static int crypt_all(int *pcount, struct db_salt *salt) { int count = *pcount; int index = 0; #ifdef _OPENMP #pragma omp parallel for for (index = 0; index < count; index += MAX_KEYS_PER_CRYPT) #endif { AES_KEY akey; unsigned char mask_key[MAX_KEYS_PER_CRYPT][32]; unsigned char unmasked_keys[OPENBSD_SOFTRAID_KEYLENGTH * OPENBSD_SOFTRAID_KEYS]; unsigned char hashed_mask_key[20]; int i, j; /* derive masking key from password */ #ifdef SSE_GROUP_SZ_SHA1 int lens[SSE_GROUP_SZ_SHA1]; unsigned char *pin[SSE_GROUP_SZ_SHA1], *pout[SSE_GROUP_SZ_SHA1]; for (i = 0; i < SSE_GROUP_SZ_SHA1; ++i) { lens[i] = strlen(key_buffer[index+i]); pin[i] = (unsigned char*)key_buffer[index+i]; pout[i] = mask_key[i]; } pbkdf2_sha1_sse((const unsigned char **)pin, lens, cur_salt->salt, OPENBSD_SOFTRAID_SALTLENGTH, cur_salt->num_iterations, (unsigned char**)pout, 32, 0); #else pbkdf2_sha1((const unsigned char*)(key_buffer[index]), strlen(key_buffer[index]), cur_salt->salt, OPENBSD_SOFTRAID_SALTLENGTH, cur_salt->num_iterations, mask_key[0], 32, 0); #endif for (i = 0; i < MAX_KEYS_PER_CRYPT; ++i) { #if !ARCH_LITTLE_ENDIAN alter_endianity(mask_key[i], 32); #endif /* decrypt sector keys */ AES_set_decrypt_key(mask_key[i], 256, &akey); for(j = 0; j < (OPENBSD_SOFTRAID_KEYLENGTH * OPENBSD_SOFTRAID_KEYS) / 16; j++) { AES_decrypt(&cur_salt->masked_keys[16*j], &unmasked_keys[16*j], &akey); } /* get SHA1 of mask_key */ SHA1(mask_key[i], 32, hashed_mask_key); /* get HMAC-SHA1 of unmasked_keys using hashed_mask_key */ HMAC(EVP_sha1(), hashed_mask_key, OPENBSD_SOFTRAID_MACLENGTH, unmasked_keys, OPENBSD_SOFTRAID_KEYLENGTH * OPENBSD_SOFTRAID_KEYS, (unsigned char*)crypt_out[index+i], NULL); } } return count; }
/******************************************************************************* Function: void WF_WpaConvPassphraseToKey(t_wpaKeyInfo *p_wpaPhrase) Summary: Converts the input WPA/WPA2 passphrase to a 32-byte binary key Description: None Parameters: p_keyInfo -- structure containing the ASCII WPA passphrase Returns: When this function completes the input structure field p_keyInfo->key[] will have been overwritten with the 32-byte binary key. In addtion, the input structure field p_keyInfo->keyLength will be set to 32. Remarks: Called needs to be aware that two of the input fields will be overwritten with the result of the conversion. *****************************************************************************/ void WF_WpaConvPassphraseToKey(t_wpaKeyInfo *p_keyInfo) { uint8_t binaryKey[WF_WPA_KEY_LENGTH]; #if defined(WF_ERROR_CHECKING) uint32_t errorCode = UdConvWpaPassphrase(p_keyInfo); if (errorCode != UD_SUCCESS) { EventEnqueue(WF_EVENT_ERROR, errorCode); return; } #endif p_keyInfo->key[p_keyInfo->keyLength] = '\0'; // make sure passphrase is terminated // generate the binary key pbkdf2_sha1((const char *)p_keyInfo->key, (const char *)p_keyInfo->ssid, p_keyInfo->ssidLen, 4096, binaryKey, // binary key will be written to this field 32); // overwrite the passphrase with binary key memcpy(p_keyInfo->key, binaryKey, WF_WPA_KEY_LENGTH); // overwrite the length with the length of the binary key (always 32) p_keyInfo->keyLength = WF_WPA_KEY_LENGTH; }
sint8 m2m_wifi_enable_ap(CONST tstrM2MAPConfig* pstrM2MAPConfig) { sint8 ret = M2M_SUCCESS; #if defined(M2M_WILC1000) && defined(COMPUTE_PMK_IN_HOST) if(pstrM2MAPConfig->u8SecType == M2M_WIFI_SEC_WPA_PSK) { tstrM2MAPConfig strTempM2MAPConfig; m2m_memcpy((uint8 *)&strTempM2MAPConfig, (uint8 *)pstrM2MAPConfig, sizeof(tstrM2MAPConfig)); strTempM2MAPConfig.u8IsPMKUsed = 1; pbkdf2_sha1((uint8 *)pstrM2MAPConfig->au8PSK,m2m_strlen((uint8 *)pstrM2MAPConfig->au8PSK), (uint8 *)pstrM2MAPConfig->au8SSID,m2m_strlen((uint8 *)pstrM2MAPConfig->au8SSID),strTempM2MAPConfig.au8PMK); pstrM2MAPConfig = &strTempM2MAPConfig; } #elif defined(M2M_WILC1000) && !defined(COMPUTE_PMK_IN_HOST) if(pstrM2MAPConfig->u8SecType == M2M_WIFI_SEC_WPA_PSK) { tstrM2MAPConfig strTempM2MAPConfig; strTempM2MAPConfig.u8IsPMKUsed = 0; m2m_memcpy((uint8*)&strTempM2MAPConfig,(uint8*)pstrM2MAPConfig,sizeof(tstrM2MAPConfig)); pstrM2MAPConfig = &strTempM2MAPConfig; } #endif ret = hif_send(M2M_REQ_GRP_WIFI, M2M_WIFI_REQ_ENABLE_AP, (uint8 *)pstrM2MAPConfig, sizeof(tstrM2MAPConfig), NULL, 0, 0); return ret; }
/******************************************************************************* Function: void WF_ConvPassphrase2Key(uint8_t key_len, uint8_t *key, uint8_t ssid_len, uint8_t *ssid) Summary: Convert passphrase to key Description: Precondition: MACInit must be called first. Parameters: key_len : key length key : passphrase as an input. key as an output ssid_len : ssid length ssid : ssid Returns: None. Remarks: None. *****************************************************************************/ void WF_ConvPassphrase2Key(uint8_t key_len, uint8_t *key, uint8_t ssid_len, uint8_t *ssid) { uint8_t psk[32]; key[key_len] = '\0'; pbkdf2_sha1((const char *)key, (const char *)ssid, ssid_len, 4096, (uint8_t *)psk, 32); memcpy(key, psk, 32); }
