Any hope for PEAP/LEAP authentication?
Opened this issue · 16 comments
I know many of us would love to see some PEAP/LEAP for iPhone, especially
anyone working at a large company or university... Is this even possible?
Original issue reported on code.google.com by ecal...@gmail.com
on 11 Sep 2007 at 1:02
AFAIK, and I've only worked with PEAP a little bit, both LEAP and PEAP are
implemented at the tcp layer - there should be no reason why a simple
authentication
client could not be written for the iphone. Could you give examples of some
client
you currently use, and like?
Original comment by lok...@gmail.com
on 11 Sep 2007 at 4:45
- Added labels: Priority-Low, Type-Other
- Removed labels: Priority-Medium, Type-Defect
[deleted comment]
Yeah, I think PEAP is much more common anyways. Also I have noticed that
several
universities in my area offer free wifi with PEAP, which would be awesome for
the
iPhone. The ability to cache PEAP session keys is also pretty essential for
practical use on iPhone. I am currently using the Microsoft XP PEAP client for
PC authentication, but I am sure one exists for the OSX framework.
Original comment by ecal...@gmail.com
on 11 Sep 2007 at 5:53
I found a possible open source 802.1x client here:
http://open1x.sourceforge.net/
Original comment by ecal...@gmail.com
on 11 Sep 2007 at 6:04
Hi, I'm also very interested in seeing this implemented. My university only
supports
LEAP for network authentication, which is really lame for all the iphone
owners. I
wish I could help dev, but my coding knowledge is limited.
Original comment by delore...@gmail.com
on 25 Sep 2007 at 8:18
802.1x is really important. Please add it to this project.
Original comment by 0mania0c...@gmail.com
on 21 Oct 2007 at 10:36
A couple of comments:
*) 802.1X *is* possible for the iPhone... at least theoretically.
*) 802.1X is done at the frame layer, not the TCP layer. It requires some
pretty
direct access to the wireless hardware.
*) Issues that need to be solved to make 802.1X viable:
A native iPhone frame handler (there's already one present in OpenLLDP that
should do
nicely).
Ability to scan for networks via iPhone Airport APIs, connect to said networks.
(Most
of this is already possible with the work that has been done here)
Ability to set wireless keys. (this is going to be the tricky part)
Since the Apple Airport APIs are proprietary, it's not a simple matter of
hooking the
bits up. Some reverse engineering has to take place.
Is anyone up to reverse engineering the key set routines? I'm afraid it's
beyond my
capabilities.
Original comment by nonbroad...@gmail.com
on 31 Oct 2007 at 10:56
For what it's worth, here's XSupplicant running on the iPhone. Without the
other
pieces I mentioned, it's pretty much useless, though.
# uname -a
Darwin *****'s iPhone 9.0.0d1 Darwin Kernel Version 9.0.0d1: Wed Sep 19
00:08:43 PDT
2007; root:xnu-933.0.0.203.obj~21/RELEASE_ARM_S5L8900XRB iPhone1,1 Darwin
# /bin/xsupplicant -d A -f -c ./xsupplicant.conf
Found 0 other supplicants and wireless managers.
[INIT ] Wed Oct 31 17:10:03 2007 - Init devices structure.
No log path setting is defined in the configuration file. We won't roll logs!
Error rolling log files!
[INTERFACE ] Wed Oct 31 17:10:03 2007 - Interface 1 named lo0.
[INTERFACE ] Wed Oct 31 17:10:03 2007 - Interface 2 named en0.
[INTERFACE ] Wed Oct 31 17:10:03 2007 - Looking for MAC address for en0!
[INTERFACE ] Wed Oct 31 17:10:03 2007 - Interface 3 named ip1.
[INTERFACE ] Wed Oct 31 17:10:03 2007 - Looking for MAC address for ip1!
[INTERFACE ] Wed Oct 31 17:10:03 2007 - Interface 4 named ip2.
