/****************************************************************/
/* 802.11i PRF Test Code                                        */
/* (c) 2002, David Johnston                                     */
/* Author: David Johnston                                       */
/* Email (home): dj@deadhat.com                                 */
/* Email (general): david.johnston@ieee.org                     */
/* Version 0.1                                                  */
/*                                                              */
/* This code implements the PRF-[128,192,236,384,512,768]       */
/* algorithms as defined in the IEEE 802.11i security spec.     */
/*                                                              */
/* Supported message length is limited to 4096 characters       */
/****************************************************************/
 
#include <stdlib.h>
#include <stdio.h>

#define MAX_MESSAGE_LENGTH 4096

/********************************************/
/* Test Cases                               */
/* An array of test cases taken from the    */
/* 802.11i specification.                   */
/********************************************/
#define NUM_TEST_CASES  5


int result_lengths[] = {192,256,384,512,768};
int key_lengths[] = {20,4,80,20,80};
unsigned char keys[] = 
    {
        0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,
        0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,

        'J','e','f','e',

        0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
        0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
        0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
        0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
        0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
        0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
        0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
        0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,

        0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,
        0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,

        0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
        0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
        0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
        0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
        0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
        0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
        0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
        0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
    };

int prefix_lengths[] = {6,8,8,8,8};
unsigned char prefixes[] =
    {
        'p','r','e','f','i','x',
        'p','r','e','f','i','x','-','2',
        'p','r','e','f','i','x','-','3',
        'p','r','e','f','i','x','-','4',
        'p','r','e','f','i','x','-','5'
    };

int data_lengths[] = {8,28,54,14,73};
unsigned char datas[] =
    {
    'H','i',' ','T','h','e','r','e',

    'w','h','a','t',' ','d','o',' ','y','a',' ',
    'w','a','n','t',' ','f','o','r',' ','n','o','t','h','i','n','g','?',

    'T','e','s','t',' ','U','s','i','n','g',' ','L','a','r','g','e','r',' ',
    'T','h','a','n',' ','B','l','o','c','k','-','S','i','z','e',' ',
    'K','e','y',' ','-',' ','H','a','s','h',' ','K','e','y',' ','F','i','r','s','t',

    'H','i',' ','T','h','e','r','e',' ','A','g','a','i','n',

    'T','e','s','t',' ','U','s','i','n','g',' ','L','a','r','g','e','r',' ',
    'T','h','a','n',' ','B','l','o','c','k','-','S','i','z','e',' ',
    'K','e','y',' ','a','n','d',' ','L','a','r','g','e','r',' ','T','h','a','n',' ',
    'O','n','e',' ','B','l','o','c','k','-','S','i','z','e',' ','D','a','t','a'
};

/*****************************/
/**** Function Prototypes ****/
/*****************************/

unsigned long int ft(
                    int t,
                    unsigned long int x,
                    unsigned long int y,
                    unsigned long int z
                    );

void get_testcase(   int test_case,
                    unsigned char *key,
                    int *key_length_ptr,
                    unsigned char *prefix,
                    int *prefix_length_ptr,
                    unsigned char *data,
                    int *data_length_ptr,
                    int *result_length_ptr);


void sha1   (
            unsigned char *message,
            int message_length,
            unsigned char *digest
            );

/**************************/
/* Debug out              */
/**************************/

#ifdef HMAC_DEBUG
debug_out(
            unsigned char *label,
            unsigned char *data,
            int data_length
        )
{
int i,j;
int num_blocks;
int block_remainder;
    num_blocks = data_length / 16;
    block_remainder = data_length % 16;

    printf("%s\n",label);

    for (i=0; i< num_blocks;i++)
    {
        printf("\t");
        for (j=0; j< 16;j++)
        {
            printf("%02x ", data[j + (i*16)]);
        }
        printf("\n");
    }

    if (block_remainder > 0)
    {
        printf("\t");
        for (j=0; j<block_remainder; j++)
        {
            printf("%02x ", data[j+(num_blocks*16)]);
        }
        printf("\n");
    }
}
#endif