static int crypt_all(int *pcount, struct db_salt *salt) { const int count = *pcount; int index = 0; #ifdef _OPENMP #pragma omp parallel for for (index = 0; index < count; index += MAX_KEYS_PER_CRYPT) #endif { unsigned char master[MAX_KEYS_PER_CRYPT][32]; unsigned char output[1024]; unsigned char *iv_in; unsigned char iv_out[16]; int size,i; int page_sz = 1008; /* 1024 - strlen(SQLITE_FILE_HEADER) */ int reserve_sz = 16; /* for HMAC off case */ AES_KEY akey; #ifdef SIMD_COEF_32 int len[MAX_KEYS_PER_CRYPT]; unsigned char *pin[MAX_KEYS_PER_CRYPT], *pout[MAX_KEYS_PER_CRYPT]; for (i = 0; i < MAX_KEYS_PER_CRYPT; ++i) { len[i] = strlen(saved_key[i+index]); pin[i] = (unsigned char*)saved_key[i+index]; pout[i] = master[i]; } pbkdf2_sha1_sse((const unsigned char **)pin, len, cur_salt->salt, 16, ITERATIONS, pout, 32, 0); #else pbkdf2_sha1((unsigned char *)saved_key[index], strlen(saved_key[index]), cur_salt->salt, 16, ITERATIONS, master[0], 32, 0); #if !ARCH_LITTLE_ENDIAN for (i = 0; i < 32/sizeof(ARCH_WORD_32); ++i) { ((ARCH_WORD_32*)master[0])[i] = JOHNSWAP(((ARCH_WORD_32*)master[0])[i]); } #endif #endif for (i = 0; i < MAX_KEYS_PER_CRYPT; ++i) { memcpy(output, SQLITE_FILE_HEADER, FILE_HEADER_SZ); size = page_sz - reserve_sz; iv_in = cur_salt->data + size + 16; memcpy(iv_out, iv_in, 16); if (AES_set_decrypt_key(master[i], 256, &akey) < 0) { fprintf(stderr, "AES_set_decrypt_key failed!\n"); } /* decrypting 24 bytes is enough */ AES_cbc_encrypt(cur_salt->data + 16, output + 16, 24, &akey, iv_out, AES_DECRYPT); if (verify_page(output) == 0) { cracked[index+i] = 1; } else cracked[index+i] = 0; } } return count; }
/** * wpa_config_update_psk - Update WPA PSK based on passphrase and SSID * @ssid: Pointer to a network configuration data * * This function must be called to update WPA PSK when either SSID or the * passphrase has changed for the network configuration. */ void wpa_config_update_psk(struct wpa_ssid *ssid) { pbkdf2_sha1(ssid->passphrase, (char *) ssid->ssid, ssid->ssid_len, 4096, ssid->psk, PMK_LEN); wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)", ssid->psk, PMK_LEN); ssid->psk_set = 1; }
void WF_ConvPassphrase2Key(UINT8 key_len, UINT8 *key, UINT8 ssid_len, UINT8 *ssid) { UINT8 psk[32]; key[key_len] = '\0'; pbkdf2_sha1((const char *)key, (const char *)ssid, ssid_len, 4096, (UINT8 *)psk, 32); memcpy(key, psk, 32); }
/** * wpa_config_update_psk - Update WPA PSK based on passphrase and SSID * @ssid: Pointer to network configuration data * * This function must be called to update WPA PSK when either SSID or the * passphrase has changed for the network configuration. */ void wpa_config_update_psk(struct wpa_ssid *ssid) { #ifndef CONFIG_NO_PBKDF2 pbkdf2_sha1(ssid->passphrase, (char *) ssid->ssid, ssid->ssid_len, 4096, ssid->psk, PMK_LEN); wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)", ssid->psk, PMK_LEN); ssid->psk_set = 1; #endif /* CONFIG_NO_PBKDF2 */ }
int main(int argc, char *argv[]) { unsigned char psk[32]; int i; char *ssid, *passphrase, buf[64], *pos; if (argc < 2) { printf("usage: wpa_passphrase <ssid> [passphrase]\n" "\nIf passphrase is left out, it will be read from " "stdin\n"); return 1; } ssid = argv[1]; if (argc > 2) { passphrase = argv[2]; } else { printf("# reading passphrase from stdin\n"); if (fgets(buf, sizeof(buf), stdin) == NULL) { printf("Failed to read passphrase\n"); return 1; } buf[sizeof(buf) - 1] = '\0'; pos = buf; while (*pos != '\0') { if (*pos == '\r' || *pos == '\n') { *pos = '\0'; break; } pos++; } passphrase = buf; } if (os_strlen(passphrase) < 8 || os_strlen(passphrase) > 63) { printf("Passphrase must be 8..63 characters\n"); return 1; } pbkdf2_sha1(passphrase, ssid, os_strlen(ssid), 4096, psk, 32); printf("network={\n"); printf("\tssid=\"%s\"\n", ssid); printf("\t#psk=\"%s\"\n", passphrase); printf("\tpsk="); for (i = 0; i < 32; i++) printf("%02x", psk[i]); printf("\n"); printf("}\n"); return 0; }
static struct wpa_ssid * wpa_config_read_network(struct wpa_supplicant *wpa_s) { struct wpa_ssid *ssid; char buf[MAX_ESSID_LENGTH + 1]; dladm_secobj_class_t cl; uint8_t psk[MAX_PSK_LENGTH + 1]; uint_t key_len; wpa_printf(MSG_MSGDUMP, "Start of a new network configration"); ssid = (struct wpa_ssid *)malloc(sizeof (*ssid)); if (ssid == NULL) return (NULL); (void) memset(ssid, 0, sizeof (*ssid)); /* * Set default supported values */ ssid->proto = WPA_PROTO_WPA | WPA_PROTO_RSN; ssid->pairwise_cipher = WPA_CIPHER_CCMP | WPA_CIPHER_TKIP; ssid->group_cipher = WPA_CIPHER_CCMP | WPA_CIPHER_TKIP | WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40; ssid->key_mgmt = WPA_KEY_MGMT_PSK; /* | WPA_KEY_MGMT_IEEE8021X; */ (void) memset(buf, 0, MAX_ESSID_LENGTH + 1); wpa_s->driver->get_ssid(wpa_s->linkid, (char *)buf); (void) wpa_config_parse_ssid(ssid, 0, buf); key_len = sizeof (psk); (void) dladm_get_secobj((const char *)wpa_s->kname, &cl, psk, &key_len, DLADM_OPT_ACTIVE); psk[key_len] = '\0'; ssid->passphrase = strdup((const char *)psk); if (ssid->passphrase) { pbkdf2_sha1(ssid->passphrase, (char *)ssid->ssid, ssid->ssid_len, 4096, ssid->psk, PMK_LEN); wpa_hexdump(MSG_MSGDUMP, "PSK (from passphrase)", ssid->psk, PMK_LEN); ssid->psk_set = 1; } if ((ssid->key_mgmt & WPA_KEY_MGMT_PSK) && !ssid->psk_set) { wpa_printf(MSG_ERROR, "WPA-PSK accepted for key " "management, but no PSK configured."); free(ssid); ssid = NULL; } return (ssid); }
