen(comd));
fclose(fobj);

return strdup(comd);
}

void serv(char **args)
{
/* note: 256 ip address range limit */

int x, y, rlen, sock, bron = 1;
char pass[2048], mesg[2048], temp[2048], sarp[2048];
infodata last[256];
FILE *fobj;
socklen_t slen;

for (x = 0; x < 256; ++x)
{
last[x].i = NULL; last[x].a = 0;
last[x].t = time(NULL); last[x].l = 0;
}

sock = socket(AF_INET, SOCK_DGRAM, 0);

bzero(&sobj, sizeof(sobj));
sobj.sin_family = AF_INET;
sobj.sin_port = htons(31337);

while (1)
{
slen = sizeof(cobj);
rlen = recvfrom(sock, mesg, 1024 * sizeof(char), 0, (struct sockaddr *)&cobj, &slen);
strp(mesg, rlen);

char *hptr = strrchr(mesg, ' '); if (hptr == NULL) { continue; }
*hptr = '\0'; ++hptr;
char *tptr = strrchr(mesg, ' '); if (tptr == NULL) { continue; }
*tptr = '\0'; ++tptr;

char *mptr = strrchr(mesg, ' '); if (mptr == NULL) { continue; }
*mptr = '\0'; ++mptr;
char *iptr = mesg;

fobj = fopen(args[3], "r");
while (1)
{
bzero(pass, 2048 * sizeof(char));
if (fgets(pass, 1024 * sizeof(char), fobj) == NULL) { break; }

/* note: passwords can not repeat or contain quotes */

if (strstr(pass, "Cleartext-Password") == NULL) { continue; }
char *aptr = strchr(pass, '"'); if (aptr == NULL) { continue; }
++aptr;
char *bptr = strchr(aptr, '"'); if (bptr == NULL) { continue; }
*bptr = '\0';

y = find(last, 256, aptr);
if (y < 0) { continue; }

bzero(temp, 2048 * sizeof(char));
snprintf(temp, 1024 * sizeof(char), "%s %s", iptr, mptr);
secs = atoi(tptr);

if (vrfy(temp, 2048, aptr, hptr, last[y].t, secs, last[y].l) == 0)
{
last[y].t = time(NULL); last[y].l = secs;
safe(iptr); safe(mptr);

if (uniq(last, 256, y, ipvf(iptr)) < 0)
{
{
bzero(sarp, 2048 * sizeof(char));
snprintf(sarp, 1024 * sizeof(char), "arp -d '%s'", iptr);
printf("exec=[%s]\n", sarp);
system(sarp);

bzero(sarp, 2048 * sizeof(char));
snprintf(sarp, 1024 * sizeof(char), "arp -s '%s' '%s'", iptr, mptr);
printf("exec=[%s]\n", sarp);
system(sarp);

bzero(sarp, 2048 * sizeof(char));
sign(sarp, 2048, secs + 1, aptr);

sendto(sock, sarp, strlen(sarp) * sizeof(char), 0, (struct sockaddr *)&cobj, sizeof(cobj));
printf("sent=[%s]\n", sarp);
}

else
{
}
}

else
{
printf("erro=[uniq: %ld]\n", ipvf(iptr));
}
}

else
{
temp[30] = '\0';
//printf("erro=[vrfy: (%s...) (%s) (%ld) (%ld)]\n", temp, hptr, secs, last[y].l);
}
}
fclose(fobj);
}
}

void ahnd(int sig)
{
printf("No mesg\n");
}

void clnt(char **args)
{
int sock, bron = 1;
unsigned long tips, secs;
char pass[2048], mesg[2048], temp[2048], sarp[2048];
socklen_t slen;

//char *brod = "255.255.255.255";
//signal(SIGALRM, ahnd);

struct sigaction sact = { .sa_handler = ahnd, .sa_flags = 0 };
sigaction(SIGALRM, &sact, NULL);

bzero(pass, 2048 * sizeof(char));
fgets(pass, 1024, stdin);
strp(pass, strlen(pass));

while (1)
{

sock = socket(AF_INET, SOCK_DGRAM, 0);

cobj.sin_family = AF_INET;
cobj.sin_port = htons(31337);

bzero(mesg, 2048 * sizeof(char));

secs = time(NULL);
sign(mesg, 2048, secs, pass);