/****************************************/
/* sha1()                               */
/* Performs the NIST SHA-1 algorithm    */
/****************************************/

unsigned long int ft(
                    int t,
                    unsigned long int x,
                    unsigned long int y,
                    unsigned long int z
                    )
{
unsigned long int a,b,c;

    if (t < 20)
    {
        a = x & y;
        b = (~x) & z;
        c = a ^ b;
    }
    else if (t < 40)
    {
        c = x ^ y ^ z;
    }
    else if (t < 60)
    {
        a = x & y;
        b = a ^ (x & z);
        c = b ^ (y & z);
    }
    else if (t < 80)
    {
        c = (x ^ y) ^ z;
    }

    return c;
}

unsigned long int k(int t)
{
unsigned long int c;

    if (t < 20)
    {
        c = 0x5a827999;
    }
    else if (t < 40)
    {
        c = 0x6ed9eba1;
    }
    else if (t < 60)
    {
        c = 0x8f1bbcdc;
    }
    else if (t < 80)
    {
        c = 0xca62c1d6;
    }

    return c;
}

unsigned long int rotr(int bits, unsigned long int a)
{
unsigned long int c,d,e,f,g;
    c = (0x0001 << bits)-1;
    d = ~c;

    e = (a & d) >> bits;
    f = (a & c) << (32 - bits);

    g = e | f;

    return (g & 0xffffffff );

}

unsigned long int rotl(int bits, unsigned long int a)
{
unsigned long int c,d,e,f,g;
    c = (0x0001 << (32-bits))-1;
    d = ~c;

    e = (a & c) << bits;
    f = (a & d) >> (32 - bits);

    g = e | f;

    return (g & 0xffffffff );

}


void sha1   (
            unsigned char *message,
            int message_length,
            unsigned char *digest
            )
{
int i;
int num_blocks;
int block_remainder;
int padded_length;

unsigned long int l;
unsigned long int t;
unsigned long int h[5];
unsigned long int a,b,c,d,e;
unsigned long int w[80];
unsigned long int temp;

#ifdef SHA1_DEBUG
int x,y;
#endif

    /* Calculate the number of 512 bit blocks */

    padded_length = message_length + 8; /* Add length for l */
    padded_length = padded_length + 1; /* Add the 0x01 bit postfix */

    l = message_length * 8;

    num_blocks = padded_length / 64;
    block_remainder = padded_length % 64;


    if (block_remainder > 0)
    {
        num_blocks++;
    }

    padded_length = padded_length + (64 - block_remainder);

     /* clear the padding field */
    for (i = message_length; i < (num_blocks * 64); i++)
    {
        message[i] = 0x00;           
    }

    /* insert b1 padding bit */
    message[message_length] = 0x80;
    
    /* Insert l */
    message[(num_blocks*64)-1] = (unsigned char)( l        & 0xff);
    message[(num_blocks*64)-2] = (unsigned char)((l >> 8)  & 0xff);
    message[(num_blocks*64)-3] = (unsigned char)((l >> 16) & 0xff);
    message[(num_blocks*64)-4] = (unsigned char)((l >> 24) & 0xff);

    /* Set initial hash state */
    h[0] = 0x67452301;
    h[1] = 0xefcdab89;
    h[2] = 0x98badcfe;
    h[3] = 0x10325476;
    h[4] = 0xc3d2e1f0;

#ifdef SHA1_DEBUG
    printf("INITIAL message_length = %d\n", message_length);
    printf("INITIAL padded_length = %d\n", padded_length);
    printf("INITIAL num_blocks = %d\n", num_blocks);

        for (x=0;x<num_blocks; x++)
        {
            printf("\t\t"); 
            for (y=0; y<16;y++)
            {
                printf("%02x ",message[y + (x*64)]);
            }
            printf("\n");
            printf("\t\t"); 
            for (y=0; y<16;y++)
            {
                printf("%02x ",message[16 + y + (x*64)]);
            }
            printf("\n");
            printf("\t\t"); 
            for (y=0; y<16;y++)
            {
                printf("%02x ",message[32 + y + (x*64)]);
            }
            printf("\n");
            printf("\t\t"); 
            for (y=0; y<16;y++)
            {
                printf("%02x ",message[48 + y + (x*64)]);
            }
            printf("\n");
        }

#endif

    for (i = 0; i < num_blocks; i++)
    {
        /* Prepare the message schedule */
        for (t=0; t < 80; t++)
        {
            if (t < 16)
            {
                w[t]  = (256*256*256) * message[(i*64)+(t*4)];
                w[t] += (256*256    ) * message[(i*64)+(t*4) + 1];
                w[t] += (256        ) * message[(i*64)+(t*4) + 2];
                w[t] +=                 message[(i*64)+(t*4) + 3];
            }
            else if (t < 80)
            {
                w[t] = rotl(1,(w[t-3] ^ w[t-8] ^ w[t-14] ^ w[t-16]));
            }
        }

