Wi-Fi_Simple_Configuration_Technical_Specification_v2-0

1 Introduction ........................................................................................................................... 11 1.1 Purpose .................................................................................................................. 11 1.2 Scope ..................................................................................................................... 11 1.3 Supported Usage Models ...................................................................................... 11 1.3.1 Primary Usage Models .......................................................................................... 11 1.3.2 Secondary Usage Models ...................................................................................... 12 1.4 Mental Model ........................................................................................................ 12 1.5 Design Approach .................................................................................................. 12 1.6 Solution Flexibility ............................................................................................... 12 1.7 User Experience .................................................................................................... 13 1.7.1 In-band Setup ........................................................................................................ 13 1.7.2 Out-of-Band Setup ................................................................................................ 14 2 References ............................................................................................................................. 15 3 Definitions............................................................................................................................. 16 4 Core Architecture .................................................................................................................. 17 4.1 Components and Interfaces ................................................................................... 17 4.1.1 Architectural Overview ......................................................................................... 17 4.1.2 Interface E ............................................................................................................. 18 4.1.3 Interface M ............................................................................................................ 19 4.1.4 Interface A ............................................................................................................ 20 4.2 Registration Protocol ............................................................................................ 20 4.3 Security Overview ................................................................................................ 22 4.3.1 In-band Configuration ........................................................................................... 23 4.3.2 Guidelines and Requirements for PIN values ....................................................... 25 4.3.3 Out-of-Band Configuration ................................................................................... 26 5 Initial WLAN Setup .............................................................................................................. 27 5.1 Standalone AP ....................................................................................................... 27 5.2 AP With an External Registrar ............................................................................. 28 5.2.1 EAP-based Setup of External Registrar ................................................................ 30 5.2.2 Ethernet-based Setup of External Registrar .......................................................... 32 6 Adding Member Devices ...................................................................................................... 33 Wi-Fi Simple Configuration Technical Specification v2.0.2 © 2011 Wi-Fi Alliance. All Rights Reserved. Used with the permission of the Wi-Fi Alliance under the terms as stated in this document. Page 4 of 154 6.1 In-band Setup Using a Standalone AP/Registrar .................................................. 34 6.2 In-band Setup Using an External Registrar .......................................................... 35 6.2.1 PIN based setup - External Registrar trigger first ................................................. 35 6.2.2 PBC based setup – External Registrar trigger first ............................................... 37 6.2.3 PIN based setup – Enrollee trigger first ................................................................ 38 6.2.4 PBC based setup – Enrollee trigger first ............................................................... 40 6.3 In-band Setup Using Multiple External Registrars ............................................... 41 6.4 Secure Setup with Legacy Enrollee ...................................................................... 44 6.4.1 Mental model mapping ......................................................................................... 