mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-17 18:34:03 -05:00
Remove www directory (w1.fi web pages)
These are now maintained in a separate repository (hostap-www.git) and do not need to remain in hostap.git.
This commit is contained in:
parent
451c367d06
commit
f127282232
13
www/Makefile
13
www/Makefile
@ -1,13 +0,0 @@
|
||||
all: versions.png
|
||||
|
||||
%.png: %.fig
|
||||
fig2dev -Lpng -s5.1 -S4 -m2 $< | \
|
||||
pngtopnm | \
|
||||
pnmscale -xscale 0.5 -yscale 0.5 | \
|
||||
pnmtopng > $@
|
||||
|
||||
%.fig: %.dot
|
||||
dot $< -Tfig -o $@
|
||||
|
||||
clean:
|
||||
rm versions.png versions.fig
|
70
www/cvs.html
70
www/cvs.html
@ -1,70 +0,0 @@
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<title>Host AP / hostapd / wpa_supplicant - anonymous CVS/GIT access</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<h2>Host AP / hostapd / wpa_supplicant - anonymous CVS/GIT access</h2>
|
||||
|
||||
<p>
|
||||
Project source code and related files are maintained in a version
|
||||
control system. The first version up to and including 0.5.x were
|
||||
maintained in a CVS repository. Starting from 0.6.x, repositories
|
||||
moved to using GIT. In addition, Host AP driver is now maintained with
|
||||
the rest of the Linux kernel tree (which is also using GIT).
|
||||
</p>
|
||||
|
||||
<h3>GIT</h3>
|
||||
|
||||
<p>Using git protocol: git://w1.fi/srv/git/hostap.git</p>
|
||||
|
||||
<p>Using HTTP (if git protocol is firewalled): http://w1.fi/hostap.git</p>
|
||||
|
||||
<p>(e.g., to get a clone of the repository you can use git with
|
||||
"<code>git clone git://w1.fi/srv/git/hostap.git</code>").</p>
|
||||
|
||||
<p>WWW interface (gitweb) to the repository:
|
||||
<a href="/gitweb/gitweb.cgi">http://w1.fi/gitweb/gitweb.cgi</a></p>
|
||||
|
||||
</p>
|
||||
|
||||
<h3>CVS</h3>
|
||||
|
||||
<p>
|
||||
Anonymous read-only CVS access to the Host AP driver, hostapd, and
|
||||
wpa_supplicant CVS repository is available using CVS pserver:
|
||||
</p>
|
||||
|
||||
<p><code>export CVSROOT=":pserver:anonymous@hostap.epitest.fi:/cvs"</code></p>
|
||||
|
||||
<p><code>cvs login</code></p>
|
||||
|
||||
<p>Password is empty, so just hit enter when prompted for a password.</p>
|
||||
|
||||
<p>After you have logged in once, you can checkout the source:</p>
|
||||
|
||||
<p><code>cvs checkout hostap</code></p>
|
||||
|
||||
<p>
|
||||
If you want to compress the stream to save bandwidth, you can add -z3
|
||||
option to the command (<code>cvs -z3 checkout hostap</code>).
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Also other CVS commands like <code>update</code> and <code>log</code> can
|
||||
be used.
|
||||
</p>
|
||||
|
||||
|
||||
<hr>
|
||||
<div>
|
||||
<address><a href="mailto:j@w1.fi">Jouni Malinen</a></address>
|
||||
<!-- Created: Mon May 27 20:08:41 EEST 2002 -->
|
||||
<!-- hhmts start -->
|
||||
Last modified: Sat Dec 12 16:43:03 EET 2009
|
||||
<!-- hhmts end -->
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
@ -1,265 +0,0 @@
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<title>hostapd: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator</title>
|
||||
<meta name="description" content="hostapd (IEEE 802.1X, WPA, WPA2, RSN, IEEE 802.11i Authenticator and RADIUS authentication server)">
|
||||
<meta name="keywords" content="WPA, WPA2, IEEE 802.11i, IEEE 802.1X, WPA Authenticator, hostapd, TKIP, CCMP, EAP-PEAP, EAP-TLS, EAP-TTLS, EAP-SIM, EAP-AKA, EAP-GTC, EAP-MSCHAPv2, EAP-MD5, EAP-PAX, EAP-PSK, EAP-FAST, IEEE 802.1X Supplicant, IEEE 802.1aa, EAPOL, RSN, pre-authentication, PMKSA caching, BSD WPA Authenticator, FreeBSD WPA Authenticator, RADIUS authentication server, EAP authenticator, EAP server, EAP-TNC, TNCS, IF-IMV, IF-TNCCS, WPS">
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<h2>hostapd: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator</h2>
|
||||
|
||||
<p>hostapd is a user space daemon for access point and authentication
|
||||
servers. It implements IEEE 802.11 access point management, IEEE
|
||||
802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and
|
||||
RADIUS authentication server. The current version supports Linux (Host
|
||||
AP, madwifi, mac80211-based drivers) and FreeBSD (net80211).</p>
|
||||
|
||||
<p>hostapd is designed to be a "daemon" program that runs in the
|
||||
background and acts as the backend component controlling
|
||||
authentication. hostapd supports separate frontend programs and an
|
||||
example text-based frontend, hostapd_cli, is included with
|
||||
hostapd.</p>
|
||||
|
||||
<h4>Supported WPA/IEEE 802.11i/EAP/IEEE 802.1X features</h4>
|
||||
|
||||
<ul>
|
||||
<li>WPA-PSK ("WPA-Personal")</li>
|
||||
<li>WPA with EAP (with integrated EAP server or an external
|
||||
RADIUS backend authentication server) ("WPA-Enterprise")</li>
|
||||
<li>key management for CCMP, TKIP, WEP104, WEP40</li>
|
||||
<li>WPA and full IEEE 802.11i/RSN/WPA2</li>
|
||||
<li>RSN: PMKSA caching, pre-authentication</li>
|
||||
<li>IEEE 802.11r</li>
|
||||
<li>IEEE 802.11w</li>
|
||||
<li>RADIUS accounting</li>
|
||||
<li>RADIUS authentication server with EAP</li>
|
||||
<li>Wi-Fi Protected Setup (WPS)</li>
|
||||
</ul>
|
||||
|
||||
<h4>Supported EAP methods (integrated EAP server and RADIUS authentication server)</h4>
|
||||
|
||||
<ul>
|
||||
<li>EAP-TLS</li>
|
||||
<li>EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)</li>
|
||||
<li>EAP-PEAP/TLS (both PEAPv0 and PEAPv1)</li>
|
||||
<li>EAP-PEAP/GTC (both PEAPv0 and PEAPv1)</li>
|
||||
<li>EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)</li>
|
||||
<li>EAP-TTLS/EAP-MD5-Challenge</li>
|
||||
<li>EAP-TTLS/EAP-GTC</li>
|
||||
<li>EAP-TTLS/EAP-MSCHAPv2</li>
|
||||
<li>EAP-TTLS/MSCHAPv2</li>
|
||||
<li>EAP-TTLS/EAP-TLS</li>
|
||||
<li>EAP-TTLS/MSCHAP</li>
|
||||
<li>EAP-TTLS/PAP</li>
|
||||
<li>EAP-TTLS/CHAP</li>
|
||||
<li>EAP-SIM</li>
|
||||
<li>EAP-AKA</li>
|
||||
<li>EAP-AKA'</li>
|
||||
<li>EAP-PAX</li>
|
||||
<li>EAP-PSK</li>
|
||||
<li>EAP-SAKE</li>
|
||||
<li>EAP-FAST</li>
|
||||
<li>EAP-IKEv2</li>
|
||||
<li>EAP-GPSK</li>
|
||||
</ul>
|
||||
|
||||
<p>Following methods are also supported, but since they do not generate keying
|
||||
material, they cannot be used with WPA or IEEE 802.1X WEP keying.</p>
|
||||
|
||||
<ul>
|
||||
<li>EAP-MD5-Challenge</li>
|
||||
<li>EAP-MSCHAPv2</li>
|
||||
<li>EAP-GTC</li>
|
||||
<li>EAP-TNC (Trusted Network Connect; TNCS, IF-IMV, IF-T, IF-TNCCS)</li>
|
||||
</ul>
|
||||
|
||||
<p>More information about EAP methods and interoperability testing is
|
||||
available in <a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=hostapd/eap_testing.txt">eap_testing.txt</a>.</p>
|
||||
|
||||
|
||||
<h4>Supported wireless cards/drivers</h4>
|
||||
|
||||
<ul>
|
||||
<li><a href="http://wireless.kernel.org/en/developers/Documentation/mac80211">Linux mac80211 drivers</a></li>
|
||||
<li><a href="http://w1.fi/">Host AP driver for Prism2/2.5/3</a></li>
|
||||
<li><a href="http://sourceforge.net/projects/madwifi/">madwifi (Atheros ar521x)</a></li>
|
||||
<li>BSD net80211 layer (e.g., Atheros driver) (FreeBSD 6-CURRENT)</li>
|
||||
</ul>
|
||||
|
||||
<h3><a name="download">Download</a></h3>
|
||||
|
||||
<p>
|
||||
<b>hostapd</b><br>
|
||||
Copyright (c) 2002-2011, Jouni Malinen <j@w1.fi>
|
||||
and contributors.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License version 2 as
|
||||
published by the Free Software Foundation. See
|
||||
<a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=COPYING">COPYING</a>
|
||||
for more details.
|
||||
</p>
|
||||
|
||||
<p>Alternatively, this software may be distributed, used, and modified
|
||||
under the terms of BSD license. See <a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=hostapd/README">README</a>
|
||||
for more details.</p>
|
||||
|
||||
<p>
|
||||
<b>Please see
|
||||
<a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=hostapd/README">README</a>
|
||||
for the current documentation.</b></p>
|
||||
|
||||
|
||||
<ul>
|
||||
<li><a href="../releases.html">Release graph</a></li>
|
||||
<li>Latest stable release:
|
||||
<ul>
|
||||
<li><a href="../releases/hostapd-0.7.3.tar.gz">hostapd-0.7.3.tar.gz</a></li>
|
||||
</ul>
|
||||
<li>Previous stable release:
|
||||
<ul>
|
||||
<li><a href="../releases/hostapd-0.6.10.tar.gz">hostapd-0.6.10.tar.gz</a></li>
|
||||
</ul>
|
||||
<!--
|
||||
<li>Latest development release:
|
||||
<ul>
|
||||
<li><a href="../releases/hostapd-0.8.0.tar.gz">hostapd-0.8.0.tar.gz</a></li>
|
||||
</ul>
|
||||
-->
|
||||
<li>ChangeLog:
|
||||
<ul>
|
||||
<li><a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=hostapd/ChangeLog">development branch</a></li>
|
||||
<li><a href="/gitweb/gitweb.cgi?p=hostap-07.git;a=blob_plain;f=hostapd/ChangeLog">stable branch</li>
|
||||
<li><a href="/gitweb/gitweb.cgi?p=hostap-06.git;a=blob_plain;f=hostapd/ChangeLog">previous stable branch</li>
|
||||
</ul>
|
||||
<li><a href="../releases/">Old releases</a></li>
|
||||
<li><a href="http://lists.shmoo.com/mailman/listinfo/hostap">Mailing list</a></li>
|
||||
<li><a href="http://lists.shmoo.com/pipermail/hostap/">New mailing list archives</a></li>
|
||||
<li><a href="/gitweb/gitweb.cgi">Web interface to GIT repository (0.6.x and newer)</a></li>
|
||||
<li><a href="/cgi-bin/viewcvs.cgi/hostap/">Web interface to CVS repository (0.5.x and older)</a></li>
|
||||
<li><a href="../releases/snapshots/">Snapshot releases from all active branches</a>
|
||||
<li><a href="../cvs.html">GIT and read-only anonymous CVS access (pserver)</a></li>
|
||||
<li><a href="../bugz/">Bug and feature request tracking</a></li>
|
||||
<li><a href="../wpa_supplicant/devel/">Developers' documentation for wpa_supplicant/hostapd</a></li>
|
||||
</ul>
|
||||
|
||||
<h3>WPA</h3>
|
||||
|
||||
<p>The original security mechanism of IEEE 802.11 standard was not
|
||||
designed to be strong and has proven to be insufficient for most
|
||||
networks that require some kind of security. Task group I (Security)
|
||||
of <a href="http://www.ieee802.org/11/">IEEE 802.11 working group</a>
|
||||
has worked to address the flaws of the base standard and in
|
||||
practice completed its work in May 2004. The IEEE 802.11i amendment to
|
||||
the IEEE 802.11 standard was approved in June 2004 and published in
|
||||
July 2004.</p>
|
||||
|
||||
<p><a href="http://www.wi-fi.org/">Wi-Fi Alliance</a> used a draft
|
||||
version of the IEEE 802.11i work (draft 3.0) to define a subset of the
|
||||
security enhancements that can be implemented with existing wlan
|
||||
hardware. This is called Wi-Fi Protected Access (WPA). This has
|
||||
now become a mandatory component of interoperability testing and
|
||||
certification done by Wi-Fi Alliance. Wi-Fi has
|
||||
<a href="http://www.wi-fi.org/OpenSection/protected_access.asp">information
|
||||
about WPA</a> at its web site.</p>
|
||||
|
||||
<p>IEEE 802.11 standard defined wired equivalent privacy (WEP) algorithm
|
||||
for protecting wireless networks. WEP uses RC4 with 40-bit keys,
|
||||
24-bit initialization vector (IV), and CRC32 to protect against packet
|
||||
forgery. All these choices have proven to be insufficient: key space is
|
||||
too small against current attacks, RC4 key scheduling is insufficient
|
||||
(beginning of the pseudorandom stream should be skipped), IV space is
|
||||
too small and IV reuse makes attacks easier, there is no replay
|
||||
protection, and non-keyed authentication does not protect against bit
|
||||
flipping packet data.</p>
|
||||
|
||||
<p>WPA is an intermediate solution for the security issues. It uses
|
||||
Temporal Key Integrity Protocol (TKIP) to replace WEP. TKIP is a
|
||||
compromise on strong security and possibility to use existing
|
||||
hardware. It still uses RC4 for the encryption like WEP, but with
|
||||
per-packet RC4 keys. In addition, it implements replay protection,
|
||||
keyed packet authentication mechanism (Michael MIC).</p>
|
||||
|
||||
<p>Keys can be managed using two different mechanisms. WPA can either use
|
||||
an external authentication server (e.g., RADIUS) and EAP just like
|
||||
IEEE 802.1X is using or pre-shared keys without need for additional
|
||||
servers. Wi-Fi calls these "WPA-Enterprise" and "WPA-Personal",
|
||||
respectively. Both mechanisms will generate a master session key for
|
||||
the Authenticator (AP) and Supplicant (client station).</p>
|
||||
|
||||
<p>WPA implements a new key handshake (4-Way Handshake and Group Key
|
||||
Handshake) for generating and exchanging data encryption keys between
|
||||
the Authenticator and Supplicant. This handshake is also used to
|
||||
verify that both Authenticator and Supplicant know the master session
|
||||
key. These handshakes are identical regardless of the selected key
|
||||
management mechanism (only the method for generating master session
|
||||
key changes).</p>
|
||||
|
||||
|
||||
<h3>IEEE 802.11i / RSN / WPA2</h3>
|
||||
|
||||
<p>The design for parts of IEEE 802.11i that were not included in WPA
|
||||
has finished (May 2004) and this amendment to IEEE 802.11 was approved
|
||||
in June 2004. Wi-Fi Alliance is using the final IEEE 802.11i as a new
|
||||
version of WPA called WPA2. This included, e.g., support for more
|
||||
robust encryption algorithm (CCMP: AES in Counter mode with CBC-MAC)
|
||||
to replace TKIP, optimizations for handoff (reduced number of messages
|
||||
in initial key handshake, pre-authentication, and PMKSA caching).</p>
|
||||
|
||||
<h4>Configuration file</h4>
|
||||
|
||||
<p>hostapd is configured using a text file that lists all the configuration
|
||||
parameters. See an example configuration file,
|
||||
<a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=hostapd/hostapd.conf">hostapd.conf</a>,
|
||||
for detailed information about the configuration format and supported
|
||||
fields.</p>
|
||||
|
||||
<h3>Feedback, comments, mailing list</h3>
|
||||
|
||||
<p>
|
||||
Any comments, reports on success/failure, ideas for further
|
||||
improvement, feature requests, etc. are welcome at j@w1.fi.
