int main(int argc, char *argv[]) {
u_char input[4096]; // The input data
u_char output[4096]; // The output
int msglength = strlen(argv[1]);
strncpy((char *) input, argv[1], 4096);
u_char key[]= {0x01,0x02,0x03,0x04,0x05,0x06,0x07, 0x08}; // The encryption/decryption key
// se puede cambiar la Key a cualquiera que esté en los vectores de prueba de
int keylength = sizeof(key)/sizeof(key[0]);
// encrypt
rc4(key, input, output, keylength, msglength);
int i = 0;
printf("\n\n--- Encryption ---");
printf("\nOutput:\n");
for(i=0; i<msglength; i++) {
if(i%16==0) {
printf("\n");
printf("%d:\t", i);
}
if(output[i]<16)
printf("0%0x ", output[i]);
else
printf("%0x ", output[i]);
}
printf("\n");
// decrypt
rc4(key, output, input, keylength,msglength);
printf("\n\n--- Decryption ---");
printf("\nOutput:\n");
printf("%s\n", input);
exit(0);
}
bool online_attack(){
//random select a key and IV and run the initial phase
ECRYPT_ctx_reduce* ctx_reduce=new ECRYPT_ctx_reduce;
u8* key_R=new u8[4]();
u8* IV_R=new u8[3]();
for(int i=0;i<4;i++){
key_R[i]= rc4();
}
for(int i=0;i<3;i++){
IV_R[i]= rc4();
}
ECRYPT_keysetup_reduce(ctx_reduce,key_R,32,24);
ECRYPT_ivsetup_reduce(ctx_reduce,IV_R);
//initial phase complete, start to collect sets A and B
start_cal();
double time[4]={0};
bool res=collect_sets(ctx_reduce,1,12);
end_cal(time);
printf("Time: %d hours, %d minutes, %f seconds.\n\n", (int)time[0],(int)time[1],time[2]);
//测试时刻和保存的内部状态,以及输出的密钥流是否对得上
delete [] key_R;
delete [] IV_R;
//delete ctx_reduce;
return res;
}
int main(void){
B e,stream[64]={0};
ctx c;
// set key
rc4(0,key,&c);
rc4(sizeof(stream),stream,&c);
e=(memcmp(stream,s1,64)==0);
printf("RC4 Test: %s\n",e?"OK":"FAILED");
return 0;
}
bool
wpa_encr_key_data(eapol_wpa_key_header_t *body, uint16 key_info, uint8 *ekey,
uint8 *gtk, uint8 *data, uint8 *encrkey, rc4_ks_t *rc4key)
{
uint16 len;
switch (key_info & (WPA_KEY_DESC_V1 | WPA_KEY_DESC_V2)) {
case WPA_KEY_DESC_V1:
if (gtk)
len = ntoh16_ua((uint8 *)&body->key_len);
else
len = ntoh16_ua((uint8 *)&body->data_len);
/* create the iv/ptk key */
bcopy(body->iv, encrkey, 16);
bcopy(ekey, &encrkey[16], 16);
/* encrypt the key data */
prepare_key(encrkey, 32, rc4key);
rc4(data, WPA_KEY_DATA_LEN_256, rc4key); /* dump 256 bytes */
rc4(body->data, len, rc4key);
break;
case WPA_KEY_DESC_V2:
case WPA_KEY_DESC_V3:
len = ntoh16_ua((uint8 *)&body->data_len);
/* pad if needed - min. 16 bytes, 8 byte aligned */
/* padding is 0xdd followed by 0's */
if (len < 2*AKW_BLOCK_LEN) {
body->data[len] = WPA2_KEY_DATA_PAD;
bzero(&body->data[len+1], 2*AKW_BLOCK_LEN - (len+1));
len = 2*AKW_BLOCK_LEN;
} else if (len % AKW_BLOCK_LEN) {
body->data[len] = WPA2_KEY_DATA_PAD;
bzero(&body->data[len+1], AKW_BLOCK_LEN - ((len+1) % AKW_BLOCK_LEN));
len += AKW_BLOCK_LEN - (len % AKW_BLOCK_LEN);
}
if (aes_wrap(WPA_MIC_KEY_LEN, ekey, len, body->data, body->data)) {
return FALSE;
}
len += 8;
hton16_ua_store(len, (uint8 *)&body->data_len);
break;
default:
return FALSE;
}
return TRUE;
}
int main()
{
RC4 rc4;
for(int i = 0; i < 1024*10; ++i)
printf("%02X", rc4());
printf("\n");
return 0;
}
void CQTTDemoView::InitSillyObjects(void)
{
CString s(_T("Test"));
CString sFont(_T("Georgia"));
FontFamily ff(sFont.AllocSysString());
StringFormat sf;
Point p(200, 200);
MakeStarPath(m_Paths[PATH_MULTI_STAR], 7, 40, 120);
//Matrix mat;
m_Matrixs[PATH_MULTI_STAR] = new Matrix();
//mat.Translate(700, 150);
m_Matrixs[PATH_MULTI_STAR]->Translate(700, 150);
m_Paths[PATH_MULTI_STAR].Transform(m_Matrixs[PATH_MULTI_STAR]);
MakeSmiley(m_Paths[PATH_SMILE]);
//mat.Reset();
m_Matrixs[PATH_SMILE] = new Matrix();
//mat.Translate(400, 300);
m_Matrixs[PATH_SMILE]->Translate(400, 300);
//mat.Scale(0.2f, 0.2f);
m_Matrixs[PATH_SMILE]->Scale(0.2f, 0.2f);
//mat.Rotate(- 15.0f);
m_Matrixs[PATH_SMILE]->Rotate(- 15.0f);
m_Paths[PATH_SMILE].Transform(m_Matrixs[PATH_SMILE]);
Rect rc2(120, 80, 160, 65);
m_Matrixs[PATH_RECTANGLE] = new Matrix();
m_Paths[PATH_RECTANGLE].Reset();
