wpa_supplicant wps手册的翻译

    看了《Wi-Fi Protected Setup in the wpa_supplicant》这篇文档,我想你就懂wps是怎么一回事了。   


一、前言

    The goal of Wi-Fi Protected Setup (WPS) is to automate the creation of a secure wireless network. The protocol removes the need for users to understand what a SSID is or the difference between WEP, WPA, and WPA2 and their associated ciphers. Essentially, the protocol automatically creates the network blocks specified by the wpa_supplicant's configuration file. As such, the user typically only needs to run the WPS protocol once for each AP. In WPS's simplest topology, there are two participants: the registrar and the enrollee. The registrar has the authority to issue and revoke credentials on the network. Typically, but not always, this is the access point. The enrollee, on the other hand, is the device seeking to join the wireless network. The purpose of the WPS patch is to add the enrollee function to the wpa_supplicant. This document describes how to setup the supplicant either via the configuration file or the control interface to use WPS.

    大致意思:Wi-Fi保护设置(WPS)的目标是自动创建一个安全的无线网络,该协议使得用户不需要了解SSID与WEP、WPA和WPA2及其相关密码之间的关系。从本质上说,该协议将自动创建网络模块指定的wpa_supplicant配置文件。这样,对于每一个AP,用户通常只需要运行一次WPS协议。在WPS简单的拓扑结构中有2个参与者:the registrar(AP)和 theenrollee(网卡)。the registrar(AP)在网络上通常(但不是总是)有权发放和吊销认证。另一方面,The enrollee(网卡)是需求加入无线网络的设备。WPS补丁的作用是把theenrollee(网卡)的功能加入到wpa_supplicant中。本文档描述了如何设置the supplicant:要么通过配置文件要么控制接口来使用WPS(下面对这2种方法进行了详细的介绍)。



 二、WPS MethodsWPS的方法

    Before you can configure thesupplicant, it is helpful to understand the two supported configuration methods:Push Button Control (PBC) and PIN. Both methods accomplish the same goal, butprovide different levels security and ease of use. The PBC method is thesimpler of the two. In this method, the user pushes a button on the registrar(usually the AP) and a button on the enrollee (a laptop, cell phone, etc). Theprotocol then takes care of connecting to the correct AP and retrieving theencryption settings. The advantage of PBC is a very simple user interface, butthere are a few issues:

    1. The user must push bothbuttons within two minutes of each other. WPS refers to this time period as the"walk time".

    2. Only one enrollee can usethe PBC method at a time. The second enrollee using PBC will receive an errormessage and can either elect to wait until the other enrollee is done or usethe PIN method without waiting. Note that this restriction is across alldetected SSID and BSSID on all channels.

    3. The method isunauthenticated and does not protect against active attacks

    大致意思:在你配置supplicant之前,需要理解支持配置的两种方法:按键控制(PBC)和PIN。这2种方法完成目标一致,但提供不同级别的安全性和易用性。PBC方法比较简单,用户只需在the registrar(通常为路由器)和the enrollee(笔记本电脑,手机等有网卡的设备)各按一个键。然后,协议负责连接到正确的AP和检索加密设置。PBC的优势是非常简单,但他也有一些问题:

    1. 用户必须在2分钟内各自按键,WPS把这个时间叫做“walk time”。

    2. 每次只能有一个enrollee使用PBC方法,第二个enrollee使用PBC会收到一条错误消息,并可以有2个选择:要么等到其他enrollee完成,要么使用无需等待的PIN方法。注意,这个限制在所有频道上检测到的SSID和BSSID都有效。

    3. 该方法是未经证实的,不防止主动攻击。

    The PIN method requires theuser to retrieve a PIN number from the enrollee and enter it into the registrareither via a key pad or, more likely, through a web based interface. The userthen notifiesthe enrollee that the registrar hasaccepted the PIN and can proceed with connection. This method is slightly moreinvolved than PBC, but is no more complicated than getting money from a bank'scash machine.

    大致意思:PIN方法要求用户从the enrollee中检索PIN码,并将其输入the registrar:要么通过按键,或更有可能通过一个基于web的接口。然后用户通知the enrollee,the registrar已经接受了PIN并且可以进行连接。这种方法比PBC方法稍微复杂,但是绝对没有从一个银行的取款机取到那么复杂。(外国人就是幽默!!!)



三、Supplicant ConfigurationSupplicant配置

    The configuration file foreither PBC or PIN is the same. It should contain a network block with twoelements:

    大致意思:PBC和PIN的配置文件相同。包含有2个元素的网络块:

    network={

        proto=WPS

        eap=WPS  }

    That's it! The differentiationbetween PBC and PIN is in the commands. To activate the PBC method, use the"pbc" command in wpa_cli. For example,

    大致意思:这就是PBC和PIN命令的区别。激活PBC方法,使用"pbc"命令,例如:

# wpa_clipbc

OK

#

    To activate the PIN method, usethe "pin_get" command in wpa_cli to retrieve the automaticallygenerated PIN number from the supplicant, enter the PIN into the AP (registrar),and finally use the "pin_entered" command in wpa_cli to start theconnection process.

