# ikeriri referred and changed the code from nicholastsmith
# https://nicholastsmith.wordpress.com/2016/11/15/wpa2-key-derivation-with-anaconda-python/

import hmac
from binascii import a2b_hex, b2a_hex
from hashlib import pbkdf2_hmac, sha1, md5
import binascii
 
#Pseudo-random function for generation of
#the pairwise transient key (PTK)
#key:       The PMK
#A:         b'Pairwise key expansion'
#B:         The apMac, cliMac, aNonce, and sNonce concatenated
#           like mac1 mac2 nonce1 nonce2
#           such that mac1 < mac2 and nonce1 < nonce2
#return:    The ptk
def PRF(key, A, B):
    #Number of bytes in the PTK
    nByte = 64
    i = 0
    R = b''
    #Each iteration produces 160-bit value and 512 bits are required
    while(i <= ((nByte * 8 + 159) / 160)):
        hmacsha1 = hmac.new(key, A + chr(0x00).encode() + B + chr(i).encode(), sha1)
        R = R + hmacsha1.digest()
        i += 1
    return R[0:nByte]
 
#Make parameters for the generation of the PTK
#aNonce:        The aNonce from the 4-way handshake
#sNonce:        The sNonce from the 4-way handshake
#apMac:         The MAC address of the access point
#cliMac:        The MAC address of the client
#return:        (A, B) where A and B are parameters
#               for the generation of the PTK
def MakeAB(aNonce, sNonce, apMac, cliMac):
    A = b"Pairwise key expansion"
    B = min(apMac, cliMac) + max(apMac, cliMac) + min(aNonce, sNonce) + max(aNonce, sNonce)
    return (A, B)
 
#Compute the 1st message integrity check for a WPA 4-way handshake
#pwd:       The password to test
#ssid:      The ssid of the AP
#A:         b'Pairwise key expansion'
#B:         The apMac, cliMac, aNonce, and sNonce concatenated
#           like mac1 mac2 nonce1 nonce2
#           such that mac1 < mac2 and nonce1 < nonce2
#data:      A list of 802.1x frames with the MIC field zeroed
#return:    (x, y, z) where x is the mic, y is the PTK, and z is the PMK
def MakeMIC(pwd, ssid, A, B, data, wpa = False):
    #Create the pairwise master key using 4096 iterations of hmac-sha1
    #to generate a 32 byte value
    pmk = pbkdf2_hmac('sha1', pwd.encode('ascii'), ssid.encode('ascii'), 4096, 32)
    #Make the pairwise transient key (PTK)
    ptk = PRF(pmk, A, B)
    #WPA uses md5 to compute the MIC while WPA2 uses sha1
    hmacFunc = md5 if wpa else sha1
    #Create the MICs using HMAC-SHA1 of data and return all computed values
    mics = [hmac.new(ptk[0:16], i, hmacFunc).digest() for i in data]
    return (mics, ptk, pmk)

pwd = "11111111"
print("Passphrase:"+pwd)
ssid = "ikeriri-wimax"
print("SSID:"+ssid)

AMAC="f02f74c4f5c4"
print("AP MAC Address from 1of4:"+AMAC)
apMac = binascii.a2b_hex(AMAC)
ANONCE="812e47f04e25fe494c7d44b2f7b016e0ebe3f24865fd234f4998a8f5d8d68bc0"
print("AP Nonce from 1of4:"+ANONCE)
aNonce = binascii.a2b_hex(ANONCE)

SMAC="e2da1ea8928f"
print("STA MAC Address from 1of4:"+SMAC)
cliMac = binascii.a2b_hex(SMAC)
SNONCE="fcf94398b971a1f20572495509733ff0008c93b142e86c9348ce23f3c287ff8b"
print("STA Nonce from 1of4:"+SNONCE)
sNonce = binascii.a2b_hex(SNONCE)

#The first MIC
mic1 = "d5aa6adf088791d7cd37b8866f8a0930"
#The entire 802.1x frame of the second handshake message with the MIC field set to all zeros
data1 = a2b_hex("0203007502010a00100000000000000001fcf94398b971a1f20572495509733ff0008c93b142e86c9348ce23f3c287ff8b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac028c00")
#The second MIC
mic2 = "8fc6ccf6133542e9f8844ec826de5ff8"
#The entire 802.1x frame of the third handshake message with the MIC field set to all zeros
data2 = a2b_hex("020300b70213ca00100000000000000002812e47f04e25fe494c7d44b2f7b016e0ebe3f24865fd234f4998a8f5d8d68bc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000588a6607c41f921c7035108bc8a60c1fa1b5a5ae7d0e191e1ce71fa11d8a1a65b302c4c3450e1884d932b1d3a810cdde17b1e181a9cb217a697d0cc01980b24ad4dbd6a9606ae617eecfb1fc95cea5f7de3909577b193104fe")
#The third MIC
mic3 = "e2367db355ccdf0710d8d73d6e175b5c"
#The entire 802.1x frame of the forth handshake message with the MIC field set to all zeros
data3 = a2b_hex("0203005f02030a0010000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")


A,B=MakeAB(aNonce, sNonce, apMac, cliMac)
mics,ptk,pmk=MakeMIC(pwd, ssid, A, B, [data1, data2, data3], wpa = False)

print ("PMK: " + pmk.hex())
print ("PTK: " + ptk.hex())
kek=ptk[0:16]
print ("KEK: " + kek.hex())
kck=ptk[16:32]
print ("KCK: " + kck.hex())
tk=ptk[32:48]
print ("TK: " + tk.hex())
rmic=ptk[48:55]
print ("Receive MIC Secret: " + rmic.hex())
tmic=ptk[56:63]
print ("Transmit MIC Secret: " + tmic.hex())

mic1Str = mic1.upper()
print("dactual mic:" + mic1Str)
#Take the first 128-bits of the 160-bit SHA1 hash
micStr = b2a_hex(mics[0]).decode().upper()[:-8]
print("calculated mic from Message2of4:" + micStr)
print('MATCH' if micStr == mic1Str else 'MISMATCH')
#Display the desired MIC2 and compare to target MIC2
mic2Str = mic2.upper()
print("actual mic:" + mic2Str)
#Take the first 128-bits of the 160-bit SHA1 hash
micStr = b2a_hex(mics[1]).decode().upper()[:-8]
print("calculated mic from Message3of4:" + micStr)
print('MATCH' if micStr == mic2Str else 'MISMATCH')
#Display the desired MIC3 and compare to target MIC3
mic3Str = mic3.upper()
print("packet mic:" + mic3Str)
#Take the first 128-bits of the 160-bit SHA1 hash
micStr = b2a_hex(mics[2]).decode().upper()[:-8]
print("packet mic from Message4of4:" + micStr)
print('MATCH' if micStr == mic3Str else 'MISMATCH')