wlan_rsn/auth/psk.rs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215
// Copyright 2018 The Fuchsia Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
use crate::Error;
use anyhow::ensure;
use core::num::NonZeroU32;
use ieee80211::Ssid;
use std::str;
use wlan_common::security::wpa::credential::Psk as CommonPsk;
use wlan_common::security::wpa::{self};
// PBKDF2-HMAC-SHA1 is considered insecure but required for PSK computation.
#[allow(deprecated)]
use mundane::insecure::insecure_pbkdf2_hmac_sha1;
/// Conversion of WPA credentials to a PSK.
pub trait ToPsk {
fn to_psk(&self, ssid: &Ssid) -> CommonPsk;
}
/// Conversion of WPA1 credentials to a PSK.
///
/// RSN specifies that PSKs are used as-is and passphrases are transformed into a PSK. This
/// implementation performs this transformation when necessary for WPA1 credentials.
impl ToPsk for wpa::Wpa1Credentials {
fn to_psk(&self, ssid: &Ssid) -> CommonPsk {
match self {
wpa::Wpa1Credentials::Psk(ref psk) => psk.clone(),
wpa::Wpa1Credentials::Passphrase(ref passphrase) => {
// TODO(https://fxbug.dev/42177995): Unify the representation of PSKs. There can only be
// one...!
CommonPsk(
compute(passphrase.as_ref(), ssid)
.expect("invalid WPA passphrase data")
.as_ref()
.try_into()
.expect("invalid derived PSK data"),
)
}
}
}
}
/// Conversion of WPA2 Personal credentials to a PSK.
///
/// RSN specifies that PSKs are used as-is and passphrases are transformed into a PSK. This
/// implementation performs this transformation when necessary for WPA2 Personal credentials.
impl ToPsk for wpa::Wpa2PersonalCredentials {
fn to_psk(&self, ssid: &Ssid) -> CommonPsk {
match self {
wpa::Wpa2PersonalCredentials::Psk(ref psk) => psk.clone(),
wpa::Wpa2PersonalCredentials::Passphrase(ref passphrase) => {
// TODO(https://fxbug.dev/42177995): Unify the representation of PSKs. There can only be
// one...!
CommonPsk(
compute(passphrase.as_ref(), ssid)
.expect("invalid WPA passphrase data")
.as_ref()
.try_into()
.expect("invalid derived PSK data"),
)
}
}
}
}
/// Keys derived from a passphrase provide comparably low levels of security.
/// Passphrases should have a minimum length of 20 characters since shorter passphrases
/// are unlikely to prevent attacks.
pub type Psk = Box<[u8]>;
pub fn compute(passphrase: &[u8], ssid: &Ssid) -> Result<Psk, anyhow::Error> {
// IEEE Std 802.11-2016, J.4.1 provides a reference implementation that describes the
// passphrase as:
//
// ... sequence of between 8 and 63 ASCII-encoded characters ... Each character in the
// pass-phrase has an encoding in the range 32 to 126 (decimal).
//
// However, the standard does not seem to specify this encoding or otherwise state that it is a
// requirement. In practice, devices accept UTF-8 encoded passphrases, which is far less
// restrictive than a subset of ASCII. This code attempts to parse the passphrase as UTF-8 and
// emits an error if this is not possible. Note that this also accepts the ASCII encoding
// suggested by J.4.1.
let _utf8 = str::from_utf8(passphrase)
.map_err(|error| Error::InvalidPassphraseEncoding(error.valid_up_to()))?;
// IEEE Std 802.11-2016, J.4.1 suggests a passphrase length of [8, 64). However, J.4.1 also
// suggests ASCII encoding and this code expects UTF-8 encoded passphrases. This implicitly
// supports the ASCII encodings described in J.4.1. However, the length of the byte sequence no
// longer represents the number of encoded characters, so non-ASCII passphrases may appear to
// have arbitrary character limits. Note that the character count can be obtained via
// `_utf8.chars().count()`.
ensure!(
passphrase.len() >= 8 && passphrase.len() <= 63,
Error::InvalidPassphraseLen(passphrase.len())
);
// Compute PSK: IEEE Std 802.11-2016, J.4.1
let size = 256 / 8;
let mut psk = vec![0_u8; size];
const ITERS: NonZeroU32 = const_unwrap::const_unwrap_option(NonZeroU32::new(4096));
// PBKDF2-HMAC-SHA1 is considered insecure but required for PSK computation.