    大致意思:激活PIN方法,使用wpa_cli pin_get命令从supplicant中自动检索生成PIN码。在AP (registrar)中输入PIN码,最终使用wpa_cli pin_entered命令来开始连接过程。

# wpa_cli pin_get

Selectedinterface 'wifi0'

15039545

# wpa_cli pin_entered

Selectedinterface 'wifi0'

OK

#

      Note that the results of theconfiguration process exist in memory. To use this configuration informationfor subsequent connection, be sure to save the configuration (e.g."wpa_cli save_config").

    大致意思:注意,配置过程的结果存在于内存。切记保存配置文件(用wpa_cli save_config命令),以便随后的连接。

 


四、Control Interface:接口控制    

The expectation is most userswill not issue the WPS commands via the command line and instead will use anapplication similar to Network Manager. Thus the patch adds a number of eventsand commands accessible via the supplicant's control interface.

    大致意思:大多数用户的期望是: WPS命令能使用类似于网络管理器的一个应用程序,而非通过WPS命令行。因此这个补丁通过supplicant的控制接口加入了一些事件和命令。


    WPS uses EAP to send protocolmessages, but maps the protocol into a custom EAP method. This is unimportantto the user, but developers should be aware of this detail because the controlinterface will receive several EAP related events. Below is an example of PBC.One item that should stick out is the "EAP authentication failed"message. In WPS, EAP-Failure indicates the end of both successful andunsuccessful registrations. In this case, the subsequent CTRL-EVENT-WPS-SUCCESSindicates a successful registration. The supplicantthen disconnects and associates using WPA with TKIP. Don't forget to save thisconfiguration before quitting!

    大致意思:WPS使用EAP发送协议信息,但把这个协议划入一个自定义的EAP方法中。这对用户来说并不重要,但开发人员应该意识到这个细节,因为控制接口将收到几个EAP相关事件。下面的是一个简单的PBC例子。一个项目应该坚持是“EAP认证失败“信息。在WPS中,EAP-Failure显示最后一次成功或失败的注册。这样,随后的CTRL-EVENT-WPS-SUCCESS显示成功的注册。然后,he supplicant断开并使用WPA通过TKIP连接。在退出之前切记保存这个配置文件。

# cat /etc/wpa_supplicant.conf

ctrl_interface=/var/run/wpa_supplicant

update_config=1

network={

        proto=WPS

        eap=WPS

}

# wpa_cli

wpa_cliv0.5.10

Copyright(c) 2004-2008, Jouni Malinen and contributors

Interactivemode

>pbc

OK

<2>Tryingto associate with 00:1c:f0:ff:6a:9e (SSID='dlink6A9E' freq=5805 MHz)

<2>CTRL-EVENT-DISCONNECTED- Disconnect event - remove keys

<2>CTRL-EVENT-DISCONNECTED- Disconnect event - remove keys

<2>Associatedwith 00:1c:f0:ff:6a:9e

<2>CTRL-EVENT-EAP-STARTEDEAP authentication started

<2>CTRL-EVENT-EAP-METHODEAP vendor 14122 method 1 (WPS) selected

<2>CTRL-EVENT-EAP-FAILUREEAP authentication failed

<2>CTRL-EVENT-WPS-SUCCESS

<2>CTRL-EVENT-DISCONNECTED- Disconnect event - remove keys

<2>Tryingto associate with 00:1c:f0:ff:6a:9e (SSID='dlink6A9E' freq=5805 MHz)

<2>CTRL-EVENT-DISCONNECTED- Disconnect event - remove keys

<2>CTRL-EVENT-DISCONNECTED- Disconnect event - remove keys

<2>Associatedwith 00:1c:f0:ff:6a:9e

<2>WPA:Key negotiation completed with 00:1c:f0:ff:6a:9e [PTK=TKIP GTK=TKIP]

<2>CTRL-EVENT-CONNECTED- Connection to 00:1c:f0:ff:6a:9e completed (auth)

[id=0id_str=]

>save_config

OK

>quit

# cat /etc/wpa_supplicant.conf

ctrl_interface=/var/run/wpa_supplicant

update_config=1

network={

        ssid="dlink6A9E"

        psk=62edba2fcae92265da5414fc967c4bf5c62963cca09385cf699957d9f66a0586

        proto=WPA

        key_mgmt=WPA-PSK

        auth_alg=OPEN

        eap=WPS

}

#

 


五、Including WPS in theBuild    

    The in-bandWPS EAP registration methods exclusively use the internal cryptographicfunctions. Therefore, be sure to include

CONFIG_IEEE8021X_EAPOL=y

CONFIG_TLS=internal

CONFIG_EAP_WPS=y

in the.config file.

    大致意思:内置的WPS EAP登记方法只使用内部加密功能。因此,我们必须保证.config文件包含蓝色字体内容。


    更多关于wps请见

双键上网:WPS(Wi-Fi Protected Setup,Wi-Fi保护设置)




你可能感兴趣的:(Hi35xx)