1
wpa_supplicant for Windows
2
==========================
4
Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi> and
8
This program is dual-licensed under both the GPL version 2 and BSD
9
license. Either license may be used at your option.
11
This product includes software developed by the OpenSSL Project
12
for use in the OpenSSL Toolkit (http://www.openssl.org/)
15
wpa_supplicant has support for being used as a WPA/WPA2/IEEE 802.1X
16
Supplicant on Windows. The current port requires that WinPcap
17
(http://winpcap.polito.it/) is installed for accessing packets and the
18
driver interface. Both release versions 3.0 and 3.1 are supported.
20
The current port is still somewhat experimental. It has been tested
21
mainly on Windows XP (SP2) with limited set of NDIS drivers. In
22
addition, the current version has been reported to work with Windows
25
All security modes have been verified to work (at least complete
26
authentication and successfully ping a wired host):
28
- static WEP / open system authentication
29
- static WEP / shared key authentication
30
- IEEE 802.1X with dynamic WEP keys
31
- WPA-PSK, TKIP, CCMP, TKIP+CCMP
32
- WPA-EAP, TKIP, CCMP, TKIP+CCMP
33
- WPA2-PSK, TKIP, CCMP, TKIP+CCMP
34
- WPA2-EAP, TKIP, CCMP, TKIP+CCMP
40
Compiled binary version of the wpa_supplicant and additional tools is
41
available from http://w1.fi/wpa_supplicant/. These binaries can be
42
used after installing WinPcap.
44
wpa_gui uses Qt 4 framework and may need additional dynamic libraries
45
(DLLs). These libraries are available from
46
http://w1.fi/wpa_supplicant/qt4/wpa_gui-qt433-windows-dll.zip
47
You can copy the DLL files from this ZIP package into the same directory
48
with wpa_gui.exe to allow wpa_gui to be started.
51
Building wpa_supplicant with mingw
52
----------------------------------
54
The default build setup for wpa_supplicant is to use MinGW and
55
cross-compiling from Linux to MinGW/Windows. It should also be
56
possible to build this under Windows using the MinGW tools, but that
57
is not tested nor supported and is likely to require some changes to
58
the Makefile unless cygwin is used.
61
Building wpa_supplicant with MSVC
62
---------------------------------
64
wpa_supplicant can be built with Microsoft Visual C++ compiler. This
65
has been tested with Microsoft Visual C++ Toolkit 2003 and Visual
66
Studio 2005 using the included nmake.mak as a Makefile for nmake. IDE
67
can also be used by creating a project that includes the files and
68
defines mentioned in nmake.mak. Example VS2005 solution and project
69
files are included in vs2005 subdirectory. This can be used as a
70
starting point for building the programs with VS2005 IDE.
72
WinPcap development package is needed for the build and this can be
73
downloaded from http://www.winpcap.org/install/bin/WpdPack_3_1.zip. The
74
default nmake.mak expects this to be unpacked into C:\dev\WpdPack so
75
that Include and Lib directories are in this directory. The files can be
76
stored elsewhere as long as the WINPCAPDIR in nmake.mak is updated to
77
match with the selected directory. In case a project file in the IDE is
78
used, these Include and Lib directories need to be added to project
79
properties as additional include/library directories.
81
OpenSSL source package can be downloaded from
82
http://www.openssl.org/source/openssl-0.9.8b.tar.gz and built and
83
installed following instructions in INSTALL.W32. Note that if EAP-FAST
84
support will be included in the wpa_supplicant, OpenSSL needs to be
85
patched to# support it openssl-tls-extensions.patch. The example
86
nmake.mak file expects OpenSSL to be installed into C:\dev\openssl, but
87
this directory can be modified by changing OPENSSLDIR variable in
90
If you do not need EAP-FAST support, you may also be able to use Win32
91
binary installation package of OpenSSL from
92
http://www.slproweb.com/products/Win32OpenSSL.html instead of building
93
the library yourself. In this case, you will need to copy Include and
94
Lib directories in suitable directory, e.g., C:\dev\openssl for the
95
default nmake.mak. Copy {Win32OpenSSLRoot}\include into
96
C:\dev\openssl\include and make C:\dev\openssl\lib subdirectory with
97
files from {Win32OpenSSLRoot}\VC (i.e., libeay*.lib and ssleay*.lib).