#[allow(deprecated)]
insecure_pbkdf2_hmac_sha1(&passphrase[..], &ssid[..], ITERS, &mut psk[..]);
Ok(psk.into_boxed_slice())
}
#[cfg(test)]
mod tests {
use super::*;
use hex::FromHex;
use wlan_common::security::wpa::credential::Passphrase;
fn assert_psk(password: &str, ssid: &str, expected: &str) {
let psk = compute(password.as_bytes(), &Ssid::try_from(ssid).unwrap())
.expect("computing PSK failed");
let expected = Vec::from_hex(expected).unwrap();
assert_eq!(&psk[..], &expected[..]);
}
// IEEE Std 802.11-2016, J.4.2, Test case 1
#[test]
fn test_psk_test_case_1() {
assert_psk(
"password",
"IEEE",
"f42c6fc52df0ebef9ebb4b90b38a5f902e83fe1b135a70e23aed762e9710a12e",
);
}
// IEEE Std 802.11-2016, J.4.2, Test case 2
#[test]
fn test_psk_test_case_2() {
assert_psk(
"ThisIsAPassword",
"ThisIsASSID",
"0dc0d6eb90555ed6419756b9a15ec3e3209b63df707dd508d14581f8982721af",
);
}
// IEEE Std 802.11-2016, J.4.2, Test case 3
#[test]
fn test_psk_test_case_3() {
assert_psk(
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ",
"becb93866bb8c3832cb777c2f559807c8c59afcb6eae734885001300a981cc62",
);
}
#[test]
fn test_psk_too_short_password() {
let result = compute("short".as_bytes(), &Ssid::try_from("Some SSID").unwrap());
assert!(result.is_err());
}
#[test]
fn test_psk_too_long_password() {
let result = compute(
"1234567890123456789012345678901234567890123456789012345678901234".as_bytes(),
&Ssid::try_from("Some SSID").unwrap(),
);
assert!(result.is_err());
}
#[test]
fn test_psk_ascii_bounds_password() {
let result =
compute("\x20ASCII Bound Test \x7E".as_bytes(), &Ssid::try_from("Some SSID").unwrap());
assert!(result.is_ok());
}
#[test]
fn test_psk_non_ascii_password() {
assert!(compute("パスワード".as_bytes(), &Ssid::try_from("Some SSID").unwrap()).is_ok());
}
#[test]
fn test_psk_invalid_encoding_password() {
assert!(compute(&[0xFFu8; 32], &Ssid::try_from("Some SSID").unwrap()).is_err());
}
#[test]
fn wpa1_credentials_to_psk() {
let ssid = Ssid::try_from("IEEE").unwrap();
let credentials = wpa::Wpa1Credentials::Psk(CommonPsk::from([0u8; 32]));
assert_eq!(CommonPsk::from([0u8; 32]), credentials.to_psk(&ssid));
let credentials =
wpa::Wpa1Credentials::Passphrase(Passphrase::try_from("password").unwrap());
assert_eq!(
CommonPsk::parse("f42c6fc52df0ebef9ebb4b90b38a5f902e83fe1b135a70e23aed762e9710a12e")
.unwrap(),
credentials.to_psk(&ssid),
);
}
#[test]
fn wpa2_personal_credentials_to_psk() {
let ssid = Ssid::try_from("IEEE").unwrap();
let credentials = wpa::Wpa2PersonalCredentials::Psk(CommonPsk::from([0u8; 32]));
assert_eq!(CommonPsk::from([0u8; 32]), credentials.to_psk(&ssid));
let credentials =
wpa::Wpa2PersonalCredentials::Passphrase(Passphrase::try_from("password").unwrap());
assert_eq!(
CommonPsk::parse("f42c6fc52df0ebef9ebb4b90b38a5f902e83fe1b135a70e23aed762e9710a12e")
.unwrap(),
credentials.to_psk(&ssid),
);
}
}