Documented interface for external WPS credential processing

This commit is contained in:
Jouni Malinen 2009-01-21 16:42:11 +02:00 committed by Jouni Malinen
parent a60e7213e1
commit 695e2b48e2
2 changed files with 66 additions and 0 deletions

View file

@ -144,6 +144,10 @@ provided for each Enrollee (separated with tabulators):
Example line in the /var/run/hostapd.pin-req file: Example line in the /var/run/hostapd.pin-req file:
1200188391 53b63a98-d29e-4457-a2ed-094d7e6a669c Intel(R) Centrino(R) Intel Corporation Intel(R) Centrino(R) - - 1-0050F204-1 1200188391 53b63a98-d29e-4457-a2ed-094d7e6a669c Intel(R) Centrino(R) Intel Corporation Intel(R) Centrino(R) - - 1-0050F204-1
Control interface data:
WPS-PIN-NEEDED [UUID-E|MAC Address|Device Name|Manufacturer|Model Name|Model Number|Serial Number|Device Category]
For example:
<2>WPS-PIN-NEEDED [53b63a98-d29e-4457-a2ed-094d7e6a669c|02:12:34:56:78:9a|Device|Manuf|Model|Model Number|Serial Number|1-0050F204-1]
When the user enters a PIN for a pending Enrollee, e.g., on the web When the user enters a PIN for a pending Enrollee, e.g., on the web
UI), hostapd needs to be notified of the new PIN over the control UI), hostapd needs to be notified of the new PIN over the control
@ -178,3 +182,46 @@ hostapd_cli wps_pbc
At this point, the client has two minutes to complete WPS negotiation At this point, the client has two minutes to complete WPS negotiation
which will generate a new WPA PSK in the same way as the PIN method which will generate a new WPA PSK in the same way as the PIN method
described above. described above.
Credential generation and configuration changes
-----------------------------------------------
By default, hostapd generates credentials for Enrollees and processing
AP configuration updates internally. However, it is possible to
control these operations from external programs, if desired.
The internal credential generation can be disabled with
skip_cred_build=1 option in the configuration. extra_cred option will
then need to be used to provide pre-configured Credential attribute(s)
for hostapd to use. The exact data from this binary file will be sent,
i.e., it will have to include valid WPS attributes. extra_cred can
also be used to add additional networks if the Registrar is used to
configure credentials for multiple networks.
Processing of received configuration updates can be disabled with
wps_cred_processing=1 option. When this is used, an external program
is responsible for creating hostapd configuration files and processing
configuration updates based on messages received from hostapd over
control interface. This will also include the initial configuration on
first successful registration if the AP is initially set in
unconfigured state.
Following control interface messages are sent out for external programs:
WPS-REG-SUCCESS <Enrollee MAC address <UUID-E>
For example:
<2>WPS-REG-SUCCESS 02:66:a0:ee:17:27 2b7093f1-d6fb-5108-adbb-bea66bb87333
This can be used to tricker change from unconfigured to configured
state (random configuration based on the first successful WPS
registration). In addition, this can be used to update AP UI about the
status of WPS registration progress.
WPS-NEW-AP-SETTINGS <hexdump of AP Setup attributes>
For example:
<2>WPS-NEW-AP-SETTINGS 10260001011045000c6a6b6d2d7770732d74657374100300020020100f00020008102700403065346230343536633236366665306433396164313535346131663462663731323433376163666462376633393965353466316631623032306164343438623510200006024231cede15101e000844
This can be used to update the externally stored AP configuration and
then update hostapd configuration (followed by restarting of hostapd).

View file

@ -163,3 +163,22 @@ how WPS support can be integrated into the GUI. Its main window has a
WPS tab that guides user through WPS registration with automatic AP WPS tab that guides user through WPS registration with automatic AP
selection. In addition, it shows how WPS can be started manually by selection. In addition, it shows how WPS can be started manually by
selecting an AP from scan results. selecting an AP from scan results.
Credential processing
---------------------
By default, wpa_supplicant processes received credentials and updates
its configuration internally. However, it is possible to
control these operations from external programs, if desired.
This internal processing can be disabled with wps_cred_processing=1
option. When this is used, an external program is responsible for
processing the credential attributes and updating wpa_supplicant
configuration based on them.
Following control interface messages are sent out for external programs:
WPS-CRED-RECEIVED <hexdump of Credential attribute(s)>
For example:
<2>WPS-CRED-RECEIVED 100e006f10260001011045000c6a6b6d2d7770732d74657374100300020020100f000200081027004030653462303435366332363666653064333961643135353461316634626637313234333761636664623766333939653534663166316230323061643434386235102000060266a0ee1727