|
||||
Please note, that I often receive more email than I have time to answer.
|
||||
Unfortunately, some messages may not get a reply, but I'll try to go
|
||||
through my mail whenever time permits.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Host AP mailing list can also be used for topics related to
|
||||
hostapd. Since this list has a broader audience, your likelihood of
|
||||
getting responses is higher. This list is recommended for general
|
||||
questions about hostapd and its development. In addition, I
|
||||
will send release notes to it whenever a new version is available.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The mailing list information and web archive is at <a
|
||||
href="http://lists.shmoo.com/mailman/listinfo/hostap">http://lists.shmoo.com/mailman/listinfo/hostap</a>.
|
||||
Messages to hostap@shmoo.com will be delivered to the
|
||||
subscribers. Please note, that due to large number of spam and virus
|
||||
messages sent to the list address, the list is configured to accept
|
||||
messages only from subscribed addresses. Messages from unsubscribed addresses
|
||||
may be accepted manually, but their delivery will be delayed.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
If you want to make sure your bug report of feature request does not
|
||||
get lost, please report it through the bug tracking system as
|
||||
<a href="../bugz/enter_bug.cgi">a new
|
||||
bug/feature request</a>.
|
||||
</p>
|
||||
|
||||
<hr>
|
||||
<div>
|
||||
<address><a href="mailto:j@w1.fi">Jouni Malinen</a></address>
|
||||
<!-- Created: Sun Jan 2 17:20:17 PST 2005 -->
|
||||
<!-- hhmts start -->
|
||||
Last modified: Sun Feb 27 12:48:54 EET 2011
|
||||
<!-- hhmts end -->
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
284
www/index.html
284
www/index.html
@ -1,284 +0,0 @@
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<title>Host AP Linux driver for Intersil Prism2/2.5/3 wireless LAN cards and WPA Supplicant</title>
|
||||
<meta name="description" content="Linux driver for Host AP mode of Intersil Prism2/2.5/3 and WPA Supplicant">
|
||||
<meta name="keywords" content="Host AP, hostap, Prism2, Linux driver for Prism2, Linux access point, software access point, hostapd, IEEE 802.11, IEEE 802.1X, WPA, WPA2, WPA Supplicant, wpa_supplicant, IEEE 802.11i, TKIP, CCMP, EAP-PEAP, EAP-TLS, IEEE 802.1X Supplicant, IEEE 802.1aa, EAPOL, RSN, pre-authentication, PMKSA caching, BSD hostapd, FreeBSD hostapd, RADIUS, authentication server, wireless">
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<h2>Host AP driver for Intersil Prism2/2.5/3, hostapd, and WPA Supplicant</h2>
|
||||
|
||||
<h3><a name="intro">Introduction</a></h3>
|
||||
|
||||
<p>This project includes three main components:</p>
|
||||
<ul>
|
||||
<li>Host AP - Linux driver for Prism2/2.5/3</li>
|
||||
<li><a href="hostapd/">hostapd</a> - user space daemon for access points,
|
||||
including, e.g., IEEE 802.1X/WPA/EAP Authenticator for number of Linux and
|
||||
BSD drivers, RADIUS client, integrated EAP server, and RADIUS
|
||||
authentication server</li>
|
||||
<li><a href="wpa_supplicant/">wpa_supplicant</a> user space IEEE 802.1X/WPA
|
||||
supplicant (wireless client) for number of Linux, BSD, and Windows
|
||||
drivers</li>
|
||||
</ul>
|
||||
|
||||
<p>
|
||||
Host AP is a Linux driver for wireless LAN cards based on Intersil's
|
||||
Prism2/2.5/3 chipset. The driver supports a so called Host AP mode, i.e., it
|
||||
takes care of IEEE 802.11 management functions in the host computer
|
||||
and acts as an access point. This does not require any special
|
||||
firmware for the wireless LAN card. In addition to this, it has
|
||||
support for normal station operations in BSS and possible also in
|
||||
IBSS. WPA and RSN (WPA2) is supported when used with accompanied tools,
|
||||
wpa_supplicant (WPA/RSN Supplicant) and hostapd (WPA/RSN Authenticator). All
|
||||
these programs have been designed for both desktop/laptop computers and
|
||||
embedded systems.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Intersil's station firmware for Prism2 chipset supports a so called
|
||||
Host AP mode in which the firmware takes care of time critical tasks
|
||||
like beacon sending and frame acknowledging, but leaves other
|
||||
management tasks to host computer driver. This driver implements basic
|
||||
functionality needed to initialize and configure Prism2-based cards,
|
||||
to send and receive frames, and to gather statistics. In addition, it
|
||||
includes an implementation of following IEEE 802.11 functions:
|
||||
authentication (and deauthentication), association (reassociation, and
|
||||
disassociation), data transmission between two wireless stations,
|
||||
power saving (PS) mode signaling and frame buffering for PS
|
||||
stations. The driver has also various features for development
|
||||
debugging and for researching IEEE 802.11 environments like access to
|
||||
hardware configuration records, I/O registers, and frames with 802.11
|
||||
headers.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
When used with a user space daemon, the combination of the Host AP
|
||||
driver and hostapd daemon includes additional features. These include
|
||||
support for IEEE 802.1X and dynamic WEP rekeying, RADIUS Accounting,
|
||||
RADIUS-based ACL for IEEE 802.11 authentication, minimal IAPP (IEEE
|
||||
802.11f), WPA, IEEE 802.11i/RSN/WPA2.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
<a href="http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Wireless.html">Linux
|
||||
Wireless LAN Howto</a> has some useful information about wireless LAN support
|
||||
in Linux. In addition, it includes information about which cards are
|
||||
Prism2-based (and can thus be used in Host AP mode).
|
||||
</p>
|
||||
|
||||
<h3><a name="wpa_supplicant">WPA/RSN Supplicant (wpa_supplicant)</a></h3>
|
||||
|
||||
<p>More information is available on <a
|
||||
href="wpa_supplicant/">wpa_supplicant's own page</a>.</p>
|
||||
|
||||
<p>Supported WPA/IEEE 802.11i features:</p>
|
||||
<ul>
|
||||
<li>WPA-PSK ("WPA-Personal")</li>
|
||||
<li>WPA with EAP (e.g., with RADIUS authentication server) ("WPA-Enterprise")</li>
|
||||
<li>key management for CCMP, TKIP, WEP104, WEP40</li>
|
||||
<li>WPA and full IEEE 802.11i/RSN/WPA2</li>
|
||||
<li>RSN: PMKSA caching, pre-authentication</li>
|
||||
</ul>
|
||||
|
||||
<p>Supported drivers:</p>
|
||||
<ul>
|
||||
<li>Linux drivers that support Linux Wireless Extensions v19 or newer with
|
||||
WPA/WPA2 extensions</li>
|
||||
<li>Host AP driver for Prism2/2.5/3</li>
|
||||
<li>Linuxant DriverLoader with Windows NDIS driver supporting WPA</li>
|
||||
<li>Agere Systems Inc. Linux Driver (Hermes-I/Hermes-II chipset)</li>
|
||||
<li>madwifi (Atheros ar521x)</li>
|
||||
<li>ATMEL AT76C5XXx</li>
|
||||
<li>Linux ndiswrapper with Windows NDIS driver</li>
|
||||
<li>Broadcom wl.o driver</li>
|
||||
<li>Intel ipw2100 and ipw2200</li>
|
||||
<li>Wired Ethernet drivers</li>
|
||||
<li>BSD net80211 layer (e.g., Atheros driver) (FreeBSD 6-CURRENT)</li>
|
||||
<li>Windows NDIS drivers (Windows; at least XP and 2000, others not tested)</li>
|
||||
</ul>
|
||||
|
||||
<h3><a name="wpa_authenticator">WPA/RSN/EAP Authenticator (hostapd)</a></h3>
|
||||
|
||||
<p>More information is available on <a
|
||||
href="hostapd/">hostapd's own page</a>.</p>
|
||||
|
||||
<p>Supported WPA/IEEE 802.11i features:</p>
|
||||
<ul>
|
||||
<li>WPA-PSK ("WPA-Personal")</li>
|
||||
<li>WPA with EAP (e.g., with RADIUS authentication server) ("WPA-Enterprise")<br>
|
||||
<li>key management for CCMP, TKIP, WEP104, WEP40</li>
|
||||
<li>WPA and full IEEE 802.11i/RSN/WPA2</li>
|
||||
<li>RSN: PMKSA caching, pre-authentication</li>
|
||||
</ul>
|
||||
|
||||
<p>Supported drivers:</p>
|
||||
<ul>
|
||||
<li>Linux mac80211-based drivers with AP mode support</li>
|
||||
<li>Host AP driver for Prism2/2.5/3</li>
|
||||
<li>madwifi (Atheros ar521x)</li>
|
||||
<li>BSD net80211 layer (e.g., Atheros driver) (FreeBSD 6-CURRENT)</li>
|
||||
</ul>
|
||||
|
||||
<h3><a name="download">Download</a></h3>
|
||||
|
||||
<p>
|
||||
<b>Host AP driver</b><br>
|
||||
Copyright (c) 2001-2002, SSH Communications Security Corp and
|
||||
Jouni Malinen.<br>
|
||||
Copyright (c) 2002-2007, Jouni Malinen and contributors.<br>
|
||||
|
||||
Author: Jouni Malinen <j@w1.fi>
|
||||
</p>
|
||||
|
||||
<p>
|
||||
<b>Host AP utils</b><br>
|
||||
Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi>
|
||||
and contributors.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
<b>hostapd</b><br>
|
||||
Copyright (c) 2002-2011, Jouni Malinen <j@w1.fi>
|
||||
and contributors.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
<b>wpa_supplicant</b><br>
|
||||
Copyright (c) 2003-2011, Jouni Malinen <j@w1.fi>
|
||||
and contributors.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License version 2 as
|
||||
published by the Free Software Foundation. See
|
||||
<a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=COPYING">COPYING</a>
|
||||
for more details. hostapd and wpa_supplicant are alternatively
|
||||
available under BSD license.
|
||||
</p>
|
||||
|
||||
|
||||
<p>
|
||||
<b>Please see
|
||||
<a href="/cgi-bin/viewcvs.cgi/*checkout*/hostap/README?rev=HEAD&content-type=text/plain">README</a>
|
||||
for updated documentation of the driver.
|
||||
Please also check <a href="/cgi-bin/viewcvs.cgi/*checkout*/hostap/FAQ?rev=HEAD&content-type=text/plain">FAQ</a> before sending problem reports.</b>
|
||||
</p>
|
||||
|
||||
|
||||
<p>
|
||||
<b>Note!</b>
|
||||
Host AP driver was added into the main kernel tree in Linux
|
||||
v2.6.14. The version in the kernel tree should be used instead of this
|
||||
external hostap-driver package. The external releases are only for
|
||||
older kernel versions and all the future development will be in the
|
||||
main kernel tree.
