1 wpa_supplicant for Windows
2 ==========================
4 Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi> and
8 This program is dual-licensed under both the GPL version 2 and BSD
9 license. Either license may be used at your option.
11 This product includes software developed by the OpenSSL Project
12 for use in the OpenSSL Toolkit (http://www.openssl.org/). This
13 product includes cryptographic software written by Eric Young
17 wpa_supplicant has support for being used as a WPA/WPA2/IEEE 802.1X
18 Supplicant on Windows. The current port requires that WinPcap
19 (http://winpcap.polito.it/) is installed for accessing packets and the
20 driver interface. Both release versions 3.0 and 3.1 are supported.
22 The current port is still somewhat experimental. It has been tested
23 mainly on Windows XP (SP2) with limited set of NDIS drivers. In
24 addition, the current version has been reported to work with Windows
27 All security modes have been verified to work (at least complete
28 authentication and successfully ping a wired host):
30 - static WEP / open system authentication
31 - static WEP / shared key authentication
32 - IEEE 802.1X with dynamic WEP keys
33 - WPA-PSK, TKIP, CCMP, TKIP+CCMP
34 - WPA-EAP, TKIP, CCMP, TKIP+CCMP
35 - WPA2-PSK, TKIP, CCMP, TKIP+CCMP
36 - WPA2-EAP, TKIP, CCMP, TKIP+CCMP
42 Compiled binary version of the wpa_supplicant and additional tools is
43 available from http://w1.fi/wpa_supplicant/. These binaries can be
44 used after installing WinPcap.
46 wpa_gui uses Qt 4 framework and may need additional dynamic libraries
47 (DLLs). These libraries are available from
48 http://w1.fi/wpa_supplicant/qt4/wpa_gui-qt433-windows-dll.zip
49 You can copy the DLL files from this ZIP package into the same directory
50 with wpa_gui.exe to allow wpa_gui to be started.
53 Building wpa_supplicant with mingw
54 ----------------------------------
56 The default build setup for wpa_supplicant is to use MinGW and
57 cross-compiling from Linux to MinGW/Windows. It should also be
58 possible to build this under Windows using the MinGW tools, but that
59 is not tested nor supported and is likely to require some changes to
60 the Makefile unless cygwin is used.
63 Building wpa_supplicant with MSVC
64 ---------------------------------
66 wpa_supplicant can be built with Microsoft Visual C++ compiler. This
67 has been tested with Microsoft Visual C++ Toolkit 2003 and Visual
68 Studio 2005 using the included nmake.mak as a Makefile for nmake. IDE
69 can also be used by creating a project that includes the files and
70 defines mentioned in nmake.mak. Example VS2005 solution and project
71 files are included in vs2005 subdirectory. This can be used as a
72 starting point for building the programs with VS2005 IDE. Visual Studio
73 2008 Express Edition is also able to use these project files.
75 WinPcap development package is needed for the build and this can be
76 downloaded from http://www.winpcap.org/install/bin/WpdPack_4_0_2.zip. The
77 default nmake.mak expects this to be unpacked into C:\dev\WpdPack so
78 that Include and Lib directories are in this directory. The files can be
79 stored elsewhere as long as the WINPCAPDIR in nmake.mak is updated to
80 match with the selected directory. In case a project file in the IDE is
81 used, these Include and Lib directories need to be added to project
82 properties as additional include/library directories.
84 OpenSSL source package can be downloaded from
85 http://www.openssl.org/source/openssl-0.9.8i.tar.gz and built and
86 installed following instructions in INSTALL.W32. Note that if EAP-FAST
87 support will be included in the wpa_supplicant, OpenSSL needs to be
88 patched to# support it openssl-0.9.8i-tls-extensions.patch. The example
89 nmake.mak file expects OpenSSL to be installed into C:\dev\openssl, but
90 this directory can be modified by changing OPENSSLDIR variable in
93 If you do not need EAP-FAST support, you may also be able to use Win32
94 binary installation package of OpenSSL from
95 http://www.slproweb.com/products/Win32OpenSSL.html instead of building
96 the library yourself. In this case, you will need to copy Include and
97 Lib directories in suitable directory, e.g., C:\dev\openssl for the
98 default nmake.mak. Copy {Win32OpenSSLRoot}\include into
99 C:\dev\openssl\include and make C:\dev\openssl\lib subdirectory with
100 files from {Win32OpenSSLRoot}\VC (i.e., libeay*.lib and ssleay*.lib).