m_Paths[PATH_RECTANGLE].AddRectangle(rc2);
m_Matrixs[PATH_TEXT] = new Matrix();
m_Paths[PATH_TEXT].Reset();
m_Paths[PATH_TEXT].AddString(s.AllocSysString(), s.GetLength(), &ff, FontStyleBold, 100.0F, p, & sf);
Rect rc4(420, -240, 120, 265);
m_Paths[PATH_ELLIPSE].Reset();
m_Paths[PATH_ELLIPSE].AddEllipse(rc4);
//mat.Reset();
m_Matrixs[PATH_ELLIPSE] = new Matrix();
//mat.Rotate(30.0f);
m_Matrixs[PATH_ELLIPSE]->Rotate(30.0f);
m_Paths[PATH_ELLIPSE].Transform(m_Matrixs[PATH_ELLIPSE]);
MakeStarPath(m_Paths[PATH_STAR], 5, 12, 60);
//mat.Reset();
m_Matrixs[PATH_STAR] = new Matrix();
//mat.Translate(224, 320);
m_Matrixs[PATH_STAR]->Translate(224, 320);
m_Paths[PATH_STAR].Transform(m_Matrixs[PATH_STAR]);
MakeImagePath(m_Paths[PATH_IMAGE]);
m_Matrixs[PATH_IMAGE] = new Matrix();
m_Matrixs[PATH_IMAGE]->Translate(0,0);
//m_Matrixs[PATH_IMAGE]->Translate(106/2,76/2);
//m_Matrixs[PATH_IMAGE]->Translate(34,59);
}
static u16 auth_shared_key(hostapd *hapd, struct sta_info *sta,
u16 auth_transaction, u8 *challenge, int iswep)
{
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_DEBUG,
"authentication (shared key, transaction %d)",
auth_transaction);
if (auth_transaction == 1) {
if (!sta->challenge) {
/* Generate a pseudo-random challenge */
u8 key[8];
time_t now;
int r;
sta->challenge = malloc(WLAN_AUTH_CHALLENGE_LEN);
if (!sta->challenge)
return WLAN_STATUS_UNSPECIFIED_FAILURE;
memset(sta->challenge, 0, WLAN_AUTH_CHALLENGE_LEN);
now = time(NULL);
r = random();
memcpy(key, &now, 4);
memcpy(key + 4, &r, 4);
rc4(sta->challenge, WLAN_AUTH_CHALLENGE_LEN,
key, sizeof(key));
}
return 0;
}
if (auth_transaction != 3)
return WLAN_STATUS_UNSPECIFIED_FAILURE;
/* Transaction 3 */
if (!iswep || !sta->challenge || !challenge ||
memcmp(sta->challenge, challenge, WLAN_AUTH_CHALLENGE_LEN)) {
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_INFO,
"shared key authentication - invalid "
"challenge-response");
return WLAN_STATUS_CHALLENGE_FAIL;
}
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_DEBUG,
"authentication OK (shared key)");
#ifdef IEEE80211_REQUIRE_AUTH_ACK
/* Station will be marked authenticated if it ACKs the
* authentication reply. */
#else
sta->flags |= WLAN_STA_AUTH;
wpa_sm_event(hapd, sta, WPA_AUTH);
#endif
free(sta->challenge);
sta->challenge = NULL;
return 0;
}
void average_fixed_pos_E_KSDC(u32 d,u32 num_ISD){
double average_E_KSDC_pos_num=0.0;
for(int D=1;D<=num_ISD;D++){
//randomly induce the differences to d positions. NFSR:0~79,LFSR:80~159
u32* pos=new u32[d]();
for(int j=0;j<d;j++){
//pos[j]=rc4() % 160;
//pos[j]=(rc4() % 80)+80; //只给LFSR中引入差分
//pos[j]=(rc4() % 80); //只给NFSR中引入差分
//pos[j]=(rc4() % 40)+80; //只給LFSR的左半部分引入差分 80-119
pos[j]=(rc4() % 40)+120; //只给LFSR的右半部分引入差分 120-159
while(isExist(pos,j,pos[j])) //to ensure the non-duplicated positions
//pos[j]=rc4() % 160;
//pos[j]=(rc4() % 80)+80; //只给LFSR中引入差分
//pos[j]=(rc4() % 80); //只给NFSR中引入差分
//pos[j]=(rc4() % 40)+80; //只給LFSR的左半部分引入差分 80-119
pos[j]=(rc4() % 40)+120; //只给LFSR的右半部分引入差分 120-159
}
// induce the differece to selected position
u8 ISD[LEN];
for(int j=0;j<LEN;j++){
ISD[j]=0;
}
for(int j=0;j<d;j++){
u32 p=posIdx(pos[j]);
u32 r=rotateIdx(pos[j]);
ISD[p]=ISD[p]^(1<<r);
}
// generate E-KSDC and record the number of fixed positions
ECRYPT_ctx ctx;
ctx.keysize=80;
ctx.ivsize=64;
ECRYPT_grain_state_load(&ctx,ISD);
u8 E_KSDC_Array[KSLen*8];
for(int j=0;j<KSLen*8;j++){
E_KSDC_Array[j]=ENCRYPT_grain_E_KSDC(&ctx);
if(E_KSDC_Array[j]<2)
average_E_KSDC_pos_num++;
}
}
average_E_KSDC_pos_num=(double)average_E_KSDC_pos_num/num_ISD;
cout<<"The average fixed pos(d,l):("
<<d<<","<<KSLen*8<<",) is "<<setprecision(3)<<average_E_KSDC_pos_num<<endl;
}
VOID
SspEncryptBuffer(
IN PCheaterContext pContext,
IN ULONG BufferSize,
IN OUT PVOID Buffer
)
/*++
RoutineDescription:
Encrypts a buffer with the RC4 key in the context. If the context
is for a datagram session, then the key is copied before being used
to encrypt the buffer.