[INTERFACE ] Wed Oct 31 17:10:03 2007 - Looking for MAC address for ip2!
[INTERFACE ] Wed Oct 31 17:10:03 2007 - Opened socket descriptor #3 for IPC
listener.
[EVENT_CORE ] Wed Oct 31 17:10:03 2007 - Registered event handler 'IPC master
socket'
in slot 19, with socket 3.
[INTERFACE ] Wed Oct 31 17:10:03 2007 - Checking if interface 'en0' is
available.
[INIT ] Wed Oct 31 17:10:03 2007 - Init timer!
[INIT ] Wed Oct 31 17:10:03 2007 - Init EAP state machine.
[INTERFACE ] Wed Oct 31 17:10:03 2007 - Initializing frame socket for
interface en0..
[INTERFACE ] Wed Oct 31 17:10:03 2007 - Looking for MAC address for en0!
[EVENT_CORE ] Wed Oct 31 17:10:03 2007 - Registered event handler 'frame
handler' in
slot 18, with socket 0.
[CONTEXT ] Wed Oct 31 17:10:03 2007 - Interface initialized!
[CONF_PARSE ] Wed Oct 31 17:10:03 2007 - Network name passed in is NULL!
[CONF_PARSE ] Wed Oct 31 17:10:03 2007 - Searching configuration information in
memory!
[CONF_PARSE ] Wed Oct 31 17:10:03 2007 - No configuration name provided, and no
forced profile provided!
[INTERFACE ] Wed Oct 31 17:10:03 2007 - No default connection defined for
interface
'en0'.
[DOT1X_STATE] Wed Oct 31 17:10:04 2007 - Clock tick! authWhile=29 heldWhile=59
startWhen=0 curState=DISCONNECTED
[DOT1X_STATE] Wed Oct 31 17:10:04 2007 - en0 - Changing from DISCONNECTED to
DISCONNECTED.
[1X_BE_STATE] Wed Oct 31 17:10:04 2007 - Backend State : UNKNOWN
[1X_BE_STATE] Wed Oct 31 17:10:04 2007 - (global) -> INITIALIZE
[1X_BE_STATE] Wed Oct 31 17:10:04 2007 - [backend_sm] UNKNOWN -> INITIALIZE
[1X_BE_STATE] Wed Oct 31 17:10:04 2007 - [backend_sm] INITIALIZE -> IDLE
[DOT1X_STATE] Wed Oct 31 17:10:05 2007 - Clock tick! authWhile=28 heldWhile=58
startWhen=0 curState=DISCONNECTED
[DOT1X_STATE] Wed Oct 31 17:10:05 2007 - en0 - Changing from DISCONNECTED to
CONNECTING.
[1X_BE_STATE] Wed Oct 31 17:10:05 2007 - Backend State : IDLE
[DOT1X_STATE] Wed Oct 31 17:10:06 2007 - Clock tick! authWhile=27 heldWhile=57
startWhen=29 curState=CONNECTING
[1X_BE_STATE] Wed Oct 31 17:10:06 2007 - Backend State : IDLE
[DOT1X_STATE] Wed Oct 31 17:10:07 2007 - Clock tick! authWhile=26 heldWhile=56
startWhen=28 curState=CONNECTING
[1X_BE_STATE] Wed Oct 31 17:10:07 2007 - Backend State : IDLE
[DOT1X_STATE] Wed Oct 31 17:10:08 2007 - Clock tick! authWhile=25 heldWhile=55
startWhen=27 curState=CONNECTING
[1X_BE_STATE] Wed Oct 31 17:10:08 2007 - Backend State : IDLE
[DOT1X_STATE] Wed Oct 31 17:10:09 2007 - Clock tick! authWhile=24 heldWhile=54
startWhen=26 curState=CONNECTING
[1X_BE_STATE] Wed Oct 31 17:10:09 2007 - Backend State : IDLE
^C
[DEINIT ] Wed Oct 31 17:10:09 2007 - Cert handler clean up.
