========
wpa2
========

WPA2 frame exchange
--------------------

    WPA2 is a type of encryption used to secure the vast majority of Wi-Fi networks.
    A WPA2 network provides unique encryption keys for each wireless client that connects to it.
    WPA2 includes mandatory support for CCMP, an AES-based encryption mode.

    The following is a resprestaion of WPA2 handshake

	The following is a resprestaion of WPA (WPA1) handshake
	
		``Hostapd(AP)                                         wpa_supplicant(station)``

		``|<<-----------------------Auth_Req---------------------------|``

		``|-------------------------Auth_Resp------------------------>>|``
		
		``|<<-----------------------Assoc_Req--------------------------|``
		
		``|-------------------------Assoc_Resp----------------------->>|``
		
		``|--------------------------EAPOL-M1------------------------>>|``
		
		``|<<------------------------EAPOL-M2--------------------------|``

		``|--------------------------EAPOL-M3------------------------>>|``
		
		``|<<------------------------EAPOL-M4--------------------------|``

Test bed
------------
    Inorder to execute below practical example, two Linux machines are needed with ubuntu version >= 16.04.

    * Check the Ubuntu version on your machine. Ubuntu version used for in this site is 20.04
        .. literalinclude:: test_bed_cmds/cmd_test_bed_ubuntu_ver.py

wpa_supplicant compilation
-----------------------------------

    The daemon process that runs in the client stations.
    It implements WPA key negotiation with a WPA Authenticator and EAP authentication with Authentication Server.
    In addition, it controls the roaming and IEEE 802.11 authentication/association of the wireless LAN driver.
    Following are the steps to download and compiling wpa_supplicant from source code

    1. Download latest wpa_supplicant
        .. literalinclude:: supp_cmds/cmd_supp_download.py

    2. Install required packages
        .. literalinclude:: supp_cmds/cmd_supp_pkgs.py

       below messages indicate that packages are installed successfully
        .. literalinclude:: supp_cmds/cmd_supp_pkgs_installed_msg.py

    3. Extract the tar file
        .. literalinclude:: supp_cmds/cmd_supp_untar.py

    4. Go to wpa_supplicant directory
        .. literalinclude:: supp_cmds/cmd_supp_cd.py

    5. Copy the default configuration into .conf file
        .. literalinclude:: supp_cmds/cmd_supp_defconfig.py

    6. Enable below configs in .config
        .. literalinclude:: supp_cmds/cmd_supp_defconfig_configs.py

    7. Build the wpa_supplicant
        .. literalinclude:: supp_cmds/cmd_supp_make.py

        Below is the list of files compiled based on the features enabled in ".config"

        .. literalinclude:: supp_cmds/cmd_supp_make_log.py

    8. Install the compiled commands (optional)
        .. literalinclude:: supp_cmds/cmd_supp_install.py

hostapd compilation
-----------------------------------

    The hostapd is a user space daemon for access point and authentication servers.
    It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS authentication server.
    Following are the steps to download and compiling hostapd from source code

    1. Download latest hostapd
        .. literalinclude:: hostapd_cmds/cmd_hostapd_download.py

    2. Install required packages  
        .. literalinclude:: hostapd_cmds/cmd_hostapd_pkgs.py

       below messages indicate that packages are installed successfully
        .. literalinclude:: hostapd_cmds/cmd_hostapd_pkgs_installed_msg.py

    3. Extract the tar file
        .. literalinclude:: hostapd_cmds/cmd_hostapd_untar.py

    4. Go to Hostapd directory
        .. literalinclude:: hostapd_cmds/cmd_hostapd_cd.py

    5. Copy the default configuration into .conf file
        .. literalinclude:: hostapd_cmds/cmd_hostapd_defconfig.py

    6. Enable below configs in .config
        .. literalinclude:: hostapd_cmds/cmd_hostapd_defconfig_configs.py

    7. Build the Hostapd
        .. literalinclude:: hostapd_cmds/cmd_hostapd_make.py

        Below is the list of files compiled based on the features enabled in ".config"

        .. literalinclude:: hostapd_cmds/cmd_hostapd_make_log.py

    8. Install the compiled commands (optional)
        .. literalinclude:: hostapd_cmds/cmd_hostapd_install.py

Running hostapd
------------------------

    1. Check if wifi interface with the name "wlan0" is available. This is created on boot up of the ubuntu machine or by installing wifi driver manually

        .. literalinclude:: hostapd_cmds/cmd_hostapd_iwx_status.py

    2. Create a hostapd.conf file in /etc/hostapd/ folder with below content
        .. literalinclude:: hostapd_cmds/cmd_hostapd_conf_edit.py
        