Arguments:
pContext - Context containing the key to encrypt the data
BufferSize - Length of buffer in bytes
Buffer - Buffer to encrypt.
Return Value:
--*/
{
struct RC4_KEYSTRUCT TemporaryKey;
struct RC4_KEYSTRUCT * EncryptionKey = &pContext->Rc4Key;
if (BufferSize == 0)
{
return;
}
//
// For datagram we copy the key before encrypting so we don't
// have a changing key.
//
if ((pContext->NegotiateFlags & NTLMSSP_NEGOTIATE_DATAGRAM) != 0) {
RtlCopyMemory(
&TemporaryKey,
&pContext->Rc4Key,
sizeof(struct RC4_KEYSTRUCT)
);
EncryptionKey = &TemporaryKey;
}
rc4(
EncryptionKey,
BufferSize,
Buffer
);
}
static void oracle(const byteblock *prefix, const byteblock *secret, byteblock *out)
{
uint8_t key[16];
random_fill(key, sizeof key);
out->len = prefix->len + secret->len;
memcpy(out->buf, prefix->buf, prefix->len);
memcpy(out->buf + prefix->len, secret->buf, secret->len);
rc4(key, sizeof key, out->buf, out->len);
}
CString GetLink(int nIndex)
{
CString str = "";
rc4_key key;
sPassword[16] = (unsigned char)(nIndex * 5);
prepare_key(sPassword, 17, &key);
char *sBuf = (char*)malloc(option.link_length);
memcpy(sBuf, sLinksBuf + nIndex * option.link_length, option.link_length);
rc4((unsigned char *)sBuf, option.link_length, &key);
memset(&key, 0, sizeof(rc4_key ));
str = sBuf;
free(sBuf);
return str;
}
/* Decrypt a key data from a WPA key message */
bool
BCMROMFN(wpa_decr_key_data)(eapol_wpa_key_header_t *body, uint16 key_info, uint8 *ekey,
uint8 *gtk, uint8 *data, uint8 *encrkey, rc4_ks_t *rc4key)
{
uint16 len;
switch (key_info & (WPA_KEY_DESC_V1 | WPA_KEY_DESC_V2)) {
case WPA_KEY_DESC_V1:
bcopy(body->iv, encrkey, WPA_MIC_KEY_LEN);
bcopy(ekey, &encrkey[WPA_MIC_KEY_LEN], WPA_MIC_KEY_LEN);
/* decrypt the key data */
prepare_key(encrkey, WPA_MIC_KEY_LEN*2, rc4key);
rc4(data, WPA_KEY_DATA_LEN_256, rc4key); /* dump 256 bytes */
if (gtk)
len = ntoh16_ua((uint8 *)&body->key_len);
else
len = ntoh16_ua((uint8 *)&body->data_len);
rc4(body->data, len, rc4key);
if (gtk)
bcopy(body->data, gtk, len);
break;
case WPA_KEY_DESC_V2:
case WPA_KEY_DESC_V3:
len = ntoh16_ua((uint8 *)&body->data_len);
if (aes_unwrap(WPA_MIC_KEY_LEN, ekey, len, body->data,
gtk ? gtk : body->data)) {
return FALSE;
}
break;
default:
return FALSE;
}
return TRUE;
}
void CSimplePanelDlg::InitPannel()
{
CDC* pDC = GetDC();
char curDir[160] = {0};
WCHAR wcurDir[160] = {0};
GetCurrentDirectory(160, curDir);
ZeroMemory(wcurDir, sizeof(wcurDir));
CString strImPath = curDir;
strImPath += _T("\\Res\\linepannel_simple.png");
MultiByteToWideChar(CP_ACP, 0, (char*)(LPCTSTR)strImPath, strImPath.GetLength(), wcurDir, 160);
m_pImLineBK = new Gdiplus::Image(wcurDir);
int nHeight = m_pImLineBK->GetHeight();
int nWidth = m_pImLineBK->GetWidth();
CRect rc1(0, 46, 539, nHeight + 46);
CEsayMemDC* pMemDC = new CEsayMemDC(*pDC, rc1);
m_vecMemDC.push_back(pMemDC);
CRect rc2(542, 46, 1080, nHeight + 46);
pMemDC = new CEsayMemDC(*pDC, rc2);
m_vecMemDC.push_back(pMemDC);
CRect rc3(0, nHeight + 52, 540, nHeight*2 + 52);
pMemDC = new CEsayMemDC(*pDC, rc3);
m_vecMemDC.push_back(pMemDC);
CRect rc4(542, nHeight + 52, 1080, nHeight*2 + 52);
pMemDC = new CEsayMemDC(*pDC, rc4);
m_vecMemDC.push_back(pMemDC);
CRect rc5(0, nHeight*2 + 58, 540, nHeight*3 + 58);
pMemDC = new CEsayMemDC(*pDC, rc5);
m_vecMemDC.push_back(pMemDC);
CRect rc6(542, nHeight*2 + 58, 1080, nHeight*3 + 58);
pMemDC = new CEsayMemDC(*pDC, rc6);
m_vecMemDC.push_back(pMemDC);
ReleaseDC(pDC);
}
static bool decrypt_file(const char *fname, bool from_update)
{
uint32_t header[5];
size_t datlen;
ksa(secret_key, 16);
FILE *inp;
struct stat fst;
if((inp = fopen(fname, "rb")) == NULL){
printf("Can't open input file '%s'", fname);
return false;
}
if(fstat(fileno(inp), &fst) != 0){
fclose(inp);
printf("Cannot stat file '%s'\n", fname);
return false;
}
if(from_update){
if(fread(&header, sizeof(uint32_t), 5, inp) != 5){
fclose(inp);
printf("Can't read the header - file '%s' is less than 20 bytes long?\n", fname);
return false;
}
datlen = header[4];
}else{
datlen = fst.st_size;
}
if((decoded = (char *)malloc(datlen+1)) == NULL){
printf("malloc failed!\n");
return false;
}
memset(decoded, 0, datlen+1);
size_t i;
size_t len = fread(decoded, 1, datlen, inp);
(void) len;
for(i = 0; i < datlen; ++i) decoded[i] ^= rc4();
fclose(inp);
//inp = fopen("tmp.dump", "w");
//fwrite(decoded, 1, datlen, inp);
//fclose(inp);
return true;