static int crypt_all(int *pcount, struct db_salt *salt) { const int count = *pcount; int index = 0; #ifdef _OPENMP #pragma omp parallel for for (index = 0; index < count; index += MAX_KEYS_PER_CRYPT) #endif { #ifdef SIMD_COEF_32 unsigned char master[MAX_KEYS_PER_CRYPT][32]; int lens[MAX_KEYS_PER_CRYPT], i; unsigned char *pin[MAX_KEYS_PER_CRYPT], *pout[MAX_KEYS_PER_CRYPT]; for (i = 0; i < MAX_KEYS_PER_CRYPT; ++i) { lens[i] = strlen(saved_key[i+index]); pin[i] = (unsigned char*)saved_key[i+index]; pout[i] = master[i]; } pbkdf2_sha1_sse((const unsigned char **)pin, lens, cur_salt->data, 16, cur_salt->iter, pout, 32, 0); for (i = 0; i < MAX_KEYS_PER_CRYPT; ++i) { if(blockchain_decrypt(master[i], cur_salt->data) == 0) cracked[i+index] = 1; else cracked[i+index] = 0; } #else unsigned char master[32]; pbkdf2_sha1((unsigned char *)saved_key[index], strlen(saved_key[index]), cur_salt->data, 16, cur_salt->iter, master, 32, 0); #if !ARCH_LITTLE_ENDIAN { int i; for (i = 0; i < 32/sizeof(ARCH_WORD_32); ++i) { ((ARCH_WORD_32*)master)[i] = JOHNSWAP(((ARCH_WORD_32*)master)[i]); } } #endif if(blockchain_decrypt(master, cur_salt->data) == 0) cracked[index] = 1; else cracked[index] = 0; #endif } return count; }
static void decode_tunnel_passwords(struct hostapd_data *hapd, const u8 *shared_secret, size_t shared_secret_len, struct radius_msg *msg, struct radius_msg *req, struct hostapd_cached_radius_acl *cache) { int passphraselen; char *passphrase, *strpassphrase; size_t i; struct hostapd_sta_wpa_psk_short *psk; /* * Decode all tunnel passwords as PSK and save them into a linked list. */ for (i = 0; ; i++) { passphrase = radius_msg_get_tunnel_password( msg, &passphraselen, shared_secret, shared_secret_len, req, i); /* * Passphrase is NULL iff there is no i-th Tunnel-Password * attribute in msg. */ if (passphrase == NULL) break; /* * passphrase does not contain the NULL termination. * Add it here as pbkdf2_sha1() requires it. */ strpassphrase = os_zalloc(passphraselen + 1); psk = os_zalloc(sizeof(struct hostapd_sta_wpa_psk_short)); if (strpassphrase && psk) { os_memcpy(strpassphrase, passphrase, passphraselen); pbkdf2_sha1(strpassphrase, hapd->conf->ssid.ssid, hapd->conf->ssid.ssid_len, 4096, psk->psk, PMK_LEN); psk->next = cache->psk; cache->psk = psk; psk = NULL; } os_free(strpassphrase); os_free(psk); os_free(passphrase); } }
/* Check the FULL binary, just for good measure. There is not a chance we'll have a false positive here but this function is not performance critical. */ static int cmp_exact(char *source, int index) { int i = 0, len, result; char *p, *key = get_key(index); char delim; unsigned char *binary, *crypt; delim = strchr(source, '.') ? '.' : '$'; p = strrchr(source, delim) + 1; len = strlen(p) / 2; if (len == BINARY_SIZE) return 1; binary = mem_alloc(len); crypt = mem_alloc(len); while (*p) { binary[i++] = (atoi16[ARCH_INDEX(*p)] << 4) | atoi16[ARCH_INDEX(p[1])]; p += 2; } #if !ARCH_LITTLE_ENDIAN for (i = 0; i < len/sizeof(uint32_t); ++i) { ((uint32_t*)binary)[i] = JOHNSWAP(((uint32_t*)binary)[i]); } #endif pbkdf2_sha1((const unsigned char*)key, strlen(key), cur_salt->salt, cur_salt->length, cur_salt->iterations, crypt, len, 0); result = !memcmp(binary, crypt, len); #if 0 dump_stuff_msg("hash binary", binary, len); dump_stuff_msg("calc binary", crypt, len); #endif MEM_FREE(binary); MEM_FREE(crypt); if (!result) fprintf(stderr, "\n%s: Warning: Partial match for '%s'.\n" "This is a bug or a malformed input line of:\n%s\n", FORMAT_LABEL, key, source); return result; }
QString WirelessSecurityDbus::hashWpaPsk(const QString &plainText) { QString result; //#ifdef NM_0_7_1 #if 0 qDebug() << "Built for NetworkManager that can hash WPA keys itself; passing through plaintext"; result = plainText.toLocal8Bit(); qDebug() << " plaintext out:" << result; #else #define WPA_PMK_LEN 32 //qDebug() << "Hashing PSK. essid:" << m_essid << "psk:" << plainText; QByteArray buffer(WPA_PMK_LEN * 2, 0); pbkdf2_sha1(plainText.toLatin1(), m_essid.toLatin1(), m_essid.size(), 4096, (quint8 *)buffer.data(), WPA_PMK_LEN); result = buffer.toHex().left(WPA_PMK_LEN * 2); //qDebug() << " hexadecimal key out:" << result; #endif return result; }
static int hostapd_derive_psk(struct hostapd_ssid *ssid) { ssid->wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk)); if (ssid->wpa_psk == NULL) { wpa_printf(MSG_ERROR, "Unable to alloc space for PSK"); return -1; } wpa_hexdump_ascii(MSG_DEBUG, "SSID", (u8 *) ssid->ssid, ssid->ssid_len); wpa_hexdump_ascii_key(MSG_DEBUG, "PSK (ASCII passphrase)", (u8 *) ssid->wpa_passphrase, os_strlen(ssid->wpa_passphrase)); pbkdf2_sha1(ssid->wpa_passphrase, ssid->ssid, ssid->ssid_len, 4096, ssid->wpa_psk->psk, PMK_LEN); wpa_hexdump_key(MSG_DEBUG, "PSK (from passphrase)", ssid->wpa_psk->psk, PMK_LEN); return 0; }
int make_network_key(struct network_key *key, char *essid, char *pass) { char *hex_pass; int pass_len = strlen(pass); memset(key, 0, sizeof(*key)); eyefi_printf(" interpreting passphrase as "); switch (pass_len) { case WPA_KEY_BYTES*2: if (hex_only(pass)) { eyefi_printf("hex WPA"); hex_pass = convert_ascii_to_hex(pass); if (!hex_pass) return -EINVAL; key->len = pass_len/2; memcpy(&key->wpa.key[0], hex_pass, key->len); free(hex_pass); break; } case WEP_KEY_BYTES*2: case WEP_40_KEY_BYTES*2: if (hex_only(pass)) { eyefi_printf("hex WEP"); hex_pass = convert_ascii_to_hex(pass); if (!hex_pass) return -EINVAL; key->len = pass_len/2; memcpy(&key->wep.key[0], hex_pass, key->len); free(hex_pass); break; } default: eyefi_printf("ASCII WPA"); pbkdf2_sha1(pass, essid, strlen(essid), 4096, &key->wpa.key[0], WPA_KEY_BYTES); key->len = WPA_KEY_BYTES; break; } eyefi_printf(" key (%d bytes)\n", key->len); assert(key->len != 0); return 0; }