#ifdef SHA1_DEBUG
        printf("\tW(0) = %08lX \t W(9)  = %08lX \n", w[0], w[8]);
        printf("\tW(1) = %08lX \t W(10) = %08lX \n", w[1], w[9]);
        printf("\tW(2) = %08lX \t W(11) = %08lX \n", w[2], w[10]);
        printf("\tW(3) = %08lX \t W(12) = %08lX \n", w[3], w[11]);
        printf("\tW(4) = %08lX \t W(13) = %08lX \n", w[4], w[12]);
        printf("\tW(5) = %08lX \t W(14) = %08lX \n", w[5], w[13]);
        printf("\tW(6) = %08lX \t W(15) = %08lX \n", w[6], w[14]);
        printf("\tW(7) = %08lX \t W(16) = %08lX \n\n", w[7], w[15]);

#endif
        /* Initialize the five working variables */
        a = h[0];
        b = h[1];
        c = h[2];
        d = h[3];
        e = h[4];

        /* iterate a-e 80 times */

        for (t = 0; t < 80; t++)
        {
            temp = (rotl(5,a) + ft(t,b,c,d)) & 0xffffffff;
            temp = (temp + e) & 0xffffffff;
            temp = (temp + k(t)) & 0xffffffff;
            temp = (temp + w[t]) & 0xffffffff;
            e = d;
            d = c;
            c = rotl(30,b);
            b = a;
            a = temp;
#ifdef SHA1_DEBUG
            printf("t = %2ld\t %08lx, %08lx, %08lx, %08lx, %08lx\n", t,a,b,c,d,e);
#endif

        }

        /* compute the ith intermediate hash value */
#ifdef SHA1_DEBUG
        printf("  +   \t %08lx, %08lx, %08lx, %08lx, %08lx\n", h[0],h[1],h[2],h[3],h[4]);
#endif
        h[0] = (a + h[0]) & 0xffffffff;
        h[1] = (b + h[1]) & 0xffffffff;
        h[2] = (c + h[2]) & 0xffffffff;
        h[3] = (d + h[3]) & 0xffffffff;
        h[4] = (e + h[4]) & 0xffffffff;

#ifdef SHA1_DEBUG
        printf("  =   \t %08lx, %08lx, %08lx, %08lx, %08lx\n", h[0],h[1],h[2],h[3],h[4]);
#endif

    }

    digest[3]  = (unsigned char) ( h[0]       & 0xff);
    digest[2]  = (unsigned char) ((h[0] >> 8) & 0xff);
    digest[1]  = (unsigned char) ((h[0] >> 16) & 0xff);
    digest[0]  = (unsigned char) ((h[0] >> 24) & 0xff);

    digest[7]  = (unsigned char) ( h[1]       & 0xff);
    digest[6]  = (unsigned char) ((h[1] >> 8) & 0xff);
    digest[5]  = (unsigned char) ((h[1] >> 16) & 0xff);
    digest[4]  = (unsigned char) ((h[1] >> 24) & 0xff);

    digest[11]  = (unsigned char) ( h[2]       & 0xff);
    digest[10]  = (unsigned char) ((h[2] >> 8) & 0xff);
    digest[9] = (unsigned char) ((h[2] >> 16) & 0xff);
    digest[8] = (unsigned char) ((h[2] >> 24) & 0xff);

    digest[15] = (unsigned char) ( h[3]       & 0xff);
    digest[14] = (unsigned char) ((h[3] >> 8) & 0xff);
    digest[13] = (unsigned char) ((h[3] >> 16) & 0xff);
    digest[12] = (unsigned char) ((h[3] >> 24) & 0xff);

    digest[19] = (unsigned char) ( h[4]       & 0xff);
    digest[18] = (unsigned char) ((h[4] >> 8) & 0xff);
    digest[17] = (unsigned char) ((h[4] >> 16) & 0xff);
    digest[16] = (unsigned char) ((h[4] >> 24) & 0xff);

}

/******************************************************/
/* hmac-sha1()                                        */
/* Performs the hmac-sha1 keyed secure hash algorithm */
/******************************************************/

void hmac_sha1(
                unsigned char *key,
                int key_length,
                unsigned char *data,
                int data_length,
                unsigned char *digest
                )