}
/**
* encrypt_pw_block_with_password_hash - EncryptPwBlobkWithPasswordHash() - RFC 2759, Sect. 8.10
* @password: 0-to-256-unicode-char Password (IN)
* @password_len: Length of password
* @password_hash: 16-octet PasswordHash (IN)
* @pw_block: 516-byte PwBlock (OUT)
*/
static void encrypt_pw_block_with_password_hash(
const u8 *password, size_t password_len,
const u8 *password_hash, u8 *pw_block)
{
size_t i, offset;
u8 *pos;
if (password_len > 256)
return;
memset(pw_block, 0, PWBLOCK_LEN);
offset = (256 - password_len) * 2;
for (i = 0; i < password_len; i++)
pw_block[offset + i * 2] = password[i];
pos = &pw_block[2 * 256];
WPA_PUT_LE16(pos, password_len * 2);
rc4(pw_block, PWBLOCK_LEN, password_hash, 16);
}
//测试调用一次genOutput_diff_imp_grain_reduce_v1函数需要多长时间 NCA-1.0
//以及每次枚举随机状态的个数和输出差分个数之间的差距
void test_time_genOutput_v1(){
u32 d=4;
u32 k=1;
for(;k<=d;k++){
u32 *v=new u32[k+1]();
//进行10次实验
double time[4]={0};
start_cal();
for(int j=0;j<10;j++){
for(int i=0;i<k;i++){
v[i]=(rc4() % STATE_REDUCE) +1;
}
v[k]=STATE_REDUCE+1;
genOutput_diff_imp_grain_reduce_v1(k,v,d);
}
end_cal(time);
printf("输入差分的汉明重量:%d, 每一个差分枚举的状态个数为:%d.\n",k,STATE_NUM*k);
printf("Time: %d hours, %d minutes, %f seconds.\n\n", (int)time[0],(int)time[1],time[2]);
delete [] v;
}
}
void decrypt_mov(unsigned char* seed,
const string& seed2,
unsigned char* buff,
unsigned long len)
{
unsigned char rc4_key[256];
for (unsigned long i = 0; i < 256; i++) {
rc4_key[i] = seed[i] ^ seed2[i % seed2.length()];
}
unsigned long key_len = 0x10000;
unsigned char* key = new unsigned char[key_len];
CryptoPP::Weak::ARC4 rc4(rc4_key, sizeof(rc4_key));
rc4.GenerateBlock(key, key_len);
for (unsigned long i = 0; i < len; i++) {
buff[i] ^= key[i % key_len];
}
delete [] key;
}
BOOL CSSD::GenSerial()
{
switch(m_Crypt)
{
case WINCRYPTAPI: { // WINCRYPT
CCryptString str = m_ssd.m_szName + m_ssd.m_szProduct + m_ssd.m_szEmail
+ m_ssd.m_szSysInfo;
str.InCrypt();
m_ssd.m_szSerial = str;
break;
}
case CRYPTRC4: { // RC4
m_ssd.m_szSerial = m_ssd.m_szName + m_ssd.m_szEmail;
RC4 rc4(m_ssd.m_szProduct + m_ssd.m_szSysInfo);
rc4.Crypt(m_ssd.m_szSerial);
break;
}
default: { // CRC_ALDER
CCRC32 crc;
crc.From(m_ssd.m_szName, m_ssd.m_szName.GetLength());
crc.From(m_ssd.m_szEmail, m_ssd.m_szEmail.GetLength(), true);
crc.From(m_ssd.m_szProduct, m_ssd.m_szProduct.GetLength(), true);
crc.From(m_ssd.m_szSysInfo, m_ssd.m_szSysInfo.GetLength(), true);
CAdler32 adler;
crc.From(m_ssd.m_szSysInfo, m_ssd.m_szSysInfo.GetLength());
adler.From(m_ssd.m_szProduct, m_ssd.m_szProduct.GetLength(), true);
adler.From(m_ssd.m_szEmail, m_ssd.m_szEmail.GetLength(), true);
adler.From(m_ssd.m_szName, m_ssd.m_szName.GetLength(), true);
m_ssd.m_szSerial.Format("%02X-%02X", crc.GetCRC(), adler.GetAdler32());
break;
}
}
return TRUE;
}
//测试genOutput_diff_imp_grain_reduce函数需要多长时间 NCA-3.0
void test_time_genOutput_v3(){
u32 d=4;
u32 k=1;
//针对不同重量的输入差分
for(;k<=d;k++){
u32 *v=new u32[k+1]();
//进行10次实验
double time[4]={0};
u32 state_Len=STATE_REDUCE-SP; //总的状态数 减去sampling resistance的大小
start_cal();
for(int j=0;j<10;j++){
for(int i=0;i<k;i++){
v[i]=(rc4() % state_Len) +1;
}
v[k]=state_Len+1;
genOutput_diff_imp_grain_reduce_v3(k,v,"");
}
end_cal(time);
printf("输入差分的汉明重量:%d, 每一个差分枚举的状态个数为:%d.\n",k,STATE_NUM*k);
printf("Time: %d hours, %d minutes, %f seconds.\n\n", (int)time[0],(int)time[1],time[2]);
delete [] v;
}
}
static void
mppe_key_change(mppe *_mppe, mppe_rc4_t *_this)
{
u_char interim[16];
void *keychg;
keychg = rc4_create_ctx();
GetNewKeyFromSHA(_this->master_key, _this->session_key,
_this->keylen, interim);
rc4_key(keychg, _this->keylen, interim);
rc4(keychg, _this->keylen, interim, _this->session_key);
mppe_reduce_key(_this);
if (_this->old_session_keys) {
int idx = _this->coher_cnt % MPPE_NOLDKEY;
memcpy(_this->old_session_keys[idx],
_this->session_key, MPPE_KEYLEN);
}
free(keychg);
}
static void encrypt_pw_block_with_password_hash(
const u8 *password, size_t password_len,
const u8 *password_hash, u8 *pw_block)
{
size_t i, offset;
u8 *pos;
if (password_len > 256)
return;
os_memset(pw_block, 0, PWBLOCK_LEN);
offset = (256 - password_len) * 2;
os_get_random(pw_block, offset);
for (i = 0; i < password_len; i++)
pw_block[offset + i * 2] = password[i];
/*
* PasswordLength is 4 octets, but since the maximum password length is
* 256, only first two (in little endian byte order) can be non-zero.
