From ca67b73505cbb4cfcbed2329cdf65ea7471eddb3 Mon Sep 17 00:00:00 2001
From: djm <djm@openbsd.org>
Date: Tue, 22 Jul 2008 07:37:25 +0000
Subject: [PATCH] use generalised PBKDF#2 from bioctl; ok damien@

---
 sbin/wpa-psk/Makefile  |  7 ++--
 sbin/wpa-psk/wpa-psk.c | 82 ++----------------------------------------
 2 files changed, 8 insertions(+), 81 deletions(-)

diff --git a/sbin/wpa-psk/Makefile b/sbin/wpa-psk/Makefile
index 4c3ff934124..ce41ada6bfb 100644
--- a/sbin/wpa-psk/Makefile
+++ b/sbin/wpa-psk/Makefile
@@ -1,7 +1,10 @@
-#	$OpenBSD: Makefile,v 1.1 2008/04/15 16:29:05 damien Exp $
+#	$OpenBSD: Makefile,v 1.2 2008/07/22 07:37:25 djm Exp $
+
+.PATH: ${.CURDIR}/../bioctl
+CFLAGS+=-Wall -I${.CURDIR}/../bioctl
 
 PROG=	wpa-psk
 MAN=	wpa-psk.8
-SRCS=	wpa-psk.c
+SRCS=	wpa-psk.c pbkdf2.c
 
 .include <bsd.prog.mk>
diff --git a/sbin/wpa-psk/wpa-psk.c b/sbin/wpa-psk/wpa-psk.c
index 889f90f8cf7..060324ec8e9 100644
--- a/sbin/wpa-psk/wpa-psk.c
+++ b/sbin/wpa-psk/wpa-psk.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: wpa-psk.c,v 1.2 2008/05/08 18:04:34 chl Exp $	*/
+/*	$OpenBSD: wpa-psk.c,v 1.3 2008/07/22 07:37:25 djm Exp $	*/
 
 /*-
  * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
@@ -25,83 +25,7 @@
 #include <stdlib.h>
 #include <err.h>
 
-/*
- * HMAC-SHA-1 (from RFC 2202).
- */
-static void
-hmac_sha1(const u_int8_t *text, size_t text_len, const u_int8_t *key,
-    size_t key_len, u_int8_t digest[SHA1_DIGEST_LENGTH])
-{
-	SHA1_CTX ctx;
-	u_int8_t k_pad[SHA1_BLOCK_LENGTH];
-	u_int8_t tk[SHA1_DIGEST_LENGTH];
-	int i;
-
-	if (key_len > SHA1_BLOCK_LENGTH) {
-		SHA1Init(&ctx);
-		SHA1Update(&ctx, key, key_len);
-		SHA1Final(tk, &ctx);
-
-		key = tk;
-		key_len = SHA1_DIGEST_LENGTH;
-	}
-
-	bzero(k_pad, sizeof k_pad);
-	bcopy(key, k_pad, key_len);
-	for (i = 0; i < SHA1_BLOCK_LENGTH; i++)
-		k_pad[i] ^= 0x36;
-
-	SHA1Init(&ctx);
-	SHA1Update(&ctx, k_pad, SHA1_BLOCK_LENGTH);
-	SHA1Update(&ctx, text, text_len);
-	SHA1Final(digest, &ctx);
-
-	bzero(k_pad, sizeof k_pad);
-	bcopy(key, k_pad, key_len);
-	for (i = 0; i < SHA1_BLOCK_LENGTH; i++)
-		k_pad[i] ^= 0x5c;
-
-	SHA1Init(&ctx);
-	SHA1Update(&ctx, k_pad, SHA1_BLOCK_LENGTH);
-	SHA1Update(&ctx, digest, SHA1_DIGEST_LENGTH);
-	SHA1Final(digest, &ctx);
-}
-
-/*
- * Password-Based Key Derivation Function 2 (PKCS #5 v2.0).
- * Code based on IEEE Std 802.11-2007, Annex H.4.2.
- */
-static void
-pbkdf2(const char *password, u_int len, const char *ssid, u_int ssid_len,
-    u_int8_t key[32])
-{
-	u_int8_t keybuf[2 * SHA1_DIGEST_LENGTH];
-	u_int8_t digest[IEEE80211_NWID_LEN + 4], digest1[SHA1_DIGEST_LENGTH];
-	u_int8_t *output, count;
-	int i, j;
-
-	output = keybuf;
-	for (count = 1; count <= 2; count++) {
-		memcpy(digest, ssid, ssid_len);
-		digest[ssid_len + 0] = 0;
-		digest[ssid_len + 1] = 0;
-		digest[ssid_len + 2] = 0;
-		digest[ssid_len + 3] = count;
-		hmac_sha1(digest, ssid_len + 4, password, len, digest1);
-		memcpy(output, digest1, SHA1_DIGEST_LENGTH);
-
-		for (i = 1; i < 4096; i++) {
-			hmac_sha1(digest1, SHA1_DIGEST_LENGTH, password,
-			    len, digest);
-			memcpy(digest1, digest, SHA1_DIGEST_LENGTH);
-			for (j = 0; j < SHA1_DIGEST_LENGTH; j++)
-				output[j] ^= digest[j];
-		}
-		output += SHA1_DIGEST_LENGTH;
-	}
-	/* truncate output to its 256MSBs */
-	memcpy(key, keybuf, 32);
-}
+#include "pbkdf2.h"
 
 int
 main(int argc, char **argv)
@@ -134,7 +58,7 @@ main(int argc, char **argv)
 		warnx("truncating SSID to its first %d characters", ssid_len);
 	}
 
-	pbkdf2(pass, len, ssid, ssid_len, keybuf);
+	pkcs5_pbkdf2(pass, len, ssid, ssid_len, keybuf, sizeof(keybuf), 4096);
 
 	printf("0x");
 	for (i = 0; i < 32; i++)
-- 
2.20.1