sendto(sock, mesg, strlen(mesg) * sizeof(char), 0, (struct sockaddr*)&cobj, sizeof(cobj));
printf("Sent mesg %s with socket %d to %s\n", mesg, sock, badr);

slen = sizeof(cobj);
bzero(mesg, 2048 * sizeof(char));
alarm(1);
recvfrom(sock, mesg, 1024 * sizeof(char), 0, (struct sockaddr *)&cobj, &slen);
alarm(0);
strp(mesg, strlen(mesg));

char *hptr = strrchr(mesg, ' '); if (hptr != NULL) { *hptr = '\0'; ++hptr; }
char *tptr = strrchr(mesg, ' '); if (tptr != NULL) { *tptr = '\0'; ++tptr; }

char *mptr = strrchr(mesg, ' ');
char *iptr = mesg;

if ((hptr != NULL) && (tptr != NULL) && (mptr != NULL))
{
bzero(temp, 2048 * sizeof(char));
strcpy(temp, mesg);

tips = atoi(tptr);
*mptr = '\0'; ++mptr;

if (vrfy(temp, 2048, pass, hptr, time(NULL) - 5, tips, secs) == 0)
{
safe(iptr); safe(mptr);

bzero(sarp, 2048 * sizeof(char));
snprintf(sarp, 1024 * sizeof(char), "arp -d '%s'", iptr);
printf("exec=[%s]\n", sarp);
system(sarp);

bzero(sarp, 2048 * sizeof(char));
snprintf(sarp, 1024 * sizeof(char), "arp -s '%s' '%s'", iptr, mptr);
printf("exec=[%s]\n", sarp);
system(sarp);
}

else
{
temp[30] = '\0';
//printf("erro=[vrfy: (%s...) (%s) (%s) (%ld) (%ld)]\n", temp, pass, hptr, tips, secs);
}
}

close(sock);
//break;
sleep(5);
}
}

int main(int argc, char **argv)
{
if (strcmp(argv[1], "s") == 0)
{
serv(argv);
}

if (strcmp(argv[1], "c") == 0)
{
clnt(argv);
}

return 0;
}
```

sha256.c

```#define SHA256_LENGTH 32

#define uchar unsigned char // 8-bit byte
#define uint unsigned int // 32-bit word

// DBL_INT_ADD treats two unsigned ints a and b as one 64-bit integer and adds c to it
#define DBL_INT_ADD(a,b,c) if (a > 0xffffffff - (c)) ++b; a += c;
#define ROTLEFT(a,b) (((a) << (b)) | ((a) >> (32-(b))))
#define ROTRIGHT(a,b) (((a) >> (b)) | ((a) << (32-(b))))

#define CH(x,y,z) (((x) & (y)) ^ (~(x) & (z)))
#define MAJ(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
#define EP0(x) (ROTRIGHT(x,2) ^ ROTRIGHT(x,13) ^ ROTRIGHT(x,22))
#define EP1(x) (ROTRIGHT(x,6) ^ ROTRIGHT(x,11) ^ ROTRIGHT(x,25))
#define SIG0(x) (ROTRIGHT(x,7) ^ ROTRIGHT(x,18) ^ ((x) >> 3))
#define SIG1(x) (ROTRIGHT(x,17) ^ ROTRIGHT(x,19) ^ ((x) >> 10))

typedef struct {
uchar data[64];
uint datalen;
uint bitlen[2];
uint state[8];
} SHA256_CTX;

uint k[64] = {
0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
};

void SHA256_TRANSFORM(SHA256_CTX *ctx, uchar data[])
{
uint a,b,c,d,e,f,g,h,i,j,t1,t2,m[64];

for (i=0,j=0; i < 16; ++i, j += 4)
m[i] = (data[j] << 24) | (data[j+1] << 16) | (data[j+2] << 8) | (data[j+3]);
for ( ; i < 64; ++i)
m[i] = SIG1(m[i-2]) + m[i-7] + SIG0(m[i-15]) + m[i-16];

a = ctx->state[0];
b = ctx->state[1];
c = ctx->state[2];
d = ctx->state[3];
e = ctx->state[4];
f = ctx->state[5];
g = ctx->state[6];
h = ctx->state[7];