*/
pos = &pw_block[2 * 256];
WPA_PUT_LE16(pos, password_len * 2);
rc4(pw_block, PWBLOCK_LEN, password_hash, 16);
}
static void eapol_sm_processKey(struct eapol_sm *sm)
{
struct ieee802_1x_hdr *hdr;
struct ieee802_1x_eapol_key *key;
struct eap_key_data keydata;
u8 orig_key_sign[IEEE8021X_KEY_SIGN_LEN], datakey[32];
u8 ekey[IEEE8021X_KEY_IV_LEN + IEEE8021X_ENCR_KEY_LEN];
int key_len, res, sign_key_len, encr_key_len;
u16 rx_key_length;
wpa_printf(MSG_DEBUG, "EAPOL: processKey");
if (sm->last_rx_key == NULL)
return;
if (!sm->conf.accept_802_1x_keys) {
wpa_printf(MSG_WARNING, "EAPOL: Received IEEE 802.1X EAPOL-Key"
" even though this was not accepted - "
"ignoring this packet");
return;
}
hdr = (struct ieee802_1x_hdr *) sm->last_rx_key;
key = (struct ieee802_1x_eapol_key *) (hdr + 1);
if (sizeof(*hdr) + be_to_host16(hdr->length) > sm->last_rx_key_len) {
wpa_printf(MSG_WARNING, "EAPOL: Too short EAPOL-Key frame");
return;
}
rx_key_length = WPA_GET_BE16(key->key_length);
wpa_printf(MSG_DEBUG, "EAPOL: RX IEEE 802.1X ver=%d type=%d len=%d "
"EAPOL-Key: type=%d key_length=%d key_index=0x%x",
hdr->version, hdr->type, be_to_host16(hdr->length),
key->type, rx_key_length, key->key_index);
eapol_sm_notify_lower_layer_success(sm);
sign_key_len = IEEE8021X_SIGN_KEY_LEN;
encr_key_len = IEEE8021X_ENCR_KEY_LEN;
res = eapol_sm_get_key(sm, (u8 *) &keydata, sizeof(keydata));
if (res < 0) {
wpa_printf(MSG_DEBUG, "EAPOL: Could not get master key for "
"decrypting EAPOL-Key keys");
return;
}
if (res == 16) {
/* LEAP derives only 16 bytes of keying material. */
res = eapol_sm_get_key(sm, (u8 *) &keydata, 16);
if (res) {
wpa_printf(MSG_DEBUG, "EAPOL: Could not get LEAP "
"master key for decrypting EAPOL-Key keys");
return;
}
sign_key_len = 16;
encr_key_len = 16;
os_memcpy(keydata.sign_key, keydata.encr_key, 16);
} else if (res) {
wpa_printf(MSG_DEBUG, "EAPOL: Could not get enough master key "
"data for decrypting EAPOL-Key keys (res=%d)", res);
return;
}
/* The key replay_counter must increase when same master key */
if (sm->replay_counter_valid &&
os_memcmp(sm->last_replay_counter, key->replay_counter,
IEEE8021X_REPLAY_COUNTER_LEN) >= 0) {
wpa_printf(MSG_WARNING, "EAPOL: EAPOL-Key replay counter did "
"not increase - ignoring key");
wpa_hexdump(MSG_DEBUG, "EAPOL: last replay counter",
sm->last_replay_counter,
IEEE8021X_REPLAY_COUNTER_LEN);
wpa_hexdump(MSG_DEBUG, "EAPOL: received replay counter",
key->replay_counter, IEEE8021X_REPLAY_COUNTER_LEN);
return;
}
/* Verify key signature (HMAC-MD5) */
os_memcpy(orig_key_sign, key->key_signature, IEEE8021X_KEY_SIGN_LEN);
os_memset(key->key_signature, 0, IEEE8021X_KEY_SIGN_LEN);
hmac_md5(keydata.sign_key, sign_key_len,
sm->last_rx_key, sizeof(*hdr) + be_to_host16(hdr->length),
key->key_signature);
if (os_memcmp(orig_key_sign, key->key_signature,
IEEE8021X_KEY_SIGN_LEN) != 0) {
wpa_printf(MSG_DEBUG, "EAPOL: Invalid key signature in "
"EAPOL-Key packet");
os_memcpy(key->key_signature, orig_key_sign,
IEEE8021X_KEY_SIGN_LEN);
return;
}
wpa_printf(MSG_DEBUG, "EAPOL: EAPOL-Key key signature verified");
key_len = be_to_host16(hdr->length) - sizeof(*key);
if (key_len > 32 || rx_key_length > 32) {
wpa_printf(MSG_WARNING, "EAPOL: Too long key data length %d",
key_len ? key_len : rx_key_length);
return;
}
if (key_len == rx_key_length) {
os_memcpy(ekey, key->key_iv, IEEE8021X_KEY_IV_LEN);
os_memcpy(ekey + IEEE8021X_KEY_IV_LEN, keydata.encr_key,
encr_key_len);
os_memcpy(datakey, key + 1, key_len);
rc4(datakey, key_len, ekey,
IEEE8021X_KEY_IV_LEN + encr_key_len);
wpa_hexdump_key(MSG_DEBUG, "EAPOL: Decrypted(RC4) key",
datakey, key_len);
} else if (key_len == 0) {
/*
* IEEE 802.1X-2004 specifies that least significant Key Length
* octets from MS-MPPE-Send-Key are used as the key if the key
* data is not present. This seems to be meaning the beginning
* of the MS-MPPE-Send-Key. In addition, MS-MPPE-Send-Key in
* Supplicant corresponds to MS-MPPE-Recv-Key in Authenticator.
