New WiFi Protected Setup (WPS) patch

Chuck Tuffli CTuffli
Mon Sep 22 07:58:25 PDT 2008

> -----Original Message-----
> From: Andriy Tkachuk [mailto:andriy.tkachuk at] 
> Sent: Monday, September 22, 2008 4:38 AM
> To: Chuck Tuffli
> Cc: hostap at
> Subject: Re: New WiFi Protected Setup (WPS) patch
> Chuck, could you please elaborate what special support in 
> Enrollee is needed in order to work with external registrars?
> > - Modify BSS selection to account for AP/Registrars that 
> don't set the 
> > Selected Registrar element until after a WPS configuration attempt. 
> > This helps with external registrars
> >   
> Is it this one? If so, could you please explain the problem a 
> bit more?

Yes, this is the main fix. It's probably not fair to say this is only a
problem with external registrars, but since I don't like them, that's
what I'm going to call it :)

The issue is varying usage of the (optional) Selected Registrar element
in probe responses. The two commercially available AP I use and the
Atheros test bed device are very civilized and set this element to true
after button pushes, pin entries, etc. This makes AP selection easier in
environments with a lot of AP (e.g. ours has 30+).

Unfortunately, there are AP that either don't use this element at all or
need to be provoked to set it. Therefore, the BSS selection first looks
for an AP with the Selected Registrar element set to true, but failing
that, it successively attempts WPS with each BSS advertising a WPS IE.
There is a second variation to the Selected Registrar problem this
technique addresses. Some AP when controlled by an external registrar
include the Selected Registrar element, but they don't set it to true
until after receiving M1. Typical exchanges look like:

-> Probe Resp (Selected Reg=F)

<- EAP Start
-> Req ID
<- Resp ID
-> WSC_Start
<- M1
-> M2D
<- ACK
-> EAP Fail


-> Probe Resp (Selected Reg=T)

<- EAP Start
-> Req ID
<- Resp ID
-> WSC_Start
<- M1
-> M2
<- M3


More information about the Hostap mailing list