for (i = 0; i < 64; ++i) {
t1 = h + EP1(e) + CH(e,f,g) + k[i] + m[i];
t2 = EP0(a) + MAJ(a,b,c);
h = g;
g = f;
f = e;
e = d + t1;
d = c;
c = b;
b = a;
a = t1 + t2;
}

ctx->state[0] += a;
ctx->state[1] += b;
ctx->state[2] += c;
ctx->state[3] += d;
ctx->state[4] += e;
ctx->state[5] += f;
ctx->state[6] += g;
ctx->state[7] += h;
}

void SHA256_INIT(SHA256_CTX *ctx)
{
ctx->datalen = 0;
ctx->bitlen[0] = 0;
ctx->bitlen[1] = 0;
ctx->state[0] = 0x6a09e667;
ctx->state[1] = 0xbb67ae85;
ctx->state[2] = 0x3c6ef372;
ctx->state[3] = 0xa54ff53a;
ctx->state[4] = 0x510e527f;
ctx->state[5] = 0x9b05688c;
ctx->state[6] = 0x1f83d9ab;
ctx->state[7] = 0x5be0cd19;
}

void SHA256_UPDATE(SHA256_CTX *ctx, uchar data[], uint len)
{
uint i;

for (i=0; i < len; ++i) {
ctx->data[ctx->datalen] = data[i];
ctx->datalen++;
if (ctx->datalen == 64) {
SHA256_TRANSFORM(ctx,ctx->data);
ctx->datalen = 0;
}
}
}

void SHA256_FINAL(SHA256_CTX *ctx, uchar hash[])
{
uint i;

i = ctx->datalen;

// Pad whatever data is left in the buffer.
if (ctx->datalen < 56) {
ctx->data[i++] = 0x80;
while (i < 56)
ctx->data[i++] = 0x00;
}
else {
ctx->data[i++] = 0x80;
while (i < 64)
ctx->data[i++] = 0x00;
SHA256_TRANSFORM(ctx,ctx->data);
memset(ctx->data,0,56);
}

// Append to the padding the total message's length in bits and transform.
ctx->data[63] = ctx->bitlen[0];
ctx->data[62] = ctx->bitlen[0] >> 8;
ctx->data[61] = ctx->bitlen[0] >> 16;
ctx->data[60] = ctx->bitlen[0] >> 24;
ctx->data[59] = ctx->bitlen[1];
ctx->data[58] = ctx->bitlen[1] >> 8;
ctx->data[57] = ctx->bitlen[1] >> 16;
ctx->data[56] = ctx->bitlen[1] >> 24;
SHA256_TRANSFORM(ctx,ctx->data);

// Since this implementation uses little endian byte ordering and SHA uses big endian,
// reverse all the bytes when copying the final state to the output hash.
for (i=0; i < 4; ++i) {
hash[i]    = (ctx->state[0] >> (24-i*8)) & 0x000000ff;
hash[i+4]  = (ctx->state[1] >> (24-i*8)) & 0x000000ff;
hash[i+8]  = (ctx->state[2] >> (24-i*8)) & 0x000000ff;
hash[i+12] = (ctx->state[3] >> (24-i*8)) & 0x000000ff;
hash[i+16] = (ctx->state[4] >> (24-i*8)) & 0x000000ff;
hash[i+20] = (ctx->state[5] >> (24-i*8)) & 0x000000ff;
hash[i+24] = (ctx->state[6] >> (24-i*8)) & 0x000000ff;
hash[i+28] = (ctx->state[7] >> (24-i*8)) & 0x000000ff;
}
}

```

First post from California!

Well, I just relocated to California to start a new career for a well known & respected tech company. Everything so far has been great (weather, people, food, work) except for one thing, the cost of living! I thought people were kinda joking when they warned me but it’s absolutely insane out here. If you take the Americana Apartments for example, they quoted their lowest 1 bedroom for \$2480 per month. The representative said that in order to qualify, you must earn 3x that amount in monthly salary (before taxes of course). So let’s see, the minimum yearly wage must be at least, \$2480 * 3x * 12m = \$89,280! (let’s call it 90 even with utilities, electric, water, garbage, insurance, etc). In addition, in order to reserve a place, you must put down: first (\$2480), last (\$2480), deposit (\$500), utilities (\$125), insurance (\$20), a bed, internet, etc… which comes out to be over \$5,600 of initial payment.

I’m finding it really hard to find places which aren’t built like resorts (pools, hot tubs, lounge chairs, ping pong tables, pool tables, rec rooms, common areas, bars, etc.) and places which aren’t in rough areas, old buildings, poorly maintained, etc. There doesn’t seem to be much middle ground available unless you spend your whole day looking around at every possible option.

Anyway, I guess at the end of the day I’m lucky to be where I am but yeah, it’s kinda crazy out here to be honest! Hopefully I can get back to some useful open source coding again once I get settled in. 🙂

Still Attempting For Good End-To-End Encryption For Gmail (it’s taking time tho)

Don’t trust web based secure email, one cannot verify if the delivery of a web page has been modified or not given today’s tools. A powerful adversary could MITM an HTTPS connection with a valid, signed CA cert and there are no tools today which can provably validate that the integrity of a web page has not been modified since it left the server and entered your browser. I’m trying to work on a client based solution compatible with Gmail but it’s taking me time, I keep getting distracted by other things going on. Anyway, here’s a random post in case I need a fast stream cipher similar to ARC4 but with better security.

ChaCha Python