static int crypt_all(int *pcount, struct db_salt *salt) { const int count = *pcount; int index = 0; #ifdef _OPENMP #pragma omp parallel for for (index = 0; index < count; index += MAX_KEYS_PER_CRYPT) #endif { unsigned char master[MAX_KEYS_PER_CRYPT][32]; int i; #ifdef SIMD_COEF_32 int lens[MAX_KEYS_PER_CRYPT]; unsigned char *pin[MAX_KEYS_PER_CRYPT], *pout[MAX_KEYS_PER_CRYPT]; for (i = 0; i < MAX_KEYS_PER_CRYPT; ++i) { lens[i] = strlen(saved_key[index+i]); pin[i] = (unsigned char*)saved_key[index+i]; pout[i] = master[i]; } pbkdf2_sha1_sse((const unsigned char**)pin, lens, salt_struct->salt, SALTLEN, 1000, pout, 24, 0); #else pbkdf2_sha1((unsigned char *)saved_key[index], strlen(saved_key[index]), salt_struct->salt, SALTLEN, 1000, master[0], 24, 0); #if !ARCH_LITTLE_ENDIAN { int i; for (i = 0; i < 24/sizeof(ARCH_WORD_32); ++i) { ((ARCH_WORD_32*)master[0])[i] = JOHNSWAP(((ARCH_WORD_32*)master[0])[i]); } } #endif #endif for (i = 0; i < MAX_KEYS_PER_CRYPT; ++i) { if(kcdecrypt(master[i], salt_struct->iv, salt_struct->ct) == 0) cracked[index+i] = 1; else cracked[index+i] = 0; } } return count; }
int hostapd_setup_wpa_psk(struct hostapd_config *conf) { if (conf->wpa_passphrase != NULL) { if (conf->wpa_psk != NULL) { printf("Warning: both WPA PSK and passphrase set. " "Using passphrase.\n"); free(conf->wpa_psk); } conf->wpa_psk = malloc(sizeof(struct hostapd_wpa_psk)); if (conf->wpa_psk == NULL) { printf("Unable to alloc space for PSK\n"); return -1; } wpa_hexdump_ascii(MSG_DEBUG, "SSID", (u8 *) conf->ssid, conf->ssid_len); wpa_hexdump_ascii(MSG_DEBUG, "PSK (ASCII passphrase)", (u8 *) conf->wpa_passphrase, strlen(conf->wpa_passphrase)); memset(conf->wpa_psk, 0, sizeof(struct hostapd_wpa_psk)); pbkdf2_sha1(conf->wpa_passphrase, conf->ssid, conf->ssid_len, 4096, conf->wpa_psk->psk, PMK_LEN); wpa_hexdump(MSG_DEBUG, "PSK (from passphrase)", conf->wpa_psk->psk, PMK_LEN); conf->wpa_psk->group = 1; memset(conf->wpa_passphrase, 0, strlen(conf->wpa_passphrase)); free(conf->wpa_passphrase); conf->wpa_passphrase = 0; } if (conf->wpa_psk_file) { if (hostapd_config_read_wpa_psk(conf->wpa_psk_file, conf)) return -1; free(conf->wpa_psk_file); conf->wpa_psk_file = NULL; } return 0; }
int bss_add_pmk_from_passphrase(struct wlantest_bss *bss, const char *passphrase) { struct wlantest_pmk *pmk; pmk = os_zalloc(sizeof(*pmk)); if (pmk == NULL) return -1; if (pbkdf2_sha1(passphrase, bss->ssid, bss->ssid_len, 4096, pmk->pmk, sizeof(pmk->pmk)) < 0) { os_free(pmk); return -1; } wpa_printf(MSG_INFO, "Add possible PMK for BSSID " MACSTR " based on passphrase '%s'", MAC2STR(bss->bssid), passphrase); wpa_hexdump(MSG_DEBUG, "Possible PMK", pmk->pmk, sizeof(pmk->pmk)); dl_list_add(&bss->pmk, &pmk->list); return 0; }
int dictfile_attack(struct user_opt *opt, char *passphrase, struct crack_data *cdata) { FILE *fp; int fret; u8 pmk[32]; u8 ptk[64]; u8 keymic[16]; struct wpa_ptk *ptkset; #ifdef FPGA // int i; opt_g = opt; cdata_g = cdata; if(usefpga) initfpga(); #endif /* Open the dictionary file */ if (*opt->dictfile == '-') { printf("Using STDIN for words.\n"); fp = stdin; } else { fp = fopen(opt->dictfile, "r"); if (fp == NULL) { perror("fopen"); exit(-1); } } while (feof(fp) == 0 && sig == 0) { /* Populate "passphrase" with the next word */ fret = nextdictword(passphrase, fp); if (fret < 0) { break; } if (opt->verbose > 1) { printf("Testing passphrase: %s\n", passphrase); } /* * Test length of word. IEEE 802.11i indicates the passphrase * must be at least 8 characters in length, and no more than 63 * characters in length. */ if (fret < 8 || fret > 63) { if (opt->verbose) { printf("Invalid passphrase length: %s (%d).\n", passphrase, strlen(passphrase)); } continue; } else { /* This word is good, increment the words tested counter */ wordstested++; } /* Status display */ #ifdef FPGA if ((wordstested % 100) == 0) { #else if ((wordstested % 1000) == 0) { #endif printf("key no. %ld: %s\n", wordstested, passphrase); fflush(stdout); } if (opt->verbose > 1) { printf("Calculating PMK for \"%s\".\n", passphrase); } pbkdf2_sha1(passphrase, opt->ssid, strlen(opt->ssid), 4096, pmk, sizeof(pmk), USECACHED); #ifdef FPGA if (!usefpga) { #endif if (opt->verbose > 2) { printf("PMK is"); lamont_hdump(pmk, sizeof(pmk)); } if (opt->verbose > 1) { printf("Calculating PTK with collected data and " "PMK.\n"); } #ifdef FPGA /* for(i = 0; i < 32; i++) printf("%02x ", pmk[i]); printf("\n"); */ #endif wpa_pmk_to_ptk(pmk, cdata->aa, cdata->spa, cdata->anonce, cdata->snonce, ptk, sizeof(ptk)); if (opt->verbose > 2) { printf("Calculated PTK for \"%s\" is", passphrase); lamont_hdump(ptk, sizeof(ptk)); } ptkset = (struct wpa_ptk *)ptk; if (opt->verbose > 1) { printf("Calculating hmac-MD5 Key MIC for this " "frame.