Not to mess with ifconfig's wpapsk, this diff does instead introduces
wpapass and -wpapass.
Same nwid relation as before:
- A nwid is required prior to supplying a passphrase to wpapass.
- If the nwid is changed afterwards, the passkey is not adjusted.
There has been discussion whether we should clear the wpa key on nwid
change, but I see that as a separate issue.
Again, bsd.rd size impact not checked.
I'd appreciate if someone would comment on the Makefile changes too.
/Alexander
Index: distrib/special/ifconfig/Makefile
===================================================================
RCS file: /cvs/src/distrib/special/ifconfig/Makefile,v
retrieving revision 1.2
diff -u -p -r1.2 Makefile
--- distrib/special/ifconfig/Makefile 28 Oct 2009 07:36:49 -0000 1.2
+++ distrib/special/ifconfig/Makefile 13 Sep 2010 23:56:14 -0000
@@ -1,8 +1,10 @@
# $OpenBSD: Makefile,v 1.2 2009/10/28 07:36:49 deraadt Exp $
PROG= ifconfig
+SRCS= ifconfig.c pbkdf2.c
COPTS+= -DSMALL
-.PATH: ${.CURDIR}/../../../sbin/ifconfig
+.PATH: ${.CURDIR}/../../../sbin/ifconfig ${.CURDIR}/../../../sbin/bioctl
+CFLAGS+=-I${.CURDIR}/../../../sbin/bioctl
CPPFLAGS+=-DINET6
Index: sbin/ifconfig/Makefile
===================================================================
RCS file: /cvs/src/sbin/ifconfig/Makefile,v
retrieving revision 1.10
diff -u -p -r1.10 Makefile
--- sbin/ifconfig/Makefile 22 Nov 2009 22:00:24 -0000 1.10
+++ sbin/ifconfig/Makefile 13 Sep 2010 23:56:14 -0000
@@ -1,7 +1,10 @@
# $OpenBSD: Makefile,v 1.10 2009/11/22 22:00:24 claudio Exp $
+.PATH: ${.CURDIR}/../bioctl
+CFLAGS+=-I${.CURDIR}/../bioctl
+
PROG= ifconfig
-SRCS= ifconfig.c brconfig.c
+SRCS= ifconfig.c brconfig.c pbkdf2.c
MAN= ifconfig.8
CPPFLAGS+=-DINET6
Index: sbin/ifconfig/ifconfig.c
===================================================================
RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.239
diff -u -p -r1.239 ifconfig.c
--- sbin/ifconfig/ifconfig.c 3 Jul 2010 04:44:51 -0000 1.239
+++ sbin/ifconfig/ifconfig.c 13 Sep 2010 23:56:15 -0000
@@ -161,6 +161,7 @@ void setifwpaakms(const char *, int);
void setifwpaciphers(const char *, int);
void setifwpagroupcipher(const char *, int);
void setifwpapsk(const char *, int);
+void setifwpapass(const char *, int);
void setifchan(const char *, int);
void setifscan(const char *, int);
void setiftxpower(const char *, int);
@@ -319,6 +320,8 @@ const struct cmd {
{ "wpaprotos", NEXTARG, 0, setifwpaprotos },
{ "wpapsk", NEXTARG, 0, setifwpapsk },
{ "-wpapsk", -1, 0, setifwpapsk },
+ { "wpapass", NEXTARG, 0, setifwpapass },
+ { "-wpapass", -1, 0, setifwpapass },
{ "chan", NEXTARG0, 0, setifchan },
{ "-chan", -1, 0, setifchan },
{ "scan", NEXTARG0, 0, setifscan },
@@ -1715,6 +1718,45 @@ setifwpapsk(const char *val, int d)
errx(1, "wpapsk: invalid pre-shared key");
if (len != sizeof(psk.i_psk))
errx(1, "wpapsk: bad pre-shared key length");
+ psk.i_enabled = 1;
+ } else
+ psk.i_enabled = 0;
+
+ (void)strlcpy(psk.i_name, name, sizeof(psk.i_name));
+ if (ioctl(s, SIOCS80211WPAPSK, (caddr_t)&psk) < 0)
+ err(1, "SIOCS80211WPAPSK");
+}
+
+void
+setifwpapass(const char *val, int d)
+{
+ struct ieee80211_wpapsk psk;
+ struct ieee80211_nwid nwid;
+ int passlen, nwid_len;
+
+ if (d != -1) {
+ memset(&ifr, 0, sizeof(ifr));
+ ifr.ifr_data = (caddr_t)&nwid;
+ strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name));
+ if (ioctl(s, SIOCG80211NWID, (caddr_t)&ifr))
+ err(1, "SIOCG80211NWID");
+
+ passlen = strlen(val);
+ if (passlen < 8 || passlen > 63)
+ errx(1, "wpapass: passphrase must be between 8 and 63 "
+ "characters");
+u
+ nwid_len = nwid.i_len;
+ if (nwid_len == 0)
+ errx(1, "wpapass: nwid not set");
+ else if (nwid_len > IEEE80211_NWID_LEN) {
+ nwid_len = IEEE80211_NWID_LEN;
+ warnx("truncating nwid to its first %d characters",
+ nwid_len);
+ }
+
+ pkcs5_pbkdf2(val, passlen, nwid.i_nwid, nwid_len, psk.i_psk,
+ sizeof(psk.i_psk), 4096);
psk.i_enabled = 1;
} else
psk.i_enabled = 0;