{
    int b = 64; /* blocksize */
    unsigned char ipad = 0x36;

    unsigned char opad = 0x5c;

    unsigned char k0[64];
    unsigned char k0xorIpad[64];
    unsigned char step7data[64];
    unsigned char step5data[MAX_MESSAGE_LENGTH+128];
    unsigned char step8data[64+20];
    int i;

    for (i=0; i<64; i++)
    {
        k0[i] = 0x00;
    }



    if (key_length != b)    /* Step 1 */
    {
        /* Step 2 */
        if (key_length > b)      
        {
            sha1(key, key_length, digest);
            for (i=0;i<20;i++)
            {
                k0[i]=digest[i];
            }
        }
        else if (key_length < b)  /* Step 3 */
        {
            for (i=0; i<key_length; i++)
            {
                k0[i] = key[i];
            }
        }
    }
    else
    {
        for (i=0;i<b;i++)
        {
            k0[i] = key[i];
        }
    }
#ifdef HMAC_DEBUG
    debug_out("k0",k0,64);
#endif
    /* Step 4 */
    for (i=0; i<64; i++)
    {
        k0xorIpad[i] = k0[i] ^ ipad;
    }
#ifdef HMAC_DEBUG
    debug_out("k0 xor ipad",k0xorIpad,64);
#endif
    /* Step 5 */
    for (i=0; i<64; i++)
    {
        step5data[i] = k0xorIpad[i];
    }
    for (i=0;i<data_length;i++)
    {
        step5data[i+64] = data[i];
    }
#ifdef HMAC_DEBUG
    debug_out("(k0 xor ipad) || text",step5data,data_length+64);
#endif

    /* Step 6 */
    sha1(step5data, data_length+b, digest);

#ifdef HMAC_DEBUG
    debug_out("Hash((k0 xor ipad) || text)",digest,20);
#endif

    /* Step 7 */
    for (i=0; i<64; i++)
    {
        step7data[i] = k0[i] ^ opad;
    }

#ifdef HMAC_DEBUG
    debug_out("(k0 xor opad)",step7data,64);
#endif

    /* Step 8 */
    for (i=0;i<64;i++)
    {
        step8data[i] = step7data[i];
    }
    for (i=0;i<20;i++)
    {
        step8data[i+64] = digest[i];
    }

#ifdef HMAC_DEBUG
    debug_out("(k0 xor opad) || Hash((k0 xor ipad) || text)",step8data,20+64);
#endif

    /* Step 9 */
    sha1(step8data, b+20, digest);

#ifdef HMAC_DEBUG
    debug_out("HASH((k0 xor opad) || Hash((k0 xor ipad) || text))",digest,20);
#endif
}

/*************************************************/
/* prf()                                         */
/* Calculates the PRF of a key, prefix and data  */
/* according the to method described in Draft    */
/* 3.0 of the TGi 802.11 security specification. */
/*************************************************/

void prf(
            unsigned char *key,
            int key_length,
            unsigned char *prefix,
            int prefix_length,
            unsigned char *data,
            int data_length,
            int result_length,
            unsigned char *result)
{
    unsigned char r[MAX_MESSAGE_LENGTH*2+128];
    int r_length;
    unsigned char hmac_sha_result[20];
    unsigned char input_data[MAX_MESSAGE_LENGTH*2+128];
    int input_data_length;
    int i,j;
    int length_in_octets;

    r_length = 0;

    for (i=0; i<((result_length+159)/160); i++)
    {

        for (j=0;j<prefix_length;j++)
        {
            input_data[j] = prefix[j];
        }
        input_data[prefix_length]= 0x00;
        for (j=0;j<data_length;j++)
        {
            input_data[prefix_length+j+1] = data[j];
        }
        input_data_length = prefix_length + data_length+1;

        input_data[input_data_length] = (unsigned char)i;
        input_data_length++;
        input_data[input_data_length] = 0x00;
 
        hmac_sha1(key, key_length, input_data, input_data_length,hmac_sha_result);
        for (j=0; j<20; j++)
        {
            r[r_length+j] = hmac_sha_result[j];
        }
        r_length = r_length+20;
    }

    length_in_octets = result_length / 8;
    for (i=0;i<length_in_octets;i++)
    {
        result[i] = r[i];
    }
}