\n"); } hmac_md5(ptkset->mic_key, 16, cdata->eapolframe, sizeof(cdata->eapolframe), keymic); if (opt->verbose > 2) { printf("Calculated MIC with \"%s\" is", passphrase); lamont_hdump(keymic, sizeof(keymic)); } if (memcmp(&cdata->keymic, &keymic, sizeof(keymic)) == 0) { return 0; } else { continue; } #ifdef FPGA } #endif } #ifdef FPGA if(usefpga) { printf("waiting..."); fflush(stdout); finishreg(); printf("\ndone\n"); } #endif return 1; } int main(int argc, char **argv) { struct user_opt opt; struct crack_data cdata; struct capture_data capdata; struct wpa_eapol_key *eapkeypacket; u8 eapolkey_nomic[99]; struct timeval start, end; int ret; char passphrase[MAXPASSLEN + 1]; printf("%s %s - WPA-PSK dictionary attack. <*****@*****.**>\n", PROGNAME, VER); memset(&opt, 0, sizeof(struct user_opt)); memset(&capdata, 0, sizeof(struct capture_data)); memset(&cdata, 0, sizeof(struct crack_data)); memset(&eapolkey_nomic, 0, sizeof(eapolkey_nomic)); /* Collect and test command-line arguments */ parseopts(&opt, argc, argv); testopts(&opt); printf("\n"); /* Populate capdata struct */ strncpy(capdata.pcapfilename, opt.pcapfile, sizeof(capdata.pcapfilename)); if (openpcap(&capdata) != 0) { printf("Unsupported or unrecognized pcap file.\n"); exit(1); } /* populates global *packet */ while (getpacket(&capdata) > 0) { if (opt.verbose > 2) { lamont_hdump(packet, h->len); } /* test packet for data that we are looking for */ if (memcmp(&packet[capdata.l2type_offset], DOT1X_LLCTYPE, 2) == 0 && (h->len > capdata.l2type_offset + sizeof(struct wpa_eapol_key))) { /* It's a dot1x frame, process it */ handle_dot1x(&cdata, &capdata); if (cdata.aaset && cdata.spaset && cdata.snonceset && cdata.anonceset && cdata.keymicset && cdata.eapolframeset) { /* We've collected everything we need. */ break; } } } closepcap(&capdata); if (!(cdata.aaset && cdata.spaset && cdata.snonceset && cdata.anonceset && cdata.keymicset && cdata.eapolframeset)) { printf("End of pcap capture file, incomplete TKIP four-way " "exchange. Try using a\ndifferent capture.\n"); exit(1); } else { printf("Collected all necessary data to mount crack against " "passphrase.\n"); } if (opt.verbose > 1) { dump_all_fields(cdata); } /* Zero mic and length data for hmac-md5 calculation */ eapkeypacket = (struct wpa_eapol_key *)&cdata.eapolframe[EAPDOT1XOFFSET]; memset(&eapkeypacket->key_mic, 0, sizeof(eapkeypacket->key_mic)); eapkeypacket->key_data_length = 0; printf("Starting dictionary attack. Please be patient.\n"); fflush(stdout); // signal(SIGINT, cleanup); // signal(SIGTERM, cleanup); // signal(SIGQUIT, cleanup); gettimeofday(&start, NULL); #ifdef FPGA start_g = start; #endif if (!IsBlank(opt.hashfile)) { ret = hashfile_attack(&opt, passphrase, &cdata); } else if (!IsBlank(opt.dictfile)) { ret = dictfile_attack(&opt, passphrase, &cdata); } else { usage("Must specify dictfile or hashfile (-f or -d)"); exit(1); } if (ret == 0) { printf("\nThe PSK is \"%s\".\n", passphrase); } else { printf("Unable to identify the PSK from the dictionary file. " "Try expanding your\npassphrase list, and double-check" " the SSID. Sorry it didn't work out.\n"); } gettimeofday(&end, NULL); printstats(start, end, wordstested); return (1); }
static int hostapd_config_read_wpa_psk(const char *fname, struct hostapd_ssid *ssid) { FILE *f; char buf[128], *pos; int line = 0, ret = 0, len, ok; u8 addr[ETH_ALEN]; struct hostapd_wpa_psk *psk; if (!fname) return 0; f = fopen(fname, "r"); if (!f) { wpa_printf(MSG_ERROR, "WPA PSK file '%s' not found.", fname); return -1; } while (fgets(buf, sizeof(buf), f)) { line++; if (buf[0] == '#') continue; pos = buf; while (*pos != '\0') { if (*pos == '\n') { *pos = '\0'; break; } pos++; } if (buf[0] == '\0') continue; if (hwaddr_aton(buf, addr)) { wpa_printf(MSG_ERROR, "Invalid MAC address '%s' on " "line %d in '%s'", buf, line, fname); ret = -1; break; } psk = os_zalloc(sizeof(*psk)); if (psk == NULL) { wpa_printf(MSG_ERROR, "WPA PSK allocation failed"); ret = -1; break; } if (is_zero_ether_addr(addr)) psk->group = 1; else os_memcpy(psk->addr, addr, ETH_ALEN); pos = buf + 17; if (*pos == '\0') { wpa_printf(MSG_ERROR, "No PSK on line %d in '%s'", line, fname); os_free(psk); ret = -1; break; } pos++; ok = 0; len = os_strlen(pos); if (len == 64 && hexstr2bin(pos, psk->psk, PMK_LEN) == 0) ok = 1; else if (len >= 8 && len < 64) { pbkdf2_sha1(pos, ssid->ssid, ssid->ssid_len, 4096, psk->psk, PMK_LEN); ok = 1; } if (!ok) { wpa_printf(MSG_ERROR, "Invalid PSK '%s' on line %d in " "'%s'", pos, line, fname); os_free(psk); ret = -1; break; } psk->next = ssid->wpa_psk; ssid->wpa_psk = psk; } fclose(f); return ret; }
static int hostapd_config_read_wpa_psk(const char *fname, struct hostapd_config *conf) { FILE *f; char buf[128], *pos; int line = 0, ret = 0, len, ok; u8 addr[ETH_ALEN]; struct hostapd_wpa_psk *psk; if (!fname) return 0; f = fopen(fname, "r"); if (!f) { printf("WPA PSK file '%s' not found.\n", fname); return -1; } while (fgets(buf, sizeof(buf), f)) { line++; if (buf[0] == '#') continue; pos = buf; while (*pos != '\0') { if (*pos == '\n') { *pos = '\0'; break; } pos++; } if (buf[0] == '\0') continue; if (hwaddr_aton(buf, addr)) { printf("Invalid MAC address '%s' on line %d in '%s'\n", buf, line, fname); ret = -1; break; } psk = malloc(sizeof(*psk)); if (psk == NULL) { printf("WPA PSK allocation failed\n"); ret = -1; break; } memset(psk, 0, sizeof(*psk)); if (memcmp(addr, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0) psk->group = 1; else memcpy(psk->addr, addr, ETH_ALEN); pos = buf + 17; if (pos == '\0') { printf("No PSK on line %d in '%s'\n", line, fname); free(psk); ret = -1; break; } pos++; ok = 0; len = strlen(pos); if (len == 64 && hexstr2bin(pos, psk->psk, PMK_LEN) == 0) ok = 1; else if (len >= 8 && len < 64) { pbkdf2_sha1(pos, conf->ssid, conf->ssid_len, 4096, psk->psk, PMK_LEN); ok = 1; } if (!ok) { printf("Invalid PSK '%s' on line %d in '%s'\n", pos, line, fname); free(psk); ret = -1; break; } psk->next = conf->wpa_psk; conf->wpa_psk = psk; } fclose(f); return ret; }
