303
313
- WPS ER learned AP settings
305
315
WPS-ER-AP-SETTINGS uuid=fd91b4ec-e3fa-5891-a57d-8c59efeed1d2 ssid=test-wps auth_type=0x0020 encr_type=0x0008 key=12345678
321
WPS can be used with NFC-based configuration method. An NFC tag
322
containing a password token from the Enrollee can be used to
323
authenticate the connection instead of the PIN. In addition, an NFC tag
324
with a configuration token can be used to transfer AP settings without
325
going through the WPS protocol.
327
When the station acts as an Enrollee, a local NFC tag with a password
328
token can be used by touching the NFC interface of a Registrar.
330
"wps_nfc [BSSID]" command starts WPS protocol run with the local end as
331
the Enrollee using the NFC password token that is either pre-configured
332
in the configuration file (wps_nfc_dev_pw_id, wps_nfc_dh_pubkey,
333
wps_nfc_dh_privkey, wps_nfc_dev_pw) or generated dynamically with
334
"wps_nfc_token <WPS|NDEF>" command. The included nfc_pw_token tool
335
(build with "make nfc_pw_token") can be used to generate NFC password
336
tokens during manufacturing (each station needs to have its own random
339
The "wps_nfc_config_token <WPS/NDEF>" command can be used to build an
340
NFC configuration token when wpa_supplicant is controlling an AP
341
interface (AP or P2P GO). The output value from this command is a
342
hexdump of the current AP configuration (WPS parameter requests this to
343
include only the WPS attributes; NDEF parameter requests additional NDEF
344
encapsulation to be included). This data needs to be written to an NFC
345
tag with an external program. Once written, the NFC configuration token
346
can be used to touch an NFC interface on a station to provision the
347
credentials needed to access the network.
349
The "wps_nfc_config_token <WPS/NDEF> <network id>" command can be used
350
to build an NFC configuration token based on a locally configured
353
If the station includes NFC interface and reads an NFC tag with a MIME
354
media type "application/vnd.wfa.wsc", the NDEF message payload (with or
355
without NDEF encapsulation) can be delivered to wpa_supplicant using the
356
following wpa_cli command:
358
wps_nfc_tag_read <hexdump of payload>
360
If the NFC tag contains a configuration token, the network is added to
361
wpa_supplicant configuration. If the NFC tag contains a password token,
362
the token is added to the WPS Registrar component. This information can
363
then be used with wps_reg command (when the NFC password token was from
364
an AP) using a special value "nfc-pw" in place of the PIN parameter. If
365
the ER functionality has been started (wps_er_start), the NFC password
366
token is used to enable enrollment of a new station (that was the source
367
of the NFC password token).
369
"nfc_get_handover_req <NDEF> <WPS-CR>" command can be used to build the
370
WPS carrier record for a Handover Request Message for connection
371
handover. The first argument selects the format of the output data and
372
the second argument selects which type of connection handover is
373
requested (WPS-CR = Wi-Fi handover as specified in WSC 2.0).
375
"nfc_get_handover_sel <NDEF> <WPS> [UUID|BSSID]" command can be used to
376
build the contents of a Handover Select Message for connection handover
377
when this does not depend on the contents of the Handover Request
378
Message. The first argument selects the format of the output data and
379
the second argument selects which type of connection handover is
380
requested (WPS = Wi-Fi handover as specified in WSC 2.0). If the options
381
UUID|BSSID argument is included, this is a request to build the handover
382
message for the specified AP when wpa_supplicant is operating as a WPS
385
"nfc_rx_handover_req <hexdump of payload>" is used to indicate receipt
386
of NFC connection handover request. The payload may include multiple
387
carriers the the applicable ones are matched based on the media
388
type. The reply data is contents for the Handover Select Message
391
"nfc_rx_handover_sel <hexdump of payload>" is used to indicate receipt
392
of NFC connection handover select. The payload may include multiple
393
carriers the the applicable ones are matched based on the media
396
"nfc_report_handover <INIT/RESP> WPS <carrier from handover request>
397
<carrier from handover select>" can be used as an alternative way for
398
reporting completed NFC connection handover. The first parameter
399
indicates whether the local device initiated or responded to the
400
connection handover and the carrier records are the selected carrier
401
from the handover request and select messages as a hexdump.
403
The "wps_er_nfc_config_token <WPS/NDEF> <UUID|BSSID>" command can be
404
used to build an NFC configuration token for the specified AP when
405
wpa_supplicant is operating as a WPS ER. The output value from this
406
command is a hexdump of the selected AP configuration (WPS parameter
407
requests this to include only the WPS attributes; NDEF parameter
408
requests additional NDEF encapsulation to be included). This data needs
409
to be written to an NFC tag with an external program. Once written, the
410
NFC configuration token can be used to touch an NFC interface on a
411
station to provision the credentials needed to access the network.