예제 #1
0
/*
 * Add a new session to the attack
 * state - state of attack
 * iv - IV used in the session
 * keystream - recovered keystream from the session
 */
int PTW_addsession(PTW_attackstate * state, uint8_t * iv, uint8_t * keystream) {
	int i;
	int il;
	int ir;
	uint8_t buf[PTW_KEYHSBYTES];

	i = (iv[0] << 16) | (iv[1] << 8) | (iv[2]);
	il = i/8;
	ir = 1 << (i%8);
	if ((state->seen_iv[il] & ir) == 0) {
		state->packets_collected++;
		state->seen_iv[il] |= ir;
		guesskeybytes(iv, keystream, buf, PTW_KEYHSBYTES);
                for (i = 0; i < KEYHSBYTES; i++) {
                	state->table[i][buf[i]].votes++;
                }
		if (state->sessions_collected < CONTROLSESSIONS) {
			memcpy(state->sessions[state->sessions_collected].iv, iv, IVBYTES);
			memcpy(state->sessions[state->sessions_collected].keystream, keystream, KSBYTES);
			state->sessions_collected++;
		}
		return 1;
	} else {
		return 0;
	}
}
예제 #2
0
	/*
	* Add a new session to the attack
	* state - state of attack
	* iv - IV used in the session
	* keystream - recovered keystream from the session
	*/
	int PTW_addsession(PTW_attackstate * state, unsigned char * iv, unsigned char * keystream, int * weight, int total) {
		int i,j;
		int il;
		int ir;
		unsigned char buf[PTW_KEYHSBYTES];

		i = (iv[0] << 16) | (iv[1] << 8) | (iv[2]);
		il = i/8;
		ir = 1 << (i%8);
		if ((state->seen_iv[il] & ir) == 0) 
		{
			state->seen_iv[il] |= ir;
			for (j = 0; j < total; j++) 
			{
				state->packets_collected++;
				guesskeybytes(IVBYTES, iv, &keystream[KSBYTES*j], buf, PTW_KEYHSBYTES);
				for (i = 0; i < PTW_KEYHSBYTES; i++) 
				{
					state->table[i][buf[i]].votes += weight[j];
				}
				if (state->allsessions_size < state->packets_collected) 
				{
					state->allsessions_size = state->allsessions_size << 1;
					state->allsessions = (PTW_session*)realloc(state->allsessions, state->allsessions_size * sizeof(PTW_session));
					if (state->allsessions == NULL) 
					{
						printf("could not allocate memory\n");
						exit(-1);
					}
				}
				memcpy(state->allsessions[state->packets_collected-1].iv, iv, IVBYTES);
				memcpy(state->allsessions[state->packets_collected-1].keystream, &keystream[KSBYTES*j], KSBYTES);
				state->allsessions[state->packets_collected-1].weight = weight[j];
			}
			if ((state->sessions_collected < CONTROLSESSIONS)) 
			{
				memcpy(state->sessions[state->sessions_collected].iv, iv, IVBYTES);
				memcpy(state->sessions[state->sessions_collected].keystream, keystream, KSBYTES);
				state->sessions_collected++;
			}

			return 1;
		}
		else 
		{
			return 0;
		}
	}
예제 #3
0
	/*
	* Guess which key bytes could be strong and start actual computation of the key
	*/
	int PTW_computeKey(PTW_attackstate * state, unsigned char * keybuf, int keylen, int testlimit, int * bf, int validchars[][n], int attacks) {
		int strongbytes[PTW_KEYHSBYTES];
		double normal[PTW_KEYHSBYTES];
		double ausreisser[PTW_KEYHSBYTES];
		doublesorthelper helper[PTW_KEYHSBYTES];
		int simple, onestrong, twostrong;
		int i,j;
		unsigned char fullkeybuf[PTW_KSBYTES];
		unsigned char guessbuf[PTW_KSBYTES];
		sorthelper(*sh)[n-1];
		PTW_tableentry (*table)[n] = (PTW_tableentry (*)[n])alloca(sizeof(PTW_tableentry) * n * keylen);

		tried=0;
		sh = NULL;

		if (table == NULL) {
			printf("could not allocate memory\n");
			exit(-1);
		}

		if(!(attacks & NO_KLEIN))
		{
			// Try the original klein attack first
			for (i = 0; i < keylen; i++) {
				memset(&table[i][0], 0, sizeof(PTW_tableentry) * n);
				for (j = 0; j < n; j++) {
					table[i][j].b = j;
				}
				for (j = 0; j < state->packets_collected; j++) {
					// fullkeybuf[0] = state->allsessions[j].iv[0];
					memcpy(fullkeybuf, state->allsessions[j].iv, 3 * sizeof(unsigned char));
					guesskeybytes(i+3, fullkeybuf, state->allsessions[j].keystream, guessbuf, 1);
					table[i][guessbuf[0]].votes += state->allsessions[j].weight;
				}
				qsort(&table[i][0], n, sizeof(PTW_tableentry), &compare);
				j = 0;
				while(!validchars[i][table[i][j].b]) {
					j++;
				}
				// printf("guessing i = %d, b = %d\n", i, table[0][0].b);
				fullkeybuf[i+3] = table[i][j].b;
			}
			if (correct(state, &fullkeybuf[3], keylen)) {
				memcpy(keybuf, &fullkeybuf[3], keylen * sizeof(unsigned char));
				// printf("hit without correction\n");
				return 1;
			}
		}


		if(!(attacks & NO_PTW))
		{
			memcpy(table, state->table, sizeof(PTW_tableentry) * n * keylen);

			onestrong = (testlimit/10)*2;
			twostrong = (testlimit/10)*1;
			simple = testlimit - onestrong - twostrong;

			// now, sort the table
			for (i = 0; i < keylen; i++) {
				qsort(&table[i][0], n, sizeof(PTW_tableentry), &compare);
				strongbytes[i] = 0;
			}

			sh = (sorthelper(*)[n-1])alloca(sizeof(sorthelper) * (n-1) * keylen);
			if (sh == NULL) {
				printf("could not allocate memory\n");
				exit(-1);
			}


			for (i = 0; i < keylen; i++) {
				for (j = 1; j < n; j++) {
					sh[i][j-1].distance = table[i][0].votes - table[i][j].votes;
					sh[i][j-1].value = table[i][j].b;
					sh[i][j-1].keybyte = i;
				}
			}
			qsort(sh, (n-1)*keylen, sizeof(sorthelper), &comparesorthelper);


			if (doComputation(state, keybuf, keylen, table, (sorthelper *) sh, strongbytes, simple, bf, validchars)) {
				return 1;
			}

			// Now one strong byte
			getdrv(state->table, keylen, normal, ausreisser);
			for (i = 0; i < keylen-1; i++) {
				helper[i].keybyte = i+1;
				helper[i].difference = normal[i+1] - ausreisser[i+1];
			}
			qsort(helper, keylen-1, sizeof(doublesorthelper), &comparedoublesorthelper);
			// do not use bf-bytes as strongbytes
			i = 0;
			while(bf[helper[i].keybyte] == 1) {
				i++;
			}
			strongbytes[helper[i].keybyte] = 1;
			if (doComputation(state, keybuf, keylen, table, (sorthelper *) sh, strongbytes, onestrong, bf, validchars)) {
				return 1;
			}

			// two strong bytes
			i++;
			while(bf[helper[i].keybyte] == 1) {
				i++;
			}
			strongbytes[helper[i].keybyte] = 1;
			if (doComputation(state, keybuf, keylen, table, (sorthelper *) sh, strongbytes, twostrong, bf, validchars)) {
				return 1;
			}
		}
		return 0;
	}