int main(int argc, char *argv[]) { u8 res[512]; int ret = 0; unsigned int i; printf("PRF-SHA1 test cases:\n"); sha1_prf(key0, sizeof(key0), "prefix", data0, sizeof(data0) - 1, res, sizeof(prf0)); if (memcmp(res, prf0, sizeof(prf0)) == 0) printf("Test case 0 - OK\n"); else { printf("Test case 0 - FAILED!\n"); ret++; } sha1_prf(key1, sizeof(key1) - 1, "prefix", data1, sizeof(data1) - 1, res, sizeof(prf1)); if (memcmp(res, prf1, sizeof(prf1)) == 0) printf("Test case 1 - OK\n"); else { printf("Test case 1 - FAILED!\n"); ret++; } sha1_prf(key2, sizeof(key2), "prefix", data2, sizeof(data2), res, sizeof(prf2)); if (memcmp(res, prf2, sizeof(prf2)) == 0) printf("Test case 2 - OK\n"); else { printf("Test case 2 - FAILED!\n"); ret++; } ret += test_eap_fast(); printf("PBKDF2-SHA1 Passphrase test cases:\n"); for (i = 0; i < NUM_PASSPHRASE_TESTS; i++) { u8 psk[32]; struct passphrase_test *test = &passphrase_tests[i]; pbkdf2_sha1(test->passphrase, test->ssid, strlen(test->ssid), 4096, psk, 32); if (memcmp(psk, test->psk, 32) == 0) printf("Test case %d - OK\n", i); else { printf("Test case %d - FAILED!\n", i); ret++; } } printf("PBKDF2-SHA1 test cases (RFC 6070):\n"); for (i = 0; i < NUM_RFC6070_TESTS; i++) { u8 dk[25]; struct rfc6070_test *test = &rfc6070_tests[i]; pbkdf2_sha1(test->p, test->s, strlen(test->s), test->c, dk, test->dk_len); if (memcmp(dk, test->dk, test->dk_len) == 0) printf("Test case %d - OK\n", i); else { printf("Test case %d - FAILED!\n", i); ret++; } } return ret; }
int dictfile_attack(struct user_opt *opt, char *passphrase, struct crack_data *cdata) { FILE *fp; int fret; u8 pmk[32]; u8 ptk[64]; u8 keymic[16]; struct wpa_ptk *ptkset; /* Open the dictionary file */ if (*opt->dictfile == '-') { printf("Using STDIN for words.\n"); fp = stdin; } else { fp = fopen(opt->dictfile, "r"); if (fp == NULL) { perror("fopen"); exit(-1); } } while (feof(fp) == 0 && sig == 0) { /* Populate "passphrase" with the next word */ fret = nextdictword(passphrase, fp); if (fret < 0) { break; } if (opt->verbose > 1) { printf("Testing passphrase: %s\n", passphrase); } /* * Test length of word. IEEE 802.11i indicates the passphrase * must be at least 8 characters in length, and no more than 63 * characters in length. */ if (fret < 8 || fret > 63) { if (opt->verbose) { printf("Invalid passphrase length: %s (%u).\n", passphrase, strlen(passphrase)); } continue; } else { /* This word is good, increment the words tested counter */ wordstested++; } /* Status display */ if ((wordstested % 1000) == 0) { printf("key no. %ld: %s\n", wordstested, passphrase); fflush(stdout); } if (opt->verbose > 1) { printf("Calculating PMK for \"%s\".\n", passphrase); } pbkdf2_sha1(passphrase, opt->ssid, strlen(opt->ssid), 4096, pmk, sizeof(pmk), USECACHED); if (opt->verbose > 2) { printf("PMK is"); lamont_hdump(pmk, sizeof(pmk)); } if (opt->verbose > 1) { printf("Calculating PTK with collected data and " "PMK.\n"); } wpa_pmk_to_ptk(pmk, cdata->aa, cdata->spa, cdata->anonce, cdata->snonce, ptk, sizeof(ptk)); if (opt->verbose > 2) { printf("Calculated PTK for \"%s\" is", passphrase); lamont_hdump(ptk, sizeof(ptk)); } ptkset = (struct wpa_ptk *)ptk; if (opt->verbose > 1) { printf("Calculating hmac-MD5 Key MIC for this " "frame.\n"); } if (opt->nonstrict == 0) { hmac_hash(cdata->ver, ptkset->mic_key, 16, cdata->eapolframe, sizeof(cdata->eapolframe), keymic); } else { hmac_hash(cdata->ver, ptkset->mic_key, 16, cdata->eapolframe, cdata->eapolframe_size, keymic); } if (opt->verbose > 2) { printf("Calculated MIC with \"%s\" is", passphrase); lamont_hdump(keymic, sizeof(keymic)); } if (memcmp(&cdata->keymic, &keymic, sizeof(keymic)) == 0) { return 0; } else { continue; } } return 1; }
static int crypt_all(int *pcount, struct db_salt *salt) { int count = *pcount; int index = 0; #ifdef _OPENMP #pragma omp parallel for for (index = 0; index < count; index += MAX_KEYS_PER_CRYPT) #endif { unsigned char key[MAX_KEYS_PER_CRYPT][32]; unsigned char hash[MAX_KEYS_PER_CRYPT][32]; BF_KEY bf_key; int bf_ivec_pos, i; unsigned char ivec[8]; unsigned char output[1024]; SHA_CTX ctx; #ifdef MMX_COEF int lens[MAX_KEYS_PER_CRYPT]; unsigned char *pin[MAX_KEYS_PER_CRYPT], *pout[MAX_KEYS_PER_CRYPT]; #endif if(cur_salt->checksum_type == 0 && cur_salt->cipher_type == 0) { for (i = 0; i < MAX_KEYS_PER_CRYPT; ++i) { SHA1_Init(&ctx); SHA1_Update(&ctx, (unsigned char *)saved_key[index+i], strlen(saved_key[index+i])); SHA1_Final((unsigned char *)(hash[i]), &ctx); } #ifdef MMX_COEF for (i = 0; i < MAX_KEYS_PER_CRYPT; ++i) { lens[i] = 20; pin[i] = hash[i]; pout[i] = key[i]; } pbkdf2_sha1_sse((const unsigned char**)pin, lens, cur_salt->salt, cur_salt->salt_length, cur_salt->iterations, pout, cur_salt->key_size, 