[DEINIT ] Wed Oct 31 17:10:09 2007 - Clean up IPC.
[IPC ] Wed Oct 31 17:10:09 2007 - Shutting down IPC socket!
[INTERFACE ] Wed Oct 31 17:10:09 2007 - Closing socket descriptor #3
[DEINIT ] Wed Oct 31 17:10:09 2007 - Clean up event core
[DEINIT ] Wed Oct 31 17:10:09 2007 - Clearing handler 'frame handler'.
[EVENT_CORE ] Wed Oct 31 17:10:09 2007 - Deregistering event handler 'frame
handler'
in slot 18, with socket 0.
[INTERFACE ] Wed Oct 31 17:10:09 2007 - Sending Logoff!
[DEINIT ] Wed Oct 31 17:10:09 2007 - No network information available.
Assuming
we don't need to send a logoff.
[DEINIT ] Wed Oct 31 17:10:09 2007 - Cleaing up EAPoL state.
[DOT1X_STATE] Wed Oct 31 17:10:09 2007 - Doing statemachine cleanup!
[DEINIT ] Wed Oct 31 17:10:09 2007 - Deinit EAP State machine.
[DEINIT ] Wed Oct 31 17:10:09 2007 - Clean up timers
[DEINIT ] Wed Oct 31 17:10:09 2007 - Deinit wireless SM
[DEINIT ] Wed Oct 31 17:10:09 2007 - Cleaning up interface en0...
[DEINIT ] Wed Oct 31 17:10:09 2007 - Clearing handler 'IPC master socket'.
[EVENT_CORE ] Wed Oct 31 17:10:09 2007 - Deregistering event handler 'IPC master
socket' in slot 19, with socket 3.
[DEINIT ] Wed Oct 31 17:10:09 2007 - Flush interface cache.
[DEINIT ] Wed Oct 31 17:10:09 2007 - Free up config
[INIT ] Wed Oct 31 17:10:09 2007 - Clearing out devices structure.
[DEINIT ] Wed Oct 31 17:10:09 2007 - Clearing out interfaces from devices
structure.
[DEINIT ] Wed Oct 31 17:10:09 2007 - Clean up log file
[DEINIT ] Wed Oct 31 17:10:09 2007 - Clean up OpenSSL error strings
[DEINIT ] Wed Oct 31 17:10:09 2007 - Clean up OpenSSL library data
[DEINIT ] Wed Oct 31 17:10:09 2007 - Clean up pid file
#
Original comment by nonbroad...@gmail.com
on 31 Oct 2007 at 11:12
[deleted comment]
There's still a lot of work to do, but XSupplicant can now send frames on the
iPhone:
[DOT1X_STATE] Wed Oct 31 20:43:51 2007 - en0 - Changing from DISCONNECTED to
CONNECTING.
[DOT1X_STATE] Wed Oct 31 20:43:51 2007 - Sending EAPOL-Start Frame.
[INTERFACE ] Wed Oct 31 20:43:51 2007 - Attempting to send frame!
[INTERFACE ] Wed Oct 31 20:43:51 2007 - Padding frame to 64 bytes by adding 46
byte(s).
[INTERFACE ] Wed Oct 31 20:43:51 2007 - Frame to be sent (64) :
000 | 01 80 c2 00 00 03 00 00 00 00 00 00 88 8e 02 01 | ................
010 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
020 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
030 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
Wed Oct 31 20:43:51 2007 - Sent frame on socket 4!
[1X_BE_STATE] Wed Oct 31 20:43:51 2007 - Backend State : IDLE
[EVENT_CORE ] Wed Oct 31 20:43:51 2007 - Socket 4 (frame handler) had an event!
(Event index 18)
[INTERFACE ] Wed Oct 31 20:43:51 2007 - Got Frame :
000 | 01 80 c2 00 00 03 00 00 00 00 00 00 88 8e 02 01 | ................
010 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
020 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
030 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
[INTERFACE ] Wed Oct 31 20:43:51 2007 - Got a frame, not for us.
