Skip to content

Instantly share code, notes, and snippets.

View jedisct1's full-sized avatar

Frank Denis jedisct1

4.1k followers · 186 following
View GitHub Profile
@jedisct1
jedisct1 / bunnycdn_length_extension_demo.py
Created October 23, 2025 07:32
#!/usr/bin/env python3
"""
Demonstrate a length extension attack against tokens computed as
SHA256(secret || signed_url || expiration || remote_ip || query_string).
"""
import base64
import hashlib
import struct
import urllib.parse
@jedisct1
jedisct1 / foo.v
Created October 20, 2025 08:23
(**
This Coq proof formally verifies that the EGCD algorithm implemented in egcd.zig
correctly computes the GCD and Bezout coefficients for all inputs.
PROVEN PROPERTIES:
1. Termination: The algorithm terminates for all inputs
2. Bezout Identity: a*x + b*y = gcd(a,b) for all inputs
3. GCD Correctness: The result matches Coq's standard library Z.gcd
4. Type Coverage: Works for ALL Zig integer types (u0 to u65534, i0 to i65534)
*)
@jedisct1
jedisct1 / bench_gcd.zig
Created October 13, 2025 07:56
const std = @import("std");
// Old implementation (current master)
fn gcd_old(a: anytype, b: anytype) @TypeOf(a, b) {
const N = switch (@TypeOf(a, b)) {
comptime_int => std.math.IntFittingRange(@min(a, b), @max(a, b)),
else => |T| T,
};
if (@typeInfo(N) != .int or @typeInfo(N).int.signedness != .unsigned) {
@compileError("`a` and `b` must be unsigned integers");
@jedisct1
jedisct1 / ccm.zig
Created October 8, 2025 08:25
const std = @import("std");
const crypto = std.crypto;
const mem = std.mem;
const debug = std.debug;
const modes = crypto.core.modes;
const AuthenticationError = crypto.errors.AuthenticationError;
const cbc_mac = @import("cbc_mac.zig");
/// CCM (Counter with CBC-MAC) authenticated encryption mode
/// RFC 3610: https://www.rfc-editor.org/rfc/rfc3610
@jedisct1
jedisct1 / cbc_mac.zig
Created October 8, 2025 08:25
const std = @import("std");
const crypto = std.crypto;
const mem = std.mem;
/// CBC-MAC (Cipher Block Chaining Message Authentication Code)
///
/// CBC-MAC is a simple MAC construction: MAC = Encrypt(prev_mac XOR block)
/// Unlike CMAC (RFC 4493), CBC-MAC does not derive subkeys or perform special
/// final block processing. It is less secure than CMAC (vulnerable to length
/// extension attacks), but is required by certain standards like CCM (RFC 3610).
@jedisct1
jedisct1 / fastly-block.sh
Created July 31, 2025 08:14
Block all connections to Fastly
#! /bin/sh
IPV4_RANGES=(
"23.235.32.0/20"
"43.249.72.0/22"
"103.244.50.0/24"
"103.245.222.0/23"
"103.245.224.0/24"
"104.156.80.0/20"
"140.248.64.0/18"
@jedisct1
jedisct1 / anthropic_oauth.py
Created June 22, 2025 21:13 — forked from changjonathanc/anthropic_oauth.py
Anthropic OAuth CLI - Simplified Claude Code spoof demo
#!/usr/bin/env python3
import argparse
import base64
import hashlib
import json
import os
import secrets
import sys
import time
@jedisct1
jedisct1 / sign.go
Last active February 13, 2025 09:34
SIgning a CSR in Go, for mTLS (using ECDSA keys)
// Create a key pair for the app and a CSR:
// $ openssl ecparam -genkey -name prime256v1 -out application.key
// $ openssl req -new -sha256 -key application.key -out request.csr
package main
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
@jedisct1
jedisct1 / foo.go
Last active January 3, 2025 18:01
package main
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"fmt"
"log"
"os"
@jedisct1
jedisct1 / b.rs
Last active September 17, 2024 14:48
// Cargo.toml:
// [dependencies]
// boring = { package = "superboring", version = "0.1.2" }
fn main() -> Result<(), Box<dyn std::error::Error>> {
// Ciphertext
let ciphertext = include_bytes!("signed_message.bin");
// Unencrypted RSA private key in PEM format
let rsa_pem = include_str!("sessionprivatekey.pem");