0); #else pbkdf2_sha1(hash[0], 20, cur_salt->salt, cur_salt->salt_length, cur_salt->iterations, key[0], cur_salt->key_size, 0); #if !ARCH_LITTLE_ENDIAN for (i = 0; i < cur_salt->key_size/sizeof(ARCH_WORD_32); ++i) { ((ARCH_WORD_32*)key[0])[i] = JOHNSWAP(((ARCH_WORD_32*)key[0])[i]); } #endif #endif for (i = 0; i < MAX_KEYS_PER_CRYPT; ++i) { bf_ivec_pos = 0; memcpy(ivec, cur_salt->iv, 8); BF_set_key(&bf_key, cur_salt->key_size, key[i]); BF_cfb64_encrypt(cur_salt->content, output, cur_salt->content_length, &bf_key, ivec, &bf_ivec_pos, 0); SHA1_Init(&ctx); SHA1_Update(&ctx, output, cur_salt->content_length); SHA1_Final((unsigned char*)crypt_out[index+i], &ctx); } } else { SHA256_CTX ctx; AES_KEY akey; unsigned char iv[16]; for (i = 0; i < MAX_KEYS_PER_CRYPT; ++i) { SHA256_Init(&ctx); SHA256_Update(&ctx, (unsigned char *)saved_key[index+i], strlen(saved_key[index+i])); SHA256_Final((unsigned char *)hash[i], &ctx); } #ifdef MMX_COEF for (i = 0; i < MAX_KEYS_PER_CRYPT; ++i) { lens[i] = 32; pin[i] = hash[i]; pout[i] = key[i]; } pbkdf2_sha1_sse((const unsigned char**)pin, lens, cur_salt->salt, cur_salt->salt_length, cur_salt->iterations, pout, cur_salt->key_size, 0); #else pbkdf2_sha1(hash[0], 32, cur_salt->salt, cur_salt->salt_length, cur_salt->iterations, key[0], cur_salt->key_size, 0); #if !ARCH_LITTLE_ENDIAN for (i = 0; i < cur_salt->key_size/sizeof(ARCH_WORD_32); ++i) { ((ARCH_WORD_32*)key[0])[i] = JOHNSWAP(((ARCH_WORD_32*)key[0])[i]); } #endif #endif for (i = 0; i < MAX_KEYS_PER_CRYPT; ++i) { memcpy(iv, cur_salt->iv, 16); memset(&akey, 0, sizeof(AES_KEY)); if(AES_set_decrypt_key(key[i], 256, &akey) < 0) { fprintf(stderr, "AES_set_decrypt_key failed!\n"); } AES_cbc_encrypt(cur_salt->content, output, cur_salt->content_length, &akey, iv, AES_DECRYPT); SHA256_Init(&ctx); SHA256_Update(&ctx, output, cur_salt->content_length); SHA256_Final((unsigned char*)crypt_out[index+i], &ctx); } } } return count; }
static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr, const u8 *p2p_dev_addr, const u8 *prev_psk, size_t *psk_len, int *vlan_id) { struct hostapd_data *hapd = ctx; struct sta_info *sta = ap_get_sta(hapd, addr); const u8 *psk; if (vlan_id) *vlan_id = 0; if (psk_len) *psk_len = PMK_LEN; #ifdef CONFIG_SAE if (sta && sta->auth_alg == WLAN_AUTH_SAE) { if (!sta->sae || prev_psk) return NULL; return sta->sae->pmk; } if (sta && wpa_auth_uses_sae(sta->wpa_sm)) { wpa_printf(MSG_DEBUG, "No PSK for STA trying to use SAE with PMKSA caching"); return NULL; } #endif /* CONFIG_SAE */ #ifdef CONFIG_OWE if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) && sta && sta->owe_pmk) { if (psk_len) *psk_len = sta->owe_pmk_len; return sta->owe_pmk; } if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) && sta) { struct rsn_pmksa_cache_entry *sa; sa = wpa_auth_sta_get_pmksa(sta->wpa_sm); if (sa && sa->akmp == WPA_KEY_MGMT_OWE) { if (psk_len) *psk_len = sa->pmk_len; return sa->pmk; } } #endif /* CONFIG_OWE */ psk = hostapd_get_psk(hapd->conf, addr, p2p_dev_addr, prev_psk, vlan_id); /* * This is about to iterate over all psks, prev_psk gives the last * returned psk which should not be returned again. * logic list (all hostapd_get_psk; all sta->psk) */ if (sta && sta->psk && !psk) { struct hostapd_sta_wpa_psk_short *pos; if (vlan_id) *vlan_id = 0; psk = sta->psk->psk; for (pos = sta->psk; pos; pos = pos->next) { if (pos->is_passphrase) { pbkdf2_sha1(pos->passphrase, hapd->conf->ssid.ssid, hapd->conf->ssid.ssid_len, 4096, pos->psk, PMK_LEN); pos->is_passphrase = 0; } if (pos->psk == prev_psk) { psk = pos->next ? pos->next->psk : NULL; break; } } } return psk; }
sint8 m2m_wifi_connect(char *pcSsid, uint8 u8SsidLen, uint8 u8SecType, void *pvAuthInfo, uint16 u16Ch) { sint8 ret = M2M_SUCCESS; tstrM2mWifiConnect strConnect; tstrM2MWifiSecInfo *pstrAuthInfo; if(u8SecType != M2M_WIFI_SEC_OPEN) { if((pvAuthInfo == NULL)||(m2m_strlen(pvAuthInfo)<=0)||(m2m_strlen(pvAuthInfo)>=M2M_MAX_PSK_LEN)) { M2M_ERR("PSK LEN INVALID\n"); ret = M2M_ERR_FAIL; goto ERR1; } } if((u8SsidLen<=0)||(u8SsidLen>=M2M_MAX_SSID_LEN)) { M2M_ERR("SSID LEN INVALID\n"); ret = M2M_ERR_FAIL; goto ERR1; } if(u16Ch>M2M_WIFI_CH_14) { if(u16Ch!=M2M_WIFI_CH_ALL) { M2M_ERR("CH INVALID\n"); ret = M2M_ERR_FAIL; goto ERR1; } } m2m_memcpy(strConnect.au8SSID, (uint8*)pcSsid, u8SsidLen); strConnect.au8SSID[u8SsidLen] = 0; strConnect.u16Ch = NM_BSP_B_L_16(u16Ch); pstrAuthInfo = &strConnect.strSec; pstrAuthInfo->u8SecType = u8SecType; if(u8SecType == M2M_WIFI_SEC_WEP) { tstrM2mWifiWepParams * pstrWepParams = (tstrM2mWifiWepParams*)pvAuthInfo; tstrM2mWifiWepParams *pstrWep = &pstrAuthInfo->uniAuth.strWepInfo; pstrWep->u8KeyIndx =pstrWepParams->u8KeyIndx-1; if(pstrWep->u8KeyIndx >= WEP_KEY_MAX_INDEX) { M2M_ERR("Invalid Wep key index %d\n", pstrWep->u8KeyIndx); ret = M2M_ERR_FAIL; goto ERR1; } pstrWep->u8KeySz = pstrWepParams->u8KeySz-1; if ((pstrWep->u8KeySz != WEP_40_KEY_STRING_SIZE)&& (pstrWep->u8KeySz != WEP_104_KEY_STRING_SIZE)) { M2M_ERR("Invalid Wep key length %d\n", pstrWep->u8KeySz); ret = M2M_ERR_FAIL; goto ERR1; } m2m_memcpy((uint8*)pstrWep->au8WepKey,(uint8*)pstrWepParams->au8WepKey, pstrWepParams->u8KeySz); pstrWep->au8WepKey[pstrWepParams->u8KeySz] = 0; } else if(u8SecType == M2M_WIFI_SEC_WPA_PSK) { uint8 