看板 uefacool
作者 標題 [WiFi] wpa_supplicant wps手冊的翻譯
時間 2014年04月18日 Fri. PM 10:06:21
http://rritw.com/a/JAVAbiancheng/ANT/20130225/312076.html
wpa_supplicant wps手冊的翻譯時間:2013-02-25 12:10來源:Internet 作者:Internet 點擊: 364 次 看了《Wi-Fi Protected Setup in the wpa_supplicant》這篇文檔,我想你就懂wps是怎麼一回事了。 一、
看了《Wi-Fi Protected Setup in the wpa_supplicant》這篇文檔,我想你就懂wps是怎麼一回事了。
一、前言
The goal of Wi-Fi Protected Setup (WPS) is to automate the creation of a secure wireless network. The protocol removes the need for users to understand what a SSID is or the difference between WEP, WPA, and WPA2 and their associated ciphers. Essentially, the protocol automatically creates the network blocks specified by the wpa_supplicant's configuration file. As such, the user typically only needs to run the WPS protocol once for each AP. In WPS's simplest topology, there are two participants: the registrar and the enrollee. The registrar has the authority to issue and revoke credentials on the network. Typically, but not always, this is the access point. The enrollee, on the other hand, is the device seeking to join the wireless network. The purpose of the WPS patch is to add the enrollee function to the wpa_supplicant. This document describes how to setup the supplicant either via the configuration file or the control interface to use WPS.
大致意思:Wi-Fi保護設置(WPS)的目標是自動創建一個安全的無線網络,該協議使得用戶不需要了解SSID與WEP、WPA和WPA2及其相關密碼之間的關系。從本質上說,該協議將自動創建網络模塊指定的wpa_supplicant配置文件。這样,對於每一個AP,用戶通常只需要運行一次WPS協議。在WPS簡單的拓撲結構中有2個参與者:the registrar(AP)和 theenrollee(網卡)。the registrar(AP)在網络上通常(但不是總是)有權發放和吊銷認證。另一方面,The enrollee(網卡)是需求加入無線網络的設備。WPS補丁的作用是把theenrollee(網卡)的功能加入到wpa_supplicant中。本文檔描述了如何設置the supplicant:要麼通過配置文件要麼控制接口來使用WPS(下面對這2種方法進行了詳細的介紹)。
二、WPS Methods:WPS的方法
Before you can configure thesupplicant, it is helpful to understand the two supported configuration methods:Push Button Control (PBC) and PIN. Both methods accomplish the same goal, butprovide different levels security and ease of use. The PBC method is thesimpler of the two. In this method, the user pushes a button on the registrar(usually the AP) and a button on the enrollee (a laptop, cell phone, etc). Theprotocol then takes care of connecting to the correct AP and retrieving theencryption settings. The advantage of PBC is a very simple user interface, butthere are a few issues:
1. The user must push bothbuttons within two minutes of each other. WPS refers to this time period as the"walk time".
2. Only one enrollee can usethe PBC method at a time. The second enrollee using PBC will receive an errormessage and can either elect to wait until the other enrollee is done or usethe PIN method without waiting. Note that this restriction is across alldetected SSID and BSSID on all channels.
3. The method isunauthenticated and does not protect against active attacks
大致意思:在你配置supplicant之前,需要理解支持配置的兩種方法:按鍵控制(PBC)和PIN。這2種方法完成目標一致,但提供不同級別的安全性和易用性。PBC方法比較簡單,用戶只需在the registrar(通常为路由器)和the enrollee(筆記本電腦,手機等有網卡的設備)各按一個鍵。然後,協議負責連接到正確的AP和檢索加密設置。PBC的優勢是非常簡單,但他也有一些問題:
1. 用戶必須在2分钟內各自按鍵,WPS把這個時間叫做“walk time”。
2. 每次只能有一個enrollee使用PBC方法,第二個enrollee使用PBC會收到一條錯誤消息,並可以有2個選擇:要麼等到其他enrollee完成,要麼使用無需等待的PIN方法。注意,這個限制在所有頻道上檢測到的SSID和BSSID都有效。
3. 該方法是未經證實的,不防止主動攻擊。
The PIN method requires theuser to retrieve a PIN number from the enrollee and enter it into the registrareither via a key pad or, more likely, through a web based interface. The userthen notifiesthe enrollee that the registrar hasaccepted the PIN and can proceed with connection. This method is slightly moreinvolved than PBC, but is no more complicated than getting money from a bank'scash machine.
大致意思:PIN方法要求用戶從the enrollee中檢索PIN碼,並將其輸入the registrar:要麼通過按鍵,或更有可能通過一個基於web的接口。然後用戶通知the enrollee,the registrar已經接受了PIN並且可以進行連接。這種方法比PBC方法稍微复雜,但是絕對沒有從一個銀行的取款機取到那麼复雜。(外國人就是幽默!!!)
三、Supplicant Configuration:Supplicant配置
The configuration file foreither PBC or PIN is the same. It should contain a network block with twoelements:
大致意思:PBC和PIN的配置文件相同。包含有2個元素的網络塊:
network={
proto=WPS
eap=WPS }
That's it! The differentiationbetween PBC and PIN is in the commands. To activate the PBC method, use the"pbc" command in wpa_cli. For example,
大致意思:這就是PBC和PIN命令的區別。激活PBC方法,使用"pbc"命令,例如:
# wpa_clipbc
OK
#
To activate the PIN method, usethe "pin_get" command in wpa_cli to retrieve the automaticallygenerated PIN number from the supplicant, enter the PIN into the AP (registrar),and finally use the "pin_entered" command in wpa_cli to start theconnection process.