101 This will end up using dynamically linked OpenSSL (i.e., .dll files are
102 needed) for it. Alternative, you can copy files from
103 {Win32OpenSSLRoot}\VC\static to create a static build (no OpenSSL .dll
107 Building wpa_supplicant for cygwin
108 ----------------------------------
110 wpa_supplicant can be built for cygwin by installing the needed
111 development packages for cygwin. This includes things like compiler,
112 make, openssl development package, etc. In addition, developer's pack
113 for WinPcap (WPdpack.zip) from
114 http://winpcap.polito.it/install/default.htm is needed.
116 .config file should enable only one driver interface,
117 CONFIG_DRIVER_NDIS. In addition, include directories may need to be
118 added to match the system. An example configuration is available in
119 defconfig. The library and include files for WinPcap will either need
120 to be installed in compiler/linker default directories or their
121 location will need to be adding to .config when building
124 Othen than this, the build should be more or less identical to Linux
125 version, i.e., just run make after having created .config file. An
126 additional tool, win_if_list.exe, can be built by running "make
133 wpa_gui uses Qt application framework from Trolltech. It can be built
134 with the open source version of Qt4 and MinGW. Following commands can
135 be used to build the binary in the Qt 4 Command Prompt:
137 # go to the root directory of wpa_supplicant source code
139 qmake -o Makefile wpa_gui.pro
141 # the wpa_gui.exe binary is created into 'release' subdirectory
144 Using wpa_supplicant for Windows
145 --------------------------------
147 wpa_supplicant, wpa_cli, and wpa_gui behave more or less identically to
148 Linux version, so instructions in README and example wpa_supplicant.conf
149 should be applicable for most parts. In addition, there is another
150 version of wpa_supplicant, wpasvc.exe, which can be used as a Windows
151 service and which reads its configuration from registry instead of
154 When using access points in "hidden SSID" mode, ap_scan=2 mode need to
155 be used (see wpa_supplicant.conf for more information).
157 Windows NDIS/WinPcap uses quite long interface names, so some care
158 will be needed when starting wpa_supplicant. Alternatively, the
159 adapter description can be used as the interface name which may be
160 easier since it is usually in more human-readable
161 format. win_if_list.exe can be used to find out the proper interface
164 Example steps in starting up wpa_supplicant:
167 ifname: \Device\NPF_GenericNdisWanAdapter
168 description: Generic NdisWan adapter
170 ifname: \Device\NPF_{769E012B-FD17-4935-A5E3-8090C38E25D2}
171 description: Atheros Wireless Network Adapter (Microsoft's Packet Scheduler)
173 ifname: \Device\NPF_{732546E7-E26C-48E3-9871-7537B020A211}
174 description: Intel 8255x-based Integrated Fast Ethernet (Microsoft's Packet Scheduler)
177 Since the example configuration used Atheros WLAN card, the middle one
178 is the correct interface in this case. The interface name for -i
179 command line option is the full string following "ifname:" (the
180 "\Device\NPF_" prefix can be removed). In other words, wpa_supplicant
181 would be started with the following command:
183 # wpa_supplicant.exe -i'{769E012B-FD17-4935-A5E3-8090C38E25D2}' -c wpa_supplicant.conf -d
185 -d optional enables some more debugging (use -dd for even more, if
186 needed). It can be left out if debugging information is not needed.
188 With the alternative mechanism for selecting the interface, this
189 command has identical results in this case:
191 # wpa_supplicant.exe -iAtheros -c wpa_supplicant.conf -d
194 Simple configuration example for WPA-PSK:
203 psk="secret passphrase"
206 (remove '#' from the comment out ap_scan line to enable mode in which
207 wpa_supplicant tries to associate with the SSID without doing
208 scanning; this allows APs with hidden SSIDs to be used)
211 wpa_cli.exe and wpa_gui.exe can be used to interact with the
212 wpa_supplicant.exe program in the same way as with Linux. Note that
213 ctrl_interface is using UNIX domain sockets when built for cygwin, but
214 the native build for Windows uses named pipes and the contents of the
215 ctrl_interface configuration item is used to control access to the
216 interface. Anyway, this variable has to be included in the configuration
217 to enable the control interface.