```import hashlib
class chacha:
def p(self, a, i):
return ((ord(a[i]) << 24) + (ord(a[i+1]) << 16) + (ord(a[i+2]) << 8) + ord(a[i+3]))
def r(self, a, n):
return ((a << n) & 0xffffffff) | (a >> (32 - n))
def z(self, a, b):
return ((a + b) & 0xffffffff)
def u(self, m, x, k, y):
c = ""
for i in range(0, 4):
c += chr(ord(m[x+i]) ^ ((k[y] >> (i*8)) & 0xff))
return c
def __init__(self, k, r=20):
self.pt = [0x61707865, 0x3120646e, 0x79622d36, 0x6b206574]
self.ps = [0x61707865, 0x3320646e, 0x79622d32, 0x6b206574]
self.rs = r
l = len(k)
if (l == 16):
self.skey = [
self.pt[0], self.pt[1], self.pt[2], self.pt[3],
self.p(k, 0), self.p(k, 4), self.p(k, 8), self.p(k, 12),
self.p(k, 0), self.p(k, 4), self.p(k, 8), self.p(k, 12),
0x0, 0x0, 0x0, 0x0
]
if (l == 32):
self.skey = [
self.ps[0], self.ps[1], self.ps[2], self.ps[3],
self.p(k,  0), self.p(k,  4), self.p(k,  8), self.p(k, 12),
self.p(k, 16), self.p(k, 20), self.p(k, 24), self.p(k, 28),
0x0, 0x0, 0x0, 0x0
]
def qrrd(self, x, a, b, c, d):
x[a] = self.z(x[a], x[b]); x[d] = (x[d] ^ x[a]); x[d] = self.r(x[d], 16)
x[c] = self.z(x[c], x[d]); x[b] = (x[b] ^ x[c]); x[b] = self.r(x[b], 12)
x[a] = self.z(x[a], x[b]); x[d] = (x[d] ^ x[a]); x[d] = self.r(x[d],  8)
x[c] = self.z(x[c], x[d]); x[b] = (x[b] ^ x[c]); x[b] = self.r(x[b],  7)
return x
def core(self):
x = self.skey[:]
for r in range(0, self.rs / 2):
x = self.qrrd(x, 0, 4,  8, 12)
x = self.qrrd(x, 1, 5,  9, 13)
x = self.qrrd(x, 2, 6, 10, 14)
x = self.qrrd(x, 3, 7, 11, 15)
# rows vs cols
x = self.qrrd(x, 0, 5, 10, 15)
x = self.qrrd(x, 1, 6, 11, 12)
x = self.qrrd(x, 2, 7,  8, 13)
x = self.qrrd(x, 3, 4,  9, 14)
for i in range(0, 16):
x[i] = self.z(x[i], self.skey[i])
return x
def cipher(self, m):
while ((len(m) % 64) != 0):
m += chr(0)
i = 0; l = len(m)
o = ""
while ((i + 63) < l):
s = self.core()
j = 0
while ((j + 3) < 64):
o += self.u(m, j, s, j / 4)
j += 4
self.skey[12] = self.z(self.skey[12], 1)
if (self.skey[12] == 0):
self.skey[13] += 1
i += 64
return o
c = chacha(hashlib.sha256("abc").digest())
e = c.cipher("def");print("",e)
c = chacha(hashlib.sha256("abc").digest())
d = c.cipher(e);print("",d.strip("\0"))

```

My Rough/Slow Version Of Daniel J. Bernstein’s Elliptic Curve25519 Used For ECC-DHKE-ElGamal Pub/Pri Key Enc/Dec In Py & JS

Edit: I need to verify the math on the code below and optimize it as much as possible!

The message being encrypted by the public key and decrypted by the private key is [71, 73], as you can see below, in both Python and JavaScript.

Output:

