/*
* Is a guessed key correct?
*/
static int correct(PTW_attackstate * state, unsigned char * key, int keylen) {
int i;
int j;
int k;
unsigned char keybuf[PTW_KSBYTES];
rc4state rc4state;
// We need at least 3 sessions to be somehow certain
if (state->sessions_collected < 3) {
return 0;
}
tried++;
k = rand()%(state->sessions_collected-10);
for ( i=k; i < k+10; i++) {
memcpy(&keybuf[IVBYTES], key, keylen);
memcpy(keybuf, state->sessions[i].iv, IVBYTES);
rc4init(keybuf, keylen+IVBYTES, &rc4state);
for (j = 0; j < TESTBYTES; j++) {
if ((rc4update(&rc4state) ^ state->sessions[i].keystream[j]) != 0) {
return 0;
}
}
}
return 1;
}
void addRound(uint8_t * key, PTW_attackstate * state) {
int j;
uint8_t iv[3];
uint8_t ks[KEYBYTES];
rc4state rc4s;
for (j = 0; j < IVBYTES; j++) {
key[j] = rand()%n;
iv[j] = key[j];
}
rc4init(key, KEYBYTES, &rc4s);
for (j = 0; j < KEYBYTES; j++) {
ks[j] = rc4update(&rc4s);
}
PTW_addsession(state, iv, ks);
return;
}
/*
* Is a guessed key correct?
*/
static int correct(PTW_attackstate * state, uint8_t * key, int keylen) {
int i;
int j;
uint8_t keybuf[PTW_KSBYTES];
rc4state rc4state;
for (i = 0; i < state->sessions_collected; i++) {
memcpy(&keybuf[IVBYTES], key, keylen);
memcpy(keybuf, state->sessions[i].iv, IVBYTES);
rc4init(keybuf, keylen+IVBYTES, &rc4state);
for (j = 0; j < TESTBYTES; j++) {
if ((rc4update(&rc4state) ^ state->sessions[i].keystream[j]) != 0) {
return 0;
}
}
}
return 1;
}
