WPA_SUPPLICANT/P2P Introduction

Introduction - Supplicant  :

•Supplicant is a daemon program which acts as a backend component controlling the wireless connection.

•Supplicant provides an interface for the user applications to interact with the Wi-Fi driver for managing the wireless connection.

•A Supplicant supports

–IEEE802.1X/WPA client and authenticator functionality.

–WPS Enrollee and Registrar functionality.

–Wi-Fi Direct / P2P functionality.

–IEEE 802.11 Client and Access Point management functionality.

•The component on the client is called as wpa_supplicant and the one on the AP as hostapd (though certain implementations club hostapd to the wpa_supplicant, thus having a single daemon)

•Controls the roaming and IEEE 802.11 authentication/ association of the wlan driver.

•Following steps are used when associating with an AP using WPA:

          - wpa_supplicant requests the kernel driver to scan neighboring BSSes.

          - wpa_supplicant selects a BSS based on its configuration.

- wpa_supplicant requests the driver to associate with  the chosen BSS.

- For WPA-PSK: wpa_supplicant uses PSK as the master session key wpa_supplicant completes       WPA 4Way and Group Key Handshake with the Authenticator.

- wpa_supplicant configures encryption keys for unicast and broadcast normal data packets can      be transmitted and received.

P2P/Wi-Fi Functionality:

•Wi-Fi Direct / P2P , an extension to the Wi-Fi standard , defines the protocols for the peers/stations to communicate among them selves without having to go through the Access Points/Routers.

•The supplicant also provides the p2p functionality.

•The following are some of the p2p actions that are performed by the supplicant.

–P2P_find.

–P2P_prov_disc.

–P2P_connect.

–P2P_Invite.

–P2P_group_add.

•The p2p supplicant exposes the functions to the cli/framework to trigger each action.

•Challenges for p2p supplicant are Remain on channel and off channel transmission
more information:  https://eonlineclassroom.blogspot.in/2017/08/p2p.html

WPS Functionality:

•Wi-Fi Protected Setup (WPS) is a mechanism for easy configuration of a wireless network. It allows automated generation of random keys (WPA passphrase/PSK) and configuration of an access point and client devices.

•WPS includes number of methods for setting up connections with PIN method and push-button configuration (PBC) being the most commonly deployed options.

•Registrar: An entity with the authority to issue and revoke Domain Credentials. A Registrar may be integrated into an AP, or it may be separate from the AP.

•Enrollee: A Device seeking to join a WLAN Domain. Once an Enrollee obtains a valid credential, it becomes a Member.

•WPS Supplicant can be used to support the Registrar functionality or as an enrollee (to enroll a new Enrollee to join the network).

•WPS Supplicant ensures that the credentials of the Registrar are configured with the enrollee for the WPA handshake to happen.

•WPS Supplicant uses 8 way handshake for the enrollee to obtain the credentials of the Registrar.

•The client (an Enrollee ) connects to the AP (a registrar) for the WPS handshake ( 8 way ) to take place.

•Once the credentials are received, the client tears off the established connection to the AP and shall initiate a fresh connection for the WPA handshake to take place.

Hostapd:

•Hostapd is a user space daemon used for access point.

•Hostapd includes 802.11x/WPA/WPA2 Authenticator functionality.

•Hostapd includes IEEE 802.11 access point management (authentication / association) functionality.

•Hostapd implements a control interface that can be used by external programs to control the operations of the hostapd  daemon and to get status information and event notifications.

•wpa_supplicant uses a single process model and an event loop to provide the call back on the events.

•Thus the modules interact by reading and writing the state which is stored in shared global data structures.

•event_loop module shall trigger the call backs based on the following events

–Registered timeouts

–Received packets from the driver

–Signal

•driver i/f module abstracts the wpa_supplicant of the used interface module to interact with the driver.

•The common interfaces are ‘wext’ and ‘nl80211’ interfaces.

Building and Installing:

•Supplicant is built by creating a build time configuration file , .config , in the root directory.

•The build time configuration can be used to select only the needed features and limit the binary size and requirements for external libraries.

•The main configuration parts are the selection of which driver interfaces (e.g., nl80211, wext, ..) and which authentication methods (e.g., EAP-TLS, EAP-PEAP, ..) are included.

•The supplicant can be built by the ‘make’ command and the binaries could be installed in a suitable system directory.

•A configuration file with the network configuration for the networks being used has to be created .

•The configuration file lists all the accepted networks and security policies , including the pre shared keys.

•The following is the example configuration for WPA-PSK.

  network={

          ssid="home"

  scan_ssid=1

          key_mgmt=WPA-PSK

          psk="very secret passphrase"

  }

•wpa_supplicant is run with the following command options

– wpa_supplicant -Dnl80211 -c/etc/wpa_supplicant.conf -iwlan0

•Please refer to README in the root directory for more information.