|
||||
</p>
|
||||
|
||||
|
||||
<ul>
|
||||
<li><a href="releases.html">Release graph</a></li>
|
||||
<li>Latest stable release:
|
||||
<ul>
|
||||
<li><a href="releases/hostapd-0.7.3.tar.gz">hostapd-0.7.3.tar.gz</a>
|
||||
<li><a href="releases/wpa_supplicant-0.7.3.tar.gz">wpa_supplicant-0.7.3.tar.gz</a> (source code for all versions)</li>
|
||||
<li><a href="releases/wpa_supplicant-0.7.3.exe">wpa_supplicant-0.7.3.exe</a> (binary installer for Windows)</li>
|
||||
<li><a href="releases/wpa_supplicant-windows-bin-0.7.3.zip">wpa_supplicant-windows-bin-0.7.3.zip</a> (binaries for Windows)</li>
|
||||
</ul>
|
||||
<li>Previous stable release:
|
||||
<ul>
|
||||
<li><a href="releases/hostapd-0.6.10.tar.gz">hostapd-0.6.10.tar.gz</a>
|
||||
<li><a href="releases/wpa_supplicant-0.6.10.tar.gz">wpa_supplicant-0.6.10.tar.gz</a> (source code for all versions)</li>
|
||||
<li><a href="releases/wpa_supplicant-0.6.10.exe">wpa_supplicant-0.6.10.exe</a> (binary installer for Windows)</li>
|
||||
<li><a href="releases/wpa_supplicant-windows-bin-0.6.10.zip">wpa_supplicant-windows-bin-0.6.10.zip</a> (binaries for Windows)</li>
|
||||
<li><a href="wpa_supplicant/qt4/wpa_gui-qt433-windows-dll.zip">wpa_gui-qt433-windows-dll.zip</a> (Qt4 libraries from wpa_gui/Windows)</li>
|
||||
</ul>
|
||||
<!--
|
||||
<li>Latest development release:
|
||||
<ul>
|
||||
<li><a href="releases/hostapd-0.8.0.tar.gz">hostapd-0.8.0.tar.gz</a>
|
||||
<li><a href="releases/wpa_supplicant-0.8.0.tar.gz">wpa_supplicant-0.8.0.tar.gz</a> (source code for all versions)</li>
|
||||
<li><a href="releases/wpa_supplicant-0.8.0.exe">wpa_supplicant-0.8.0.exe</a> (binary installer for Windows)</li>
|
||||
<li><a href="releases/wpa_supplicant-windows-bin-0.8.0.zip">wpa_supplicant-windows-bin-0.8.0.zip</a> (binaries for Windows)</li>
|
||||
</ul>
|
||||
-->
|
||||
<li>ChangeLog:
|
||||
<ul>
|
||||
<li>hostapd:
|
||||
<a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=hostapd/ChangeLog">[development branch]</a>
|
||||
<a href="/gitweb/gitweb.cgi?p=hostap-07.git;a=blob_plain;f=hostapd/ChangeLog">[stable branch]</a>
|
||||
<a href="/gitweb/gitweb.cgi?p=hostap-06.git;a=blob_plain;f=hostapd/ChangeLog">[previous stable branch]</a>
|
||||
<li>wpa_supplicant:
|
||||
<a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/ChangeLog">[development branch]</a>
|
||||
<a href="/gitweb/gitweb.cgi?p=hostap-07.git;a=blob_plain;f=wpa_supplicant/ChangeLog">[stable branch]</a>
|
||||
<a href="/gitweb/gitweb.cgi?p=hostap-06.git;a=blob_plain;f=wpa_supplicant/ChangeLog">[previous stable branch]</a>
|
||||
</ul>
|
||||
<li><a href="releases/">Old releases</a>
|
||||
<li><a href="http://lists.shmoo.com/mailman/listinfo/hostap">Mailing list</a>
|
||||
<li><a href="http://lists.shmoo.com/pipermail/hostap/">New mailing list archives</a>
|
||||
<li><a href="hostap/">Old mailing list archives</a>
|
||||
<li><a href="htdig/">Search mailing list archives</a>
|
||||
<li><a href="/gitweb/gitweb.cgi">Web interface to GIT repository (0.6.x and newer)</a></li>
|
||||
<li><a href="/cgi-bin/viewcvs.cgi/hostap/">Web interface to CVS repository (0.5.x and older)</a></li>
|
||||
<li><a href="releases/snapshots/">Snapshot releases from all active branches</a>
|
||||
<li><a href="cvs.html">GIT and read-only anonymous CVS access (pserver)</a>
|
||||
<li><a href="links.html">Host AP related links</a>
|
||||
<li><a href="bugz/">Bug and feature request tracking</a></li>
|
||||
</ul>
|
||||
|
||||
<h3>Wireless Tools for Linux</h3>
|
||||
|
||||
<p>
|
||||
Please, note that you will need quite recent version of Wireless Tools
|
||||
to use some features of the Host AP driver. Using the
|
||||
<a href="http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Tools.html#latest">latest</a>
|
||||
version of the tools is recommended. Some features might also require latest beta version.
|
||||
</p>
|
||||
|
||||
<h3>Feedback, comments, mailing list</h3>
|
||||
|
||||
<p>
|
||||
Any comments, reports on success/failure, ideas for further
|
||||
improvement, feature requests, etc. are welcome at j@w1.fi.
|
||||
Please note, that I often receive more email than I have time to answer.
|
||||
Unfortunately, some messages may not get a reply, but I'll try to go
|
||||
through my mail whenever time permits.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
There is also a mailing list for Host AP related messages.
|
||||
Since this list has a broader audience, your likelihood of getting
|
||||
responses is higher. This list is recommended for general questions
|
||||
about Host AP driver and its development. In addition, I will send
|
||||
release notes to it whenever a new version is available.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The mailing list information and web archive is at <a
|
||||
href="http://lists.shmoo.com/mailman/listinfo/hostap">http://lists.shmoo.com/mailman/listinfo/hostap</a>.
|
||||
Messages to hostap@shmoo.com will be delivered to the
|
||||
subscribers. Please note, that due to large number of spam and virus
|
||||
messages sent to the list address, the list is configured to accept
|
||||
messages only from subscribed addresses. Messages from unsubscribed addresses
|
||||
may be accepted manually, but their delivery will be delayed.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
If you want to make sure your bug report of feature request does not
|
||||
get lost, please report it through the bug tracking system as
|
||||
<a href="bugz/enter_bug.cgi">a new bug/feature request</a>.
|
||||
</p>
|
||||
|
||||
<hr>
|
||||
<div>
|
||||
<address><a href="mailto:j@w1.fi">Jouni Malinen</a></address>
|
||||
<!-- Created: Mon May 27 20:08:41 EEST 2002 -->
|
||||
<!-- hhmts start -->
|
||||
Last modified: Sun Feb 27 12:51:48 EET 2011
|
||||
<!-- hhmts end -->
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
@ -1,56 +0,0 @@
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<title>Host AP related links</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<h2>Host AP related links</h2>
|
||||
|
||||
<p>
|
||||
Here are some miscellaneous links to pages related to Host AP mode,
|
||||
driver, etc. Please send any corrections or additions to <a
|
||||
href="mailto:j@w1.fi">Jouni Malinen</a> (j@w1.fi).
|
||||
</p>
|
||||
|
||||
|
||||
<h3>General information</h3>
|
||||
|
||||
<ul>
|
||||
<li><a href="http://www.personaltelco.net/index.cgi/HostApMode">PersonalTelco: HostApMode</a>
|
||||
<li><a href="http://trekweb.com/~jasonb/articles/hostap_20030727.shtml">Jason Boxman: Installing and Setting up basic HostAP box</a>
|
||||
<li><a href="http://pachome.pacific.net.sg/~yanghwee/sub/How-To-wirelessAP.html">Yang-Hwee TAN: How-To Setup WirelessAP in Linux using HostAP driver</a>
|
||||
<li><a href="http://linux.junsun.net/intersil-prism/">Jun Sun's
|
||||
Mini-howto on Flashing Intersil Prism Chipsets</a>
|
||||
<li><a href="http://home.columbus.rr.com/andrewbarr/dwl520e1.html">Andrew Barr: Using the D-Link DWL-520 rev. E1 with HostAP</a>
|
||||
</ul>
|
||||
|
||||
|
||||
<h3>IEEE 802.1X (port-based network access control)</h3>
|
||||
|
||||
<ul>
|
||||
<li><a href="http://standards.ieee.org/getieee802/download/802.1X-2001.pdf">IEEE 802.1X-2001 standard from <i>Get IEEE 802</i></a>
|
||||
<li><a href="http://www.open1x.org/">Open1x (open source implementation of IEEE 802.1X)</a>
|
||||
<li><a href="http://www.freeradius.org/">FreeRADIUS</a>
|
||||
<li><a href="http://www.missl.cs.umd.edu/wireless/eaptls/">Adam Sulmicki: HOWTO on EAP/TLS authentication between FreeRADIUS and XSupplicant</a>
|
||||
</ul>
|
||||
|
||||
|
||||
<h3>Information in other languages</h3>
|
||||
|
||||
<ul>
|
||||
<li><a href="http://bulmalug.net/body.phtml?nIdNoticia=1309">Redes Wireless con Linux (Spanish)</a>
|
||||
<li><a href="http://bulmalug.net/body.phtml?nIdNoticia=1313">Résaux Sans Fils avec Linux (French)</a>
|
||||
</ul>
|
||||
|
||||
<hr>
|
||||
<div>
|
||||
<address><a href="mailto:j@w1.fi">Jouni Malinen</a></address>
|
||||
<!-- Created: Sat Aug 31 12:09:59 EEST 2002 -->
|
||||
<!-- hhmts start -->
|
||||
Last modified: Thu Mar 8 19:44:09 PST 2007
|
||||
<!-- hhmts end -->
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
@ -1,41 +0,0 @@
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<title>Host AP driver / wpa_supplicant / hostapd releases</title>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
|
||||
<p>
|
||||
|
||||
<a href="index.html">Host AP driver</a> /
|
||||
<a href="wpa_supplicant/">wpa_supplicant</a> /
|
||||
<a href="hostapd/">hostapd</a> releases
|
||||
|
||||
</p>
|
||||
|
||||
<p>
|
||||
|
||||
<img src="versions.png"><br clear="all">
|
||||
|
||||
<ul>
|
||||
<li>green background = stable release</li>
|
||||
<li>white background = development release</li>
|
||||
<li>letters after the version (what was included in the release):
|
||||
<ul>
|
||||
<li>d = Host AP driver</li>
|
||||
<li>u = Host AP driver utilities</li>
|
||||
<li>h = hostapd</li>
|
||||
<li>w = wpa_supplicant</li>
|
||||
</ul></li>
|
||||
</ul>
|
||||
</p>
|
||||
|
||||
<hr>
|
||||
<address><a href="mailto:j@w1.fi">Jouni Malinen</a></address>
|
||||
<!-- Created: Mon Feb 20 11:14:29 PST 2006 -->
|
||||
<!-- hhmts start -->
|
||||
Last modified: Thu Mar 8 19:44:22 PST 2007
|
||||
<!-- hhmts end -->
|
||||
</body>
|
||||
</html>
|
116
www/versions.dot
116
www/versions.dot
@ -1,116 +0,0 @@
|
||||
digraph versions {
|
||||
size="10,6"
|
||||
# rankdir=LR
|
||||
|
||||
# development releases
|
||||
|
||||
node [shape=box]
|
||||
v001 [label="0.0.1 duh\n2003-04-05"]
|
||||
v002 [label="0.0.2 duh\n2003-05-03"]
|
||||
v003 [label="0.0.3 duh\n2003-05-18"]
|
||||
v004 [label="0.0.4 duh\n2003-07-27"]
|
||||
v010 [label="0.1.0 duh\n2003-10-14"]
|
||||
v020 [label="0.2.0 duhw\n2004-02-15"]
|
||||
v021 [label="0.2.1 duhw\n2004-05-06"]
|
||||
v022 [label="0.2.2 dhw\n2004-05-31"]
|
||||
v023 [label="0.2.3 dhw\n2004-06-20"]
|
||||
v030 [label="0.3.0 duhw\n2004-12-05"]
|
||||
v031 [label="0.3.1 hw\n2004-12-12"]
|
||||
v032 [label="0.3.2 duhw\n2004-12-19"]
|
||||
v033 [label="0.3.3 dhw\n2005-01-02"]
|
||||
v034 [label="0.3.4 hw\n2005-01-09"]
|
||||
v035 [label="0.3.5 dhw\n2005-01-23"]
|
||||
v036 [label="0.3.6 w\n2005-01-24"]
|
||||
|
||||
v040 [label="0.4.0 duhw\n2005-04-25"]
|
||||
v041 [label="0.4.1 dhw\n2005-05-22"]
|
||||
v042 [label="0.4.2 hw\n2005-06-12"]
|
||||
v043 [label="0.4.3 hw\n2005-06-26"]
|
||||
v044 [label="0.4.4 dhw\n2005-08-21"]
|
||||
v045 [label="0.4.5 dhw\n2005-09-25"]
|
||||
v046 [label="0.4.6 hw\n2005-10-27"]
|
||||
v050 [label="0.5.0 hw\n2005-12-18"]
|
||||
v051 [label="0.5.1 hw\n2006-01-29"]
|
||||
v052 [label="0.5.2 hw\n2006-03-19"]
|
||||
v053 [label="0.5.3 hw\n2006-04-27"]
|
||||
v054 [label="0.5.4 hw\n2006-06-20"]
|
||||
v055 [label="0.5.5 hw\n2006-08-27"]
|
||||
v056 [label="0.5.6 hw\n2006-11-24"]
|
||||
v060 [label="0.6.0 hw\n2007-05-28"]
|
||||
v061 [label="0.6.1 hw\n2007-11-24"]
|
||||
v062 [label="0.6.2 hw\n2008-01-01"]
|
||||
v063 [label="0.6.3 hw\n2008-02-22"]
|
||||
v064 [label="0.6.4 hw\n2008-08-10"]
|
||||
v065 [label="0.6.5 hw\n2008-11-01"]
|
||||
v066 [label="0.6.6 hw\n2008-11-23"]
|
||||
v067 [label="0.6.7 hw\n2009-01-06"]
|
||||
|
||||
v070 [label="0.7.0 hw\n2009-11-21"]
|
||||
v071 [label="0.7.1 hw\n2010-01-16"]
|
||||
v072 [label="0.7.2 hw\n2010-04-18"]
|
||||
|
||||
# stable releases
|
||||
|
||||
node [fillcolor=green style=filled]
|
||||
v024 [label="0.2.4 dhw\n2004-07-17"]
|
||||
v025 [label="0.2.5 dhw\n2004-10-03"]
|
||||
