/* * Is a guessed key correct? */ static int correct(PTW_attackstate * state, unsigned char * key, int keylen) { int i; int j; int k; unsigned char keybuf[PTW_KSBYTES]; rc4state rc4state; // We need at least 3 sessions to be somehow certain if (state->sessions_collected < 3) { return 0; } tried++; k = rand()%(state->sessions_collected-10); for ( i=k; i < k+10; i++) { memcpy(&keybuf[IVBYTES], key, keylen); memcpy(keybuf, state->sessions[i].iv, IVBYTES); rc4init(keybuf, keylen+IVBYTES, &rc4state); for (j = 0; j < TESTBYTES; j++) { if ((rc4update(&rc4state) ^ state->sessions[i].keystream[j]) != 0) { return 0; } } } return 1; }
void addRound(uint8_t * key, PTW_attackstate * state) { int j; uint8_t iv[3]; uint8_t ks[KEYBYTES]; rc4state rc4s; for (j = 0; j < IVBYTES; j++) { key[j] = rand()%n; iv[j] = key[j]; } rc4init(key, KEYBYTES, &rc4s); for (j = 0; j < KEYBYTES; j++) { ks[j] = rc4update(&rc4s); } PTW_addsession(state, iv, ks); return; }
/* * Is a guessed key correct? */ static int correct(PTW_attackstate * state, uint8_t * key, int keylen) { int i; int j; uint8_t keybuf[PTW_KSBYTES]; rc4state rc4state; for (i = 0; i < state->sessions_collected; i++) { memcpy(&keybuf[IVBYTES], key, keylen); memcpy(keybuf, state->sessions[i].iv, IVBYTES); rc4init(keybuf, keylen+IVBYTES, &rc4state); for (j = 0; j < TESTBYTES; j++) { if ((rc4update(&rc4state) ^ state->sessions[i].keystream[j]) != 0) { return 0; } } } return 1; }