大致意思:激活PIN方法,使用wpa_cli pin_get命令從supplicant中自動檢索生成PIN碼。在AP (registrar)中輸入PIN碼,最終使用wpa_cli pin_entered命令來開始連接過程。
# wpa_cli pin_get
Selectedinterface 'wifi0'
15039545
<enterPIN into registrar>
# wpa_cli pin_entered
Selectedinterface 'wifi0'
OK
#
Note that the results of theconfiguration process exist in memory. To use this configuration informationfor subsequent connection, be sure to save the configuration (e.g."wpa_cli save_config").
大致意思:注意,配置過程的結果存在於內存。切記保存配置文件(用wpa_cli save_config命令),以便隨後的連接。
四、Control Interface:接口控制
The expectation is most userswill not issue the WPS commands via the command line and instead will use anapplication similar to Network Manager. Thus the patch adds a number of eventsand commands accessible via the supplicant's control interface.
大致意思:大多數用戶的期望是: WPS命令能使用類似於網络管理器的一個應用程序,而非通過WPS命令行。因此這個補丁通過supplicant的控制接口加入了一些事件和命令。
WPS uses EAP to send protocolmessages, but maps the protocol into a custom EAP method. This is unimportantto the user, but developers should be aware of this detail because the controlinterface will receive several EAP related events. Below is an example of PBC.One item that should stick out is the "EAP authentication failed"message. In WPS, EAP-Failure indicates the end of both successful andunsuccessful registrations. In this case, the subsequent CTRL-EVENT-WPS-SUCCESSindicates a successful registration. The supplicantthen disconnects and associates using WPA with TKIP. Don't forget to save thisconfiguration before quitting!
大致意思:WPS使用EAP發送協議信息,但把這個協議劃入一個自定義的EAP方法中。這對用戶來說並不重要,但開發人員應該意識到這個細節,因为控制接口將收到幾個EAP相關事件。下面的是一個簡單的PBC例子。一個項目應該堅持是“EAP認證失敗“信息。在WPS中,EAP-Failure顯示最後一次成功或失敗的注冊。這样,隨後的CTRL-EVENT-WPS-SUCCESS顯示成功的注冊。然後,he supplicant斷開並使用WPA通過TKIP連接。在退出之前切記保存這個配置文件。
# cat /etc/wpa_supplicant.conf
ctrl_interface=/var/run/wpa_supplicant
update_config=1
network={
proto=WPS
eap=WPS
}
# wpa_cli
wpa_cliv0.5.10
Copyright(c) 2004-2008, Jouni Malinen <j@w1.fi> and contributors
Interactivemode
>pbc
OK
<2>Tryingto associate with 00:1c:f0:ff:6a:9e (SSID='dlink6A9E' freq=5805 MHz)
<2>CTRL-EVENT-DISCONNECTED- Disconnect event - remove keys
<2>CTRL-EVENT-DISCONNECTED- Disconnect event - remove keys
<2>Associatedwith 00:1c:f0:ff:6a:9e
<2>CTRL-EVENT-EAP-STARTEDEAP authentication started
<2>CTRL-EVENT-EAP-METHODEAP vendor 14122 method 1 (WPS) selected
<2>CTRL-EVENT-EAP-FAILUREEAP authentication failed
<2>CTRL-EVENT-WPS-SUCCESS
<2>CTRL-EVENT-DISCONNECTED- Disconnect event - remove keys
<2>Tryingto associate with 00:1c:f0:ff:6a:9e (SSID='dlink6A9E' freq=5805 MHz)
<2>CTRL-EVENT-DISCONNECTED- Disconnect event - remove keys
<2>CTRL-EVENT-DISCONNECTED- Disconnect event - remove keys
<2>Associatedwith 00:1c:f0:ff:6a:9e
<2>WPA:Key negotiation completed with 00:1c:f0:ff:6a:9e [PTK=TKIP GTK=TKIP]
<2>CTRL-EVENT-CONNECTED- Connection to 00:1c:f0:ff:6a:9e completed (auth)
[id=0id_str=]
>save_config
OK
>quit
# cat /etc/wpa_supplicant.conf
ctrl_interface=/var/run/wpa_supplicant
update_config=1
network={
ssid="dlink6A9E"
psk=62edba2fcae92265da5414fc967c4bf5c62963cca09385cf699957d9f66a0586
proto=WPA
key_mgmt=WPA-PSK
auth_alg=OPEN
eap=WPS
}
#
五、Including WPS in theBuild
The in-bandWPS EAP registration methods exclusively use the internal cryptographicfunctions. Therefore, be sure to include
CONFIG_IEEE8021X_EAPOL=y
CONFIG_TLS=internal
CONFIG_EAP_WPS=y
in the.config file.
大致意思:內置的WPS EAP登記方法只使用內部加密功能。因此,我們必須保證.config文件包含藍色字體內容。
--
※ 作者: uefangsmith 時間: 2014-04-18 22:06:21
※ 看板: uefacool 文章推薦值: 0 目前人氣: 0 累積人氣: 51
回列表(←)
分享