v026 [label="0.2.6 duhw\n2004-12-25"]
|
||||
v027 [label="0.2.7 w\n2005-02-13"]
|
||||
v028 [label="0.2.8 duhw\n2006-02-20"]
|
||||
v037 [label="0.3.7 duhw\n2005-02-12"]
|
||||
v038 [label="0.3.8 w\n2005-02-13"]
|
||||
v039 [label="0.3.9 dhw\n2005-06-10"]
|
||||
v0310 [label="0.3.10 dhw\n2006-02-12"]
|
||||
v0311 [label="0.3.11 hw\n2006-05-13"]
|
||||
v047 [label="0.4.7 duhw\n2005-11-20"]
|
||||
v048 [label="0.4.8 hw\n2006-02-08"]
|
||||
v049 [label="0.4.9 dhw\n2006-05-06"]
|
||||
v0410 [label="0.4.10 hw\n2007-02-19"]
|
||||
v0411 [label="0.4.11 hw\n2008-02-23"]
|
||||
v057 [label="0.5.7 hw\n2006-12-31"]
|
||||
v058 [label="0.5.8 hw\n2007-05-28"]
|
||||
v059 [label="0.5.9 hw\n2007-12-02"]
|
||||
v0510 [label="0.5.10 hw\n2008-02-19"]
|
||||
v0511 [label="0.5.11 hw\n2008-11-28"]
|
||||
v068 [label="0.6.8 hw\n2009-02-15"]
|
||||
v069 [label="0.6.9 hw\n2009-03-23"]
|
||||
v0610 [label="0.6.10 hw\n2010-01-12"]
|
||||
v073 [label="0.7.3 hw\n2010-09-07"]
|
||||
|
||||
# development releases
|
||||
|
||||
v001 -> v002 -> v003 -> v004
|
||||
v004 -> v010 -> v020 -> v021 -> v022 -> v023 -> v024
|
||||
v024 -> v030 -> v031 -> v032 -> v033 -> v034 -> v035 -> v036 -> v037
|
||||
v037 -> v040 -> v041 -> v042 -> v043 -> v044 -> v045 -> v046 -> v047
|
||||
v047 -> v050 -> v051 -> v052 -> v053 -> v054 -> v055 -> v056 -> v057
|
||||
v057 -> v060 -> v061 -> v062 -> v063 -> v064 -> v065 -> v066 -> v067 -> v068
|
||||
v068 -> v070 -> v071 -> v072 -> v073
|
||||
|
||||
{rank=same; v001 v024}
|
||||
{rank=same; v030 v037}
|
||||
{rank=same; v040 v047}
|
||||
{rank=same; v050 v057}
|
||||
{rank=same; v060 v068}
|
||||
{rank=same; v070 v073}
|
||||
|
||||
# stable releases
|
||||
|
||||
v024 -> v025 -> v026 -> v027 -> v028
|
||||
v037 -> v038 -> v039 -> v0310 -> v0311
|
||||
v047 -> v048 -> v049 -> v0410 -> v0411
|
||||
v057 -> v058 -> v059 -> v0510 -> v0511
|
||||
v068 -> v069 -> v0610
|
||||
v073
|
||||
|
||||
{rank=same; v024 v025 v026 v027 v028}
|
||||
{rank=same; v037 v038 v039 v0310 v0311}
|
||||
{rank=same; v047 v048 v049 v0410 v0411}
|
||||
{rank=same; v057 v058 v059 v0510 v0511}
|
||||
{rank=same; v068 v069 v0610}
|
||||
{rank=same; v073}
|
||||
|
||||
# edge [style=dashed,color=red]
|
||||
# v030 -> v036
|
||||
|
||||
}
|
@ -1,26 +0,0 @@
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<title>Introduction to wireless authentication modes</title>
|
||||
<link rel="stylesheet" type="text/css" href="configure.css" />
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div id="navig">
|
||||
<a href="../">wpa_supplicant</a> /
|
||||
<a href="index.html">configuration</a> /
|
||||
authentication modes
|
||||
</div>
|
||||
|
||||
<h1>Introduction to wireless authentication modes</h1>
|
||||
|
||||
<p class="todo">TODO</p>
|
||||
|
||||
<hr>
|
||||
<address><a href="mailto:j@w1.fi">Jouni Malinen</a></address>
|
||||
<!-- Created: Sat Feb 25 19:53:25 PST 2006 -->
|
||||
<!-- hhmts start -->
|
||||
Last modified: Sun Feb 26 13:46:58 PST 2006
|
||||
<!-- hhmts end -->
|
||||
</body>
|
||||
</html>
|
@ -1,49 +0,0 @@
|
||||
body{
|
||||
font: normal 80% Verdana, Helvetica;
|
||||
}
|
||||
|
||||
.confdesc{
|
||||
width: 80%;
|
||||
border: 1px solid black;
|
||||
background-color: #ededed;
|
||||
padding: 5px;
|
||||
font-size: 90%;
|
||||
visibility: hidden;
|
||||
margin-left: 30px;
|
||||
}
|
||||
|
||||
.exampleconf{
|
||||
width: 98%;
|
||||
border: 1px solid black;
|
||||
background-color: #ededed;
|
||||
padding: 5px;
|
||||
font-family: Courier;
|
||||
font-size: 100%;
|
||||
}
|
||||
|
||||
.todo{
|
||||
font-style: italic;
|
||||
color: red;
|
||||
}
|
||||
|
||||
.error{
|
||||
color: red;
|
||||
}
|
||||
|
||||
.credlayer{
|
||||
display: none;
|
||||
}
|
||||
|
||||
#navig{
|
||||
font: normal 100% Verdana, Helvetica;
|
||||
margin-left: 0px;
|
||||
margin-top: 0px;
|
||||
padding: 0px;
|
||||
margin: 0px;
|
||||
display: inline;
|
||||
}
|
||||
|
||||
#navig a {
|
||||
text-decoration: none;
|
||||
color: navy;
|
||||
}
|
@ -1,240 +0,0 @@
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<title>wpa_supplicant configuration wizard</title>
|
||||
<script type="text/javascript" src="configure.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="configure.css" />
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div id="navig">
|
||||
<a href="../">wpa_supplicant</a> /
|
||||
<a href="index.html">configuration</a> /
|
||||
wizard
|
||||
</div>
|
||||
|
||||
<h1>wpa_supplicant configuration wizard</h1>
|
||||
|
||||
<p><a href="../">wpa_supplicant</a> supports large range of security
|
||||
modes and authentication types. Just looking at the reference
|
||||
information of available configuration options may not provide enough
|
||||
high level understanding to select which options are needed. This page
|
||||
provides information about configuring wpa_supplicant and a wizard for
|
||||
generating example configuration files to make it easier to understand
|
||||
different security policies and how they should be configured for
|
||||
wpa_supplicant.</p>
|
||||
|
||||
<p>The wizard goes through steps to select suitable options based on
|
||||
your input. An example configuration file is updated at each
|
||||
step. This example can be seen at the bottom of this page.</p>
|
||||
|
||||
<h2>Step 1/5: Operating system and driver</h2>
|
||||
|
||||
<p>wpa_supplicant can be used with multiple operating systems and
|
||||
network drivers. Most of the configuration parameters do not depend on
|
||||
this, but some of the parameters may need to be changed based on
|
||||
OS/driver capabilities.</p>
|
||||
|
||||
<form name="os_driver">
|
||||
<select name="os" onChange="configure_os()" onBlur="configure_os()">
|
||||
<option value="select">Select your operating system</option>
|
||||
<option value="linux">Linux</option>
|
||||
<option value="windows">Windows 2000/NT/XP</option>
|
||||
<option value="bsd">FreeBSD/NetBSD</option>
|
||||
<option value="other">Other</option>
|
||||
</select>
|
||||
<select name="driver" onChange="configure_driver()" disabled="disabled">
|
||||
</select>
|
||||
</form>
|
||||
|
||||
<div id="os_desc" class="confdesc"></div>
|
||||
|
||||
|
||||
<h2>Step 2/5: Network name</h2>
|
||||
|
||||
<p>
|
||||
Wireless networks have a "network name" (SSID = Service Set
|
||||
Identifier). This is a sequence of up to 32 characters. This name is
|
||||
used to select which access points (AP) can be used and as such, it
|
||||
must match with the SSID configured for the desired AP.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Some APs allow SSIDs to be "hidden" which requires that the client is
|
||||
specifically searching for the configured to SSID to be able to
|
||||
connect. This may require some additional options in wpa_supplicant
|
||||
configuration, so enable those here by checking "hidden SSID" if your
|
||||
AP is configured to hide the SSID. This may show up as "brodcast SSID
|
||||
disabled" or "hidden SSID" or something similar in the AP
|
||||
configuration. Hidden SSID configuration does not prevent
|
||||
wpa_supplicant from connecting to APs that do not hide SSID, so it can
|
||||
be enabled for all cases.
|
||||
</p>
|
||||
|
||||
<form name="network">
|
||||
SSID: <input type="text" name="ssid" onChange="update_conf()">
|
||||
<input type="checkbox" name="hidden_ssid" onChange="update_conf()">hidden SSID
|
||||
</form>
|
||||
|
||||
|
||||
<h2>Step 3/5: Authentication mode</h2>
|
||||
|
||||
<p class="todo">TODO: write explanation for different modes</p>
|
||||
|
||||
<form name="authmode">
|
||||
<select name="auth" onChange="configure_auth()" onBlur="configure_auth()">
|
||||
<option value="select">Select authentication mode</option>
|
||||
<option value="open">None (unencrypted, open network)</option>
|
||||
<option value="wep">None (encrypted network, static WEP keys)</option><
|
||||
<option value="ieee8021x">IEEE 802.1X/EAP without WPA</option>
|
||||
<option value="wpa-psk">WPA/WPA2-Personal (PSK) (IEEE 802.11i)</option>
|
||||
<option value="wpa-eap">WPA/WPA2-Enterprise (EAP) (IEEE 802.11i)</option>
|
||||
</select>
|
||||
<select name="auth2" onChange="configure_auth2()" disabled="auth2">
|
||||
</select>
|
||||
</form>
|
||||
|
||||
<div id="auth_desc" class="confdesc"></div>
|
||||
|
||||
|
||||
<h2>Step 4/5: Encryption</h2>
|
||||
|
||||
<p class="todo">TODO: different group cipher for WPA/WPA2</p>
|
||||
|
||||
<form name="encrmode">
|
||||
<select name="encr" onChange="configure_encr()" onBlur="configure_encr()">
|
||||
<option value="select">Select encryption</option>
|
||||
<option value="none">None (unencrypted open network)</option>
|
||||
<option value="wep">WEP (Wired Equivalent Privacy)</option>
|
||||
<option value="tkip">TKIP (Temporal Key Integrity Protocol)</option>
|
||||
<option value="ccmp">CCMP (AES Counter-Mode/CBC-MAC Protocol)</option>
|
||||
</select>
|
||||
</form>
|
||||
|
||||
<div id="encr_desc" class="confdesc"></div>
|
||||
|
||||
|
||||
<h2>Step 5/5: Authentication credentials</h2>
|
||||
|
||||
<div id="cred_unknown">
|
||||
Authentication mode (Step 3) must be selected first.
|
||||
</div>
|
||||
|
||||
<div id="cred_open" class="credlayer">
|
||||
No credentials needed for open network.
|
||||
</div>
|
||||
|
||||
<div id="cred_wep" class="credlayer">
|
||||
<p>
|
||||
Static WEP keys requires that at least one key is configured. Up to
|
||||
four keys can be configured and one of them needs to be selected to be
|
||||
used for transmitted frames. All configured keys can be used when
|
||||
decrypting received frames.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
WEP can be used with different key length. In most cases, either
|
||||
40-bit or 104-bit keys are used. These key lengths may also be shown
|
||||
as 64-bit and 128-bit in some cases since WEP adds 24-bit
|
||||
initialization vector into the keys. 40-bit keys can be entered as
|
||||
five character string surrounded with double quotation marks, e.g.,
|
||||
"abcde". Alternatively, they can be entered as a hex string of ten
|
||||
characters without quotation marks, e.g., 6162636465. Both of these
|
||||
options configure the same key. 104-bit keys are entered similarly,
|
||||
with 13-character text string or 26-character hex string.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
wpa_supplicant uses indexes 0 .. 3 for the WEP keys. Some other user
|
||||
interfaces may use indexes 1 .. 4, so this needs to be taken into
|
||||
account when determining which index to use here.
|
||||
</p>
|
||||
|
||||
<form name="cred_wep_form">
|
||||
WEP key 0: <input type="text" name="wep0" onChange="configure_wep()"><br>
|
||||
WEP key 1: <input type="text" name="wep1" onChange="configure_wep()"><br>
|
||||
WEP key 2: <input type="text" name="wep2" onChange="configure_wep()"><br>
|
||||
WEP key 3: <input type="text" name="wep3" onChange="configure_wep()"><br>
|
||||
Transmit key <select name="wep_tx_idx">
|
||||
<option value="0">0
|
||||
<option value="1">1
|
||||
<option value="2">2
|
||||
<option value="3">3
|
||||
</select>
|
||||
</form>
|
||||
</div>
|
||||
|
||||
<div id="cred_psk" class="credlayer">
|
||||
<p>
|
||||
Passphrase (string of 8 to 63 characters) needs to be configured for
|
||||
WPA/WPA2-Personal. This passphrase is then converted into a 256-bit
|
||||
pre-shared key (PSK). Alternatively, a 256-bit PSK can be entered as
|
||||
64-character hex string into the PSK field. Only one of these options
|
||||
should be used.
