========
wpa
========

WPA frame exchange
--------------------

	WPA stands for "Wi-Fi Protected Access." WPA is a security protocol designed to create secure wireless (Wi-Fi) networks.
	WPA uses the temporal key integrity protocol (TKIP), which dynamically changes the key that the systems use. 
	This prevents intruders from creating their own encryption key to match the one used by the secure network.

	The following is a resprestaion of WPA (WPA1) handshake
	
		``Hostapd(AP)                                         wpa_supplicant(station)``

		``|<<-----------------------Auth_Req---------------------------|``

		``|-------------------------Auth_Resp------------------------>>|``
		
		``|<<-----------------------Assoc_Req--------------------------|``
		
		``|-------------------------Assoc_Resp----------------------->>|``
		
		``|--------------------------EAPOL-M1------------------------>>|``
		
		``|<<------------------------EAPOL-M2--------------------------|``

		``|--------------------------EAPOL-M3------------------------>>|``
		
		``|<<------------------------EAPOL-M4--------------------------|``

Test bed
------------
    Inorder to execute below practical example, two Linux machines are needed with ubuntu version >= 16.04.

    * Check the Ubuntu version on your machine. Ubuntu version used for in this site is 20.04
        .. literalinclude:: test_bed_cmds/cmd_test_bed_ubuntu_ver.py

wpa_supplicant compilation
-----------------------------------

    The daemon process that runs in the client stations.
    It implements WPA key negotiation with a WPA Authenticator and EAP authentication with Authentication Server.
    In addition, it controls the roaming and IEEE 802.11 authentication/association of the wireless LAN driver.
    Following are the steps to download and compiling wpa_supplicant from source code

    1. Download latest wpa_supplicant
        .. literalinclude:: supp_cmds/cmd_supp_download.py

    2. Install required packages
        .. literalinclude:: supp_cmds/cmd_supp_pkgs.py

       below messages indicate that packages are installed successfully
        .. literalinclude:: supp_cmds/cmd_supp_pkgs_installed_msg.py

    3. Extract the tar file
        .. literalinclude:: supp_cmds/cmd_supp_untar.py

    4. Go to wpa_supplicant directory
        .. literalinclude:: supp_cmds/cmd_supp_cd.py

    5. Copy the default configuration into .conf file
        .. literalinclude:: supp_cmds/cmd_supp_defconfig.py

    6. Enable below configs in .config
        .. literalinclude:: supp_cmds/cmd_supp_defconfig_configs.py

    7. Build the wpa_supplicant
        .. literalinclude:: supp_cmds/cmd_supp_make.py

        Below is the list of files compiled based on the features enabled in ".config"

        .. literalinclude:: supp_cmds/cmd_supp_make_log.py

    8. Install the compiled commands (optional)
        .. literalinclude:: supp_cmds/cmd_supp_install.py

hostapd compilation
-----------------------------------

    The hostapd is a user space daemon for access point and authentication servers.
    It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS authentication server.
    Following are the steps to download and compiling hostapd from source code

    1. Download latest hostapd
        .. literalinclude:: hostapd_cmds/cmd_hostapd_download.py

    2. Install required packages  
        .. literalinclude:: hostapd_cmds/cmd_hostapd_pkgs.py

       below messages indicate that packages are installed successfully
        .. literalinclude:: hostapd_cmds/cmd_hostapd_pkgs_installed_msg.py

    3. Extract the tar file
        .. literalinclude:: hostapd_cmds/cmd_hostapd_untar.py

    4. Go to Hostapd directory
        .. literalinclude:: hostapd_cmds/cmd_hostapd_cd.py

    5. Copy the default configuration into .conf file
        .. literalinclude:: hostapd_cmds/cmd_hostapd_defconfig.py

    6. Enable below configs in .config
        .. literalinclude:: hostapd_cmds/cmd_hostapd_defconfig_configs.py

    7. Build the Hostapd
        .. literalinclude:: hostapd_cmds/cmd_hostapd_make.py

        Below is the list of files compiled based on the features enabled in ".config"

        .. literalinclude:: hostapd_cmds/cmd_hostapd_make_log.py

    8. Install the compiled commands (optional)
        .. literalinclude:: hostapd_cmds/cmd_hostapd_install.py

Running hostapd
------------------------

    1. Check if wifi interface with the name "wlan0" is available. This is created on boot up of the ubuntu machine or by installing wifi driver manually

        .. literalinclude:: hostapd_cmds/cmd_hostapd_iwx_status.py

    2. Create a hostapd.conf file in /etc/hostapd/ folder with below content
        .. literalinclude:: hostapd_cmds/cmd_hostapd_conf_edit.py
        