98
This will end up using dynamically linked OpenSSL (i.e., .dll files are
99
needed) for it. Alternative, you can copy files from
100
{Win32OpenSSLRoot}\VC\static to create a static build (no OpenSSL .dll
104
Building wpa_supplicant for cygwin
105
----------------------------------
107
wpa_supplicant can be built for cygwin by installing the needed
108
development packages for cygwin. This includes things like compiler,
109
make, openssl development package, etc. In addition, developer's pack
110
for WinPcap (WPdpack.zip) from
111
http://winpcap.polito.it/install/default.htm is needed.
113
.config file should enable only one driver interface,
114
CONFIG_DRIVER_NDIS. In addition, include directories may need to be
115
added to match the system. An example configuration is available in
116
defconfig. The library and include files for WinPcap will either need
117
to be installed in compiler/linker default directories or their
118
location will need to be adding to .config when building
121
Othen than this, the build should be more or less identical to Linux
122
version, i.e., just run make after having created .config file. An
123
additional tool, win_if_list.exe, can be built by running "make
130
wpa_gui uses Qt application framework from Trolltech. It can be built
131
with the open source version of Qt4 and MinGW. Following commands can
132
be used to build the binary in the Qt 4 Command Prompt:
134
# go to the root directory of wpa_supplicant source code
136
qmake -o Makefile wpa_gui.pro
138
# the wpa_gui.exe binary is created into 'release' subdirectory
141
Using wpa_supplicant for Windows
142
--------------------------------
144
wpa_supplicant, wpa_cli, and wpa_gui behave more or less identically to
145
Linux version, so instructions in README and example wpa_supplicant.conf
146
should be applicable for most parts. In addition, there is another
147
version of wpa_supplicant, wpasvc.exe, which can be used as a Windows
148
service and which reads its configuration from registry instead of
151
When using access points in "hidden SSID" mode, ap_scan=2 mode need to
152
be used (see wpa_supplicant.conf for more information).
154
Windows NDIS/WinPcap uses quite long interface names, so some care
155
will be needed when starting wpa_supplicant. Alternatively, the
156
adapter description can be used as the interface name which may be
157
easier since it is usually in more human-readable
158
format. win_if_list.exe can be used to find out the proper interface
161
Example steps in starting up wpa_supplicant:
164
ifname: \Device\NPF_GenericNdisWanAdapter
165
description: Generic NdisWan adapter
167
ifname: \Device\NPF_{769E012B-FD17-4935-A5E3-8090C38E25D2}
168
description: Atheros Wireless Network Adapter (Microsoft's Packet Scheduler)
170
ifname: \Device\NPF_{732546E7-E26C-48E3-9871-7537B020A211}
171
description: Intel 8255x-based Integrated Fast Ethernet (Microsoft's Packet Scheduler)
174
Since the example configuration used Atheros WLAN card, the middle one
175
is the correct interface in this case. The interface name for -i
176
command line option is the full string following "ifname:" (the
177
"\Device\NPF_" prefix can be removed). In other words, wpa_supplicant
178
would be started with the following command:
180
# wpa_supplicant.exe -i'{769E012B-FD17-4935-A5E3-8090C38E25D2}' -c wpa_supplicant.conf -d
182
-d optional enables some more debugging (use -dd for even more, if
183
needed). It can be left out if debugging information is not needed.
185
With the alternative mechanism for selecting the interface, this
186
command has identical results in this case:
188
# wpa_supplicant.exe -iAtheros -c wpa_supplicant.conf -d
191
Simple configuration example for WPA-PSK:
200
psk="secret passphrase"
203
(remove '#' from the comment out ap_scan line to enable mode in which
204
wpa_supplicant tries to associate with the SSID without doing
205
scanning; this allows APs with hidden SSIDs to be used)
208
wpa_cli.exe and wpa_gui.exe can be used to interact with the
209
wpa_supplicant.exe program in the same way as with Linux. Note that
210
ctrl_interface is using UNIX domain sockets when built for cygwin, but
211
the native build for Windows uses named pipes and the contents of the
212
ctrl_interface configuration item is used to control access to the
213
interface. Anyway, this variable has to be included in the configuration
214
to enable the control interface.