|
||||
</p>
|
||||
<form name="cred_psk_form">
|
||||
Passphrase: <input type="text" name="passphrase" onChange="configure_passphrase()">
|
||||
PSK: <input type="text" name="psk" size=64 onChange="configure_passphrase()">
|
||||
</form>
|
||||
</div>
|
||||
|
||||
<div id="cred_eap" class="credlayer">
|
||||
<p class="todo">TODO: write introduction text for each EAP method</p>
|
||||
<form name="cred_eap_form">
|
||||
EAP method: <select name="eap" onChange="update_eap()">
|
||||
<option value="select">Select EAP method</option>
|
||||
<option value="TLS">EAP-TLS</option>
|
||||
<option value="PEAP">EAP-PEAP</option>
|
||||
<option value="TTLS">EAP-TTLS</option>
|
||||
<option value="FAST">EAP-FAST</option>
|
||||
<option value="LEAP">LEAP</option>
|
||||
<option value="MD5">EAP-MD5</option>
|
||||
<option value="GTC">EAP-GTC</option>
|
||||
<option value="OTP">EAP-OTP</option>
|
||||
<option value="MSCHAPV2">EAP-MSCHAPv2</option>
|
||||
</select>
|
||||
Tunneled method (phase 2): <select name="phase2" disabled="disabled" onChange="update_eap2()">
|
||||
</select><br>
|
||||
Identity (user name): <input type="text" name="identity" onChange="configure_eap()"><br>
|
||||
Anonymous identity (user name): <input type="text" name="anon_identity" onChange="configure_eap()" disabled="disabled"><br>
|
||||
Password: <input type="text" name="password" onChange="configure_eap()" disabled="disabled"><br>
|
||||
CA certificate: <input type="text" name="ca_cert" onChange="configure_eap()" disabled="disabled"><br>
|
||||
User certificate: <input type="text" name="client_cert" onChange="configure_eap()" disabled="disabled"><br>
|
||||
User private key: <input type="text" name="private_key" onChange="configure_eap()" disabled="disabled"><br>
|
||||
User private key passphrase: <input type="text" name="private_key_passwd" onChange="configure_eap()" disabled="disabled"><br>
|
||||
EAP-FAST PAC file: <input type="text" name="pac_file" onChange="configure_eap()" disabled="disabled"><br>
|
||||
</form>
|
||||
</div>
|
||||
|
||||
<div id="cred_desc" class="confdesc"></div>
|
||||
|
||||
|
||||
<h2>Example configuration</h2>
|
||||
|
||||
<form>
|
||||
Configuration example is updated automatically when modifying
|
||||
information above. However, if it is not updated in some cases (e.g.,
|
||||
after reloading the page), you can force an update with this button.<br>
|
||||
<input type="button" value="Update configuration" onClick="update_conf()">
|
||||
</form>
|
||||
|
||||
<p>
|
||||
This configuration file can be copied to a text file that
|
||||
wpa_supplicant will then be asked to use with <i>-c<full path to
|
||||
configuration file></i> command line option.
|
||||
</p>
|
||||
|
||||
<div id="exampleconf" class="exampleconf">
|
||||
# example configuration will be generated here<br>
|
||||
</div>
|
||||
|
||||
<br>
|
||||
|
||||
<hr>
|
||||
<address><a href="mailto:j@w1.fi">Jouni Malinen</a></address>
|
||||
<!-- Created: Sat Feb 25 17:07:35 PST 2006 -->
|
||||
<!-- hhmts start -->
|
||||
Last modified: Sun Feb 26 13:47:30 PST 2006
|
||||
<!-- hhmts end -->
|
||||
</body>
|
||||
</html>
|
@ -1,544 +0,0 @@
|
||||
var conf_ap_scan = -1;
|
||||
var conf_wired = false;
|
||||
|
||||
function configure_os()
|
||||
{
|
||||
var os = document.os_driver.os.value;
|
||||
document.os_driver.driver.disabled = false;
|
||||
document.os_driver.driver[0] = new Option("Select your driver", "select");
|
||||
if (os == "linux") {
|
||||
document.os_driver.driver[1] = new Option("madwifi", "madwifi");
|
||||
document.os_driver.driver[2] = new Option("Host AP (Prism2/2.5/3)", "hostap");
|
||||
document.os_driver.driver[3] = new Option("Intel ipw2100/2200", "ipw");
|
||||
document.os_driver.driver[4] = new Option("Any wired Ethernet driver", "linux_wired");
|
||||
document.os_driver.driver[5] = new Option("Other", "other linux");
|
||||
} else if (os == "windows") {
|
||||
document.os_driver.driver[1] = new Option("Any wireless NDIS driver", "ndis_wireless");
|
||||
document.os_driver.driver[2] = new Option("Any wired (Ethernet) NDIS driver", "ndis_wired");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
function configure_driver()
|
||||
{
|
||||
var drv = document.os_driver.driver.value;
|
||||
var t = document.getElementById("os_desc");
|
||||
|
||||
t.innerHTML = "";
|
||||
t.style.visibility = "hidden";
|
||||
|
||||
if (drv == "ndis_wireless") {
|
||||
conf_ap_scan = 2;
|
||||
t.innerHTML = "All wireless Windows NDIS drivers support AP selection " +
|
||||
"and roaming, so in most cases, configuring the driver to take care " +
|
||||
"of this by setting ap_scan=2 is the recommended configuration for " +
|
||||
"Windows.";
|
||||
t.style.visibility = "visible";
|
||||
} else if (drv == "ndis_wired" || drv == "linux_wired") {
|
||||
conf_ap_scan = 0;
|
||||
conf_wired = true;
|
||||
} else
|
||||
conf_ap_scan = 1;
|
||||
|
||||
update_conf();
|
||||
}
|
||||
|
||||
|
||||
function update_encr()
|
||||
{
|
||||
var auth = document.authmode.auth.value;
|
||||
var t = document.getElementById("encr_desc");
|
||||
|
||||
for (i = 0; i < 6; i++)
|
||||
document.encrmode.encr[i] = null;
|
||||
if (auth == "open") {
|
||||
document.encrmode.encr[0] = new Option("None (unencrypted open network)", "none");
|
||||
document.encrmode.encr.selectedIndex = 0;
|
||||
t.innerHTML = "Based on the selected authentication mode (open network), only 'None' is an allowed encryption mode.";
|
||||
t.style.visibility = "visible";
|
||||
} else if (auth == "wep") {
|
||||
document.encrmode.encr[0] = new Option("WEP (Wired Equivalent Privacy)", "wep");
|
||||
document.encrmode.encr.selectedIndex = 0;
|
||||
t.innerHTML = "Based on the selected authentication mode (WEP), only 'WEP' is an allowed encryption mode.";
|
||||
t.style.visibility = "visible";
|
||||
} else if (auth == "ieee8021x") {
|
||||
document.encrmode.encr[0] = new Option("None (unencrypted open network)", "none");
|
||||
document.encrmode.encr[1] = new Option("WEP (Wired Equivalent Privacy)", "wep");
|
||||
document.encrmode.encr.selectedIndex = conf_wired ? 0 : 1;
|
||||
t.innerHTML = "Based on the selected authentication mode (IEEE 802.1X), either 'None' or 'WEP' can be selected. In wireless networks, this is most likely going to be 'WEP' and in wired networks, only 'None' is allowed.";
|
||||
t.style.visibility = "visible";
|
||||
} else if (auth == "wpa-psk" || auth == "wpa-eap") {
|
||||
document.encrmode.encr[0] = new Option("TKIP (Temporal Key Integrity Protocol)", "tkip");
|
||||
document.encrmode.encr[1] = new Option("CCMP (AES Counter-Mode/CBC-MAC Protocol)", "ccmp");
|
||||
document.encrmode.encr.selectedIndex = (document.authmode.auth2.value == "wpa1") ? 0 : 1;
|
||||
t.innerHTML = "Based on the selected authentication mode (WPA/WPA2), either 'TKIP' or 'CCMP' can be selected. Most WPA networks are using TKIP whereas WPA2 defaults to CCMP.";
|
||||
t.style.visibility = "visible";
|
||||
} else {
|
||||
t.innerHTML = "";
|
||||
t.style.visibility = "hidden";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
function update_cred()
|
||||
{
|
||||
var auth = document.authmode.auth.value;
|
||||
var t;
|
||||
|
||||
t = document.getElementById("cred_unknown");
|
||||
t.style.display = "none";
|
||||
t = document.getElementById("cred_open");
|
||||
t.style.display = "none";
|
||||
t = document.getElementById("cred_wep");
|
||||
t.style.display = "none";
|
||||
t = document.getElementById("cred_psk");
|
||||
t.style.display = "none";
|
||||
t = document.getElementById("cred_eap");
|
||||
t.style.display = "none";
|
||||
|
||||
if (auth == "open") {
|
||||
t = document.getElementById("cred_open");
|
||||
t.style.display = "block";
|
||||
} else if (auth == "wep") {
|
||||
t = document.getElementById("cred_wep");
|
||||
t.style.display = "block";
|
||||
} else if (auth == "wpa-psk") {
|
||||
t = document.getElementById("cred_psk");
|
||||
t.style.display = "block";
|
||||
} else if (auth == "ieee8021x" || auth == "wpa-eap") {
|
||||
t = document.getElementById("cred_eap");
|
||||
t.style.display = "block";
|
||||
} else {
|
||||
t = document.getElementById("cred_unknown");
|
||||
t.style.display = "block";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
function configure_auth()
|
||||
{
|
||||
var auth = document.authmode.auth.value;
|
||||
|
||||
document.authmode.auth2[0] = null;
|
||||
document.authmode.auth2[1] = null;
|
||||
document.authmode.auth2.disabled = true;
|
||||
if (auth == "wep") {
|
||||
document.authmode.auth2[0] = new Option("Open System authentication", "open");
|
||||
document.authmode.auth2[1] = new Option("Shared Key authentication", "shared");
|
||||
document.authmode.auth2.disabled = false;
|
||||
} else if (auth == "wpa-psk" || auth == "wpa-eap") {
|
||||
document.authmode.auth2[0] = new Option("WPA (version 1)", "wpa1");
|
||||
document.authmode.auth2[1] = new Option("WPA2 (IEEE 802.11i)", "wpa2");
|
||||
document.authmode.auth2.disabled = false;
|
||||
}
|
||||
|
||||
update_encr();
|
||||
update_cred();
|
||||
update_conf();
|
||||
}
|
||||
|
||||
|
||||
function configure_auth2()
|
||||
{
|
||||
update_encr();
|
||||
update_conf();
|
||||
}
|
||||
|
||||
|
||||
function configure_encr()
|
||||
{
|
||||
update_conf();
|
||||
}
|
||||
|
||||
|
||||
function configure_passphrase()
|
||||
{
|
||||
var passphrase = document.cred_psk_form.passphrase.value;
|
||||
var psk = document.cred_psk_form.psk.value;
|
||||
var t = document.getElementById("cred_desc");
|
||||
|
||||
if (psk.length && (psk.length != 64 || !is_hex(psk))) {
|
||||
t.innerHTML = "<p class=\"error\">Note: Invalid PSK</p>";
|
||||
t.style.visibility = "visible";
|
||||
} else if (psk.length == 0 && passphrase.length &&
|
||||
(passphrase.length < 8 || passphrase.length > 63)) {
|
||||
t.innerHTML = "<p class=\"error\">Note: Invalid passphrase</p>";
|
||||
t.style.visibility = "visible";
|
||||
} else {
|
||||
t.innerHTML = "";
|
||||
t.style.visibility = "hidden";
|
||||
}
|
||||
|
||||
if (psk.length) {
|
||||
document.cred_psk_form.passphrase.disabled = true;
|
||||
document.cred_psk_form.psk.disabled = false;
|
||||
} else if (passphrase.length) {
|
||||
document.cred_psk_form.passphrase.disabled = false;
|
||||
document.cred_psk_form.psk.disabled = true;
|
||||
} else {
|
||||
document.cred_psk_form.passphrase.disabled = false;
|
||||
document.cred_psk_form.psk.disabled = false;
|
||||
}
|
||||
|
||||
update_conf();
|
||||
}
|
||||
|
||||
|
||||
function is_hex(s)
|
||||
{
|
||||
if (s.length % 2)
|
||||
return false;
|
||||
|
||||
for (i = 0; i < s.length; i++) {
|
||||
if (s[i] >= 'a' && s[i] <= 'f')
|
||||
continue;
|
||||
if (s[i] >= 'A' && s[i] <= 'F')
|
||||
continue;
|
||||
if (s[i] >= '0' && s[i] <= '9')
|
||||
continue;
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
function valid_wep_key(key)
|
||||
{
|
||||
if (key.length == 0)
|
||||
return true;
|
||||
|
||||
if (key[0] == '"') {
|
||||
if (key[key.length - 1] != '"')
|
||||
return false;
|
||||
return (key.length == 5 + 2 || key.length == 13 + 2 ||
|
||||