u8KeyLen = m2m_strlen((uint8*)pvAuthInfo) + 1; #if defined(M2M_WILC1000) && defined(COMPUTE_PMK_IN_HOST) pstrAuthInfo->u8IsPMKUsed = 1; pbkdf2_sha1((uint8*)pvAuthInfo,u8KeyLen-1,strConnect.au8SSID,m2m_strlen(strConnect.au8SSID), pstrAuthInfo->uniAuth.au8PMK); #else m2m_memcpy(pstrAuthInfo->uniAuth.au8PSK, (uint8*)pvAuthInfo, u8KeyLen); #endif #if defined(M2M_WILC1000) && !defined(COMPUTE_PMK_IN_HOST) pstrAuthInfo->u8IsPMKUsed = 0; #endif } else if(u8SecType == M2M_WIFI_SEC_802_1X) { m2m_memcpy((uint8*)&pstrAuthInfo->uniAuth.strCred1x, (uint8*)pvAuthInfo, sizeof(tstr1xAuthCredentials)); } else if(u8SecType == M2M_WIFI_SEC_OPEN) { } else { M2M_ERR("undefined sec type\n"); ret = M2M_ERR_FAIL; goto ERR1; } ret = hif_send(M2M_REQ_GRP_WIFI, M2M_WIFI_REQ_CONNECT, (uint8*)&strConnect, sizeof(tstrM2mWifiConnect),NULL, 0,0); ERR1: return ret; }
static struct wpa_ssid * wpa_config_read_network(FILE *f, int *line, int id) { struct wpa_ssid *ssid; int errors = 0, i, end = 0; char buf[256], *pos, *pos2; wpa_printf(MSG_MSGDUMP, "Line: %d - start of a new network block", *line); ssid = (struct wpa_ssid *) malloc(sizeof(*ssid)); if (ssid == NULL) return NULL; memset(ssid, 0, sizeof(*ssid)); ssid->id = id; ssid->proto = WPA_PROTO_WPA | WPA_PROTO_RSN; ssid->pairwise_cipher = WPA_CIPHER_CCMP | WPA_CIPHER_TKIP; ssid->group_cipher = WPA_CIPHER_CCMP | WPA_CIPHER_TKIP | WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40; ssid->key_mgmt = WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X; ssid->eapol_flags = EAPOL_FLAG_REQUIRE_KEY_UNICAST | EAPOL_FLAG_REQUIRE_KEY_BROADCAST; ssid->eap_workaround = (unsigned int) -1; while ((pos = wpa_config_get_line(buf, sizeof(buf), f, line))) { if (strcmp(pos, "}") == 0) { end = 1; break; } pos2 = strchr(pos, '='); if (pos2 == NULL) { wpa_printf(MSG_ERROR, "Line %d: Invalid SSID line " "'%s'.", *line, pos); errors++; continue; } *pos2++ = '\0'; if (*pos2 == '"') { if (strchr(pos2 + 1, '"') == NULL) { wpa_printf(MSG_ERROR, "Line %d: invalid " "quotation '%s'.", *line, pos2); errors++; continue; } } for (i = 0; i < NUM_SSID_FIELDS; i++) { struct parse_data *field = &ssid_fields[i]; if (strcmp(pos, field->name) != 0) continue; field->ssid = ssid; if (field->parser(field, *line, pos2)) { wpa_printf(MSG_ERROR, "Line %d: failed to " "parse %s '%s'.", *line, pos, pos2); errors++; } break; } if (i == NUM_SSID_FIELDS) { wpa_printf(MSG_ERROR, "Line %d: unknown network field " "'%s'.", *line, pos); errors++; } } if (!end) { wpa_printf(MSG_ERROR, "Line %d: network block was not " "terminated properly.", *line); errors++; } if (ssid->passphrase) { if (ssid->psk_set) { wpa_printf(MSG_ERROR, "Line %d: both PSK and " "passphrase configured.", *line); errors++; } pbkdf2_sha1(ssid->passphrase, (char *) ssid->ssid, ssid->ssid_len, 4096, ssid->psk, PMK_LEN); wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)", ssid->psk, PMK_LEN); ssid->psk_set = 1; } if ((ssid->key_mgmt & WPA_KEY_MGMT_PSK) && !ssid->psk_set) { wpa_printf(MSG_ERROR, "Line %d: WPA-PSK accepted for key " "management, but no PSK configured.", *line); errors++; } if ((ssid->group_cipher & WPA_CIPHER_CCMP) && !(ssid->pairwise_cipher & WPA_CIPHER_CCMP)) { /* Group cipher cannot be stronger than the pairwise cipher. */ wpa_printf(MSG_DEBUG, "Line %d: removed CCMP from group cipher" " list since it was not allowed for pairwise " "cipher", *line); ssid->group_cipher &= ~WPA_CIPHER_CCMP; } if (errors) { free(ssid); ssid = NULL; } return ssid; }
UT_Error ODc_Crypto::performDecrypt(GsfInput* pStream, unsigned char* salt, UT_uint32 salt_length, UT_uint32 iter_count, unsigned char* ivec, const std::string& password, UT_uint32 decrypted_size, GsfInput** pDecryptedInput) { unsigned char sha1_password[PASSWORD_HASH_LEN]; char key[PBKDF2_KEYLEN]; // get the sha1 sum of the password sha1_buffer(&password[0], password.size(), sha1_password); // create a PBKDF2 key from the sha1 sum int k = pbkdf2_sha1 ((const char*)sha1_password, PASSWORD_HASH_LEN, (const char*)salt, salt_length, iter_count, key, PBKDF2_KEYLEN); if (k != 0) return UT_ERROR; // create the decryption key BF_KEY bf_key; BF_set_key(&bf_key, PBKDF2_KEYLEN, (const unsigned char*)key); // perform the actual decryption UT_sint32 content_size = gsf_input_size(pStream); if (content_size == -1) return UT_ERROR; const unsigned char* content = gsf_input_read(pStream, content_size, NULL); if (!content) return UT_ERROR; int num = 0; unsigned char* content_decrypted = (unsigned char*)g_malloc(content_size); BF_cfb64_encrypt(content, content_decrypted, content_size, &bf_key, ivec, &num, BF_DECRYPT); // deflate the decrypted content z_stream zs; zs.zalloc = Z_NULL; zs.zfree = Z_NULL; zs.opaque = Z_NULL; zs.avail_in = 0; zs.next_in = Z_NULL; int err; err = inflateInit2(&zs, -MAX_WBITS); if (err != Z_OK) return UT_ERROR; unsigned char* decrypted = (unsigned char*)g_malloc(decrypted_size); zs.avail_in = content_size; zs.avail_out = decrypted_size; zs.next_in = content_decrypted; zs.next_out = decrypted; err = inflate(&zs, Z_FINISH); FREEP(content_decrypted); if (err != Z_STREAM_END) { inflateEnd(&zs); FREEP(decrypted); return UT_ERROR; } inflateEnd(&zs); *pDecryptedInput = gsf_input_memory_new(decrypted, decrypted_size, TRUE); return UT_OK; }