217
Example SDDL string formats:
219
(local admins group has permission, but nobody else):
221
ctrl_interface=SDDL=D:(A;;GA;;;BA)
223
("A" == "access allowed", "GA" == GENERIC_ALL == all permissions, and
224
"BA" == "builtin administrators" == the local admins. The empty fields
225
are for flags and object GUIDs, none of which should be required in this
228
(local admins and the local "power users" group have permissions,
231
ctrl_interface=SDDL=D:(A;;GA;;;BA)(A;;GA;;;PU)
233
(One ACCESS_ALLOWED ACE for GENERIC_ALL for builtin administrators, and
234
one ACCESS_ALLOWED ACE for GENERIC_ALL for power users.)
236
(close to wide open, but you have to be a valid user on
239
ctrl_interface=SDDL=D:(A;;GA;;;AU)
241
(One ACCESS_ALLOWED ACE for GENERIC_ALL for the "authenticated users"
244
This one would allow absolutely everyone (including anonymous
245
users) -- this is *not* recommended, since named pipes can be attached
246
to from anywhere on the network (i.e. there's no "this machine only"
247
like there is with 127.0.0.1 sockets):
249
ctrl_interface=SDDL=D:(A;;GA;;;BU)(A;;GA;;;AN)
251
(BU == "builtin users", "AN" == "anonymous")
253
See also [1] for the format of ACEs, and [2] for the possible strings
254
that can be used for principal names.
257
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/ace_strings.asp
259
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/sid_strings.asp
262
Starting wpa_supplicant as a Windows service (wpasvc.exe)
263
---------------------------------------------------------
265
wpa_supplicant can be started as a Windows service by using wpasvc.exe
266
program that is alternative build of wpa_supplicant.exe. Most of the
267
core functionality of wpasvc.exe is identical to wpa_supplicant.exe,
268
but it is using Windows registry for configuration information instead
269
of a text file and command line parameters. In addition, it can be
270
registered as a service that can be started automatically or manually
271
like any other Windows service.
273
The root of wpa_supplicant configuration in registry is
274
HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant. This level includes global
275
parameters and a 'interfaces' subkey with all the interface configuration
276
(adapter to confname mapping). Each such mapping is a subkey that has
277
'adapter', 'config', and 'ctrl_interface' values.
279
This program can be run either as a normal command line application,
280
e.g., for debugging, with 'wpasvc.exe app' or as a Windows service.
281
Service need to be registered with 'wpasvc.exe reg <full path to
282
wpasvc.exe>'. Alternatively, 'wpasvc.exe reg' can be used to register
283
the service with the current location of wpasvc.exe. After this, wpasvc
284
can be started like any other Windows service (e.g., 'net start wpasvc')
285
or it can be configured to start automatically through the Services tool
286
in administrative tasks. The service can be unregistered with
289
If the service is set to start during system bootup to make the
290
network connection available before any user has logged in, there may
291
be a long (half a minute or so) delay in starting up wpa_supplicant
292
due to WinPcap needing a driver called "Network Monitor Driver" which
293
is started by default on demand.
295
To speed up wpa_supplicant start during system bootup, "Network
296
Monitor Driver" can be configured to be started sooner by setting its
297
startup type to System instead of the default Demand. To do this, open
298
up Device Manager, select Show Hidden Devices, expand the "Non
299
Plug-and-Play devices" branch, double click "Network Monitor Driver",
300
go to the Driver tab, and change the Demand setting to System instead.
302
Configuration data is in HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs
303
key. Each configuration profile has its own key under this. In terms of text
304
files, each profile would map to a separate text file with possibly multiple
305
networks. Under each profile, there is a networks key that lists all
306
networks as a subkey. Each network has set of values in the same way as
307
network block in the configuration file. In addition, blobs subkey has
308
possible blobs as values.
