Blame - hostapd/sae_pk_gen.c - android_external_wpa_supplicant_8

blob: c31eff75b538a00a9d6ba476a5c67198fed152db [file] [log] [blame]

Hai Shalom	899fcc7	2020-10-19 14:38:18 -0700	[diff] [blame]	1	/*
				2	* SAE-PK password/modifier generator
				3	* Copyright (c) 2020, The Linux Foundation
				4	*
				5	* This software may be distributed under the terms of the BSD license.
				6	* See README for more details.
				7	*/
				8
				9	#include "utils/includes.h"
				10
				11	#include "utils/common.h"
				12	#include "utils/base64.h"
				13	#include "crypto/crypto.h"
				14	#include "common/sae.h"
				15
				16
				17	int main(int argc, char *argv[])
				18	{
				19	char *der = NULL;
				20	size_t der_len;
				21	struct crypto_ec_key *key = NULL;
				22	struct wpabuf *pub = NULL;
				23	u8 data = NULL, m;
				24	size_t data_len;
				25	char b64 = NULL, pw = NULL, pos, src;
				26	int sec, j;
				27	int ret = -1;
				28	u8 hash[SAE_MAX_HASH_LEN];
				29	char hash_hex[2 * SAE_MAX_HASH_LEN + 1];
				30	u8 pw_base_bin[SAE_MAX_HASH_LEN];
				31	u8 *dst;
				32	int group;
				33	size_t hash_len;
				34	unsigned long long i, expected;
				35	char m_hex[2 * SAE_PK_M_LEN + 1];
				36	u32 sec_1b, val20;
				37
				38	wpa_debug_level = MSG_INFO;
				39	if (os_program_init() < 0)
				40	goto fail;
				41
				42	if (argc != 4) {
				43	fprintf(stderr,
				44	"usage: sae_pk_gen <DER ECPrivateKey file> <Sec:3\|5> <SSID>\n");
				45	goto fail;
				46	}
				47
				48	sec = atoi(argv[2]);
				49	if (sec != 3 && sec != 5) {
				50	fprintf(stderr,
				51	"Invalid Sec value (allowed values: 3 and 5)\n");
				52	goto fail;
				53	}
				54	sec_1b = sec == 3;
				55	expected = 1;
				56	for (j = 0; j < sec; j++)
				57	expected *= 256;
				58
				59	der = os_readfile(argv[1], &der_len);
				60	if (!der) {
				61	fprintf(stderr, "Could not read %s: %s\n",
				62	argv[1], strerror(errno));
				63	goto fail;
				64	}
				65
				66	key = crypto_ec_key_parse_priv((u8 *) der, der_len);
				67	if (!key) {
				68	fprintf(stderr, "Could not parse ECPrivateKey\n");
				69	goto fail;
				70	}
				71
				72	pub = crypto_ec_key_get_subject_public_key(key);
				73	if (!pub) {
				74	fprintf(stderr, "Failed to build SubjectPublicKey\n");
				75	goto fail;
				76	}
				77
				78	group = crypto_ec_key_group(key);
				79	switch (group) {
				80	case 19:
				81	hash_len = 32;
				82	break;
				83	case 20:
				84	hash_len = 48;
				85	break;
				86	case 21:
				87	hash_len = 64;
				88	break;
				89	default:
				90	fprintf(stderr, "Unsupported private key group\n");
				91	goto fail;
				92	}
				93
				94	data_len = os_strlen(argv[3]) + SAE_PK_M_LEN + wpabuf_len(pub);
				95	data = os_malloc(data_len);
				96	if (!data) {
				97	fprintf(stderr, "No memory for data buffer\n");
				98	goto fail;
				99	}
				100	os_memcpy(data, argv[3], os_strlen(argv[3]));
				101	m = data + os_strlen(argv[3]);
				102	if (os_get_random(m, SAE_PK_M_LEN) < 0) {