        Copy below content

        .. literalinclude:: hostapd_cmds/cmd_hostapd_conf_content.py

    3. Go to hostapd directory 
        .. literalinclude:: hostapd_cmds/cmd_hostapd_cd.py

    4. Run hostapd by issuing follwing command 
        .. literalinclude:: hostapd_cmds/cmd_hostapd_run.py

        Below log messages are seen on console after running hostapd

        .. literalinclude:: hostapd_cmds/cmd_hostapd_run_log.py

    5. Mode of "wlan0" interface is now assigned as "AP/Master". Check this by querying information via iwconfig/iw command

        .. literalinclude:: hostapd_cmds/cmd_hostapd_iwx_status_ap.py

    6. verify that AP is working in WPA-PERSONAL in beacon frame
        ``Beacon->Wireless_Managment->tagged_parameter->vendor_specific->WPA_version=1``

Running wpa_supplicant
---------------------------------

``METHOD 1: With Network Block in wpa_supplicant.conf file``
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

    1. Check if wifi interface with the name "wlan1" is available. This is created on boot up of the ubuntu machine or by installing wifi driver manually
        .. literalinclude:: supp_cmds/cmd_supp_iwx_status.py

    2. Go to wpa_supplicant directory 
        .. literalinclude:: supp_cmds/cmd_supp_cd.py

    3. Create wpa_supplicant.conf file with following network block contents

         delete all existing content and copy below content

        .. literalinclude:: supp_cmds/cmd_supp_conf_content.py

    4. Run wpa_supplicant
        .. literalinclude:: supp_cmds/cmd_supp_run.py

        Below log messages are seen on console after running wpa_supplicant

        .. literalinclude:: supp_cmds/cmd_supp_run_log.py

        Message "CTRL-EVENT-CONNECTED" indicates that wpa_supplicant(station) is connected to hostapd(ap) successfully

    5. Run wpa_cli and check status in wpa_cli prompt
        .. literalinclude:: supp_cmds/cmd_supp_wpa_cli_check_status.py

        Message "wpa_state=COMPLETE" indicates that wpa_supplicant(station) is connected to hostapd(ap) successfully

    6. Mode of "wlan1" interface is now assigned as "Managed" with ssid "test_wpa". Check this by querying information via iwconfig/iw command
        .. literalinclude:: supp_cmds/cmd_supp_iwx_status_station.py

``METHOD 2: Without Network Block in wpa_supplicant.conf file``
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

    1. Go to wpa_supplicant directory
        .. literalinclude:: supp_cmds/cmd_supp_cd.py

    2. Create wpa_supplicant.conf file without a network block
        .. literalinclude:: supp_cmds/cmd_supp_conf_content_no_nw_block.py

    3. Run wpa_supplicant without network block in wpa_supplicant.conf file
        .. literalinclude:: supp_cmds/cmd_supp_run.py

    4. Run wpa_cli to connect to WPA network
        .. literalinclude:: supp_cmds/cmd_supp_wpa_cli_connect_nw.py

Run data traffic
------------------

==========================     ===========================================================   ================================================================
 Steps                          AP                                                           Station
==========================     ===========================================================   ================================================================
Step 1 : Assign IP address     .. literalinclude:: traffic_cmds/cmd_ifconfig_set_ap.py       .. literalinclude:: traffic_cmds/cmd_ifconfig_set_station.py

Step 2 : Check IP address      .. literalinclude:: traffic_cmds/cmd_ifconfig_ap_status.py    .. literalinclude:: traffic_cmds/cmd_ifconfig_station_status.py

Step 3 : Check ping            .. literalinclude:: traffic_cmds/cmd_ping_sta_from_ap.py      .. literalinclude:: traffic_cmds/cmd_ping_ap_from_sta.py

Step 4 : Run iperf TCP DL      .. literalinclude:: traffic_cmds/cmd_tcp_dl_ap.py             .. literalinclude:: traffic_cmds/cmd_tcp_dl_station.py

Step 5 : Run iperf TCP UL      .. literalinclude:: traffic_cmds/cmd_tcp_ul_ap.py             .. literalinclude:: traffic_cmds/cmd_tcp_ul_station.py

Step 6 : Run iperf UDP DL      .. literalinclude:: traffic_cmds/cmd_udp_dl_ap.py             .. literalinclude:: traffic_cmds/cmd_udp_dl_station.py

Step 7 : Run iperf UDP UL      .. literalinclude:: traffic_cmds/cmd_udp_ul_ap.py             .. literalinclude:: traffic_cmds/cmd_udp_ul_station.py
==========================     ===========================================================   ================================================================