/************************************************/
/* get_testcase()                               */
/* Copies a test case from the test case data   */
/************************************************/
void get_testcase(   int test_case,
                    unsigned char *key,
                    int *key_length_ptr,
                    unsigned char *prefix,
                    int *prefix_length_ptr,
                    unsigned char *data,
                    int *data_length_ptr,
                    int *result_length_ptr)
{
    int i;
    unsigned char *ptr;

    ptr = keys;                       /* Find and copy the key */
    for (i=0;i < (test_case-1);i++)
    { 
        ptr = ptr + key_lengths[i];
    }

    for (i=0; i< key_lengths[test_case-1]; i++)
    {
         key[i] = *ptr++;
    }
                                        /* Pass back the key length */
    *key_length_ptr = key_lengths[test_case-1];

                                        /* Find and copy the prefix */
    ptr = prefixes;
    for (i=0; i< (test_case-1); i++)    /* Iterate through test cases */
    {
        ptr = ptr + prefix_lengths[i];
    }

    for (i=0; i< prefix_lengths[test_case-1]; i++)
    {
        prefix[i] = *ptr++;
    }
    *prefix_length_ptr = prefix_lengths[test_case-1];
                                        /* Find and copy the data */
    ptr = datas;
    for (i=0; i< (test_case-1); i++)    /* Iterate through test cases */
    {
        ptr = ptr + data_lengths[i];
    }

    for (i=0; i< data_lengths[test_case-1]; i++)
    {
        data[i] = *ptr++;
    }
    *data_length_ptr = data_lengths[test_case-1];

                                        /* Return the result length */
    *result_length_ptr = result_lengths[test_case-1];
}


/****************************************************/
/* main()                                           */
/* Iterate through the test cases, passing them     */
/* through the prf algorithm to produce test        */
/* vectors                                          */
/****************************************************/

int main()
{
    int test_case;
    int num_blocks;
    int block_remainder;
    int i;
    int j;

    unsigned char data[MAX_MESSAGE_LENGTH+1];
    unsigned char prefix[MAX_MESSAGE_LENGTH+1];
    unsigned char result[1024];
    unsigned char key[MAX_MESSAGE_LENGTH+1];

    int key_length;
    int *key_length_ptr;

    int prefix_length;
    int *prefix_length_ptr;

    int data_length;
    int *data_length_ptr;

    int result_length;
    int *result_length_ptr;

    key_length_ptr = &key_length;
    prefix_length_ptr = &prefix_length;
    data_length_ptr = &data_length;
    result_length_ptr = &result_length;

    for (test_case = 1; test_case < (NUM_TEST_CASES+1); test_case++)
    {

//printf("Getting test case %d\n",test_case);

        printf ("TEST CASE %d\n",test_case);
        get_testcase(   test_case,
                                key,
                                key_length_ptr,
                                prefix,
                                prefix_length_ptr,
                                data,
                                data_length_ptr,
                                result_length_ptr);

        prf(key, key_length, prefix, prefix_length, data, data_length, result_length, result);

        num_blocks = key_length / 16;              /* Calculate number of 16 byte blocks */
        block_remainder = key_length % 16;

        printf ("\tKEY =\n");
        for (i=0;i<num_blocks; i++)
        {
            printf("\t\t"); 
            for (j=0; j<16;j++)
            {
                printf("%02x ",key[j + (i*16)]);
            }
            printf("\n");
        }

        if (block_remainder > 0)                   /* Print the final line */
        {
            printf("\t\t");
            for (j=0; j<block_remainder;j++)
            {
                printf("%02x ",key[j + ((num_blocks)*16)]);
            }
            printf("\n");
        }

        printf("\tPREFIX = ");
        prefix[prefix_length] = 0x00;
        printf("\t%s\n",prefix);

        printf("\tDATA   = ");
        data[data_length] = 0x00;
        printf("\t%s\n",data);

        printf("\tLENGTH =\t%d\n",result_length);

        num_blocks = (result_length/8) / 16;              /* Calculate number of 16 byte blocks */
        block_remainder = (result_length/8) % 16;

        printf ("\tPRF-%d =\n",result_length);
        for (i=0;i<num_blocks; i++)
        {
            printf("\t\t"); 
            for (j=0; j<16;j++)
            {
                printf("%02x ",result[j + (i*16)]);
            }
            printf("\n");
        }

        if (block_remainder > 0)                   /* Print the final line */
        {
            printf("\t\t");
            for (j=0; j<block_remainder;j++)
            {
                printf("%02x ",result[j + ((num_blocks)*16)]);
            }
            printf("\n");
        }

    }

    return 0;
}