checking in before i do some major restructuring of wifi stuff in the xml/xsd

extras/genPSK.py

@@ -0,0 +1,82 @@
+#!/usr/bin/env python3
+
+import argparse
+import binascii
+import getpass
+import sys
+##
+# from passlib.utils import pbkdf2  # deprecated
+from passlib.crypto.digest import pbkdf2_hmac
+
+
+def pskGen(ssid, passphrase):
+    # raw_psk = pbkdf2.pbkdf2(str(passphrase), str(ssid), 4096, 32)  # deprecated
+    raw_psk = pbkdf2_hmac('sha1', str(passphrase), str(ssid), 4096, 32)
+    hex_psk = binascii.hexlify(raw_psk)
+    str_psk = hex_psk.decode('utf-8')
+    return(str_psk)
+
+
+def parseArgs():
+    def essidchk(essid):
+        essid = str(essid)
+        if len(essid) > 32:
+            raise argparse.ArgumentTypeError('The maximum length of an ESSID is 32 characters')
+        return(essid)
+
+    def passphrasechk(passphrase):
+        if passphrase:
+            is_piped = False
+            passphrase = str(passphrase)
+            if passphrase == '-':
+                if sys.stdin.isatty():
+                    raise argparse.ArgumentTypeError(('[STDIN] You specified a passphrase to be entered but did not '
+                                                      'provide one via a pipe.'))
+                else:
+                    is_piped = True
+                    try:
+                        # WPA-PSK only accepts ASCII for passphrase.
+                        raw_pass = sys.stdin.read().encode('utf-8').decode('ascii').strip('\r').strip('\n')
+                    except UnicodeDecodeError:
+                        raise argparse.ArgumentTypeError('[STDIN] WPA-PSK passphrases must be an ASCII string')
+            if not 7 < len(passphrase) < 64:
+                raise argparse.ArgumentTypeError(('{0}WPA-PSK passphrases must be no shorter than 8 characters'
+                                                  ' and no longer than 63 characters. '
+                                                  'Please ensure you have provided the '
+                                                  'correct passphrase.').format(('[STDIN] ' if is_piped else '')))
+        return(passphrase)
+
+    args = argparse.ArgumentParser(description = 'Generate a PSK from a passphrase')
+    args.add_argument('-p', '--passphrase',
+                      dest = 'passphrase',
+                      default = None,
+                      type = passphrasechk,
+                      help = ('If specified, use this passphrase (otherwise securely interactively prompt for it). '
+                              'If "-" (without quotes), read from stdin (via a pipe). '
+                              'WARNING: THIS OPTION IS INSECURE AND MAY EXPOSE THE PASSPHRASE GIVEN '
+                              'TO OTHER PROCESSES ON THIS SYSTEM'))
+    args.add_argument('ssid',
+                      metavar = 'ESSID',
+                      type = essidchk,
+                      help = ('The ESSID (network name) to use for this passphrase. '
+                              '(This is required because WPA-PSK uses it to salt the key derivation)'))
+    return(args)
+
+
+def main():
+    args = parseArgs().parse_args()
+    if not args.passphrase:
+        args.passphrase = getpass.getpass(('Please enter the passphrase for '
+                                           'network "{0}" (will NOT echo back): ').format(args.ssid))
+        args.passphrase = args.passphrase.encode('utf-8').decode('ascii').strip('\r').strip('\n')
+    if not 7 < len(args.passphrase) < 64:
+        raise ValueError(('WPA-PSK passphrases must be no shorter than 8 characters'
+                          ' and no longer than 63 characters. '
+                          'Please ensure you have provided the correct passphrase.'))
+    psk = pskGen(args.ssid, args.passphrase)
+    print('PSK for network "{0}": {1}'.format(args.ssid, psk))
+    return()
+
+
+if __name__ == '__main__':
+    main()