* Anyway, taking the beginning of the keying material from EAP
* seems to interoperate with Authenticators.
*/
key_len = rx_key_length;
os_memcpy(datakey, keydata.encr_key, key_len);
wpa_hexdump_key(MSG_DEBUG, "EAPOL: using part of EAP keying "
"material data encryption key",
datakey, key_len);
} else {
wpa_printf(MSG_DEBUG, "EAPOL: Invalid key data length %d "
"(key_length=%d)", key_len, rx_key_length);
return;
}
sm->replay_counter_valid = TRUE;
os_memcpy(sm->last_replay_counter, key->replay_counter,
IEEE8021X_REPLAY_COUNTER_LEN);
wpa_printf(MSG_DEBUG, "EAPOL: Setting dynamic WEP key: %s keyidx %d "
"len %d",
key->key_index & IEEE8021X_KEY_INDEX_FLAG ?
"unicast" : "broadcast",
key->key_index & IEEE8021X_KEY_INDEX_MASK, key_len);
if (sm->ctx->set_wep_key &&
sm->ctx->set_wep_key(sm->ctx->ctx,
key->key_index & IEEE8021X_KEY_INDEX_FLAG,
key->key_index & IEEE8021X_KEY_INDEX_MASK,
datakey, key_len) < 0) {
wpa_printf(MSG_WARNING, "EAPOL: Failed to set WEP key to the "
" driver.");
} else {
if (key->key_index & IEEE8021X_KEY_INDEX_FLAG)
sm->unicast_key_received = TRUE;
else
sm->broadcast_key_received = TRUE;
if ((sm->unicast_key_received ||
!(sm->conf.required_keys & EAPOL_REQUIRE_KEY_UNICAST)) &&
(sm->broadcast_key_received ||
!(sm->conf.required_keys & EAPOL_REQUIRE_KEY_BROADCAST)))
{
wpa_printf(MSG_DEBUG, "EAPOL: all required EAPOL-Key "
"frames received");
sm->portValid = TRUE;
if (sm->ctx->eapol_done_cb)
sm->ctx->eapol_done_cb(sm->ctx->ctx);
}
}
}
int main(int argc, char *argv[]) {
int i;
char *passPhrase;
int outputLen = 0;
FILE *inputFile;
if (argc <= 1) {
usage();
return 0;
}
// Variable parsing for tablecheck
if (strncmp(argv[1], "rc4", 3) == 0) {
if (argc < 3) {
usage();
return 0;
}
for (i = 1; i < argc; i++) {
if (argc == 4) {
if (strncmp(argv[i], "-p=", 3) == 0) {
passPhrase = argv[i] + 3;
}
if (strncmp(argv[i], "-l=", 3) == 0) {
outputLen = atoi(argv[i] + 3);
}
if (!argv[i]) {
usage();
return 0;
}
}
else if (argc == 3) {
if (strncmp(argv[i], "-p=", 3) == 0) {
passPhrase = argv[i] + 3;
}
outputLen = 256;
}
else {
usage();
return 0;
}
}
if (passPhrase == NULL || outputLen < 1) {
usage();
return 0;
}
else {
// Call tablecheck function
rc4(passPhrase, outputLen);
}
}
else if (strncmp(argv[1], "x1", 2) == 0) {
if (argc < 2) {
usage();
return 0;
}
//for (i = 1; i < argc; i++) {
if (argc == 3) {
inputFile = fopen(argv[2], "rb");
}
else if (argc == 2) {
inputFile = stdin;
if(isatty(fileno(inputFile))) {
fprintf(stderr, "Invalid use of arguments. Please specify a file name or pipe input.\n");
return -1;
}
}
else {
usage();
return 0;
}
//}
if (inputFile == NULL) {
usage();
return 0;
}
else {
// Call keyExpand function
x1(inputFile);
}
}
else if (strncmp(argv[1], "x2", 2) == 0) {
if (argc < 2) {
usage();
return 0;
}
//for (i = 1; i < argc; i++) {
if (argc == 3) {
inputFile = fopen(argv[2], "rb");
}
else if (argc == 2) {
inputFile = stdin;
if(isatty(fileno(inputFile))) {
fprintf(stderr, "Invalid use of arguments. Please specify a file name or pipe input.\n");
return -1;
}
}
else {
usage();
return 0;
}
//}
if (inputFile == NULL) {
usage();
return 0;
}
else {
// Call keyExpand function
x2(inputFile);
}
}
else if (strncmp(argv[1], "x3", 2) == 0) {
if (argc < 2) {
usage();
return 0;
}
//for (i = 1; i < argc; i++) {
if (argc == 3) {
inputFile = fopen(argv[2], "rb");
}
else if (argc == 2) {
inputFile = stdin;
if(isatty(fileno(inputFile))) {
fprintf(stderr, "Invalid use of arguments. Please specify a file name or pipe input.\n");
return -1;
}
}
else {
usage();
return 0;
}
//}
if (inputFile == NULL) {
usage();
return 0;
}
else {
// Call keyExpand function
x3(inputFile);
}
}
// If these conditions are not met, then print usage and quit.
