Re: ifconfig wpapass

Tue, 14 Sep 2010 01:02:01 -0700 

On 09/14/10 07:38, Alexander Hall wrote:
> On 09/14/10 02:14, Alexander Hall wrote:
>> Not to mess with ifconfig's wpapsk, this diff does instead introduces
>> wpapass and -wpapass.
>>
>> Same nwid relation as before:
>> - A nwid is required prior to supplying a passphrase to wpapass.
>> - If the nwid is changed afterwards, the passkey is not adjusted.
>>
>> There has been discussion whether we should clear the wpa key on nwid
>> change, but I see that as a separate issue.
>>
>> Again, bsd.rd size impact not checked.
>>
>> I'd appreciate if someone would comment on the Makefile changes too.

Ray made me realize I also forgot to #include "pbkdf2.h". Lint kinda
agreed and now I also check the return value properly. 

/Alexander


Index: distrib/special/ifconfig/Makefile
===================================================================
RCS file: /cvs/src/distrib/special/ifconfig/Makefile,v
retrieving revision 1.2
diff -u -p -r1.2 Makefile
--- distrib/special/ifconfig/Makefile   28 Oct 2009 07:36:49 -0000      1.2
+++ distrib/special/ifconfig/Makefile   14 Sep 2010 07:52:57 -0000
@@ -1,8 +1,10 @@
 #      $OpenBSD: Makefile,v 1.2 2009/10/28 07:36:49 deraadt Exp $
 
 PROG=  ifconfig
+SRCS=  ifconfig.c pbkdf2.c
 COPTS+=        -DSMALL
-.PATH:  ${.CURDIR}/../../../sbin/ifconfig
+.PATH:  ${.CURDIR}/../../../sbin/ifconfig ${.CURDIR}/../../../sbin/bioctl
+CFLAGS+=-I${.CURDIR}/../../../sbin/bioctl
 
 CPPFLAGS+=-DINET6
 
Index: sbin/ifconfig/Makefile
===================================================================
RCS file: /cvs/src/sbin/ifconfig/Makefile,v
retrieving revision 1.10
diff -u -p -r1.10 Makefile
--- sbin/ifconfig/Makefile      22 Nov 2009 22:00:24 -0000      1.10
+++ sbin/ifconfig/Makefile      14 Sep 2010 07:52:57 -0000
@@ -1,7 +1,10 @@
 #      $OpenBSD: Makefile,v 1.10 2009/11/22 22:00:24 claudio Exp $
 
+.PATH: ${.CURDIR}/../bioctl
+CFLAGS+=-I${.CURDIR}/../bioctl
+
 PROG=  ifconfig
-SRCS=  ifconfig.c brconfig.c
+SRCS=  ifconfig.c brconfig.c pbkdf2.c
 MAN=   ifconfig.8
 
 CPPFLAGS+=-DINET6
Index: sbin/ifconfig/ifconfig.c
===================================================================
RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.239
diff -u -p -r1.239 ifconfig.c
--- sbin/ifconfig/ifconfig.c    3 Jul 2010 04:44:51 -0000       1.239
+++ sbin/ifconfig/ifconfig.c    14 Sep 2010 07:52:58 -0000
@@ -105,6 +105,7 @@
 #include <ifaddrs.h>
 
 #include "brconfig.h"
+#include "pbkdf2.h"
 
 struct ifreq           ifr, ridreq;
 struct in_aliasreq     in_addreq;
@@ -161,6 +162,7 @@ void        setifwpaakms(const char *, int);
 void   setifwpaciphers(const char *, int);
 void   setifwpagroupcipher(const char *, int);
 void   setifwpapsk(const char *, int);
+void   setifwpapass(const char *, int);
 void   setifchan(const char *, int);
 void   setifscan(const char *, int);
 void   setiftxpower(const char *, int);
@@ -319,6 +321,8 @@ const struct        cmd {
        { "wpaprotos",  NEXTARG,        0,              setifwpaprotos },
        { "wpapsk",     NEXTARG,        0,              setifwpapsk },
        { "-wpapsk",    -1,             0,              setifwpapsk },
+       { "wpapass",    NEXTARG,        0,              setifwpapass },
+       { "-wpapass",   -1,             0,              setifwpapass },
        { "chan",       NEXTARG0,       0,              setifchan },
        { "-chan",      -1,             0,              setifchan },
        { "scan",       NEXTARG0,       0,              setifscan },
@@ -1715,6 +1719,45 @@ setifwpapsk(const char *val, int d)
                        errx(1, "wpapsk: invalid pre-shared key");
                if (len != sizeof(psk.i_psk))
                        errx(1, "wpapsk: bad pre-shared key length");
+               psk.i_enabled = 1;
+       } else
+               psk.i_enabled = 0;
+
+       (void)strlcpy(psk.i_name, name, sizeof(psk.i_name));
+       if (ioctl(s, SIOCS80211WPAPSK, (caddr_t)&psk) < 0)
+               err(1, "SIOCS80211WPAPSK");
+}
+
+void
+setifwpapass(const char *val, int d)
+{
+       struct ieee80211_wpapsk psk;
+       struct ieee80211_nwid nwid;
+       int passlen, nwid_len;
+
+       if (d != -1) {
+               memset(&ifr, 0, sizeof(ifr));
+               ifr.ifr_data = (caddr_t)&nwid;
+               strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name));
+               if (ioctl(s, SIOCG80211NWID, (caddr_t)&ifr))
+                       err(1, "SIOCG80211NWID");
+
+               passlen = strlen(val);
+               if (passlen < 8 || passlen > 63)
+                       errx(1, "wpapass: passphrase must be between 8 and 63 "
+                           "characters");
+               nwid_len = nwid.i_len;
+               if (nwid_len == 0)
+                       errx(1, "wpapass: nwid not set");
+               else if (nwid_len > IEEE80211_NWID_LEN) {
+                       nwid_len = IEEE80211_NWID_LEN;
+                       warnx("truncating nwid to its first %d characters",
+                           nwid_len);
+               }
+
+               if (pkcs5_pbkdf2(val, passlen, nwid.i_nwid, nwid_len, psk.i_psk,
+                   sizeof(psk.i_psk), 4096) != 0)
+                       errx(1, "wpapsk: passphrase hashing failed");
                psk.i_enabled = 1;
        } else
                psk.i_enabled = 0;

Reply via email to