Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

WPS: Add a workaround for static WEP with Windows network probe

Windows XP and Vista clients can get confused about EAP-Identity/Request
when they probe the network with EAPOL-Start. In such a case, they may
assume the network is using IEEE 802.1X and prompt user for a
certificate while the correct (non-WPS) behavior would be to ask for the
static WEP key. As a workaround, use Microsoft Provisioning IE to
advertise that legacy 802.1X is not supported.

This seems to make Windows ask for a static WEP key when adding a new
network, but at least Windows XP SP3 was still marking IEEE 802.1X
enabled for the network. Anyway, this is better than just leaving the
network configured with IEEE 802.1X and automatic WEP key distribution.
Jouni Malinen 16 years ago
parent
9e783041fa
commit
143a4bf632
3 changed files with 31 additions and 0 deletions
Split View Show Diff Stats
  1. 2 0
      hostapd/wps_hostapd.c
  2. 5 0
      src/wps/wps.h
  3. 24 0
      src/wps/wps_registrar.c

+ 2 - 0
hostapd/wps_hostapd.c
View File 

@@ -627,6 +627,8 @@ int hostapd_init_wps(struct hostapd_data *hapd,
 
 	cfg.extra_cred_len = conf->extra_cred_len;
 
 	cfg.disable_auto_conf = (hapd->conf->wps_cred_processing == 1) &&
 
 		conf->skip_cred_build;
 
+	if (conf->ssid.security_policy == SECURITY_STATIC_WEP)
 
+		cfg.static_wep_only = 1;
 
 
 	wps->registrar = wps_registrar_init(wps, &cfg);
 
 	if (wps->registrar == NULL) {

+ 5 - 0
src/wps/wps.h
View File 

@@ -277,6 +277,11 @@ struct wps_registrar_config {
 
 	 * to be set with a suitable Credential and skip_cred_build being used.
 
 	 */
 
 	int disable_auto_conf;
 
+
 
+	/**
 
+	 * static_wep_only - Whether the BSS supports only static WEP
 
+	 */
 
+	int static_wep_only;
 
 };

+ 24 - 0
src/wps/wps_registrar.c
View File 

@@ -99,6 +99,7 @@ struct wps_registrar {
 
 	int disable_auto_conf;
 
 	int sel_reg_dev_password_id_override;
 
 	int sel_reg_config_methods_override;
 
+	int static_wep_only;
 
 };
 
 
 
@@ -377,6 +378,7 @@ wps_registrar_init(struct wps_context *wps,
 
 	reg->disable_auto_conf = cfg->disable_auto_conf;
 
 	reg->sel_reg_dev_password_id_override = -1;
 
 	reg->sel_reg_config_methods_override = -1;
 
+	reg->static_wep_only = cfg->static_wep_only;
 
 
 	if (wps_set_ie(reg)) {
 
 		wps_registrar_deinit(reg);
 
@@ -778,6 +780,28 @@ static int wps_set_ie(struct wps_registrar *reg)
 
 		return -1;
 
 	}
 
 
+	if (reg->static_wep_only) {
 
+		/*
 
+		 * Windows XP and Vista clients can get confused about
 
+		 * EAP-Identity/Request when they probe the network with
 
+		 * EAPOL-Start. In such a case, they may assume the network is
 
+		 * using IEEE 802.1X and prompt user for a certificate while
 
+		 * the correct (non-WPS) behavior would be to ask for the
 
+		 * static WEP key. As a workaround, use Microsoft Provisioning
 
+		 * IE to advertise that legacy 802.1X is not supported.
 
+		 */
 
+		const u8 ms_wps[7] = {
 
+			WLAN_EID_VENDOR_SPECIFIC, 5,
 
+			/* Microsoft Provisioning IE (00:50:f2:5) */
 
+			0x00, 0x50, 0xf2, 5,
 
+			0x00 /* no legacy 802.1X or MS WPS */
 
+		};
 
+		wpa_printf(MSG_DEBUG, "WPS: Add Microsoft Provisioning IE "
 
+			   "into Beacon/Probe Response frames");
 
+		wpabuf_put_data(beacon, ms_wps, sizeof(ms_wps));
 
+		wpabuf_put_data(probe, ms_wps, sizeof(ms_wps));
 
+	}
 
+
 
 	ret = wps_cb_set_ie(reg, beacon, probe);
 
 	wpabuf_free(beacon);
 
 	wpabuf_free(probe);