github.com/craftyguy/u-root@v1.0.0/pkg/wpa/passphrase/passphrase.go

github.com/craftyguy/u-root@v1.0.0/pkg/wpa/passphrase/passphrase.go (about)

     1  // Copyright 2018 the u-root Authors. All rights reserved
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package passphrase
     6  
     7  import (
     8  	"crypto/sha1"
     9  	"encoding/hex"
    10  	"fmt"
    11  
    12  	"golang.org/x/crypto/pbkdf2"
    13  )
    14  
    15  const (
    16  	MinPassLen   = 8
    17  	MaxPassLen   = 63
    18  	ResultFormat = `network={
    19  	ssid="%s"
    20  	#psk="%s"
    21  	psk=%s
    22  }
    23  `
    24  )
    25  
    26  func errorCheck(essid string, pass string) error {
    27  	if len(pass) < MinPassLen || len(pass) > MaxPassLen {
    28  		return fmt.Errorf("Passphrase must be 8..63 characters")
    29  	}
    30  	if len(essid) == 0 {
    31  		return fmt.Errorf("essid cannot be empty")
    32  	}
    33  	return nil
    34  }
    35  
    36  func Run(essid string, pass string) ([]byte, error) {
    37  	if err := errorCheck(essid, pass); err != nil {
    38  		return nil, err
    39  	}
    40  
    41  	// There is a possible security bug here because the salt is the essid which is
    42  	// static and shared across access points. Thus this salt is not sufficiently random.
    43  	// This issue has been reported to the responsible parties. Since this matches the
    44  	// current implementation of wpa_passphrase.c, this will maintain until further notice.
    45  	pskBinary := pbkdf2.Key([]byte(pass), []byte(essid), 4096, 32, sha1.New)
    46  	pskHexString := hex.EncodeToString(pskBinary)
    47  	return []byte(fmt.Sprintf(ResultFormat, essid, pass, pskHexString)), nil
    48  }