environments that require secure network access without chance for
allowing outsiders to gain access during the setup phase.
-WPS uses following terms to describe the entities participating in the
-network setup:
+WPS uses the following terms to describe the entities participating
+in the network setup:
- access point: the WLAN access point
- Registrar: a device that control a network and can authorize
addition of new devices); this may be either in the AP ("internal
WPS is an optional component that needs to be enabled in
wpa_supplicant build configuration (.config). Here is an example
-configuration that includes WPS support and Linux nl80211 -based
+configuration that includes WPS support and Linux nl80211-based
driver interface:
CONFIG_DRIVER_NL80211=y
CONFIG_WPS=y
If you want to enable WPS external registrar (ER) functionality, you
-will also need to add following line:
+will also need to add the following line:
CONFIG_WPS_ER=y
-Following parameter can be used to enable support for NFC config method:
+The following parameter can be used to enable support for NFC config
+method:
CONFIG_WPS_NFC=y
-
WPS needs the Universally Unique IDentifier (UUID; see RFC 4122) for
the device. This is configured in the runtime configuration for
wpa_supplicant (if not set, UUID will be generated based on local MAC
update_config=1
-
External operations
-------------------
the client will be enrolled with credentials needed to connect to the
AP to access the network.
-
If the client device does not have a display that could show the
random PIN, a hardcoded PIN that is printed on a label can be
used. wpa_supplicant is notified this with a control interface
wpa_cli wps_pin any 12345670 300
-
If a random PIN is needed for a user interface, "wpa_cli wps_pin get"
can be used to generate a new PIN without starting WPS negotiation.
This random PIN can then be passed as an argument to another wps_pin
negotiation which will generate a new WPA PSK in the same way as the
PIN method described above.
-
If the client wants to operate in the Registrar role to learn the
current AP configuration and optionally, to configure an AP,
wpa_supplicant is notified over the control interface, e.g., with
processing the credential attributes and updating wpa_supplicant
configuration based on them.
-Following control interface messages are sent out for external programs:
+The following control interface messages are sent out for external
+programs:
WPS-CRED-RECEIVED <hexdump of Credential attribute(s)>
For example:
Separate wpa_supplicant process can be started for WPS ER
operations. A special "none" driver can be used in such a case to
indicate that no local network interface is actually controlled. For
-example, following command could be used to start the ER:
+example, the following command could be used to start the ER:
wpa_supplicant -Dnone -c er.conf -ieth0
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=admin
device_name=WPS External Registrar
-
wpa_cli commands for ER functionality:
wps_er_start [IP address]
<auth> must be one of the following: OPEN WPAPSK WPA2PSK
<encr> must be one of the following: NONE WEP TKIP CCMP
-
wps_er_pbc <Enrollee UUID|MAC address>
- accept an Enrollee PBC using External Registrar
- if the MAC address of the enrollee is known, it should be configured
to allow the AP to advertise list of authorized enrollees
-
WPS ER events:
WPS_EVENT_ER_AP_ADD
projects / thirdparty / hostap.git / commitdiff
