From bae72de6dc10a9d41b54811f1b0a4efc1443307e Mon Sep 17 00:00:00 2001 From: solsTiCe d'Hiver Date: Wed, 13 May 2015 14:28:30 +0200 Subject: [PATCH 1/5] Allow the use of 64 hex digits pre-shared-key hostapd allow the use of a 64 hex digits pre-shared-key: it is the combination of SSID and ASCII passphrase. The user can use wpa_passphrase command to calculate it. Add a --psk command switch to allow that --- create_ap | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/create_ap b/create_ap index e1b93e4..01e07e2 100755 --- a/create_ap +++ b/create_ap @@ -40,6 +40,7 @@ usage() { echo " Use: 'nat' for NAT (default)" echo " 'bridge' for bridging" echo " 'none' for no Internet sharing (equivalent to -n)" + echo " --psk Use 64 hex digits pre-shared-key instead of passphrase" echo " --hidden Make the Access Point hidden (do not broadcast the SSID)" echo " --ieee80211n Enable IEEE 802.11n (HT)" echo " --ht_capab HT capabilities (default: [HT40+])" @@ -807,7 +808,7 @@ send_stop() { } ARGS=( "$@" ) -GETOPT_ARGS=$(getopt -o hc:w:g:dnm: -l "help","hidden","ieee80211n","ht_capab:","driver:","no-virt","fix-unmanaged","country:","freq-band:","mac:","daemon","stop:","list","version","no-haveged" -n "$PROGNAME" -- "$@") +GETOPT_ARGS=$(getopt -o hc:w:g:dnm: -l "help","hidden","ieee80211n","ht_capab:","driver:","no-virt","fix-unmanaged","country:","freq-band:","mac:","daemon","stop:","list","version","psk","no-haveged" -n "$PROGNAME" -- "$@") [[ $? -ne 0 ]] && exit 1 eval set -- "$GETOPT_ARGS" @@ -908,6 +909,10 @@ while :; do shift NO_HAVEGED=1 ;; + --psk) + shift + WPA_MODE="psk" + ;; --) shift break @@ -915,6 +920,8 @@ while :; do esac done +WPA_MODE=${WPA_MODE:="passphrase"} + if [[ $# -lt 1 && $FIX_UNMANAGED -eq 0 && -z "$STOP_ID" && $LIST_RUNNING -eq 0 ]]; then usage >&2 exit 1 @@ -1083,7 +1090,12 @@ else while :; do read -p "Passphrase: " -s PASSPHRASE echo - if [[ ${#PASSPHRASE} -gt 0 && ${#PASSPHRASE} -lt 8 ]] || [[ ${#PASSPHRASE} -gt 63 ]]; then + if [[ ${WPA_MODE} == "psk" ]]; then + if [[ ${#PASSPHRASE} -ne 64 ]]; then + echo "ERROR: Invalid pre-shared-key length ${#PASSPHRASE} (expected 64)" >&2 + continue + fi + elif [[ ${#PASSPHRASE} -gt 0 && ${#PASSPHRASE} -lt 8 ]] || [[ ${#PASSPHRASE} -gt 63 ]]; then echo "ERROR: Invalid passphrase length ${#PASSPHRASE} (expected 8..63)" >&2 continue fi @@ -1111,8 +1123,15 @@ if [[ ${#SSID} -lt 1 || ${#SSID} -gt 32 ]]; then exit 1 fi -if [[ ${#PASSPHRASE} -gt 0 && ${#PASSPHRASE} -lt 8 ]] || [[ ${#PASSPHRASE} -gt 63 ]]; then - echo "ERROR: Invalid passphrase length ${#PASSPHRASE} (expected 8..63)" >&2 +if [[ ${WPA_MODE} == "passphrase" ]]; then + if [[ ${#PASSPHRASE} -gt 0 && ${#PASSPHRASE} -lt 8 ]] || [[ ${#PASSPHRASE} -gt 63 ]]; then + echo "ERROR: Invalid passphrase length ${#PASSPHRASE} (expected 8..63)" >&2 + exit 1 + fi +fi + +if [[ ${WPA_MODE} == "psk" && ${#PASSPHRASE} -ne 64 ]]; then + echo "ERROR: Invalid pre-shared-key length ${#PASSPHRASE} (expected 64)" >&2 exit 1 fi @@ -1261,7 +1280,7 @@ if [[ -n "$PASSPHRASE" ]]; then [[ "$WPA_VERSION" == "1+2" ]] && WPA_VERSION=3 cat << EOF >> $CONFDIR/hostapd.conf wpa=${WPA_VERSION} -wpa_passphrase=$PASSPHRASE +wpa_$WPA_MODE=$PASSPHRASE wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP CCMP rsn_pairwise=CCMP From b47b321763327e4b50cf1433376c7abfb6e6e0b3 Mon Sep 17 00:00:00 2001 From: oblique Date: Sat, 23 May 2015 20:50:57 +0300 Subject: [PATCH 2/5] Use boolean flag for the `--psk' --- create_ap | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/create_ap b/create_ap index 01e07e2..609e73e 100755 --- a/create_ap +++ b/create_ap @@ -583,6 +583,7 @@ DAEMONIZE=0 LIST_RUNNING=0 STOP_ID= NO_HAVEGED=0 +USE_PSK=0 CONFDIR= WIFI_IFACE= @@ -911,7 +912,7 @@ while :; do ;; --psk) shift - WPA_MODE="psk" + USE_PSK=1 ;; --) shift @@ -920,8 +921,6 @@ while :; do esac done -WPA_MODE=${WPA_MODE:="passphrase"} - if [[ $# -lt 1 && $FIX_UNMANAGED -eq 0 && -z "$STOP_ID" && $LIST_RUNNING -eq 0 ]]; then usage >&2 exit 1 @@ -1090,7 +1089,7 @@ else while :; do read -p "Passphrase: " -s PASSPHRASE echo - if [[ ${WPA_MODE} == "psk" ]]; then + if [[ $USE_PSK -eq 1 ]]; then if [[ ${#PASSPHRASE} -ne 64 ]]; then echo "ERROR: Invalid pre-shared-key length ${#PASSPHRASE} (expected 64)" >&2 continue @@ -1123,14 +1122,14 @@ if [[ ${#SSID} -lt 1 || ${#SSID} -gt 32 ]]; then exit 1 fi -if [[ ${WPA_MODE} == "passphrase" ]]; then +if [[ $USE_PSK -eq 0 ]]; then if [[ ${#PASSPHRASE} -gt 0 && ${#PASSPHRASE} -lt 8 ]] || [[ ${#PASSPHRASE} -gt 63 ]]; then echo "ERROR: Invalid passphrase length ${#PASSPHRASE} (expected 8..63)" >&2 exit 1 fi fi -if [[ ${WPA_MODE} == "psk" && ${#PASSPHRASE} -ne 64 ]]; then +if [[ $USE_PSK -eq 1 && ${#PASSPHRASE} -ne 64 ]]; then echo "ERROR: Invalid pre-shared-key length ${#PASSPHRASE} (expected 64)" >&2 exit 1 fi @@ -1278,9 +1277,14 @@ fi if [[ -n "$PASSPHRASE" ]]; then [[ "$WPA_VERSION" == "1+2" ]] && WPA_VERSION=3 + if [[ $USE_PSK -eq 0 ]]; then + WPA_KEY_TYPE=passphrase + else + WPA_KEY_TYPE=psk + fi cat << EOF >> $CONFDIR/hostapd.conf wpa=${WPA_VERSION} -wpa_$WPA_MODE=$PASSPHRASE +wpa_${WPA_KEY_TYPE}=${PASSPHRASE} wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP CCMP rsn_pairwise=CCMP From f62b410aaa688544eb3993f575c84017ad184f57 Mon Sep 17 00:00:00 2001 From: oblique Date: Sat, 23 May 2015 20:55:53 +0300 Subject: [PATCH 3/5] Allow empty PSK (i.e. open network) --- create_ap | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/create_ap b/create_ap index 609e73e..3f1eda5 100755 --- a/create_ap +++ b/create_ap @@ -1127,9 +1127,7 @@ if [[ $USE_PSK -eq 0 ]]; then echo "ERROR: Invalid passphrase length ${#PASSPHRASE} (expected 8..63)" >&2 exit 1 fi -fi - -if [[ $USE_PSK -eq 1 && ${#PASSPHRASE} -ne 64 ]]; then +elif [[ ${#PASSPHRASE} -gt 0 && ${#PASSPHRASE} -ne 64 ]]; then echo "ERROR: Invalid pre-shared-key length ${#PASSPHRASE} (expected 64)" >&2 exit 1 fi From 8c7c5dba27a7d426961d95926f905f13d3247a0d Mon Sep 17 00:00:00 2001 From: oblique Date: Sat, 23 May 2015 20:57:15 +0300 Subject: [PATCH 4/5] When we read PSK from stdin, don't hide it from the user. --- create_ap | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/create_ap b/create_ap index 3f1eda5..1eb9fd1 100755 --- a/create_ap +++ b/create_ap @@ -1087,23 +1087,27 @@ else break done while :; do - read -p "Passphrase: " -s PASSPHRASE - echo - if [[ $USE_PSK -eq 1 ]]; then - if [[ ${#PASSPHRASE} -ne 64 ]]; then + if [[ $USE_PSK -eq 0 ]]; then + read -p "Passphrase: " -s PASSPHRASE + echo + if [[ ${#PASSPHRASE} -gt 0 && ${#PASSPHRASE} -lt 8 ]] || [[ ${#PASSPHRASE} -gt 63 ]]; then + echo "ERROR: Invalid passphrase length ${#PASSPHRASE} (expected 8..63)" >&2 + continue + fi + read -p "Retype passphrase: " -s PASSPHRASE2 + echo + if [[ "$PASSPHRASE" != "$PASSPHRASE2" ]]; then + echo "Passphrases do not match." + else + break + fi + else + read -p "PSK: " PASSPHRASE + echo + if [[ ${#PASSPHRASE} -gt 0 && ${#PASSPHRASE} -ne 64 ]]; then echo "ERROR: Invalid pre-shared-key length ${#PASSPHRASE} (expected 64)" >&2 continue fi - elif [[ ${#PASSPHRASE} -gt 0 && ${#PASSPHRASE} -lt 8 ]] || [[ ${#PASSPHRASE} -gt 63 ]]; then - echo "ERROR: Invalid passphrase length ${#PASSPHRASE} (expected 8..63)" >&2 - continue - fi - read -p "Retype passphrase: " -s PASSPHRASE2 - echo - if [[ "$PASSPHRASE" != "$PASSPHRASE2" ]]; then - echo "Passphrases do not match." - else - break fi done else From ad377c9d9f82235fd2c41e1abaa03fc82bcb6864 Mon Sep 17 00:00:00 2001 From: oblique Date: Sat, 23 May 2015 20:59:03 +0300 Subject: [PATCH 5/5] Add `--psk' in bash_completion --- bash_completion | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bash_completion b/bash_completion index 19f996b..bc55943 100644 --- a/bash_completion +++ b/bash_completion @@ -47,6 +47,9 @@ _create_ap() { -m) opts="nat bridge none" ;; + --psk) + # No Options + ;; --hidden) # No Options ;;