from:"Lorenzo Cappelletti"

Re: [OpenWrt-Devel] WPS patch set overlooked

2012-10-15 Thread Lorenzo Cappelletti

On Mon, Oct 15, 2012 at 3:11 PM, Bas Mevissen ab...@basmevissen.nl wrote:

 Does this WPS patch set contain a way to mitigate the security design flaw?

Not yet.

 Reading the Wikipedia article
 (http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup#Security), it looks
 to me a compatible fix should be possible.

I'm not an expert, but, from the picture of the whole system I gained
by reading here and there, it is possible.  In particular, the brute
force attack can be brought from feasible to computationally
impossible with the following precautions:

- increase the wait time between one attempt and a new one
- enable a setup time window by mean of a (virtual) button to be
pressed on the router
- move away from label setup method to a more secure one such as keypad method.

The last point is my final goal.  My plan is to have a web page
securely accessible on the router where one can enter random PINs
generated by devices that want to connect to my network.

I hope some maintainer on this list will read my posts and make the commits.

-- 
Lorenzo
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] WPS patch set overlooked

2012-10-13 Thread Lorenzo Cappelletti

Hi everyone,

I posted  my first patch set on October 1. Since then, it hasn't been
acknowledged. I must conclude it got overlooked.

The patch set regards WPS (Wi-Fi Protected Setup) support. Could anyone
have a look at it (maybe Felix, who recently moved hostapd directory under
network?). It's not over yet, but I'll be submitting more patches if these
get committed.

Thanks. Lorenzo.

Links to my patch set posts:

https://lists.openwrt.org/pipermail/openwrt-devel/2012-October/016870.html
https://lists.openwrt.org/pipermail/openwrt-devel/2012-October/016871.html
https://lists.openwrt.org/pipermail/openwrt-devel/2012-October/016872.html
https://lists.openwrt.org/pipermail/openwrt-devel/2012-October/016873.html
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 1/4] [package] hostapd: revamped WPS support

2012-10-01 Thread Lorenzo Cappelletti

Moved  WPS code to new function

The WPS implementation is going to have a bigger code base which
justifies a dedicated function with less indentation levels.

Signed-off-by: Lorenzo Cappelletti lorenzo.cappelle...@gmail.com

---

Hi everyone,

I'm a senior embedded C programmer and I'd like to contribute with my
2 cents to this great project.

My final goal consists in implementing a WPS
(http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup) based guest
network which my friends coming by can connect to and have access to
my entire network resources.  Of course, without compromising on
security.

I already started documenting the code on the wiki last month.  My
next step was preparing the ground for a couple of new WPS methods,
label and keypad.  What I'm submitting here is the result of this
first effort.  I hope you'll accept it in the trunk.

Next, I'll move on to implement the keypad method which requires user
inputs.  I think I'll create a dynamic web page here.  Not sure
because I'm new to this.

diff --git a/hostapd/files/hostapd.sh b/hostapd/files/hostapd.sh
--- a/hostapd/files/hostapd.sh
+++ b/hostapd/files/hostapd.sh
@@ -1,3 +1,29 @@
+hostapd_set_wps_options() {
+   local config_methods device_name device_type manufacturer\
+ wps_label wps_pbc
+
+   config_get_bool wps_pbc $vif wps_pushbutton 0
+   config_get_bool wps_label $vif wps_label 0
+
+   config_get config_methods $vif wps_config
+   [ $wps_pbc -gt 0 ]  append config_methods push_button
+
+   [ -z $config_methods ]  return
+
+   # common options
+   config_get device_type $vif wps_device_type 6-0050F204-1
+   config_get device_name $vif wps_device_name OpenWrt AP
+   config_get manufacturer $vif wps_manufacturer openwrt.org
+
+   append $var eap_server=1 $N
+   append $var wps_state=2 $N
+   append $var ap_setup_locked=1 $N
+   append $var device_type=$device_type $N
+   append $var device_name=$device_name $N
+   append $var manufacturer=$manufacturer $N
+   append $var config_methods=$config_methods $N
+}
+
 hostapd_set_bss_options() {
local var=$1
local vif=$2
@@ -159,25 +185,7 @@
config_get ieee80211d $vif ieee80211d
config_get iapp_interface $vif iapp_interface

-   config_get_bool wps_pbc $vif wps_pushbutton 0
-   config_get_bool wps_label $vif wps_label 0
-
-   config_get config_methods $vif wps_config
-   [ $wps_pbc -gt 0 ]  append config_methods push_button
-
-   [ -n $wps_possible -a -n $config_methods ]  {
-   config_get device_type $vif wps_device_type 6-0050F204-1
-   config_get device_name $vif wps_device_name OpenWrt AP
-   config_get manufacturer $vif wps_manufacturer openwrt.org
-
-   append $var eap_server=1 $N
-   append $var wps_state=2 $N
-   append $var ap_setup_locked=1 $N
-   append $var device_type=$device_type $N
-   append $var device_name=$device_name $N
-   append $var manufacturer=$manufacturer $N
-   append $var config_methods=$config_methods $N
-   }
+   [ -n $wps_possible ]  hostapd_set_wps_options

append $var ssid=$ssid $N
[ -n $bridge ]  append $var bridge=$bridge $N
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 2/4] [package] hostapd: revamped WPS support

2012-10-01 Thread Lorenzo Cappelletti

Deprecated config options 'wps_label' and 'wps_pbc'

The use of a list option 'wps_pushbutton' is more scalable.