				103	fprintf(stderr, "Could not generate random Modifier M\n");
				104	goto fail;
				105	}
				106	os_memcpy(m + SAE_PK_M_LEN, wpabuf_head(pub), wpabuf_len(pub));
				107
				108	fprintf(stderr, "Searching for a suitable Modifier M value\n");
				109	for (i = 0;; i++) {
				110	if (sae_hash(hash_len, data, data_len, hash) < 0) {
				111	fprintf(stderr, "Hash failed\n");
				112	goto fail;
				113	}
				114	if (hash[0] == 0 && hash[1] == 0) {
				115	if ((hash[2] & 0xf0) == 0)
				116	fprintf(stderr, "\r%3.2f%%",
				117	100.0 * (double) i / (double) expected);
				118	for (j = 2; j < sec; j++) {
				119	if (hash[j])
				120	break;
				121	}
				122	if (j == sec)
				123	break;
				124	}
				125	inc_byte_array(m, SAE_PK_M_LEN);
				126	}
				127
				128	if (wpa_snprintf_hex(m_hex, sizeof(m_hex), m, SAE_PK_M_LEN) < 0 \|\|
				129	wpa_snprintf_hex(hash_hex, sizeof(hash_hex), hash, hash_len) < 0)
				130	goto fail;
				131	fprintf(stderr, "\nFound a valid hash in %llu iterations: %s\n",
				132	i + 1, hash_hex);
				133
				134	b64 = base64_encode(der, der_len, NULL);
				135	if (!b64)
				136	goto fail;
				137	src = pos = b64;
				138	while (*src) {
				139	if (*src != '\n')
				140	pos++ = src;
				141	src++;
				142	}
				143	*pos = '\0';
				144
				145	/* Skip 8*Sec bits and add Sec_1b as the every 20th bit starting with
				146	* one. */
				147	os_memset(pw_base_bin, 0, sizeof(pw_base_bin));
				148	dst = pw_base_bin;
				149	for (j = 0; j < 8 * (int) hash_len / 20; j++) {
				150	val20 = sae_pk_get_be19(hash + sec);
				151	val20 \|= sec_1b << 19;
				152	sae_pk_buf_shift_left_19(hash + sec, hash_len - sec);
				153
				154	if (j & 1) {
				155	*dst \|= (val20 >> 16) & 0x0f;
				156	dst++;
				157	*dst++ = (val20 >> 8) & 0xff;
				158	*dst++ = val20 & 0xff;
				159	} else {
				160	*dst++ = (val20 >> 12) & 0xff;
				161	*dst++ = (val20 >> 4) & 0xff;
				162	*dst = (val20 << 4) & 0xf0;
				163	}
				164	}
				165	if (wpa_snprintf_hex(hash_hex, sizeof(hash_hex),
				166	pw_base_bin, hash_len - sec) >= 0)
				167	fprintf(stderr, "PasswordBase binary data for base32: %s",
				168	hash_hex);
				169
				170	pw = sae_pk_base32_encode(pw_base_bin, 20 * 3 - 5);
				171	if (!pw)
				172	goto fail;
				173
				174	printf("# SAE-PK password/M/private key for Sec=%d.\n", sec);
				175	printf("sae_password=%s\|pk=%s:%s\n", pw, m_hex, b64);
				176	printf("# Longer passwords can be used for improved security at the cost of usability:\n");
				177	for (j = 4; j <= ((int) hash_len * 8 + 5 - 8 * sec) / 19; j++) {
				178	os_free(pw);
				179	pw = sae_pk_base32_encode(pw_base_bin, 20 * j - 5);
				180	if (pw)
				181	printf("# %s\n", pw);
				182	}
				183
				184	ret = 0;
				185	fail:
				186	os_free(der);
				187	wpabuf_free(pub);
				188	crypto_ec_key_deinit(key);
				189	os_free(data);
				190	os_free(b64);
				191	os_free(pw);
				192
				193	os_program_deinit();
				194
				195	return ret;
				196	}