1*86d7f5d3SJohn Marino /*- 2*86d7f5d3SJohn Marino * Copyright (c) 2007, Erik Tews, Andrei Pychkine and Ralf-Philipp Weinmann 3*86d7f5d3SJohn Marino * <aircrack-ptw@cdc.informatik.tu-darmstadt.de> 4*86d7f5d3SJohn Marino * All rights reserved. 5*86d7f5d3SJohn Marino * 6*86d7f5d3SJohn Marino * Redistribution and use in source and binary forms, with or without 7*86d7f5d3SJohn Marino * modification, are permitted provided that the following conditions 8*86d7f5d3SJohn Marino * are met: 9*86d7f5d3SJohn Marino * 1. Redistributions of source code must retain the above copyright 10*86d7f5d3SJohn Marino * notice, this list of conditions and the following disclaimer. 11*86d7f5d3SJohn Marino * 2. Redistributions in binary form must reproduce the above copyright 12*86d7f5d3SJohn Marino * notice, this list of conditions and the following disclaimer in the 13*86d7f5d3SJohn Marino * documentation and/or other materials provided with the distribution. 14*86d7f5d3SJohn Marino * 15*86d7f5d3SJohn Marino * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16*86d7f5d3SJohn Marino * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17*86d7f5d3SJohn Marino * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18*86d7f5d3SJohn Marino * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19*86d7f5d3SJohn Marino * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20*86d7f5d3SJohn Marino * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21*86d7f5d3SJohn Marino * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22*86d7f5d3SJohn Marino * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23*86d7f5d3SJohn Marino * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24*86d7f5d3SJohn Marino * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25*86d7f5d3SJohn Marino * SUCH DAMAGE. 26*86d7f5d3SJohn Marino * 27*86d7f5d3SJohn Marino * $FreeBSD: src/tools/tools/net80211/wesside/wesside/aircrack-ptw-lib.h,v 1.2 2007/04/09 15:43:43 sam Exp $ 28*86d7f5d3SJohn Marino */ 29*86d7f5d3SJohn Marino #include <stdint.h> 30*86d7f5d3SJohn Marino 31*86d7f5d3SJohn Marino // Number of bytes we use for our table of seen IVs, this is (2^24)/8 32*86d7f5d3SJohn Marino #define PTW_IVTABLELEN 2097152 33*86d7f5d3SJohn Marino 34*86d7f5d3SJohn Marino // How many sessions do we use to check if a guessed key is correct 35*86d7f5d3SJohn Marino // 10 seems to be a reasonable choice 36*86d7f5d3SJohn Marino #define PTW_CONTROLSESSIONS 10 37*86d7f5d3SJohn Marino 38*86d7f5d3SJohn Marino // The maximum possible length of the main key, 13 is the maximum for a 104 bit key 39*86d7f5d3SJohn Marino #define PTW_KEYHSBYTES 13 40*86d7f5d3SJohn Marino 41*86d7f5d3SJohn Marino // How long the IV is, 3 is the default value for WEP 42*86d7f5d3SJohn Marino #define PTW_IVBYTES 3 43*86d7f5d3SJohn Marino 44*86d7f5d3SJohn Marino // How many bytes of a keystream we collect, 16 are needed for a 104 bit key 45*86d7f5d3SJohn Marino #define PTW_KSBYTES 16 46*86d7f5d3SJohn Marino 47*86d7f5d3SJohn Marino // The MAGIC VALUE!! 48*86d7f5d3SJohn Marino #define PTW_n 256 49*86d7f5d3SJohn Marino 50*86d7f5d3SJohn Marino // We use this to keep track of the outputs of A_i 51*86d7f5d3SJohn Marino typedef struct { 52*86d7f5d3SJohn Marino // How often the value b appeard as an output of A_i 53*86d7f5d3SJohn Marino int votes; 54*86d7f5d3SJohn Marino 55*86d7f5d3SJohn Marino uint8_t b; 56*86d7f5d3SJohn Marino } PTW_tableentry; 57*86d7f5d3SJohn Marino 58*86d7f5d3SJohn Marino // A recovered session 59*86d7f5d3SJohn Marino typedef struct { 60*86d7f5d3SJohn Marino // The IV used in this session 61*86d7f5d3SJohn Marino uint8_t iv[PTW_IVBYTES]; 62*86d7f5d3SJohn Marino // The keystream used in this session 63*86d7f5d3SJohn Marino uint8_t keystream[PTW_KSBYTES]; 64*86d7f5d3SJohn Marino } PTW_session; 65*86d7f5d3SJohn Marino 66*86d7f5d3SJohn Marino // The state of an attack 67*86d7f5d3SJohn Marino // You should usually never modify these values manually 68*86d7f5d3SJohn Marino typedef struct { 69*86d7f5d3SJohn Marino // How many unique packets or IVs have been collected 70*86d7f5d3SJohn Marino int packets_collected; 71*86d7f5d3SJohn Marino // Table to check for duplicate IVs 72*86d7f5d3SJohn Marino uint8_t seen_iv[PTW_IVTABLELEN]; 73*86d7f5d3SJohn Marino // How many sessions for checking a guessed key have been collected 74*86d7f5d3SJohn Marino int sessions_collected; 75*86d7f5d3SJohn Marino // The actual recovered sessions 76*86d7f5d3SJohn Marino PTW_session sessions[PTW_CONTROLSESSIONS]; 77*86d7f5d3SJohn Marino // The table with votes for the keybytesums 78*86d7f5d3SJohn Marino PTW_tableentry table[PTW_KEYHSBYTES][PTW_n]; 79*86d7f5d3SJohn Marino } PTW_attackstate; 80*86d7f5d3SJohn Marino 81*86d7f5d3SJohn Marino PTW_attackstate * PTW_newattackstate(); 82*86d7f5d3SJohn Marino void PTW_freeattackstate(PTW_attackstate *); 83*86d7f5d3SJohn Marino int PTW_addsession(PTW_attackstate *, uint8_t *, uint8_t *); 84*86d7f5d3SJohn Marino int PTW_computeKey(PTW_attackstate *, uint8_t *, int, int); 85