310
HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs\test\networks\0000
314
See win_example.reg for an example on how to setup wpasvc.exe
315
parameters in registry. It can also be imported to registry as a
316
starting point for the configuration.
320
License information for third party software used in this product:
325
/* ====================================================================
326
* Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
328
* Redistribution and use in source and binary forms, with or without
329
* modification, are permitted provided that the following conditions
332
* 1. Redistributions of source code must retain the above copyright
333
* notice, this list of conditions and the following disclaimer.
335
* 2. Redistributions in binary form must reproduce the above copyright
336
* notice, this list of conditions and the following disclaimer in
337
* the documentation and/or other materials provided with the
340
* 3. All advertising materials mentioning features or use of this
341
* software must display the following acknowledgment:
342
* "This product includes software developed by the OpenSSL Project
343
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
345
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
346
* endorse or promote products derived from this software without
347
* prior written permission. For written permission, please contact
348
* openssl-core@openssl.org.
350
* 5. Products derived from this software may not be called "OpenSSL"
351
* nor may "OpenSSL" appear in their names without prior written
352
* permission of the OpenSSL Project.
354
* 6. Redistributions of any form whatsoever must retain the following
356
* "This product includes software developed by the OpenSSL Project
357
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
359
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
360
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
361
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
362
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
363
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
364
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
365
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
366
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
367
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
368
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
369
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
370
* OF THE POSSIBILITY OF SUCH DAMAGE.
371
* ====================================================================
373
* This product includes cryptographic software written by Eric Young
374
* (eay@cryptsoft.com). This product includes software written by Tim
375
* Hudson (tjh@cryptsoft.com).
379
Original SSLeay License
380
-----------------------
382
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
383
* All rights reserved.
385
* This package is an SSL implementation written
386
* by Eric Young (eay@cryptsoft.com).
387
* The implementation was written so as to conform with Netscapes SSL.
389
* This library is free for commercial and non-commercial use as long as
390
* the following conditions are aheared to. The following conditions
391
* apply to all code found in this distribution, be it the RC4, RSA,
392
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
393
* included with this distribution is covered by the same copyright terms
394
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
396
* Copyright remains Eric Young's, and as such any Copyright notices in
397
* the code are not to be removed.
398
* If this package is used in a product, Eric Young should be given attribution
399
* as the author of the parts of the library used.
400
* This can be in the form of a textual message at program startup or
401
* in documentation (online or textual) provided with the package.
403
* Redistribution and use in source and binary forms, with or without
404
* modification, are permitted provided that the following conditions
406
* 1. Redistributions of source code must retain the copyright
407
* notice, this list of conditions and the following disclaimer.
408
* 2. Redistributions in binary form must reproduce the above copyright
409
* notice, this list of conditions and the following disclaimer in the
410
* documentation and/or other materials provided with the distribution.
411
* 3. All advertising materials mentioning features or use of this software
412
* must display the following acknowledgement:
413
* "This product includes cryptographic software written by
414
* Eric Young (eay@cryptsoft.com)"
415
* The word 'cryptographic' can be left out if the rouines from the library
416
* being used are not cryptographic related :-).
417
* 4. If you include any Windows specific code (or a derivative thereof) from
418
* the apps directory (application code) you must include an acknowledgement:
419
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
421
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
422
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
423
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
424
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
425
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
426
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
427
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
428
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
429
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
430
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
433
* The licence and distribution terms for any publically available version or
434
* derivative of this code cannot be changed. i.e. this code cannot simply be
435
* copied and put under another distribution licence
436
* [including the GNU Public Licence.]
441
Qt Open Source Edition
442
----------------------
444
The Qt GUI Toolkit is Copyright (C) 1994-2007 Trolltech ASA.
445
Qt Open Source Edition is licensed under GPL version 2.
447
Source code for the library is available at
448
http://w1.fi/wpa_supplicant/qt4/qt-win-opensource-src-4.3.3.zip
added
removed
wpa_supplicant/README-Windows.txt
