X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=wpa_supplicant%2FREADME-WPS;h=b884f67a2435bbd838a88598821503d87b1f2e9e;hb=fc72a48a632146b042637f376f9c887f783f0a08;hp=8a773e201a77e01528093def4e20414342cd1a8e;hpb=3981cb3cb81641813b1f51292032f2225ccdd70b;p=mech_eap.git diff --git a/wpa_supplicant/README-WPS b/wpa_supplicant/README-WPS index 8a773e2..b884f67 100644 --- a/wpa_supplicant/README-WPS +++ b/wpa_supplicant/README-WPS @@ -47,9 +47,7 @@ wpa_supplicant implementation wpa_supplicant includes an optional WPS component that can be used as an Enrollee to enroll new network credential or as a Registrar to -configure an AP. The current version of wpa_supplicant does not -support operation as an external WLAN Management Registrar for adding -new client devices or configuring the AP over UPnP. +configure an AP. wpa_supplicant configuration @@ -57,12 +55,20 @@ wpa_supplicant configuration WPS is an optional component that needs to be enabled in wpa_supplicant build configuration (.config). Here is an example -configuration that includes WPS support and Linux wireless extensions --based driver interface: +configuration that includes WPS support and Linux nl80211 -based +driver interface: -CONFIG_DRIVER_WEXT=y +CONFIG_DRIVER_NL80211=y CONFIG_WPS=y -CONFIG_WPS2=y + +If you want to enable WPS external registrar (ER) functionality, you +will also need to add following line: + +CONFIG_WPS_ER=y + +Following parameter can be used to enable support for NFC config method: + +CONFIG_WPS_NFC=y WPS needs the Universally Unique IDentifier (UUID; see RFC 4122) for @@ -123,6 +129,17 @@ wpa_cli wps_pin any 12345670 This starts the WPS negotiation in the same way as above with the generated PIN. +When the wps_pin command is issued for an AP (including P2P GO) mode +interface, an optional timeout parameter can be used to specify +expiration timeout for the PIN in seconds. For example: + +wpa_cli wps_pin any 12345670 300 + + +If a random PIN is needed for a user interface, "wpa_cli wps_pin get" +can be used to generate a new PIN without starting WPS negotiation. +This random PIN can then be passed as an argument to another wps_pin +call when the actual operation should be started. If the client design wants to support optional WPS PBC mode, this can be enabled by either a physical button in the client device or a @@ -241,10 +258,16 @@ wps_er_start [IP address] wps_er_stop - stop WPS ER functionality -wps_er_learn +wps_er_learn - learn AP configuration -wps_er_config +wps_er_set_config +- use AP configuration from a locally configured network (e.g., from + wps_reg command); this does not change the AP's configuration, but + only prepares a configuration to be used when enrolling a new device + to the AP + +wps_er_config - examples: wps_er_config 87654321-9abc-def0-1234-56789abc0002 12345670 testing WPA2PSK CCMP 12345678 wpa_er_config 87654321-9abc-def0-1234-56789abc0002 12345670 clear OPEN NONE "" @@ -253,11 +276,14 @@ wps_er_config must be one of the following: NONE WEP TKIP CCMP -wps_er_pbc +wps_er_pbc - accept an Enrollee PBC using External Registrar -wps_er_pin +wps_er_pin [Enrollee MAC address] - add an Enrollee PIN to External Registrar +- if Enrollee UUID is not known, "any" can be used to add a wildcard PIN +- if the MAC address of the enrollee is known, it should be configured + to allow the AP to advertise list of authorized enrollees WPS ER events: @@ -286,3 +312,88 @@ WPS-ER-AP-SETTINGS - WPS ER learned AP settings WPS-ER-AP-SETTINGS uuid=fd91b4ec-e3fa-5891-a57d-8c59efeed1d2 ssid=test-wps auth_type=0x0020 encr_type=0x0008 key=12345678 + + +WPS with NFC +------------ + +WPS can be used with NFC-based configuration method. An NFC tag +containing a password token from the Enrollee can be used to +authenticate the connection instead of the PIN. In addition, an NFC tag +with a configuration token can be used to transfer AP settings without +going through the WPS protocol. + +When the station acts as an Enrollee, a local NFC tag with a password +token can be used by touching the NFC interface of a Registrar. + +"wps_nfc [BSSID]" command starts WPS protocol run with the local end as +the Enrollee using the NFC password token that is either pre-configured +in the configuration file (wps_nfc_dev_pw_id, wps_nfc_dh_pubkey, +wps_nfc_dh_privkey, wps_nfc_dev_pw) or generated dynamically with +"wps_nfc_token " command. The included nfc_pw_token tool +(build with "make nfc_pw_token") can be used to generate NFC password +tokens during manufacturing (each station needs to have its own random +keys). + +The "wps_nfc_config_token " command can be used to build an +NFC configuration token when wpa_supplicant is controlling an AP +interface (AP or P2P GO). The output value from this command is a +hexdump of the current AP configuration (WPS parameter requests this to +include only the WPS attributes; NDEF parameter requests additional NDEF +encapsulation to be included). This data needs to be written to an NFC +tag with an external program. Once written, the NFC configuration token +can be used to touch an NFC interface on a station to provision the +credentials needed to access the network. + +The "wps_nfc_config_token " command can be used +to build an NFC configuration token based on a locally configured +network. + +If the station includes NFC interface and reads an NFC tag with a MIME +media type "application/vnd.wfa.wsc", the NDEF message payload (with or +without NDEF encapsulation) can be delivered to wpa_supplicant using the +following wpa_cli command: + +wps_nfc_tag_read + +If the NFC tag contains a configuration token, the network is added to +wpa_supplicant configuration. If the NFC tag contains a password token, +the token is added to the WPS Registrar component. This information can +then be used with wps_reg command (when the NFC password token was from +an AP) using a special value "nfc-pw" in place of the PIN parameter. If +the ER functionality has been started (wps_er_start), the NFC password +token is used to enable enrollment of a new station (that was the source +of the NFC password token). + +"nfc_get_handover_req " command can be used to build the +WPS carrier record for a Handover Request Message for connection +handover. The first argument selects the format of the output data and +the second argument selects which type of connection handover is +requested (WPS-CR = Wi-Fi handover as specified in WSC 2.0). + +"nfc_get_handover_sel [UUID|BSSID]" command can be used to +build the contents of a Handover Select Message for connection handover +when this does not depend on the contents of the Handover Request +Message. The first argument selects the format of the output data and +the second argument selects which type of connection handover is +requested (WPS = Wi-Fi handover as specified in WSC 2.0). If the options +UUID|BSSID argument is included, this is a request to build the handover +message for the specified AP when wpa_supplicant is operating as a WPS +ER. + +"nfc_report_handover WPS +" can be used as an alternative way for +reporting completed NFC connection handover. The first parameter +indicates whether the local device initiated or responded to the +connection handover and the carrier records are the selected carrier +from the handover request and select messages as a hexdump. + +The "wps_er_nfc_config_token " command can be +used to build an NFC configuration token for the specified AP when +wpa_supplicant is operating as a WPS ER. The output value from this +command is a hexdump of the selected AP configuration (WPS parameter +requests this to include only the WPS attributes; NDEF parameter +requests additional NDEF encapsulation to be included). This data needs +to be written to an NFC tag with an external program. Once written, the +NFC configuration token can be used to touch an NFC interface on a +station to provision the credentials needed to access the network.