220 Example SDDL string formats:
222 (local admins group has permission, but nobody else):
224 ctrl_interface=SDDL=D:(A;;GA;;;BA)
226 ("A" == "access allowed", "GA" == GENERIC_ALL == all permissions, and
227 "BA" == "builtin administrators" == the local admins. The empty fields
228 are for flags and object GUIDs, none of which should be required in this
231 (local admins and the local "power users" group have permissions,
234 ctrl_interface=SDDL=D:(A;;GA;;;BA)(A;;GA;;;PU)
236 (One ACCESS_ALLOWED ACE for GENERIC_ALL for builtin administrators, and
237 one ACCESS_ALLOWED ACE for GENERIC_ALL for power users.)
239 (close to wide open, but you have to be a valid user on
242 ctrl_interface=SDDL=D:(A;;GA;;;AU)
244 (One ACCESS_ALLOWED ACE for GENERIC_ALL for the "authenticated users"
247 This one would allow absolutely everyone (including anonymous
248 users) -- this is *not* recommended, since named pipes can be attached
249 to from anywhere on the network (i.e. there's no "this machine only"
250 like there is with 127.0.0.1 sockets):
252 ctrl_interface=SDDL=D:(A;;GA;;;BU)(A;;GA;;;AN)
254 (BU == "builtin users", "AN" == "anonymous")
256 See also [1] for the format of ACEs, and [2] for the possible strings
257 that can be used for principal names.
260 http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/ace_strings.asp
262 http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/sid_strings.asp
265 Starting wpa_supplicant as a Windows service (wpasvc.exe)
266 ---------------------------------------------------------
268 wpa_supplicant can be started as a Windows service by using wpasvc.exe
269 program that is alternative build of wpa_supplicant.exe. Most of the
270 core functionality of wpasvc.exe is identical to wpa_supplicant.exe,
271 but it is using Windows registry for configuration information instead
272 of a text file and command line parameters. In addition, it can be
273 registered as a service that can be started automatically or manually
274 like any other Windows service.
276 The root of wpa_supplicant configuration in registry is
277 HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant. This level includes global
278 parameters and a 'interfaces' subkey with all the interface configuration
279 (adapter to confname mapping). Each such mapping is a subkey that has
280 'adapter', 'config', and 'ctrl_interface' values.
282 This program can be run either as a normal command line application,
283 e.g., for debugging, with 'wpasvc.exe app' or as a Windows service.
284 Service need to be registered with 'wpasvc.exe reg <full path to
285 wpasvc.exe>'. Alternatively, 'wpasvc.exe reg' can be used to register
286 the service with the current location of wpasvc.exe. After this, wpasvc
287 can be started like any other Windows service (e.g., 'net start wpasvc')
288 or it can be configured to start automatically through the Services tool
289 in administrative tasks. The service can be unregistered with
292 If the service is set to start during system bootup to make the
293 network connection available before any user has logged in, there may
294 be a long (half a minute or so) delay in starting up wpa_supplicant
295 due to WinPcap needing a driver called "Network Monitor Driver" which
296 is started by default on demand.
298 To speed up wpa_supplicant start during system bootup, "Network
299 Monitor Driver" can be configured to be started sooner by setting its
300 startup type to System instead of the default Demand. To do this, open
301 up Device Manager, select Show Hidden Devices, expand the "Non
302 Plug-and-Play devices" branch, double click "Network Monitor Driver",
303 go to the Driver tab, and change the Demand setting to System instead.
305 Configuration data is in HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs
306 key. Each configuration profile has its own key under this. In terms of text
307 files, each profile would map to a separate text file with possibly multiple
308 networks. Under each profile, there is a networks key that lists all
309 networks as a subkey. Each network has set of values in the same way as
310 network block in the configuration file. In addition, blobs subkey has
311 possible blobs as values.