Signed-off-by: Lorenzo Cappelletti lorenzo.cappelle...@gmail.com

---

diff --git a/hostapd/files/hostapd.sh b/hostapd/files/hostapd.sh
--- a/hostapd/files/hostapd.sh
+++ b/hostapd/files/hostapd.sh
@@ -1,12 +1,14 @@
 hostapd_set_wps_options() {
-   local config_methods device_name device_type manufacturer\
- wps_label wps_pbc
+   local config_methods device_name device_type manufacturer

+   config_get config_methods $vif wps_config_methods
+   
+   # deprecated options
+   local wps_label wps_pbc
config_get_bool wps_pbc $vif wps_pushbutton 0
+   [ $wps_pbc -gt 0 ]  append config_methods push_button
config_get_bool wps_label $vif wps_label 0
-
-   config_get config_methods $vif wps_config
-   [ $wps_pbc -gt 0 ]  append config_methods push_button
+   $wps_label -gt 0 ]  append config_methods label

[ -z $config_methods ]  return

@@ -22,6 +24,18 @@
append $var device_name=$device_name $N
append $var manufacturer=$manufacturer $N
append $var config_methods=$config_methods $N
+
+   # per-method options
+   list_contains config_methods label  {
+   list_remove config_methods label
+   }
+
+   list_contains config_methods push_button  {
+   list_remove config_methods push_button
+   }
+
+   [ -z $config_methods ] ||\
+   logger -t $vif WPS config methods not supported: 
$config_methods
 }

 hostapd_set_bss_options() {
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 4/4] [package] hostapd: revamped WPS support

2012-10-01 Thread Lorenzo Cappelletti

Added 'wps_ap_pin' option along with a default pin for 'label' method

Signed-off-by: Lorenzo Cappelletti lorenzo.cappelle...@gmail.com

---

diff --git a/hostapd/files/hostapd.sh b/hostapd/files/hostapd.sh
--- a/hostapd/files/hostapd.sh
+++ b/hostapd/files/hostapd.sh
@@ -35,7 +35,11 @@

# per-method options
list_contains config_methods label  {
+   local ap_pin
+
list_remove config_methods label
+
+   config_get ap_pin $vif wps_ap_pin 12345670
}

list_contains config_methods push_button  {
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH 3/4] [package] hostapd: revamped WPS support

2012-10-01 Thread Lorenzo Cappelletti

Enabled random per-device PSK generation for WPS clients

Signed-off-by: Lorenzo Cappelletti lorenzo.cappelle...@gmail.com

---

diff --git a/hostapd/files/hostapd.sh b/hostapd/files/hostapd.sh
--- a/hostapd/files/hostapd.sh
+++ b/hostapd/files/hostapd.sh
@@ -1,5 +1,6 @@
 hostapd_set_wps_options() {
-   local config_methods device_name device_type manufacturer
+   local config_methods device_name device_type manufacturer\
+ wpa_psk_file

config_get config_methods $vif wps_config_methods

@@ -13,6 +14,7 @@
[ -z $config_methods ]  return

# common options
+   config_get ifname $vif ifname
config_get device_type $vif wps_device_type 6-0050F204-1
config_get device_name $vif wps_device_name OpenWrt AP
config_get manufacturer $vif wps_manufacturer openwrt.org
@@ -25,6 +27,12 @@
append $var manufacturer=$manufacturer $N
append $var config_methods=$config_methods $N

+   # enable random per-device PSK generation for WPS clients
+   # (file has to exists for hostapd to start)
+   wpa_psk_file=/var/run/hostapd-$ifname.psk
+   append $var wpa_psk_file=$wpa_psk_file $N
+   [ ! -e $wpa_psk_file ]  : $wpa_psk_file
+
# per-method options
list_contains config_methods label  {
list_remove config_methods label
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] WPS patch set overlooked

[OpenWrt-Devel] WPS patch set overlooked

[OpenWrt-Devel] [PATCH 1/4] [package] hostapd: revamped WPS support

[OpenWrt-Devel] [PATCH 2/4] [package] hostapd: revamped WPS support

[OpenWrt-Devel] [PATCH 4/4] [package] hostapd: revamped WPS support

[OpenWrt-Devel] [PATCH 3/4] [package] hostapd: revamped WPS support

6 matches

Site Navigation

Mail list logo

Footer information