44 7 Registration Protocol Definition ........................................................................................... 45 7.1 Registration Protocol Initiation ............................................................................. 45 7.2 Registration Protocol Messages ............................................................................ 47 7.2.1 Optional Parameters .............................................................................................. 49 7.2.2 Validation of Configuration Data ......................................................................... 49 7.3 Key Derivation ...................................................................................................... 50 7.4 Proof-of-possession of Device Password.............................................................. 52 7.4.1 PIN Checksums ..................................................................................................... 53 7.4.2 Device Password Splitting .................................................................................... 54 7.4.3 Device Password Usage in M1 and M2 ................................................................ 54 7.5 Key Wrap Algorithm ............................................................................................ 55 7.6 Key Summary and Classification .......................................................................... 56 7.7 EAP Transport of Registration Protocol ............................................................... 57 7.7.1 EAP Message Framing ......................................................................................... 58 7.7.2 EAP Messages ...................................................................................................... 60 7.7.3 EAP State Machine for Enrollee Registration ...................................................... 61 7.7.4 EAP State Machine for Adding an External Registrar ......................................... 62 7.8 UPnP Transport of Registration Protocol ............................................................. 63 7.9 Version Negotiation .............................................................................................. 64 8 Message Encoding ................................................................................................................ 65 8.1 Wi-Fi Simple Configuration TLV Data Format ................................................... 65 8.2 802.11 Management Frames ................................................................................. 66 8.2.1 Beacon Frame (C) ................................................................................................. 67 8.2.2 Association Request and Reassociation Request .................................................. 68 Wi-Fi Simple Configuration Technical Specification v2.0.2 © 2011 Wi-Fi Alliance. All Rights Reserved. Used with the permission of the Wi-Fi Alliance under the terms as stated in this document. Page 5 of 154 8.2.3 Association Response and Reassociation Response ............................................. 69 8.2.4 Probe Request (D-E or D-R) ................................................................................. 69 8.2.5 Probe Response (D-AP/Registrar) ........................................................................ 70 8.3 Registration Protocol Message Definitions .......................................................... 71 8.3.1 Message M1 .......................................................................................................... 72 8.3.2 Message M2 .......................................................................................................... 73 8.3.3 Message M2D ....................................................................................................... 74 8.3.4 Message M3 .......................................................................................................... 75 8.3.5 Message M4 .......................................................................................................... 75 8.3.6 Message M5 .......................................................................................................... 76 8.3.7 Message M6 .......................................................................................................... 76 8.3.8 Message M7 .......................................................................................................... 77 8.3.9 Message M8 .......................................................................................................... 78 8.3.10 WSC_ACK Message ............................................................................................ 80 8.3.11 WSC_NACK Message.......................................................................................... 80 8.3.12 WSC_Done Message ............................................................................................ 80 8.4 AP Settings Message Definitions.......................................................................... 