313 HKEY_LOCAL_MACHINE\SOFTWARE\wpa_supplicant\configs\test\networks\0000
317 See win_example.reg for an example on how to setup wpasvc.exe
318 parameters in registry. It can also be imported to registry as a
319 starting point for the configuration.
323 License information for third party software used in this product:
328 /* ====================================================================
329 * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
331 * Redistribution and use in source and binary forms, with or without
332 * modification, are permitted provided that the following conditions
335 * 1. Redistributions of source code must retain the above copyright
336 * notice, this list of conditions and the following disclaimer.
338 * 2. Redistributions in binary form must reproduce the above copyright
339 * notice, this list of conditions and the following disclaimer in
340 * the documentation and/or other materials provided with the
343 * 3. All advertising materials mentioning features or use of this
344 * software must display the following acknowledgment:
345 * "This product includes software developed by the OpenSSL Project
346 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
348 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
349 * endorse or promote products derived from this software without
350 * prior written permission. For written permission, please contact
351 * openssl-core@openssl.org.
353 * 5. Products derived from this software may not be called "OpenSSL"
354 * nor may "OpenSSL" appear in their names without prior written
355 * permission of the OpenSSL Project.
357 * 6. Redistributions of any form whatsoever must retain the following
359 * "This product includes software developed by the OpenSSL Project
360 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
362 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
363 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
364 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
365 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
366 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
367 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
368 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
369 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
370 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
371 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
372 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
373 * OF THE POSSIBILITY OF SUCH DAMAGE.
374 * ====================================================================
376 * This product includes cryptographic software written by Eric Young
377 * (eay@cryptsoft.com). This product includes software written by Tim
378 * Hudson (tjh@cryptsoft.com).
382 Original SSLeay License
383 -----------------------
385 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
386 * All rights reserved.
388 * This package is an SSL implementation written
389 * by Eric Young (eay@cryptsoft.com).
390 * The implementation was written so as to conform with Netscapes SSL.
392 * This library is free for commercial and non-commercial use as long as
393 * the following conditions are aheared to. The following conditions
394 * apply to all code found in this distribution, be it the RC4, RSA,
395 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
396 * included with this distribution is covered by the same copyright terms
397 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
399 * Copyright remains Eric Young's, and as such any Copyright notices in
400 * the code are not to be removed.
401 * If this package is used in a product, Eric Young should be given attribution
402 * as the author of the parts of the library used.
403 * This can be in the form of a textual message at program startup or
404 * in documentation (online or textual) provided with the package.
406 * Redistribution and use in source and binary forms, with or without
407 * modification, are permitted provided that the following conditions
409 * 1. Redistributions of source code must retain the copyright
410 * notice, this list of conditions and the following disclaimer.
411 * 2. Redistributions in binary form must reproduce the above copyright
412 * notice, this list of conditions and the following disclaimer in the
413 * documentation and/or other materials provided with the distribution.
414 * 3. All advertising materials mentioning features or use of this software
415 * must display the following acknowledgement:
416 * "This product includes cryptographic software written by
417 * Eric Young (eay@cryptsoft.com)"
418 * The word 'cryptographic' can be left out if the rouines from the library
419 * being used are not cryptographic related :-).
420 * 4. If you include any Windows specific code (or a derivative thereof) from
421 * the apps directory (application code) you must include an acknowledgement:
422 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
424 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
425 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
426 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
427 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
428 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
429 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
430 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
431 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
432 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
433 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
436 * The licence and distribution terms for any publically available version or
437 * derivative of this code cannot be changed. i.e. this code cannot simply be
438 * copied and put under another distribution licence
439 * [including the GNU Public Licence.]
444 Qt Open Source Edition
445 ----------------------
447 The Qt GUI Toolkit is Copyright (C) 1994-2007 Trolltech ASA.
448 Qt Open Source Edition is licensed under GPL version 2.
450 Source code for the library is available at
451 http://w1.fi/wpa_supplicant/qt4/qt-win-opensource-src-4.3.3.zip