        Copy below content

        .. literalinclude:: hostapd_cmds/cmd_hostapd_conf_content.py

    3. Go to hostapd directory 
        .. literalinclude:: hostapd_cmds/cmd_hostapd_cd.py

    4. Run hostapd by issuing follwing command 
        .. literalinclude:: hostapd_cmds/cmd_hostapd_run.py

        Below log messages are seen on console after running hostapd

        .. literalinclude:: hostapd_cmds/cmd_hostapd_run_log.py

    5. Mode of "wlan0" interface is now assigned as "AP/Master". Check this by querying information via iwconfig/iw command

        .. literalinclude:: hostapd_cmds/cmd_hostapd_iwx_status_ap.py

Running wpa_supplicant
---------------------------------

``METHOD 1: With Network Block in wpa_supplicant.conf file``
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

    1. Check if wifi interface with the name "wlan1" is available. This is created on boot up of the ubuntu machine or by installing wifi driver manually
        .. literalinclude:: supp_cmds/cmd_supp_iwx_status.py

    2. Go to wpa_supplicant directory 
        .. literalinclude:: supp_cmds/cmd_supp_cd.py

    3. Create wpa_supplicant.conf file with following network block contents

         delete all existing content and copy below content

        .. literalinclude:: supp_cmds/cmd_supp_conf_content.py

    4. Run wpa_supplicant
        .. literalinclude:: supp_cmds/cmd_supp_run.py

        Below log messages are seen on console after running wpa_supplicant

        .. literalinclude:: supp_cmds/cmd_supp_run_log.py

        Message "CTRL-EVENT-CONNECTED" indicates that wpa_supplicant(station) is connected to hostapd(ap) successfully

    5. Run wpa_cli and check status in wpa_cli prompt
        .. literalinclude:: supp_cmds/cmd_supp_wpa_cli_check_status.py

        Message "wpa_state=COMPLETE" indicates that wpa_supplicant(station) is connected to hostapd(ap) successfully

    6. Mode of "wlan1" interface is now assigned as "Managed" with ssid "test_wpa2". Check this by querying information via iwconfig/iw command
        .. literalinclude:: supp_cmds/cmd_supp_iwx_status_station.py

``METHOD 2: Without Network Block in wpa_supplicant.conf file``
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""

    1. Go to wpa_supplicant directory
        .. literalinclude:: supp_cmds/cmd_supp_cd.py

    2. Create wpa_supplicant.conf file without a network block
        .. literalinclude:: supp_cmds/cmd_supp_conf_content_no_nw_block.py

    3. Run wpa_supplicant without network block in wpa_supplicant.conf file
        .. literalinclude:: supp_cmds/cmd_supp_run.py

    4. Run wpa_cli to connect to WPA2 network
        .. literalinclude:: supp_cmds/cmd_supp_wpa_cli_connect_nw.py

Run data traffic
------------------

==========================     ===========================================================   ================================================================
 Steps                          AP                                                           Station
==========================     ===========================================================   ================================================================
Step 1 : Assign IP address     .. literalinclude:: traffic_cmds/cmd_ifconfig_set_ap.py       .. literalinclude:: traffic_cmds/cmd_ifconfig_set_station.py

Step 2 : Check IP address      .. literalinclude:: traffic_cmds/cmd_ifconfig_ap_status.py    .. literalinclude:: traffic_cmds/cmd_ifconfig_station_status.py

Step 3 : Check ping            .. literalinclude:: traffic_cmds/cmd_ping_sta_from_ap.py      .. literalinclude:: traffic_cmds/cmd_ping_ap_from_sta.py

Step 4 : Run iperf TCP DL      .. literalinclude:: traffic_cmds/cmd_tcp_dl_ap.py             .. literalinclude:: traffic_cmds/cmd_tcp_dl_station.py

Step 5 : Run iperf TCP UL      .. literalinclude:: traffic_cmds/cmd_tcp_ul_ap.py             .. literalinclude:: traffic_cmds/cmd_tcp_ul_station.py

Step 6 : Run iperf UDP DL      .. literalinclude:: traffic_cmds/cmd_udp_dl_ap.py             .. literalinclude:: traffic_cmds/cmd_udp_dl_station.py

Step 7 : Run iperf UDP UL      .. literalinclude:: traffic_cmds/cmd_udp_ul_ap.py             .. literalinclude:: traffic_cmds/cmd_udp_ul_station.py
==========================     ===========================================================   ================================================================