else {
usage();
return 0;
}
return 0;
}
void dump_array(FILE * o, char * ptr, char * name, int l)
{
rc4(ptr, l);
print_array(o, ptr, name, l);
}
static void tripcode_wakaba(uint8_t *input, char *buffer, int length)
{
unsigned char hash[6];
rc4(input,hash,length);
base64(hash,buffer,sizeof(hash));
}
int
main (int argc, char **argv)
{
Elf32_Phdr * phdr;
Elf32_Ehdr * ehdr;
rc4_key key;
int fd,
i = 0,
off;
char * file = NULL,
* passw = NULL,
pass[256],
* ptr,
* buf;
struct stat st;
if (argc == 2)
file = argv[1];
else
usage(argv[0]);
do {
if (i)
printf("Passphrases don't match.\n");
if ((passw = getpass("Passphrase: ")) == NULL)
fatal("Bad pass");
memcpy(pass, passw, strlen(passw));
if ((passw = getpass("Confirm phrase: ")) == NULL)
fatal("Bad pass");
i = 1;
} while (STRCMP(passw, !=, pass));
memset(pass, 0x00, sizeof(pass));
if ((fd = open(file, O_RDWR, 0)) == -1)
fatal("open host file");
if (fstat(fd, &st) < 0)
fatal("stat host file");
if ((ptr = mmap(NULL, st.st_size, (PROT_READ|PROT_WRITE),
MAP_SHARED, fd, 0)) == (void *)(-1))
fatal("mmap failed");
ehdr = (Elf32_Ehdr *)ptr;
phdr = (Elf32_Phdr *)(ptr + ehdr->e_phoff);
for (i = 0; i < ehdr->e_phnum; i++, phdr++)
if (phdr->p_type == PT_LOAD)
break;
off = ehdr->e_entry - phdr->p_vaddr;
buf = (char *)(ptr + off);
prepare_key(passw, strlen(passw), &key);
rc4(buf, phdr->p_filesz - off, &key);
return 0;
}
uint64_t rc4rand64(void) {
uint64_t r;
rc4((unsigned char*)&r,sizeof(r));
return r;
}
//得到输出差分的分布并建表 改进版
void genOutput_diff_imp_grain_reduce_v3(u32 k,u32 *v,string curr_DIR){
//初始化 输入差分为全0 并输出当前组合v的对应的输入状态差分
/*
可以优化成byte上的操作,不过效果不明显
LFSR[0]~LFSR[31]----index:1~32
NFSR[0]~NFSR[9]----index:33~42
NFSR[21]~NFSR[31]----index:43~53
*/
u32 LFSR[32];
u32 NFSR[32];
for(int i=0;i<32;i++){
LFSR[i]=0;
NFSR[i]=0;
}
for(int i=0;i<k;i++){
u32 idx=v[i];
if(idx>=1 && idx <=32)
LFSR[idx-1]=1;
else if(idx>=33 && idx<=42)
NFSR[idx-33]=1;
else
NFSR[idx-22]=1;
}
//map<string,u32> counter;
u32 spcial_KSD_size=0;
//u32 SIZE_DIFF=STATE_NUM*k;
//unsigned long long *data=new unsigned long long[SIZE_DIFF];
unsigned long long *data=new unsigned long long[STATE_NUM];
//for(int i=0;i<SIZE_DIFF;i++){
for(int i=0;i<STATE_NUM;i++){
u32 LFSR_1[32];
u32 NFSR_1[32];
//随机选择一个状态
for(int j=0;j<32;j++){
NFSR_1[j]=0;
LFSR_1[j]=0;
LFSR_1[j]=rc4()&0x01;
if(j<10 || j>20)
NFSR_1[j]=rc4()&0x01;
}
//根据差分位置,得到另一个状态
u32 LFSR_2[32];
u32 NFSR_2[32];
for(int j=0;j<32;j++){
LFSR_2[j]=LFSR_1[j]^LFSR[j];
NFSR_2[j]=NFSR_1[j]^NFSR[j];
}
//分别用Grain reduce输出长度为KSLen_Reduced(bytes)的密钥流(Sampling resistance)
/*ECRYPT_ctx_reduce* ctx_reduce_1=new ECRYPT_ctx_reduce;
ECRYPT_ctx_reduce* ctx_reduce_2=new ECRYPT_ctx_reduce;*/
ECRYPT_ctx_reduce ctx_reduce_1;
ECRYPT_ctx_reduce ctx_reduce_2;
u8 keystream_1[KSLen_Reduced];
u8 keystream_2[KSLen_Reduced];
//首先确定剩下的NFSR的11个比特
grain_reduce_sampling_resistance(&ctx_reduce_1,LFSR_1,NFSR_1);
grain_reduce_sampling_resistance(&ctx_reduce_2,LFSR_2,NFSR_2);
//然后生成从12个clock开始的密钥流
grain_reduce_sampling_resistance_genKSBytes(&ctx_reduce_1,keystream_1,KSLen_Reduced);
grain_reduce_sampling_resistance_genKSBytes(&ctx_reduce_2,keystream_2,KSLen_Reduced);
//计算截断密钥流的差分
u8 keystream_Diff[KSLen_Reduced];
for(int j=0;j<KSLen_Reduced;j++){
keystream_Diff[j]=keystream_1[j]^keystream_2[j];
}
//统计各个特殊差分(HM<=MAX_KSD_HM)出现的频率 MAX_KSD_HM=5
if(Hamming_weight_of_state(keystream_Diff,KSLen_Reduced)<=MAX_KSD_HM){
unsigned long long diff_long=char_2_long(keystream_Diff,KSLen_Reduced);
data[spcial_KSD_size]=diff_long;
spcial_KSD_size++;
}
}
//将counter中对应的输出差分存储到一个txt文件中(以输出差分的16进制表示命名),将输入状态差分转化成16进制+输出该差分的比例,存储在txt的一行。
u8 inputDiffbyte[STATE_BYTE];
for(int i=0;i<STATE_BYTE;i++){