```point=[31338, 27137639241784266545116051737587625422240160049866585375429726394143891718199] ((y^2)%p)=508712386423338 == curve(x)=508712386423338
pub=[53977350860898987307302427493695333251161207860469554940047122752933735592647, 26210366092361168208973994509836336790598036553932356811338803611050445452207]
& [1445723211146282456267893060679523547963682350054864882998693087748930328718927, 2685102703073507930430754637571136937637097240643254035250750702470189871650545]
mesg=[71, 73]
time=254 ms
```

JS:

```<script src="jsbn.js"></script>
<script src="jsbn2.js"></script>
<script>
var c = new BigInteger("486662", 10);
var p = new BigInteger("57896044618658097711785492504343953926634992332820282019728792003956564819949", 10);
var two = new BigInteger("2", 10);
var three = new BigInteger("3", 10);

function safe_sub(a, p)
{
if (a.compareTo(BigInteger.ZERO) < 0)
{
var r = a.abs().divide(p);
if (a.compareTo(BigInteger.ZERO) < 0)
{
}
}
return a;
}

{
var ys = safe_sub(q[1].subtract(r[1]), p);
var xs = safe_sub(q[0].subtract(r[0]), p);
var s = ys.multiply(xs.modInverse(p)).mod(p);
var rx = s.modPow(two, p);
rx = safe_sub(rx.subtract(q[0]), p);
rx = safe_sub(rx.subtract(r[0]), p);
var rp = safe_sub(q[0].subtract(rx), p);
var ry = safe_sub(s.multiply(rp).mod(p).subtract(q[1]), p);
return [rx, ry];
}

function point_dub(a, q, p)
{
var ttt = three.multiply(q[0].modPow(two, p)).mod(p);
var tt = two.multiply(q[1]).mod(p);
tt = two.multiply(q[0]).mod(p);
var rx = safe_sub(s.modPow(two, p).subtract(tt), p);
var rp = safe_sub(q[0].subtract(rx), p);
var ry = safe_sub(s.multiply(rp).mod(p).subtract(q[1]), p);
return [rx, ry];
}

function point_mul(n, q, p)
{
//if(this.isInfinity()) return this;
//if(k.signum() == 0) return this.curve.getInfinity();

var e = n;
var h = e.multiply(three);

var neg = [q[0], safe_sub(q[1].negate(), p)];
var R = q;

var i;
for (i = (h.bitLength() - 2); i > 0; --i)
{
R = point_dub(BigInteger.ONE, R, p);

var hBit = h.testBit(i);
var eBit = e.testBit(i);

if (hBit != eBit)
{
R = point_add(hBit ? q : neg, R, p);
}
}

return R;
}

function ord_r(r, n)
{
var k = three;
while (1)
{
if (n.modPow(k, r).equals(BigInteger.ONE))
{
return k;
}
}
}

function ifrexp(x)
{
var e = BigInteger.ZERO;
while (x.mod(two).equals(BigInteger.ZERO))
{
x = x.divide(two);
}
return [x, e];
}

function tonelli(a, p)
{
var pmo = p.subtract(BigInteger.ONE);
if (a.modPow(pmo.divide(two), p).equals(pmo))
{
return -1;
}
var t = ifrexp(pmo);
var s = t[0], e = t[1];
var n = two;
while (n.compareTo(p) < 0)
{
if (n.modPow(pmo.divide(two), p).equals(pmo))
{
break;
}
}
var b = a.modPow(s, p);
var g = n.modPow(s, p);
var r = e;
while (1)
{
var m = BigInteger.ZERO;
while (m.compareTo(r) < 0)
{
if (ord_r(p, b).equals(two.pow(m)))
{
break;
}
{
break;
}
}
if (m.equals(BigInteger.ZERO))
{
return x;
}
var pmi = two.pow(r.subtract(m).subtract(BigInteger.ONE));
x = x.multiply(g.modPow(pmi, p)).mod(p);
pmi = two.pow(r.subtract(m));
g = g.modPow(pmi, p);
b = b.multiply(g).mod(p);
if (b.equals(BigInteger.ONE))
{
return x;
}
r = m;
}
return -1;
}

