cyw43: Add function to join WPA2 network with precomputed PSK.

With flags = 0 in PassphraseInfo, CYW firmware skips the PBKDF2 PSK
derivation. This makes it possible avoid storing unhashed passwords.

The wpa_passphrase utility may be used to generate this PSK.
This commit is contained in:
Cirrus 2024-04-28 15:22:11 -07:00
parent 08314b0940
commit d2f6ce5afd

View File

@ -228,8 +228,12 @@ impl<'a> Control<'a> {
self.wait_for_join(i).await self.wait_for_join(i).await
} }
/// Join an protected network with the provided ssid and passphrase. /// Join a protected network with the provided ssid and [`PassphraseInfo`].
pub async fn join_wpa2(&mut self, ssid: &str, passphrase: &str) -> Result<(), Error> { pub async fn join_wpa2_passphrase_info(
&mut self,
ssid: &str,
passphrase_info: &mut PassphraseInfo,
) -> Result<(), Error> {
self.set_iovar_u32("ampdu_ba_wsize", 8).await; self.set_iovar_u32("ampdu_ba_wsize", 8).await;
self.ioctl_set_u32(134, 0, 4).await; // wsec = wpa2 self.ioctl_set_u32(134, 0, 4).await; // wsec = wpa2
@ -239,14 +243,13 @@ impl<'a> Control<'a> {
Timer::after_millis(100).await; Timer::after_millis(100).await;
let mut pfi = PassphraseInfo { self.ioctl(
len: passphrase.len() as _, IoctlType::Set,
flags: 1, IOCTL_CMD_SET_PASSPHRASE,
passphrase: [0; 64], 0,
}; &mut passphrase_info.to_bytes(),
pfi.passphrase[..passphrase.len()].copy_from_slice(passphrase.as_bytes()); )
self.ioctl(IoctlType::Set, IOCTL_CMD_SET_PASSPHRASE, 0, &mut pfi.to_bytes()) .await; // WLC_SET_WSEC_PMK
.await; // WLC_SET_WSEC_PMK
self.ioctl_set_u32(20, 0, 1).await; // set_infra = 1 self.ioctl_set_u32(20, 0, 1).await; // set_infra = 1
self.ioctl_set_u32(22, 0, 0).await; // set_auth = 0 (open) self.ioctl_set_u32(22, 0, 0).await; // set_auth = 0 (open)
@ -261,6 +264,28 @@ impl<'a> Control<'a> {
self.wait_for_join(i).await self.wait_for_join(i).await
} }
/// Join a protected network with the provided ssid and passphrase.
pub async fn join_wpa2(&mut self, ssid: &str, passphrase: &str) -> Result<(), Error> {
let mut pfi = PassphraseInfo {
len: passphrase.len() as _,
flags: 1,
passphrase: [0; 64],
};
pfi.passphrase[..passphrase.len()].copy_from_slice(passphrase.as_bytes());
self.join_wpa2_passphrase_info(ssid, &mut pfi).await
}
/// Join a protected network with the provided ssid and precomputed PSK.
pub async fn join_wpa2_psk(&mut self, ssid: &str, psk: &[u8; 32]) -> Result<(), Error> {
let mut pfi = PassphraseInfo {
len: psk.len() as _,
flags: 0,
passphrase: [0; 64],
};
pfi.passphrase[..psk.len()].copy_from_slice(psk);
self.join_wpa2_passphrase_info(ssid, &mut pfi).await
}
async fn wait_for_join(&mut self, i: SsidInfo) -> Result<(), Error> { async fn wait_for_join(&mut self, i: SsidInfo) -> Result<(), Error> {
self.events.mask.enable(&[Event::SET_SSID, Event::AUTH]); self.events.mask.enable(&[Event::SET_SSID, Event::AUTH]);
let mut subscriber = self.events.queue.subscriber().unwrap(); let mut subscriber = self.events.queue.subscriber().unwrap();