81 8.4.1 SetSelectedRegistrar Message .............................................................................. 81 9 Security Configuration Requirements ................................................................................... 83 10 NFC Out-of-Band Interface Specification ............................................................................ 84 10.1 Overview ............................................................................................................... 84 10.2 NFC Usage Models ............................................................................................... 84 10.2.1 Password Token .................................................................................................... 85 10.2.2 Configuration Token ............................................................................................. 85 10.2.3 Connection Handover ........................................................................................... 86 10.3 Requirements for NFC Out-of-Band Support ....................................................... 89 10.3.1 Enrollee Requirements .......................................................................................... 89 10.3.2 Registrar Requirements ......................................................................................... 89 10.4 Informative: NFC Forum Specifications .............................................................. 89 10.4.1 NFC Data Exchange Format (NDEF) Specification ............................................. 89 10.4.2 NFC Forum Tag Operation Specifications ........................................................... 89 10.4.3 Logical Link Control Protocol (LLCP) Specification .......................................... 90 10.4.4 Connection Handover Specification ..................................................................... 90 Wi-Fi Simple Configuration Technical Specification v2.0.2 © 2011 Wi-Fi Alliance. All Rights Reserved. Used with the permission of the Wi-Fi Alliance under the terms as stated in this document. Page 6 of 154 11 Push Button Configuration ................................................................................................... 91 11.1 Introduction ........................................................................................................... 91 11.2 User Experience .................................................................................................... 91 11.3 PBC Technical Description ................................................................................... 93 11.4 PBC Security Considerations ................................................................................ 96 12 Data Element Definitions ...................................................................................................... 98 13 Protocol Implementation Conformance Specification (PICS) ........................................... 130 Annex A - Out-of-Band Channel Considerations ................................................................. 134 Annex B - Security Analysis of Registration Protocol ......................................................... 136 Out-Of-Band Channels ........................................................................................................... 136 Out-of-band Channel Characteristics ...................................................................................... 137 Annex C - Out-of-band Setup Using a Standalone AP/Registrar ......................................... 138 Setup steps .............................................................................................................................. 138 Annex D - Out-of-band Setup Using an External Registrar ................................................. 139 Annex E - Secondary Usage Models .................................................................................... 140 Removing Members from the WLAN .................................................................................... 140 Guest access ............................................................................................................................ 140 Re-keying credentials ............................................................................................................. 140 Expanding the network - Adding additional AP or Router .................................................... 140 Changing Network Name (SSID), radio channels, etc. .......................................................... 140 Rekeying ................................................................................................................................. 141 Annex F - Management Interface Message Definitions ...................................................... 142 GetAPSettings Input Message ................................................................................................ 142 GetAPSettings Output Message .............................................................................................. 143 SetAPSettings Message .......................................................................................................... 144 DelAPSettings Message .......................................................................................................... 145 ResetAP and RebootAP Messages ......................................................................................... 146 STA Settings Message Definitions ......................................................................................... 146 GetSTASettings Input Message .............................................................................................. 146 GetSTASettings Output Message ........................................................................................... 147 SetSTASettings Message ........................................................................................................ 148 DelSTASettings Message ....................................................................................................... 149 ResetSTA and RebootSTA Messages ..................................................................................... 150 Annex G - USBA (USB Host) Out-of-Band Interface Specification ................................... 151 Wi-Fi Simple Configuration Technical Specification v2.0.2 © 2011 Wi-Fi Alliance. All Rights Reserved. Used with the permission of the Wi-Fi Alliance under the terms as stated in this document. Page 7 of 154 Requirements for USB Flash Drives (UFD) ........................................................................... 151 Enrollee Requirements for USBA out-of-band Interfaces ...................................................... 151 Firmware and Software Requirements ................................................................................... 152 Encrypted Settings File (xxxxxxxx.WSC) .............................................................................. 152 Unencrypted Settings File (00000000.WSC) ......................................................................... 153 Enrollee Device Password and Key Hash (xxxxxxxx.WFA) ................................................. 153 ### Wi-Fi Simple Configuration技术规范V2.0概览与核心知识点 #### 1. 引言 本技术规范旨在提供一种简易且安全的方法来配置设备加入到WPA2（Wi-Fi Protected Access II）支持的802.11网络中。此规范由Wi-Fi联盟的Wi-Fi Protected Setup工作组制定，并符合其提出的需求。 #### 2. 规范的目的与范围 该规范的主要目的是定义一套简单而安全的方法来帮助用户快速配置各种设备接入无线局域网(WLAN)。它适用于以下场景： - 家庭用户或小型企业环境中设置新设备。 - 为现有网络添加新的接入点或路由器。 - 更改网络名称(SSID)、加密密钥等信息时的重新配置过程。 #### 3. 支持的使用模型 该规范支持两种主要使用模型和几种次要使用模型： - **主要使用模型**：包括独立接入点/AP配置、带有外部注册器的AP配置以及通过近场通信(NFC)或USB进行的带外配置。 - **次要使用模型**：涉及从网络中移除成员设备、提供访客访问权限、网络扩展等场景。 #### 4. 心理模型 - 用户无需具备专业知识即可完成网络配置。 - 提供了带内和带外设置方式以适应不同场景需求。 - 设备可以通过简单的按钮操作或输入密码的方式加入网络。 #### 5. 设计方法与灵活性 - **设计方法**：采用分层架构，将网络配置分为几个层次，每个层次负责不同的功能。 - **解决方案的灵活性**：允许在不同类型的设备间共享相同的配置流程，同时保持兼容性和安全性。 #### 6. 用户体验 - **带内设置**：通过无线网络本身进行配置，适用于没有物理连接的情况。 - 使用PBC（Push Button Configuration，一键配置）或PIN码验证。 - **带外设置**：利用外部通道如NFC或USB进行配置。 - 适用于无法直接通过无线网络连接的设备。 #### 7. 核心架构 - **组件与接口**：主要包括三个关键组件：Enrollee（待加入设备）、Registrar（注册器）和AP（接入点），它们之间通过不同的接口进行交互。 - **Interface E**：用于Enrollee与Registrar之间的通信。 - **Interface M**：用于Registrar与AP之间的通信。 - **Interface A**：用于AP与外部系统的通信。 - **注册协议**：定义了设备之间进行安全配置所需的交互过程。 - **安全概述**： - **带内配置**：使用WPA2安全机制确保数据传输的安全性。 - **PIN值指南与要求**：PIN码长度、格式及有效时间等规定。 - **带外配置**：通过NFC或USB等方式传输配置信息。 #### 8. 初始WLAN设置 - **独立AP**：仅使用一个AP作为注册器。 - **带外部注册器的AP**：AP不执行注册器功能，而是通过外部系统来完成。 - **EAP-based设置**：使用EAP协议来配置外部注册器。 - **基于以太网的设置**：通过有线连接配置外部注册器。 #### 9. 添加成员设备 - **使用独立AP/注册器进行带内设置**：直接通过AP完成配置。 - **使用外部注册器进行带内设置**： - **基于PIN码的设置**：外部注册器首先触发配置过程。 - **基于PBC的设置**：外部注册器首先触发配置过程。 - **基于PIN码的设置**：待加入设备首先触发配置过程。 - **基于PBC的设置**：待加入设备首先触发配置过程。 - **使用多个外部注册器进行带内设置**：处理多个注册器协同工作的场景。 - **与遗留设备进行安全设置**：解决旧设备加入新网络的问题。 #### 10. 注册协议定义 - **注册协议启动**：定义了协议启动的过程。 - **注册协议消息**：详细描述了注册过程中使用的消息类型及其内容。 - **密钥派生**：解释如何生成用于保护网络通信的密钥。 - **证明设备密码拥有权**：通过PIN校验和等方法确认设备拥有正确的密码。 - **密钥封装算法**：用于保护密钥传输的技术。 - **密钥总结与分类**：对密钥类型进行归纳和分类。 - **EAP传输**：通过EAP协议进行注册协议的传输。 - **UPnP传输**：通过UPnP协议进行注册协议的传输。 - **版本协商**：确定参与方支持的协议版本。 #### 11. 消息编码 - **Wi-Fi Simple Configuration TLV数据格式**：使用标签-长度-值(TLV)格式进行消息编码。 - **802.11管理帧**：定义了特定管理帧的结构和用途。 - **注册协议消息定义**：详细定义了协议中的各个消息类型。 #### 12. 安全配置要求 - 规定了在网络配置过程中应遵循的安全标准和实践。 #### 13. NFC带外接口规范 - **概述**：介绍NFC带外接口的基本概念。 - **NFC使用模型**：描述了NFC在不同场景下的应用模式。 - **密码令牌**：用于传递简单的密码信息。 - **配置令牌**：包含完整的配置信息。 - **连接转移**：实现设备间的连接转移。 - **NFC支持要求**：规定了设备支持NFC带外接口的具体要求。 #### 14. 按钮配置(Push Button Configuration) - **介绍**：简述按钮配置的概念和优势。 - **用户体验**：描述了用户如何通过简单的一键操作完成设备加入网络的过程。 - **技术描述**：深入讲解了PBC的技术细节和实现机制。 - **安全考虑**：讨论了PBC在安全性方面的考虑和应对措施。 #### 15. 数据元素定义 - 定义了协议中使用的数据元素的具体格式和含义。 #### 16. 协议实现一致性规格 - 规定了实现本规范时所需遵循的一致性标准。 #### 附录 - **带外通道考虑因素**：探讨了使用非无线通道进行配置的考虑因素。 - **注册协议安全性分析**：提供了对注册协议安全性的深入分析。 - **使用独立AP/注册器进行带外设置**：详细介绍了这种配置方式的步骤。 - **使用外部注册器进行带外设置**：阐述了利用外部注册器进行带外配置的方法。 - **次要使用模型**：探讨了其他一些不常见但重要的使用场景。 - **管理接口消息定义**：定义了管理接口中使用的消息格式。 - **USB主机(USBA)带外接口规范**：规定了使用USB接口进行带外配置的要求。 Wi-Fi Simple Configuration技术规范V2.0为家庭和小型企业环境中的无线网络配置提供了一套全面且易于实现的方案，覆盖了从设备加入网络到网络维护等各个方面。该规范不仅关注技术细节，还充分考虑了用户体验和安全性，确保了网络配置的便捷性和安全性。