key.length == 16 + 2);
|
||||
}
|
||||
|
||||
return (is_hex(key) &&
|
||||
(key.length == 10 || key.length == 26 || key.length == 32));
|
||||
}
|
||||
|
||||
|
||||
function configure_wep()
|
||||
{
|
||||
var t = document.getElementById("cred_desc");
|
||||
var txt = "";
|
||||
var wep;
|
||||
|
||||
wep = document.cred_wep_form.wep0.value;
|
||||
if (!valid_wep_key(wep))
|
||||
txt += "<p class=\"error\">Note: Invalid WEP key: " + wep + "</p>\n";
|
||||
wep = document.cred_wep_form.wep1.value;
|
||||
if (!valid_wep_key(wep))
|
||||
txt += "<p class=\"error\">Note: Invalid WEP key: " + wep + "</p>\n";
|
||||
wep = document.cred_wep_form.wep2.value;
|
||||
if (!valid_wep_key(wep))
|
||||
txt += "<p class=\"error\">Note: Invalid WEP key: " + wep + "</p>\n";
|
||||
wep = document.cred_wep_form.wep3.value;
|
||||
if (!valid_wep_key(wep))
|
||||
txt += "<p class=\"error\">Note: Invalid WEP key: " + wep + "</p>\n";
|
||||
|
||||
if (txt.length) {
|
||||
t.innerHTML = txt;
|
||||
t.style.visibility = "visible";
|
||||
} else if (t.style.visibility != "hidden")
|
||||
t.style.visibility = "hidden";
|
||||
|
||||
update_conf();
|
||||
}
|
||||
|
||||
|
||||
function update_eap()
|
||||
{
|
||||
var eap = document.cred_eap_form.eap.value;
|
||||
var n = 0;
|
||||
|
||||
if (eap == "PEAP" || eap == "TTLS" || eap == "FAST") {
|
||||
document.cred_eap_form.phase2[n++] = new Option("EAP-MSCHAPv2", "MSCHAPV2");
|
||||
document.cred_eap_form.phase2.selectedIndex = n - 1;
|
||||
if (eap != "FAST") {
|
||||
document.cred_eap_form.phase2[n++] = new Option("EAP-GTC", "GTC");
|
||||
document.cred_eap_form.phase2[n++] = new Option("EAP-MD5", "MD5");
|
||||
document.cred_eap_form.phase2[n++] = new Option("EAP-TLS", "TLS");
|
||||
document.cred_eap_form.phase2[n++] = new Option("EAP-OTP", "OTP");
|
||||
}
|
||||
if (eap == "TTLS") {
|
||||
document.cred_eap_form.phase2[n++] = new Option("MSCHAPv2", "_MSCHAPV2");
|
||||
document.cred_eap_form.phase2.selectedIndex = n - 1;
|
||||
document.cred_eap_form.phase2[n++] = new Option("MSCHAP", "_MSCHAP");
|
||||
document.cred_eap_form.phase2[n++] = new Option("PAP", "_PAP");
|
||||
document.cred_eap_form.phase2[n++] = new Option("CHAP", "_CHAP");
|
||||
}
|
||||
document.cred_eap_form.phase2.disabled = false;
|
||||
} else {
|
||||
document.cred_eap_form.phase2.disabled = true;
|
||||
}
|
||||
|
||||
for (i = 20; i >= n; i--)
|
||||
document.cred_eap_form.phase2[i] = null;
|
||||
|
||||
update_eap2();
|
||||
}
|
||||
|
||||
|
||||
function update_eap2()
|
||||
{
|
||||
var eap = document.cred_eap_form.eap.value;
|
||||
var password = false;
|
||||
var ca_cert = false;
|
||||
var user_cert = false;
|
||||
|
||||
if (eap == "PEAP" || eap == "TTLS") {
|
||||
ca_cert = true;
|
||||
if (document.cred_eap_form.phase2.value == "TLS")
|
||||
user_cert = true;
|
||||
else
|
||||
password = true;
|
||||
} else if (eap == "FAST") {
|
||||
password = true;
|
||||
} else if (eap == "GTC") {
|
||||
password = true;
|
||||
} else if (eap == "LEAP" || eap == "MD5" || eap == "MSCHAPV2") {
|
||||
password = true;
|
||||
} else if (eap == "TLS") {
|
||||
ca_cert = true;
|
||||
user_cert = true;
|
||||
}
|
||||
|
||||
if (eap == "TTLS") {
|
||||
document.cred_eap_form.anon_identity.disabled = false;
|
||||
document.cred_eap_form.anon_identity.value = "anonymous";
|
||||
} else if (eap == "FAST") {
|
||||
document.cred_eap_form.anon_identity.disabled = false;
|
||||
document.cred_eap_form.anon_identity.value = "FAST-000000000000";
|
||||
} else {
|
||||
document.cred_eap_form.anon_identity.disabled = true;
|
||||
}
|
||||
document.cred_eap_form.password.disabled = !password;
|
||||
if (ca_cert) {
|
||||
document.cred_eap_form.ca_cert.disabled = false;
|
||||
if (document.cred_eap_form.ca_cert.value.length == 0)
|
||||
document.cred_eap_form.ca_cert.value = "/etc/ca.pem";
|
||||
} else {
|
||||
document.cred_eap_form.ca_cert.disabled = true;
|
||||
}
|
||||
document.cred_eap_form.client_cert.disabled = !user_cert;
|
||||
document.cred_eap_form.private_key.disabled = !user_cert;
|
||||
document.cred_eap_form.private_key_passwd.disabled = !user_cert;
|
||||
|
||||
if (eap == "FAST") {
|
||||
document.cred_eap_form.pac_file.disabled = false;
|
||||
if (document.cred_eap_form.pac_file.value.length == 0)
|
||||
document.cred_eap_form.pac_file.value = "/etc/fast.pac";
|
||||
} else {
|
||||
document.cred_eap_form.pac_file.disabled = true;
|
||||
}
|
||||
|
||||
configure_eap();
|
||||
}
|
||||
|
||||
|
||||
function configure_eap()
|
||||
{
|
||||
update_conf();
|
||||
}
|
||||
|
||||
|
||||
function update_conf()
|
||||
{
|
||||
var t = document.getElementById("exampleconf");
|
||||
var txt = "";
|
||||
var indent = " ";
|
||||
var ap_scan = conf_ap_scan;
|
||||
var drv = document.os_driver.driver.value;
|
||||
|
||||
update_cred();
|
||||
|
||||
if (document.network.hidden_ssid.checked && ap_scan == 1 &&
|
||||
drv != "hostap" && drv != "madwifi") {
|
||||
/* if the selected driver does not support scan_ssid, must use
|
||||
* ap_scan=2 mode with hidden SSIDs */
|
||||
txt += "# this driver requires ap_scan=2 mode when using hidden SSIDs<br>\n";
|
||||
ap_scan = 2;
|
||||
}
|
||||
|
||||
switch (ap_scan) {
|
||||
case -1:
|
||||
txt += "# example configuration will be generated here<br>\n";
|
||||
break;
|
||||
case 0:
|
||||
txt += "# wired drivers do not use scanning<br>\n" +
|
||||
"ap_scan=0<br><br>\n";
|
||||
break;
|
||||
case 1:
|
||||
txt += "# request AP scanning and decide which AP to use<br>\n" +
|
||||
"ap_scan=1<br><br>\n";
|
||||
break;
|
||||
case 2:
|
||||
txt += "# request driver to take care of AP selection and roaming<br>\n" +
|
||||
"ap_scan=2<br><br>\n";
|
||||
break;
|
||||
}
|
||||
|
||||
if (document.os_driver.os.value == "windows") {
|
||||
txt += "# enable control interface using local UDP socket<br>\n" +
|
||||
"ctrl_interface=udp<br>\n";
|
||||
} else {
|
||||
txt += "# enable control interface using UNIX domain sockets<br>\n" +
|
||||
"ctrl_interface=/var/run/wpa_supplicant<br>\n";
|
||||
}
|
||||
|
||||
txt += "<br>\n" +
|
||||
"# you can include one or more network blocks here<br>\n" +
|
||||
"network={<br>\n";
|
||||
|
||||
if (conf_wired) {
|
||||
txt += indent + "# wired network - must not configure SSID here<br>\n";
|
||||
} else {
|
||||
if (document.network.ssid.value.length == 0)
|
||||
txt += indent + "# must configure SSID here (Step 2)<br>\n";
|
||||
txt += indent + "ssid=\"" + document.network.ssid.value + "\"<br>\n";
|
||||
if (ap_scan == 1 && document.network.hidden_ssid.checked)
|
||||
txt += indent + "scan_ssid=1<br>\n";
|
||||
}
|
||||
|
||||
var auth = document.authmode.auth.value;
|
||||
var auth2 = document.authmode.auth2.value;
|
||||
|
||||
if (auth == "open" || auth == "wep")
|
||||
txt += indent + "key_mgmt=NONE<br>\n";
|
||||
else if (auth == "ieee8021x")
|
||||
txt += indent + "key_mgmt=IEEE8021X<br>\n";
|
||||
else if (auth == "wpa-psk")
|
||||
txt += indent + "key_mgmt=WPA-PSK<br>\n";
|
||||
else if (auth == "wpa-eap")
|
||||
txt += indent + "key_mgmt=WPA-EAP<br>\n";
|
||||
else
|
||||
txt += indent + "# must set key_mgmt here (Step 3)<br>\n";
|
||||
|
||||
if (auth == "wep") {
|
||||
if (auth2 == "open")
|
||||
txt += indent + "auth_alg=OPEN<br>\n";
|
||||
else if (auth2 == "shared")
|
||||
txt += indent + "auth_alg=SHARED<br>\n";
|
||||
} else if (auth == "wpa-psk" || auth == "wpa-eap") {
|
||||
if (auth2 == "wpa1")
|
||||
txt += indent + "proto=WPA<br>\n";
|
||||
else if (auth2 == "wpa2")
|
||||
txt += indent + "proto=WPA2<br>\n";
|
||||
else
|
||||
txt += indent + "# WPA proto (v1/v2) should be configured here (Step 3)<br>\n";
|
||||
}
|
||||
|
||||
|
||||
if (auth == "wpa-psk" || auth == "wpa-eap") {
|
||||
var encr = document.encrmode.encr.value;
|
||||
if (encr == "tkip")
|
||||
txt += indent + "pairwise=TKIP<br>\n";
|
||||
else if (encr == "ccmp")
|
||||
txt += indent + "pairwise=CCMP<br>\n";
|
||||
else
|
||||
txt += indent + "# should configure pairwise encryption cipher (Step 4)<br>\n";
|
||||
}
|
||||
|
||||
if (auth == "wep") {
|
||||
var wep;
|
||||
wep = document.cred_wep_form.wep0.value;
|
||||
if (wep.length)
|
||||
txt += indent + "wep_key0=" + wep + "<br>\n";
|
||||
wep = document.cred_wep_form.wep1.value;
|
||||
if (wep.length)
|
||||
txt += indent + "wep_key1=" + wep + "<br>\n";
|
||||
wep = document.cred_wep_form.wep2.value;
|
||||
if (wep.length)
|
||||
txt += indent + "wep_key2=" + wep + "<br>\n";
|
||||
wep = document.cred_wep_form.wep3.value;
|
||||
if (wep.length)
|
||||
txt += indent + "wep_key3=" + wep + "<br>\n";
|
||||
txt += indent + "wep_tx_keyidx=" + document.cred_wep_form.wep_tx_idx.value + "<br>\n";
|
||||
} else if (auth == "wpa-psk") {
|
||||
var passphrase = document.cred_psk_form.passphrase.value;
|
||||
var psk = document.cred_psk_form.psk.value;
|
||||
if (psk.length) {
|
||||
if (psk.length != 64)
|
||||
txt += indent + "# WPA PSK 64-character hex string<br>\n";
|
||||
txt += indent + "psk=" + psk + "<br>\n";
|
||||
} else {
|
||||
if (passphrase.length < 8)
|
||||
txt += indent + "# WPA passphrase must be at least 8 characters long<br>\n";
|
||||
if (passphrase.length > 63)
|
||||
txt += indent + "# WPA passphrase must be at most 63 characters long<br>\n";
|
||||
txt += indent + "psk=\"" + passphrase + "\"<br>\n";
|
||||
}
|
||||
} else if (auth == "ieee8021x" || auth == "wpa-eap") {
|
||||
var eap = document.cred_eap_form.eap.value;
|
||||
if (eap == "select")
|
||||
txt += indent + "# EAP method needs to be selected (Step 5)<br>\n";
|
||||
else
|
||||
txt += indent + "eap=" + eap + "<br>\n";
|
||||
|
||||
var phase2 = document.cred_eap_form.phase2;
|
||||
var eap2 = phase2.value;
|
||||
if (eap == "PEAP" || eap == "TTLS" || eap == "FAST") {
|
||||
txt += indent + "phase2=\"auth";
|
||||
if (eap == "TTLS") {
|
||||
if (eap2[0] == '_') {
|
||||
eap2 = eap2.substring(1);
|
||||
} else
|
||||
txt += "eap";
|
||||
}
|
||||
txt += "=" + eap2 + "\"<br>\n";
|
||||
}
|
||||
|
||||
var identity = document.cred_eap_form.identity.value;
|
||||
if (identity.length)
|
||||
txt += indent + "identity=\"" + identity + "\"<br>\n";
|
||||
|
||||
var anon = document.cred_eap_form.anon_identity;
|
||||
if (!anon.disabled && anon.value.length)
|
||||
txt += indent + "anonymous_identity=\"" + anon.value + "\"<br>\n";
|
||||
|
||||
var password = document.cred_eap_form.password;
|
||||
if (!password.disabled && password.value.length)
|
||||
txt += indent + "password=\"" + password.value + "\"<br>\n";
|
||||
|
||||
var ca_cert = document.cred_eap_form.ca_cert;
|
||||
if (!ca_cert.disabled) {
|
||||
txt += indent + "ca_cert=\"" + ca_cert.value + "\"<br>\n";
|
||||
if (!phase2.disabled && eap2 == "TLS")
|
||||
txt += indent + "ca_cert2=\"" + ca_cert.value + "\"<br>\n";
|
||||
}
|
||||
|
||||
var client_cert = document.cred_eap_form.client_cert;
|
||||
if (!client_cert.disabled) {
|
||||
var e = "";
|
||||
if (!phase2.disabled && eap2 == "TLS")
|
||||
e = "2";
|
||||
|
||||
if (client_cert.value.length)
|
||||
txt += indent + "client_cert" + e + "=\"" + client_cert.value + "\"<br>\n";
