1* /*
2* * SAE-PK password/modifier generator
3* * Copyright (c) 2020, The Linux Foundation
4* *
5* * This software may be distributed under the terms of the BSD license.
6* * See README for more details.
7* */
8*
9* #include "utils/includes.h"
10*
11* #include "utils/common.h"
12* #include "utils/base64.h"
13* #include "crypto/crypto.h"
14* #include "common/sae.h"
15*
16*
main(int argc,char * argv[])17* int main(int argc, char *argv[])
18* {
19* char *der = NULL;
20* size_t der_len;
21* struct crypto_ec_key *key = NULL;
22* struct wpabuf *pub = NULL;
23* u8 *data = NULL, *m;
24* size_t data_len;
25* char *b64 = NULL, *pw = NULL, *pos, *src;
26* int sec, j;
27* int ret = -1;
28* u8 hash[SAE_MAX_HASH_LEN];
29* char hash_hex[2 * SAE_MAX_HASH_LEN + 1];
30* u8 pw_base_bin[SAE_MAX_HASH_LEN];
31* u8 *dst;
32* int group;
33* size_t hash_len;
34* unsigned long long i, expected;
35* char m_hex[2 * SAE_PK_M_LEN + 1];
36* u32 sec_1b, val20;
37*
38* wpa_debug_level = MSG_INFO;
39* if (os_program_init() < 0)
40* goto fail;
41*
42* if (argc != 4) {
43* fprintf(stderr,
44* "usage: sae_pk_gen <DER ECPrivateKey file> <Sec:3|5> <SSID>\n");
45* goto fail;
46* }
47*
48* sec = atoi(argv[2]);
49* if (sec != 3 && sec != 5) {
50* fprintf(stderr,
51* "Invalid Sec value (allowed values: 3 and 5)\n");
52* goto fail;
53* }
54* sec_1b = sec == 3;
55* expected = 1;
56* for (j = 0; j < sec; j++)
57* expected *= 256;
58*
59* der = os_readfile(argv[1], &der_len);
60* if (!der) {
61* fprintf(stderr, "Could not read %s: %s\n",
62* argv[1], strerror(errno));
63* goto fail;
64* }
65*
66* key = crypto_ec_key_parse_priv((u8 *) der, der_len);
67* if (!key) {
68* fprintf(stderr, "Could not parse ECPrivateKey\n");
69* goto fail;
70* }
71*
72* pub = crypto_ec_key_get_subject_public_key(key);
73* if (!pub) {
74* fprintf(stderr, "Failed to build SubjectPublicKey\n");
75* goto fail;
76* }
77*
78* group = crypto_ec_key_group(key);
79* switch (group) {
80* case 19:
81* hash_len = 32;
82* break;
83* case 20:
84* hash_len = 48;
85* break;
86* case 21:
87* hash_len = 64;
88* break;
89* default:
90* fprintf(stderr, "Unsupported private key group\n");
91* goto fail;
92* }
93*
94* data_len = os_strlen(argv[3]) + SAE_PK_M_LEN + wpabuf_len(pub);
95* data = os_malloc(data_len);
96* if (!data) {
97* fprintf(stderr, "No memory for data buffer\n");
98* goto fail;
99* }
100* os_memcpy(data, argv[3], os_strlen(argv[3]));
101* m = data + os_strlen(argv[3]);
102* if (os_get_random(m, SAE_PK_M_LEN) < 0) {
103* fprintf(stderr, "Could not generate random Modifier M\n");
104* goto fail;
105* }
106* os_memcpy(m + SAE_PK_M_LEN, wpabuf_head(pub), wpabuf_len(pub));
107*
108* fprintf(stderr, "Searching for a suitable Modifier M value\n");
109* for (i = 0;; i++) {
110* if (sae_hash(hash_len, data, data_len, hash) < 0) {
111* fprintf(stderr, "Hash failed\n");
112* goto fail;
113* }
114* if (hash[0] == 0 && hash[1] == 0) {
115* if ((hash[2] & 0xf0) == 0)
116* fprintf(stderr, "\r%3.2f%%",
117* 100.0 * (double) i / (double) expected);
118* for (j = 2; j < sec; j++) {
119* if (hash[j])
120* break;
121* }
122* if (j == sec)
123* break;
124* }
125* inc_byte_array(m, SAE_PK_M_LEN);
126* }
127*
128* if (wpa_snprintf_hex(m_hex, sizeof(m_hex), m, SAE_PK_M_LEN) < 0 ||
129* wpa_snprintf_hex(hash_hex, sizeof(hash_hex), hash, hash_len) < 0)
130* goto fail;
131* fprintf(stderr, "\nFound a valid hash in %llu iterations: %s\n",
132* i + 1, hash_hex);
133*
134* b64 = base64_encode(der, der_len, NULL);
135* if (!b64)
136* goto fail;
137* src = pos = b64;
138* while (*src) {
139* if (*src != '\n')
140* *pos++ = *src;
141* src++;
142* }
143* *pos = '\0';
144*
145* /* Skip 8*Sec bits and add Sec_1b as the every 20th bit starting with
146* * one. */
147* os_memset(pw_base_bin, 0, sizeof(pw_base_bin));
148* dst = pw_base_bin;
149* for (j = 0; j < 8 * (int) hash_len / 20; j++) {
150* val20 = sae_pk_get_be19(hash + sec);
151* val20 |= sec_1b << 19;
152* sae_pk_buf_shift_left_19(hash + sec, hash_len - sec);
153*
154* if (j & 1) {
155* *dst |= (val20 >> 16) & 0x0f;
156* dst++;
157* *dst++ = (val20 >> 8) & 0xff;
158* *dst++ = val20 & 0xff;
159* } else {
160* *dst++ = (val20 >> 12) & 0xff;
161* *dst++ = (val20 >> 4) & 0xff;
162* *dst = (val20 << 4) & 0xf0;
163* }
164* }
165* if (wpa_snprintf_hex(hash_hex, sizeof(hash_hex),
166* pw_base_bin, hash_len - sec) >= 0)
167* fprintf(stderr, "PasswordBase binary data for base32: %s",
168* hash_hex);
169*
170* pw = sae_pk_base32_encode(pw_base_bin, 20 * 3 - 5);
171* if (!pw)
172* goto fail;
173*
174* printf("# SAE-PK password/M/private key for Sec=%d.\n", sec);
175* printf("sae_password=%s|pk=%s:%s\n", pw, m_hex, b64);
176* printf("# Longer passwords can be used for improved security at the cost of usability:\n");
177* for (j = 4; j <= ((int) hash_len * 8 + 5 - 8 * sec) / 19; j++) {
178* os_free(pw);
179* pw = sae_pk_base32_encode(pw_base_bin, 20 * j - 5);
180* if (pw)
181* printf("# %s\n", pw);
182* }
183*
184* ret = 0;
185* fail:
186* os_free(der);
187* wpabuf_free(pub);
188* crypto_ec_key_deinit(key);
189* os_free(data);
190* os_free(b64);
191* os_free(pw);
192*
193* os_program_deinit();
194*
195* return ret;
196* }
197*