fragattacks/src/crypto/sha1-pbkdf2.c

/*
 * SHA1-based key derivation function (PBKDF2) for IEEE 802.11i
 * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 * Alternatively, this software may be distributed under the terms of BSD
 * license.
 *
 * See README and COPYING for more details.
 */

#include "includes.h"

#include "common.h"
#include "sha1.h"
#include "md5.h"
#include "crypto.h"

static void pbkdf2_sha1_f(const char *passphrase, const char *ssid,
			  size_t ssid_len, int iterations, unsigned int count,
			  u8 *digest)
{
	unsigned char tmp[SHA1_MAC_LEN], tmp2[SHA1_MAC_LEN];
	int i, j;
	unsigned char count_buf[4];
	const u8 *addr[2];
	size_t len[2];
	size_t passphrase_len = os_strlen(passphrase);

	addr[0] = (u8 *) ssid;
	len[0] = ssid_len;
	addr[1] = count_buf;
	len[1] = 4;

	/* F(P, S, c, i) = U1 xor U2 xor ... Uc
	 * U1 = PRF(P, S || i)
	 * U2 = PRF(P, U1)
	 * Uc = PRF(P, Uc-1)
	 */

	count_buf[0] = (count >> 24) & 0xff;
	count_buf[1] = (count >> 16) & 0xff;
	count_buf[2] = (count >> 8) & 0xff;
	count_buf[3] = count & 0xff;
	hmac_sha1_vector((u8 *) passphrase, passphrase_len, 2, addr, len, tmp);
	os_memcpy(digest, tmp, SHA1_MAC_LEN);

	for (i = 1; i < iterations; i++) {
		hmac_sha1((u8 *) passphrase, passphrase_len, tmp, SHA1_MAC_LEN,
			  tmp2);
		os_memcpy(tmp, tmp2, SHA1_MAC_LEN);
		for (j = 0; j < SHA1_MAC_LEN; j++)
			digest[j] ^= tmp2[j];
	}
}


/**
 * pbkdf2_sha1 - SHA1-based key derivation function (PBKDF2) for IEEE 802.11i
 * @passphrase: ASCII passphrase
 * @ssid: SSID
 * @ssid_len: SSID length in bytes
 * @iterations: Number of iterations to run
 * @buf: Buffer for the generated key
 * @buflen: Length of the buffer in bytes
 *
 * This function is used to derive PSK for WPA-PSK. For this protocol,
 * iterations is set to 4096 and buflen to 32. This function is described in
 * IEEE Std 802.11-2004, Clause H.4. The main construction is from PKCS#5 v2.0.
 */
void pbkdf2_sha1(const char *passphrase, const char *ssid, size_t ssid_len,
		 int iterations, u8 *buf, size_t buflen)
{
	unsigned int count = 0;
	unsigned char *pos = buf;
	size_t left = buflen, plen;
	unsigned char digest[SHA1_MAC_LEN];

	while (left > 0) {
		count++;
		pbkdf2_sha1_f(passphrase, ssid, ssid_len, iterations, count,
			      digest);
		plen = left > SHA1_MAC_LEN ? SHA1_MAC_LEN : left;
		os_memcpy(pos, digest, plen);
		pos += plen;
		left -= plen;
	}
}
Crypto build cleanup: remove CONFIG_NO_PBKDF2 Instead of using a define and conditional building of sha1.c parts, move the PBKDF2 implementation into a separate file. 2009-08-11 13:31:39 -04:00			`/*`
			`* SHA1-based key derivation function (PBKDF2) for IEEE 802.11i`
			`* Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi>`
			`*`
			`* This program is free software; you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License version 2 as`
			`* published by the Free Software Foundation.`
			`*`
			`* Alternatively, this software may be distributed under the terms of BSD`
			`* license.`
			`*`
			`* See README and COPYING for more details.`
			`*/`

			`#include "includes.h"`

			`#include "common.h"`
			`#include "sha1.h"`
			`#include "md5.h"`
			`#include "crypto.h"`

			`static void pbkdf2_sha1_f(const char passphrase, const char ssid,`
			`size_t ssid_len, int iterations, unsigned int count,`
			`u8 *digest)`
			`{`
			`unsigned char tmp[SHA1_MAC_LEN], tmp2[SHA1_MAC_LEN];`
			`int i, j;`
			`unsigned char count_buf[4];`
			`const u8 *addr[2];`
			`size_t len[2];`
			`size_t passphrase_len = os_strlen(passphrase);`

			`addr[0] = (u8 *) ssid;`
			`len[0] = ssid_len;`
			`addr[1] = count_buf;`
			`len[1] = 4;`

			`/* F(P, S, c, i) = U1 xor U2 xor ... Uc`
			`* U1 = PRF(P, S \|\| i)`
			`* U2 = PRF(P, U1)`
			`* Uc = PRF(P, Uc-1)`
			`*/`

			`count_buf[0] = (count >> 24) & 0xff;`
			`count_buf[1] = (count >> 16) & 0xff;`
			`count_buf[2] = (count >> 8) & 0xff;`
			`count_buf[3] = count & 0xff;`
			`hmac_sha1_vector((u8 *) passphrase, passphrase_len, 2, addr, len, tmp);`
			`os_memcpy(digest, tmp, SHA1_MAC_LEN);`

			`for (i = 1; i < iterations; i++) {`
			`hmac_sha1((u8 *) passphrase, passphrase_len, tmp, SHA1_MAC_LEN,`
			`tmp2);`
			`os_memcpy(tmp, tmp2, SHA1_MAC_LEN);`
			`for (j = 0; j < SHA1_MAC_LEN; j++)`
			`digest[j] ^= tmp2[j];`
			`}`
			`}`


			`/**`
			`* pbkdf2_sha1 - SHA1-based key derivation function (PBKDF2) for IEEE 802.11i`
			`* @passphrase: ASCII passphrase`
			`* @ssid: SSID`
			`* @ssid_len: SSID length in bytes`
			`* @iterations: Number of iterations to run`
			`* @buf: Buffer for the generated key`
			`* @buflen: Length of the buffer in bytes`
			`*`
			`* This function is used to derive PSK for WPA-PSK. For this protocol,`
			`* iterations is set to 4096 and buflen to 32. This function is described in`
			`* IEEE Std 802.11-2004, Clause H.4. The main construction is from PKCS#5 v2.0.`
			`*/`
			`void pbkdf2_sha1(const char passphrase, const char ssid, size_t ssid_len,`
			`int iterations, u8 *buf, size_t buflen)`
			`{`
			`unsigned int count = 0;`
			`unsigned char *pos = buf;`
			`size_t left = buflen, plen;`
			`unsigned char digest[SHA1_MAC_LEN];`

			`while (left > 0) {`
			`count++;`
			`pbkdf2_sha1_f(passphrase, ssid, ssid_len, iterations, count,`
			`digest);`
			`plen = left > SHA1_MAC_LEN ? SHA1_MAC_LEN : left;`
			`os_memcpy(pos, digest, plen);`
			`pos += plen;`
			`left -= plen;`
			`}`
			`}`