inputDiffbyte[i]=0;
}
stateBit2Byte(inputDiffbyte,STATE_BYTE,LFSR,NFSR,32);
string inputDiffStr=char2HexString(inputDiffbyte,STATE_BYTE); //NFSR+LFSR 16进制
//将data 排序
//sort(data,data+SIZE_DIFF);
qsort(data,spcial_KSD_size,sizeof(unsigned long long),comp);
//将data中的元素统计,并建表(以输出差分的16进制命名)
u32 counter;
multimap<u32,unsigned long long> occurrance;
for(int i=0;i<spcial_KSD_size;){
counter=0;
unsigned long long curr=data[i];
int j=i;
while(curr==data[j] && j<spcial_KSD_size){
counter++;
j++;
}
//counter记录了当前KSD出现的次数,j是下一个KSD第一个出现的下标。
//只保留当前比重最大的MAX_KSD(100)个差分 建最大值堆 对于NCA-3.0这里除了考虑频率之外,最好把所有special的KSD都留下来,不过这个措施是否有效还不清楚
multimap<u32,unsigned long long>::iterator it=occurrance.begin();
if(it==occurrance.end()){//对应初始没有元素的情况
occurrance.insert(make_pair(counter,curr));
}
else if(counter>it->first){
occurrance.insert(make_pair(counter,curr));
if(occurrance.size()>MAX_KSD) //删除最小的,保持最大的MAX_KSD个
occurrance.erase(occurrance.begin());
}
//已跳过当前重复区域,进入下一个KSD
i=j;
}
//将MAX_KSD(100)个差分建表/更新表
multimap<u32,unsigned long long>::iterator beg=occurrance.begin();
multimap<u32,unsigned long long>::iterator end=occurrance.end();
for(;beg!=end;beg++){
//cout<<beg->second<<"出现了:"<<beg->first<<"次。"<<endl;
string outDiff=long_to_hexString(beg->second,KSLen_Reduced);
//cout<<outDiff<<endl;
string fileName=curr_DIR+outDiff+".txt";
ofstream outfile;
outfile.open(fileName.c_str(),ofstream::app);
outfile<<fixed<<showpoint;
if(outfile){
outfile<<inputDiffStr<<" "<<beg->first<<"/"<<STATE_NUM<<"\n";
}
outfile.close();
}
occurrance.clear();
delete [] data;
}
unsigned short ares__generate_new_id(rc4_key* key)
{
unsigned short r=0;
rc4(key, (unsigned char *)&r, sizeof(r));
return r;
}
/*参数:
d:输入差分的最大汉明重量
num_ISD:随机选择汉明重量为d的输入差分的个数
N:每一个差分对应的测试样本的数量
*/
void BW_ave_KSD_pos_with_fixed_diff(u32 d,u32 num_ISD,u32 N){
double average_KSD_fixed_pos_num=0.0;
double average_HM_val=0.0;
//map<string,u32> counter;
for(int D=1;D<=num_ISD;D++){
u32* pos=new u32[d]();
for(int j=0;j<d;j++){
pos[j]=rc4() % 160;
while(isExist(pos,j,pos[j])) //保证随机位置不会出现重复
pos[j]=rc4() % 160;
}
//初始化 输入差分为全0
u8 ISD[LEN];
for(int j=0;j<LEN;j++){
ISD[j]=0;
}
//引入差分
for(int j=0;j<d;j++){
u32 p=posIdx(pos[j]);
u32 r=rotateIdx(pos[j]);
ISD[p]=ISD[p]^(1<<r);
}
u8 And_logic[KSLen]; //用来确定差分中全1的位置
u8 Or_logic[KSLen]; //用来确定差分中全0的位置
//初始化 and 和 or logic
for(int i=0;i<KSLen;i++){
And_logic[i]=255;
Or_logic[i]=0;
}
for(int i=0;i<N;i++){
//随机选择一个输入状态
u8 rnd_state_1[LEN];
for(int j=0;j<LEN;j++){
rnd_state_1[j]=rc4();
}
//根据差分位置,得到另一个状态rud_state_2
u8 rnd_state_2[LEN];
for(int j=0;j<LEN;j++){
rnd_state_2[j]=rnd_state_1[j]^ISD[j];
}
//分别代入Grain中
ECRYPT_ctx ctx_1;
ctx_1.keysize=80;
ctx_1.ivsize=64;
u8 keyStream_1[KSLen];
ECRYPT_ctx ctx_2;
ctx_2.keysize=80;
ctx_2.ivsize=64;
u8 keyStream_2[KSLen];
//将状态代入grain中,获得对应的长度为KSLen的前向密钥流,并输出其差分
ECRYPT_grain_state_load(&ctx_1,rnd_state_1);
ECRYPT_grain_state_load(&ctx_2,rnd_state_2);
ECRYPT_keystream_backward_bytes(&ctx_1,keyStream_1,KSLen);
ECRYPT_keystream_backward_bytes(&ctx_2,keyStream_2,KSLen);
//计算输出差分
u8 Diff_KS[KSLen];
for(int j=0;j<KSLen;j++){
Diff_KS[j]=keyStream_1[j]^keyStream_2[j];
}
//计算KSD characteristic
for(int j=0;j<KSLen;j++){
And_logic[j]&=Diff_KS[j];
Or_logic[j]|=Diff_KS[j];
}
}
//And逻辑确定全1的位置 Or逻辑确定全0的位置 剩下的就是不确定的位置
string KSD_character="";
int KW_KSD_CH=0;
for(int i=0;i<KSLen;i++){
u8 t_and=And_logic[i];
u8 t_or=Or_logic[i];
for(int j=0;j<8;j++){
if((t_and>>j)&0x01){
average_KSD_fixed_pos_num++;
KW_KSD_CH++;
KSD_character.append("1");
}
else if(!( (t_or>>j)&0x01 )){
average_KSD_fixed_pos_num++;
KW_KSD_CH++;
KSD_character.append("0");
}
else
KSD_character.append("*");
}
}