|
||||
|
||||
var key = document.cred_eap_form.private_key.value;
|
||||
if (key.length)
|
||||
txt += indent + "private_key" + e + "=\"" + key + "\"<br>\n";
|
||||
|
||||
var passwd = document.cred_eap_form.private_key_passwd.value;
|
||||
if (passwd.length)
|
||||
txt += indent + "private_key_passwd" + e + "=\"" + passwd + "\"<br>\n";
|
||||
}
|
||||
|
||||
var pac = document.cred_eap_form.pac_file;
|
||||
if (!pac.disabled && pac.value.length)
|
||||
txt += indent + "pac_file=\"" + pac.value + "\"<br>\n";
|
||||
if (eap == "FAST")
|
||||
txt += indent + "phase1=\"fast_provisioning=1\"<br>\n";
|
||||
}
|
||||
|
||||
txt += "}<br>\n";
|
||||
|
||||
|
||||
txt += "</p>\n";
|
||||
|
||||
t.innerHTML = txt;
|
||||
}
|
@ -1,27 +0,0 @@
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<title>EAP-PEAP</title>
|
||||
<link rel="stylesheet" type="text/css" href="configure.css" />
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div id="navig">
|
||||
<a href="../">wpa_supplicant</a> /
|
||||
<a href="index.html">configuration</a> /
|
||||
<a href="eap.html">EAP</a> /
|
||||
EAP-PEAP
|
||||
</div>
|
||||
|
||||
<h1>EAP-PEAP</h1>
|
||||
|
||||
<p class="todo">TODO</p>
|
||||
|
||||
<hr>
|
||||
<address><a href="mailto:j@w1.fi">Jouni Malinen</a></address>
|
||||
<!-- Created: Sat Feb 25 19:53:25 PST 2006 -->
|
||||
<!-- hhmts start -->
|
||||
Last modified: Sun Feb 26 13:46:04 PST 2006
|
||||
<!-- hhmts end -->
|
||||
</body>
|
||||
</html>
|
@ -1,27 +0,0 @@
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<title>EAP-TLS</title>
|
||||
<link rel="stylesheet" type="text/css" href="configure.css" />
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div id="navig">
|
||||
<a href="../">wpa_supplicant</a> /
|
||||
<a href="index.html">configuration</a> /
|
||||
<a href="eap.html">EAP</a> /
|
||||
EAP-TLS
|
||||
</div>
|
||||
|
||||
<h1>EAP-TLS</h1>
|
||||
|
||||
<p class="todo">TODO</p>
|
||||
|
||||
<hr>
|
||||
<address><a href="mailto:j@w1.fi">Jouni Malinen</a></address>
|
||||
<!-- Created: Sat Feb 25 19:53:25 PST 2006 -->
|
||||
<!-- hhmts start -->
|
||||
Last modified: Sun Feb 26 13:46:48 PST 2006
|
||||
<!-- hhmts end -->
|
||||
</body>
|
||||
</html>
|
@ -1,31 +0,0 @@
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<title>Introduction to EAP authentication</title>
|
||||
<link rel="stylesheet" type="text/css" href="configure.css" />
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div id="navig">
|
||||
<a href="../">wpa_supplicant</a> /
|
||||
<a href="index.html">configuration</a> /
|
||||
EAP
|
||||
</div>
|
||||
|
||||
<h1>Introduction to EAP authentication</h1>
|
||||
|
||||
<p class="todo">TODO</p>
|
||||
|
||||
<ul>
|
||||
<li><a href="eap-tls.html">EAP-TLS</a></li>
|
||||
<li><a href="eap-peap.html">EAP-PEAP</a></li>
|
||||
</ul>
|
||||
|
||||
<hr>
|
||||
<address><a href="mailto:j@w1.fi">Jouni Malinen</a></address>
|
||||
<!-- Created: Sat Feb 25 19:53:25 PST 2006 -->
|
||||
<!-- hhmts start -->
|
||||
Last modified: Sun Feb 26 13:46:19 PST 2006
|
||||
<!-- hhmts end -->
|
||||
</body>
|
||||
</html>
|
@ -1,29 +0,0 @@
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<title>Configuring wpa_supplicant</title>
|
||||
<link rel="stylesheet" type="text/css" href="configure.css" />
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div id="navig">
|
||||
[<a href="../">wpa_supplicant</a>] /
|
||||
[configuration]
|
||||
</div>
|
||||
|
||||
<h2>Configuring wpa_supplicant</h2>
|
||||
|
||||
<ul>
|
||||
<li><a href="configure.html">wpa_supplicant configuration wizard</a></li>
|
||||
<li><a href="auth_modes.html">Introduction to wireless authentication modes</a></li>
|
||||
<li><a href="eap.html">Introduction to EAP authentication</a></li>
|
||||
</ul>
|
||||
|
||||
<hr>
|
||||
<address><a href="mailto:j@w1.fi">Jouni Malinen</a></address>
|
||||
<!-- Created: Sat Feb 25 19:53:25 PST 2006 -->
|
||||
<!-- hhmts start -->
|
||||
Last modified: Sun Feb 26 13:42:02 PST 2006
|
||||
<!-- hhmts end -->
|
||||
</body>
|
||||
</html>
|
Binary file not shown.
Before Width: | Height: | Size: 25 KiB |
@ -1,357 +0,0 @@
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<title>Linux WPA Supplicant (IEEE 802.1X, WPA, WPA2, RSN, IEEE 802.11i)</title>
|
||||
<meta name="description" content="WPA Supplicant for Linux, BSD, and Windows (IEEE 802.1X, WPA, WPA2, RSN, IEEE 802.11i)">
|
||||
<meta name="keywords" content="WPA, WPA2, IEEE 802.11i, IEEE 802.1X, WPA Supplicant, wpa_supplicant, TKIP, CCMP, EAP-PEAP, EAP-TLS, EAP-TTLS, EAP-SIM, EAP-AKA, EAP-PSK, EAP-GTC, EAP-MSCHAPv2, EAP-MD5, EAP-FAST, EAP-PAX, EAP-IKEv2IEEE 802.1X Supplicant, IEEE 802.1aa, EAPOL, RSN, pre-authentication, PMKSA caching, BSD WPA Supplicant, FreeBSD WPA Supplicant, wireless, WinXP WPA Supplicant, EAP-TNC, TNCC, IF-IMC, IF-TNCCS, WPS">
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<h2>Linux WPA/WPA2/IEEE 802.1X Supplicant</h2>
|
||||
|
||||
<p>wpa_supplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and
|
||||
Windows with
|
||||
support for WPA and WPA2 (IEEE 802.11i / RSN). It is suitable for both
|
||||
desktop/laptop computers and embedded systems. Supplicant is the IEEE
|
||||
802.1X/WPA component that is used in the client stations. It
|
||||
implements key negotiation with a WPA Authenticator and it controls
|
||||
the roaming and IEEE 802.11 authentication/association of the wlan
|
||||
driver.</p>
|
||||
|
||||
<p>wpa_supplicant is designed to be a "daemon" program that runs in the
|
||||
background and acts as the backend component controlling the wireless
|
||||
connection. wpa_supplicant supports separate frontend programs and a
|
||||
text-based frontend (wpa_cli) and a GUI (wpa_gui) are included with
|
||||
wpa_supplicant.</p>
|
||||
|
||||
<p>wpa_supplicant uses a flexible build configuration that can be used
|
||||
to select which features are included. This allows minimal code size
|
||||
(from ca. 50 kB binary for WPA/WPA2-Personal and 130 kB binary for
|
||||
WPA/WPA2-Enterprise without debugging code to 450 kB with most
|
||||
features and full debugging support; these example sizes are from a
|
||||
build for x86 target).</p>
|
||||
|
||||
|
||||
<h4>Supported WPA/IEEE 802.11i features</h4>
|
||||
|
||||
<ul>
|
||||
<li>WPA-PSK ("WPA-Personal")</li>
|
||||
<li>WPA with EAP (e.g., with RADIUS authentication server) ("WPA-Enterprise")</li>
|
||||
<li>key management for CCMP, TKIP, WEP104, WEP40</li>
|
||||
<li>WPA and full IEEE 802.11i/RSN/WPA2</li>
|
||||
<li>RSN: PMKSA caching, pre-authentication</li>
|
||||
<li>IEEE 802.11r</li>
|
||||
<li>IEEE 802.11w</li>
|
||||
<li>Wi-Fi Protected Setup (WPS)</li>
|
||||
</ul>
|
||||
|
||||
<h4>Supported EAP methods (IEEE 802.1X Supplicant)</h4>
|
||||
|
||||
<ul>
|
||||
<li>EAP-TLS</li>
|
||||
<li>EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)</li>
|
||||
<li>EAP-PEAP/TLS (both PEAPv0 and PEAPv1)</li>
|
||||
<li>EAP-PEAP/GTC (both PEAPv0 and PEAPv1)</li>
|
||||
<li>EAP-PEAP/OTP (both PEAPv0 and PEAPv1)</li>
|
||||
<li>EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)</li>
|
||||
<li>EAP-TTLS/EAP-MD5-Challenge</li>
|
||||
<li>EAP-TTLS/EAP-GTC</li>
|
||||
<li>EAP-TTLS/EAP-OTP</li>
|
||||
<li>EAP-TTLS/EAP-MSCHAPv2</li>
|
||||
<li>EAP-TTLS/EAP-TLS</li>
|
||||
<li>EAP-TTLS/MSCHAPv2</li>
|
||||
<li>EAP-TTLS/MSCHAP</li>
|
||||
<li>EAP-TTLS/PAP</li>
|
||||
<li>EAP-TTLS/CHAP</li>
|
||||
<li>EAP-SIM</li>
|
||||
<li>EAP-AKA</li>
|
||||
<li>EAP-AKA'</li>
|
||||
<li>EAP-PSK</li>
|
||||
<li>EAP-FAST</li>
|
||||
<li>EAP-PAX</li>
|
||||
<li>EAP-SAKE</li>
|
||||
<li>EAP-IKEv2</li>
|
||||
<li>EAP-GPSK</li>
|
||||
<li>LEAP (note: requires special support from the driver)</li>
|
||||
</ul>
|
||||
|
||||
<p>Following methods are also supported, but since they do not generate keying
|
||||
material, they cannot be used with WPA or IEEE 802.1X WEP keying.</p>
|
||||
|
||||
<ul>
|
||||
<li>EAP-MD5-Challenge</li>
|
||||
<li>EAP-MSCHAPv2</li>
|
||||
<li>EAP-GTC</li>
|
||||
<li>EAP-OTP</li>
|
||||
<li>EAP-TNC (Trusted Network Connect; TNCC, IF-IMC, IF-T, IF-TNCCS)</li>
|
||||
</ul>
|
||||
|
||||
<p>More information about EAP methods and interoperability testing is
|
||||
available in <a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/eap_testing.txt">eap_testing.txt</a>.</p>
|
||||
|
||||
|
||||
<h4>Supported TLS/crypto libraries</h4>
|
||||
|
||||
<ul>
|
||||
<li>OpenSSL (default)</li>
|
||||
<li>GnuTLS</li>
|
||||
</ul>
|
||||
|
||||
<h4>Internal TLS/crypto implementation (optional)</h4>
|
||||
|
||||
<ul>
|
||||
<li>can be used in place of an external TLS/crypto library</li>
|
||||
<li>TLSv1</li>
|
||||
<li>X.509 certificate processing</li>
|
||||
<li>PKCS #1</li>
|
||||
<li>ASN.1</li>
|
||||
<li>RSA</li>
|
||||
<li>bignum</li>
|
||||
<li>minimal size (ca. 50 kB binary, parts of which are already needed for WPA;
|
||||
TLSv1/X.509/ASN.1/RSA/bignum parts are about 25 kB on x86)</li>
|
||||
</ul>
|
||||
|
||||
<h4>Supported wireless cards/drivers</h4>
|
||||
|
||||
<ul>
|
||||
<li>Linux drivers that support nl80211/cfg80211 (most new drivers)</li>
|
||||
<li>Linux drivers that support Linux Wireless Extensions v19 or newer with
|
||||
WPA/WPA2 extensions</li>
|
||||
<li><a href="http://hostap.epitest.fi/">Host AP driver for Prism2/2.5/3</a> (WPA and WPA2)</li>
|
||||
<li><a href="http://www.linuxant.com/driverloader/">Linuxant DriverLoader</a> with Windows NDIS driver supporting WPA/WPA2</li>
|
||||
<li><a href="http://www.agere.com/support/drivers/">Agere Systems Inc. Linux Driver</a> (Hermes-I/Hermes-II chipset) (WPA, but not WPA2)</li>
|
||||
<li><a href="http://sourceforge.net/projects/madwifi/">madwifi (Atheros ar521x)</a></li>
|
||||
<li><a href="http://atmelwlandriver.sourceforge.net/">ATMEL AT76C5XXx</a></li>
|
||||
<li><a href="http://ndiswrapper.sourceforge.net/">Linux ndiswrapper</a></li>
|
||||
<li>Broadcom wl.o driver</li>
|
||||
<li><a href="http://sourceforge.net/projects/ipw2100/">Intel ipw2100</a></li>
|
||||
<li><a href="http://sourceforge.net/projects/ipw2200/">Intel ipw2200</a></li>
|
||||
<li>Wired Ethernet drivers</li>
|
||||
<li>BSD net80211 layer (e.g., Atheros driver) (FreeBSD 6-CURRENT and NetBSD current)</li>
|
||||
<li>Windows NDIS drivers (Windows; at least XP and 2000, others not tested)</li>
|
||||
</ul>
|
||||
|
||||
<p>wpa_supplicant was designed to be portable for different drivers and
|
||||
operating systems. Hopefully, support for more wlan cards and OSes will be
|
||||
added in the future. See <a href="devel/">developers' documentation</a>
|
||||
for more information about the design of wpa_supplicant and porting to
|
||||
other drivers.</p>
|
||||
|
||||
<h3><a name="download">Download</a></h3>
|
||||
|
||||
<p>
|
||||
<b>wpa_supplicant</b><br>
|
||||
Copyright (c) 2003-2011, Jouni Malinen <j@w1.fi>
|
||||
and contributors.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License version 2 as
|
||||
published by the Free Software Foundation. See
|
||||
<a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=COPYING">COPYING</a>
|
||||
for more details.
|
||||
</p>
|
||||
|
||||
<p>Alternatively, this software may be distributed, used, and modified
|
||||
under the terms of BSD license. See <a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/README">README</a>
|
||||
for more details.</p>
|
||||
|
||||
<p>
|
||||
<b>Please see
|
||||
<a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/README">README</a>
|
||||
for the current documentation.</b><br>
|
||||
<a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/README-Windows.txt">README-Windows.txt</a>
|
||||
has some more information about the Windows port of wpa_supplicant.</p>
|
||||
|
||||
|
||||
<ul>
|
||||
<li><a href="../releases.html">Release graph</a></li>
|
||||
<li>Latest stable release:
|
||||
<ul>
|
||||
<li><a href="../releases/wpa_supplicant-0.7.3.tar.gz">wpa_supplicant-0.7.3.tar.gz</a> (source code for all versions)</li>
|
||||
<li><a href="../releases/wpa_supplicant-0.7.3.exe">wpa_supplicant-0.7.3.exe</a> (binary installer for Windows)</li>
|
||||
<li><a href="../releases/wpa_supplicant-windows-bin-0.7.3.zip">wpa_supplicant-windows-bin-0.7.3.zip</a> (binaries for Windows)</li>
|
||||
</ul>
|
||||
<li>Previous stable release:
|
||||
<ul>
|
||||
<li><a href="../releases/wpa_supplicant-0.6.10.tar.gz">wpa_supplicant-0.6.10.tar.gz</a> (source code for all versions)</li>
|
||||
<li><a href="../releases/wpa_supplicant-0.6.10.exe">wpa_supplicant-0.6.10.exe</a> (binary installer for Windows)</li>
|
||||
<li><a href="../releases/wpa_supplicant-windows-bin-0.6.10.zip">wpa_supplicant-windows-bin-0.6.10.zip</a> (binaries for Windows)</li>
|
||||
<li><a href="qt4/wpa_gui-qt433-windows-dll.zip">wpa_gui-qt433-windows-dll.zip</a> (Qt4 libraries from wpa_gui/Windows)</li>
|
||||
</ul>
|
||||
<!--
|
||||
<li>Latest development release:
|
||||
<ul>
|
||||
<li><a href="../releases/wpa_supplicant-0.8.0.tar.gz">wpa_supplicant-0.8.0.tar.gz</a> (source code for all versions)</li>
|
||||
<li><a href="../releases/wpa_supplicant-0.8.0.exe">wpa_supplicant-0.8.0.exe</a> (binary installer for Windows)</li>
|
||||
<li><a href="../releases/wpa_supplicant-windows-bin-0.8.0.zip">wpa_supplicant-windows-bin-0.8.0.zip</a> (binaries for Windows)</li>
|
||||
</ul>
|
||||
-->
|
||||
<li>ChangeLog:
|
||||
<ul>
|
||||
<li><a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/ChangeLog">development branch</a></li>
|
||||
<li><a href="/gitweb/gitweb.cgi?p=hostap-07.git;a=blob_plain;f=wpa_supplicant/ChangeLog">stable branch</a></li>
|
||||
<li><a href="/gitweb/gitweb.cgi?p=hostap-06.git;a=blob_plain;f=wpa_supplicant/ChangeLog">previous stable branch</a></li>
|
||||
</ul>
|
||||
<li><a href="../releases/">Old releases</a></li>
|
||||
<li><a href="http://lists.shmoo.com/mailman/listinfo/hostap">Mailing list</a></li>
|
||||
<li><a href="http://lists.shmoo.com/pipermail/hostap/">New mailing list archives</a></li>
|
||||
<li><a href="/gitweb/gitweb.cgi">Web interface to GIT repository (0.6.x and newer)</a></li>
|
||||
<li><a href="/cgi-bin/viewcvs.cgi/hostap/">Web interface to CVS repository (0.5.x and older)</a></li>
|
||||
<li><a href="../releases/snapshots/">Snapshot releases from all active branches</a>
|
||||
<li><a href="../cvs.html">GIT and read-only anonymous CVS access (pserver)</a></li>
|
||||
<li><a href="../bugz/">Bug and feature request tracking</a></li>
|
||||
<li><a href="devel/">Developers' documentation for wpa_supplicant 0.6.x</a></li>
|
||||
<li><a href="wpa_gui.html">wpa_gui screenshots</a></li>
|
||||
</ul>
|
||||
|
||||
<h3>WPA</h3>
|
||||
|
||||
<p>The original security mechanism of IEEE 802.11 standard was not
|
||||
designed to be strong and has proven to be insufficient for most
|
||||
networks that require some kind of security. Task group I (Security)
|
||||
of <a href="http://www.ieee802.org/11/">IEEE 802.11 working group</a>
|
||||
has worked to address the flaws of the base standard and in
|
||||
practice completed its work in May 2004. The IEEE 802.11i amendment to
|
||||
the IEEE 802.11 standard was approved in June 2004 and published in
|
||||
July 2004.</p>
|
||||
|
||||
<p><a href="http://www.wi-fi.org/">Wi-Fi Alliance</a> used a draft
|
||||
version of the IEEE 802.11i work (draft 3.0) to define a subset of the
|
||||
security enhancements that can be implemented with existing wlan
|
||||
hardware. This is called Wi-Fi Protected Access (WPA). This has
|
||||
now become a mandatory component of interoperability testing and
|
||||
certification done by Wi-Fi Alliance. Wi-Fi has
|
||||
<a href="http://www.wi-fi.org/OpenSection/protected_access.asp">information
|
||||
about WPA</a> at its web site.</p>
|
||||
|
||||
<p>IEEE 802.11 standard defined wired equivalent privacy (WEP) algorithm
|
||||
for protecting wireless networks. WEP uses RC4 with 40-bit keys,
|
||||
24-bit initialization vector (IV), and CRC32 to protect against packet
|
||||
forgery. All these choices have proven to be insufficient: key space is
|
||||
too small against current attacks, RC4 key scheduling is insufficient
|
||||
(beginning of the pseudorandom stream should be skipped), IV space is
|
||||
too small and IV reuse makes attacks easier, there is no replay
|
||||
protection, and non-keyed authentication does not protect against bit
|
||||
flipping packet data.</p>
|
||||
|
||||
<p>WPA is an intermediate solution for the security issues. It uses
|
||||
Temporal Key Integrity Protocol (TKIP) to replace WEP. TKIP is a
|
||||
compromise on strong security and possibility to use existing
|
||||
hardware. It still uses RC4 for the encryption like WEP, but with
|
||||
per-packet RC4 keys. In addition, it implements replay protection,
|
||||
keyed packet authentication mechanism (Michael MIC).</p>
|
||||
|
||||
<p>Keys can be managed using two different mechanisms. WPA can either use
|
||||
an external authentication server (e.g., RADIUS) and EAP just like
|
||||
IEEE 802.1X is using or pre-shared keys without need for additional
|
||||
servers. Wi-Fi calls these "WPA-Enterprise" and "WPA-Personal",
|
||||
respectively. Both mechanisms will generate a master session key for
|
||||
the Authenticator (AP) and Supplicant (client station).</p>
|
||||
|
||||
<p>WPA implements a new key handshake (4-Way Handshake and Group Key
|
||||
Handshake) for generating and exchanging data encryption keys between
|
||||
the Authenticator and Supplicant. This handshake is also used to
|
||||
verify that both Authenticator and Supplicant know the master session
|
||||
key. These handshakes are identical regardless of the selected key
|
||||
management mechanism (only the method for generating master session
|
||||
key changes).</p>
|
||||
|
||||
|
||||
<h3>IEEE 802.11i / RSN / WPA2</h3>
|
||||
|
||||
<p>The design for parts of IEEE 802.11i that were not included in WPA
|
||||
has finished (May 2004) and this amendment to IEEE 802.11 was approved
|
||||
in June 2004. Wi-Fi Alliance is using the final IEEE 802.11i as a new
|
||||
version of WPA called WPA2. This included, e.g., support for more
|
||||
robust encryption algorithm (CCMP: AES in Counter mode with CBC-MAC)
|
||||
to replace TKIP, optimizations for handoff (reduced number of messages
|
||||
in initial key handshake, pre-authentication, and PMKSA caching).</p>
|
||||
|
||||
<h3>Using wpa_supplicant</h3>
|
||||
|
||||
<p>Following steps are used when associating with an AP using WPA:<p>
|
||||
<ul>
|
||||
<li>wpa_supplicant requests the kernel driver to scan neighboring BSSes</li>
|
||||
<li>wpa_supplicant selects a BSS based on its configuration</li>
|
||||
<li>wpa_supplicant requests the kernel driver to associate with the chosen
|
||||
BSS</li>
|
||||
<li>if WPA-EAP: integrated IEEE 802.1X Supplicant completes EAP
|
||||
authentication with the authentication server (proxied by the
|
||||
Authenticator in the AP)</li>
|
||||
<li>If WPA-EAP: master key is received from the IEEE 802.1X Supplicant</li>
|
||||
<li>If WPA-PSK: wpa_supplicant uses PSK as the master session key</li>
|
||||
<li>wpa_supplicant completes WPA 4-Way Handshake and Group Key Handshake
|
||||
with the Authenticator (AP). WPA2 has integrated the initial Group Key
|
||||
Handshake into the 4-Way Handshake.</li>
|
||||
<li>wpa_supplicant configures encryption keys for unicast and broadcast</li>
|
||||
<li>normal data packets can be transmitted and received</li>
|
||||
</ul>
|
||||
|
||||
<h4>Configuration file</h4>
|
||||
|
||||
<p>wpa_supplicant is configured using a text file that lists all accepted
|
||||
networks and security policies, including pre-shared keys. See
|
||||
example configuration file,
|
||||
<a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/wpa_supplicant.conf">wpa_supplicant.conf</a>,
|
||||
for detailed information about the configuration format and supported
|
||||
fields. In addition, simpler example configurations are available for
|
||||
<a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/examples/plaintext.conf">plaintext</a>,
|
||||
<a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/examples/wep.conf">static WEP</a>,
|
||||
<a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/examples/ieee8021x.conf">IEEE 802.1X with dynamic WEP (EAP-PEAP/MSCHAPv2)</a>,
|
||||
<a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/examples/wpa-psk-tkip.conf">WPA-PSK/TKIP</a>, and
|
||||
<a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/examples/wpa2-eap-ccmp.conf">WPA2-EAP/CCMP (EAP-TLS)</a>.
|
||||
In addition, wpa_supplicant can use OpenSSL engine to avoid need for
|
||||
exposing private keys in the file system. This can be used for EAP-TLS
|
||||
authentication with smartcards and TPM tokens.
|
||||
<a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/examples/openCryptoki.conf">Example configuration for using openCryptoki</a>
|
||||
shows an example network block and related parameters for EAP-TLS
|
||||
authentication using PKCS#11 TPM token.
|
||||
</p>
|
||||
|
||||
<h3>Feedback, comments, mailing list</h3>
|
||||
|
||||
<p>
|
||||
Any comments, reports on success/failure, ideas for further
|
||||
improvement, feature requests, etc. are welcome at j@w1.fi.
|
||||
Please note, that I often receive more email than I have time to answer.
|
||||
Unfortunately, some messages may not get a reply, but I'll try to go
|
||||
through my mail whenever time permits.
|
||||
</p>
|
||||
|
||||
<p>Host AP mailing list can also be used for topics related to
|
||||
wpa_supplicant. Since this list has a broader audience, your likelihood
|
||||
of getting responses is higher. This list is recommended for general
|
||||
questions about wpa_supplicant and its development. In addition, I
|
||||
will send release notes to it whenever a new version is available.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
The mailing list information and web archive is at <a
|
||||
href="http://lists.shmoo.com/mailman/listinfo/hostap">http://lists.shmoo.com/mailman/listinfo/hostap</a>.
|
||||
Messages to hostap@shmoo.com will be delivered to the
|
||||
subscribers. Please note, that due to large number of spam and virus
|
||||
messages sent to the list address, the list is configured to accept
|
||||
messages only from subscribed addresses. Messages from unsubscribed addresses
|
||||
may be accepted manually, but their delivery will be delayed.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
If you want to make sure your bug report of feature request does not
|
||||
get lost, please report it through the bug tracking system as
|
||||
<a href="../bugz/enter_bug.cgi">a new
|
||||
bug/feature request</a>.
|
||||
</p>
|
||||
|
||||
<hr>
|
||||
<div>
|
||||
<address><a href="mailto:j@w1.fi">Jouni Malinen</a></address>
|
||||
<!-- Created: Sat May 22 21:41:58 PDT 2004 -->
|
||||
<!-- hhmts start -->
|
||||
Last modified: Sun Feb 27 12:48:48 EET 2011
|
||||
<!-- hhmts end -->
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
Binary file not shown.
Before Width: | Height: | Size: 20 KiB |
Binary file not shown.
Before Width: | Height: | Size: 13 KiB |
Binary file not shown.
Before Width: | Height: | Size: 15 KiB |
Binary file not shown.
Before Width: | Height: | Size: 11 KiB |
@ -1,36 +0,0 @@
|
||||
<html>
|
||||
<head>
|
||||
<title>wpa_gui screenshots</title>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<h1>wpa_gui screenshots</h1>
|
||||
|
||||
<h2>Main window</h2>
|
||||
|
||||
<img src="main.png">
|
||||
|
||||
<h2>Scan results</h2>
|
||||
|
||||
<img src="scan.png">
|
||||
|
||||
<h2>Network configuration (new network from scan results)</h2>
|
||||
|
||||
<img src="net_conf.png">
|
||||
|
||||
<h2>Event history</h2>
|
||||
|
||||
<img src="events.png">
|
||||
|
||||
<h2>User input for authentication credentials</h2>
|
||||
|
||||
<img src="user_input.png">
|
||||
|
||||
<hr>
|
||||
<address><a href="mailto:j@w1.fi">Jouni Malinen</a></address>
|
||||
<!-- Created: Sun May 22 20:23:01 PDT 2005 -->
|
||||
<!-- hhmts start -->
|
||||
Last modified: Thu Mar 8 19:44:46 PST 2007
|
||||
<!-- hhmts end -->
|
||||
</body>
|
||||
</html>
|
Loading…
Reference in New Issue
Block a user