Theoretically at this point, it *SHOULD* be able to authenticate, but I won't
know
for sure until I can plumb the wireless calls in to handle scanning and
association.
After that, the key setting will be required to make it useable.
Original comment by nonbroad...@gmail.com
on 1 Nov 2007 at 2:47
Hey nonbroadcast-
I'm a second semester comp. sci major but I have an okay amount of coding
experience. Is there anything that I
could maybe do to give you a hand? I'd love for 802.1x authentication to work,
and like to help out in any way I
can. Let me know
Original comment by ryanle...@gmail.com
on 4 Nov 2007 at 12:00
Hey ryanleary -
Sorry for the delayed reply. I've been much too busy to work on the project
until now.
One thing that we *definitely* need to do is work on getting a UI created for
the
iPhone for XSupplicant, so if you feel like rolling up your sleeves and working
on
that let me know.
Original comment by nonbroad...@gmail.com
on 26 Nov 2007 at 7:31
Initial scanning support is now hacked into my local tree:
[PHYS_STATE ] Mon Nov 26 00:25:54 2007 - Found new ESSID (wardriveme), adding...
[PHYS_STATE ] Mon Nov 26 00:25:54 2007 - Found new ESSID (bla), adding...
[PHYS_STATE ] Mon Nov 26 00:25:54 2007 - Found new ESSID (ACTIONTEC), adding...
The Association calls haven't been reverse engineered yet, though, and key set
routines are still a mystery as well.
Original comment by nonbroad...@gmail.com
on 26 Nov 2007 at 7:33
I could certainly give that a try. I have not used Xsupplicant before, so in
terms of a UI, what are you looking for?
Fields, preferences, etc... Obviously, keeping with the 'Apple' way, the fewer
options (and therefore simpler), the
better, probably.
Original comment by ryanle...@gmail.com
on 26 Nov 2007 at 9:11
Somebody know what is the current status of Xsupplicant on the iPhone?
I would also try to build some UI for the program, and as ryanleary already
said, I will be very difficult to
compete with Apple's UI engineers :-)
I'm willing to helping out not only for the UI, just let me know!
Daniel
Original comment by daniel.r...@gmail.com
on 21 Jan 2008 at 1:21
Hi. A friend and I came accross this info while working on this problem.
Maybe it can be of use:
http://merges.ubuntu.com/w/wpasupplicant/wpasupplicant_0.6.3-1.patch
http://lists.alioth.debian.org/pipermail/pkg-wpa-devel/2007-
November/001206.html
If you search for "WirelessSetKey" in the ubuntu merge patch this will
show up:
+static int wpa_driver_osx_set_key(void *priv, wpa_alg alg, const u8 *addr,
+ int key_idx, int set_tx, const u8 *seq,
+ size_t seq_len, const u8 *key,
+ size_t key_len)
+{
+ struct wpa_driver_osx_data *drv = priv;
+ WirelessError err;
+
+ if (alg == WPA_ALG_WEP) {
+ err = WirelessSetKey(drv->wireless_ctx, 1, key_idx, key_len,
+ key);
+ if (err != 0) {
+ wpa_printf(MSG_DEBUG, "OSX: WirelessSetKey failed: "
+ "0x%08x", (unsigned int) err);
+ return -1;
+ }
+
+ return 0;
+ }
+
+ if (alg == WPA_ALG_PMK) {
+ err = WirelessSetWPAKey(drv->wireless_ctx, 1, key_len, key);
+ if (err != 0) {
+ wpa_printf(MSG_DEBUG, "OSX: WirelessSetWPAKey failed:
"
+ "0x%08x", (unsigned int) err);
+ return -1;
+ }
+ return 0;
+ }
+
+ wpa_printf(MSG_DEBUG, "OSX: Unsupported set_key alg %d", alg);
+ return -1;
+}
Original comment by alias...@gmail.com
on 6 May 2008 at 3:47