hostapd: correctly pass 64 char hex PSK to wpa_supplicant
[openwrt/openwrt.git] / package / hostapd / files / wpa_supplicant.sh
1 wpa_supplicant_setup_vif() {
2 local vif="$1"
3 local driver="$2"
4 local key="$key"
5 local options="$3"
6
7 # wpa_supplicant should use wext for mac80211 cards
8 [ "$driver" = "mac80211" ] && driver='wext'
9
10 # make sure we have the encryption type and the psk
11 [ -n "$enc" ] || {
12 config_get enc "$vif" encryption
13 }
14 [ -n "$key" ] || {
15 config_get key "$vif" key
16 }
17
18 local net_cfg bridge
19 config_get bridge "$vif" bridge
20 [ -z "$bridge" ] && {
21 net_cfg="$(find_net_config "$vif")"
22 [ -z "$net_cfg" ] || bridge="$(bridge_interface "$net_cfg")"
23 config_set "$vif" bridge "$bridge"
24 }
25
26 local mode ifname wds
27 config_get mode "$vif" mode
28 config_get ifname "$vif" ifname
29 config_get_bool wds "$vif" wds 0
30 [ -z "$bridge" ] || [ "$mode" = ap ] || [ "$mode" = sta -a $wds -eq 1 ] || {
31 echo "wpa_supplicant_setup_vif($ifname): Refusing to bridge $mode mode interface"
32 return 1
33 }
34
35 case "$enc" in
36 *none*)
37 key_mgmt='NONE'
38 ;;
39 *wep*)
40 key_mgmt='NONE'
41 config_get key "$vif" key
42 key="${key:-1}"
43 case "$key" in
44 [1234])
45 for idx in 1 2 3 4; do
46 local zidx
47 zidx=$(($idx - 1))
48 config_get ckey "$vif" "key${idx}"
49 [ -n "$ckey" ] && \
50 append "wep_key${zidx}" "wep_key${zidx}=$(prepare_key_wep "$ckey")"
51 done
52 wep_tx_keyidx="wep_tx_keyidx=$((key - 1))"
53 ;;
54 *)
55 wep_key0="wep_key0=$(prepare_key_wep "$key")"
56 wep_tx_keyidx="wep_tx_keyidx=0"
57 ;;
58 esac
59 ;;
60 *psk*)
61 key_mgmt='WPA-PSK'
62 config_get_bool usepassphrase "$vif" usepassphrase 1
63 if [ "$usepassphrase" = "1" ]; then
64 passphrase="psk=\"${key}\""
65 else
66 passphrase="psk=${key}"
67 fi
68 case "$enc" in
69 *psk2*)
70 proto='proto=RSN'
71 config_get ieee80211w "$vif" ieee80211w
72 ;;
73 *psk*)
74 proto='proto=WPA'
75 ;;
76 esac
77 ;;
78 *wpa*|*8021x*)
79 proto='proto=WPA2'
80 key_mgmt='WPA-EAP'
81 config_get ieee80211w "$vif" ieee80211w
82 config_get ca_cert "$vif" ca_cert
83 config_get eap_type "$vif" eap_type
84 ca_cert=${ca_cert:+"ca_cert=\"$ca_cert\""}
85 case "$eap_type" in
86 tls)
87 pairwise='pairwise=CCMP'
88 group='group=CCMP'
89 config_get identity "$vif" identity
90 config_get client_cert "$vif" client_cert
91 config_get priv_key "$vif" priv_key
92 config_get priv_key_pwd "$vif" priv_key_pwd
93 identity="identity=\"$identity\""
94 client_cert="client_cert=\"$client_cert\""
95 priv_key="private_key=\"$priv_key\""
96 priv_key_pwd="private_key_passwd=\"$priv_key_pwd\""
97 ;;
98 peap|ttls)
99 config_get auth "$vif" auth
100 config_get identity "$vif" identity
101 config_get password "$vif" password
102 phase2="phase2=\"auth=${auth:-MSCHAPV2}\""
103 identity="identity=\"$identity\""
104 password="password=\"$password\""
105 ;;
106 esac
107 eap_type="eap=$(echo $eap_type | tr 'a-z' 'A-Z')"
108 ;;
109 esac
110
111 case "$ieee80211w" in
112 [012])
113 ieee80211w="ieee80211w=$ieee80211w"
114 ;;
115 esac
116
117 config_get ifname "$vif" ifname
118 config_get bridge "$vif" bridge
119 config_get ssid "$vif" ssid
120 config_get bssid "$vif" bssid
121 bssid=${bssid:+"bssid=$bssid"}
122 rm -rf /var/run/wpa_supplicant-$ifname
123 cat > /var/run/wpa_supplicant-$ifname.conf <<EOF
124 ctrl_interface=/var/run/wpa_supplicant-$ifname
125 network={
126 scan_ssid=1
127 ssid="$ssid"
128 $bssid
129 key_mgmt=$key_mgmt
130 $proto
131 $ieee80211w
132 $passphrase
133 $pairwise
134 $group
135 $eap_type
136 $ca_cert
137 $client_cert
138 $priv_key
139 $priv_key_pwd
140 $phase2
141 $identity
142 $password
143 $wep_key0
144 $wep_key1
145 $wep_key2
146 $wep_key3
147 $wep_tx_keyidx
148 }
149 EOF
150 [ -z "$proto" -a "$key_mgmt" != "NONE" ] || \
151 wpa_supplicant ${bridge:+ -b $bridge} -B -P "/var/run/wifi-${ifname}.pid" -D ${driver:-wext} -i "$ifname" -c /var/run/wpa_supplicant-$ifname.conf $options
152 }