function curve_25519(x, p)
{
}

var i = new BigInteger("31337", 10);
var pnt = null
while (pnt == null)
{
var q = [i, curve_25519(i, p)];
if (q[1] == -1)
{
continue;
}
var y = q[1].modPow(two, p);
if (x.equals(y))
{
pnt = q;
document.write("point=["+pnt[0].toString(10)+", "+pnt[1].toString(10)+"] ((y^2)%p)="+y.toString(10)+" == "+"curve(x)="+x.toString(10)+"<br>");
}
}

var m = new BigInteger("71", 10);
var n = new BigInteger("73", 10);

var nta = new Date().getTime();

var a = new BigInteger("23002347587565544268625339214141417360725798840824195817183950850507406831337", 10);
var aG = point_mul(a, pnt, p);

var b = new BigInteger("33951982198225404751798578318443600923434009233142787987410481710685782131337", 10);
var bG = point_mul(b, pnt, p);
var baG = point_mul(b, aG, p);

var mbaG = [m.multiply(baG[0]), n.multiply(baG[1])];

var abG = point_mul(a, bG, p);

var ntb = new Date().getTime();

document.write("pub=["+bG[0]+", "+bG[1]+"]<br> & ["+mbaG[0]+", "+mbaG[1]+"]<br>"+"mesg=["+mbaG[0].divide(abG[0]).toString(10)+", "+mbaG[1].divide(abG[1]).toString(10)+"]<br>"+"time="+(ntb-nta)+" ms<br>");
</script>

```

Output:

```('point', [31338, 27137639241784266545116051737587625422240160049866585375429726394143891718199L], 'y^2%p=', 508712386423338L, '==', 'curve(x)', 508712386423338L)
pub=[53977350860898987307302427493695333251161207860469554940047122752933735592647L, 26210366092361168208973994509836336790598036553932356811338803611050445452207L]
& [1445723211146282456267893060679523547963682350054864882998693087748930328718927L, 2685102703073507930430754637571136937637097240643254035250750702470189871650545L]
mesg=[71, 73]
time=145.143032074 ms
```

Py:

```import time

p = (pow(2, 255) - 19)

def egcd(a, b):
if (a == 0):
return (b, 0, 1)
else:
(g, y, x) = egcd(b % a, a)
return (g, x - (b / a) * y, y)

def inv_mod(a, m):
(g, x, y) = egcd(a, m)
if (g != 1):
return -1
else:
return (x % m)

def pow_mod(b, e, m):
r = 1
b = (b % m)
while (e > 0):
if ((e % 2) == 1):
r = ((r * b) % m)
e = (e / 2)
b = ((b * b) % m)
return r

def safe_sub(a, p):
if (a < 0):
a += ((abs(a) / p) * p)
if (a < 0):
a += p
return a

ys = safe_sub(q[1] - r[1], p)
xs = safe_sub(q[0] - r[0], p)
s = ((ys * inv_mod(xs, p)) % p)
rx = pow_mod(s, 2, p)
rx = safe_sub(rx - q[0], p)
rx = safe_sub(rx - r[0], p)
rp = safe_sub(q[0] - rx, p)
ry = safe_sub(((s * rp) % p) - q[1], p)
return [rx, ry]

def point_dub(a, q, p):
ttt = ((3 * pow_mod(q[0], 2, p)) % p)
tt = ((2 * q[1]) % p)
s = (((ttt + a) * inv_mod(tt, p)) % p)
tt = ((2 * q[0]) % p)
rx = safe_sub(pow_mod(s, 2, p) - tt, p)
rp = safe_sub(q[0] - rx, p)
ry = safe_sub(((s * rp) % p) - q[1], p)
return [rx, ry]

def zpoint_mul(n, q, p):
r = q; m = 1
h = [[m, r]]; l = 1
while (m < n):
t = (m * 2)
if (t <= n):
r = point_dub(1, r, p); m = t
h.append([m, r]); l += 1
else:
x = (l - 1)
while (x > -1):
while (m < n):
t = (m + h[x][0])
if (t <= n):
r = point_add(h[x][1], r, p); m = t
else:
break
x -= 1
return r

def bitleng(a):
b = 0
while (a > 0):
a = (a / 2)
b += 1
return b

def testbit(a, b):
if ((a & pow(2, b)) > 0):
return 1
return 0

def point_mul(n, q, p):
#if(this.isInfinity()) return this;
#if(k.signum() == 0) return this.curve.getInfinity();

e = n
h = (e * 3)

neg = [q[0], safe_sub(-1 * q[1], p)]
R = q

i = (bitleng(h) - 2)
while (i > 0):
R = point_dub(1, R, p)

hBit = testbit(h, i)
eBit = testbit(e, i)

if (hBit != eBit):
if (hBit):
else:

i -= 1

return R

def ord_r(r, n):
k = 3
while (1):
if (pow_mod(n, k, r) == 1):
return k
k += 1

def ifrexp(x):
e = 0
while ((x % 2) == 0):
x /= 2
e += 1
return (x, e)

def tonelli(a, p):
if (pow_mod(a, (p - 1) / 2, p) == (p - 1)):
raise ValueError("no sqrt possible")
(s, e) = ifrexp(p - 1)
n = 2
while (n < p):
if (pow_mod(n, (p - 1) / 2, p) == (p - 1)):
break
n += 1
x = pow_mod(a, (s + 1) / 2, p)
b = pow_mod(a, s, p)
g = pow_mod(n, s, p)
r = e
while (1):
m = 0
while (m < r):
if (ord_r(p, b) == pow(2, m)):
break
if ((m + 1) == r):
break
m += 1
if (m == 0):
return x
x = ((x * pow_mod(g, pow(2, (r - m - 1)), p)) % p)
g = pow_mod(g, pow(2, (r - m)), p)
b = ((b * g) % p)
if (b == 1):
return x
r = m
return -1

def curve_25519(x, p):
y2 = ((pow_mod(x, 3, p) + (486662 * pow_mod(x, 2, p)) + x) % p)

i = 31337
pnt = None
while (pnt == None):
try:
q = [i, curve_25519(i, p)]
except:
i += 1
continue
x = ((pow_mod(q[0], 3, p) + (486662 * pow_mod(q[0], 2, p)) + q[0]) % p)
y = pow_mod(q[1], 2, p)
if (x == y):
print("point",q,"y^2%p=",y,"==","curve(x)",x)
pnt = q
i += 1

m = 71; n = 73

x = time.time()

a = 23002347587565544268625339214141417360725798840824195817183950850507406831337
aG = point_mul(a, pnt, p)

b = 33951982198225404751798578318443600923434009233142787987410481710685782131337
bG = point_mul(b, pnt, p)
baG = point_mul(b, aG, p)

mbaG = [m * baG[0], n * baG[1]]

abG = point_mul(a, bG, p)

y = time.time()

print("pub=%s\n & %s\nmesg=[%d, %d]\ntime=%s ms" % (bG, mbaG, mbaG[0] / abG[0], mbaG[1] / abG[1], (y - x) * 1000))

```

A new project: Secure Email [S-Mail]

So I’ve recently started a new, open-source project called S-Mail. It’s is an attempt to create a standard email service (based on standard postfix/SMTP) but also provide a web front end for secure email delivery. Upon joining, a 2048 bit RSA key pair is generated (via JavaScript) and the private key is encrypted with AES-256-CBC with the SHA256 hash of your password. The server stores your public key, a triple SHA256 hash of your password (so it doesn’t have your encryption key), and your encrypted private key. When an external email is received, it is encrypted with your public key and stored only in that format. When sending a local email, the server sends the recipient’s public key to you so that you can encrypt it locally first before sending it. You can also verify the key identities of the recipients by verifying the little word phrases which summarize your public key.

This service is really lacking features as it is the most basic start of a project possible but I’m attempting to at least develop a basic framework that people could theoretically use to exchange secure messages without having to exchange asymmetric keys. The “key” to making this system work includes choosing a strong passphrase to begin with and verifying a recipient’s key id.

The source code: Fossjon GitHub S-Mail

Below are some screenshots of the service working:

Joining

Empty inbox