Hello again! It's good to be back, on this new mailing list. I noticed that the wpa_passphrase program does not accept backslash escapes, making it difficult to enter text with arbitrary characters. Here is a patch, to add that feature. This also allows a convenient 1:1 mapping of the network name strings received from the output of "wpa_cli scan_results" or "wpa_cli bss": the network name string can be copied verbatim to wpa_passphrase, and its backslash escapes will now be processed correctly. It also protects the wpa_supplicant.conf file output. If users have a network name with a quotation mark in it, or other mischevious characters, things can rapidly go to \xf0\x9f\x92\xa9. This avoids such breakage, by providing the ssid in hex digits format if necessary, as is done for the psk. A commented-out ssid will also be provided as human-readable text to accompany it, like the psk. This is to further support my goal of allowing the choice of wireless network name and password to be as binary-clean as possible. Thank you! Josh Lehan Signed-off-by: Josh Lehan <krellan@xxxxxxxxxxx> --- wpa_supplicant/wpa_passphrase.c | 64 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 61 insertions(+), 3 deletions(-) diff --git a/wpa_supplicant/wpa_passphrase.c b/wpa_supplicant/wpa_passphrase.c index 9b568f0..5204a39 100644 --- a/wpa_supplicant/wpa_passphrase.c +++ b/wpa_supplicant/wpa_passphrase.c @@ -52,11 +52,69 @@ int main(int argc, char *argv[]) return 1; } - pbkdf2_sha1(passphrase, (u8 *) ssid, os_strlen(ssid), 4096, psk, 32); + char safe_ssid = 0; + + size_t len_raw_ssid; + size_t len_esc_ssid; + + unsigned char raw_ssid[os_strlen(ssid) + 1]; + + /* Accept escape sequences in user input of ssid */ + len_raw_ssid = printf_decode(raw_ssid, sizeof(raw_ssid), ssid); + + char esc_ssid[(len_raw_ssid * 4) + 1]; + + /* Roundtrip, to ensure clean output */ + printf_encode(esc_ssid, sizeof(esc_ssid), raw_ssid, len_raw_ssid); + + len_esc_ssid = os_strlen(esc_ssid); + + /* + * If no change between raw and escaped form, + * string is safe to provide as plaintext. + */ + if ((len_raw_ssid == len_esc_ssid) && + (os_strncmp((const char *)raw_ssid, esc_ssid, + len_esc_ssid) == 0)) { + safe_ssid = 1; + } + + size_t len_raw_passphrase; + + unsigned char raw_passphrase[os_strlen(passphrase) + 1]; + + /* Accept escape sequences in user input of passphrase */ + len_raw_passphrase = printf_decode(raw_passphrase, + sizeof(raw_passphrase), passphrase); + + char esc_passphrase[(len_raw_passphrase * 4) + 1]; + + /* Roundtrip, to ensure clean output */ + printf_encode(esc_passphrase, sizeof(esc_passphrase), + raw_passphrase, len_raw_passphrase); + + pbkdf2_sha1((const char *)raw_passphrase, raw_ssid, len_raw_ssid, + 4096, psk, 32); printf("network={\n"); - printf("\tssid=\"%s\"\n", ssid); - printf("\t#psk=\"%s\"\n", passphrase); + + /* + * Provide plaintext of ssid, + * to preserve traditional format that other tools expect, + * but only if it is safe (no escaping necessary). + * Otherwise provide ssid as hex digits (same format as binary psk). + */ + if (safe_ssid) { + printf("\tssid=\"%s\"\n", esc_ssid); + } else { + printf("\t#ssid=\"%s\"\n", esc_ssid); + printf("\tssid="); + for (i = 0; i < len_raw_ssid; i++) + printf("%02x", raw_ssid[i]); + printf("\n"); + } + + printf("\t#psk=\"%s\"\n", esc_passphrase); printf("\tpsk="); for (i = 0; i < 32; i++) printf("%02x", psk[i]); -- 1.9.1 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap