Linux/WPA の履歴(No.13)

[ トップ ]   [ 新規 | 一覧 | 検索 | 最終更新 | ヘルプ ]

• 履歴一覧
• ソース を表示
• Linux/WPA は削除されています。
  • 1 (2005-02-07 (月) 10:02:11)
  • 2 (2005-02-07 (月) 10:03:25)
  • 3 (2005-03-14 (月) 07:32:27)
  • 4 (2005-05-20 (金) 09:07:42)
  • 5 (2005-05-22 (日) 16:36:02)
  • 6 (2005-05-23 (月) 04:22:10)
  • 7 (2005-05-23 (月) 08:09:08)
  • 8 (2005-05-23 (月) 10:49:32)
  • 9 (2005-05-23 (月) 19:09:00)
  • 10 (2005-05-23 (月) 22:52:31)
  • 11 (2005-05-24 (火) 06:30:48)
  • 12 (2005-05-24 (火) 10:04:55)
  • 13 (2005-05-24 (火) 11:42:16)
  • 14 (2005-05-25 (水) 03:39:18)
  • 15 (2005-06-21 (火) 04:42:14)
  • 16 (2005-06-23 (木) 06:49:29)

---

Wi-Fi Protected Access

#navi(contents-page-name): No such page: Linux

CONTENTS

---

REFERENCES

• Windows XP の WPA ワイヤレス セキュリティ アップデートの概要
• 802.11セキュリティ
• HOWTO on EAP/TLS authentication between FreeRADIUS and XSupplicant
• Open 1x
• Host AP driver for Intersil Prism2/2.5/3, hostapd, and WPA Supplicant
• FreeRADIUS on FreeBSD
• OpenSSL & FreeRADIUS による 802.1x 環境の構築

---

はじめに†

• WPA Supplicantで動くようにks2101のdriverをつくる
• なんか仕様書には、以下の設定ができるように書いてあるんだけど、実験するにはどういう環境が必要なのかいまいち調べてないから、わからない。

用語・略語集†

WPA

Wireless Projecter Adaptorとは関係ない。

WPA

Windows Product Activation氏ね。

EAP

Extensible Authentication Protocol

PSK

Pre-Shared Key

TKIP

Temporal Key Integrity Protocol

AES

Advanced Encryption Standard

WPA関連MIB†

AuthenticationSuite Set?†

• これは、WindowsXPのNDIS5.1の場合以下の設定で対応するってことらしい。(OID_802_11_AUTHENTICATION_MODE,OID_802_11_WEP_STATUS)
• wpa_supplicantはどーなのかな？
• なんかこの表変???間違ってんのか?

WPA対応機器†

• MELCO高いけど買う？
  • (金子)買わないと実験できないんでない?買いましょう。
  • /h/ Host APを設定すれば実験できなくはないですが，Host AP自体の正当性を検証しないといけないので厄介。買うのが吉。
  • 高いので、実験するときになったら、KSCと相談したいと思います。
• I-O DATA WN-AG/BBR

  Firmware	2.2.0c
  SSID	tacoma
  Channel	1
  WPA-PSK(AES)	aesaesaes

• I-O DATA WN-APG/BBR

  Firmware	3.0.5c
  SSID	ioAirportAp13
  Channnel	13
  WPA-PSK(TKIP)	hidemaru4000en

• I-O DATA WN-AG/CB2

WPA Supplicant†

Install†

FreeBSD ｶﾞ━━ΣΣ(ﾟДﾟ;)━━ﾝ

# portinstall security/wpa_supplicant/
[Updating the pkgdb <format:bdb1_btree> in /var/db/pkg ... - 204 packages found (-0 +0)  done]
** Port marked as IGNORE: security/wpa_supplicant:
        is not supported on FreeBSD < 6.0

Debian

# apt-get install wpasupplicant

Driver I/F†

• driver に対してのI/Fはどうなんでしょ？driverが実装しなきゃいけない、ioctlとかあるのかな？
• wpa_supplicantにpatch当てる必要あり？

実験†

WPA-PSK (TKIP/AES) on WN-AG/CB2†

# cat /etc/default/wpasupplicant 
ENABLED=1
OPTIONS="-Dmadwifi -iath0 -c/etc/wpa_supplicant.conf -dd -w"

# cat /etc/wpa_supplicant.conf
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
ap_scan=1
network={
   ssid="ioAirportAp13"
   psk="hidemaru4000en"
   priority=1
}
network={
   ssid="tacoma"
   psk="aesaesaes"
   priority=2
}

# /etc/init.d/wpasupplicant start
Starting wpasupplicant: Initializing interface 
  'ath0' conf '/etc/wpa_supplicant.conf' driver 'madwifi'
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group=0
ap_scan=1
Line: 4 - start of a new network block
ssid - hexdump_ascii(len=13):
     69 6f 41 69 72 70 6f 72 74 41 70 31 33            ioAirportAp13   
PSK (ASCII passphrase) - hexdump_ascii(len=14): [REMOVED]
priority=5 (0x5)
PSK (from passphrase) - hexdump(len=32): [REMOVED]
Priority group 5
   id=0 ssid='ioAirportAp13'
Daemonize..
done.

# iwconfig ath0
ath0      IEEE 802.11g  ESSID:"ioAirportAp13"  
          Mode:Managed  Frequency:2.472 GHz  Access Point: 00:A0:B0:6A:09:00
          Bit Rate:36 Mb/s   Tx-Power:50 dBm   Sensitivity=0/3
          Retry:off   RTS thr:off   Fragment thr:off
          Encryption key:41E0-9CF8-AF33-EDF7-00DD-4CC4-3C9D-2277
          Security mode:restricted
          Power Management:off
          Link Quality=46/94  Signal level=-49 dBm  Noise level=-95 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

# dhclient ath0
Internet Software Consortium DHCP Client 2.0pl5
Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium.
All rights reserved.

Please contribute if you find this software useful.
For info, please visit http://www.isc.org/dhcp-contrib.html

sit0: unknown hardware address type 776
eth1: unknown hardware address type 24
sit0: unknown hardware address type 776
eth1: unknown hardware address type 24
Listening on LPF/ath0/00:a0:b0:4c:5b:b8
Sending on   LPF/ath0/00:a0:b0:4c:5b:b8
Sending on   Socket/fallback/fallback-net
DHCPDISCOVER on ath0 to 255.255.255.255 port 67 interval 7
DHCPOFFER from 192.168.104.1
DHCPREQUEST on ath0 to 255.255.255.255 port 67
DHCPACK from 192.168.104.1
bound to 192.168.104.3 -- renewal in 43200 seconds.

# ifconfig ath0
ath0      Link encap:Ethernet  HWaddr 00:A0:B0:4C:5B:B8  
          inet addr:192.168.104.3  Bcast:192.168.104.255  Mask:255.255.255.0
          inet6 addr: fe80::2a0:b0ff:fe4c:5bb8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:319 errors:24 dropped:0 overruns:0 frame:24
          TX packets:40 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:199 
          RX bytes:98324 (96.0 KiB)  TX bytes:5139 (5.0 KiB)
          Interrupt:10 Memory:dfc3f000-dfc4f000 

# ping 192.168.104.1
PING 192.168.104.1 (192.168.104.1) 56(84) bytes of data.
64 bytes from 192.168.104.1: icmp_seq=1 ttl=127 time=0.627 ms

• WPA-PSK(TKIP)成功
• WPA-PSK(AES)も成功

WPA (AES) EAP-TLS on WN-AG/CB2†

1. Certificate Autority関係を何とかする。
2. /usr/local/etc/raddb以下の環境ファイル（死ぬほどある）を何とかする。
3. APの設定を何とかする。
4. 証明書などをクライアントマシンにコピーして何とかする。

radiusd -X

rad_recv: Access-Request packet from host 192.168.100.1:1202, id=204, length=142
        User-Name = "hasebe"
        NAS-IP-Address = 192.168.123.1
        NAS-Port = 0
        Called-Station-Id = "00-A0-B0-46-85-E2"
        Calling-Station-Id = "00-A0-B0-4C-5B-B8"
        NAS-Identifier = "tacoma"
        Framed-MTU = 1380
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x020500060d00
        State = 0xa400d73454b06110b20bb42ad551e5d4
        Message-Authenticator = 0xf25aa2cbda033033b6f726c1486e395f
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 17
  modcall[authorize]: module "preprocess" returns ok for request 17
  modcall[authorize]: module "chap" returns noop for request 17
  modcall[authorize]: module "mschap" returns noop for request 17
    rlm_realm: No '@' in User-Name = "hasebe", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 17
  rlm_eap: EAP packet type response id 5 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 17
    users: Matched entry DEFAULT at line 153
  modcall[authorize]: module "files" returns ok for request 17
modcall: group authorize returns updated for request 17
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 17
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake is finished
  eaptls_verify returned 3 
  eaptls_process returned 3 
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns ok for request 17
modcall: group authenticate returns ok for request 17
Sending Access-Accept of id 204 to 192.168.100.1:1202
        MS-MPPE-Recv-Key = 0x3002dbe723b42c89fe8794040232857a811157e23e7d4775bd4d6f3a8068243c
        MS-MPPE-Send-Key = 0x8c3358754b17c94c6e8be4d3c6c46562a353030f304506410030f01c63c883fe
        EAP-Message = 0x03050004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "hasebe"
Finished request 17

• WPA-EPA成功。REFERENCEのリンク先をみながら設定すれば何とかなる。

     

Site admin: admin

PukiWiki 1.5.4 © 2001-2022 PukiWiki Development Team. Powered by PHP 8.1.33. HTML convert time: 0.029 sec.